🐝 Hive Five 106 – Fearless CORS, JavaScript Analysis, and Subdomain Takeovers

Hi friends,

Greetings from the hive!

I hope you all had a fantastic weekend.

As a web developer, I’m always on the lookout for the latest technology and trends. This week, I came across an interesting discussion on Ask HN: What would your stack be if you were building an MVP today?, where the popular answer was the Petal Stack (Phoenix, Elixir, TailwindCSS, Alpine.js, and Liveview). As a fan of TailwindCSS and Alpine.js, I’m excited to dive into the rest of the stack.

What new tech has caught your interest? Reply to this email and let me know!

PS: Last week, I somehow included the wrong link for the Broken Access Control guide. Here’s the correct one .

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. Jason Haddix shares his ultimate workflow for simple and easy JavaScript Analysis. Often you can find juicy hidden endpoints, parameters, and domains buried in JS. more

2. inversecos announced their new training company Xintra and also released their first course: Attacking and Defending Azure/M365. more

3. Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation). In this post, jub0bs investigates the reasons for developers’ difficulties with CORS and derives Fearless CORS, a design philosophy for better CORS middleware libraries. more

4. Subdomain Takeover with HuskyHacks. In which they explore this dangerous misconfiguration and steal each other’s domains. more

5. Ethernaut - 0 - Hello Ethernaut walkthrough. The Ethernaut is a Web3/Solidity based wargame inspired by overthewire.org, played in the Ethereum Virtual Machine. more

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. Waymore v1.13 release. The idea behind waymore is to find even more links from the Wayback Machine than other existing tools. more

2. Burp Suite roadmap update: January 2023. more

🎉 Celebrate

1. Jupiter received their first CVE (CVE-2022-4310). Congrats! more

2. It was pry0cc’s birthday. Happy birthday! more

3. Pranav_Pranayx01 got their highest bounty yet for a blind XSS in an internal panel. Awesome! more

4. Greg escaped the polish winter and is having his first digital nomad-like experience on Tenerife. Let’s go! more

💰 Career

1. Th3g3nt3lman is actively looking for a new senior job (preferably remote from middle east) in one of the areas of (SOC, Penetration testing, Red Team). more

2. So now what..? (get hired 2023). ThePrimeagen talks about being prepared for tomorrow. more

3. Job search advice for laid off engineers. more

⚡️ Community

1. Corgi reorganized her office and the vibes are immaculate. more

2. Sad news, zseano lost his dog. My thoughts and condolences. more

3. Ben missed traveling and writing up vulns during layovers so much! Now, he’s back at it. more

4. Michael Skelton has a new toy tool for his property. more

📰 Read

1. PHP Development Server <= 7.4.21 - Remote Source Disclosure. While testing request pipelining on multiple programming language built-in servers, PD observed strange behavior with PHP’s. more

2. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI. At Assetnote, they often audit enterprise software source code to discover pre-authentication vulnerabilities. more

3. Using 0days to Protect the United Nations. Recently, Frycos did a non-exhaustive security product review on a Document Generator Engine, named Docmosis. more

4. Implementing Nuclei into your GitHub CI/CD pipelines. more

5. Subdomain Enumeration: Creating A Highly Efficient Wordlist By Scanning The Entire Internet: A Case Study (Part 1). more

📚 Resources

1. A list of WiFi over-the-air exploits. more

2. Harsh Bothra’s Security Stories featuring Hakluke. A quote from the interview that resonated with me: “Don’t lose your creativity. As soon as people get a cybersecurity job, they lose their curiosity and creativity.” more

3. Checkmarx/capital - A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF. more

4. assetnote/exploits is a repository to store exploits created by Assetnotes Security Research team. more

🎥 Watch

1. HackTheBox - Ambassador walkthrough. more

2. Broken Access Control - Lab #1 Unprotected admin functionality. This lab has an unprotected admin panel. more

3. Beyond CTFs and labs. g0lden’s take on improving in bug bounty hunting. more

4. The DeFi Threat Model. more

5. Burp Suite Shorts - Navigating application paths with Burp Scanner. more

🎵 Listen

1. BBRD podcast 3 - From zero to 6-digit bug bounty earnings in 1 year - an interview with Johan Carlsson.

2. Critical Thinking - Bug Bounty Podcast S01 E03. H1-407 Event Madness & Takeaways Part 1. They talk about some of the interesting things they’ve learned from participating in H1-407 Live Hacking event. They cover decompiling binaries in various different languages, Windows URI Handlers, Caido, and SameSite Lax + POST. more

3. Day[0] Bug Bounty Podcast 181 - Cloud Bugs and More Vulns in Galaxy App Store. A cloud focused episode this week, starting with a logging bypass in AWS CloudTrail, a SSH Key injection, and cross-tenant data access in Azure Cognitive Search. more

4. The Privacy, Security, & OSINT Show 288. In this episode, they discuss the latest Privacy & Security news, and present several new OSINT Techniques. more

5. Smashing Security 306 - No Fly lists, cell phones, and the end of ransomware riches? more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.