Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 06 to 13 of March.
Our favorite 5 hacking items
1. Conference of the week
BSidesSF 2020, especially:
– Panel: Let’s Get 360 w/Bug Bounty!
– The GCP Metadata API
– How To Write Like It’s Your Job
– The Voight-Kampff Test for Discovering Vulnerabilities
– Panel: Mental Health for Hackers
– Non-Political Security Learnings from the Mueller Report
– Transform Your Presentation Skills
The range of (interesting) topics tackled in this conference is amazing. There are at least 10 talks I really need to watch. During these difficult times of Coronavirus quarantine / social distancing, this is an excellent way to pass time.
2. Writeups of the week
– The unexpected Google wide domain check bypass (Google, $6,000)
– Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies (Slack, $6,500)
The second vulnerability is an HTTP Request Smuggling CL.TE hijack attack found on Slack. It was possible to steal victims’ session cookies by redirecting them to an attacker-controlled Collaborator server. The writeup is pretty explanatory. And the attack could have been exploited for massive account takeovers.
3. Video of the week
@Mrtuxracer Talks About Monitoring Endpoints, Binary Exploitation, Continuous Recon and More!
This is definitely worth watching if you want to learn about bug hunting methodology, differentiating yourself, or which kind of custom tools other bug hunters are using.
4. Non technical item of the week
Bug Bounty Hunting Tips #4 — Develop a Process and Follow It
“Admittedly, it can feel great for the first hour or so but after that, you can start to become bored and frustrated if you don’t find anything. And without a structured bug bounty hunting process, you probably won’t find anything new.”
Do this ring any bell? This excellent article goes over how to create a high-level process for bug hunting. Apart from technical methodologies, some decisions can help avoid frustration. This includes choosing a bug hunting approach, deciding minimum and maximum time to spend on a target and minimum time for writing reports.
5. Article of the week
Bug Business #2 – Hacking, traveling and vlogging with @STÖK
There are only two publications related to bug bounty that I wait for impatiently and devour as soon as they’re published: EdOverflow’s newsletter and this new interview series.
The first issue was with EdOverflow. The last one is an excellent read if you want to learn how Stök juggles between different projects, his filming process, how he manages full-time bug hunting without pulling all-nighters (Early birds, hello!)…
Other amazing things we stumbled upon this week
Webinars & Webcasts
Slides & Workshop material
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
If you don’t have time
- BGP Search: A Python wrapper for searching on https://bgp.tools (Takes organization name as input & output IP ranges)
- iprobe: Take a list of IP addresses or IP range and probe for working HTTP and HTTPS servers (similar to httprobe but also takes IPs and IP ranges as input)
- HTTP-FUZZER: Go fuzzer that is burp-compatible and able to fuzz some random parameters in the raw http request
- Sub-Drill: A very (very) simple Subdomain Finder based on online certification services (threatcrowd, hackertarget, crt.sh, certspotter & findsubdomains)
- Exegol: A Kali light base with a few useful additional tools and some basic configuration
- Brownie tub: A Standalone Web Shell Client
- Mimimalistic AD Login Bruteforcer
- Starkiller & Introduction: GUI application for interfacing with Empire. It allows for multi-user support and ease of operations
- NTLM scanner: A simple python tool based on Impacket that tests servers for various known NTLM vulnerabilities
- Password Guesser: Script to generate custom password wordlist to guess weak passwords
- Sifter: OSINT, recon & vulnerability scanner in Bash for penetration testing
- Callidus & Introduction: C# tool that allows red team operators to leverage O365 services for establishing command & control communication channel
Misc. pentest & bug bounty resources
- Exploit-workshop: A step by step workshop to exploit various vulnerabilities in Node.js and Java applications
Bug bounty & Pentest news
Breaches & Attacks
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 02/06/2020 to 02/13/2020.