Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 10 to 17 of January.
Did you know that Bug Bytes is two years old? It is time to freshen it up a bit and you can help us by providing your feedback. We love to improve based on data and insights. So, your input is highly appreciated and will help us improve the quality of this newsletter.
Fill out the survey for a chance to win an Intigriti Swag voucher of € 50.
The winner of the Intigriti Swag voucher will receive a personal email before January 27.
Take the survey
Our favorite 5 hacking items
1. Resource of the week
A Glossary of Blind SSRF Chains & GitHub repo
This is a massive post on exploit chains that help escalate the impact of blind SSRF. This is simply a must see for bug hunters, a new amazing resource by @assetnote.
There is also a GitHub repo. You can contribute with additionl techniques by sending a pull request.
2. Writeups of the week
Finding 0day to hack Apple (Apple, $50,000)
Making Clouds Rain :: Remote Code Execution in Microsoft Office 365 (Microsoft)
There’s a bunch of exceptional findings and excellent writeups that were published this week. Make sure to check out the entire writeups section below. These two are the one that caught my attention the most for their impact and interesting technical details.
@rootxharsh and @iamnoooob got Remote Code Execution on three Apple subdomains by analyzing the CMS they use (Lucee). @steventseeley also popped shells but on Microsoft Office 365 and he also bypassed two different patches for the vulnerability.
3. Tools of the week
OpenAPI Security Scanner & Automating Permission Checks Using OpenAPI Security Scanner?
Remember BBRF, @honoki‘s Python tool for storing/querying bug bounty data in a CouchDB database? I’ve been using it and it is an excellent solution for easily handling assets and scopes. Now it also has a Burp plugin that allows you to add domains/URLs to your database from Burp! Fantastic, right?
The second tool is an innovative scanner for automating authorization tests. Logic flaws are notoriously difficult to automate but @ngalongc manages to do just that! His OpenAPI Security Scanner pointed to an API with a set of credentials monitors for changes in permissions and notifies you if any permissions have changed.
4. Video of the week
Anyone who thinks it is too late to start bug bounties or they don’t have the right technical background should watch this interview. @Farah_Hawaa shares her story and how she got into Web hacking in a relatively short time. She went from journalism / mass media studies to becoming a hacker, triager for a bug bounty platform and content creator. Such an inspiration!
5. Podcast of the week
Day Episode 60 – Breaking Lock Screens & The Great Vbox Escape
Day is already at episode 60 and I’ve just heard of it! I love that it’s not just about generic InfoSec news but also comments on very technical writeups and topics. A really nice discovery!
Other amazing things we stumbled upon this week
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Community pick of the week
We’d love hearing from you and celebrating your wins! Tag us if like Stefan you’re in swag heaven or want to share your bug hunting joys with other Bug Bytes readers.