DNS Tools Comparison
The Story [EDIT 26/04/22] - I added a note on my personal conclusion about Amass with a note from a conversation with Caffix about why Amass is slower than the others Hi everyone, I recently came across this tweet which immediately intrigued me because I also observed that I was losing valid domains with PureDNS. I had done some tests (not very thorough) 8 months ago on different tools and I had concluded at that time that PureDNS was the best solution.
Basic recon to RCE II
I originally wanted to name this article “The RCE that everyone missed”, but since it was too “clickbait”, this is the title you see now. Why “The RCE that everyone missed”? That’s what we’ll see here. This article won’t be very long and since there are no technical details, I’d rather focus on why I stumbled upon this RCE. The story It’s been many months now that I’m not very active in bugbounty, I haven’t given up but in fact I devote my free time to the development of my own recon framework.
Learning new things
Mass assignment and learning new things Hi everyone, For this second article on BugBountyHunter we’re going to talk about a vulnerability and how I did to learn more about it. Indeed, among the questions I am most often asked is “but how do you learn a new vulnerability, find resources, etc…” This is a difficult question to answer because there are many different learning methods and each one is suitable for a different type of person.
My methodology during Firstblood
My methodology during Firstblood Hello everyone From the 9th to the 16th of May the first live event of BugBountyHunter took place, namely Firstblood. Of course I participated. For this first event I was in collaboration with my bugbounty mate Serizao, but I greatly thank’s all hunters I exchanged with during the event. I strongly believe that collaboration is the key, and the proof is that this is a team that finished on the podium.
My bounty infrastructure
My bounty infrastructure with Docker [31/12/2020] : Updated the post for Rengine to v0.5 and a clearer / cleaner configuration of Traefik as well as the removal of Portainer. After some problems with Rengine for certificate management and a new service that I want to use, I switched to a full docker infrastructure on my server, apart from the use of a few containers it’s my first experience with Docker but after some difficulties I find it rather practical and modular.
Basic recon to RCE
Recently on a BugBounty program I came across my first RCE, discovered and exploited rather quickly on a solution with a vulnerability that I don’t master at all : Java Deserialization Recon Currently improving my recognition tool AutoRecon, originally intended to help me with subdomain enumeration, I also want to perform some recognition tasks that are quite annoying when you have to do it many times. The scope in question is like *.
SSRF Through PDF Generation
This week on a BugBounty program which I left aside I found my first SSRF, here is my writeup. Recon The scope is restricted to the website and its API, rather basic it allows to register as a simple user and has only a few features. The program has been open for several months already, I approached the site thinking I probably won’t find much. However from the first hours I already had several P2 (IDOR).
My first OOB XXE exploitation
Recently on a BugBounty program I came across my first XXE, blind what’s more, as I found this case interesting I wanted to share it here. Recon The recognition phase is quite basic, the scope is composed of a single URL with 2 distinct backends (administrators and users). For each of these backends the users' view is limited according to the rights they have. https://domain.tld/admin => URL for admin backend https://domain.
Binary search in Golang on large files
Description For a recent need I wish to make a return on the implementation of the binary search in Go on a large file Definition : Binary Search is a search algorithm for finding the position of an element in a sorted array. The principle is as follows: compare the element with the value of the cell in the middle of the table; if the values are equal, the task is completed, otherwise we start again in the relevant half of the table.