Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from February 8 to February 15.
Our favorite 5 hacking items
1. Article of the week
Scope Based Recon Methodology: Exploring Tactics for Smart Recon
You might’ve already seen Harsh Bothra (@harshbothra_)’s past talks on this same topic. This is a nice complement that includes a recon methodology with three options based on the program’s scope (small, medium and large), links to tools and a summary mindmap.
2. Writeup of the week
OAuth Misconfiguration Leads to Full Account takeover
This is an interesting finding by Yasser Mohammed (@boomneroli). It starts with OAuth CSRF that doesn’t work despite a missing CSRF token, debugging it with postMessage-logger, and ends up being a cool bug chain involving OAuth CSRF, postMessage and Clickjacking leading to account takeover.
For other cool writeups, also keep an eye on @Samm0uda who started sharing some of his 50 bugs found in Facebook.
3. Tutorials of the week
Finding More IDORs – Tips And Tricks
The Lone Sharepoint
Who doesn’t like IDOR? The first tutorial goes over several IDOR techniques to check on ID parameters and API calls.
The second article is a nice collection of Sharepoint attacks that might come in handy during a pentest?
4. Tool of the week
Short after the new dependency confusion writeup was published, @joohoi shared this tool that automates checking for it. It is in Go and currently supports three package managers (pypi, npm and composer).
5. Resource of the week
Language Agnostic Security Code Review
This article provides a language-independent methodology for security code review. Of course, the more knowledge you have of a programming language, the better code review you can do but this is a good start. It’s a basic methodology to build upon with experience.
Other amazing things we stumbled upon this week
Webinars & Webcasts
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
- dooked: DNS and Target HTTP History Local Storage and Search
- RepeaterClips: Burp extension that sends a compressed Base64 encoding of any request to your clipboard for easily sharing it
- BurpParamFlagger: Burp extension that adds a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI
- Reconmap: Open-source pentesting management and reporting platform
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Community pick of the week
Do you want swag too? Then make sure to check out our current XSS challenge! And tag us on social media if you want to share any cool swag, bug bounty wins and joys.