Hey hackers! Before diving into the meat of this newsletter, I first want to thank all of you who send us emails regularly and who answered our questions on which topics you would like addressed in a podcast.
I haven’t yet had the opportunity to answer all of you. But your input, queries and suggestions are well received and will be taken into account. Keep’em coming!
Life gets in the way with plenty of obstacles and projects. So change is slow but steady. I’m sure you can relate to this…
That said, here are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 11 to 18 of January.
Big thanks to Intigriti for sponsoring this newsletter!
Our favorite 5 hacking items
bugbounty.link
This is a URL shortening service. What’s great about it is that it supports any protocol (file, gopher, etc). So it can be useful to test for SSRF or open redirects, and bypassing filters on certain URI schemes.
More …
Hey hackers! I’m very happy to announce a new partnership with @intigriti. They’re sponsoring this newsletter.
For you, nothing changes. The content remains the same, except for more information from time to time on what Intigriti is up to (and they have many exciting plans for this year!).
Without further ado, here are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 04 to 11 of January.
Our favorite 5 hacking items
1. Article of the week
Avoid rookie mistakes and progress positively in bug bounty
This is simple but to the point advice. Sometimes, as bug hunters, we may let ourselves be transported by exciting tests and forget the obvious: more emphasis should be put on the report, on trying to escalate/chain bugs, avoiding known invalid bugs, having a business mindset when writing impacts, etc.
These are some of the things mentioned in this article. Read it and keep them in mind when you’re hunting for bugs, they could help you perform better and have a smoother experience.
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 28 of December to 04 of January.
Our favorite 5 hacking items
Interlace
This tool is a must for both pentesters and bug hunters! We often need to run commands (like Nmap, Amass, Nikto…) on a list of targets. Interlace allows speeding up this process.
Give it the command you want to run, the target file/domain/network and a number of threads like this:
# time interlace -tL test.txt -p 443 -threads 5 -c "nikto -host https://_target_"
==============================================
Interlace v1.0 by Michael Skelton (@codingo_)
==============================================
[17:35:54] [THREAD] [nikto -host https://kinepolis.com] Added to Queue
[17:35:54] [THREAD] [nikto -host https://facebook.com] Added to Queue
[17:35:54] [THREAD] [nikto -host https://nexuzhealth.be] Added to Queue
- Nikto v2.1.6
- Nikto v2.1.6
...
It starts one thread per target and runs the command you gave it on the different targets simultaneously. In other words, it easily turn single threaded command line applications into a fast, multi-threaded application.
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 21 to 28 of December.
Also, I wish you and your family a very happy new year, full of bugs, bounties, fun, health & happiness!
Our favorite 5 hacking items
1. Tip of the week
I love the technical tricks for bug hunters that @intigriti shares on Twitter. I regularly add them to the tweets collection at the end of this newsletter.
But this trick in particular blew my mind! Here’s why: Have you ever tested a login or contact form, entered a valid email address, intercepted the request with Burp, then replaced the email with XSS/SQLi/SSTI/RCE detection payloads? This is a way to bypass client-side validation of the email field. So what do you do if you get an “invalid email” response from the server?
To me, its was the end of testing for input validation on that field because the check is done server-side.
But according to @securinti, you can smuggle any payload and trick the server into believing that it’s a valid email by putting the payload between round brackets: [email protected](${}<>'/"*-)domain.com or yourname(${}<>'/"*-)@domain.com.
Amazing, right? I can’t wait to re-test all forms in my bug bounty notes.
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 14 to 21 of December.
Our favorite 5 hacking items
1. Conference of the week
KringleCon 2018
Kringle con, Kringle con, Kringle all the way… Oh what fun it is to watch hacking conference talks!
Hum, sorry for the little “Jingle bells” song hijacking, I couldn’t help it!
More seriously, this is a great set of talks for penetration testers. They’re rather short (approximately between 6 and 25 minutes), but are all interesting and cover many different topics: Kubernetes security, web app security (relevant for bug hunters), malwares, forensics, social engineering, and even community building (non technical talk).
If you haven’t already watched them, it could be fun to do a KringleCon marathon. Bring the popcorn!
More …
