Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from November 22 to 29.
Our favorite 5 hacking items
1. Resource of the week
@xvnpw has been sharing interesting research, writeups and tips on path traversal vulnerabilities. The blog is worth a read if you’re interested in this bug class, or in older articles on hacking Azure and SpEL.
2. Writeup of the week
WordPress Plugin Confusion: How an update can get you pwned, WordPress Plugin Update Confusion – The full guide how to scan and mitigate the next big Supply Chain Attack & Traffic Factory example
@vavkamil took the idea of dependency confusion and transposed it to WordPress themes and plugins. Then he partenered with @naglinagli to search for this new vulnerability at scale on bug bounty programs.
I love this type of research, both so clever and obvious AFTER you’ve read about it. Who would’ve thought that WordPress and package registries like NPM had anything in common?!
3. Challenge writeup of the week
The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
@spaceraccoonsec solved all 10 levels in The InfoSecurity Challenge that involved web, mobile, cryptography, pwn, forensics, steganography, and more. He wrote a detailed walkthrough of all tasks and it is full of interesting techniques worth knowing.
With all the CTFs running this December, it might help to learn some of these advanced CTF tricks.
These tools both perform common bug bounty taskd but with a twist.
@blegmore‘s cero scrapes domain names from SSL/TLS certificates. This sounds like something that tons of other tools already do, right? What makes cero interesting is that it can scrape certificates from any protocol that uses TLS, not just HTTPS.
Thank you @Six2dez1 for highlighting this awesome tool!
5. Article of the week
Hakluke: Creating the Perfect Bug Bounty Automation
This reads like a short history of automation through the eyes of a bug hunter. @hakluke describes different types of architectures he tried, their limits, and how he plans on solving them.
If you’re thinking of building your first bug bounty automation solution, it can be useful to learn about someone else’s experience and mistakes.
Other amazing things we stumbled upon this week
Slides & Workshop material
Medium to advanced
Responsible(ish) disclosure writeups
0-day & N-day vulnerabilities
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
Misc. pentest & bug bounty resources
Bug bounty & Pentest news