Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 17 to 24 of July.
Our favorite 5 hacking items
1. Videos of the week
CDL Talks About Hacking, Bug Bounties, Recon, Gau (getallurls), Reversing CVEs, and more!
Beginners Guide to iOS Testing Jailbreak, SSL Bypass & Burp
The first video is a cool interview with Corben Leo (@hacker_). @NahamSec and him talk about all things bug bounty, tooling, recon, methodology, burnout… As always, it is interesting to hear about a fellow bug hunter’s story and insights.
The second video is a cool demo by @InsiderPhD on setting up an environment for iOS testing.
2. Writeup of the week
HTML sanitization bypass in Ruby Sanitize < 5.2.1
WAF and HTML sanitizer bypasses can seem like black magic for anyone who does not understand how they work and only sees the final payload. So, this is a great learning opportunity.
@SecurityMB explains how Ruby Sanitize works and, step by step, how he built a bypass that introduced XSS.
3. Article of the week
Attacking MS Exchange Web Interfaces
This is an excellent article on attacking Exchange in the context of pentest / red team engagements. It goes over 5 known techniques that still work in 2020, with their pros and cons. Then it introduces a new technique and a new tool to connect to LDAP via MS Exchange from the Internet and access the Active Directory database.
4. News of the week
Towards native security defenses for the web ecosystem
This is an interesting read if you’re into Web app security. It is about the latest security mechanisms being implemented in Chrome and Firefox (e.g. COOP, Fetch Metadata headers, CSP, Trusted Types…).
It is essential to get familiar with these concepts as they have an impact on vulnerabilities like XSS, CSRF, XS-leaks, etc.
5. Tool of the week
hack-pet & Intro
Hack-pet is a collection of snippets for bug hunters, to use with the command-line snippet manager pet.
It allows you to quickly search for and run tools like amass, adb, dirseach, subfinder… without the need to remember their syntax.
Other amazing things we stumbled upon this week
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
If you don’t have time
- ponieproxy: Simple proxy which captures all requests and responses and saves them in uniquely named files
- faviconer.go: Go script for grabbing favicon hashes (like Shodan does)
- SourceWolf: Amazingly fast response crawler to find juicy stuff in the source code
- Oralyzer: Open Redirection Analyzer
- Boomerang: A tool to expose multiple internal servers to web/cloud
- E4Enumerat10n: Python script that uses intelx.io to gather emails associated with any domain name
- PCWT: A app app with GUI for managing pentest/bug bounty projects and running port scans & subdomain enumeration tools
- Pollenisator: Collaborative pentest tool with highly customizable tools
- Rootend: A *nix Enumerator & Auto Privilege Escalation tool
- calebstewart/pwncat: Fancy reverse and bind shell handler
- dazzleUP: A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Breaches & Attacks
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 07/17/2020 to 07/24/2020.