Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 19 to 26 of October.
Our favorite 5 hacking items
1. Conference of the week
Wow, this talk is a gem (the slides also)! I wish I’d seen it as a teenager. It puts a light on so many truths related to infosec, job search, corporate environments, studies, the mold society tries to put you in, etc.
Watch it, even if you’re not a student or that young. If applied, this is life-changing advice.
2. Writeup of the week
This writeup is a good example of cookie-based XSS exploitation. Once you’ve found a vulnerable URL, transform it by adding the cookie’s name & value to the URL as GET parameters: https://example.com
Making victims click on a GET URL is easier than injecting HTTP headers / cookies. So this is a better PoC for pentest & bug bounty reports.
3. Challenge of the week
flAWS challenge by @0xdabbad00
Challenges to train for finding bugs on AWS are harder to come by than other vulnerabilities like XSS, SQL injection, etc.
This is a good one. It’ll allow you to learn more about AWS flaws, with tips if you’re stuck. And the great part is that you won’t need to install anything, or bother with configuring a AWS instance, it is all already online and waiting for you!
4. Non technical item of the week
The Cybersecurity Hiring Gap is Due to The Lack of Entry-level Positions by @DanielMiessler
Everybody has been complaining about the cybersecurity hiring crisis for years. I’ve heard about it since I started in 2012!
Juniors can’t find a job because companies only hire experienced candidates. And companies have trouble finding the experienced candidates they need.
This piece by Daniel Miessler is enlightening. He explains the mistakes made by both parties that cause this crisis, and what they could do better.
This could help you if you’re either hiring or looking for a job.
5. Tutorial of the week
Local Linux privilege escalation overview by @L0vvebug
This is a comprehensive tutorial on Linux privilege escalation. It presents multiple techniques to gather information on a system post-exploitation, and to escalate your privileges to root.
This is a good reference: A lot of techniques and commands condensed on the same page, but still understanble and detailed. It should be useful for penetration tests and passing the OSCP.
Other amazing things we stumbled upon this week
- Hack.lu 2018, especially:
- Def Con 26, especially:
- Exploiting Unknown Browsers and Objects & Slides
- Authentication Done Right
- Hide Android Applications in Images & Android workshop material
- Browsers - For better or worse …
- Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “features”
Medium to advanced
- Quick guide to recovering configs from Cisco switches and routers
- Common Security Mistakes when Developing Swift Applications – Part I
- Using Burp to Test Session Token Generation
- SOAP vs REST Webservice
- Webservices Testing Methodologies
- Linux Privilege Escalation via Automated Script
- Meterpreter File System Commands Cheatsheet
- Metasploit Basics, Part 16: Metasploit SCADA Hacking
- Comprehensive Guide on SearchSploit
- Bypassing & Exploiting CAPTCHA
- Passive Reconnaissance Using OSINT
- Three Non Web-based XSS Injections
- A behavior that leads to XSS — Spring
- WizCase Report: Vulnerabilities found on WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS
- W32.Coozie: Discovering Oracle CVE-2018-3253
If you don’t have time
- TLS-Scanner: A tool to assist pentesters in the evaluation of TLS Server configurations
- SharpSploit & tutorial: SharpSploit is a .NET post-exploitation library written in C#
- off-by-slash: Burp extension to detect alias traversal via NGINX misconfiguration at scale
More tools, if you have time
- WebMap: Nmap Web Dashboard and Reporting
- IVRE: Open source framework for network recon
- Bscan: An asynchronous target enumeration tool
- JQShell: A weaponized version of CVE-2018-9206
- YaCy & Tutorial: A free search engine to use for OSINT or reconnaissance
Misc. pentest & bug bounty resources
- Spooky challenge: Halloween themed XSS challenge by @BitK_
- HITCON CTF 2018 - One Line PHP Challenge by Orange Tsai
- SANS | KringleCon 2018: “The challenge will launch in Dec. But, you can begin to explore some of the world of KringleCon now.”
- Cloudflare WAF Bypass Vulnerability Discovered
- Out of Pocket: How an ISP Exposed Administrative System Credentials
Tweeted this week
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/19/2018 to 10/26/2018
Have a nice week folks!
If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.
And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…