🐝 Hive Five 113 - How to Hack: A Step-by-Step Journey, acropalypse, and 25 years of curl

Hi friends,

Greetings from the hive!

I hope this newsletter finds you well and that you had a fantastic weekend. As for me, I’m feeling much better.

Recently, I’ve been working on a couple of projects that have sparked my creativity, and I’m thrilled to announce the launch of my latest creation - the Awesome Twitter Lists repository. This repository consists of curated Twitter lists, which is my go-to way of engaging with the platform. I hope you’ll find it just as useful as I have.

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. Simon Aarons introduced acropalypse: a serious privacy vulnerability in the Google Pixel’s inbuilt screenshot editing tool, Markup. Enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. more | demo

2. Disclosed report: CVE-2022-44268 - Arbitrary Remote Leak via ImageMagick. A critical bug that was rewarded $25,000. more | related

3. How does Bug Bounty work anyway? In this first video of a new series by InsiderPhD, in partnership with Bugcrowd, you’ll learn how to go from knowing nothing about hacking to finding your first bug, to getting more consistent bounties and everything in between. more | blog post

4. Twenty-five years of curl. Daniel worked on curl longer than he’s worked for any company. None of his kids are this old. 25 years ago he did not live in his house yet. 25 years ago Google didn’t exist and nether did Firefox. more

5. Use multi-repository variant analysis (beta) to run CodeQL queries at scale. CodeQL is the static code analysis engine that powers GitHub code scanning. one of its superpowers is its versatility and customizability: you can use it to find virtually any pattern in source code. more | docs | discussion

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. Feroxbuster v2.9.2 release. Link extraction is on by default, fixed a few bugs, and added a cool QoL feature. more

2. xnLinkFinder v3.9 release. Pass a Cairo export CSV file as input and more. more

3. Caido v0.24.0 brings several exciting new features, including support for Unicode characters in the editor and request/response exporting. more

4. Sans launched Cybersecurity Career Affordably where they adopt an Income Share Agreement (ISA). They want to make their undergraduate programs as accessible to students who demonstrate high potential to succeed. more

5. OpenAI released GPT-4, a large multimodal model, with their best-ever results on capabilities and alignment. more | technical paper

📅 Events

1. Jason Haddix live training is back! Join him in July for two days of the Bug Hunter’s Methodology Live. more | purchase | syllabus

🎉 Celebrate

1. Jobert Abma celebrates 10 years HackerOne. Amazing! more

2. Nagli hit the $1,000,000 mark in bounties earned on HackerOne. Congrats! more

3. Masonhck357’s bulking progress. Getting swole! more

4. Taelur Alexis won a 1 year Burp Suite Pro license. Let’s go! more

💰 Career

1. Your Job Doesn’t Matter (and That’s Great News). Jason very much believe that none of this stuff matters. Our jobs, the work, all of it. It’s completely meaningless. more

2. Rosie on community: “Is community the only part of the business that has the expectations of becoming self-sustaining? …” more

⚡️ Community

1. d0nut spilled soda on his das keyboard (.. again) and then broke it while trying to clean it (.. again) BUT discovered newfound love for another keeb. more

2. Inti was offered a $25 bounty and a reminder to stick to the scope from a massive corporation for informing them that all their corporate credentials and API keys are exposed in a PUBLIC repo. more

3. bxmbn will be disclosing two reports soon. more

4. Ankit had a wonderful experience delivering a two days workshop on “Ethical Hacking & Cyber Security” at “Hackers Horizon” event by VIT, Chennai. more

5. Ben stopped making content he thought people wanted to see and started making content he enjoys making. more

📰 Read

1. Finding Hundreds of SSRF Vulnerabilities on AWS. During Trickest’s latest research project, which involved uncovering IP addresses hidden behind proxies like Cloudflare they stumbled upon numerous IPs susceptible to SSRF via the Host header. more

2. EJS - Server Side Prototype Pollution gadgets to RCE. In February 2023, Kévin took a look into NodeJS HTML templating libraries. During their research, they found an interesting Server Side Prototype Pollution (SSPP) gadget in the EJS library which can be leveraged to RCE. more

3. How Your NFTs Could Have Been Stolen in Just One Click. more

4. Reconnaissance 103: Host and Port Discovery. After gathering all available subdomains, the following process filters all valid ones based on their HTTP method and response content. more

5. The Time Tom Hacked Google’s Manual Actions Database. In 2013, Google released a tool to view the manual actions (penalties) they were applying to your own site. more

📚 Resources

1. John interviews the people behind the Free Hacking APIs Course (APISEC University). more | course

2. ignis-sec/Pwdb-Public is a collection of all the data i could extract from 1 billion leaked credentials from internet. more

3. Google/kCTF is a Kubernetes-based infrastructure for CTF competitions. more

4. cJoelGMSec/MyTalks is a talks collection of slides on cybersecurity and ethical hacking by Joel Gámez Molina. more

5. Hack-with-Github/Awesome-Hacking is an awesome hacking collection of awesome lists for hackers, pentesters, and security researchers. more

🎥 Watch

1. HackTheBox - Extension walkthrough. more

2. Broken Access Control - Lab #8 UID controlled by parameter, with unpredictable UIDs. This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs. more

3. DNS Remote Code Execution: Finding the Vulnerability (Part 1). more

4. How John found your GitHub secrets. more

5. Does Cybersecurity Require Programming? One of the most common questions he asks his guests on the Live Recon stream is whether or not coding is required for hacking and cybersecurity. more

🎵 Listen

1. Smashing Security 313 - Tesla twins and deepfake dramas. The twisted tale of the two Teslas, and a deepfake sandwich. more

2. Day[0] Bug Bounty Podcast 195 - Stealing Secrets with Security Advisories and CorePlague. A few varied issues this week, exploiting an apparently unexploitable CRLF injection, organization secrets exposure in GitHub, and a Jenkins XSS. more

3. Fossified - Daniel, Henrik, Magnus and Johan discuss all things free and open source. In this episode they’re talking about Curl and the fact that the project turns 25 years old. more

4. Critical Thinking S01 E11 - Episode 11: CVSS, Web Cache Deception, and SSTI. more

5. Adventures in DevOps 154 - What’s the Tea With Max Howell. Max Howell is the creator of Homebrew and is the CEO of Tea. He joins the show alongside Jonathan and Will to talk about Tea, the next-generation, cross-platform package manager. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.