The 5 Hacking NewsLetter 52

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 26 of April to 03 of May.

T5HN40.png

Our favorite 5 hacking items

1. Video of the week

5 super important main-app testing tips for bug bounty hunters with STOK&Haddix

Any video by @stokfredrik & @jhaddix is a must watch! This one has 5 crucials things you want to do as a bug hunter:

  • Don’t limit yourself to the external attack surface. Log in as different users & try to find where the sensitive functionality is => access controls bugs & IDOR
  • Find out how the site references you as a user (& what you’re allowed to do) => IDOR, File upload, RCE
  • Test all parameters => SSRF, LFI, RFI, Path traversal
  • Content discovery => hidden paths, private data leakage => Authentication bypass, logic flaws
  • Find out which business flaws the target cares about (other than technical bugs)

But this is not all. Watch the video. It’s short but full-packed with information!

2. Conference of the week

Nullcon Goa 2019, especially:

I really recommend watching the talk “How To Use Bug Bounty To Start A Career In Silicon Valley”. It has awesome advice on leveraging bug bounty hunting to build a solid resume and find a job in Silicon Valley (or anywhere else). This includes which bugs and programs to focus on, which pitfalls to avoid, etc.

“Best Of Google VRP 2018” is also a good resource for bug hunters who want to succeed with Google VRP. Some of the advice applies to other programs too (like specializing in a product/attack vector).

3. Article of the week

Meet the Hacker: Inti De Ceukelaire - “While everyone is looking for XSS I am just reading the docs.”

This is an excellent interview of @securinti. What I like about it most is that the interviewer, @_zulln, is also a hacker. So unlike most interviews of this sort, the questions and answers are very technical and mindblowing for anyone starting out as a bug hunter.

I highly recommend this read if you want to find out what sets apart successful bug hunters from beginners.

Here are some interesting excerpts:

Many hackers look for bugs, I look for attack scenarios and then for the bugs. And it works for me as I get fewer duplicates. The downside is that I spend time researching ideas that sometimes yield nothing.

Scanners do not detect logical bugs, because to detect them you need context, you need to understand the application and the business logic. While everyone is looking for XSS I am just reading the docs.

4. Resource of the week

Android App Reverse Engineering 101

If you’re interested in Android app hacking, checkout this workshop. It’s about reverse engineering Android apps and includes both theory and exercises. Just awesome!

5. Non technical item of the week

Mental Health and Security

So many hackers suffer from at least of the mental struggles mentioned in this article: imposter syndrome, burnout, anxiety and depression.

I hear/read more and more testimonies on this especially on Twitter, and I have similar experience myself. Hacking involves so much learning/change/stress…

So it’s nice to know that I am/we are not alone in this. And it is helpful to read a fellow hacker’s perspective on these issues, and how he deals with them.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • Argument Injection Hammer & Introduction: Burp extension for detecting argument injection and manipulation vulnerabilities
  • Docker_burp & Introduction: Burp as a Docker Container
  • Dirmap & Introduction: “An advanced web directory scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.”
  • HostHunter: A recon tool for discovering hostnames using OSINT techniques
  • DumpTheGit: Searches through public repositories to find sensitive information uploaded to the Github repositories
  • pentest.sh: Installs pentesting tools, then symlinks them to be ran seamlessly
  • WhatBreach: OSINT tool to find breached emails and databases
  • PwnedOrNot: OSINT Tool to Find Passwords for Compromised Email Addresses
  • Coerchck: PowerShell Script For Listing Local Admins
  • EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows
  • SSL Kill Switch 2: Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty / Pentest news

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 04/26/2019 to 05/03/2019


Curated by Pentester Land & Sponsored by Intigriti

Have a nice week folks!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments