A personal mini blog about infosec and life
Recently, I took the chance to better get to know the city I live in and went for a long walk (also for exercise). I got familiar with other parts of the city I hadn't known. I realized there was a large area with many stores but almost no people or cars. It felt like an abandoned city, especially because it was maintained and clean. It was very strange to experience that, it was almost like a dream. Also, in another area there was a disproportionately huge residential building (its proportions could hardly be grasped from this image). It actually reminded me of the buildings and atmosphere from Little Nightmares II.
Monthly Thoughts and Experiences
(📗) I finished reading the book "Real-World Bug Hunting: A Field Guide to Web Hacking". It was published in 2019. The book is structured so that in the beginning there is a brief explanation of web concepts and the HTTP protocol. Later it goes through different vulnerability types. There's an explanation for each type, and then the author shows different bug reports and explains each of them from the easiest to the most difficult while providing takeaways for each one (I really liked the takeaways).
It also provides some tips related to bug bounty in general.
I was already familiar with a great part of the book but I learned some good tips and new techniques I wasn't familiar with. It was also nice to refresh my knowledge. Throughout the book I took notes (created some kind of checklist) of interesting techniques I want to check in the future.
The book was written very clear and was structured in a thoughtful and smart way. I would suggest it to beginners and also to intermediate-advanced level bug hunters, researchers and penetration testers who want to refresh their knowledge and maybe learn some new things. I'd give it ⭐⭐⭐⭐⭐ (out of five).
(🐛) I still haven't heard from the vendor who has a high/critical vulnerability in their software. I also haven't yet received a CVE number or reply from MITRE and I'm not sure if there is a technical issue that causes that. I'll try getting help from CERT, and hopefully it will bear fruit.
I found a company that has a bug bounty program that is vulnerable to this, so meanwhile I reported this issue to them.
I was also added to the Israeli VDP reporters table for reporting an LFD vulnerability I previously mentioned.
(🔎🐛) Although I tried in the past, I have started investing time in doing bug bounty. Currently, I aim to invest about 7-8 hours per week (although it doesn't feel enough, especially when there are open leads and everyone can report potential bugs instead of you). I already found some things that look like potential bugs.
I also joined the 'Critical Thinking' Discord server (actually, I joined it long ago but just started to be more active). It's the Discord server of the 'Critical Thinking' podcast. There are interesting discussions about web app vulnerabilities and bug hunting.
(🦫) I learned a bit about Go when trying to solve a CTF challenge. I focused on learning while solving this challenge, so I invested time in understanding different things I encountered in the web application source code and in things related to the Go templating engine. I also noticed again that by writing a writeup, because I have to explain my solution, some questions arise that I don't have answers to right away so I have to learn and understand more, which makes me study it more deeply.
(🏟) I went to the INTENT conference, mainly for participating in the CTF (although I could probably do that remotely). There were two web challenges. I tried one that was written in Ruby. I haven't solved it, but the challenge was about accessing an administrative page only accessible using a session that includes the admin's email address. I believed that the vulnerability was the discrepancy between the login process and the registration process which used the Mail gem. I wanted to find a way that I could register with one email address and when I log in, it would be parsed as another email address. Since it was the last minutes of the CTF, I didn't find a way to do that. However, a few days ago I read this article https://portswigger.net/research/splitting-the-email-atom and I knew it had something to do with it, but when I read this part, I was even more confident about it.
Maybe I'll later run the challenge in Docker and write a writeup about it. Either way it was worth it since I made some new friends after going to the conference.
(🐋) I wanted to take the DCA exam but because of an issue on the website of the company that manages the exams, the voucher I purchased was canceled. I tried to contact Examity and Mirantis but it seems that both companies don't want to help with this issue. I'll try contacting Mirantis a few more times, and hopefully I'll receive an answer.
(🎄) The annual THM Advent of Cyber 2024 has started and I'll give it a shot, it has nice prizes.
Commentaires