The world of information security changes every day. As tools come out, write-ups are published and zero-days fly by, it can be a challenge to keep up with everything. That is why we are launching Bug Bytes, a newsletter curated by members of the bug bounty community. The first series will be curated by Mariem, better known as PentesterLand. Every week, she will keep you updated with a comprehensive list of all write-ups, tools, tutorials and resources you should not have missed.
You can receive every issue straight in your inbox by signing up here:
Without further ado, here are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 04 to 11 of January.
Our favorite 5 hacking items
1. Article of the week
Avoid rookie mistakes and progress positively in bug bounty
This is simple but to the point advice. Sometimes, as bug hunters, we may let ourselves be transported by exciting tests and forget the obvious: more emphasis should be put on the report, on trying to escalate/chain bugs, avoiding known invalid bugs, having a business mindset when writing impacts, etc.
These are some of the things mentioned in this article. Read it and keep them in mind when you’re hunting for bugs, they could help you perform better and have a smoother experience.
2. Writeup of the week
Stored XSS & SQL injection on YNAB ($1,500)
I hesitated between this writeup and the “XSS in steam react chat client” (see the Bug bounty writeups section below). The latter is an amazing account of how to find XSS on a React app and escalate it to RCE. But it’s advanced stuff.
If you’re at a beginner level, I recommend this writeup of a stored XSS & SQL injection. I love how it is written and includes the detailed methodology, what worked and what didn’t work, and lessons learned.
3. Slides of the week
Recon like a boss
This is a great guide on recon. It’s a lot of techniques on the following topics: subdomain enumeration, finding new endpoints from JS files, AWS hacking, Github recon & content discovery.
Attention, must read!
4. Tool of the week
One known technique for bypassing firewalls (like CloudFlare) is checking DNS history records. If you find the real IP address of your target, you’ll be able to attack it directly and completely circumvent firewalls.
Many databases record DNS history. This tool is a great way to query many of them programmatically including: SecurityTrails, CrimeFlare, certspotter, DNSDumpster & IPinfo.
Unless you already have an alternative DNS history checker script, I recommend adding this one to your arsenal.
5. Non technical item of the week
How to Build a Successful Career in Information Security
Daniel Miessler’s blog in one that I follow very closely because of the quality of his writing. He write about a variety of topics from analysis of situations in America, to technical tutorials, or artifical intelligence, book reviews, etc.
I’m not interested in everything but many of his posts are gems. This particular one might answer a lot of your questions if you’re starting out in information security. Even if you’re already in this field, it might give you ideas or motivation for new things to try.
Other amazing things we stumbled upon this week
Medium to advanced
Pentest & Responsible disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
If you don’t have time
More tools, if you have time
- Osmedeus: Automatic Reconnaisance and Scanning in Penetration Testing
- Stretcher: Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
- SlackPirate: Slack Enumeration and Extraction Tool – extract sensitive information from a Slack Workspace
- KubiScan: A tool to scan Kubernetes cluster for risky permissions. Can be useful for configuration penetration tests if admin access is given.
- Kubelet Anonymous RCE: Executes commands on a kubelet endpoint that allows anonymous authentication (default)
- LeakLooker: Find open databases with Shodan & Description
- Nse-parse: Shell script for parsing vulnerable results from Nmap NSE scan output
- Hexyl: A command-line hex viewer
- Multitor: Tool that lets you create multiple TOR instances with a load-balancing
- Hediye: Hash Generator & Cracker Online Offline
- ServiceFu & Introduction
- WinPwn: Automation for internal Windows Penetration tests
Misc. pentest & bug bounty resources
Tweeted this week
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 01/04/2019 to 01/11/2019.