Friday, August 10
TOP STORY
Practical web cache poisoning blog by Burp Suite’s James Kettle was published after his Black Hat talk on “how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage”. Burp Suite 1.7.37 has some new features based on James’ research. BONUS: see James’ web cache poisoning CTF challenge
HACKTIVITY HIGHLIGHTS
Persistent Cross-Site Scripting in default Laravel installation by @x1m
Subdomain takeover on [redacted].starbucks.com [44 upvotes] - $2,000 bounty for this report to Starbucks by @oxpatrick.
OTHER ARTICLES WE’RE READING
Check point’s “FakesApp” vulnerability write up of three possible methods of attack – all of which involve social engineering tactics to fool end-users found in WhatsApp. See their Burp Extension - WhatsApp Protocol Decryption
Wired covers a MITM attack for Macs that use Apple's Device Enrollment Program and its Mobile Device Management platform. Research by Fleetsmith’s Jesse Endahl, and Dropbox’s Max Bélanger.
Older version of Miura device firmware for mobile credit card readers is vulnerable according to research presented at Black Hat by researchers Leigh-Anne Galloway and Tim Yunosov.
New attack vector can put malware directly on certain Pacemaker models
Trolling McAfee at DEFCON. @tahkion introduces McAfeeCon: a security conference by @officialmacafee where John gives every single talk, and Patrick Gray says “never go full McAfee”.
Colorize your hunt: Gwendal’s handy configuration when you need to test a platform where users can have several permission levels, test IDOR, test vertical/horizontal escalation.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Someday I will get to meet @SwiftOnSecurity in person and then my life’s purpose will be fulfilled
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.