By Intigriti
November 19, 2019
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 08 to 15 of November.
We launched another XSS challenge! You can win a Burp Suite Pro license if you solve it before Monday. Check it out:
We're celebrating 10K followers with a challenge! 🎉
Find the XSS flaw and WIN a @burp_suite license! 👇
🏆 Challenge: https://t.co/dYnctSfAAq
ℹ️ More info: https://t.co/CllyXhC7oL pic.twitter.com/lRfN0wndkl— Intigriti (@intigriti) November 18, 2019
Our favorite 5 hacking items
Finally, DEF CON 27 videos are released! There is no introduction needed, right?
I’m watching this first: “Owning The Clout Through Server Side Request Forgery” by @NahamSec & @daeken. What about you?
This is a wiki for the [jwt_tool](https://github.com/ticarpi/jwt_tool) toolkit for testing JSON Web Tokens. I was surprised to see how detailed it is.
It explains everything from recognizing and reading JWTs, an attack methodology, how to test for known exploits, fuzzing, stealing JWTs by exploiting other vulnerabilities, and more. An excellent resource to get into hacking JWTs!
This Github repository has many vulnerabilities. It is intended to be used as a target for benchmarking tools like github-dorks or truffleHog.
Personally, I also plan on using it as a challenge to practice finding secrets on Github.
Tips for an Information Security Analyst/Pentester career – Ep. 78 – Nothing is impossible
This is @mattiacampagnan’s story on how he found a pentesting job. Basically, he created a blog and wrote dozens of articles related to penetration testing. This gave him some exposure. A company contacted him for an interview, he got a remote part-time position, did the work for 3 months, and finally it became a full-time position.
I loved reading this story because it is another reminder that there is no secret way to success. Do your work and find a way to differentiate yourself. Simple, but a lot of people do not want to hear that…
I personally can attest to the same thing: Maintaining a blog and being consistent opens up so many possibilities and professional options. If you are struggling to find work, you should really consider starting a blog, video course or Youtube channel. Anything that you put out there that shows technical abilities and professionalism will help you find employers or customers.
– Fasten your Recon process using Shell Scripting
– Different Approaches For Reconnaissance — Bug Bounty’s
These are two nice tutorials that go a bit further that most typical recon articles.
Apart from classic subdomain enumeration, they show how to programmatically fetch URLs with their status code & page title, and search results for keywords. This will certainly aid process data collected from large scope bug bounty programs (or pentest targets).
Live Bug Bounty Recon Session on Verizon Media’s Yahoo.com with @0xteknogeek
Bounty Thursdays – Live from HackerOne’s H1213 with (STÖK, Nahamsec, TomNomNom, BugbountyHQ)
RECON with random internet ip addresses & BUG Bounty (Playing around RECON/METASPLOIT/SSH)
SQL and XSS Vulnerability Code Review [25] #CodeReview
10 Minute Tip: Using Web Developer Tools with Instagram and Pinterest for OSINT
Red Team Operations with Cobalt Strike (2019): Free course on course on Adversary Simulations and Red Team Operations using Cobalt Strike 4.0
Complete bug bounty tutorial of 2019 – common web attacks for beginners
InfoSec Career Podcast – Episode 4: Interview with Ed Skoudis
Risky Business #562 — Two former Twitter staff charged over Saudi spying
SANS Dark Web Solutions Forum – Illuminating the Dark Web: Harvesting and Using OSINT Data from Dark Web Resources (Free registration required)
Successful Infosec Consulting: Lessons from Three Decades in The Field (Free registration required)
Exploiting SQL Server Global Temporary Table Race Conditions
RdpThief: Extracting Clear-text Credentials from Remote Desktop Clients & RdpThief
Microsoft Edge – Local File Disclosure and EoP #Web #Browser
CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service #PrivilegeEscalation #Windows
Ghost Potato #Windows #NTLM
Broken API authorization ($440)
CSS injection on Slack ($500)
XXE on Starbucks ($4,000)
OS command injection on Starbucks ($4,000)
Information disclosure on HackerOne ($1,000)
SSRF in Python (IBB) ($500)
XSS on WordPress ($350)
See more writeups on The list of bug bounty writeups.
CSVPretty: Pretty print csv files
Gplaycli: Google Play Downloader via Command line
Projectdiscovery.io & Reconnaissance – The way it should be: Automated asset recon and monitoring solution
Automated-Scanner: Trying to make automated recon for bug bounties
Rsdl: Subdomain Scan With Ping Method
HostInjector: Multithreaded Host Header Redirection Scanner
Diggy: Extract endpoints from apk files
Monitorizer: The ultimate subdomain monitorization framework
tfsec:Static analysis powered security scanner for your terraform code
Recon tools: Bash script to automate running subdomain enumeration, screenshots and directory enumeration tools
SCShell: Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
WP-XSS-Admin-Funcs: JavaScript functions intended to be used as an XSS payload against a WordPress admin account
Notes for @thecybermentor’s Beginner Network Pentesting Course
New on Web Security Academy: Cross-origin resource sharing (CORS)
Modern Wireless Tradecraft Pt III — Management Frame Access Control Lists (MFACLs) & Pt II — MANA and Known Beacon Attacks
Sounds like AWS fixed @albinowax’s HTTP request smuggling issues in ALBs on Monday
If you need a primer on the Coalfire Pentester situation, read this.
Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
Great news: AutoChrome is back to a working state, thanks to Marmelatze’s work
IoT security: Bug bounties a vital last line of defense, academic study suggests
Healthcare security report: Organizations face ‘uphill battle’ against cybercriminals
Just-Released Checkra1n iPhone Jailbreak Stirs Security Concerns
Popular Android phones can be tricked into snooping on their owners
[CVE-2019-11931: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user]
Spam campaign uses ‘double-loaded’ ZIP to smuggle malware onto Windows devices
Breach affecting 1 million was caught only after hacker maxed out target’s storage
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 11/08/2019 to 11/15/2019.
Disclaimer:The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti