My methodology during Firstblood
My methodology during Firstblood Hello everyone From the 9th to the 16th of May the first live event of BugBountyHunter took place, namely Firstblood. Of course I participated. For this first event I was in collaboration with my bugbounty mate Serizao, but I greatly thank’s all hunters I exchanged with during the event. I strongly believe that collaboration is the key, and the proof is that this is a team that finished on the podium.
My bounty infrastructure
My bounty infrastructure with Docker [31/12/2020] : Updated the post for Rengine to v0.5 and a clearer / cleaner configuration of Traefik as well as the removal of Portainer. After some problems with Rengine for certificate management and a new service that I want to use, I switched to a full docker infrastructure on my server, apart from the use of a few containers it’s my first experience with Docker but after some difficulties I find it rather practical and modular.
Basic recon to RCE
Recently on a BugBounty program I came across my first RCE, discovered and exploited rather quickly on a solution with a vulnerability that I don’t master at all : Java Deserialization Recon Currently improving my recognition tool AutoRecon, originally intended to help me with subdomain enumeration, I also want to perform some recognition tasks that are quite annoying when you have to do it many times. The scope in question is like *.
SSRF Through PDF Generation
This week on a BugBounty program which I left aside I found my first SSRF, here is my writeup. Recon The scope is restricted to the website and its API, rather basic it allows to register as a simple user and has only a few features. The program has been open for several months already, I approached the site thinking I probably won’t find much. However from the first hours I already had several P2 (IDOR).
My first OOB XXE exploitation
Recently on a BugBounty program I came across my first XXE, blind what’s more, as I found this case interesting I wanted to share it here. Recon The recognition phase is quite basic, the scope is composed of a single URL with 2 distinct backends (administrators and users). For each of these backends the users' view is limited according to the rights they have. https://domain.tld/admin => URL for admin backend https://domain.
Binary search in Golang on large files
Description For a recent need I wish to make a return on the implementation of the binary search in Go on a large file Definition : Binary Search is a search algorithm for finding the position of an element in a sorted array. The principle is as follows: compare the element with the value of the cell in the middle of the table; if the values are equal, the task is completed, otherwise we start again in the relevant half of the table.