The Infosec Newsletter 71
- See you back in January
- 👩💻IW Weekly #134: Javascript Vulnerabilities, Microsoft ServiceNow Hacked, Recon Framework, Powershell on Web, Zendesk Vulnerability, Filtering Hostnames and many more…
- 👩💻IW Weekly #133: Tools For Recon, Sandbox Bypass in Chromium Browser, Zendesk Vulnerability, CVE-2024-23113, SAML XPath Confusion, AI-Powered 403 Bypassers and many more…
- 👩💻IW Weekly #132: Account Takeover on Palo Alto Networks, SQLi Cheat Sheet, Pre-Auth SQL Injection in WhatsUp Gold, SSRF Automation, Bypassing Sanitizers using MXSS, and many more…
- 👩💻IW Weekly #131: ROP For Security Bypass, Ruby Class Pollution, Mobile Hacking, Reverse Engineering, Hacking Websites With ZIP Files and many more…
- 👩💻IW Weekly #130: Hacking Trello Board Instances, Hacker Mentality, Regex, Google Dorks, CodeQL Fundamentals and many more…
- 👩💻IW Weekly #129: Google VRP Blog, CVE-2024-29847 Exploit, Hotstar Hacked, Bug Bounty Tips, OSINT Explained, and many more…
- 👩💻IW Weekly #128: Bug Bounty, Cloud Dorking, Asset Discovery, Reconnaissance,Vulnerabilities in the Kakadu JPEG 2000 and in Azure DevOps,VPN Cookies Hijacking, and many more…
- 👩💻IW Weekly #127: Nanocore Obfuscation, Code Protection Bypass, Gmail HTML Injection, Remote Code Execution, X-Correlation Injection Research, and many more…
- 👩💻IW Weekly #126: Bypassing Airport Security, XSS on Netlify’s Image CDN, Frans Rosén’s X-Correlation Research, Prompt Injection on Microsoft Copilot, Type Confusion Flaw in Chrome, and many more…
- 👩💻IW Weekly #125: AWS ALBeast Vulnerability, SSRF Bug In Microsoft’s Copilot Studio, Cache Misconfiguration Exploit, Web Caching, DEF CON 32, Game Hacking, and many more…
- 👩💻IW Weekly #124: XSS WAF Bypass, Google and Github Dorks, XSS via CSPT, Bug Hunting Methodology, and many more…
- 👩💻IW Weekly #123: Web Timing Attacks, Confusion Attacks, LUCI AuthDB Leak, LHEs vs Pwn2Owns, Reverse Engineering 101 and many more…
- 👩💻IW Weekly #122: SSRF, Password Reset Vulnerability, XSS in Hotjar, Single-Packet Attack, WhatsApp Desktop Code Execution, Business Logic Errors and many more…
- 👩💻IW Weekly #121: RCE on Kafka UI, $2000 Bounty, Advanced SQL Injection Techniques, AWS Cognito Misconfigurations, Payment Bypass, and many more…
- 👩💻IW Weekly #120: Mass Request Smuggling, 1000$ Open Redirect, CSS Injection, Jupyter Auth Token Leak, CrowdStrike Issue and many more...
- 👩💻IW Weekly #119: Universal Code Execution, Evernote RCE, Multiple ServiceNow CVEs, Escalating XSS Using Password Managers, DOMPurify Bug, CSS Injections and many more…
- 👩💻IW Weekly #118: Server-Side Request Forgery, Malware Development, IDOR, Match and Replace, Cache Deception and many more…
- 👩💻IW Weekly #117: API Hacking, Hacking Large Corporations, CrushFTP Exploit, NextJS & Cache Poisoning, Prototype Pollution, Nested Deserialization and many more…
- 👩💻IW Weekly #116: GitHub Copilot Prompt Injection, r2frida for iOS Runtime Manipulation, Data Exfiltration from Restricted Environment, iOS URL Scheme Hijacking and many more…
- 👩💻IW Weekly #115: Abusing Auto-Mail Responders, $25,000 Github Takeover, AI in Bug Hunting, RCE on Tenda AC8 Router, GraphQL Hacking and many more…
- 👩💻IW Weekly #114: 4-Step Bug Hunting Methodology, CVE-2024-4358, Reflector, Bypass SSL Pinning, GraphQL API Vulnerabilities and many more…
- 👩💻IW Weekly #113: Subdomain Takeovers to Credential Leaks, Stored XSS to RCE, VSCode SFTP File Exposure, $203K Bounties for Bugs in Azure Health Bot and many more…
- 👩💻IW Weekly #112: XXE in Chrome, SQL Injection Cheatsheet, Misconfigurations in Azure, Hacking WordPress Plugins, and many more…
- 👩💻IW Weekly #111: SSRF in NextJS, Blind SSRF on WordPress, ChatGPT Rate Limit Bypass, IDOR at Swiggy and many more...
- 👩💻IW Weekly #110: GitHub Actions Cache Poisoning, CVE-2024-0200, Relative Path File Injection, Hacking Apple, Hacking Microsoft's AI bot and many more…
- 👩💻IW Weekly #109: Hacking Telegram, Raining IDORs and BACs, Microsoft Graph Logging Bypass, HTMX Bugs, Wordlist for CI/CD Hacking and many more…
- 👩💻IW Weekly #108: PostMessage for XSS, Smart Contract Security, Admin Panel Takeover, DOM-XSS to ATO, Process Injection With C, Privilege Escalation and many more …
- 👩💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more…
- 👩💻IW Weekly #106: Hacking ICON Blockchain, BatBadBut Vulnerability, DOM XSS to ATO, Starbucks Hack, Bypassing Phone Number Verification and many more…
- 👩💻IW Weekly #105: XZ Utils Backdoor, DOMPurify Bypass, Secondary Context Bugs, Hacking ISPs, Email Verification Bypass, Gesture Jacking and many more…
- 👩💻IW Weekly #104: ClickHouse, Velociraptor, WAF bypass techniques, Path Traversal Vulnerabilities, io_uring Vulnerability in Ubuntu, Shockwave Attack Surface Management, .NET Remoting Exploits, Github dorks and many more…
- 👩💻IW Weekly #103: $35K Bounty, Nuances of Aggressive Scans, DLL Side-Loading, Hacking 3 Million Hotel Key Cards, WAF Bypassing Variants and many more…
- 👩💻IW Weekly #102: Raining RCEs on Citrix, Microsoft Outlook and Fortigate, Security flaws in ChatGPT and third-party plugins, CRLF Injection, and many more…
- 👩💻IW Weekly #101: CSP Bypass using formaction attribute, 200 hours of hacking to $20K, CVE-2024-1403 analysis, Necessity of DevSecOps, Use of Github Actions to Bypass Microsoft Entra Smart Lockout and many more…
- 👩💻IW Weekly #100🎉Server-Side Prototype Pollution, Zero-Click ATO Exploit, SSRF Bugs, GRX Interface address using TCP, GraphQL API Schemas, XSS for ATO, IDOR, Unicode Normalization and many more…
- 👩💻IW Weekly #99: Top 10 hacking techniques of 2023, CSP Bypass, Multiple XSS on Joomla, XSS on ChatGPT, Meteor subdomain takeover, Length filter bypass to SQL Injection, Nomulus pentest and many more…
- 👩💻IW Weekly #98: Image to RCE, MySQL Server Access, Hacking College Website, RCE on Apple’s Production Server, Web-Cache Deception Vulnerability, Github Code Search, SSRF on Vercel and many more…
- 👩💻IW Weekly #97: XSS on Microsoft Whiteboard and Excalidraw, ChatGPT Account Takeover, reverse engineered ESP32-based air purifier, advanced HTTP header exploitation techniques, PikaBot Malware Analysis and many more…
- 👩💻IW Weekly #96: Windows Driver to Working EDR, Auth-Bypass within Ivanti’s Pulse Connect Secure, Infostealer Malware, Binary Emulation, Google Domain Tier Concepts and many more…
- 👩💻IW Weekly #95: From Rook to XSS, CVE-2023-5480, Response Manipulation to Privilege Escalation, Top 10 Web Hacking Techniques for 2023, Unicode Escape Handling in Java and many more…
- 👩💻IW Weekly #94: 2FA Bypass, Decoding Obfuscated JavaScript, Exploiting Password Reset Functionality, AWS S3 Bucket Takeover, Invisible Prompt Injections and many more…
- 👩💻IW Weekly #93: GitLab Critical Fixes, Google Info-Stealers, Sandwich Attack, CVE-2023-7028, IDN Homograph Attack, IrisCTF24 Challenges and many more…
- 👩💻IW Weekly #92: Cloudflare Pages Vulnerabilities Analysis, CORS Cache Exploitation Automating RTFM with ChatGPT, Shrewdeye Bash, XSS to ATO, Bypassing Door Passwords and many more…
- 👩💻IW Weekly #92: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more…
- 👩💻IW Weekly #91: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more…
- 👩💻IW Weekly #90: Django Debug Mode, Attacking The Rsync Service, DOM XSS to Stored XSS, CVE-2022-2216, Hacking AWS & Kubernetes, Twitter’s XSS + CSRF Leads to Account Takeover and many more…
- 👩💻IW Weekly #89: Business Logic Vulnerability, DNS Poisoning, XSS Exploitation to Steal Credentials, Payment Processor Hacking, Second Order SQL Injections, Blind CSS Exfiltration, Symfony Exploits and many more…
- 👩💻IW Weekly #88: Process Injection, Race Condition, CLRF to XSS in Snapchat, Active Directory Guide, Main App Hacking Methodology, CSP Research, CORS Misconfigurations and many more…
- 👩💻IW Weekly #87: Okta for Red Teamers, Hijacking OAuth, Account Hijacking via Invite Flows, Full Time Bug Bounty Hunting, Unpredictable IDs in IDOR and many more…
- 👩💻IW Weekly #86: CVE-2023-46729, Hacked Google’s Bug Tracking System, Outsmarting AI Models, Sandbox Escaping, Self-Redirect to XSS, Critical 0-day XXE to SSRF and many more…
- 👩💻IW Weekly #85: LFI to RCE, DoS Bugs, RXSS on Microsoft, Race Conditions, Finding Leaked Tokens, Bypassing URL Parsers and many more…
- 👩💻IW Weekly #84: DOM-based race condition, Bypassing Android Debug and root detection, F5-BIG-IP CVE-2023-46747, SQL injection on admin login , Hacking HP monitor display, Analyzing Metamask snaps and many more…
- 👩💻IW Weekly #83: CVE-2023-4966, Address Bar Spoofing, SQLi to NTLM, Okta Breach, UPI Security, PII via Frontend Authentication Redirects and many more…
- 👩💻IW Weekly #82: Single Packet Attack, Nuclei v3, DOM XSS, IDOR Insights, Bypassing CSP, AI & Hacking, Android App Hacking and many more…
- 👩💻IW Weekly #81: Chrome SOP Bypass, Unauthorized access to Admin panel, Access to Instagram’s private posts, Looney Tunable Linux Privilege escalation [CVE-2023-4911], NoSQL injections and many more…
- 👩💻IW Weekly #80: Broken Access Control, XSS Basics, GraphQL Introspection Query, RCE Vulnerabilities, XSS Challenge, Scanners for Web Security Research and many more …
- 👩💻IW Weekly #79: RCE in Google Chrome, CVE-2023-40044, OIDC misconfiguration to ATO, accessing millions of call recordings and many more..
- 👩💻IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more..
- 👩💻IW Weekly #77: Azure AD privilege escalation, CVE-2022-3910, Web Cache deception attack, GraphQL enumeration techniques, IDOR and many more..
- 👩💻IW Weekly #76: Android Native Libraries, Proton Mail’s Security, Source Code & Secrets exposed on Top Websites, Zero Click Mass ATO, CSP Protection Bypass on Google, Hacking Online Casino and many more..
- 👩💻IW Weekly #75: Privilege Escalation by request manipulation, PII Disclosure by manipulating parameters, PII leak using misconfigured API, CRLF to XSS, Blind SSRF with Out-of-band Detection and many more..
- 👩💻IW Weekly #74: RCE through Dependency Confusion, 2FA bypass in Meta, Client side Prototype pollution and its prevention, Paywall bypass, SSRF tricks and many more..
- 👩💻IW Weekly #73: ATO in Shopify Stores, CVE-2023-36809, Risks in Cross-Chain Bridges, Bypassing Firewalls, Hacking iOS Apps, Uncovering Zenbleed and many more..
- 👩💻IW Weekly #72: GraphQL Hacking, SSO Vulnerabilities, Race Condition Vulnerabilities, SQLMap & Server Side Request Forgery Tips, Sandwich Attack and many more..
- 👩💻IW Weekly #71: Introduction to AD pentesting, XSS via exported activity, using HOTW to leak CSRF token, full access to airline points, SSRFs and many more..
- 👩💻IW Weekly #70: NFT Bridge Vulnerability, CVE-2023-3519 Deep Analysis, RCE in Huawei Theme Manager, Preauth RCE in Metabase, Chaining Bugs for Session Hijack and many more..
- 👩💻IW Weekly #69: OpenSSH RCE, Xamarin Applications Reverse Engineering, Puzzled XSS, CVE-2023-3519 analysis, XSS and CORS bypass and many more..
- 👩💻IW Weekly #68: Account Takeover using Custom OTP, CVE-2023-36934, Investigating EC2 , XSS in hidden inputs , macOS user's real name brute-forced with mDNS and many more..
- 👩💻IW Weekly #67: Joining Google as Red Teamer, Finding 100 vulnerabilities, Tale of DOM-XSS, Impactful SSRF, Busting fake Privacy Policy and many more..
- 👩💻IW Weekly #66: Citrix Gateaway-XSS, Web cache Deception, DNS Analyzer, ATO to XSS in GarphQL API, AWS S3 Bucket Leaks, $250K Coinbase API Hack and many more…