👩💻IW Weekly #99: Top 10 hacking techniques of 2023, CSP Bypass, Multiple XSS on Joomla, XSS on ChatGPT, Meteor subdomain takeover, Length filter bypass to SQL Injection, Nomulus pentest and many more…
Welcome to the #IWWeekly99 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Learn the 10 hottest web hacking techniques used in 2023 as discussed by @PortSwigger.
- The blog by @joaxcar reveals the Content Security Policy (CSP) bypass on PortSwigger.net by leveraging Google Script resources.
- In their latest blog, @GoogleVRP team published their security findings on the Nomulus -Google product.
- The team at @sonarsource has come up with detailed analysis of the multiple XSS vulnerabilities they found on Joomla CMS.
- Gain insights into defeating length filters for successful SQL injection, as shared by @SynackRedTeam member @kuldeepdotexe .
🧵4 Trending Tweets
- Threat modeling can be hard to integrate into an SDLC, @abhaybhargav shares his two cents on the same.
- Read about how @RonMasas found an XSS on ChatGPT.
- Ever heard of “balancing XSS payloads”? @vidocsecurity talks about a methodology to finding XSS without just spraying and praying with random payloads.
- @young_vanda_ shares their methodology on taking over Meteor subdomains.
📽️ 3 Insightful Videos
- n a recent video, @_JohnHammond shares valuable hacking tricks to keep in mind .
- @NahamSec, delves into efficient XSS hunting techniques for 2024, providing valuable insights for cybersecurity enthusiasts and bug hunters.
- Gain insights into starting malware analysis with @_JohnHammond.
💼 2 Job Alerts
- Netflix is looking for Security Engineers for United States locations.
- Join @GitHubSecurity’s security team as Senior Product Security Engineer to help manage their Bug bounty Program.
🎁 1 Special Item
- Solve the weekly challenge by @yeswehack.
Watch “Essential Skills for the next-generation of AppSec Engineers” by Abhay Bhargav at IWCON2023
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Hardik Singh, Ayush Singh, Tuhin Bose, Manan, Ansh Patel
Newsletter formatting by: Hardik Singh, Ayush Singh, Manan, Shlok
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]