• Hive Five
  • Posts
  • 🐝 Hive Five 105 – Mastering Broken Access Control and An Ethical Hacker's Guide

🐝 Hive Five 105 – Mastering Broken Access Control and An Ethical Hacker's Guide

Author

Bee
January 23, 2023

Hi friends,

Greetings from the hive!

I hope all is well. I’ve been running every day for a couple of weeks now and it’s amazing. I stopped for a month, for various reasons, and didn’t realize how much I missed it.

There’s nothing quite like the solitude and runner’s high. The ideas that come to me during a run are also unmatched. I’d recommend it to anyone.

If you’re not a runner, a walk or hike should have a similar effect. Let me know when you get one in! I’d love to hear how it went.

Let’s take this week by swarm!

🐝 The Bee’s Knees

  1. Live Recon: Interviewing A Hacker - Shashank (cyberboyindia). He’s the co-founder credshields, ex-security analyst at HackerOne, and a team lead at Cobalt. more | twitter

  2. LevelUpX - Series 14: Finding and Exploiting Hidden Functionality in Windows DLLs with Nerdwell. In this presentation, Nerdwell dives deep into Windows DLL hacking and reviews common bug patterns that he’s found in the wild. more

  3. Broken Access Control complete guide. This video covers the theory behind Access Control vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them. more

  4. How to Be An Ethical Hacker: 2023 Edition. more

  5. A growing list of root cause analysis of DeFi Hacks. more

️💪 Sponsor

Reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry. Sponsor the Hive Five

🔥 Buzzworthy

Changelog

  1. REcollapse v0.1 is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications. more

  2. Viewgen v0.2 is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys. more

📅 Events

  1. The BSidesCharm 2023 Call for Volunteers is officially open. more

  2. Trace Labs tickets for Global OSINT Search Party will be on sale Jan 28th on Eventbrite. more

  3. Do you enjoy reading and learning? README is a new software developer book club. First meeting on Friday Jan 27. more

  4. Caido is now in public beta. They have been working on Caido since 2021 and are proud to share with you what they have built. more

🎉 Celebrate

  1. Kaitlyn’s first ever shmoocon talk went great. Love to see it! more

  2. HackerOne’s H1407 Epic Games winners. Congrats all! more

  3. Jack Cable joined CISA this week as a Senior Technical Advisor. Awesome! more

  4. Azeria finished their book and it’s in production. Woohoo! more

  5. Shrirang Kahale turned 16. Congrats! more

💰 Career

  1. chompie on the grim Google layoffs. more

  2. Steph’s lay-off tips for both those affected and those who aren’t. more

  3. Security and Privacy Activist - The Electronic Frontier Foundation (EFF), an established nonprofit organization defending online privacy and free expression, is looking for a full-time writer and advocate to join our Activism team. more

  4. Companies that are hiring in tech right now, and what they’re hiring for. more

  5. Nico reminding us that they hold public office hours to anyone that wants to talk about their career, mentorship, cybersecurity in general or just want to chat. more

⚡️ Community

  1. Hacker AFK: InsiderPhD - an interview series by HackerOne. more

  2. Good people at Shmoocon. more

  3. STÖK is not the best version of himself right now. Sending good vibes! more

  4. zseano asks: “why do those who run bug bounty platform twitter accounts not shill bug bounty programs on their platform that we should look at ?” more

📰 Read

  1. The main things to do—and avoid doing—when contacting and working with a mentor. more | related video

  2. Bad things come in large packages: .pkg signature verification bypass on macOS. Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files). more

  3. SSH key injection in Google Cloud Compute Engine (Google VRP). This write-up is the first in a series of write-ups about bugs that they, and Sreeram, found in Google Cloud during 2022. After hunting for bugs continuously in common Google apps such as Drive, they wanted to venture into Google Cloud. more

  4. Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”. September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. more

  5. Learn to build it, then break it. The philosophy is simple: learn security by building projects, reading official documentation and codebases, and then attempting to find security flaws in your work. more

📚 Resources

  1. Offensive Research Guide to Help Defense Improve Detection. more

  2. Free AWS Cloud Practitioner Exam (CLF-C01) resources. more

  3. shieldfy/API-Security-Checklist is a checklist of the most important security countermeasures when designing, testing, and releasing your API. more

  4. Java-Deserialization-Cheat-Sheet is a cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries. more

🎥 Watch

  1. Second order NoSQL injection solution to January ’23 Challenge. more

  2. HackTheBox - UpDown walkthrough. more

  3. Google Like a Pro - All Advanced Search Operators Tutorial. Learn how to become more effective at searching the web. more

  4. Finding IDORs with code reviews. more

🎵 Listen

  1. Critical Thinking S01 E02 - In this episode of Critical Thinking they talk about exploit writing/automation, some new tools released in the industry (Of-CORS), the age old question of “Do you have to know how to program to hack?”, a walk-through of some very impactful bug bounty reports, and some. more

  2. Binary Exploitation Podcast 180 - An iPod Nano Bug, XNU Vuln, and a WebKit UAF. An Apple-focused episode this week, with a trivial iPod Nano BootRom exploit, and a WebKit Use-after-free. more

  3. Smashing Security 305: Norton unlocked, and police leaks. Carole is in her sick bed, which leaves Graham in charge of the good ship “Smashing Security” as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.