Hey, hackers!
OMG, this week there were even more interesting things published & shared accross Youtube, Twitter, Medium, blogs, etc, than last time!
It was just impossible to choose only 5 items, and this is becoming a habit. So we’re trying a new format: Our 5 favorite items (just a matter of personal preference) commented, followed by all the other fantastic findings in the form of a list of links.

Let me know if you prefer this format or the older one, and if you have any suggestions or comments. It’s always a pleasure to hear from you!

Our favorite 5 hacking items #

1. Writeup of the week #

How i was able to get admin panel on a private program

I love the simplicity yet effectiveness of this technique. It was rewarded $1,500 and shows (yet again) the importance of recon, particularly retrieving and analyzing certificates from censys.io.

2. Non technical video of the week #

Infosec Resume No-Nos by Lesley Carhart

This is a short video that offers great advice for anyone in the infosec / cybersecurity field working on their resume. It reviews the most common errors people make.
It might be helpful if you’re looking for a job!

3. Tip / Tweet of the week #

Tip to access a 403 forbidden page: instead of going straight to the file for example :index.html Add a / behind the index.html: index.html/. Worked multiple times for me By Van Ingh Quinten

Nice trick to bypass 403 Forbidden page errors. Already added to my testing checklist!

4. Tutorial of the week #

Blind XSS for beginners

This is a great introduction to blind XSS. It sums up everything you need to know to start looking for this type of vulnerability.

5. Must watch conference #

LevelUp 2018 by Bugcrowd

Does it need any introduction? I’m sure you did not need me to inform you of this conference, but I couldn’t not mention here. I’ve been waiting for it for months and it did not disappoint.

High quality talks, a lot of tips, pentest and bug bounty techniques mentioned, the latest “Bug bounty hunter methodology” by Jason Haddix, etc. A must watch!

Other amazing things we stumbled upon this week #

Videos #

• Absolute AppSec Ep. #18 - Chris Gates / @carnal0wnage by Absolute Appsec
• Web Hacking Pro Tips #15: Amit Elazari by Peter Yaworski

Tutorials #

• Penetration Testing Methodology Series by Daniel Holdsworth:
  • Penetration Testing Methodology, Part 1/6 — Recon
  • Penetration Testing Methodology, Part 2/6 — Scanning
• New Hacker 101 content: Threat modeling, Burp basics, and more by Hackerone
• Bypass any WAF for XSS easily
• Linux Privilege Escalation using Sudo Rights
• Linux Privilege Escalation Using PATH Variable
• Linux Privilege Escalation using Misconfigured NFS

Writeups #

• SSRF in Exchange leads to ROOT access in all instances
• #BugBounty — “How I was able to hack any user account via password reset?”
• AWS Security Flaw which can grant admin access!
• How I found 5 store XSS on a private program. Each worth “1,016.66$”
• How we broke PHP, hacked Pornhub and earned $20,000
• CORS Enabled XSS
• RCE by uploading a web.config
• How I was able to see any private album passwrod in Picturepush — IDOR
• Simple IDOR to reject a to-be users invitation via their notification
• Persistent XSS to Steal Passwords – Paypal
• HTML injection to SSRF By Mustafa Khan
• reCAPTCHA bypass via HTTP Parameter Pollution (on Google)
• Private program email forwarding response invitation not expire after first use.
• Account Takeover and Blind XSS! Go Pro, get Bugs!

Tools #

• SleuthQL: A SQL Injection Discovery Tool
• FireShodanMap, a realtime map that integrates Firebase, Google Maps and Shodan

Training material #

• OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

Tweets #

• Take a list of subdomains, resolve them to an IP, remove duplicates and scan each with masscan.
• Comics by Julia Evans:
  • sed
  • du, df and friends
  • some useful unix commands
  • awk
  • a few bash tricks
• Huge list of Dutch websites offering rewards for responsible disclosure by Alex Birsan
• Sometimes I wonder what non-tech people would think if they saw my search history. by Daryl Ginn
• List of payloads to exploit Markdown syntax by @cujanovic by @XssPayloads
• Payloads for all SSRF, XSS, Open redirection And more. by @Alra3ees
• #Protip: Do you want to see what exploits or auxiliaries are there for specific port in #metasploit? Open a terminal and just run:… by @omespino
• Give JSON Web Token Attacker a try - it does JWS as well as JWT by Burp_Suite

Non technical #

• Writing a good and detailed vulnerability report
• The Importance of Deep Work & The 30-Hour Method for Learning a New Skill
• Gaining Technical Experience with Deliberate Practice
• The only OSCP advice you will need!!!

Pentest & bug bounty resources #

• The Bug Bounty Hunter Telegram Channel*
• List of bug bounty programs
• Pentesters & Bounty hunters inspirational guide

* Not tested yet because my phone is broken!

See you next time!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…