Hey hackers! Here are our favorite resources for pentesters and bug hunters discovered last week.
This issue covers the week from 12 to 19 of October.
Our favorite 5 hacking items
1. Tutorial & Tool of the week
This is a great tutorial on how to embed a Metasploit payload into a legitimate Android app. It is accompanied by AndroidEmbedIT, a tool to automate the process, but you’ll find the most value in the tutorial.
Even if you’re not planning on tricking all your friends or deploying the next Android malware botnet, you could still learn a lot from it: decompiling APKs, integrating Metasploit payloads, adding permissions, recompiling and signing APKs…
2. Writeup of the week
I usually prefer technical writings that’ll help me improve my skills whether they are writeups, news or tutorials. This bug is not technical at all but it is the best!
$500 for a medium severity bug found on Hackerone. What is it? The local wifi password found just by watching photos of a Hackerone event!
Hahaha (Can’t stop laughing everytime I read it!)
3. Video of the week
How to Differentiate Yourself as a Bug Bounty Hunter by @avlidienbrunn (OWASP Stockholm)
This is a short but sweet talk on how to differentiate yourself, a question that every bug hunter asks himself several times a day.
Mathias gives very specific tips, a mathematic formula to calculate bounty effectiveness and a pretty funny goose picture. But I’m not gonna spoil it, just watch the talk!
4. Challenge of the week
This is a simulation of Facebook’s latest data breach. It is a great opportunity to understand and exploit a real-life bug with critical impact in a controlled environment. And if you’re stuck, steps and hints are provided too.
5. Resource of the week
Security Assessment Mindset by @dsopas
The Security Mindmap which has been around for some time has been updated. It’s a huge mindmap to use when doing pentest, bug bounty or red-team assessments.
Many types of tests are included: Web, network, physical, IoT and OSINT. But Wifi and mobile tests haven’t been added yet. So you can use the mindmap as it is or as a basis for a more complete personal testing checklist.
Other amazing things we stumbled upon this week
Videos, Conferences & Podcasts
Conferences & Webinars
- Android RE Workshop (Slides & Workshop material)
- FailTime Failing towards Success & slides by Sean Metcalf (BSides Charm) *
- A Hacker’s Guide to Kubernetes and the Cloud by Rory McCune (NCC Group PLC)
- Abusing Bash For Windows, slides & scripts by Antoine Cervoise (Hack.lu 2018)
- Basics of IoT Hacking for the Career Pen Tester & slides
Medium to advanced
- Simple Telegram Bot for Blind XSS Notification
- Brute-forcing Active Directory credentials via RD Gateway
- High Performance Web Brute-Forcing
- Building advanced XSS vectors
- How to Conduct DNS Reconnaissance for $.02 Using Rapid7 Open Data and AWS
- Route 53 as Pentest Infrastructure
- Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)
- Comprehensive Guide to Dirb Tool
- File Transfer Cheatsheet
Hey guys, check out file transfer cheat sheet. Please let me know if i have missed any of the techniques to transfer files and thanks to @ippsec for the info. #linux #pentest #redteam https://t.co/z1xoQtVrrj— fir3wa1k3r (@fir3wa1k3r) October 17, 2018
- How I “found” the database of the Donald Daters App
- How i hacked live chat of ubagroup and got nothing not even thanks
- How I found a vulnerability on MTN subdomain
- The FORBES Bug Bounty experience
- Guessing answers to security questions
- How I “found” the database of the Donald Daters App
- Having The Security Rug Pulled Out From Under You: Unrestricted file upload on jQuery File Upload Plugin
- StaCoAn: a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile apps
- HASSH: a profiling method for SSH clients and servers
- JTB Investigator: A tool to speed up the process of doing the same simple IP/Domain Name lookups over and over again
- SSRFMap: Automatic SSRF fuzzer and exploitation tool
- A2SV *
- cve-2018-10933: libssh authentication bypass
- Zen: Find emails of Github users
Hi @GitHubHelp ,— Somdev Sangwan (@s0md3v) October 17, 2018
Email address of a user gets public with every commit and can be viewed by adding ".patch" to the end of the commit URL.
It can be abused in tons of ways and is also a privacy concern in general.
My job is done here, I hope you will do the right thing about it pic.twitter.com/lgMI6dLaYN
Misc. pentest & bug bounty resources
- The Open Guide to Amazon Web Services: Not specifically for hacker but should help when testing AWS instances
- GTFOBins: Curated list of Unix binaries that can be exploited to bypass local security restrictions *
- Web Security Basics: a quick review of basic web security concepts (SSL/TLS, CORS, XSS, CSRF, Access &refresh tokens) *
- Google_dorks *
the votes are in!!! two things...— caseyjohnellis (@caseyjohnellis) October 13, 2018
1) watch sneakers if you haven't. if you were born after 1990, stop what you're doing and watch it now.
2) this thread is FULL of killer recommendations. @bugcrowd is going to compile a list and keep the convo going with #hackermovies hashtag. https://t.co/giLpMFzMNv
- Malicious Redirects from NewShareCounts.com Tweet Counter
- Google plans to encrypt Android cloud backups with your screen password
- Facebook’s latest hack summarized
- Chrome, Firefox, Edge and Safari plan to disable TLS 1.0 and 1.1 in 2020
- Trivial authentication bypass in libssh leaves servers wide open
Tweeted this week
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/12/2018 to 10/19/2018
* Oldies but goodies
Have a nice week folks!
If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.
And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…