Bug Bounty & Agile Pentesting Platform

Bug Bytes #127 – IPv6 for recon, OpenID 2FA bypass & New threats of Service Workers Caches

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from June 7 to 14.

Intigriti News

Intigriti’s new Community Code of Conduct
bug bounty hunter illustrations intigriti
Illustrating Hackers: Changing perceptions by changing how we see hackers

Our favorite 5 hacking items

1. Webinar of the week

How to Analyze Code for Vulnerabilities

I know a bug hunter who earned thousands of bounties by focusing on source code review on a single target. He’d ask for demos of apps and perform code review on them. I was shocked when I heard this as at that time the black box approach seemed to be the most common and at first glance the target’s main asset was just a Web app. This illustrates how effective code reviews can be.

If you want to acquire this skill, this webinar is an excellent start. @vickieli7 does an amazing job of explaining how to get started and what to focus on.

2. Writeups of the week

Exploiting outdated Apache Airflow instances ($13,000)
Bypassing 2FA using OpenID Misconfiguration

@iangcarroll discovered vulnerabilities in Apache Airflow and automated testing for them and for an old public CVE on bug bounty programs. The first writeup details this research and how it resulted in $13,000 bounties.

The second writeup is a great read for anyone interested in 2FA bypass or OpenID security. @iustinBB shows an interesting OpenID misconfiguration that can be used to bypass 2FA.

3. Tutorial of the week

The JavaScript Bridge in Modern Desktop Applications

When I hear about escalating XSS to RCE, the first thing I think about is: It must be an XSS in an Electron app. This tutorial shows that there are other frameworks used for developing Desktop apps that allow for escalating XSS to RCE, with concrete examples.

4. Conferences of the week

Improving Internet Wide Scanning with Dynamic Scanning & Active Scanning Techniques repo
WOOT 2021, especially: The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches, Slides & Paper/demo/PoC

These talks both introduce very interesting research. The first one is about several strategies for discovering assets. Some of them you might’ve heard about, but others like IPv6 scanning are less known.
The second talk shows how the Cache API can be exploited to elevate the impact of vulnerabilities like XSS, allowing for a new class of attacks.

5. Resource of the week

Subdomain Enumeration Guide

This is a cool GitBook on subdomain enumeration. With the growing number of tools and techniques being published, it’s nice to have this reference that sums up the most commonly used ones.
It’s also a good introduction for anyone just starting out.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

N-day vulnerabilities

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • mobsfscan: A static analysis tool that can find insecure code patterns in your Android and iOS source code
  • Burpa: Burp Automator – A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST)
  • purl: A Go script to proxy URLs from stdin through any HTTP proxy tool very quickly for analysis
  • showSSID: Python tool that Generates continuous probe requests to identify hidden SSIDs
  • SMERSH: A pentest oriented collaborative tool used to track the progress of your company’s missions
  • StandIn: Small .NET35/45 AD post-exploitation toolkit

Tips & Tweets

Misc. pentest & bug bounty resources

Challenges

Articles

Bug bounty & Pentest news

Non technical

Community pick of the week

Woohooo! Amazing, enjoy your ride @dewcode91!

Do you also have bug bounty wins, swag and joys to share with other Bug Bytes readers? Tag us on social media, we love to hear from you!

%d bloggers like this:
-->