The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on July 16, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 05 to 12 of July.
These tweets are so good that I had to mention all four. They’re about:
:!Q(which isn’t currently an option) quit it too
If testing for mass assignment isn’t currently part of your methodology, this is an excellent opportunity to learn about it and start testing for it.
@albinowax was bug hunting on New Relic. He found that free accounts didn’t have access to the API. But this restriction could be bypassed by intercepting a POST request to change your name and adding this parameter:
He also tells us how he guessed the parameter’s name:
If you find a request updating/editing an object, be sure to run Param Miner on it - it might just find you a mass assignment vulnerability
Securing Your Cloud Infrastructure | Security and Research Company (SECARMY)
After last week’s intro to cloud for pentesters and bug hunters, SECARMY returns with a sequel on common cloud security misconfigurations and their mitigations.
More specifically, this one is about SSRF and LFI on AWS, why they occur, how to detect them, how to leak AWS credentials and what companies can do to prevent it.
A few weeks ago, @EdOverflow published the article “CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter. He did the research with a few other hackers, and they developed a tool to automate fetching Travis CI build logs.
It allowed them to quickly look for sensitive information in CI logs and earn many bounties. It was awesome to read about that but they didn’t release it because they didn’t want to cause service disruptions to CI platforms.
I guess they’ve changed their minds because they’ve just released Secretz!
It minimizes the large attack surface of Travis CI by automatically fetching repos, builds, and logs for any given organization. So it’s a really neat tool to add to your arsenal.
Who doesn’t like peeking at how other hackers organize their notes?
@GouveaHeitor shares here how he uses SwiftnessX to defines payloads, report templates and libraries / checklists. It’s worth looking at his screenshots if you feel like your pentest/bug bounty notes could be better organized.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 07/05/2019 to 07/12/2019
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…