The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on February 26, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 15 to 22 of February.
This is a great wiki on SQL injection for both beginners and advanced testers.
I’m always talking abount maintaining a personal knowledge base. If you need inspiration, this is a perfect example of one which is very well organized and includes most things you need to learn or remember for testing SQL injections:
I think the best bugs are those found after researching a specific topic, finding a new type of bugs, then applying the finding to as many sites with a bug bounty program as possible.
This is a great strategy for finding a lot of valid bugs but it requires new thinking and discovering something that few people might have noticed. So it is nice to read about @securinti’s thought process!
This article encompasses a lot of information like:
Also, don’t bother testing for the Intigriti bug on other bug bounty platforms, he already did.
LazyRecon by @CaptMeelo (not to be confused with @Nahamsec’s LazyRecon script)
I love peeping into recon tools and seeing which tools, techniques or development practices they use that I don’t.
LazyRecon is very similar to my own automated tool. It’s written in Bash, is a wrapper around staple bug hunting tools (like Amass, Subfinder, Massdns, Masscan, Nmap, Aquatone, Dirsearch…) and is organized following a workflow including all the basic recon steps: subdomain enumeration, subdomain takeover, CORS configuration, IP discovery, port scanning, visual recon and content discovery.
I highly recommend reading through the tool’s description (especially the “Notes” section) and the source code. It’s good to use as is or as a basis for your own complete and customized recon tool.
@LiveOverflow is a genious! Seriously, reading the title of this video, I didn’t understand what was there to discuss: a security vulnerability is any unexpected behaviour or flaw which can have a business impact, whether it is financial or brand image loss.
But this video is about 5 examples which makes you think:
Sometimes, the line is blurry and it takes experience and intuition to decide whether a bug is a vulnerability or not. It makes sense. I didn’t realize this before hearing in it explained in these terms, but I use intuition too. Reading reports and experience that comes from discussions with clients and developers also help.
This is a short to the point tutorial on how to create AWS s3 buckets. It’s not groundbreaking but it’s nice to have if you find a misconfigured subdomain pointing to an unclaimed bucket name.
Here’s an example bug bounty writeup from the same author on exploiting such a misconfigured subdomain.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 02/15/2019 to 02/22/2019
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…