Bug Bytes #81 – The new browser security ecosystem, MS Exchange attacks & HTML sanitization bypass

bugbytes-81

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

button

This issue covers the week from 17 to 24 of July.

Our favorite 5 hacking items

1. Videos of the week

CDL Talks About Hacking, Bug Bounties, Recon, Gau (getallurls), Reversing CVEs, and more!

Beginners Guide to iOS Testing Jailbreak, SSL Bypass & Burp

The first video is a cool interview with Corben Leo (@hacker_). @NahamSec and him talk about all things bug bounty, tooling, recon, methodology, burnout… As always, it is interesting to hear about a fellow bug hunter’s story and insights.

The second video is a cool demo by @InsiderPhD on setting up an environment for iOS testing.

2. Writeup of the week

HTML sanitization bypass in Ruby Sanitize < 5.2.1

WAF and HTML sanitizer bypasses can seem like black magic for anyone who does not understand how they work and only sees the final payload. So, this is a great learning opportunity.

@SecurityMB explains how Ruby Sanitize works and, step by step, how he built a bypass that introduced XSS.

3. Article of the week

Attacking MS Exchange Web Interfaces

This is an excellent article on attacking Exchange in the context of pentest / red team engagements. It goes over 5 known techniques that still work in 2020, with their pros and cons. Then it introduces a new technique and a new tool to connect to LDAP via MS Exchange from the Internet and access the Active Directory database.

4. News of the week

Towards native security defenses for the web ecosystem

This is an interesting read if you’re into Web app security. It is about the latest security mechanisms being implemented in Chrome and Firefox (e.g. COOP, Fetch Metadata headers, CSP, Trusted Types…).

It is essential to get familiar with these concepts as they have an impact on vulnerabilities like XSS, CSRF, XS-leaks, etc.

5. Tool of the week

hack-pet & Intro

Hack-pet is a collection of snippets for bug hunters, to use with the command-line snippet manager pet.

It allows you to quickly search for and run tools like amass, adb, dirseach, subfinder… without the need to remember their syntax.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

  • ponieproxy: Simple proxy which captures all requests and responses and saves them in uniquely named files
  • faviconer.go: Go script for grabbing favicon hashes (like Shodan does)
  • SourceWolf: Amazingly fast response crawler to find juicy stuff in the source code
  • CodeArgos: A python module for red teams to support the continuous recon of JavaScript files and HTML script blocks in an active web application
  • Oralyzer: Open Redirection Analyzer
  • Boomerang: A tool to expose multiple internal servers to web/cloud
  • E4Enumerat10n: Python script that uses intelx.io to gather emails associated with any domain name
  • PCWT: A app app with GUI for managing pentest/bug bounty projects and running port scans & subdomain enumeration tools
  • Pollenisator: Collaborative pentest tool with highly customizable tools
  • Rootend: A *nix Enumerator & Auto Privilege Escalation tool
  • calebstewart/pwncat: Fancy reverse and bind shell handler
  • dazzleUP: A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 07/17/2020 to 07/24/2020.