By intigriti_inti
January 28, 2020
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 17 to 24 of January.
This is a talk I’ve been impatiently waiting for since it was announced. @fransrosen shares his methodology for breaking Web apps/APIs by using fuzzing and information disclosure.
He uses an imaginary app to show practical examples of building custom API wordlists, finding hidden endpoints, etc. An absolute must watch if you’ve ever come accross tips on Web app fuzzing and did not know how to apply them in practice.
This writeup shows two instances where an app seemed safe but was actually vulnerable to IDOR.
In one case, trying to access another account’s info returned an error but the information was displayed in a different location.
The second example seems weird. It involves many steps, so I am not going to try to sum it up in a sentence. But it is definitely something I will start testing for.
@Jhaddix Talks About Defcon, Burp Suite, Hacking, Bug Bounties and How He Does Recon!
This is a cool interview with @Jhaddix. Watch if you want to know how he increased his bug bounty payouts and how he deals with companies that silently fix bugs as soon as they detect that he found them. He transformed an N/A report into a 15K bounty using reporting wizardry😱
– Sourcemapper
– Recon-pipeline & How to Build an Automated Recon Pipeline with Python and Luigi – Part VI (Wrapping Up)
Sourcemapper is a Bash script that reconstructs JavaScript from a sourcemap. It is a reliable and fast way to retrieve JS files for further analysis (using tools like LinkFinder).
The recon pipeline is an awesome example of recon automation using Python. The tutorials are fantastic for anyone who want not only a recon tool, but mostly how to build your own.
– Bug Bounty Checklist for Web App
– Rewrote my recon bot to output to markdown and upload to a git server
These are cool examples of leveraging markdown to save recon results in a Git repository and to create a testing checklist (in any Markdown note-taking app like Joplin).
It seems so obvious now but when I started using Markdown, I did not think that it could help with these two situations.
In both cases, markdown allows you to take notes that are easy to backup and are displayed in a human-friendly format.
How to make $100,000 a month in Cybersecurity – Informal Chat w. @The Cyber Mentor
IoT Security: Backdooring a smart camera by creating a malicious firmware upgrade
CVE-2020-0601 aka Curveball: A technical look inside the critical Microsoft CryptoAPI vulnerability
Undetected 01 Johan Edholm – Evolution of hacking; Web Security to companies of all sizes
Risky Business #569 — Bezos’ Saudi hack claims, Glenn Greenwald facing cybercrime charges
The Privacy, Security, & OSINT Show – 153-Privacy News, Travel Routers, & OSINT Updates
Telnet, ADP, Clearview, VPNs, and How The FBI Handles Hacking Attempts In The Election – SWN #5
How to Build an Automated Recon Pipeline with Python and Luigi – Part VI (Wrapping Up) & recon-pipeline repo
Discovering the IP address of a WordPress site hidden behind Cloudflare
[1/3] Cloud-ready Burp Suite on Docker & [2/3] Cloud-ready SSH on Docker
Android (AOSP) Download Provider SQL Injection in Query Selection Parameter (CVE-2019-2198) & PoC #Android
Rate Limit issues that can lead to disclosing some of Spreaker user’s data & PoC #Web
ConnectWise Control 19.3.25270.7185 – Eight Vulnerabilities, Including Critical #Web
Missing Authorization Check In wpCentral Plugin Leads To Multiple Vulnerabilities #Web #CodeReview
Netgear Signed TLS Cert Private Key Disclosure #InfoDisclosure #Firmware
Finding a Privilege Escalation in the Intel Trusted Connect Service Client #Windows
Arbitrary local system file read on open-xchange server on Open-Xchange ($2,000)
GGvulnz — How I hacked hundreds of companies through Google Groups & How to check your domain and groups settings
Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover ($12,500)
ccrawlen: Python script that uses the CommonCrawl dataset API (petabytes of data!) to extrat subdomains and crawl the data to get interesting endpoints and js files
Top-Port-Slicer: Python script to give you subsets of the nmap “top-ports”. For example, I want the 10th to 100th most common TCP ports. Spits out a comma separated list you can copy into -p arg for nmap or masscan
Playwright: Node library to automate Chromium, Firefox and WebKit browsers
Rusty Hogs: A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python
Scanner/Poc for CVE-2020-0609 & CVE-2020-0610 (BlueGate): by @MalwareTechBlog & by @ollypwn
Naabu: A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Peirates: Kubernetes Penetration Testing tool
S3 Bucket Scraper: A tool for scraping S3 buckets on AWS
Blinder: A python library to automate time-based blind SQL injection
Pullit: Find leaked credentials on Github
ApplicationInspector: A source code analyzer by Microsoft for almost any modern language
Satellite & Introduction: A Payload and Proxy Service for Red Team Operations
SharpCookieMonster & Introduction: C# tool that dumps cookies from Chrome for all sites, even those with httpOnly/secure/session flags
Pcapinator: A tool for processing a lot of pcaps using tshark
TAS: Framework for easily manipulating the tty and creating fake binaries. Useful as a post-exploitation technique to perform privilege escalation and information gathering
Grouper2: Find vulnerabilities in AD Group Policy
Red_Team: Some scripts useful for red team activities
Zipper: A CobaltStrike file and folder compression utility
A simple list with jira, zabbix, kibana and other popular domains in companies
Chrome-CORS: A demo vulnerable application for stealing sensitive information by abusing Google Chrome cache
Adversary Tactics: PowerShell: Free SpecterOps PowerShell training
The Fall Of Mighty Django, Exploiting Unicode Case Transformations
Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care & Google Maps API Scanner
Information Leaks via Safari’s Intelligent Tracking Prevention
BMW Connected Apps Protocol #CarHacking
The owasp membership price changes depending on the country you live in. Makeing it more inclusive!
Pwn2Own Miami: Hackers scoop $250,000 in prizes during inaugural ICS security contest
Internet Explorer zero-day surfaces in ‘limited targeted attacks’
Did you really ‘like’ that? How Chameleon attacks spring in Facebook, Twitter, LinkedIn
Google to Apple: Safari’s privacy feature actually opens iPhone users to tracking
Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone & Key Technical Elements
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
Trend Micro antivirus zero-day used in Mitsubishi Electric hack
Betting companies given access to UK gov’t information on millions of children
Microsoft Exposes 250M Customer Support Records on Leaky Servers
ProtonVPN apps handed to open source community in transparency push: contains links to audit reports of the Windows/MasOS, iOS & Android apps
Clearview app lets strangers find your name, info with snap of a photo, report says
LastPass Mistakenly Removes Extension from Chrome Store, Causes Outage
Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources
Case Closed: Work-From-Home Is the World’s Smartest Management Strategy
How To Recover From These Three Unavoidable Job Search Setbacks
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 01/17/2020 to 01/24/2020.
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.
Curated by Pentester Land & Sponsored by Intigriti