By Intigriti
February 25, 2020
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 14 to 21 of February.
Low Competition Bug Hunting (What to Learn) – ft. #AndroidHackingMonth
If you are discouraged by bug bounty and think all the bugs are gone, watch this. @InsiderPhD gives an awesome explanation of why it is not true, and what you need to do to start finding bugs.
I love her way of thinking. She deconstruct the question into several chunks and tackles one after the other: Which targets/industry to choose? Which assets and bugs to focus on? Which techniques to learn? How to interpret and use bug bounty statistics?
– A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
– RCE on https://beta-partners.tesla.com due to CVE-2020-0618 ($10,000)
The first writeup is an excellent breakdown of common vulnerabilities of XML and ZIP parsers. @spaceraccoonsec was able to find an XXE and RCE via ZIP path traversal.
Mastering classic techniques can be as lucrative as monitoring and testing for new ones, which is what @parzel2 did. He got an impressive bounty by reporting CVE-2020-0618 on Tesla only 1 day after it was published!
I am amazed at his monitoring and historic data management that probably allowed for this speed. But I’m also surprised that the bug was accepted since some programs do not reward for CVEs discovered too recently.
This episode goes over what happened during the Iowa-Coalfire pentesters debacle.
This is a must for anyone who loves pentest stories, Darknet Diaries, and was concerned over this shocking incident.
This Burp extension automatically highlights or add a comment to requests based on user-defined rules.
Use cases suggested are interesting. The tool allows you to highlight specific status codes, differentiate user sessions for authentication and authorization testing, hide requests with specific HTTP methods (e.g. CORS preflight OPTIONS requests), facilitate SOAP services tests by adding comments, and highlight requests containing sensitive information.
Do you know the common point between learning German, crochet world records, knitting, hedge fund management, reading challenges, skydiving, and losing weight by hiking? Stephen Duneier did all that and much much more just by making marginal adjustments to his daily routine.
It is amazing to see these concrete examples of making really ambitious goals and breaking them down into manageable decisions. By making one small good choice after another, the unattainable becomes easily reachable.
I think this is the best approach and mindset whether you’re struggling with bug bounties, some complex hacking techniques, time management, weight loss or anything.
Building with Azure Devops, Gadget to jscript & GadgetToJScript
HackerSploit – The Home Of Open Source Cybersecurity Training
Risky Business #573 — Gas plant ransomware attack, Huawei mega-indictment and more
Quantum Crypto Chaos, Cloud Vulnerabilities, Turkish RATs and Julian Assange. – SWN #13
Docker, 42 Vulnerabilities, Backdoors, Spying on 100+ Foreign Govs. – PSW #639
Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks
Hacking RPA -1(UiPath ) -A(Local Components) & 0-Day Hacking RPA -1(UiPath) B(Remote Components)
Owning the cloud through SSRF and PDF Generators – Ben Sadeghipour and Chris Holt
GOTO 2019 • Taking Security Seriously • Michael Brunton-Spall
A technique that a lot of SQL injection beginners don’t know
Jailbreak and stuff!! Kickstart tools and techniques for iOS application pentesting
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS) #RCE
Combining DOM and reflected XSS to bypass input sanitation in Checkpoint.com #Web
Critical Issue In ThemeGrill Demo Importer Leads To Database Wipe and Auth Bypass #Web #CodeReview
Hackers Can Gain Active Directory Privileges Through New Vulnerability in Xerox Printers #LDAP #Printer
Bypass Windows 10 User Group Policy (and more) with this One Weird Trick #Windows
Email address of any user can be queried on Report Invitation GraphQL type when username is known ($8,500)
From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
GadgetProbe & GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath: Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths
BurpSuite Random User-Agents: Burp Suite extension for generating random user-agents
GoSpider: Fast web spider written in Go
Cve-api: Unofficial api for cve.mitre.org
VTSCAN: Scan a file directly from your terminal using VirusTotal API
TugaRecon: Fast subdomains enumeration tool for penetration testers
XSS’OR: Hack with JavaScript
Onedrive_user_enum & Achieving Passive User Enumeration with OneDrive: pentest tool to enumerate valid onedrive users
Updog: A replacement for Python’s SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth
OpenRelayMagic: Tool to find SMTP servers vulnerable to open relay
icmpsh-s-linux: GNU/Linux version of the icmpsh reverse ICMP shell client
0l4bs: XSS labs
Analysis of Network Security Configuration bypasses with Frida
Exploring Microsoft Teams Rooms (MTR) Console as a Potential Attack Vector
Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed
Getting What You’re Entitled To: A Journey Into MacOS Stored Credentials
Security flaws belatedly fixed in open source SuiteCRM software
Windows, Linux Devices at Risk Due to Unsigned Peripheral Firmware
CoTURN patches denial-of-service and memory corruption flaws
Slickwraps says customer trust was ‘violated’ in data breach caused by glaring security holes
Hacker Scheme Threatens AdSense Customers with Account Suspension
Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum
Phishing scammers pose as World Health Organization to exploit coronavirus fears
Cybergang Favors G Suite and Physical Checks For BEC Attacks
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world
Microsoft: Linux Defender antivirus now in public preview, iOS and Android are next
New infrastructure will enhance privacy in today’s Internet of Things
Protect yourself from coronavirus with a mask that looks like your face
Facebook was repeatedly warned of security flaw that led to biggest data breach in its history
Software Development Principals for Offensive Developers — Part 1 (Fundamentals)
Sharenting, BYOD and Kids Online: 10 Digital Tips for Modern Day Parents
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 02/14/2020 to 02/21/2020.
Curated by Pentester Land & Sponsored by IntigritiThe views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.