🐝 Hive Five 107 – The Anti-Recon Recon Club, Till REcollapse, and Privacy Guides.

Hi friends,

Greetings from the hive!

I hope you are crushing your yearly goals. I recently Tweeted asking what people used as a daily search engine. For me, Google and even DuckDuckGo weren’t providing the results I needed.

I mentioned that I tried out Kagi and that I loved it, but sadly the trial ran out. At first, paying a monthly fee seemed a bit much, but this HackerNews thread and deciding to invest in productivity changed my mind.

What was your latest productivity investment?

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. The Anti-Recon Recon Club (using ReconFTW). Recon is important, but some people hate it. Jason gets it. When you’re in the zone and ready to pounce on a target, you just want to start hacking. more

2. Till REcollapse: Fuzzing the Web for Mysterious Bugs by @0xacb (NahamCon2022EU). more

3. MyBB <= 1.8.31: Remote Code Execution Chain. MyBB is one seriously popular type of open-source forum software. However, even a popular tool can contain bugs or even bug chains that can lead to the compromise of an entire system. more

4. Privacy Guides is your central privacy and security resource to protect yourself online. more

5. Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails. Many enterprise organizations that deal with large amounts of data that needs to be shared between employees or stakeholders often use enterprise file transfer software. more

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. xnLinKFinder v3.0: Lots of bug fixes and some small improvements, mainly around the new wordlist option. more

2. FFuF v2.0.0: A fast web fuzzer written in Go. more

3. bbrf-client v1.3.1: This release includes the following Support for CIDR scopes; you can now add an IP address or range in scope, e.g. bbrf inscope add 1.1.1.0/24 and later add URLs. more

📅 Events

1. YesWeHack will be hosing a bug bounty event on March 9-10 at Nullcon DE 2023. It’s open to all attendees! more

🎉 Celebrate

1. mert received a most impactful submission bonus. Awesome! more

2. Lupin, ReeverZax , DoomerOutrun , and Snorlhax won the Best Collaboration trophy at the H1407. Congrats! more

3. Truffle Security is proud to host a new XSSHunter. I love it! more

💰 Career

1. Rachael got laid off from Okta and is looking for work. She is a cybersecurity risk manager with 20 years of experience and a great track record. more

2. Three job openings on the BloodHoundEnterprise team: Salaries range from $120k-170k USD, excellent benefits, and fully remote. They are looking for back- and front-end engineers and a Technical Account Manager. more

3. Hadrian Security is hiring Junior through Senior offensive security engineers. more

⚡️ Community

1. Damian developed 7 new golang tools over several weeks and it became his favorite language. more

2. STÖK shows you how you can turn a small room into a decent studio. Hashtag goals. more

3. Nathaniel earned $683K AUD in the past couple months and is going to spend this year prioritizing being physically and mentally fit. more

4. Companies or products people wish had a bug bounty program to hack on. more

5. d0nut has been having a ton of fun learning a couple of new languages. more 

📰 Read

1. How to use mksub: Beyond the basics. mksub is a simple tool. It generates subdomains by combining words from a wordlist with a target domain. more

2. Security Advisory: Remote Command Execution in binwalk. more

3. A hacker’s guide to SSL certificates, featuring TLSx. more

4. RCE in Avaya Aura Device Services. For those who haven’t had the pleasure, Avaya Aura is a (rather complicated) platform for managing IP phones. more

5. Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit. Metasploit recently released version 6.3 and with it came a whole lot of new features related to LDAP operations and using Kerberos authentication. more

📚 Resources

1. People’s highest single bounty or project payout. more

2. Infosec podcasts and YouTube channel recommendations. more

🎥 Watch

1. Linux Privilege Escalation for Beginners. more

2. Cheat Engine Introduction (tutorial 1-4) - Game Hacking Series. In this video, they discuss the bug bounty in relation to game hacking, install cheat engine (7.4), run through the basic functionality and beginner tutorials (steps 1-4). Finally, they’ll apply the techniques we learnt to a real game (AssaultCube) more

3. TCP for Hackers: Wireshark Basics (with @ChrisGreer). more

4. A walkthrough of HackTheBox Response. more

5. Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL. This lab has an unprotected admin panel. more

🎵 Listen

1. NeedleStack S1E16 - Dark web research tips for the OSINT-curious. Michael James of the OSINT Curious Project joins the podcast to give expert tips on conducting dark web research. more

2. Cyber Idiots Podcast EP8 - It’s time to talk about mental health in cyber w/ Lily Clark. more

3. Bug Bounty Podcast 183 - CSS Injection and a Google Cloud Project Takeover Bug. Starting off the week strong with a CSS injection turned full-read SSRF, and a MyBB exploit chain from XSS to server-side code injection. more

4. Critical Thinking - Bug Bounty Podcast S01 E04: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon. more

5. Critical Thinking - Bug Bounty Podcast S01 E05: AI Security, Hacking WiFi, the New XSS Hunter, and more. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.