Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from November 15 to 22.
Our favorite 5 hacking items
1. Video of the week
Reacting to myself finding an SSRF vulnerability in Google Cloud & Blog post (Google, $10,401.1)
@xdavidhu discovered an SSRF on Google Cloud and filmed the entire process from the bug’s discovery, to exploiting it for RCE, creating the PoC, reporting it, then bypassing the fix.
If you’ve ever dreamed of peeking over the shoulder of a bug hunter while they are finding a critical bug (not just doing recon or practicing in a lab), this is a truly rare opportunity.
2. Writeups of the week
Finding Zero-Day Vulnerabilities in the Supply Chain
How I accidentally hacked many companies using N/A vulnerability in Atlassian Cloud (Atlassian, $15,000)
The second writeup by @Krevetk0Valeriy is about issues in the Atlassian Cloud’s registration flow. This is an interesting read if you like authentication bugs, or an example of digging deep into strange behaviors so that an N/A turns into a $15k finding.
3. Resource of the week
FirstBloodv2 disclosed reports
BugBountyHunter disclosed writeups submitted by members during their last Hackevent, FirstBlood v2. If you can’t get enough of bug bounty writeups, this is a nice collection to explore whether you are interested in server-side, client-side or logic vulnerabilities.
ChronoRace is a Python tool for fine-tuning race condition attacks. @itscachemoney used it to execute carefully timed race condition attacks that circumvent application business logic, such as this email confirmation bypass on Shopify.
If HTTP request smuggling is more your thing, you might be interested in h2rs. This Python tool by @ricardo_iramar can detect request smuggling via HTTP/2 downgrades.
5. Conference of the week
Swiss Cyber Storm 2021 & Slides, especially:
Other amazing things we stumbled upon this week
Conference slides, material & whitepapers
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
- TProxer: A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF
- hakfindinternaldomains: Go tool that takes a list of subdomains, resolves them and tells you which ones are internal
- Jira-Lens: Fast and customizable vulnerability scanner For JIRA written in Python
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
- Black Friday
- Bug bounty
- Upcoming events
- Tool updates