👩💻Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web Cache Poisoning, and much more…
Learn about HTTP Parameter pollution - an easy test to bag a good bounty.
Hey 👋
Welcome to the #IWWeekly23 - the Monday newsletter that brings the best in Infosec straight to your inbox.
🤔 Before we jump into today’s edition, we’re curious to know if you’re enjoying these editions.
Do you want some specific section to be added/removed? Or you want us to have more beginner friendly resources, or expert level insights…
Let us know on Twitter and tag us @InfoSecComm. We’ll surely add it in the next edition and give you the credit :)
For today, here are our top picks for this week: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s dive in👇
📝 5 Infosec Articles
#1 Read how @Lotus_619 discovered web cache poisoning in Hubspot and secured more than 100,000 websites.
#2 Going Atomic: The strengths and weaknesses of a technique-centric purple teaming approach explained by @ajpc500.
#3 If you find WAF bypassing cool, then you'll enjoy reading @s0md3v's awesome writeup on bypassing ModSecurity for RCEs.
#4 Monish Basaniwal explains a Million Dollar hack by finding Race Condition and IDOR on gift card website.
#5 Read this amazing article to know how Santosh kumar shah found out of band rce with burpsuite collaborator.
🧵4 Trending Threads
#1 Want to learn about Active Directory security? Rami posted an awesome thread containing a curated list of blogs to start active directory security.
#2 Interested In Blockchain & Smart Contract Security? Read this valuable thread from @Shashank that explains Integer Overflow and Underflow in Smart Contracts.
#3 Here's a great thread to help you find sources to gather open source intelligence.
#4 Learn about HTTP Parameter pollution - an easy test to bag a good bounty.
📽️ 3 Insightful Videos
#1 A great opportunity to dive into smart contract hacking as @Nahamsec starts a series in collaboration with @HalbornSecurity.
#2 @_JohnHammond goes over a challenge from DEFCON @RedTeamVillage_ CTF and shows us some cool tricks with PHP.
#3 @c3rb3ru5d3d53c teaches us how to go about learning assembly language for malware analysis and reverse engineering.
⚒️2 Github repositories & Tools
#1 Hakscale by @hakluke is a tool based on Golang which allows users to distribute scans/commands across many systems.
#2 JWT-Reauth is a burpsuite plugin that caches authentication tokens from an "auth" URL, and then adds them as headers on all requests going to a certain scope by @NCCGroupInfosec.
💰1 Job alert
#1 Hydro has a job opening for a Junior security engineer.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world. If this sounds like you, click here to partner with us.
—----------------------------------------------------------------------------------
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
Editorial team,
This newsletter has been created in collaboration wi th our amazing ambassadors.
Resource contribution by: Ayush Singh, Bimal K. Sahoo, Siddharth, Vinay Kumar, Manikesh Singh, Nikhil Memane, Mohit Khemchandani, and Tuhin Bose.
Newsletter formatting by: Hardik Singh, Siddharth, Vinay Kumar and Ayush Singh.