Black Hat USA, DEFCON, and BSides Las Vegas are coming up soon, and we have a lot planned for both the Crowd and our customers. There are many announcements to follow, but this is one that can't wait.
Bugcrowd is excited to partner with the good folks at RVAsec to bring conference attendees a totally new hybrid CTF experience with competition including both a CTF and a Bugcrowd Bug Bash on live web targets! Teams can win points for captured flags or valid vulnerabilities discovered during this two day event on June 4th and 5th in Richmond, VA. This is in addition to the 2 day, 2 track conference!
Bugcrowd is proud to host the AppSec EU Bug Bash - a bug bounty hackathon where cash bounties will be rewarded to those who discover vulnerabilities in companies such as Pinterest, Heroku, Blackphone, Twilio, Barracuda Networks and many more.
RSAC 2015 was packed full of big moments for security and for Bugcrowd. We were delighted to have the opportunity to shine the spotlight on bug bounty programs, and the power of crowdsourced security testing.
[Today I'd like to introduce you to Bugcrowd member Satish Bommisetty. An author and professional security researcher, Satish has helped improve the application security of dozens of companies by reporting over 170 valid vulnerabilities through Bugcrowd. We are honored to share his thoughts on how bounty hunters can deliver high quality professional results and create a respectful security research community. These are things that help form a researcher's positive reputation among peers as well as with customers.
[Bugcrowd is a proud sponsor of Nullcon 2015, which is less than a week away! While we are putting the finishing touches on our Bug Bash event, we want to introduce you to another of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to have a great experience.
Bugcrowd is a proud sponsor of Nullcon 2015 which is rapidly approaching! We’re working with some of the best researchers from the Bugcrowd community to host a Bug Bash at Nullcon on February 7th. Meet and learn from some of the best researchers in the world, and compete to rise to the top of the Bug Bash Leaderboard by submitting the best bugs you can find.
[Bugcrowd is a proud sponsor of Nullcon 2015, which is rapidly approaching! While we are hard at work preparing to host an awesome Bug Bash event, we want to introduce you to a few of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to have a great experience.
[The Shmoocon presentations I recommended last week did not disappoint, and I'm excited to have the opportunity to share some of the great research I saw there with Bugcrowd customers and Crowd members. This tool released by Justin Kennedy and Steve Breen can be used by both Red Teams and Blue Teams. Enjoy! ~Kymberlee]
Guest Blog: httpscreenshot - A Tool for Both Teams
Shmoocon is one of those few security conferences that has been around for quite some time, each year selling out of tickets in record timing, and only allowing those with the quickest mouse clicks to obtain them. Luckily for Steve Breen and me, we had the privilege of giving our talk “httpscreenshot – A Tool for Both Teams” this year at Shmoocon, securing tickets for ourselves.
The reason that we named this talk “A Tool for Both Teams” was we believe that both red teams and blue teams can benefit from using it just the same. I’ve been on both teams myself, defending networks, as well as breaking into them, so I feel justified in talking about the problems faced on both.
On the blue team, the biggest problem we’re trying to solve is for networks and systems administrators not having a good idea what is sitting on their networks. On the red team, every single network we are targeting (and in turn, supposed to be assessing) is an unknown to us, and we don’t always have a lot of time to explore it. Our solution to these two problems is httpscreenshot.
httpscreenshot is a set of two python scripts (httpscreenshot and cluster) developed internally over the past two years that takes screenshots of websites quickly and reliably. The cluster script then perform “fuzzy matching” on the HTML output of the pages to produce an immediately usable output with “similar” pages grouped together.
What we believe sets httpscreenshot apart from other similar tools out there are the amount of features that we’ve put into it, but keeping the tool fast and thorough. Here is a quick list of the features of the tool:
- Has the ability to parse gnmap output from nmap and masscan
- Performs autodetection of SSL if version scans weren’t run
- Scrapes SSL certificates for domain names and alt names to add to the queue (no more missing vhosts due to hitting by IP address)
- Runs headless or configurable fail-over to FireFox so you can use your favorite remote server easily
- Threaded, so it’s pretty quick
- Saves output of websites to both PNG and HTML so you can easily grep the source if you’re looking for something specific
One of the few ways that I’ve leveraged this tool myself has been on bug bounties. For any bounties out there that allow for fairly open scope such as Facebook, Google, eBay, etc…. this tool is a fantastic way to quickly uncover attack surface (as demonstrated in the demo at the end of this post). Just a few weeks ago Ryan Dewhurst (@ethicalhack3r) mention that he found Jenkins on one of Facebook’s acquisitions on a non-standard, netting him some fairly easy cash. I found the same on eBay, and the cluster portion of httpscreenshot put them all together for me for multiple submissions. :)
If you find the tool useful, want to provide some feedback, or need any help with it, just reach out to @breenmachine or me (@jstnkndy) on Twitter, IRC (breenmachine or juken), or raise an issue on github (github.com/breenmachine/httpscreenshot). If you want to see the tool in action, check out the demo below or go play with it yourself!
Justin Kennedy (@jstnkndy) is a Principal Security Consultant at NTT Com Security and currently leads the Offensive Security team there. His expertise lies in social engineering, physical security, and other areas of penetration testing and offensive security. Justin's background includes systems administration, network defense, and being mischievous. When he's not popping boxes and rolling networks, you can often find him being a coffee and beer snob.