Disclosing this vulnerability in Google Smart speakers bagged the author a bounty of $100k 😲

Hey 👋

Welcome to the #IWWeekly40 — the Monday newsletter that brings the best in Infosec straight to your inbox.

We wish you a prosperous and productive new year 😊 May you find amazing bugs, earn bounties, and make cyberspace safe for everyone 🤗

To help you out, we have shared 7 articles, 6 Threads, 5 videos, 2 GitHub repos and tools, 1 job alert in today’s newsletter. We’re sure they’ll help you maximize the benefit and take a massive jump ahead in your career.

Excited? Let’s jump in 👇

#1 @cankat shows how he found an open redirection vulnerability at Apple’s subdomain using the dot character.

#2 @MRD7 shares how a misconfigured Jira instance allowed the access of all the security reports [Fixed / Non-Fixed] bugs submitted to a company.

#3 @Sudhanshu Rajbhar shares a greatly detailed article about his findings related to ESI (Edge Side Include) Injection on a private bug bounty program.

#4 Read how @Bergee was able to find multiple critical bugs in Red Bull including auth misconfiguration, LFI, SQLi, etc.

#5 @Matt explains how he responsibly disclosed a vulnerability in Google Smart speakers that could turn them into wiretaps which gets him a bounty of around $100k.

Beginner-friendly –

#1 @John Jackson shares a revamped OSCP guide for beginner hackers to get started in their learning journey.

#2 @Heli9 shares tips for Bug bounty reflected XSS(Cross–site scripting) exploitation for beginners.

#1 Acme Services is looking for someone with experience in Vulnerability Assessment and Penetration Testing (VAPT). Check out the details here.

We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world.

If you’d like to advertise to our 27k+ community of cybersecurity enthusiasts, click here to partner with us.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.

Before we say bye…

If you found this newsletter interesting, and know other people who would too, we’d really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.

See you again next week.

Lots of love
Editorial team,
Infosec Writeups

This newsletter has been created in collaboration with our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Bhavesh Harmalkar, Mohit Khemchandani, Vinay Kumar, Ayush Singh, Hardik Singh, and Siddharth.

Newsletter formatting by: Hardik Singh and Siddharth.

Click here to subscribe to the newsletter and get it delivered straight to your inbox every Monday 🙂