By Intigriti
December 17, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 06 to 13 of December.
These tips are very helpful for improving your Burp experience. Some are old news but I’m discovering others for the first time:
How to reduce the size of Burp projects for long term storage (Burp project hoarders, hello!)
How to leverage Match and Replace for simplifying the use of complex or long test username/passwords (Simple yet genius! Useful especially with mobile tests)
How to rearrange Burp Repeater request and response tabs (So useful for taking screenshots for reports!)
Have you ever used Burp Repeater as a bookmarking feature? I do, and the result is not pretty. Tens of tabs open, which is not practical and slows down Burp.
So, this bookmarking extension can be life-changing. It allows you to save interesting requests/responses, replay requests directly in the extension’s tab, sent it to Repeater/Intruder, and highlight the request in Burp Proxy.
Docker For Pentesting And Bug Bounty Hunting & Bug Bounty Toolkit
This is an excellent introduction to Docker. If you are not already using it, you can learn in less than 40 minutes why and how to leverage it for pentest and bug bounty.
An example toolkit is also provided. It basically allows you to customize any Linux distribution by adding tools. The list of tools installed can be modified. This would be a good exercise for practicing with Docker.
Tip added to knowledge base! This is good to know and might save me (and you maybe?) time when using a VPN for either pentest or bug bounty.
Learning How to Learn: Powerful mental tools to help you master tough subjects & @knoxxs’s notes
I know someone who can literally learn anything in a very short period of time. I don’t think it is due to an abnormal intelligence or anything, but because of skills like the ability to detect the missing knowledge, where to get it and what to prioritize to get quick results.
These skills can be taught. This free Coursera course is an excellent start. Personally, I’ve added it to my list of online courses to go through in 2020. It explains both theory and practical techniques to improve learning, tackle procrastination, and understand how memory works.
@spaceraccoonsec talks about Hacker101, bug bounty checklists, collaboration and becoming MVH
Mystiko live session 001 #OSCP #SQLi
HackerOne Hacker Interviews: Cody (@daeken), Eugene (@spaceraccoon), Neiko Rivera (@specters), Collin (@collinmay), Dave (@n0bytes), Naffy (@nnwakelam) & Ron (@ngalongc)
7MS #390: Tales of Internal Network Pentest Pwnage – Part 11
Risky Business #566 — Balkanisation, ransomware, comedy bugs close out the decade
Security In Five Episode 640 – IoT Strikes Again – Jan 14 2020 Doomsday For Health Devices
Paul’s Security Weekly #629 – Outlook on Phishing in 2020 – Eric Brown
Paul’s Security Weekly #630 – Risks, Ransomware, Data Leaks, Oh My!
Iron Sysadmin podcast Episode 71 – Holiday Hack with the Elf Himself!
The Privacy, Security, & OSINT Show 148 – Camera & Microphone Blocking
KringleCon 2019, especially:
BlackAlps 2019: Swisscom Bug Bounty: Retour D’Un Chercheur – Daniel Le Gall (in French)
HD Moore on Modern Network Discovery – Duo Tech Talk & Slides
Black Hat EU 2019
Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
Selling 0-Days to Governments and Offensive Security Companies
Finding Our Path: How We’re Trying to Improve Active Directory Security
Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan
Tunneling traffic through MySQL service (or your mysqld is my new SOCKS5)
macOS Red Team: Calling Apple APIs Without Building Binaries
Help you understand HTTP Smuggling in one article & HTTP Request Smuggling in one Screenshot
GraphQL vs REST API model, common security test cases for GraphQL endpoints
Out-of-Band (OOB) SQL Injection & A Study of Out-of-Band Structured Query Language Injection
Solismed Version 3.3SP1 # Web
CVE-2019-19634 – class.upload.php <= 2.0.4 Arbitrary file upload #Web
CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI & PoC #Web #RCE
IoT Vuln Disclosure: Children’s GPS Smart Watches (R7-2019-57) #IoT
DoS on HackerOne ($2,500)
IDOR on GitLab ($5,000)
CORS with full PoC on LocalTapiola ($1,984)
Google Chrome portal element fuzzing ($8,000)
Vimeo upload function SSRF ($5,000)
Information disclosure on GitLab ($3,000)
SSRF/ToCToU on GitLab ($5,000)
See more writeups on The list of bug bounty writeups.
Shodan.io-mobile-app: Official repository for the Shodan.io mobile Application
I Got Urls: WaybackURLS + OtxURLS + CommonCrawl = The Best Results
Batea: AI-based tool that automatically filters interesting network assets in large networks using nmap scan reports
Recsech: Footprinting & recon tool
Ngrev: Tool for reverse engineering of Angular applications
Is-website-vulnerable: Finds publicly known security vulnerabilities in a website’s frontend JavaScript libraries
Routine-automation: Automation of commands and tools that @spenkkkkk uses for daily purposes and bug bounty
PathAuditor, Introduction: Tool for finding file access related vulnerabilities by auditing libc functions & E.g. of bug you can find with it: CVE-2019-3461
Hashcobra: Generates rainbow tables from wordlists to heavily optimize the cracking process
grandmaster: A python tool that assists in automating iOS firmware decryption
ZAP-Mini-Workshop: Easy way to work with and learn ZAP’s API and Scripting capabilities
APIsecurity.io Issue 61: Exposed patient records, vulnerabilities at Airtel and Kaspersky
Shoping_site: Dummy shopping site for whitebox pentesting
How I Shut Down a (Test) Factory with a Single Layer 2 Packet
Pentest-Report libssh C Library by Cure53 #CodeReview
An iOS bug in AirDrop let anyone temporarily lock-up nearby iPhones
Hackers can jack ShapeShift’s crypto wallets in 15 minutes, Kraken warns
Critical Remote Code-Execution Bugs Threaten Global Power Plants
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter
Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps
TrickBot gang is now a malware supplier for North Korean hackers
Domain Takeover at Gunpoint Gets Influencer 14 Years in Jail
Snatch ransomware reboots PCs in Safe Mode to skirt antivirus defenses
Chinese government to replace foreign hardware and software within three years
Would you rather buy a long range Tesla Model 3? Or… an Apple Computer?
Generated Passwords, UX and Security Absolutism & @TinkerSec’s take on the situation
$5m bounty set on the alleged head of Evil Corp banking Trojan group
Security.txt – IESG issues final call for comment on proposed vulnerability reporting standard
Chrome 79 released with tab freezing, back-forward caching, and loads of security features
How smoking led to social engineers gaining physical access to a network
Meet the team: Laura Kankaala – Securing companies by breaking stuff
The 3 lists you should be making & how to stop letting to-do lists control your life
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/06/2019 to 12/13/2019.
Disclaimer:
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti