Hacking, AppSec, and Bug Bounty newsletter
2018-08-10 | Practical web cache poisoning, FakesApp vulnerability by Checkpoint, and Trolling McAfee at DEF CON
Friday, August 10
Practical web cache poisoning blog by Burp Suite’s James Kettle was published after his Black Hat talk on “how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage”. Burp Suite 1.7.37 has some new features based on James’ research. BONUS: see James’ web cache poisoning CTF challenge
Subdomain takeover on [redacted].starbucks.com [44 upvotes] - $2,000 bounty for this report to Starbucks by @oxpatrick.
OTHER ARTICLES WE’RE READING
Check point’s “FakesApp” vulnerability write up of three possible methods of attack – all of which involve social engineering tactics to fool end-users found in WhatsApp. See their Burp Extension - WhatsApp Protocol Decryption
Wired covers a MITM attack for Macs that use Apple's Device Enrollment Program and its Mobile Device Management platform. Research by Fleetsmith’s Jesse Endahl, and Dropbox’s Max Bélanger.
Older version of Miura device firmware for mobile credit card readers is vulnerable according to research presented at Black Hat by researchers Leigh-Anne Galloway and Tim Yunosov.
New attack vector can put malware directly on certain Pacemaker models
Colorize your hunt: Gwendal’s handy configuration when you need to test a platform where users can have several permission levels, test IDOR, test vertical/horizontal escalation.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Someday I will get to meet @SwiftOnSecurity in person and then my life’s purpose will be fulfilled
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.