Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 08 to 15 of May.
Our favorite 5 hacking items
1. Tool of the week
If you ever want to send HTTP requests for a quick test without firing up Burp/ZAP, this is the tool for you. It is an interactive CLI tool for HTTP inspection. It allows you to send HTTP requests from the terminal, while controlling everything from the headers to the request’s type and data.
2. Writeup of the week
$20000 Facebook DOM XSS (Facebook, $20,000)
DOM XSS through postMessage is trendy and lucrative. @vinodsparrow found one in Facebook’s login button, and shares all the details in this cool writeup. The nice thing is, he not only shares the code to exploit it, but also explains what led him to believe that there was an issue in the first place.
3. Videos of the week
@nnwakelam is one of the current bug hunter millionaires, and is particularly known for his recon skills. It is awesome to have this almost 2-hour interview where he chats with @nahamsec about his specialty, extending the attack surface, plus many other things like bug examples, Burp, vulnerability indicators… Also, just in case, here is his TL;DR.
LevelUp is also a rendez-vous I never miss. Topics range from automotive testing to security code review, writing résumés, choosing targets, and making better decisions as bug hunters.
4. Non technical items of the week
These are two good pieces that point out important questions every struggling bug hunter should ask themselves. The idea is to find out what is hindering you. So, even if these exact questions don’t apply to you, try to extrapolate to find your own missing pieces.
5. Tutorial of the week
How To Scan AWS’s Entire IP Range to Recon SSL Certificates
This article expands on an idea mentioned in Naffy’s interview, that is scanning AWS’s entire IP range and identifying certificates belonging to your target. This is done by chaining existing open source tools, and could be applied to other Cloud providers like Azure.
Other amazing things we stumbled upon this week
- Security Now 766 – ThunderSpy
- Naked Security Podcast S2 Ep 39: Thunderspy, government encryption, and reply all mistakes
- Darknet Diaries EP 65: PSYOP
- Red team hacking in the age of COVID-19
- 7MS #414: Tales of Pentest Fail #4
- [CPRadio] Phishing in Canada
- Risky Business #583 — COVID-19 collection intensifies, tensions mount
- ASW #107 – Samsung RCE 0-Click, Whispers, & Compromising Pluton
- PSW #651 MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data – Mike Nichols
- PSW #651 – Ramsay Malware, Top 10 CVE’s, & Reverse RDP Attacks
- PSW #650 – Vulnerability Madness, IoT Botnets, & Breach Chaos
- SWN #33 – ThunderSpy, Hacking COVID Research, & GDPR Fines
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Breaches & Attacks
Tweeted this week
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 05/08/2020 to 05/15/2020.
Curated by Pentester Land & Sponsored by Intigriti