Bug Bytes #114 – Binary fuzzing for Web vulnerabilities, Leaky page & NahamCon2021

By Anna Hammond

March 17, 2021

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from March 8 to 15.

Intigriti News

Channeling the Wisdom of the Crowd: Talking with Intigriti’s Stijn Jans and Inti De Ceukelaire

Everything you need to know about the Exchange attacks frenzy, Verkada breach, F5 CVEs & Azure threat

Our favorite 5 hacking items

1. Article of the week

Finding Issues In Regular Expression Logic Using Differential Fuzzing

I think some of the most interesting attacks and research are at the intersection of different fields of offensive security. This is a good example by @defparam. He shows how to use differential fuzzing to find logic flaws in web-related regular expressions.

2. Writeups of the week

Obtaining .NET Assemblies from Android Full AOT Compiled Applications
CVE-2020-29653: Stealing Froxlor login credentials using dangling markup
Messing with GitHub’s fork collaboration for fun and profit (GitHub, $30,000)

The first writeup shows a method for extracting assemblies from Android applications compiled with AOT. It might be useful to know for a future mobile engagement.

The second writeup shows a useful technique to remember when you find a HTML injection and want to increase its impact because XSS just isn’t possible.

Lastly, @not_an_aardvark found some pretty serious broken access control issues on GitHub. It’s a very interesting writeup on GitHub’s fork collaboration feature.

3. Vulnerability of the week

leaky.page & A Spectre proof-of-concept for a Spectre-proof web

This is worrying research on Spectre by Google’s Security Team. They showed that it is a pratical attack with a Proof of Concept site that can leak information from victims’ browser memory!

4. Tools of the week

Regexploit & Intro
wl

Regexploit is a Python tool that helps find regular expressions vulnerable to ReDoS. Judging from the list of vulnerabilities @doyensec discovered using it, it seems very effective and worth a try.

Wl is @s0md3v‘s latest tool. It’s a Go utility that converts strings to different casing styles, which is so handy for credentials bruteforce and content discovery.

5. Conference of the week

Main track

Recon Village

NahamCON 2021: Red Team Village & Slides:

Wasn’t NahamCon fantastic? I love a good offensive security conference! Since the main track and villages were happenning at the same time, you might’ve missed interesting talks. So, here’s the list of all NahamCon talks and slides I found public if you want to catch up.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Tutorials

Writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

Tips & Tweets

Misc. pentest & bug bounty resources

Challenges

Articles

Bug bounty & Pentest news

Non technical

Community pick of the week

Nice rig there, @plenumlab! We love it and hope it’ll help you find more cool bugs.

Want to share your bug bounty wins, swag and joys with other Bug Bytes readers? Tag us on social media, we’d love to hear from you too!

You may also like