🐝 Hive Five #26 – DOM XSS, voicemail ATO, and 10K4ILF

Hi friends,

Greetings from the hive!

For those in the US, I hope you had a safe and happy Fourth! I'll start off this newsletter with lyrics from a song I was just listening to, Little Brother - Beautiful Morning:

"Cause even though the birds ain't singin' and the sun ain't shinin',
It looks like a beautiful morning,
Each day's another chance to do the things I could've,
Done the day before, but I didn't and I known I should've."

Let's take this week by swarm!

🐝 The Bee's Knees

1. Finding DOM Polyglot XSS in PayPal the Easy Way: Finding DOM XSS can be tricky when it's buried in thousands of lines of code. PortSwigger recently developed DOM Invader to help tackle this using a combined dynamic+manual approach to vulnerability discovery, and promptly found an interesting polyglot DOM XSS affecting PayPal.

2. Taking over Uber accounts through voicemail: When creating an authentication flow, so many parameters have to be taken into account. The originating IP address, the number of attempts before a lockout, rate limits, 2FA verification options and sign in methods.

3. Live Recon on Rockstar Games With zseano: zseano shares his methodology and how he utilizes different tools like burp suite to look for vulnerabilities! He also shows his testing flow for different vulnerabilities like XSS and open redirect!

4. Fleex: allows you to create multiple VPS on cloud providers and use them to distribute your workload. Run tools like masscan, puredns, ffuf, httpx or anything you need and get results quickly!

5. Extended BApp Store: The extended BApp store for all your Burp Suite extension needs!

🙏🏻 Enjoy This Newsletter?

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

💌 Want to sponsor an issue?

🔥 Buzzworthy

✅ Changelog

1. smicallef/spiderfoot: Merged a massive change to SpiderFoot that will deliver scan speeds close to those of SpiderFoot HX - about a 10x speed improvement in some cases.

2. Nuclei Templates changelog: New templates, 32 cves/2021/CVE-2021-29203.yaml by @madrobot cves/2021/CVE-2021-24406.yaml by @0x_Akoko cves/2021/CVE-2021-24210.yaml by @0x_Akoko cves/2020/CVE-2020-1938.yaml by @milo2012 cves/2019/CVE-2019-13101.yaml by @skar4444 cves/2018/CVE-2018-8715.

3. hakrawler v2: Hakluke completely rewrote hakrawler from scratch to release v2. Simpler, faster, more reliable, less bugs (hopefully), simple output for easier tool chaining, less features, no banner no colors, more in line with unix philosophy.

📅 Events

1. securityshorts EP 10 with John Hammond: on July 6th at 6:30 AM PT or 7:00 PM.

2. 10K4ILF - raffle update thread What started as a small giveaway to help get InnocentOrg to 10K followers, turned into a coordinated effort by amazing members of the community to help.

🎉 Celebrate

1. Dr. Nestori Syynimaa's second bug bounty ever: Again from Microsoft Security. Congrats!

2. just Wes: passed their Sec+ certification. Awesome!

3. Heath Adams: Received student evaluations for their first course as a professor. Looking good!

4. Mustafa Can IPEKCI: is selected as Rookie of the Year for 2020-2021 on Synack Red Team, plus achieved TITAN status on recognition for their first year. Amazing!

💰 Jobs

1. MARCUS J. CAREY - Cybersecurity Jobs Thread: 6/29/2021 Edition.

2. Premise Health - Jr. Penetration Tester: work at their Corporate office in Brentwood, TN.

💪 Looking for work

New section suggested by a friend. If you're looking for work in infosec let me know and I'll feature you here! (Max. 5 as always)

📰 Articles

1. Dorking for Bug Bounties: This is about different types of dorking in bug bounties to get more information about your targets, find leaked information and basically just more Recon.

2. PancakeSwap Logic Error Bug Fix Postmortem: Whitehat Juno submitted a critical vulnerability in PancakeSwap’s lottery contract on April 27.

3. alert() is dead, long live print(): Cross-Site Scripting and the alert() function have gone hand in hand for decades.

4. Measuring Security Risks in Open Source Software: Scorecards Launches V2: Contributors to the Scorecards project, an automated security tool that produces a “risk score” for open source projects, have accomplished a lot since our launch last fall.

5. PimpMyBurp #5 – Intruder: Use the tool to its full advantage: Behind its appearing simplicity, large-scale efficient usage isn’t straightforward and requires some preparation.

📚 Resources

1. What is the Best Hardware Hacking Kit?: A thread Masonhck3571.

2. Detectify asks hackers for reading suggestions.

3. Cyber Security careers, visualised: Katie shares career maps and gives suggestions on how to use them.

4. Cybersecurity 2021 Packt (pay what you want and help charity): Pick up ebooks like Learn Computer Forensics, Cybersecurity Threats, Malware Trends, and Strategies, Mastering Malware Analysis, and Mastering Python for Networking and Security.

5. Awesome Ethereum Security: A curated list of awesome Ethereum security references.

🎥 Videos

1. SQL Injection - Lab #14 Blind SQL injection with time delays and information retrieval: To solve the lab, we exploit the time-based SQL injection vulnerability and output the password of the administrator user.

2. Fuzzer Crash Root Cause Analysis With ASAN (AddressSanitizer): Now that we found a crash and got a minimal testcase last episode, we can now try to find the true location of the overflow.

3. Electronics for Everyone with AdaFruit's Limor Fried - Hanselminutes #795: Limor Fried is an electrical engineer and owner of the electronics company Adafruit Industries.

4. ep01 - CTF TEARDOWN - HackerOne CodeCanCare 100k CTF.

5. Hacker Heroes #3 - TomNomNom (Interview): a sit down with Tom Hudson (@TomNomNom) talking about his hacking career.

🎵 Audio

1. Jack Rhysider podcast suggestion The Lazarus Heist: It's crazy how much money the North Korean government has been stealing from banks!

2. Reggie Watts and Flying Lotus + Marc Rebillet.

3. SQLite - The Most Popular Database In The World: Richard is going to share his story of creating a small open source project and having it grow beyond your wildest ambitions.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.