Bug Bytes #200 – AI Red Teaming, Firmware and Reverse Engineering, Prompt Injection Defence

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the weeks from May 8th to May 14th

CLICK HERE TO SUBSCRIBE

Intigriti News

• Familiar huh? Let us show you how you can exploit this XSS case

• If you want to master SSTI exploitation, open this thread!

• The intigriti YouTube channel has officially passed the 15k milestone!

• We’ve got a few insecure file upload videos for ya’ll this week, covering practical labs from @WebSecAcademy

• Public program alert! We’re happy to announce the @PersonioHR program is now open to the public! Personio is a leading HR software company revolutionizing the way businesses manage their workforce

From my notebook

1. I MADE $100,000 IN TWO MONTHS!

2. 1 tip to improve your pentesting & bug bounty hunting

3. My Internship Journey

4. AI Village at DEF CON announces largest-ever public Generative AI Red Team

5. Issue 219: Money Lover app exposes user data, most web API flaws missed by standard testing

• Hacking Complex Passwords with Rules & Munging

• Facebook’s TOP1 bounty hunter doesn’t bother reporting $4,000-$5,00 (shorts)

• Hack The Box – Gunship (“Very Easy”) – Live Walkthrough

• What is Clickjacking?

• Browser in the browser attack (shorts)

• Must-Follow Cybersecurity Content Creators (shorts)

• Getting Started in Firmware Analysis & IoT Reverse Engineering

• Securing AI – Prompt Injection Defense

• Magecart Hackers Perfect Fake Checkout Pages

• Hide a Hacker’s Reverse Shell in ONE Command

• FIVE Practical AI Uses for Cybersecurity

• Prerequisites || Penetration Testing Bootcamp

• Wireless Hacking with Hardware from the SME Kody Kinzie!

• The REAL Value of Cyber Threat Intel (And How To Get It)

• 296-The Argument for a Stock Browser

• The Right Amount of Trauma

• Episode 18: Audit Code, Earn Bounties

• 210 – TPMs and Baseband Bugs

• SN 922: Detecting Unwanted Location Trackers – Google Passkeys, Chrome lock icon, AI news sites, Vint Cerf

• 209 – Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?

• What if AI could rebuild the middle class?

• EP120 Building Secure Cloud and Building Security Products: Finding the Balance

• Risky Biz News: DEFCON attendees will target AI models

• Episode 374 – The event we called left-pad, Episode 77 remaster part 1

• I did a few hours of bug bounty for a few nights last week to get a feel.

• Never get too proud to go back to the basics and LEARN like a beginner again.

• Me and my projects since GPT3 is accessible.

• Secret Tip – Keep checking your notes

• “We take our security very seriously.”

• I’m really baffled how y’all find SQL injections so effortlessly. All you SQLi experts, I’ll be in your DM’s today.

• Beginner

  • Master the Art of Linux Firewall: Practical Guide to Iptables

  • The Secrets Behind EC2 Takeovers

  • Bug Bounty: Automate Blind SQLi

  • Search for sensitive data using theHarvester and h8mail tools

  • Kickstart Your Bug Bounty Hunting Journey

  • Cross-Origin Resource Sharing (CORS).

  • The Insider’s Guide to Detecting and Preventing XSS Attacks: Tips and Tricks for Web Developers

  • What is path travelsal vulnerability?

  • How to not get paid for your submission.

  • Bug Bounty Mistakes I Made, So that You Can Avoid

• Intermediate

  • Handlebars Templating: Security Best Practices

  • SSRF: What is forgery, and what is exploitable information

  • How I Cracked CEH Within 6 Months Only With Free Resources.

  • Journey of a Script writer (Tool developer)

  • What is a zero-day (0-day) exploit? Real-life examples

  • What is insecure deserialization

  • Bypass Rate Limit Request (fuzzing/etc…) With TOR

  • Understanding LDAP Injection: Crafting Payloads and Mitigation Strategies

  • Bypassing Protocol Concatenation in SSRF: Strategies for Testing Vulnerable Applications

  • Populating Burp Suite’s Sitemap using SpiderSuite crawler

• Advanced

  • Understanding HQL Injection and How to Prevent It

  • Exploring Algorithm Confusion Attacks on JWT: Exploiting ECDSA

  • The Security Researcher’s Guide to Reporting Vulnerabilities to Vendors

  • A guide to writing network templates with Nuclei!

• Security Research

  • Bypass IIS Authorisation with this One Weird Trick – Three RCEs and Two Auth Bypasses in Sitecore 9.3

  • CVE-2022–26180:qdPM 9.2 CSRF Vulnerability in index.php/myAccount/update URI

  • Breaking Down Barriers : CVE-2023–2227

  • The printer goes brrrrr, again!

  • Prompt injection explained, with video, slides, and a transcript

  • Testing Zero Touch Production Platforms and Safe Proxies · Doyensec’s Blog

  • Attacking APIs by tainting data in weird places

• Bugs

  • Unveiling the Untold Secrets: Unearthing the Holy Grail of Bug Bounties — How I Hacked EC2 

  • Bypass SMS Authentication To Account Takeover (Indonesian)

  • SQLi Using Google Dorks

  • /Metrics Open Directory Bounty : 50$~200$

  • Discovering a Hidden Security Loophole: Rent luxury Cars for a Single Dollar

  • One Bug at a Time: My First Paid Bug ($1,000 IDOR)

  • Hyperlink Injection Earned Me $200 within 10 minutes

  • Automating XSS Detection: How My Setup Earned Me a Few Spots in various Hall of Fames

  • RCE due to Dependency Confusion — $5000 bounty!

  • Discovery of an XSS on Opera

  • How I bypassed the registration validation and logged-in with the company email

  • Hacking Chess.com: My Journey to Unlock Premium Bots on the Android App

  • My First Bug: Accessing Admin Page via Blind XSS $1000

  • Account Takeover via Signup Feature

  • Full Account takeover (even for admins)

  • Admin Account Takeover worth $5,657

• CTF challenges

  • Bypass JWT Authentication | Access Admin Panel

  • Network Services 2 — Enumerating and Exploiting More Common Network Services & Misconfigurations

  • HTB: Interface

  • OverTheWire Bandit: Solving Level 0

  • TryHackMe — Res Room Simple Writeup

  • Skynet — TryHackMe Room Simple Writeup

  • PicoCTF asm3 challenge: Master the Art of Reverse Engineering — StackZero

  • AI Hacking Games (Jailbreak CTFs)

• Indicator-Intelligence – Finds Related Domains And IPv4 Addresses To Do Threat Intelligence After Indicator-Intelligence Collects Static Files

• SpiderSuite – Advance Web Spider/Crawler For Cyber Security Professionals

• Domain-Protect – OWASP Domain Protect – Prevent Subdomain Takeover

• Lfi-Space – LFI Scan Tool

• DNSRecon – DNS Enumeration Script

• PwnFox – A Firefox/Burp Suite extension that provide usefull tools for your security audit.

• gitGraber – monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon (AWS), Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, Twilio…

• Want to succeed in bug bounties? Follow these 10 tips!

• View the recon data for every amass scan that you’ve ever done by using the db subcommand

• Trouble figuring out which ASN belongs to a company?

• XSS WAF Bypass using location concatenation

• Add “ui_config.properties” and “http://config.properties” files to your wordlist, these files contain juicy info like secret tokens and passwords

• Reflected XSS via Google Dorking

• Want to start bug bounties but don’t know where to begin?

• If something is suspicious but SQLMap “thinks” it might/might not be vulnerable, manually confirm/deny before leaving.

• Found an interesting #XSS where I inject the payload within the image file name and got the alert!.

• Image upload path tip

• Capture The Bug’s Ethical Hacker: Valligayatri Rachakonda

• AI Is About to Be Everywhere: Where Will Regulators Be?

• WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug