By travisintigriti
September 13, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from September 5th to September 10th
Intigriti News
We’ve got 2 spare tickets for @nullcon Goa 2023, courtesy of @redbull
Let’s see how we can solve the first JWT “expert” lab, focusing on algorithm confusion
From my notebook
Bug Bounty Stories (EP1): Hacking An Online Casino – Slightly different format of video, but a really interesting look into NahamSec’s process
Results of Major Technical Investigations for Storm-0558 Key Acquisition – Oops from Microsoft
API Security Testing using AI in Postman – Really good guide on using Postman for API hacking, instead of or with Burp
Tricky Unauthenticated RCE on WordPress Media Library Assistant Plugin using a good old Imagick – Oh ImageMagick my old friend what you have you done this time
Episode 35: King of Collaboration: Douglas Day – ArchAngelDDay talks about how he finds bugs, his approach and auth testing
Risky Biz News: Microsoft explains how it lost its signing key
Powerlifting and PowerShell: A Discussion with Jake Hildreth
Risky Business #720 — How cloud identity provider federation features can get you mega-owned
EP137 Next 2023 Special: Conference Recap – AI, Cloud, Security, Magical Hallway Conversations
Beginner
Intermediate
The Hidden SQL Injection Techniques That Google Doesn’t Want You To Know
CVE-2023-38831 – WinRAR Zero-Day Vulnerability manually Exploit
A Comprehensive approach for testing for SQL Injection Vulnerabilities
Understanding SSTI and Building Payloads in Jinja2 Introduction
For Newbies: Simple Examples of LDAP Injection Vulnerabilities
Advanced
Security Research
Spoof iOS devices with Bluetooth pairing messages using Android
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild
Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154
Paranoids Vulnerability Research: Ivanti Issues Security Alert
Boot Unguarded: x86 Trust Anchor Downfalls to The Leaked OEM Internal Tools and Signing Keys
A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client
Apache Superset Part II: RCE, Credential Harvesting and More
eBPF Offensive Capabilities – Get Ready for Next-gen Malware – Sysdig
Android 14 blocks all modification of system certificates, even as root
Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places
Bugs
A casual hunt of the day : Open Redirect at one of the largest MNCs
Finding Loose Comparison in the wild (Unga Bunga Bugs Part-1)
Information Disclosure exposes The Correct Answers through Debug in Quiz Scoring
How I was able to find an information disclosure on the Google Tag manager
My debut with a Critical Bug: How I found my first bug (API misconfiguration)
The Art of Brute force with Facebook (Oculus) White-Hat Security Team
How I ethically hacked one of the domains of the United Kingdom
CTF challenges
Quick-Lookup-Ptrun – Quick Lookup Plugin For PowerToys Run (Wox)
securisec/chepy: Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
Exploring Narrowlink: Your Swiss Army Knife for Secure Networking