By travisintigriti
November 9, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from October 31st until November 6th.
Intigriti News
From my notebook
This week I’ve been rather chaotic in what I’ve been reading and watching, so this week’s top 5 resources are all around the theme of data-driven bug hunting. What I mean by this is using large amounts of data from things like disclosed reports or write-ups to try and understand larger trends in what bugs are common or uncommon, where to look, or how to change your bug-hunting style.
Data-driven bug hunting
What I learnt from reading 217* Subdomain Takeover bug reports. – I love this article, I love how the author has really dived deep into the data to really try to understand it, I especially like their analysis of platforms for subdomain takeovers and key takeaways. Well worth a read!
Exploiting Static Site Generators: When Static Is Not Actually Static – Honestly, every time I see a new Assetnote blog post I read it immediately, they are always full of really interesting and unique security research, and this is a great look into why static sites aren’t always as static as they look!
How I made a reliable hacking tools and resources search engine in two days (~6500 entries!) – IppSec.rocks but for GitHub tools! Highly recommend this if you’re trying to figure out if your amazing new tool you’re about to spend 100 hours making already exists.
Awesome Cyber Security Newsletters – Awesome lists are fairly common around the tech community, this awesome list is of cyber security newsletters if you’re looking for curated content with a slightly different vibe.
XSS Hunter gets depreciated, new sign-ups are disabled, xss.ht domains can be redirected to local instances or a static payload until Feb 2023 and the announcement – XSS Hunter (the service) is shutting down, while you can host your own XSS Hunter (the product), new sign-ups are disabled and xss.ht domains will only be able to redirect or have a static XSS payload. Most people who’ve worked on the triage or client side of bug bounty hunting understand why, but XSS Hunter has a lot of confidential vulnerability information, and IAmMandatory is uncomfortable with this.
CVE demystified, a quick guide to get your own CVE. – CVEs can be great social proof of your hacking skills, so here’s how to get one!
Other Amazing Things
@phillipwylie Talks About His Favorite Tools, Switching Careers
Reversing with strings and tracing – Cult Meeting / EncodedPayload
Enter the World of Haiku and Learn Hacking Through Video Games
Learn Red Team Cybersecurity in a Gamified Way! (Guided Walkthrough)
Deep Recursion Attack + Introspection | Damn Vulnerable GraphQL App
Ditch LastPass and build your own password manager in python
HTTP/3 Connection Contamination Made Simple – James Kettle (albinowax)
The Complete Guide to PortSwigger Directory Traversal and How to Prevent It
Making HTTP header injection critical via response queue poisoning
Guess Your Enemies’ Passwords With Python (Brute Force Attack)
Write-up: Information disclosure in error messages @ PortSwigger Academy
Web Security Academy — Blind OS command injection with time delays
$1000 BAC: The Complete Guide to Exploiting Broken Access Control
How Uber social engineering hack compromised Uber’s Hackerone bug bounty reports
How to Find Escalating HTML to SSRF. I instantly got the Hall of Fame within 5minutes.
Sensitive data exposure through GitHub Leads to Dev team accounts compromise.
Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE).
The easiest bug to get a Hall of fame from a Billion dollar company.
Directory traversal in PDF viewing application. Leading to full database takeover
Case of Admin Bypass for RCE, XSS, and Information Disclosure
TOP 5 AWESOME BUG BOUNTY BOOKS FOR BEGINNERS THAT YOU SHOULD KNOW
Don’t use X-Custom-IP-Authorization, it was just a placeholder for a web security academy lab, oops
The OpenSSL security update story – how can you tell what needs fixing?
Dropbox discloses breach after hacker stole 130 GitHub repositories