Bug Bytes #205 – Live Hacking, AI Hacking and Helicopter Hacking
By travisintigriti
June 28, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from June 19th to June 25th
Intigriti News
From my notebook
Lots of fun stuff in this weeks issue, with a bunch of specialist hacking resources, including stealing a helicopter??? But also Intel has applications open for it’s Live Hacking Event for sponsored and non-sponsored hacking, so if you want to give live hacking a shot this is a great opportunity. Also Twitter broke something this week so limited tweets but hopefully there’s enough other stuff to make up for it!
Episode 24: AI + Hacking with Daniel Miessler and Rez0 – Daniel and Rez are some of the biggest ambassadors for AI in red teaming/security/bug bounty, so it’s always interesting to hear them talk about their passion!
How to Hack WordPress – WordPress is everywhere, this is a good summary of what to do when you see a WordPress website!
OAuth vs SAML – These shorts from Bug Bounty Reports Explained are a great way to get nuggets of hacking info, without committing to a longer video
GTA V in real life? Stealing a helicopter as part of a physical security test – Freakyclown talks through his career and it’s kinda wild to be honest
Intel opens applications for fully-sponsored and self-sponsored invitations in this October LHE (closes on July 8th), more info – This LHE is open to all hackers, and there’s plenty of time to sort out things like visas so it should be really accessible for folks who’ve never done a LHE!
SN 928: The Massive MOVEit Maelstrom – Patch Tuesday, SpinRite 7.1, MOVEit
EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?
Beginner
Intermediate
Advanced
Security Research
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice – GoSecure
OPC UA Deep Dive Series (Part 4): Targeting Core OPC UA Components
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover
chonked pt.2: exploiting cve-2023-33476 for remote code execution
How we tried to book a train ticket and ended up with a databreach with 245,000 records
The Phantom Menace: Exposing hidden risks through ACLs in Active Directory (Part 1)
Exploring Kubernetes runtime security with Falco and Datadog
“Registry Run Keys: The Secret Sauce of Persistent Malware!”
Bugs
How did I hacked the Dutch government and made it into the Hall of Fame?
SQL Injection UNION Based Unknown Table X Multi-line Query Issue
Unveiling a Bug: Paying $1 and Receiving $100 (or Any Amount) in Return
How I Hacked 500+ Univeristies , Foundations, and 2 ‘million + users Acount By Gajendra Singh
Unleashing the Power of Recon: How I Earned $2500 in 5 Minutes | CVE-2017–5638 | OGNL injection
Simple CORS misconfig leads to disclose the sensitive token worth of $$$
How I chained Host header Injection to Password Reset Link Poisoning to XSS and Account Takeover.
Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media
How I Hacked my college cloud Servers and Find DOS + ATO + Google Authentication + Priv Esc ??
How I was able to Buy Tickets for 1 Rupee! — Payment Price Tampering
How I Unveiled a Critical Vulnerability: Exposing All Buyers’ Invoices PII with a Single Trick
CTF challenges
50+ Tools with Bash Script = Bounties $$$ Money: Unleash the Power of magicRecon
Discovering Login Panels and Detecting SQL Injection with Logsensor
DarkBERT: A Language Model for the Dark Side of the Internet
Scanner-and-Patcher – A Web Vulnerability Scanner And Patcher
EndExt – Go Tool For Extracting All The Possible Endpoints From The JS Files
csp-analyzer – Analyze Content-Security-Policy header of a given URL.
You may also like
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023