How Pros Use CVEs to Find New Bugs (before anyone else! ft CVE-2020-5902)
Вставка
- Опубліковано 20 тра 2024
- This week a new RCE in F5 Big-IP was found and meme'd about on Twitter, but here's a question how did all the pros find it before anyone else could? What tools and techniques were they using to exploit it before anyone else and why did everyone end up with a dupe. Today we discuss how they did it!
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
Apologies for the audio at the start, not sure what happened there! I'm getting a new setup next week so hopefully, next weeks video will be another major improvement to the editing and visual effects I can do. Liveoverflow here I come - Розваги
Your next assignment Katie, if you decide to take it: Teach us to reverse engineer. :) (Great explanation on CVE's, thank you!)
This is DEFINITELY something I want to cover but I am still learning myself! As soon as I understand the topic well enough it will for sure be a video on my channel!
@@InsiderPhD Reverse Engineering is extremely difficult to explain in short video. I gave up trying and write tech diary instead and publish it on GitHub. The problem is that videos either spend hours and hours explaining the most basic sh*t OR end up doing some kind of "it's magic, I ain't gotta explain sh*t".
Thank you so much Katie for explaining a very important concept in a to the point and objective way. Wish you a very happy, fulfilled and satisfying career.
Big Fan of you, TCM, Tomnomnom and Stok
Thank you! You too!
The stages involved in addressing the issues caused by CVE-2020-5902 include:
1. Identifying the Vulnerability: Scan the network using specific tools to identify the presence of the Remote Code Execution (RCE) vulnerability (CVE-2020-5902).
2. Applying Patches: Apply the patches released by F5 Networks to fix the critical RCE vulnerability in the affected versions of BIG-IP.
3. Monitoring for Exploitation: Keep monitoring for any active attempts to exploit the vulnerability in the wild and stay updated on mitigation details provided by F5.
4. Implementing Security Measures: Design and implement a comprehensive security policy based on insights from the CVE database to prevent exploitation and enhance overall security posture.
katie gives value as always.. Love your content
❤️ thank you for watching!!
I got my first bounty after watching your IDOR video....thanks a lot:)
Amazing! I hope it was a good one! Very proud of you getting your first bounty!
Can you please share the report, so I can learn from it? And was it an idor or somethiing else?
Excellent info.
This is what a call DIAMOND CONTENT! Thanks for the lessons.
Wow, thanks!!!
Great ,Thank You !
That's great, thanks!
I have a question about using OS X in bug hunting.
Do you think it's a good idea?
Should I use a virtual machine(ex. ubuntu) cause I found that most of the recon tools just work better on linux.
I use OSX personally with no issues, but if you do a lot of recon maybe consider a virtual machine or something like digital ocean if the tools perform better for you. I should say I have no issues myself!
Great information :)
thank you your video are the best on the subject !
Aww thank you so much for such a kind comment!
@@InsiderPhD sooo my first bug is a CVE thank you !!
thank you
Great!
good teaching
Mam I my Xss payload blocked by waf how to Bypass waf
Thanks Again 😊.
You're welcome 😊
Thanks a lot for putting up this video although Im still confused. From what I know/ heard a lot of companies dont pay for vulns found bassed on CVEs (last 3 / 6 months). Is there any bug bounty hunter which actually uses this approach and makes profit? It this approach legit?
That's totally true, you're right! A lot of companies will consider CVE related bugs internal dupes for the first 30 days. But this is a strategy and you can totally make money, if you check out twitter for CVE-2020-5902 and the Citrix CVE from around December? So it's definitely a risk, but probably worth it for a bug like this one where it's a very simple exploit. It is legit, but you're totally right that it might be considered a dupe or out of scope.
Finally video that i asked you thank you
I do get round to requests! Eventually!
@@InsiderPhD 🙂
love from brazil
Awesome !!
Thanks!!
Can you please add a video on how to use nuclei
❤️
Thanks InsiderPhD ...
I love you very very much ❤
what about exploit-db?
It would be great if you can make a video about reverse engineering! :)
🤣🤣
Yeah it’s for sure something I want to cover but that I’m still learning myself, I’ve really been enjoying some of Liveoverflows older videos on the topic!
[Q] Aren't you risking getting a lot of duplicates and so lose much reputation on h1 or any other bug bounty website? I mean, you'll eventually be racing other people just like you said (And I understand that you're racing with them anyway, but I get a feeling that in those CVE's there's a lot more racing). Or Am I just overrating the value of reputation on these websites? Is the money the most important?
Being flooded with duplicates also relates to fuzzing many domains and subdomains with the same exploit.
Although I think It's great video, motivates to do more research on your own
So dupes now don't impact rep on h1, but you're right, you are just racing people! Even those who do find this bug might find that they are duped because they internally know about it and are patching it anyway. The core advantage is if you are able to figure out a 0 day exploit before anyone else you have the entire internet. For people who make their income on just bug bounties being able to catch this before anyone else is a huge huge advantage cause even if they get a few dupes they can make 2-3 months wages from the non-dupes. But I just thought this topic was an interesting look into how the pros approach to bug bounty is really quite different to people starting out and especially shows how 0 days can motivate the best bug hunters!
Great back to 2016 I create a python rce they not pay me opencart cms core I got 1600 shell backdoor in one day😂😂😂😂😂😂🤩 I'm back
12:45 lol, what? I think this is incorrect. I understand the expressed sentiment for usage all of these things aside however - illegal in not the right word. I am almost 100% sure for almost any kind of cyber activity that occurs in any other country than where it was committed from that never in even a million years would result with police showing up to arrest someone. Even based from knowing almost nothing about computer forensics and law I would argue (from a field I have very much experience with) that laziness combined with civil right prevent legalities. So to iterate - not only is big business private and disclosure to convict a 'hacker' so difficult accumulate and attribute to any individual but even the reason cyber security evolved was these same entities were liable for loss originally. Even then between countries illegal is not a thing. Like if they(Foreign) charged someone we(domestic) wouldn't care - we wouldn't care because this have always been and even if i'm incorrect about those still nobody(domestic) cares. But i might be wrong .
github.com/disclose/research-threats
Okay, I paid for shodan. Now knowing it was free for students and have extra features than my paid subscription. f
F :(
But at least you know now! And it's good for as long as you have an academic email address!
Why r u eating the microphone
I’m a security person not a video person x]
@@InsiderPhD Toché