By intigriti_inti
October 15, 2019
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed.
This issue covers the week from 04 to 11 of October.
Colruyt just changed their framework and is looking for fresh bugs!🐛
If you have heard of recursive subdomain enumeration and wished to see practical examples, this is a video for you.
@thecybermentor shows how to enumerate subdomains, spot interesting ones, and iterate enumeration to get third level domains. He also shows how to organize findings, automate the whole process, and go further by using Nmap and Eyewitness. Really helpful for beginners to automation and recon!
Entrepreneurship for hackers: “A thing or two I learnt while building PentesterLab”
As a hacker and entrepreneur, I’m very interested in what @snyff has to say. He built Pentester Lab by himself, without investors and has been living from it since 2018, while providing real value to clients.
If you too are interested in entrepreneurship, you might want to read about his advice on what a good idea is, why external funding is not necessarily an advantage, why starting a business with a free product is a bad idea, how to price your product, etc.
Dr. Watson is a Burp Suite extension that passively detects secrets in domains in scope based on a Regex.
To try it, I have added Github to Burp’s scope and navigated a repository that I knew contained a lot of sensitive information. Immediately, new issues appeared for github.com: “Asset discovered: S3 bucket”, “Asset discovered: IP”…
The tool can find keys, S3 buckets, DigitalOcean Space, Azure blobs, IP addresses, domains and subdomains. But since regexes are defined in a file (issues_library.json), it is possible to extend its capabilities by adding new regexes.
The second set of tools are scripts for finding sensitive information on Github. I love that they are lighweight, each do one specific thing, and are great examples to study for anyone who wants to learn programming for hacking purposes.
It’s always a joy to watch LevelUp. I think it is one of the best conferences for bug hunters and Web app pentesters.
In this edition, there are four talks on car hacking, Android app vulnerabilities, GSuite security, and GraphQL hacking.
Authorization Token manipulation using Burp Suite extender & BearerAuthToken
This tutorial and tool might be handy if you have to test an application that requires an authorization token for each request, with a short session timeout.
Once a token expires, you have to manually re-authenticate on the app to get a new one. But this breaks Burp’s scanner automation.
The solution offered, BearerAuthToken, is a Burp Suite extension that automatically generates a new token for each request to make sure that it will be valid and that the authenticated state will be maintained. So useful and easy to use!
09/15/2019 – Live Bug Bounty Recon Session on Yahoo (meg, assetfinder, etc) w/ @Tomnomnom
Python For Penetration Testing – Developing A Banner Grabber
7MS #384: Creating Kick-Butt Credential-Capturing Phishing Campaigns
Security In Five Podcast Episode 597 – The Internet Gets A Little More Secure At HTTP v3 Rolls Out
Security In Five Podcast Episode 595 – Tools, Tips and Tricks – Facebook Container By Mozilla
InfosecGirls + WoSec session with Liran Tal on Node.js Security
Webcast: Open Source Exploits in the Cloud’s Big Data Services – Cloud TradeCraft
Webcast: In-Depth SILENTTRINITY Demo, Explanation & Walkthrough
InfoSecGirls September 2019 Tech talk – Why Report Writing is important in Infosec
When Hacking Becomes Deadly – InfoSec in the Age of Connected Medical Devices (Free registration required)
OWASP Bay Area
Authorization Token manipulation using Burp Suite extender & BearerAuthToken
Automated Frida hook generation with JEB & Sample JEB script
Understanding insecure implementation of Jackson Deserialization
Delegating like a boss: Abusing Kerberos Delegation in Active Directory
Persistence – New Service, Screensaver & Shortcut Modification
WooCommerce 3.6.4 – CSRF Bypass to Stored XSS #Web #CodeReview
Bludit Brute Force Mitigation Bypass #Web #CodeReview
Multiple D-Link Routers Found Vulnerable To Unauthenticated Remote Code Execution #RCE #CodeReview
Rusty Joomla RCE #RCE #CodeReview
Security Advisory: Active Directory Open to More NTLM Attacks #NTLM
XSS escalated to RCE on Valve ($9,000)
Authorization flaw on Shopify ($1,000)
Information disclosure on Shopify ($1,500)
XSS ($1,000)
See more writeups on The list of bug bounty writeups.
DomainDog: A cli tool to perform reverse whois lookups through viewdns.info
StatusParser: Retrieve the status codes from a list of URLs
Snapback: HTTP(s) Screenshots for Pen Testers Who Value Their Time
Pivoting into VPC networks: Pivot into private VPC networks using a VPN connection
PHP Object Injection Slinger: Burp Suite extension to automatically identify serialization issues in PHP Frameworks
Traxss: Automated XSS Vulnerability Scanner
Entrust-identityguard-tools: Tools for playing with Entrust IdentityGuard soft tokens, such as decrypting QR codes and deriving OTP secrets
Callback Catcher: A multi-socket control tool designed to aid in pentest activities, like the love child of Burp Collaborator & Responder
Bug Bounty Methodology (TTP- Tactics, Techniques, and Procedures) V 2.0
APIsecurity.io Issue 52: NIST Zero Trust Architecture Guidelines
DNS Bruteforce Injection Point Definition: Pull request to Gobuster to expand its subdomain enumeration capabilities
Better Bug Bounties & Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties
AWS Cloudfront protects against http desync / request smuggling attacks, but ALB is still vulnerable
Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320
The Price of Influence: Disinformation in the Private Sector
Microsoft NTLM vulnerabilities could lead to full domain compromise & TL;DR
WhatsApp Flaw Opens Android Devices to Remote Code Execution
Android devices hit by zero-day exploit Google thought it had patched
Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign
Vulnerable Twitter API Leaves Tens of Thousands of iOS Apps Open to Attacks
October Patch Tuesday: Microsoft fixes critical remote desktop bug
D-Link router remote code execution vulnerability will not be patched
Microsoft Improves Azure Active Directory Security with New Roles
No More Mixed Messages About HTTPS: Chrome plans on blocking mixed content
Copy-and-paste sharing on Stack Overflow spreads insecure code
Twitter Apologizes for Using Your Phone Number for Advertising
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
Referring researchers following terms of your bug bounty to the FBI isn’t cool
The Next-Gen Attackers (and What Attacks Will Look Like in Future)
Bugs Wanted Dead or Alive — A New Approach to Responsible Disclosure for All
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/04/2019 to 10/11/2019.
Curated by Pentester Land & Sponsored by Intigriti
Disclaimer:The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.