👩💻IW Weekly #96: Windows Driver to Working EDR, Auth-Bypass within Ivanti’s Pulse Connect Secure, Infostealer Malware, Binary Emulation, Google Domain Tier Concepts and many more…
Welcome to the #IWWeekly96 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Delve into the details of Windows drivers as they pave the way for an advanced Endpoint Detection and Response (EDR) system in this insightful article by @Defte_ .
- @assetnote delves into a subsequent instance of authentication bypass within Ivanti's Pulse Connect Secure, shedding light on potential security concerns.
- Automation Hacks: A step-by-step exploration of a Critical Remote Code Execution (RCE) exploit, presented by @0d_Asbawy.
- @deadoverflow_ uncovers the most peculiar XSS Vulnerability in his coding journey in a well known e-commerce website – a tale of debugging absurdity.
- Dive into the concept of externalizing Google Domain Tiers in this insightful article by @Google
🧵4 Trending Tweets
- @thebinarybot shares 7 top-tier tips to unlock the full potential of xnLinkFinder, going deeper with depth (-d), and exploring other versatile features.
- Explore HTML Injection with @thebinarybot's Bug Bounty Series Part 4, uncovering the impact insights, prevention strategies, and real-life HackerOne bug reports.
- From hijacking EPP servers to LLM compromises, discover cutting-edge hacks and security insights shared by @S1r1u5_ .
- Get to know the top 3 IIS Shortname scanners as curated by @intigriti and maximize your findings by exploiting the power of tilde (~) characters.
📽️ 3 Insightful Videos
- Watch @thecybermentor investigate the persisting challenges of AI in generating suboptimal code.
- Jump the world of infostealer malware with insights from @thecybermentor—uncovering the wicked techniques employed by cyber adversaries.
- Learn malware analysis with binary emulation in this insightful video by @_JohnHammond
💼 2 Job Alerts
- VAPT Jobs is actively seeking candidates to fill for an APPSEC position in Mumbai, Maharashtra.
- Skillmine Technology Consulting is currently recruiting for a position in Web & Mobile Application Security Testing in Mumbai, Maharashtra.
🎁 1 Special Item
- Command injection vulnerability discovered; tricky exploitation required. Challenge by @yeswehack.
Watch “Streamline security with shift left: A cloud approach” by Avinash Jain held at IWCON2023
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Nithin R, Tuhin Bose, Shlok, Ansh Patel
Newsletter formatting by: Bhavesh Harmalkar, Manan, AnuPallavi, Pawan Gambhir, Ansh Patel
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]