Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed
By travisintigriti
July 19, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 10th – July 16th
Intigriti News
From my notebook
Introducing jswzl: In-depth JavaScript analysis for web security testers
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Lessons Learned From HackerOne’s Live Hacking Event (h1-4420)!
Steganography for Audio: How to Hide Files in Music || Mr Robot
Portswigger Web Academy – Information Disclosure – Lab Walkthroughs
Quick ways to send traffic to your proxy to help troubleshoot (shorts)
This top bug bounty hunter only works with a single monitor (shorts)
Learning Bug Bounty with Disclosed Reports and Blogs! Where to go!
1M Bug Bounty From Saving $100M at risk in KyberSwap Elastic
HTB BizCTF 2023
NahamCon 2023
BSides Leeds 2023
Uncommon And Advanced Techniques For Account Takeover Attacks by Ayoub Safa
Five Days, One Red Team, A Beach Like No Other: The Bank Job by Alex Martin
Being Right Is Just The Beginning (A Talk Very Much Not About Politics) by Leigh Hal
The NSM Ouroboros: Embracing The Endless Cycle Of Network Security
SleuthCon
SLEUTHCON 2023 – Certified Bad: One malware, Two years of Certificates.
SLEUTHCON 2023 – Look at this Graph: Prioritizing Initial Access Threats
SLEUTHCON 2023 – Leakonomics: The Supply and Demand of Hacked Data
SLEUTHCON 2023 – My 0ktapus Teacher: New Actors, New Problems
SLEUTHCON 2023 – Unmasking Venom Spider: The Hunt for the Golden Chickens
SLEUTHCON 2023 – Hunting Prolific Access Broker PROPHET SPIDER
How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown
AAAAAAAAAAAAAAA! You Overflowed My Integer! with George Hughey and Rohit Mothe
NO. 389 — The Creativity Friction Coefficient, Lockbit v TSMC, and Detecting Smart Errors
Beginner
Intermediate
Advanced
Security Research
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker’s Lens
The Measure and Resilience of Weaponized Exploit Methods for Linux
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Demo: Brute-forcing a macOS user’s real name from a browser using mDNS
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs – CVE-2023-35803
Bugs
Unveiling Access Control Flaws: How a Viewer Became an Editor
How I Found a Bug under 3 mins , that could risk the reputation of an entire organisation !
Bug Bounty Hunter — When CORS is not Configured Correctly / JSONP Attack
Reverse shell to your Amazon AWS EC2 instance as ‘root’ or ‘Administrator’ by injecting user-data
CTF challenges
Introducing OSINT Template Engine: An open source OSINT Tool.
Mantra – A Tool Used To Hunt Down API Key Leaks In JS Files And Pages
IAMActionHunter: Query AWS IAM permission policies with ease
GitHub – ldpreload/BlackLotus: BlackLotus UEFI Windows Bootkit
detectify-cves – Find CVEs that don’t have a Detectify modules.
You may also like
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023