🐝 Hive Five 62 - Valuable lessons

Hi friends,

Greetings from the hive!

I hope you had a good weekend. Mine was pretty eventful, I moved and built some furniture which is always rewarding yet exhausting.

Also, as you may know, I enjoy listening to hip hop. Someone at work showed me this amazing mixtape by J. Cole that I somehow had overlooked: Truly Yours. Cole summer is my favorite track.

What did you do this weekend?

Let's take this week by swarm!

🐝 The Bee's Knees

1. CVE-2022-0337 (reward: $10,000 - Google) - Write-up and Video: System environment variables leak on Google Chrome, Microsoft Edge, and Opera.

2. Bounty Thursdays - live #3 (news/tools and community): In this episode of Bounty Thursdays they focus on news, and tools related to bugbounty and the offensive (red) side of cyber.

3. Alissa Knight Talks About API Hacking, Car Hacking, Creating Content for Hackers and More: Alissa Knight is a cybersecurity influencer, content creator, and community manager as a partner at Knight Ink that provides vendors go-to market and content strategy for telling brand stories at scale in cybersecurity.

4. Bug Bounty Redacted #1 - Exposed Redis and HAProxy: Welcome to Assetnote's new series called Bug Bounty Redacted. In this series they will be going through reports they have submitted to bug bounty programs over the last five years.

5. From XSS to RCE (dompdf 0day): The popular PHP library dompdf (used for rendering PDFs from HTML) suffers from a vulnerability that allows Remote Code Execution in certain configurations.

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

• TCM Security Academy - courses, bundles, gift certs, and access passes. Cybersecurity Training That Doesn't Break the Bank. Don't overspend on your education!

• Privacy.com - Protect Yourself Online. Create virtual cards, set a spend limit on each transaction, and track your spend. Take back control of your payments.

Become a sponsor

🔥 Buzzworthy

✅ Changelog

1. tls.bufferover.run cloud data is now refreshing hourly: A super interesting problem getting the scanner to run this fast on a single machine via erbbysam.

📅 Events

1. Trace Labs Global OSINT Search Party CTF 2022.03: Trace Labs is a Not-For-Profit organization with the mission of crowdsourcing the collection of Open Source Intelligence (OSINT) to generate new leads on missing persons cases to assist law enforcement. Sat, March 26, 2022 6:00 PM – 10:00 PM EDT.

2. SANS Open-Source Intelligence Summit 2022: Thu, Apr 7, 2022.

3. NahamCon2022 - April 30, 2022: Keynote by Jason haddix and hosted by STÖK.