01.01.2020
Bug Bytes 51 – ArneSwinnen’s secrets, Hunting in the Dark & OSINT movie picks
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week. Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from 20 to 27 of December.
1. Video of the week
@Arneswinnen Talks About Full Time Bug Hunting, Burp Suite Plugins, and Recon
I haven’t had the time to watch this whole video, but it is in my top work priorities given who the interviewee is. Arneswinnen literally made it rain bounties at Intigriti’s 1337UP1119 live hacking event. The bugs he found were out of this world. So, it is awesome to get to know more about him, his thought process, how he manages bug bounty full-time while still having a life, etc.
2. Writeup of the week
– Microsoft Edge (Chromium) – EoP via XSS to Potential RCE
– Hunting in the Dark – Blind XXE
The first writeup might make you want to get into browser hacking. $40,000 for XSS on Microsoft Edge!
The Second writeup is about a blind XXE, how it was found and used for port scanning and identifying files existing on the target.
This serves as a great example of OOB attack, perfect for reading after this week’s tutorial
3. Article of the week
A Phonetic Approach to Calculate Linguistic Information in Text
This is really cool research by @s0md3v. He created an algorithm that detects valid linguistic data in a given text based on linguistics. In other words, it can differentiate between random and meaningful text.
From his benchmark, it is fast and more accurate that algorithms based on Shannon Entropy. But there is no need to understand the math to appreciate that the idea is very interesting for Web security testing. One useful application is finding API tokens scattered in strings, as shown in this demo.
4. Tutorial of the week
Out-of-band Attacks
This is an good introduction to out of band attacks. It includes examples of blind XSS, blind SQL injection, blind command injection, SSTI, and also how to exfiltrate data using DNS.
It’s worth reading if you want to learn about the OOB technique.
5. Non technical item of the week
OSINT Movie Time for the Holidays
This is the first time I see a list about OSINT movies. It’s a nice change from classic hacker movies.
I’ve also heard good things on “Don’t f**k with cats” and Bellingcat’s documentary. So, movies added to watchlist!