Hey hackers! These are our favorite resources related to pentesting and bug hunting that we came across the last few days.
This issue covers the week from 24 to 31 of August.
Our favorite 5 hacking items
1. Guide of the week
The Complete Guide to CORS (In)Security by Bedefended
This is a comprehensive guide to CORS for security professionals. It’s the best document that I’ve seen on this subject, covering everything from an introduction to the basics of SOP (Same-Origin Policy) and CORS, to attacks and mitigations, with references to the existing research on this topic.
2. Video of the week
Wow, I could not get my eyes of Christina during this interview. I’m usually not into “My path to infosec”-type interviews but this one is fascinating: She shares stories of physical pentests, insights into social engineering, why security is so important for a video game company… all with glimmering eyes that are a testament to her passion!
3. Writeup of the week
This is a simple bug but very creative!
My main takeway is to always carefully read the source code if you have access to it.
In the latest release of Rocket.Chat, an install.sh script contained a curl request to retrieve a file from an unclaimed S3 bucket. So by creating a bucket with the same name, Ed could make users download any files from his bucket.
4. Tool of the week
getsploit by @VulnersCom
This is a simple but useful command-line tool to search for vulnerabilities listed in vulners.com, the same way searchsploit searches for vulnerabilities in exploit-db.com.
5. Non technical item of the week
AWS Slurp Github Takeover by @SweetRollBandit
This is a good reminder to always read the source code of github repositories before executing any script file in them.
That said, if anyone has a copy of the real Slurp repo, would you please send it to me? I couldn’t find it anywhere!
Other amazing things we stumbled upon this week
Medium to advanced
- Subdomain Takeover: Going beyond CNAME
- OpenSSH User Enumeration Vulnerability: a Close Look
- The Secrets in URL Shortening Services
- Out of Band Exploitation (OOB) CheatSheet
- Detailed Explanation of PHP Type Juggling Vulnerabilities
- DNS Rebinding Headless Browsers
- Data retrieval via blind command injection
- Finding and exploiting Blind XSS
- 5 Things You Didn’t Know You Could do with Nmap
Misc. pentest & bug bounty resources
- So You Want To Be a Pentester?
- Pen tester’s Diary : Episode 1
- Week in OSINT #2018–34
- How Cloudflare protects customers from cache poisoning
- RedTeaming from Zero to One – Part 1 & Part 2
- A Chromium-based Command-line Alternative to Curl
- Hacker Q&A with Matthew Bryant: Good Artists Copy, Great Artists Steal
- 118 Fascinating Facts from HackerOne’s Hacker-Powered Security Report 2018
Tweeted this week
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 08/17/2018 to 08/24/2018
Have a nice week folks!
If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.
And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…