Read more, bro.
Yoo. Welcome to Issue #03 of Navigating Security.
🍃Quote of the week:
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts ~ Gene Spafford
TLDWTR 🙄
CloudBreach’s Breaching AWS course review
I’m going to read 5000+ pentest/bug bounty writeups. Why?
Burp Suite has been continuously disappointing!
Apparently, null termination can lead to account takeovers
⏱️ Incase you missed the previous issue, here you go:
This Week’s YouTube Video:
How to get into cloud security - Breaching AWS
Breaching AWS by CloudBreach☁️
Finished the course and did the exam a while ago. Short and sweet is how I’d describe it. I learned a lot and don’t have much else to say about the course outside of what I have already mentioned in the video. Make sure to use the discount code tadi15 to save 15% if you decide to pull the plug.
Reading 5000+ reports📖
I’ve been going through some of the reports/writeups posted by Mariem Elgharbi over at pentester.land and I have impulsively decided to make it my life’s goal to read all the previous reports. I think there are over 5000 entries which is ridiculous so let’s keep reading I guess.
I guess the real question is how much can you learn from other people’s experiences. Is this the most effective method of building your methodology - reading reports that you appreciate and bookmarking your favorite ones and their techniques? I think you could learn a lot more this way than from taking a course, but hey, that’s just me. Who am I to tell you what to do?
Here’s my favorite one from this week, an absolutely glorious web cache deception bug in ChatGPT 😍: https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html
More Burp Suite Disappointment 🙄
My relationship with Burp Suite is becoming a love-hate one. Imagine paying the price for the pro version and it bugs out on a client engagement. Here I was testing rate limiting protection as one of the last items on my checklist and I picked a wordlist with 10,000 lines in it. Intruder usually has the option to pause an attack while it’s going, but the button only appears after you’ve started the attack. Does Burp Suite not decide it just doesn’t want me to be able to pause the attack and completely bug out - removing the pause option 😭 I had to try to explain why I sent 8000 more requests after the application had crashed at about 2000 requests - not the easiest conversation to have with a dev team.
Testing Email functionality📩
There seem to be a lot of ways to test email functionality for some sort of account takeover. Account takeovers are always high-paying bounties and high findings in pentests - unless there’s too much user interaction, then, for the most part, it’s useless. I liked this report, but wtf did this guy get the account???
Null termination to account takeover: https://hackerone.com/reports/2101076
Suggestions
Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.