The 5 Hacking NewsLetter 36

Hey hackers! I’m very happy to announce a new partnership with @intigriti. They’re sponsoring this newsletter.

For you, nothing changes. The content remains the same, except for more information from time to time on what Intigriti is up to (and they have many exciting plans for this year!).

Without further ado, here are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 04 to 11 of January.

T5HN36.png

Our favorite 5 hacking items

1. Article of the week

Avoid rookie mistakes and progress positively in bug bounty

This is simple but to the point advice. Sometimes, as bug hunters, we may let ourselves be transported by exciting tests and forget the obvious: more emphasis should be put on the report, on trying to escalate/chain bugs, avoiding known invalid bugs, having a business mindset when writing impacts, etc.

These are some of the things mentioned in this article. Read it and keep them in mind when you’re hunting for bugs, they could help you perform better and have a smoother experience.

2. Writeup of the week

Stored XSS & SQL injection on YNAB ($1,500)

I hesitated between this writeup and the “XSS in steam react chat client” (see the Bug bounty writeups section below). The latter is an amazing account of how to find XSS on a React app and escalate it to RCE. But it’s advanced stuff.

If you’re at a beginner level, I recommend this writeup of a stored XSS & SQL injection. I love how it is written and includes the detailed methodology, what worked and what didn’t work, and lessons learned.

3. Slides of the week

Recon like a boss

This is a great guide on recon. It’s a lot of techniques on the following topics: subdomain enumeration, finding new endpoints from JS files, AWS hacking, Github recon & content discovery.

Attention, must read!

4. Tool of the week

Bypass-firewalls-by-DNS-history

One known technique for bypassing firewalls (like CloudFlare) is checking DNS history records. If you find the real IP address of your target, you’ll be able to attack it directly and completely circumvent firewalls.

Many databases record DNS history. This tool is a great way to query many of them programmatically including: SecurityTrails, CrimeFlare, certspotter, DNSDumpster & IPinfo.

Unless you already have an alternative DNS history checker script, I recommend adding this one to your arsenal.

5. Non technical item of the week

How to Build a Successful Career in Information Security

Daniel Miessler’s blog in one that I follow very closely because of the quality of his writing. He write about a variety of topics from analysis of situations in America, to technical tutorials, or artifical intelligence, book reviews, etc.

I’m not interested in everything but many of his posts are gems. This particular one might answer a lot of your questions if you’re starting out in information security. Even if you’re already in this field, it might give you ideas or motivation for new things to try.

Other amazing things we stumbled upon this week

Videos

Podcasts

Conference slides

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest & Responsible disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

More tools, if you have time

  • Osmedeus: Automatic Reconnaisance and Scanning in Penetration Testing
  • Stretcher: Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
  • SlackPirate: Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
  • KubiScan: A tool to scan Kubernetes cluster for risky permissions. Can be useful for configuration penetration tests if admin access is given.
  • Kubelet Anonymous RCE: Executes commands on a kubelet endpoint that allows anonymous authentication (default)
  • LeakLooker: Find open databases with Shodan & Description
  • Nse-parse: Shell script for parsing vulnerable results from Nmap NSE scan output
  • Hexyl: A command-line hex viewer
  • Multitor: Tool that lets you create multiple TOR instances with a load-balancing
  • Hediye: Hash Generator & Cracker Online Offline
  • ServiceFu & Introduction
  • WinPwn: Automation for internal Windows Penetration tests

Misc. pentest & bug bounty resources

Challenges

Articles

News

It’s now paying $2 million for remote iOS jailbreaks, $1 million for WhatsApp/iMessage/SMS/MMS remote code-execution (RCE) and a half-million for Google Chrome RCEs.

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 01/04/2019 to 01/11/2019.


Curated by Pentester Land & Sponsored by Intigriti

Have a nice week folks!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments