👩‍💻IW Weekly #92: Cloudflare Pages Vulnerabilities Analysis, CORS Cache Exploitation Automating RTFM with ChatGPT, Shrewdeye Bash, XSS to ATO, Bypassing Door Passwords and many more…

👩‍💻IW Weekly #92: Cloudflare Pages Vulnerabilities Analysis, CORS Cache Exploitation Automating RTFM with ChatGPT, Shrewdeye Bash, XSS to ATO, Bypassing Door Passwords and many more…
Photo by Nathy dog on Unsplash

Welcome to the #IWWeekly92 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @ryotkak in collaboration found multiple vulnerabilities in Cloudflare Pages which could allow users to gain root privileges in the build environment, tamper with other people's pages built on Cloudflare Pages, and more.
  2. @Ahmad_Halabi_ showcases multiple instances where he was able to own an organization by using The Art of Chaining Vulnerabilities. 
  3. @tauh33dkhan discovers a way to bypass Same-Origin Policy by leveraging browser cache vulnerabilities.
  4. @nullg0re discusses how they plan to utilize Chat-GPT to enhance bug hunting on Microsoft products.
  5. @DhiyaneshD shares his experience in subdomain enumeration using Subfinder with SecurityTrails Free/Paid API Keys.
  1. Embark on Apple's bug bounty journey with @samwcyo, decoding a base64 Harry Potter quote and unveiling a hidden easter egg.
  2. Unveil the secrets of bigger bug bounty rewards as @Jayesh25_ decodes XSS escalation techniques for Account Takeovers, effortlessly unlocking higher payouts. 
  3. Ready to level up your bug bounty game? Join @Jayesh25_ as he unravels Akamai Cache Deception/Poisoning. Decode cache HIT signs, master Self-XSS, and craft a stealthy ATO for ultimate rewards.
  4. Unlock the secrets of hacking in @S1r1u5_'s personal narrative! Delve into the realms of CTFs and bug bounties, forging your path to mastery in the cyber world.

📽️ 3 Insightful Videos

  1. Discover the convolutions of OWASP's new API Top 10 for 2023 with @InsiderPhD, unraveling the art of bug hunting in this dynamic landscape.
  2. Uncover the journey of @NahamSec, transforming from a passionate ethical hacker to a Million Dollar Hacker, and delve into the flourishing realm of cybersecurity triumphs.
  3. Unlock the secrets of bypassing door passwords as @aydinnyunuss takes you on a captivating journey at IWCON2023.

💼 2 Job Alerts

  1. Varutra Consulting is seeking immediate joiners for multiple positions like Security consultant, Senior Security Consultant, and more for different locations. Check it out and don’t miss the opportunity.
  2. Github is looking for someone who could join their bug bounty team as a Product Security Engineer which will be Remote in the US.

🎁 1 Special Item

Shrewdeye Bash is a tool to streamline the subdomain enumeration process for security researchers, by @ArmanSameer95.

Check out the IWCON2023 keynote speech by Vivek Ramachandran on "From Hacker to Entrepreneur: MY cybersecurity journey and predictions for the future."

For more IWCON2023 videos you might have missed, subscribe to the Infosec Studio YouTube channel.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Tuhin Bose, Manan.
Newsletter formatting by: AnuPallavi, Pawan Gambhir

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]