Bug Bytes #41 – Reading JS, Pwning Spread Sheet Conversions & EdOverflow’s CSP tool

By Intigriti

October 22, 2019

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed.

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 11 to 18 of October.

Our favorite 5 hacking items

1. Video of the week

Lets be a dork and read .js files with zseano

JavaScript analysis is a very important step when testing the security of a website. If, like me, you never were a programmer and struggle with this, then this video is a must!
@zseano walks us through what to look for in them and how, plus an introduction to Google and Github dorks.

2. Resource of the week

XXE Cheat Sheet – SecurityIdiots

This is a nice cheetsheet to help with XXE detection, exploitation and Out-Of-Band exploitation, and WAF bypass. A good reference!

3. Article of the week

A Tale of Exploitation in Spreadsheet File Conversions

Do you remember this awesome video snippet with @daeken where he was clapping because obviously some kind of exploit or bug worked? It turns out that he was working on a Ghostscript payload in LibreOffice, in collaboration with @bbuerhaus, @smiegles, and @erbbysam.
It did work, and this is the writeup of the whole research that led to that bug. It touches on many topics: Ghostscript, fingerprinting LibreOffice, LFD, SSRF… This is worth reading and a great example of research in Web app security.

4. Non technical item of the week

A well curated 60s playlist for those slow Saturday mornings

This is a really cool playlist. 100% Stök, only happy vibes.
I’ve been listening only to Deep House & Electro mixes (from Kygo, Dj Drop G…), so this is a refreshing change.

5. Tool of the week

CSP

Retrieving a list of whitelisted hosts from CSP headers is not a new recon technique. But the novelty with this tool from @EdOverflow is that it automates the process.
You can get a list of hosts with a one-liner, and feed it to your other tools.

Other amazing things we stumbled upon this week

Videos

Podcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • SSRF Sheriff: A simple SSRF-testing sheriff written in Go

  • The JSON Web Token Toolkit

  • DOMDig: DOM XSS scanner for Single Page Applications

  • Burpee: A python module that accepts an HTTP request file and returns a dictionary of headers and post data

  • xmlrpc-bruteforcer: Fast XMLRPC brute forcer targeting WordPress written in Python 3. It can brute force 1000 passwords per second

  • Linkedin2username: OSINT tool. Generate username lists for companies on LinkedIn

  • PoshADCS: A proof of concept on attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)

  • Net-GPPPassword: .NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/11/2019 to 10/18/2019.

Curated by Pentester Land & Sponsored by Intigriti

Disclaimer:The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.

 

You may also like