The 5 Hacking NewsLetter 107
Posted in Newsletter on May 27, 2020
Posted in Newsletter on April 21, 2020
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 10 to 17 of April.
Attacking and Auditing Docker Containers and Kubernetes Clusters
After last week’s training on AWS and Azure, @appseccouk is now generously open sourcing another complete training course. This one is about hacking Docker containers and Kubernetes clusters. It includes documentation, Docker Lab virtual machines and an intentionally vulnerable Kubernetes cluster (Google Cloud).
JSON Web Token Validation Bypass in Auth0 Authentication API
This is a nice writeup on bypassing JWT validation. The app checks that the algorithm is not
none, but relies on a blacklist. Using
alg: nonE bypasses the case-sensitive filter, and allows for forging JWT tokens for any user. @zantedotnz also shares the tool he used and links to resources on JWT hacking.
These are the videos/talks I plan on watching in priority this week. Why? Because I want to learn about @hussein98d’s recon process and bug hunting methodology, @snyff discussing less obvious vulnerabilities, how @codingo_ uses Interlace, and @samwcyo’s attacks on secondary contexts.
How to Remember Everything : Using Roam for Bug Bounty Notes
Choosing a note-taking app is such a never-ending rabbit hole! 🤦
After settling on Joplin, then discovering Notion’s great UI and features, I’m now tempted to check out Roam. @bonjarber does a great job of explaining why Roam’s graph-based approach solves problems all apps based on a “hierarchical tree” have (including Notion).
Depending on the bug classes you are focusing on, these tutorials might come in very handy. The OAuth one will give you ideas for new attacks to test for. The GraphQL article will give you an idea of common GraphQL bugs, and it is accompanied with an intentionally vulnerable API playground. The last tutorial is an excellent introduction to code-reuse attacks, and how to leverage them to bypass the latest XS mitigations like CSP, WAFs and HTML sanitizers.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 04/10/2020 to 04/17/2020.
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…