The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on May 21, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 10 to 17 of May.
Open redirects are often considered low impact bugs by bug bounty programs (including Google). As such, they are not rewarded unless they can be used to exploit other vulnerabilities like XSS or OAuth token disclosure. So you want to increase their impact by chaining them with other bugs.
Also, if you’re a pentester not a bug bounty hunter, the same logic applies. If you want to convince clients which bugs are the most damaging and must absolutely be fixed, you need to tell them why by providing detailed attack scenarios.
This article can help. It shows how to combine open redirect with Referrer check bypass, XSS-Auditor bypass, SSRF & OAuth token theft.
Think Outside the Scope: Advanced CORS Exploitation Techniques ($1,500)
This an excellent writeup of two CORS misconfigurations and how to exploit them in great detail (with code, PoCs, specifics of each browser, other good references…).
Highly recommended if you want to see practical examples of real-life CORS vulnerabilities.
This is an awesome presentation on API security. If you’re into this, make sure to watch the video to better understand the slides. I didn’t realize there was a video embedded in the page at first…
The bugs described include the lack of rate-limiting, IDOR, session flaws, mishandling client-side session data, JWT weaknesses, CSRF, CORS misconfigurations and more. Juicy stuff!
I found this article really interesting because it is a walkthrough of the pentest of a power station. Personally, I find physical pentests & red teaming fascinating specifically because I lack experience in this area (having done mostly “regular” pentests).
This walkthrough touches on many things including why not phishing is not always the best approach, a concrete example of recon (different from recon done for Web app testing), how to convince boards of the importance of security, etc.
It’s probably nothing new if you’re already doing these kinds of tests, but it’s a nice high-level view for anyone who’s striving to become a pentester.
Have you heard of Samesite cookies recently and wondered what they are? If yes, this is a great introduction to this relatively new cookie attribute.
It’s a protection against CSRF and it seems very effective. I think we will see less and less CSRF bugs in bug bounty.
So check out this tutorial if you’re into Web app security.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 05/10/2019 to 05/17/2019
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…