A New Internet Library: Add Your Website/Blog or Suggest A Website/Blog to our Free Web Directory http://anil.myfunda.net.

Its very simple, free and SEO Friendly. Submit Now....

Monday, June 5, 2023

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

Related links


  1. Hack App
  2. Hacker Tools For Windows
  3. Hacker
  4. Hacking Tools Github
  5. Hacking Tools Free Download
  6. Hacking Tools For Kali Linux
  7. Pentest Tools Framework
  8. Easy Hack Tools
  9. How To Hack
  10. Pentest Tools Port Scanner
  11. Hacking Apps
  12. Hacker Hardware Tools
  13. Hacker Tools For Windows
  14. Hacking Tools For Beginners
  15. Pentest Tools Download
  16. Hacker Tools List
  17. Top Pentest Tools
  18. Pentest Tools Website
  19. Hacker Tools 2020
  20. Hacking Tools 2019
  21. Pentest Tools Apk
  22. Hacker Tools Github
  23. Best Hacking Tools 2020
  24. Top Pentest Tools
  25. Hacker Techniques Tools And Incident Handling
  26. Hack Apps
  27. Hack Tools For Windows
  28. Hack App
  29. Pentest Tools Windows
  30. Computer Hacker
  31. Hacker Tools Online
  32. Pentest Tools Review
  33. Pentest Tools Apk
  34. Hacker Tools Free Download
  35. Usb Pentest Tools
  36. Github Hacking Tools
  37. Tools 4 Hack
  38. Hack Tools For Games
  39. Pentest Tools Online
  40. Hacking App
  41. Hacking Tools And Software
  42. Hacker Tools Hardware
  43. Android Hack Tools Github
  44. Physical Pentest Tools
  45. Pentest Tools Nmap
  46. Hacks And Tools
  47. Hacker Tools 2020
  48. Hacking Tools Windows
  49. Physical Pentest Tools
  50. Hack Tool Apk
  51. Hacker Tools 2020
  52. Hacker Tools Hardware
  53. Top Pentest Tools
  54. Blackhat Hacker Tools
  55. Growth Hacker Tools
  56. Hacker Tools Software
  57. Pentest Tools Apk
  58. New Hack Tools
  59. Termux Hacking Tools 2019
  60. Pentest Tools Android
  61. Hack Tools For Windows
  62. New Hacker Tools
  63. Best Pentesting Tools 2018
  64. Pentest Tools
  65. Hackers Toolbox
  66. Bluetooth Hacking Tools Kali
  67. Pentest Tools Linux
  68. Hacks And Tools
  69. Hacker Tools Apk
  70. Hacker Tools Apk Download
  71. Ethical Hacker Tools
  72. Hack Tools Pc
  73. Wifi Hacker Tools For Windows
  74. Best Pentesting Tools 2018
  75. Hacking Tools 2020
  76. Hacking Tools For Beginners
  77. Hacker Tools List
  78. Growth Hacker Tools
  79. Usb Pentest Tools
  80. Growth Hacker Tools
  81. Hack Tools Pc
  82. How To Make Hacking Tools
  83. Pentest Automation Tools
  84. Hacker Tools For Mac
  85. Pentest Tools Tcp Port Scanner
  86. Hacker Tools
  87. Hack Tools For Windows
  88. Nsa Hack Tools Download
  89. Hacking Apps
  90. What Are Hacking Tools
  91. Hacking App
  92. Beginner Hacker Tools
  93. Hacker Tools Apk
  94. Pentest Tools Online
  95. Hacking Tools For Beginners
  96. Pentest Tools Review
  97. Hacking Tools For Windows Free Download
  98. Wifi Hacker Tools For Windows
  99. Hack Tools
  100. Hacking Tools For Windows Free Download
  101. Hack Tool Apk
  102. Nsa Hack Tools
  103. Hacking App
  104. Hacker
  105. Pentest Box Tools Download
  106. Hack Tools For Mac
  107. Pentest Recon Tools
  108. Hackrf Tools
  109. Hacking Tools
  110. Hack Tools For Pc
  111. Hacking Tools Name
  112. Hacker Tools Linux
  113. Ethical Hacker Tools
  114. Hack Tools
  115. Blackhat Hacker Tools

at 4:20 PM 0 comments

Shadow Attacks … The Smallest Attack Vector Ever

In July 2020, we introduced a novel attack class called Shadow Attacks. In our recent research, we discovered a new variant of the attack which relies only on an Incremental Update containing a malicious trailer.
A proof-of-concept exploit working on Foxit (Version: 11.0.1.49938) can be downloaded here.

The story so far ...

Shadow attacks are attacks bypassing the integrity protection of digitally signed PDF documents. The attacks abuse two legitimate features in PDF documents which we briefly explain.

Hiding Content

In PDFs, there are multiple techniques to hide content that is not displayed when the document is opened. We, as attackers, usually hide malicious objects without referencing them in the xref section.

Incremental Updates

New content can be appended to a signed PDF document. This is quite dangerous though. The digital signature in PDFs protects a specific range of bytes. Any appended content does not break the signature verification since it is outside this range. As a result, any new Incremental Update does not violate the cryptographic verification of the digital signature. 
But, Incremental Updates are quite dangerous since they may completely change the displayed content of the document. In 2019, we showed different techniques based on Incremental Updates – the Incremental Saving Attacks.
As a countermeasure, most vendors warn if additional content is added after signing the document. BUT … not always!!!
 
There are meaningful use cases where Incremental Updates in digitally signed documents are allowed. For instance, contracts should be signed by multiple parties and each new signature is applied via additional Incremental Update.
Also, PAdES defines Incremental Updates as part of the long-term validation of digitally signed PDFs.
In summary, Incremental Updates are painful from a security perspective. Currently, vendors are trying to estimate whether an Incremental Update is malicious or not by analyzing its content.

Shadow Attacks

Shadow attacks, in general, deceive the PDF applications that an Incremental Update is not malicious. This can be done by providing an Incremental Update with minimal content.
In 2020, we estimated that appending an xref section and a trailer is sufficient to bypass the detection mechanisms of popular applications such as Adobe Reader and Foxit Reader.

Trailer-based Shadow Attack

Three months ago, we tried to reduce the content of the malicious Incremental Update. Our idea was to use only a malicious trailer and still change the content of the entire document when it is opened. Let's see how this can be done. 


The Signer's view on the document

 If a signer gets the document depicted on the left side, he or she sees the content "Sign the document to get a reward".
The document contains a hidden content depicted as red text – the 4 0 obj containing the text "You are fired. Get out immediately" and an xref section pointing to that object. However, the trailer references another xref section, see (1) and (2). Thus, the red text is never shown.
From the signer's perspective, there is no possibility to detect the hidden content by opening and reviewing the document.
As a result, the signer, for example the company director, signs the document.

The Victim's view on the document

We assume that the attacker receives the signed document and manipulates it.
The attacker appends only a trailer that points to the hidden malicious xref section (the red one). When the victim opens the document, the content "You are fired. Get out immediately" is shown.
However, the digital signature validation does not throw any warning since … well … what could go wrong if only a trailer is appended.
 

Honest vs. Malicious Trailer

There are small differences between the honest and the malicious trailer– the byte position of the xref section. Now, the trailer points to the hidden xref section.
trailer
<<
/Size 23
/Prev 18735
/Root 13 0 R
]>>
Honest trailer
trailer
<<
/Size 23
/Prev 19192
/Root 13 0 R
]>>
Malicious trailer
 
 



Impact and Exploit

We successfully applied the new attack on Foxit Reader (Version: 11.0.1.49938). We promptly reported the vulnerability and provided a Proof-of-Concept (PoC) exploit, known as CVE-2021-40326.
Foxit acknowledged the attack and published a security fix with the new version Foxit Reader 11.1.
 
We are not aware of any further implementations vulnerable to this attack.
If you think that your application might be vulnerable to the attack, then just download the exploit and test on your own.
 

Authors of this post

Vladislav Mladenov

Simon Rohlmann

Christian Mainka

Related links

at 7:51 AM 0 comments
Subscribe to: Posts (Atom)

Dotnet-Interviews

Loading...