5 Tips to Win Bug Bounty

A bug bounty program is a deal offered by many websites and software developers by which any ethical hacker can receive recognition and reward for reporting bugs, especially those pertaining to exploits and vulnerabilities. In this blog, we are going to talk about 5 rules to running a successful bug bounty. A bug bounty is a kind of reward which is given by the company when someone identifies an error or vulnerability in a software or computer program.

Some of the bug bounty platforms are given below:

Bugcrowd

https://www.bugcrowd.com/

Hackerone

https://www.hackerone.com/

Synack

https://www.synack.com/

Hackenproof

https://hackenproof.com/

BountyFactory

https://bountyfactory.io

1- Always read the Source Code: If you are trying to find out the bugs in software, the first thing you need to do is always read the source code. It helps you to find out the bugs, to find interactions, to review, to see the interface and you can learn more about the software. These are some kind of source code:

C++

Javascript

ES6

Coffee Script

Shell Script

2- Try to takeover Subdomains: Subdomain takeover is a process of registering a non-existing domain name to gain control over another domain. The most common scenario of this process follows: 

The domain name (e.g., sub.xyz.com) uses a CNAME record to another domain (e.g., sub.xyz.com CNAME anotherdomain.com). 

At some point in time, anotherdomain.com expires and is available for registration by anyone. 

Since the CNAME record is not deleted from the xyz.com DNS zone, anyone who registers anotherdomain.com has full control over sub.xyz.com until the DNS record is present.

3- Always check the Back-end CMS & backend language: Before finding bugs in software, you need to check the backend CMS and backend language. You have to understand the programming language of that application. Some of the common backend languages are PHP, Java, .net, Html, MySQL, and Ruby.

4- Google Dorks is very helpful: Google dork also known as Google Hacking. It’s a technique that uses Google search to find out security loopholes and vulnerabilities in the programming language of the software. Google dorks are very helpful while performing security tests. It keeps our time save and unknowingly exposes sensitive corporate information on the Internet. Google Dorking can return usernames and passwords, email lists, sensitive documents, and website vulnerabilities.

5- Check each request and response: When we are into the website, check each request and response and analyze that, and trying to understand their infrastructure such as how they’re handling sessions/authentication, what type of CSRF protection they have (if any). Sometimes, use negative testing through the error, this Error information is very helpful in finding internal paths of the website.

Keep your mind active and think out of the box.

Cyber Threat of Ransomware in 2020

It’s a form of malware that has a special purpose, it encrypts data files on the infected computer and instructs the user to send money to attackers in order to recover their information. It presents a serious threat to business data, as it has the ability to block access to files until the victim pays the attacker.

This can be a lucrative income stream for attackers:

“In 2017, the FBI Internet Crime Complaint Center (ICB) received 1,783 ransomware complaints that cost victims over $2.3 million”

Of course, these were only the attacks that were reported, the actual number of attacks and money made is much higher.

How Ransomware attack works?

We talked about Malware in our last blog “Cyber Threat of Malware in 2020” and here we will dive into Ransomware which has many of the same characteristics of most traditional forms of malware.

What is Ransomware?

It’s a form of malware that has a special purpose, it encrypts data files on the infected computer and instructs the user to send money to attackers in order to recover their information. It presents a serious threat to business data, as it has the ability to block access to files until the victim pays the attacker.

This can be a lucrative income stream for attackers:

“In 2017, the FBI Internet Crime Complaint Center (ICB) received 1,783 ransomware complaints that cost victims over $2.3 million”

Of course, these were only the attacks that were reported, the actual number of attacks and money made is much higher.

How Ransomware attack works?

Although, Ransomware can use any of the malware attack techniques mentioned earlier. One of the most common is the fake urgent email attachment designed to trick users into opening it.

Due to their success, Ransomware attacks have generated a lot of dramatic headlines like the one below:

“Georgia County pays a whopping $400,000 to get rid of a ransomware infection”

As long as systems remain vulnerable and users keep falling for social engineering attacks, ransomware will be the serious members of the cybersecurity threat landscape.

Cyber Threat of Malware in 2020

What is Malware?

Malware has been a serious security threat to both individuals and organizations since the late 1980s. It’s a catch-all term for any software that is designed to gain unauthorized access to computers or network equipment with the goals of causing damage, extracting information or making money for the attackers.

“China is the country with the most Malware in the world”

Malware can take on many forms like Viruses, Adware, Worms, Trojan, Rootkits, Spyware, Phishing, etc. While there are many types of malware, the infection methods are often similar.

How systems get infected with Malware?

There are two main ways that systems become infected with Malware:

1. System Vulnerabilities:

• These are flaws in hardware or software that allows the malware to work.

• Usually, patches exist to fix these vulnerabilities, but users and organizations don’t always apply them in a timely manner, leaving themselves exposed.

• Even old vulnerabilities are still targeted by malware attackers

“In 2019, researchers at Recorded Future found that attackers were still actively using a Microsoft vulnerability, first identified in 2012 to deploy malware”

2. Social Engineering:

• The second most common way that systems can get infected with malware is users falling prey to social engineering.

• This happens when attackers successfully convince a user to download infected software.

• Open an infected email attachment, or

• Connect an infected disk or drive

Having said that, systems are still vulnerable to the malware which are most likely introduced unknowingly.

5 Best Security Testing Tools of 2020

There are various tools used for security testing, but here we are going to talk about the 5 best vulnerability assessment and penetration testing tools that are commonly used while performing security tests. At Detox Technologies, we use these tools in security testing:

1- Burp Suite:

Burp Suite is the world’s most widely used web application security testing software. It comes in 2 versions – Burp Suite Professional for hands-on testers, and Burp Suite Enterprise Edition with scalable automation and CI integration. Burp Suite is an integrated platform for web application security testing.

2- AppScan:

Previously known as IBM AppScan is now known as the HCL Appscan standard is one of the best web application security testing tools. It is a dynamic analysis testing tool designed for security experts and penetration testing experts to use when performing security tests on web applications.

3- Nmap:

The Network Mapper is a free and open-source tool for network discovery and security auditing. Nmap is used to detect the live host on the network (host discovery), also detects the open ports on the host.

4- Nessus:

Nessus is a remote security scanning tool used during vulnerability assessment and penetration testing. This is a free and open-source tool for non-enterprises use. Nessus scans for vulnerabilities on Windows and Unix systems, these qualities make this tool all-rounder. This tool is best for security testing teams and penetration experts.

5- Metasploit:

Metasploit is a very popular hacking and penetration testing tool. It is a penetration testing framework which makes finding vulnerabilities very easy. Metasploit is often used to break into remote systems or test for a computer system vulnerability. Metasploit finds security issues, verify vulnerability mitigation & manages security assessments.

Apart from these tools, there are more tools to find security vulnerabilities. What do you think, which tool is commonly used in the above list? Also, please let us know if we have missed any particular tool, which should be mentioned in the above tools list.

Detox Technologies's photostream on Flickr

How to Stay Protected from Phishing Attacks?

In our last blog “Phishing- A Major Cyber Threat“, we spoke about Phishing, how cyber criminals utilize it frequently to target users and its forms.

Now we are going to talk about how you can protect yourself from these attacks. There are five ways you can take which can reduce your exposure to phishing:

1- Implement controls to Block Spam:

Since Phishing is done in form of an email, the better you get at blocking spam, the more you will be protecting yourself from phishing.

a. At the user level: Users can control spam at their inbox by flagging unwanted emails as junk

b. At the organization level: Organizations can block spam at their email server by blacklisting known spammers or blocking entire domains and IP address ranges.

2- Block Bad Websites:

Block access to fraudulent and malicious websites.

a. At the browser level: This can be done at the user level by accessing the websites only with web browser that shows a warning if user attempts to go to a fraudulent website. Most modern browsers have security settings that can be configured to do this.

b. At the organization level: Organizations can install firewalls or proxy servers that prevent users from accessing known bad websites.

3- Use Password Manager:

This is a digital safe that can generate and stores strong and unique passwords. This way you are not reusing the same password on different websites. So, even if one of your passwords gets compromised in a phishing attack, it won’t work anywhere else.

4- Multi Factor Authentication:

This is a stronger form of authentication than just passwords. It requires a password plus another factor (a device you have or a bio-metric factor like a fingerprint), that way even if the attacker gets your username and password, they can’t login without the other factor.

5- Security Training:

When a user knows to open phishing emails, click on manipulated links then phishing would not be such a serious problem.

1- Teach users how to recognize phishing attack, explain why they should be suspicious of urgent emails and hover over links to see if they are legitimate or not.

2- Conduct phishing drills to check how many users might fall for an actual phishing attack.

Phishing- A Major Cyber Threat

What is Phishing?

It’s a type of social engineering to trick users into sharing sensitive personal information like usernames, passwords and credit card number details with cyber criminals.

Phishing has been around since 1990s and still going strong:

“The Comodo Cyber Security 2018 Global Threat Report lists email phishing as the most common method of attack”

“According to the Proofpoint 2019 State of the Phish Report, reports of credential compromise in 2018 rose 70% over 2017 and 280% since 2016”

How cyber criminals target victims?

The most common phishing technique is to send a fraudulent email to a targeted user, the email is designed to look like it came from a trusted entity and it will often appear urgent so the recipient will quickly open it. Phishing email subject lines will sound urgent and important enough to not ignore such as:

Typically, the email will contain a manipulated link that looks like it goes to a real website, if the targeted user clicks the link then it routes to a forged website designed to look like a real one.

Once there, the target will usually be prompted to enter the username and password for the website and if do the attacker will now have the login credentials for the real website. Depending on the website, it can turn into an immediate loss of information and/or money for the victim.

One of the keys to a successful email attack is to look like they came from trusted brands so phishing attackers frequently opt to use brand names like Microsoft, Paypal, Google, DHL, Dropbox etc.

Forms of Phishing:

1. Untargeted Phishing: Tossing out a big net with the hope to catch as many victims as possible.

2. Spear-phishing: Customizes email attack to specific users hoping that the illusion of familiarity will create trust.

3. Whaling: Spear-phishing directed at senior business executives who likely control significant financial assets.

Conclusion:

“Comodo Cyber Security 2018 Global Threat Report state that enterprise users receive 16-20 malicious emails each month on average”

Since phishing email attacks are cheap, simple and effective, we can expect that such attacks will continue to be one of the most common cyber security threat landscape.