🐝 Hive Five 119 - Deep Dive OSINT and Finding XSS in a Million Websites

Hi friends,

Greetings from the hive!

I hope all is well. I’ve been working on improving my Obsidian vault and PKM processes, which led me to this gem of dataview query examples. Dataview is by far my favorite plugin that allows you to query your data and display it in various formats.

What does your PKM process look like? Let me know in the comment below.

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. Deep Dive OSINT (Hacking, Shodan and more) with Rae Baker. more

2. CodeQL query to detect RCE via ZipSlip resulting in a $5,500 bounty from GitHub Security Lab. more

3. Finding XSS in a million websites (cPanel CVE-2023-29489). cPanel is a web hosting control panel software that is deployed widely across the internet. To be exact, there are about ~1.4 million installations of cPanel exposed on the external internet at the time of writing this blog post. more | advisory

4. Git Arbitrary Configuration Injection (CVE-2023-29007). Git’s implementation used to rename or delete sections of a configuration file contained a logic error that resulted in improperly treating configuration values longer than a fixed length as containing new sections. more

5. A stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score (CVE-2023-1767). more

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. IIS Short File Name scanner v2023.3 addressing an issue that it could miss some rare vulnerable servers due to an intrusive RegEx responsible to clean dynamic contents. more

2. httpx v1.3.0 by ProjectDiscovery added the ability to take screenshots of target URLs, pages, or endpoints along with the rendered DOM. more

3. HackerOne’s publicly disclosed reports are now automatically summarized using AI. more

4. Pentester Land has added ~20 new writeups to their collection. more

5. gwen001/related-domains v1.1.7 helps you find related domains of a given domain.

📅 Events

1. Linking Your Thinking Conference 2023 is happening! Register for 5 days of valuable learning. more

2. BSides Austin - May 5, 2023. more

🎉 Celebrate

1. randomdeduction is the first female hacker to take home the MVH title at a HackerOne LHE. Let’s go! more

2. Nagli won the Exterminator award for the second time in a row at HackerOne’s H1-213. Congrats! more

3. Godfather Orwa & XHackerx007 earned $35,000 for their submission on Bugcrowd. more

4. Tae’lur passed the Security+. Woohoo! more

5. rez0 passed 10,000 reputation points on HackerOne. more

💰 Career

1. enleak is looking for SOC analyst 1 positions. They are entrolled in BTL1 and have their eJPT, Net+ and Splunk Certified Core User certs. more

2. How g0lden broke into Cyber Security… and how you can too. more

3. A definitive guide for job searching using ChatGPT by using good prompts to craft a compelling cover letter and tailor your resume to the job posting. more

4. A Cyber Threat Intelligence Self-Study Plan. Katie teaches SANS FOR578: Cyber Threat Intelligence. more

⚡️ Community

1. zseano is going AFK as their baby is around the corner. more

2. Chevon is looking to collab with a security researcher that specializes in Android App exploitation. Hit him up! more

3. Dave reflects back on his health journey: “the confidence that I can control my weight, my body, and continually train my mind really has been a game changer.” more | The Journey for Living Longer

4. at0m shared his 30 day bug bounty journey. more

5. Hussein thinks that bug bounty platforms will see a huge decrease of excellent hackers in the upcoming years due to various factors such as not building strong bonds and failed mediation processes. more

📰 Read

1. A discussion around the age old question: Should you learn to code before you learn to hack? — I agree with the overall sentiment, it makes it easier but isn’t a requirement. more

2. Ariel explains that we have to overcome three high complex roadblocks before LLMs are capable of finding 0days: statefulness, hallucination, and contamination. more

3. The Hugging Face Course will teach you about natural language processing (NLP) using libraries from the Hugging Face ecosystem. more

4. Blind SSRF to internal services in matrix preview_link API. more

5. HackerOne Ambassador Spotlight AWC Edition: Blaklis. He tries to hold monthly online meetups, with a vocal Q&A, open discussions, and sometimes followed by a live hunting session with people from the club. more

📚 Resources

1. Zellic made a dataset publicly available which consists of known Ethereum mainnet smart contract source code. more

2. netlas-io/netlas-dorks contains dorks for the Netlas.io search engine. They are divided into several categories, each dork also has a link by which you can immediately go to the query results. more

3. Ignitetechnologies/Mindmap contains many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them. more

4. cckuailong/awesome-gpt-security is a curated list of awesome security tools, experimental case or other interesting things with LLM or GPT. more

5. HITB2023AM talk by Matthias Frielingsdorf on Poisoned Apples: Current State of iOS Malware detection. more

🎥 Watch

1. The Hacker Factory Podcast with Phillip Wylie interviews Cybersecurity Content Creators Jason Haddix, Ben Sadeghipour, and Daniel Miessler. more

2. HackTheBox - MetaTwo walkthrough. It starts with a vulnerable WordPress application running an event booking plugin that allows for SQL injection. more

3. Web Security Academy SQL Injection Lab #17 walkthrough: SQL injection with filter bypass via XML encoding. more

4. Cloud Hacking: Google Cloud Platform (GCP). It covers topics like the similarities and differences between GCP and AWS, common vulnerabilities in GCP, accessing the metadata endpoint, scopes in GCP, Google privilege escalation using Access Management, and IAM privilege escalation techniques. more

5. Accidental LLM Backdoor - Prompt Tricks. In this video they explore various prompt tricks to manipulate the AI to respond in ways we want, even when the system instructions want something else. more

🎵 Listen

1. Day[0] Binary Exploitation Podcast 206 - A Ghostscript RCE and a Windows Registry Bug. A string escaping routine that goes out of bounds, a web-based information disclosure. And a couple kernel issues, one in the Windows registry, a logical bug leading to memory corruption, and an AppleSPU out of bounds access. more

2. Day[0] Bug Bounty Podcast 205 - SecurePoint UTM, Chfn, and Docker Named Pipe Vulns. A unique auth bypass in a firewall admin panel, desktop-based software bugs, and more. more

3. The Privacy, Security, & OSINT Show 295 - Breach Data Collection Revisited. This week they provide a detailed behind-the-scenes view into their weekly digestion of breach data, offer a new faster query option, and weigh in on the latest privacy updates. more

4. Smashing Security 319: The CEO who also ran IT, Strava strife, and TikTok tall tales. A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.