Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 19 to 26 of October.

Our favorite 5 hacking items #

1. Conference of the week #

Beyond your studies & Slides by Ange Albertini

Wow, this talk is a gem (the slides also)! I wish I’d seen it as a teenager. It puts a light on so many truths related to infosec, job search, corporate environments, studies, the mold society tries to put you in, etc.

Watch it, even if you’re not a student or that young. If applied, this is life-changing advice.

2. Writeup of the week #

Cookie-based-injection XSS making exploitable with-out exploiting other Vulns by @agrawalsmart7

This writeup is a good example of cookie-based XSS exploitation. Once you’ve found a vulnerable URL, transform it by adding the cookie’s name & value to the URL as GET parameters: https://example.com?PHPSESSID={payload}.

Making victims click on a GET URL is easier than injecting HTTP headers / cookies. So this is a better PoC for pentest & bug bounty reports.

3. Challenge of the week #

flAWS challenge by @0xdabbad00

Challenges to train for finding bugs on AWS are harder to come by than other vulnerabilities like XSS, SQL injection, etc.

This is a good one. It’ll allow you to learn more about AWS flaws, with tips if you’re stuck. And the great part is that you won’t need to install anything, or bother with configuring a AWS instance, it is all already online and waiting for you!

4. Non technical item of the week #

The Cybersecurity Hiring Gap is Due to The Lack of Entry-level Positions by @DanielMiessler

Everybody has been complaining about the cybersecurity hiring crisis for years. I’ve heard about it since I started in 2012!
Juniors can’t find a job because companies only hire experienced candidates. And companies have trouble finding the experienced candidates they need.

This piece by Daniel Miessler is enlightening. He explains the mistakes made by both parties that cause this crisis, and what they could do better.

This could help you if you’re either hiring or looking for a job.

5. Tutorial of the week #

Local Linux privilege escalation overview by @L0vvebug

This is a comprehensive tutorial on Linux privilege escalation. It presents multiple techniques to gather information on a system post-exploitation, and to escalate your privileges to root.

This is a good reference: A lot of techniques and commands condensed on the same page, but still understanble and detailed. It should be useful for penetration tests and passing the OSCP.

Other amazing things we stumbled upon this week #

Podcasts #

• 7 Minute Security #333: Pentesting Potatoes

Conferences #

• Hack.lu 2018, especially:
  • Only An Electron Away From Code Execution
  • Education And Communication
  • Don’t Leave Parts Unknown: A Recipe For Ethical Documentation
  • Take Your Path Normalization Off And Pop 0days Out!
  • Modern Pentest Tricks For Faster, Wider, Greater Engagements
  • How To Hack A Yacht - Swimming IoT
• Def Con 26, especially:
  • Worrisome Security Issues in Tracker Apps
  • Edge Side Include Injection Abusing Caching Servers into SSRF
• Exploiting Unknown Browsers and Objects & Slides

Slides only #

• Authentication Done Right
• Hide Android Applications in Images & Android workshop material
• Browsers - For better or worse …
• Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “features”

Tutorials #

Medium to advanced #

• Quick guide to recovering configs from Cisco switches and routers
• Common Security Mistakes when Developing Swift Applications – Part I

Beginners corner #

• Using Burp to Test Session Token Generation
• SOAP vs REST Webservice
• Webservices Testing Methodologies
• Linux Privilege Escalation via Automated Script
• Meterpreter File System Commands Cheatsheet
• Metasploit Basics, Part 16: Metasploit SCADA Hacking
• Comprehensive Guide on SearchSploit
• Bypassing & Exploiting CAPTCHA
• Passive Reconnaissance Using OSINT

Writeups #

• Three Non Web-based XSS Injections
• A behavior that leads to XSS — Spring
• WizCase Report: Vulnerabilities found on WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS
• W32.Coozie: Discovering Oracle CVE-2018-3253

Tools #

If you don’t have time #

• TLS-Scanner: A tool to assist pentesters in the evaluation of TLS Server configurations
• SharpSploit & tutorial: SharpSploit is a .NET post-exploitation library written in C#
• off-by-slash: Burp extension to detect alias traversal via NGINX misconfiguration at scale

More tools, if you have time #

• WebMap: Nmap Web Dashboard and Reporting
• IVRE: Open source framework for network recon
• Bscan: An asynchronous target enumeration tool
• JQShell: A weaponized version of CVE-2018-9206
• YaCy & Tutorial: A free search engine to use for OSINT or reconnaissance

Misc. pentest & bug bounty resources #

• Infosec Reference
• AwesomeXSS
• InfoconDB: the IMDB of infosec conferences

Challenges #

• Spooky challenge: Halloween themed XSS challenge by @BitK_
• HITCON CTF 2018 - One Line PHP Challenge by Orange Tsai
• SANS | KringleCon 2018: “The challenge will launch in Dec. But, you can begin to explore some of the world of KringleCon now.”

News #

• Cloudflare WAF Bypass Vulnerability Discovered
• Out of Pocket: How an ISP Exposed Administrative System Credentials

Non technical #

• The life of an ethical hacker [Q&A]

Tweeted this week #

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/19/2018 to 10/26/2018

Have a nice week folks!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…