👩‍💻IW Weekly #97: XSS on Microsoft Whiteboard and Excalidraw, ChatGPT Account Takeover, reverse engineered ESP32-based air purifier, advanced HTTP header exploitation techniques, PikaBot Malware Analysis and many more…

Welcome to the #IWWeekly97 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @spaceraccoonsec walks us through his thought process while reviewing source code, in this case an XSS on rich text editor/whiteboard features in Meta and Microsoft.
2. @H4R3L discovered a lax caching rule on OpenAI’s ChatGPT which allowed taking over any account. 
3. The team at @PlerionHQ dives into different ways to enumerate AWS Metadata and also released a tool which would help you do the same.
4. @jmswrnr on how he reverse engineered ESP32-based air purifier.
5. Read about the most common price manipulation techniques on E-Commerce websites, by @intigriti.

🧵4 Trending Tweets

1. Discover web reconnaissance techniques outlined by @TheMsterDoctor1
2. Learn advanced HTTP header exploitation techniques for successful Bug Bounty hunting with insights from @yeswehack
3. Unveiling the insights of a bug bounty journey, @Jayesh25_ shares invaluable tips and highlights the top 5 lessons learned from early mistakes.
4. @ashketchum_16 outlines their methodology for uncovering XSS vulnerabilities at Microsoft.

📽️ 3 Insightful Videos

1. Learn how to go from entry-level to mid-level in cybersecurity with Tadi.
2. Discover Advanced Active Directory Enumeration Techniques with Bloodhound by ITSecurityLabs.
3. Dive into PikaBot Malware Analysis with John Hammond and Ryan Chapman!

💼 2 Job Alerts

1. @Hacker0x01 is currently seeking candidates for a remote Product Security Analyst position in India. 
2. @NCIIPC is looking for expert pen-testers, security researchers and ethical hackers.

🎁 1 Special Item

1. @albinowax shouts out http-garden, a differential testing and fuzzing tool for HTTP servers and proxies, by @NarfIndustries.

Watch “Hacking the Hiring Process: Using LinkedIn to Land Your Dream Job” by Kaitlin O'Neil at IWCON2023 and share your thoughts on X by tagging us.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Nithin R, Tuhin Bose, Eeshan V, Ansh Patel

Newsletter formatting by: Hardik Singh, Ayush Singh, Nithin R, Shlok, Eeshan V, Pawan Gambhir

Lots of love
Editorial team,
Infosec Writeups