The 5 Hacking NewsLetter 91

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 24 to 31 of January.

T5HN91.png

Our favorite 5 hacking items

1. Tip of the week

Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. Because authorization checks often only happen on write, you can come back after the ID was created. Because the model references a model that isn’t yours, you may be able to bypass authorization, often leading to information disclosure.

Awesome IDOR technique by @jobertabma! The idea is to replace an ID with one that does not exist yet (e.g. ID+1). Wait for ID+1 to exist and see if you can access its information.

Now to revisit old programs to test for potentially missed IDORs/info disclosures…

2. Writeup of the week

Pwning A Pwned Citrix

This is an excellent writeup on Shitrix (CVE-2019-19781). It shows how to exploit the vulnerability “manually” when public exploits are not working. In this case, the NOTROBIN malware had infected the target and made changes to prevent other exploitation attempts.

Knowing how to bypass it can be helpful for penetration tests.

3. Podcast of the week

The Bug Bounty Podcast Episode #2 ft. 0xacb

Yay! My favorite bug bounty podcast is back, with @0xacb this time. No spoilers, let’s just say that it is worth listening to if you’re into bug bounty and want to know how to reach “cosmic brain level 10”.

4. Articles of the week

The first article is awesome work but will break a few hearts! It explains the impact of Samesite cookies beyond CSRF. Many other client-side bugs are affected including Clickjacking, XSSI, XSLeaks, Cross-Site WebSocket Hijacking…

The second article in an awesome interview with @EdOverflow. Among other things, he shares insight on finding logic flaws and discovering “goldmines” (untapped areas of research).

5. Tutorial of the week

Upgrading Your Recon with Discord

This is a great tutorial on leveraging Discord WebHooks for automated recon. This feature makes it easy to send notifications to Discord from Bash scripts. A subdomains monitoring example is also given. It has never been so easy!

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

More tools, if you have time

  • Wordlistgen: Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
  • Burp-teams: A Burp extension to enable teams of people to share repeater tabs and data
  • XSS tag_event analyzer & : Python script for detecting valid tags/events on XSS exploitation
  • GoLinkFinder: A fast and minimal JS endpoint extractor
  • Dom-red: Python script to check a list of domains against open redirect vulnerability
  • Chain Reactor & Introduction: Open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints
  • StickyReader & Introduction: Powershell script to read Sticky Notes from compromised Windows 10 hosts
  • Socialscan: Check email address and username availability on online platforms with 100% accuracy
  • Prettyloot: Convert the loot directory of ntlmrelayx into an enum4linux like output
  • Red_Team: Some scripts useful for red team activities
  • TikTokOSINT: Python script that dumps public data of any user
  • Content Security Policy Evaluator
  • MoveKit, StayKit & Introduction: Cobalt Strike lateral movement & persistence kits

Misc. pentest & bug bounty resources

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 01/24/2020 to 01/31/2020.


Curated by Pentester Land & Sponsored by Intigriti

Have a nice week folks!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments