Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 10th – July 16th
Intigriti News
- We’ve seen how to exploit the jwk and jku parameters already. Today, let’s take a look at the kid header!
- Top 4 SQL Injection Cheat-Sheets
- July Challenge ends Tuesday 25th July!
- What’s your most commonly found vulnerability type?
From my notebook
- Improve your API Security Testing with Burp BCheck Scripts
- Introducing jswzl: In-depth JavaScript analysis for web security testers
- Exploiting XSS in hidden inputs and meta tags
- Using MiTMProxy as a scriptable pre-proxy for BurpSuite
- Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
- Dark Web Dumpster Diving (Hunting Infostealer Malware)
- Lessons Learned From HackerOne’s Live Hacking Event (h1-4420)!
- Do You NEED a College Degree to work in Cybersecurity?
- Steganography for Audio: How to Hide Files in Music || Mr Robot
- Portswigger Web Academy – Information Disclosure – Lab Walkthroughs
- Dependency Confusion with AWS CodeArtifact
- Learning sqlmap Pentesting Tool with World of Haiku
- New: HackTheBox Guided Mode!
- YouTubers Being Paid to Spread Malware?
- Portswigger Web Academy – DOM XSS – Lab Walkthroughs
- Should you strive to become self-employed? (shorts)
- Quick ways to send traffic to your proxy to help troubleshoot (shorts)
- What information can be leaked in JS files? (shorts)
- Poppin’ Shells | Cyber Fireside Chat with IppSec
- This top bug bounty hunter only works with a single monitor (shorts)
- HackTheBox – Socket
- Solving a REAL investigation using OSINT
- Learning Bug Bounty with Disclosed Reports and Blogs! Where to go!
- 1M Bug Bounty From Saving $100M at risk in KyberSwap Elastic
- HTB BizCTF 2023
- NahamCon 2023
- BSides Leeds 2023
- Uncommon And Advanced Techniques For Account Takeover Attacks by Ayoub Safa
- JSluice: There’s Gold In Them Thar Files by Tomnomnom
- Red Team Keynote by Holly-Grace Williams
- Red Red Whine by Dan Cannon
- Evasion On Aisle Five: From Bacon To Beacon by Brad Storan
- Social Engineering The Kill Chain by Tom Harrison
- Whose Input Is It Anyways? by Rael Sasiak-Rushby
- Fantastic Cloud Security Mistakes by Sarah Young
- Hackanory: The Power Of Stories by Janette Bonar Law
- Five Days, One Red Team, A Beach Like No Other: The Bank Job by Alex Martin
- Being Right Is Just The Beginning (A Talk Very Much Not About Politics) by Leigh Hal
- The NSM Ouroboros: Embracing The Endless Cycle Of Network Security
- SleuthCon
- SLEUTHCON 2023 – Certified Bad: One malware, Two years of Certificates.
- SLEUTHCON 2023 – Mapping the Ransomware Payment Ecosystem
- SLEUTHCON 2023 – Look at this Graph: Prioritizing Initial Access Threats
- SLEUTHCON 2023 – Exploring Initial Access Methods
- SLEUTHCON 2023 – Leakonomics: The Supply and Demand of Hacked Data
- SLEUTHCON 2023 – My 0ktapus Teacher: New Actors, New Problems
- SLEUTHCON 2023 – Unmasking Venom Spider: The Hunt for the Golden Chickens
- SLEUTHCON 2023 – Hunting Prolific Access Broker PROPHET SPIDER
- How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown
- Episode 27: Top 7 Esoteric Web Vulnerabilities
- AAAAAAAAAAAAAAA! You Overflowed My Integer! with George Hughey and Rohit Mothe
- SN 930: Rowhammer Indelible Fingerprinting – MOVEit SQLi flaw, China’s OpenKylin v1, Firefox 115, Syncthing
- NO. 389 — The Creativity Friction Coefficient, Lockbit v TSMC, and Detecting Smart Errors
- EP129 How CISO Cloud Dreams and Realities Collide
- Beginner
- Bypassing File Upload Mechanism with Upload_Bypass
- Bypassing Door Passwords
- All about CVE-2023–24488(R-XSS)
- 10 ways to exploit JSON Web Token (JWT):
- Deobfuscation for Beginners
- Mastering Password Reset Functionality: Unveiling Bugs and Security Risks
- OWASP API Top 10 — API Security
- Insecure Direct Object References (IDOR) Vulnerability
- What is BOLA – Broken Object Level Authorization
- Intermediate
- Synced Out: Exploring Client Side Desyncs and Server Side Desync Attacks
- Game Hacking 101: Unleashing the Power of Memory Manipulation
- Exploiting Time-Based SQL Injections: Data Exfiltration
- Exploiting Incorrectly Configured Load Balancer with XSS to Steal Cookies
- The Hidden Risks of Package Management Systems: Shedding Light on the Dependency Confusion
- Advanced
- Security Research
- Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
- MOVEit Hacks: Stories and lessons learned
- How FBI hackers or Forensics Team identify fake Images
- Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker’s Lens
- The Measure and Resilience of Weaponized Exploit Methods for Linux
- Security Advisory: SonicWall Vulnerabilities
- Unveiling the Secrets: LSASS Memory Dump Parsing
- Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
- Demo: Brute-forcing a macOS user’s real name from a browser using mDNS
- r-tec Blog | Resource Based Constrained Delegation
- CVE-2023-36884 MS Office Zero-Day Vulnerability Exploited For Espionage – Detection and Mitigation – FourCore
- Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs – CVE-2023-35803
- Delegate call bug in ink! | CoinFabrik Blog
- Bugs
- Unveiling Access Control Flaws: How a Viewer Became an Editor
- Unexpected Zero in MySQL Injection
- How I Found a Bug under 3 mins , that could risk the reputation of an entire organisation !
- How I hacked CTX and PHPass Modules
- How I got Two RCE at EPAM-Bounty Program
- What is Force sending ether in smart contracts security?!
- Bug Bounty Hunter — When CORS is not Configured Correctly / JSONP Attack
- Reverse shell to your Amazon AWS EC2 instance as ‘root’ or ‘Administrator’ by injecting user-data
- Account takeover through Response Manipulation
- Let’s Go For Whole Company
- Unveiling Vulnerabilities: How I Earned My First Bounty
- Exploits Data Breach in (VoIP)Voice Over IP Systems
- XSS in Host Header
- Real Site that have IDOR Vulnerability with Referer Header
- RCE(Remote Code Execution) on https://www.idfcbank.com
- Critical Code dump from exposed .git folder
- Decoding Puzzled XSS: Unveiling the Hidden Vulnerability
- CTF challenges
- Introducing OSINT Template Engine: An open source OSINT Tool.
- Sysreptor – Fully Customisable, Offensive Security Reporting Tool Designed For Pentesters, Red Teamers And Other Security-Related People Alike
- ZeusCloud – Open Source Cloud Security
- Mantra – A Tool Used To Hunt Down API Key Leaks In JS Files And Pages
- ZephrFish/PotFileUtils
- FourCoreLabs/LolDriverScan
- IAMActionHunter: Query AWS IAM permission policies with ease
- CSTC, Modular HTTP Manipulator
- GitHub – ldpreload/BlackLotus: BlackLotus UEFI Windows Bootkit
- Bringing Monsoon to the Next Level
- CeWL – Custom Word List Generator.
- detectify-cves – Find CVEs that don’t have a Detectify modules.
- SSRFPwned – Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.
- Synack Red Team Tip: Analytics On Aged Targets
- add for your wordlist
- List the associated CIDR ranges of a domain that are owned by the same organisation with haktrails associatedips!
- You can do so much with the Burp Piper extension: Why not send a JS file straight to the new JSluice tool using Piper extension and a small bit of bash script?…
- POST HTTP request possible with any non-existent path after “/console/” (e.g., /console/any/non-existent/path/xyz.html)
- In Safari, “new URL(‘javascript://test.com/%0aalert(1)’).hostname” will be “test[.]com” (no [] obvi). This can be used to bypass hostname checks and execute valid JS.
- Are you a web tester who specializes in blind or out-of-band vulns?
