Hey, hackers!
OMG, this week there were even more interesting things published & shared accross Youtube, Twitter, Medium, blogs, etc, than last time!
It was just impossible to choose only 5 items, and this is becoming a habit. So we’re trying a new format: Our 5 favorite items (just a matter of personal preference) commented, followed by all the other fantastic findings in the form of a list of links.
Let me know if you prefer this format or the older one, and if you have any suggestions or comments. It’s always a pleasure to hear from you!
Our favorite 5 hacking items
1. Writeup of the week
I love the simplicity yet effectiveness of this technique. It was rewarded $1,500 and shows (yet again) the importance of recon, particularly retrieving and analyzing certificates from censys.io.
2. Non technical video of the week
This is a short video that offers great advice for anyone in the infosec / cybersecurity field working on their resume. It reviews the most common errors people make.
It might be helpful if you’re looking for a job!
3. Tip / Tweet of the week
Tip to access a 403 forbidden page: instead of going straight to the file for example :index.html Add a / behind the index.html: index.html/. Worked multiple times for me
By Van Ingh Quinten
Nice trick to bypass 403 Forbidden page errors. Already added to my testing checklist!
4. Tutorial of the week
This is a great introduction to blind XSS. It sums up everything you need to know to start looking for this type of vulnerability.
5. Must watch conference
Does it need any introduction? I’m sure you did not need me to inform you of this conference, but I couldn’t not mention here. I’ve been waiting for it for months and it did not disappoint.
High quality talks, a lot of tips, pentest and bug bounty techniques mentioned, the latest “Bug bounty hunter methodology” by Jason Haddix, etc. A must watch!
Other amazing things we stumbled upon this week
Videos
- Absolute AppSec Ep. #18 - Chris Gates / @carnal0wnage by Absolute Appsec
- Web Hacking Pro Tips #15: Amit Elazari by Peter Yaworski
Tutorials
- Penetration Testing Methodology Series by Daniel Holdsworth:
- New Hacker 101 content: Threat modeling, Burp basics, and more by Hackerone
- Bypass any WAF for XSS easily
- Linux Privilege Escalation using Sudo Rights
- Linux Privilege Escalation Using PATH Variable
- Linux Privilege Escalation using Misconfigured NFS
Writeups
- SSRF in Exchange leads to ROOT access in all instances
- #BugBounty — “How I was able to hack any user account via password reset?”
- AWS Security Flaw which can grant admin access!
- How I found 5 store XSS on a private program. Each worth “1,016.66$”
- How we broke PHP, hacked Pornhub and earned $20,000
- CORS Enabled XSS
- RCE by uploading a web.config
- How I was able to see any private album passwrod in Picturepush — IDOR
- Simple IDOR to reject a to-be users invitation via their notification
- Persistent XSS to Steal Passwords – Paypal
- HTML injection to SSRF By Mustafa Khan
- reCAPTCHA bypass via HTTP Parameter Pollution (on Google)
- Private program email forwarding response invitation not expire after first use.
- Account Takeover and Blind XSS! Go Pro, get Bugs!
Tools
- SleuthQL: A SQL Injection Discovery Tool
- FireShodanMap, a realtime map that integrates Firebase, Google Maps and Shodan
Training material
Tweets
- Take a list of subdomains, resolve them to an IP, remove duplicates and scan each with masscan.
- Comics by Julia Evans:
- Huge list of Dutch websites offering rewards for responsible disclosure by Alex Birsan
- Sometimes I wonder what non-tech people would think if they saw my search history. by Daryl Ginn
- List of payloads to exploit Markdown syntax by @cujanovic by @XssPayloads
- Payloads for all SSRF, XSS, Open redirection And more. by @Alra3ees
- #Protip: Do you want to see what exploits or auxiliaries are there for specific port in #metasploit? Open a terminal and just run:… by @omespino
- Give JSON Web Token Attacker a try - it does JWS as well as JWT by Burp_Suite
Non technical
- Writing a good and detailed vulnerability report
- The Importance of Deep Work & The 30-Hour Method for Learning a New Skill
- Gaining Technical Experience with Deliberate Practice
- The only OSCP advice you will need!!!
Pentest & bug bounty resources
- The Bug Bounty Hunter Telegram Channel*
- List of bug bounty programs
- Pentesters & Bounty hunters inspirational guide
* Not tested yet because my phone is broken!
See you next time!
If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.
And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…
Comments