The 5 Hacking NewsLetter 33
Posted in Newsletter on December 25, 2018
Posted in Newsletter on November 12, 2018
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 02 to 09 of November.
Wild West Hackin’ Fest 2018, especially:
Wild West Hackin’ Fest is a relatively new security conference by Black Hills Security, a company known for its penetration testing services.I’ve already shared with you many of their high-quality webcasts on penetration testing.
This time, it’s no different. These 3 talks present pentesting tips, tricks, and traps. They could help if you’re considering becoming a professional pentester.
Evernote For Windows Read Local File and Command Execute Vulnerabilities
This is a write-up for a stored XSS affecting the Evernote desktop app (version 6.14). The bug itself is simple:
An XSS leading to RCE is unusual since it is a client-side vulnerability. I think it’s really cool!
This is one of the best guides to get started in bug bounty I’ve seen out there! It lists many Twitter & Github accounts to follow, blogs, books, etc.
In addition to technical references, it also encompasses essential non technical advice like:
No one will be able to tell you everything about this field, It’s a long path but you have to travel it alone with help from others. “Do not expect someone will spoon feed you everything.”
This can’t be overstated…
This is a nice piece on security & empathy.
It particularly resonated with me because one of the first things I learned as an IT security auditor was the right posture to adopt with a client or auditee: Never make fun of their bugs or lack of security on their products. Never make them feel inferior just because they didn’t know how to properly secure an asset. Explaining bugs, risks and mitigation is what will help them improve their overall security, not a bad attitude.
So empathy in security actully makes a lot of sense.
Empathy towards attackers too, though it might seem weird. I’m reminded of an article I’ve read recently (but can’t find anymore) on cryptocurrency theft. Someone was contacted by a young blackhat. They talked for hours and the victim managed to get back all his money just by talking with and showing genuine empathy to the hacker. He was just a young guy in a bad situation.
This is a simple yet effective trick. It’s for when you find IP addresses with open Web ports (80, 443, 8080…), that can’t be accessed directly. If the server uses a reverse proxy and blocks access by IP, you will have to find the right hostnames resolving to the IP you have.
Passive DNS databases (like DNSDB) are a good resource to get hostnames from IPs and maybe access endpoints that other hunters/pentesters might have missed.
See more writeups on The list of bug bounty writeups.
Our community provides us with research, which we automate into our scanner and we reward the ethical hacker responsible for submitting the vulnerability every time it is found by our scanner.
The API has been designed to aggressively inform users about the latest available updates and give them a smooth in-app installation experience without closing the app or opening the Google Play Store.
A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom firms for finding/reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data
The researchers’ findings undermine the conventional wisdom that hardware-based encryption offers superior protection than software-based encryption. Business and consumers are advised not to rely on hardware encryption alone and to add software encryption, such as the free and open source VeraCrypt software package or similar alternatives, in order to safeguard their data.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 11/02/2018 to 11/09/2018
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…