Hey hackers! Here are our favorite resources for pentesters and bug hunters discovered last week.

This issue covers the week from 12 to 19 of October.

Our favorite 5 hacking items #

1. Tutorial & Tool of the week #

Embedding Meterpreter in Android APK by Black Hills Information Security AndroidEmbedIT

This is a great tutorial on how to embed a Metasploit payload into a legitimate Android app. It is accompanied by AndroidEmbedIT, a tool to automate the process, but you’ll find the most value in the tutorial.

Even if you’re not planning on tricking all your friends or deploying the next Android malware botnet, you could still learn a lot from it: decompiling APKs, integrating Metasploit payloads, adding permissions, recompiling and signing APKs…

2. Writeup of the week #

h1-202 leaderboard photo discloses local wifi password

I usually prefer technical writings that’ll help me improve my skills whether they are writeups, news or tutorials. This bug is not technical at all but it is the best!

$500 for a medium severity bug found on Hackerone. What is it? The local wifi password found just by watching photos of a Hackerone event!
Hahaha (Can’t stop laughing everytime I read it!)

3. Video of the week #

How to Differentiate Yourself as a Bug Bounty Hunter by @avlidienbrunn (OWASP Stockholm)

This is a short but sweet talk on how to differentiate yourself, a question that every bug hunter asks himself several times a day.

Mathias gives very specific tips, a mathematic formula to calculate bounty effectiveness and a pretty funny goose picture. But I’m not gonna spoil it, just watch the talk!

4. Challenge of the week #

Curious how Facebook got hacked? Try it out for yourself! by Adversary

This is a simulation of Facebook’s latest data breach. It is a great opportunity to understand and exploit a real-life bug with critical impact in a controlled environment. And if you’re stuck, steps and hints are provided too.

5. Resource of the week #

Security Assessment Mindset by @dsopas

The Security Mindmap which has been around for some time has been updated. It’s a huge mindmap to use when doing pentest, bug bounty or red-team assessments.

Many types of tests are included: Web, network, physical, IoT and OSINT. But Wifi and mobile tests haven’t been added yet. So you can use the mindmap as it is or as a basis for a more complete personal testing checklist.

Other amazing things we stumbled upon this week #

Videos, Conferences & Podcasts #

Videos #

• HackerOne Hacker Interviews: @fisher
• Bug Bounty Session - IDOR

Conferences & Webinars #

• Android RE Workshop (Slides & Workshop material)
• FailTime Failing towards Success & slides by Sean Metcalf (BSides Charm) *
• A Hacker’s Guide to Kubernetes and the Cloud by Rory McCune (NCC Group PLC)
• Abusing Bash For Windows, slides & scripts by Antoine Cervoise (Hack.lu 2018)
• Basics of IoT Hacking for the Career Pen Tester & slides

Podcasts #

• The ManyHats Club Ep. 34, AirFASE (with HackerPom and RagSec

Tutorials #

Medium to advanced #

• Simple Telegram Bot for Blind XSS Notification
• Brute-forcing Active Directory credentials via RD Gateway
• High Performance Web Brute-Forcing
• Building advanced XSS vectors
• How to Conduct DNS Reconnaissance for $.02 Using Rapid7 Open Data and AWS
• Route 53 as Pentest Infrastructure

Beginners corner #

• Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)
• Comprehensive Guide to Dirb Tool
• File Transfer Cheatsheet

Writeups #

• How I “found” the database of the Donald Daters App
• How i hacked live chat of ubagroup and got nothing not even thanks
• How I found a vulnerability on MTN subdomain
• The FORBES Bug Bounty experience
• Guessing answers to security questions
• How I “found” the database of the Donald Daters App
• Having The Security Rug Pulled Out From Under You: Unrestricted file upload on jQuery File Upload Plugin

Tools #

• StaCoAn: a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile apps
• HASSH: a profiling method for SSH clients and servers
• JTB Investigator: A tool to speed up the process of doing the same simple IP/Domain Name lookups over and over again
• Autocon
• SSRFMap: Automatic SSRF fuzzer and exploitation tool
• A2SV *
• cve-2018-10933: libssh authentication bypass
• Zen: Find emails of Github users

Misc. pentest & bug bounty resources #

• The Open Guide to Amazon Web Services: Not specifically for hacker but should help when testing AWS instances
• GTFOBins: Curated list of Unix binaries that can be exploited to bypass local security restrictions *
• Web Security Basics: a quick review of basic web security concepts (SSL/TLS, CORS, XSS, CSRF, Access &refresh tokens) *
• Google_dorks *

Non technical #

• Taxi-Drivers at Hacken Cup 2018
• Best Hacker Movies – The Definitive List

News #

• Malicious Redirects from NewShareCounts.com Tweet Counter
• Google plans to encrypt Android cloud backups with your screen password
• Facebook’s latest hack summarized
• Chrome, Firefox, Edge and Safari plan to disable TLS 1.0 and 1.1 in 2020
• Trivial authentication bypass in libssh leaves servers wide open

Tweeted this week #

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/12/2018 to 10/19/2018

* Oldies but goodies

Have a nice week folks!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…