Hey hackers! As usual, this is a collection of our favorite resources for penetration testers and bug bounty hunters. It covers the week from to the 8th to the 15th of June.

There’s a lot to read, so grab a nice plate of watermelon (yeah, it’s summer baby!) and good reading!

Our favorite 5 hacking items #

1. Tutorial of the week #

Should this be public though? by Rojan Rijal

This tutorial presents great OSINT techniques for finding sensitive information leaked by employees.
A tool, LeakFinder, is also provided to automate the process. The author used it successfully on 2 bug bounty programs but the reports have not yet been disclosed.

2. Writeup of the week #

How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL by Darrell Damstedt

This is a great writeup about finding an XXE using Burp Collaborator.
If you read only one writeup this week, it should be this one: it’s well written, references good articles, presents a detailed methodology and a high impact vulnerability.

3. Conference of the week #

Security Fest 2018, particularly:

• Frans Rosén - Breaking and abusing specifications and policies - SecurityFest 2018
• Rachel Tobac - Hacking the Wetware - SecurityFest 2018

Amongst the several security conference videos that were released lately, I particularly enjoyed watching Frans Rosén’s talk at Security Fest. He explains how he found many critical vulnerabilities and the tricks he used to win $45,000 in bug bounties.

4. Tool of the week #

Archaeologit by Peter Jaric

Archaeologit scans the history of a user’s GitHub repositories for a given pattern to find sensitive things. So it can be useful for finding sensitive information from target companies while pentesting and bug bounty hunting.

5. Non technical item of the week #

The Never Ending Hack: Mental Health in InfoSec Community by Danny Akacki

This is a good talk about depression and mental illness by a hacker. It might help if you suffer from this kind of issues.
Also, if you are a remote worker in InfoSec, you might want to read this article from Danny Akacki too: Working from home is great, ’till it ain’t.. No-one is immune to depression!

Other amazing things we stumbled upon this week #

Videos & Podcasts #

• SANS Webcast: Introduction to enterprise vulnerability assessment, finding Struts
• Detectify Crowdsource | Meet the Hacker-Gerben Janssen van Doorn
• Jason Haddix, Bugcrowd - Paul’s Security Weekly #564 & the show notes
• NolaCon 2018, particularly:
  • Hacking Dumberly, Just Like the Bad Guys
  • Skills For A Red-Teamer
  • On the Hunt: Hacking the Hunt Group
  • You’ll Understand When You’re Older
• x33fcon conference, particularly:
  • 02. x33fcon 2018 - Open Source Pentesting by mubix
  • 05. x33fcon 2018 - Oracle Hacking Session with Kamil Stawiarski
  • 06. x33fcon 2018 - Death by a Thousand Struts: A Defenders Tale by sixdub
  • 12. x33fcon 2018 - Lightning Talk #2 Julian Horoszkiewicz
• Critical .zip vulnerabilities? - Zip Slip and ZipperDown

Tutorials #

• Reconnaissance: a eulogy in three acts
• Are Your Cookies Telling Your Fortune? An analysis of weak cookie secrets and OSINT
• Cookies for dummies Part 3: Understanding security flags – Secure, HttpOnly and SameSite
• One company: 262 bugs, 100% acceptance, 2.57 priority, 300million+ user details saved.
• Foothold Acquisition: Dorking for Fun and Profit
• Bypassing Cloudflare WAF to get more vulnerabilities
• Multiple Ways to Get root through Writable File
• Active Directory Penetration Dojo – Setup of AD Penetration Lab : Part 1
• Pentester’s Windows NTFS Tricks Collection
• Penetration Testing on X11 Server
• PowerShell For Pentesters Part 1: Introduction to PowerShell and Cmdlets

Writeups #

You can find the latest bug bounty writeups in our dedicated page: List of bug bounty writeups.
Only writeups that did not make it to this selection are listed below. This does not mean that they aren’t worth reading, just that they are not BUG BOUNTY writeups. We will soon post more details about how our curation process.

• How I gained admin level access to a website?

Tools #

• linkfinder-oneliner.sh
• XSS Finder
• BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application’s source code.
• One-Lin3r
• Archerysec: Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.
• m4ngl3m3: Common password pattern generator using strings list

Misc. pentest & bug bounty resources #

• BugBountyProTips ~ Collection
• List of Helpful Information Security Multimedia

Challenges & Training #

• 
• PwnAdventure3 - Game Open-World MMORPG Intentionally Vulnerable To Hacks

Non technical #

• Storytelling as a Service in InfoSec
• Password-free logins become a web reality
• My Path to Security – How Kelly Albrink Got Into Cybersecurity
• CV tips and hints

Tweets #

More tweets (Tips) #

More (fun) tweets #

This one reminds me of my years as a security auditor, we were always asked to look for the root cause!

See you next time!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…