By Intigriti
December 5, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 22 to 29 of November.
SecTalks Live 2019 – The Changing Landscape of Web Tooling \| Questions? !questions & @xyantix’s notes
This is recap by @codingo_ of the latest changes in open source Web security tooling. Categories discussed are scaling, directory brute forcing, XSS subdomain discovery, API keys and build logs, and cloud based services.
With the year ending, it is nice to stop and reflect on the state of our tools. Better ones with more features and attack techniques are released all the time. Following the trends is necessary to avoid using outdated tools.
Alternative title: How to go from beginner to RCE using basic automation.
If you feel that critical bugs and automation elude you, this is the writeup for you! It is very well written and present a step-by-step guide that you could follow for finding different types of bugs.
– Corsy
– Jaeles & Documentation
The common theme for these tools is automation.
Smuggler.py is for testing a list of URLs for HTTP request smuggling.
Corsy is a CORS misconfiguration scanner (with currently 10+ checks).
Jaeles is a framework in Go for building your own Web Application Scanner. I have not tested it yet, but it looks powerful and easy to use. You can add signatures for new tests and integrate it with Burp.
I’ve been on a quest for the perfect note-taking app for years. Some of the criteria I’m looking for are: Web Clipper, supports multiples OSes including Linux, mobile apps available, automatic synchronization and backups ideally with self-hosted server, markdown, and possibility to encrypt notes.
Evernote was good especially for its Web Clipper and mobile apps, but it does not have a Linux version.
Laverna was impractical and lacked basic features like searching inside notes.
SwiftnessX can be very useful for creating pentest templates, checklists and payload lists. But it does not have markdown and I found it not suitable for being used as a full knowledge base app.
QOwnNotes was a good candidate that I used for months. But it had an annoying bug (cursor moving by itsef while I was writing notes).
So, when Alexandre Dulaunoy tweeted about Joplin, I instantly installed it. It has all the features I’m looking for, even a Web Clipper and mobile apps! I also like that you can change the layout (whether to display markdown text, rendered markdown, or both).
Only time will tell, but this looks like the perfect note-taking app for me!
Accelerate Your Career By Building FIVE Critical Professional Skills
Ted Demopoulos offers great advice in this webinar, for both people who want to become entrepreneurs or move up the corporate ladder.
You probably have already heard some of these things. But it is good to hear the reminder and detailed tips from someone who has 20+ years of experience as an independent consultant.
@0xacb talks about getting RCE on Shopify and Valve, CTF, reverse engineering and bug bounties!
Live Recon Stream #2 (by @jhaddix)
Zero-day vulnerability in Bash – Suidbash Google CTF Finals 2019 (pwn)
Building your Car Hacking Labs & Car Hacking Community from Scratch
How to Train Your Red Team (for Cloud Native) & related resources
[55] – 27.11.2019 – Attacking JWT consumers with Burp and JWT4B
The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938
macOS Red Team: Spoofing Privileged Helpers (and Others) to Gain Root
Report: We Tested 5 Popular Web Hosting Companies & All Were Easily Hacked #Web
Getting Malicious Office Documents to Fire Without Protected View #Phishing
Weak encryption cipher and hardcoded cryptographic keys in Fortinet products #Crypto
Xiaomi Mi6 WiFi Captive Portal Remote Code Execution (Pwn2Own 2018) #Wifi #Android
Xiaomi Mi6 Browser Remote Code Execution (Pwn2Own 2018) #RCE #Android
Privilege escalation on GitLab ($12,000)
Reflected XSS on Facebook ($5,000)
DOM XSS on Razer ($250)
CORS misconfiguration, Open redirect, Reflected XSS & Session management flaw ($1,500)
Peasant: LinkedIn reconnaissance tool
Asnip: ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Tplmap: Server-Side Template Injection and Code Injection Detection and Exploitation Tool
DockerPwn.py: Python automation of Docker.sock abuse
Heimdall: Tool to distribute scanning and recon activities across multiple parallel cloud services
Mongot: Easily connect to open MongoDB and dump data
Nessus Map: Parse .nessus file(s) and shows output in interactive UI
rotaTOR: Bash script to change TOR ip – timer based
Andor: Blind SQL Injection Tool in Go
T1tl3: A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title
Actarus: A custom tool for bug bounty in Symfony
Cypheroth: Automated, extensible toolset that runs cypher queries against Bloodhound’s Neo4j backend and saves output to spreadsheets
Bug Bounty Playbook ($24.99)
Top 10 vulnerable websites for penetration testing and ethical hacking training
SQL Injection Payload List, RFI/LFI Payload List & XML External Entity (XXE) Injection Payload List
Genesis: A framework to generate unique test cases that are mapped to the MITRE ATT&CK framework
APIsecurity.io Issue 59: Vulnerabilities in Fortinet, Truecaller, Nykaa Fashion, SMA M2 smartwatch
DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy
Kali Linux 2019.4 Release: Undercover mode to impersonate Windows 10, PowerShell, NetHunter Kex…
Internal Kaspersky API still exposed to websites, alleges researcher
Cheap kids smartwatch exposes the location of 5,000+ children
Fortinet took 18 months to strip software of flawed crypto cipher and keys
Exploit code published for two dangerous Apache Solr remote code execution flaws
Lights That Warn Planes of Obstacles Were Exposed to Open Internet
Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions
Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data
A hacking group is hijacking Docker systems with exposed API endpoints
Cloudflare releases ‘Flan Scan’ tool to the masses… infosec backlash ensues
HPE tells users to patch SSDs to prevent failure after 32,768 hours of operation
Apple-Corellium lawsuit raises concerns among security research community
Web trackers using CNAME Cloaking to bypass browsers’ ad blockers
A decade of hacking: The most notable cyber-security events of the 2010s
Christmas socialising. Goodwill to all, and keep your devices safe
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 11/22/2019 to 11/29/2019.
Disclaimer:The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti