🐝 Hive Five 61 – Remember the Pac-Man rule

Hi friends,

Greetings from the hive!

I hope you and yours are doing okay. This weekend was the 30th Anniversary of the disability civil rights protest, where activists lobbied for the passage of the Americans With Disabilities Act. They abandoned wheelchairs, and other mobility aids for the "Capitol Crawl" up the building steps.

The documentary Crip Camp, on Netflix, offers a glimpse into the history of the disability rights movement.

Let's take this week by swarm!

🐝 The Bee's Knees

1. The Discovery and Exploitation of CVE-2022-25636: A few weeks ago, they found and reported CVE-2022-25636 - a heap out of bounds write in the Linux kernel. The bug is exploitable to achieve kernel code execution (via ROP), giving full local privilege escalation, container escape, whatever you want.

2. How to Use Bug Bounty to Help Your Career!: So they've now had a job in security, whooo, but what did they learn? Well they spoke to a lot of people who hire for jobs and wanted to tell you what they learned when it came to career planning and how they leveraged my bug bounty knowledge to get that security job!

3. Intigriti 1337UP Live conference: For everyone interested in bug bounty and security vulnerability research. With a line-up of 10 excellent speakers, Intigriti brought you a knowledge-packed program straight into your homes.

4. Escalating from Logic App Contributor to Root Owner in Azure: In October 2021, they were performing an Azure penetration test. By the end of the test, they had gained Owner access at the Root level of the tenant.

5. Put an io_uring on it - Exploiting the Linux Kernel: This blog posts covers io_uring, a new Linux kernel system call interface, and how they exploited it for local privilege escalation (LPE).

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

• TCM Security Academy - courses, bundles, gift certs, and access passes. Cybersecurity Training That Doesn't Break the Bank. Don't overspend on your education!

• Privacy.com - Protect Yourself Online. Create virtual cards, set a spend limit on each transaction, and track your spend. Take back control of your payments.

Become a sponsor

🔥 Buzzworthy

✅ Changelog

1. First Docker based axiom-scan module.

2. Burp Suite 2022.2.3 release: Enabling ultra-fast crawling of static content, enhanced scanning of single-page applications.

3. ReconFTW v2.2.1 release: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

4. PortSwigger adds Mystery lab challenge: Try solving a random lab with the title and description hidden.

🎉 Celebrate

1. Julien crossed the magical 1,000,000 USD bounty mark: Amazing!

2. Justin and erbbysam popped a crazy 0day: Can't wait for the write-up/talk on it!

3. Sam et al found vulns in cryptocurrency web apps: Awesome!

4. InsiderPhD hit 1 million view on YouTube: You rock!

📰 Articles

1. Making Sense of the Dirty Pipe Vulnerability (CVE-2022-0847): On Monday 7th March, a vulnerability in the Linux Kernel was disclosed publicly which could allow an attacker to escalate privileges. The vulnerability discovered by Max Kellermann dubbed “Dirty Pipe” affects the Linux Kernel 5.8 and later versions (including Android).

2. Recon Weekly #3 - Find More Subdomains using Permutations: If you've done any sort of recon, you're probably familiar with tools like Subfinder, Sublist3r, Amass, etc.

3. Investigating Influencer VPN Ads on YouTube: One widespread, but frequently overlooked, source of security information is influencer marketing ads on YouTube for security and privacy products such as VPNs.

4. How to Burp Good – n00py Blog: Burp Suite is one of their favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things however, that while they exist in Burp Suite, they are not completely intuitive.

5. Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql: It was found that unexpected behaviors in the query’s escape function could cause a SQL injection in mysqljs/mysql (https://github.com/mysqljs/mysql), which is one of the most popular MySQL packages in the Node.js ecosystem.

📚 Resources

1. Malware Samples: This repository is intended to provide access to a wide variety of malicious files and other artifacts.

2. Exploitation Mitigations: The goal is to list exploitation mitigations added over time in various operating systems, software, libraries or hardware.

3. Awesome open-source alternatives to SaaS: Awesome list of open-source startup alternatives to established SaaS products.

4. OpSec SelfGuard RoadMap: The best DeFi,Blockchain and crypto-related OpSec researches and data terminals.

🎥 Videos

1. Finding 0day in Apache APISIX During CTF (CVE-2022-24112): In this video they perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.

2. Joe Grand's Open Lab - YouTube Live AMA: Since the release of their Trezor One wallet hacking video, they've received a lot of questions about engineering, hacking, and life in general. What better way to answer those questions than doing it live?

3. IppSec tackling HackTheBox - Devzat.

4. Common Active Directory Misconfiguration - Tech Talk #1, 2022: A digital tech show by geeks for geeks with demos, Q&As, reportages, challenges, and other fun stuff.

5. Cross-Origin Resource Sharing (CORS) - Complete Guide: In this video, we cover the theory behind Cross-Origin Resource Sharing (CORS) vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them.

🎵 Audio

1. The Privacy, Security, & OSINT Show #253 - Dash Cams: This week they discuss the security benefits of Dash Cams and their recommended usage.

2. Some instrumental playlists to stay focused and boost productivity.

3. Breadcrumbs #18 - Sharing is Caring with OhShINT_: Today we get to talk to OhShINT_ about their professional background as a private investigator, OSINT resources and how NOT to use OSINT.

4. Darknet Diaries #112 - Dirty Coms: This episode we talk with a guy name “Drew” who gives us a rare peek into what some of the young hackers are up to today.

5. IndieHackers #235 – An NFT Conversation for Indie Hackers with Hiten Shah and Mubashar Iqbal.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.