By Intigriti
August 20, 2019
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed.
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 09 to 16 of August.
This is a cool Twitter thread. Fisher (@Regala_) prompted the question about how other bug hunters organize their notes, and many hunters responded.
Tools mentioned include a private Github repo, simple notes and folders, SwiftnessX, OneNote, a whiteboard for logic flaws, Google Docs, XMind, etc.
It’s nice to get a peak at what others are using!
This is a good read to learn about you can go from self-XSS to a valid XSS by leveraging clickjacking.
The technique is nice to know in case you’re stuck with self-XSS and want to increase its impact.
@ThomasOrlita does an awesome job explaining all technical details as well as how he was able to find this on Google: he focused on Google Crisis Map, an old project that doesn’t seem to be used much anymore.
Improve Your Reconnaissance Performance By Using GNU Parallel
This is a concise tutorial about GNU Parallel. You might already know about it. But if you don’t and want to speed up your Bash scripts, this is the quickest way to learn about it and start using it today.
Parallel is interesting because it bring multi-threading to Bash. So if you want to iterate any tests on network protocols or targets (for recon, network pentesting…), Parallel allows you to go faster than if you use a while or for loop.
This new Burp extension is a must if you’re planning on collaboration with another Web app tester.
It allow you to share live/historical proxy requests, scope and reapeater/intruder payloads with each other in real time!
This is so useful for both bug bounty / pentest collaboration, and for education and mentorship.
You might also want to check out the other tools previously shared by the same author, Tanner Barnes (@StaticFlow).
Paged out! is a new free zine that features short articles on a variety of topics. It reminds me a bit of PoC||GTFO and Phrack.
This first issue has articles on no less than 12 categories: Algorithmics, Assembly, Electronics, File formats, OS internals, Phreaking, Programming, Radio, Retro (retro games), Reverse engineering, Sec/Hack (Web app security, reverse shells, Windows exploitation…) & SysAdmin.
I love that there is something for everyone. Personally, my focus is on pages 17, 52 and 62 because I’m more interested in Web app security.
If you would like to submit an article, the next submission deadline is October 20th.
Owning the Clout through SSRF & PDF Generators – Defcon 27 – (SSRF on ads.snapchat.com)
Live chat with @nahamsec, @stokfredrik, @fransrosen & @avlidienbrunn
Risky Business #551 — Post Vegas edition, more news than we can handle
7MS #376: Tales of SQL Injection Pwnage (starting at 14 min 05s)
Security In Five Episode 557 – Apple Steps Up Their Bug Bountry Program To $1 Million
PSW #616 – Blue Team To Red Team, Offensive Security – Tony Punturiero
BSides Las Vegas 2019 (live streams)
Hacker Days: Raining shells in AWS by chaining vulnerabilities & Slides
Recognizing basic security flaws in local password managers #PasswordManager
Zero to Root in 60 seconds #OS #PrivilegeEscalation
Unauthenticated option changes in WordPress Simple 301 Redirects Addon Bulk Uploader plugin #Web #CodeReview
Why you shouldn’t do client-sided checks; EE’s gifting system #Web
How Not To Do Cross-Site Request Forgery Protection – The Netgear Nighthawk M1 # Web
OS command injection on Twitter ($20,160)
Authentication flaw on Grammarly ($2,500)
Subdomain takeover on Starbucks ($2,000)
Information disclosure via Travis Logs on Tron Foundation ($100)
Httprebind: Automatic tool for DNS rebinding-based SSRF attacks
PyFunnels & Introduction: Data Normalization for InfoSec Workflows
IPRotate_Burp_Extension & Introduction: Burp extension that changes your source IP address using the AWS API Gateway, to bypass IP based blocking
NSBrute: Python script that automatically takes over domains vulnerable to NS subdomain takeover
WAES: Web Auto Enum & Scanner
Rhodiola & Introduction: Generating Personalized Wordlists with NLP For Password Guessing Attacks
Nray: A free, distributed & platform independent port scanner
PBDataRecon: Pastebin Analysis and Storage Tool
Lure & Introduction: User Recon Automation for GoPhish
BugBountyTemplate: A simple Cherry Tree template that can be used to organize bug bounties
Top 25 Reddits – SubReddits Communities [Information Security]
From email to phone number, a new OSINT approach & email2phonenumber: A OSINT tool to obtain a target’s phone number just by having his email address
AttackSurfaceMapper – Automate and Simplify the OSINT Process
Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc.
Feds plan to use SecureDrop as a vulnerability reporting portal
Santiago Lopez (@santi_lopezz99) got 179 bounties and 282 reports in one night… Whaaat?!
Azure Security Lab: a new space for Azure research and collaboration
Vulnerability in Microsoft CTF protocol goes back to Windows XP
August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know (Dejablue)
More than a million people have their biometric data exposed in massive security breach
Digital camera ransomware threat may extend to other vendors
Mozilla joins Google in making Extended Validation a browser footnote
Facebook got humans to listen in on some Messenger voice chats
What a security researcher learned from monitoring traffic at Defcon
Hacker gets a whopping 14 years in prison for running Scan4You service
These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 08/09/2019 to 08/16/2019.
Curated by Pentester Land & Sponsored by IntigritiCurated by Pentester Land & Sponsored by IntigritiDisclaimer:
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.