Bug Bytes #51 – ArneSwinnen’s secrets, Hunting in the Dark & OSINT movie picks

By Intigriti

December 31, 2019

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from 20 to 27 of December.

Our favorite 5 hacking items

1. Video of the week

-@Arneswinnen Talks About Full Time Bug Hunting, Burp Suite Plugins, and Recon

I haven’t had the time to watch this whole video, but it is in my top work priorities given who the interviewee is.
@Arneswinnen literally made it rain bounties at Intigriti’s 1337UP1119 live hacking event. The bugs he found were out of this world. So, it is awesome to get to know more about him, his thought process, how he manages bug bounty full-time while still having a life, etc.

2. Writeup of the week

Microsoft Edge (Chromium) – EoP via XSS to Potential RCE
Hunting in the Dark – Blind XXE

The first writeup might make you want to get into browser hacking. $40,000 for XSS on Microsoft Edge!
The Second writeup is about a blind XXE, how it was found and used for port scanning and identifying files existing on the target.
This serves as a great example of OOB attack, perfect for reading after this week’s tutorial ⬇️

3. Article of the week

A Phonetic Approach to Calculate Linguistic Information in Text

This is really cool research by @s0md3v. He created an algorithm that detects valid linguistic data in a given text based on linguistics. In other words, it can differentiate between random and meaningful text.

From his benchmark, it is fast and more accurate that algorithms based on Shannon Entropy. But there is no need to understand the math to appreciate that the idea is very interesting for Web security testing. One useful application is finding API tokens scattered in strings, as shown in this demo.

4. Tutorial of the week

Out-of-band Attacks

This is an good introduction to out of band attacks. It includes examples of blind XSS, blind SQL injection, blind command injection, SSTI, and also how to exfiltrate data using DNS.
It’s worth reading if you want to learn about the OOB technique.

5. Non technical item of the week

OSINT Movie Time for the Holidays

This is the first time I see a list about OSINT movies. It’s a nice change from classic hacker movies.
I’ve also heard good things on “Don’t f**k with cats” and Bellingcat’s documentary. So, movies added to watchlist!

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

  • KeyFinder: A tool that let you find keys while surfing the web

  • Sr2t: Parse and convert Nessus, Nmap (and more tools) to XLSX, CSV

  • Token-Hunter & Introduction: Gather OSINT from GitLab groups and group members. Inspect GitLab assets like snippets, issues, and comments/discussions for sensitive information like GitLab Personal Access Tokens, AWS Auth Tokens, Google API Keys, and much more.

  • Ipconverter: Simple functions to add into .bashrc to convert Ip address into binary, hexadecimal, decimal, octal formats and viceversa

  • Asscan: Automated Subnet Scanner

More tools, if you have time

  • Burp Suite – Secret Finder: Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response

  • Git-vuln-finder: Finding potential software vulnerabilities from git commit messages

  • Aron: A GO script for finding hidden GET & POST parameters

  • Buster: An advanced tool for email reconnaissance

  • S3tk: A security toolkit for Amazon S3

  • huskyCI: Performing security tests inside your CI

  • Harpoon: A collection post-exploitation scripts for determining if that shell you just got is in a container, what kind, and ways to escape

  • Mad-metasploit

  • RProcDump: Remote process dumping automation. Use it to dump Windows credentials remotely and extract clear text with Mimikatz offline

  • ACLight: A script for advanced discovery of Privileged Accounts – includes Shadow Admins

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/20/2019 to 12/27/2019.

Curated by Pentester Land & Sponsored by Intigriti

Disclaimer:

The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.
Curated by Pentester Land & Sponsored by Intigriti

 

You may also like