The 5 Hacking NewsLetter 49

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 05 to 12 of April.

T5HN49.png

Our favorite 5 hacking items

1. Article of the week

Better Exfiltration via HTML Injection, tl;dr by @fransrosen & sic (Sequential Import Chaining tool)

This is great example of how far collaboration can go for bug hunters, how to do research and invent a new attack.

André Baptista and Cache-Money found an HTML injection with clickjacking as the worst-case scenario.

The bug wasn’t an XSS because the target used DomPurify. But since DomPurify allows style tags by default, @donutptr started looked for a way to exfiltrate sensitive data using just a style tag.

It’s similar to a CSS injection but the new attack has less prerequisites and works even though the target limits the payload’s size.

The whole writeup is excellent to learn about CSS injection, and the kind of creativity/perseverence that makes you go from HTML injection to a 5 digit bounty despite many technical obstacles.

More …

Recon resources

Hi, this is a list of resources on recon.

You might find not too long or not comprehensive, and some of the tools/techniques listed may be obsolete by the time you read this.

But the purpose of this list is just to inspire and help you improve your own recon workflow, as I explained in The Bug Hunter Podcast 5: Recon workflow & Out of the box thinking in day-to-day life.

Also, I didn’t have as much time as I’d like to work on this. Many interesting tweets are missing. So I prefer to share what I have for now and update this page every time I find anything new worth sharing.

recon-cheatsheet.png

More …

How to think out of the box with @s0md3v

how-to-think-out-of-the-box-with-eraymitrani.png

Hey hackers! This is another AMA on the topic of: How to think out of the box?

The previous ones were with @zseano, @EdOverflow and @ErayMitrani.

The podcast episode that started this whole series is The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box.
While preparing it, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:

  • How to find bugs that are not duplicates?
  • How to find new areas of research (like in @securinti’s last blog post or what James Kettle does)?
  • How to find logic bugs or bugs that don’t fall under any category, can’t be found with tools or require real thinking?

@s0md3v was one of these hackers, and he was kind enough to respond with this awesome advice:

More …

The 5 Hacking NewsLetter 48

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 29 of March to 05 of April.

T5HN48.png

Our favorite 5 hacking items

1. Resource of the week

Introducing the Web Security Academy

The Web Security Acedemy is a new online training on Web security. What’s great about it that it’s free, and it’s from PortSwigger the company behind Burp Suite and The Daily Swig. Also, Dafydd Stuttard who is part of the team that created it, is the author of The Web Application Hacker’s Handbook.

All this to say that it is high quality like everything that the company produces.

There are only 4 modules for now: SQL injection, XSS, OS command injection and Directory traversal. Each one includes theory, resources and practical labs, plus related stories from The Daily Swig at the end of the page.

More vulnerabilities and labs will be added in the next months.

More …

How to think out of the box with @ErayMitrani

how-to-think-out-of-the-box-with-eraymitrani.png

Hey hackers! This is the third AMA on the topic of: How to think out of the box?

The previous ones were with @zseano and @EdOverflow.

The podcast episode that started this whole series is The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box.
While preparing it, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:

  • How to find bugs that are not duplicates?
  • How to find new areas of research (like in @securinti’s last blog post or what James Kettle does)?
  • How to find logic bugs or bugs that don’t fall under any category, can’t be found with tools or require real thinking?

@ErayMitrani was one of the awesome hackers who responded. Here is his advice:

More …