Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 10 to 17 of April.
Our favorite 5 hacking items
1. Resource of the week
Attacking and Auditing Docker Containers and Kubernetes Clusters
After last week’s training on AWS and Azure, @appseccouk is now generously open sourcing another complete training course. This one is about hacking Docker containers and Kubernetes clusters. It includes documentation, Docker Lab virtual machines and an intentionally vulnerable Kubernetes cluster (Google Cloud).
2. Writeup of the week
JSON Web Token Validation Bypass in Auth0 Authentication API
This is a nice writeup on bypassing JWT validation. The app checks that the algorithm is not `none`, but relies on a blacklist. Using `alg: nonE` bypasses the case-sensitive filter, and allows for forging JWT tokens for any user. @zantedotnz also shares the tool he used and links to resources on JWT hacking.
3. Videos of the week
– @hussein98d Talks About Bug Bounties, Recon Methodology, and Shows Some of the Tools He Uses!
– Attacking Secondary Contexts in Web Applications – Sam Curry
– Code that gets you pwn(s|’d) – Louis & Slides
– Using Interlace for organising tests, and multithreading over targets – @codingo
These are the videos/talks I plan on watching in priority this week. Why? Because I want to learn about @hussein98d’s recon process and bug hunting methodology, @snyff discussing less obvious vulnerabilities, how @codingo_ uses Interlace, and @samwcyo’s attacks on secondary contexts.
4. Non technical item of the week
How to Remember Everything : Using Roam for Bug Bounty Notes
Choosing a note-taking app is such a never-ending rabbit hole! 🤦
After settling on Joplin, then discovering Notion’s great UI and features, I’m now tempted to check out Roam. @bonjarber does a great job of explaining why Roam’s graph-based approach solves problems all apps based on a “hierarchical tree” have (including Notion).
5. Tutorials of the week
– The Wondeful World of OAuth: Bug Bounty Edition
– The 5 Most Common GraphQL Security Vulnerabilities & vulnerable-graphql-api
– Bypassing modern XSS mitigations with code-reuse attacks
Depending on the bug classes you are focusing on, these tutorials might come in very handy. The OAuth one will give you ideas for new attacks to test for. The GraphQL article will give you an idea of common GraphQL bugs, and it is accompanied with an intentionally vulnerable API playground. The last tutorial is an excellent introduction to code-reuse attacks, and how to leverage them to bypass the latest XS mitigations like CSP, WAFs and HTML sanitizers.
Other amazing things we stumbled upon this week
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
If you don’t have time
- Default HTTP Login Hunter & Introduction: Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset
- haktldextract: Extract domains/subdomains from URLs en masse
- wpvulns.com: All WordPress version vulnerabilities for free without any limitations
- ExGen: A simple python script to create exploit templates for XSSI, JSONP Hijacking, Clickjacking and CORS vulnerabilities
- FinDOM-XSS: DOM XSS scanner in Bash
- MagicRecon: Bash wrapper around many recon tools
- QuickSQL: A simple MSSQL query tool that allows you to connect to MSSQL databases and does not require administrative level rights to use
- Lollipopz: Data exfiltration utility for testing detection capabilities
- Pet: Simple command-line snippet manager, written in Go
- SweetPotato & Introduction: Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
- PowerSharpPack: Many offensive C# binaries now usable from within powershell
- pwndrop & Pwndrop – Self-hosting Your Red Team Payloads: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Breaches & Attacks
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 04/10/2020 to 04/17/2020.