🐝 Hive Five 64 – Ego is the enemy

Hi friends,

Greetings from the hive!

I hope all is well with you and yours. Ramadan Mubarak! Wishing all a generous and blessed Ramadan.

I have no major updates. I'm still reading the Power of Now book, and I've started watching "Bad Vegan: Fame. Fraud. Fugitives." on Netflix.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Hacking PayPal and TikTok (legally) // Featuring Ben Sadeghipour Nahamsec: Want to hack companies like PayPal and TikTok? What about the Department of Defense? Lots of companies that you can hack legally - and get paid doing it.

2. We're spoiled this week with not one, but two Zseano videos: A Look Into zseano's Thoughts When Testing a Target - OWASP Nagpur and Finding bugs on NFT websites for fun & profit.

3. Two Years of Bug Bounty Hunting: Two years ago this month, cinzinga created his first bug bounty account on Bugcrowd.

4. Stalkers, Sock Puppets, and Security: This blog is a chapter of an unpublished book. Cassie wrote this piece almost two years ago to highlight information security best practices and techniques that can help protect against online threat actors and stalkers.

5. This busy-loop is not a security issue: One of the toughest jobs Daniel has, is to assess if a reported security problem is indeed an actual security vulnerability or “just” a bug.

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

• TCM Security Academy - courses, bundles, gift certs, and access passes. Cybersecurity Training That Doesn't Break the Bank. Don't overspend on your education!

• Privacy.com - Protect Yourself Online. Create virtual cards, set a spend limit on each transaction, and track your spend. Take back control of your payments.

Become a sponsor

🔥 Buzzworthy

✅ Changelog

1. Sharpener v1.3 release: Now supports icons for Repeater and Intruder tabs, has more predefined styles, and helps to minimise Repeater and Intruder tab sizes if possible.

2. ProjectDiscovery's Uncover v0.0.4.: It now supports the Shodan InternetDB API to quickly pull the ports for a given IP/CIDR range.

3. Ffuf v1.4.1 release: Fixes to recursion and wordlist handling for queued jobs.

4. ReconFTW v2.2.1.1 release: Hotfixes for amass, dns zone transfer and url filtering.

📅 Events

1. Ben announced the co-hosts for his live recon show: "Live Recon returns next week with two amazing cohosts: @Jhaddix and @stokfredrik!"

🎉 Celebrate

1. Julien already reached their 2022 goal: Let's go!

2. sshell had an amazing time at kernelcon: Love to see it!

3. pry0cc loved his trip to Stockholm: Awesome!

4. d0nut's talk inspired someone to try out Rust: Yes!

5. Mustafa having a great bug bounty month: Congrats!

💰 Career Corner

1. Jack Rhysider on leaving a positive mark on your company: "[...] Make a tool/procedure/training/diagrams that positively changes the way your team works. Change it permanently for the better. Doing things like this, may help you get promoted."

2. Advice for students wanting to pursue infosec as a career via hakluke.

3. Canva is hiring for both Red and Penetration Testing teams.

4. chivato on working at HackerOne: "I've been at HackerOne for about 5 months now. [...]"

5. Sparkle's next run of infosec starters care packages.

⚡️ From the Community

1. Hussein is looking for a dev: "Hello, looking for a dev to work on a security project - must know web vulnerabilities and have already contributed for tools in the industry - please DM github link if interested"

2. Runa's idea for a much needed tool: "Imagine having 1000 PDFs and needing to find those with specific keywords. Here’s a tool many, many journalists need that someone could easily write and share."

3. Jason asks about JS link finding tools/processes: One of the responses includes Matsu on scraping dynamic URL paths from JS files.

4. Corben's oh shit moment: The time he took down an API. A production API.

5. Sam Curry et al discovered vulnerabilities in the largest Discord plugins: "Over the last few months, we found a number of vulnerabilities in the largest Discord plugins (Dyno, MEE6, CollabLand) which would've allowed attackers to become administrators, send messages, and DM users."

📰 Articles

1. Fuzzing Like A Caveman 6 - Binary Only Snapshot Fuzzing Harness.

2. The Joy Of Duplexes: This article is about cryptography, which is most commonly used in high-risk scenarios.

3. Exploiting a double-edged SSRF for server and client-side impact: Just like a knife with two cutting edges, this is a story of a double-edged Server-Side Request Forgery (SSRF) vulnerability which was successfully exploited to achieve and demonstrate both server and client-side security impact which is not very common to come across, at least in Yassine's own experience.

4. finAPI (Open Banking API) oauth credentials exposed in plain text in Android app: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about a REDACTED bug bounty program and why you can always check the basic payloads because you will be surprised that sometimes will work.

📚 Resources

1. CORS - Lab #3 CORS vulnerability with trusted insecure protocols | Long Video: In this video, they cover Lab #3 in the CORS module of the Web Security Academy.

2. Spring4Shell PoC Application: This is a dockerized application that is vulnerable to the Spring4Shell vulnerability.

3. Bug Bounty Platforms: A ongoing community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.

4. Regexp Security Cheatsheet: Research was done to find "weak places" in regular expressions of Web Application Firewalls (WAFs).

5. Samlists: These wordlists are constructed by trawling through terabytes of data mapping to many billions of unique websites.

🎥 Videos

1. Basic Linux Memory Forensics - Dumping Memory and Files with DD - Analyzing Metttle/Meterpreter.

2. HTB Stories #8 - Bug Bounties 101 w/ InsiderPhD.

3. IppSec tackling HackTheBox - Shibboleth.

4. ToolTime - FeroxBuster (Content Discovery).

5. LiveOverflow Spent 100 Days Hacking Minecraft: He got addicted to Minecraft, so he decided to hack it.

🎵 Audio

1. GitLab Arbitrary File Read and Bypassing PHP's filter_var [Bug Bounty Podcast]: Some easy vulnerabilities this week, a directory traversal due to a bad regex, a simply yet somewhat mysterious authentication bypass, arbitrary file read in GitLab thanks to archives with symlinks, and a PHP filter_var bypass.

2. The Privacy, Security, & OSINT Show #256 - Extreme Privacy Fatigue.

3. Smashing Security #268 - LinkedIn deepfakes, doxxing Russian spies, and a false alarm.

4. Risky Business #660 - Lapsus$ arrests, latest on Okta incident.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.