Read more, bro.

Nav. Sec. Issue #03

Author

Tadi
February 09, 2024

Yoo. Welcome to Issue #03 of Navigating Security.

šŸƒQuote of the week:

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards ā€“ and even then I have my doubts

Gene Spafford

TLDWTR šŸ™„

  • CloudBreachā€™s Breaching AWS course review

  • Iā€™m going to read 5000+ pentest/bug bounty writeups. Why?

  • Burp Suite has been continuously disappointing!

  • Apparently, null termination can lead to account takeovers

ā±ļø Incase you missed the previous issue, here you go:

Burp Suite Pro Failed Me :(

Nav. Sec. Issue #02

www.navigatingsecurity.net/p/burp-suite-pro-failed-me

This Weekā€™s YouTube Video:

How to get into cloud security - Breaching AWS

Breaching AWS by CloudBreachā˜ļø

Finished the course and did the exam a while ago. Short and sweet is how Iā€™d describe it. I learned a lot and donā€™t have much else to say about the course outside of what I have already mentioned in the video. Make sure to use the discount code tadi15 to save 15% if you decide to pull the plug.

Reading 5000+ reportsšŸ“–

Iā€™ve been going through some of the reports/writeups posted by Mariem Elgharbi over at pentester.land and I have impulsively decided to make it my lifeā€™s goal to read all the previous reports. I think there are over 5000 entries which is ridiculous so letā€™s keep reading I guess.

I guess the real question is how much can you learn from other peopleā€™s experiences. Is this the most effective method of building your methodology - reading reports that you appreciate and bookmarking your favorite ones and their techniques? I think you could learn a lot more this way than from taking a course, but hey, thatā€™s just me. Who am I to tell you what to do?

Hereā€™s my favorite one from this week, an absolutely glorious web cache deception bug in ChatGPT šŸ˜: https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html

More Burp Suite Disappointment šŸ™„

My relationship with Burp Suite is becoming a love-hate one. Imagine paying the price for the pro version and it bugs out on a client engagement. Here I was testing rate limiting protection as one of the last items on my checklist and I picked a wordlist with 10,000 lines in it. Intruder usually has the option to pause an attack while itā€™s going, but the button only appears after youā€™ve started the attack. Does Burp Suite not decide it just doesnā€™t want me to be able to pause the attack and completely bug out - removing the pause option šŸ˜­ I had to try to explain why I sent 8000 more requests after the application had crashed at about 2000 requests - not the easiest conversation to have with a dev team.

Testing Email functionalityšŸ“©

There seem to be a lot of ways to test email functionality for some sort of account takeover. Account takeovers are always high-paying bounties and high findings in pentests - unless thereā€™s too much user interaction, then, for the most part, itā€™s useless. I liked this report, but wtf did this guy get the account???

Null termination to account takeover: https://hackerone.com/reports/2101076

Suggestions

Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.