🐝 Hive Five 68 – Blessed

Hi friends,

Greetings from the hive!

I hope all is well. What a week! I launched a big project at work and was able to help out with NahamCon. If you're not familiar with it, make sure to check out this video).

I felt blessed working on this edition:

Let's take this week by swarm!

🐝 The Bee's Knees

1. Re-watch NahamCon2022 with ease thanks to Dennis Traub: For easy session selection they've added the direct links with time codes in a Twitter thread (requires subscription to @NahamSec's Twitch channel). Don't worry, it'll be available on YouTube soon.

2. Bug Bounty hunters has made ridiculous amounts of $$ from known DNS techniques..: YES! That's one of the topics STÖK, Jason Haddix and Condigo will answer in this episode of Bounty Thursdays.

3. OSINT - You can't hide // Your privacy is dead // Best resources to get started: Want to learn OSINT? Want to learn how easy it is to find information online? Time to learn Open Source Intelligence from the best.

4. Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054): Hundreds, if not thousands of enterprises, have to deploy mobile device management software to manage their ever growing fleet of mobile devices used by employees. The best thing about this from an offensive security standpoint, is that the software typically is exposed directly to the internet, to ease user on-boarding and improve day-to-day usage and device coverage.

5. Mindset After 7 years of Bug Bounty - IWCON-S22 Talk by Hussein Daher: Hussein Daher is a Passionate Hacker breaking code for 10+ years.

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

• TCM Security Academy - courses, bundles, gift certs, and access passes. Cybersecurity Training That Doesn't Break the Bank. Don't overspend on your education!

Become a sponsor

🔥 Buzzworthy

✅ Changelog

1. Go 1.18.1: Go 1.18.1 and 1.17.9 are released! Security: Includes security fixes for encoding/pem (CVE-2022-24675), crypto/elliptic (CVE-2022-28327), crypto/x509 (CVE-2022-27536).

2. nuclei v.2.6.9: Including new features that make it easier to create more sophisticated templates. Template variables, DSL extractors, Request annotations.

3. Interactsh v1.0.3: An OOB interaction gathering server and client library.

4. SecLists 2022.2: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.

5. Gee v1.1.2: A tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience.

📅 Events

1. Jason is releasing his own offensive security training this year.

2. Leigh-Anne sharing DEFCON Payment Village details.

3. THREAT CON CFP open until June 20th.

🎉 Celebrate

1. Team BBAC won the BountyConEdu live hacking event: Congrats!

2. Busra announced her new role: Awesome!

3. Mustafa has another smooth run: Amazing!

4. Valerio received a large bounty: Let's go!

5. ca$s:e got her first job offer: Nice one!

💰 Career Corner

1. Google is hiring: in Austin (TX)/Kirkland (WA). Come work with them on fuzzing Android kernel and userspace.

2. RedTeamVillage is looking for volunteers: Are you interested in volunteering with Red Team Village at @defcon?

3. Z-winK shares what you need to know to ace interviews: "Completed two sets of principal/senior web app pen testing interviews this last week. [...]"

4. Sam Parr is hiring for a media job: He owns a handful of small digital products that collectively make high 6-figures in revenue.

⚡️ From the Community

1. Aditya on being an international student in the UK.

2. Katie on adopting ex-racing greyhounds.

3. Corben is looking to connect with blockchain devs/security.

4. Darren on the difference between pentester, bug bounty Hunter and security researcher: "I think it is a matter of scope. Pentester - very limited, pre-agreed scope of extent and time Bug Bounty - scope only limited by extent, time is unlimited Security Researcher - scope is often wide open, limited more by intent than agreement."

5. zseano on being a new dad: "Can’t believe seb is 7 months old already lol where has 7 months gone.. fast approaching 1 years old 😳 still finding my bearings with being a dad and juggling working from home, glad the days of no sleep are gone."

📰 Articles & Threads

1. Exploitation of an SSRF vulnerability against EC2 IMDSv2: The CapitalOne security breach back in 2019 was quite an interesting incident that made news headlines as the attackers were able to leak customers’ PII as well as credit card information.

2. From Hacker to Bug Bounty Program Owner - A Learning Experience: Security has been a major priority at Braze since their founding back in 2011.

3. Corben on authorization: Authorization. Easy to understand. Critical if implemented incorrectly. Want to see an example?

4. Jason's medical alert hack: Not too long ago he put a whole city on high alert during a security assessment.

5. Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL: Tenant isolation is a fundamental premise of the cloud. Organizations trust that the cloud services they use, especially high value assets such as databases, are isolated from other customers.

📚 Resources

1. albertorio shares smart contract auditing resources.

2. hakluke wants to see your blog: Do you have a blog? Drop it in the Twitter replies.

3. Patrik shares bug bounty resources (and a hot take).

4. Awesome Hacking Locations: A list of Awesome Hacking Locations, organised by Country and City, listing if it features power and wifi.

🎥 Videos

1. Ippsec takes on HackTheBox - Search.

2. 7 Users on 1 PC! - but is it legal?: How did a company in the mid 2000s figure out how to cut the cost of computing six times over, and why haven't any of us heard of it? How did they work around Microsoft's legal limitations? Can it run Crysis?

3. Smart Contract Hacking - 0x0C - Attacking Authorization with Web3.js: Attacking the vulnerable contract directly via the commandline and Node Web3.js.

4. Diving Deeper into Subdomain Takeovers & Mitigations with Shubham Shah: In this episode of OWASP DevSlop you’ll be diving into different types of infrastructure takeovers, with a focus on subdomain takeovers, and how they can be leveraged by attackers and bounty hunters to create real security impact.

5. Taggart Tech - Hacker, programmer, educator. Doing programming/infosec: Dope channel I discovered via Twitter.

🎵 Audio

1. The Privacy, Security, & OSINT Show #259 - Leaving Kindle: This week they explain ways to leave Amazon's invasive eBook ecosystem and discuss a bunch of recent news.

2. Breadcrumbs #18 - Eat Your Own Dog Food - Talking Tools with Roelof Temmingh: Today they're joined by Roelof Temmingh. Roelof is the creator of OSINT tools such as Maltego and Vortimo.

3. A Struts RCE, Broken Java ECDSA (Psychic Signatures) and a Bad Log4Shell Fix [Bug Bounty Podcast]: An interesting mix of issues from crypto (Psychic Signatures), to a bad vulnerability patching service (patching log4shell), and bad logic leading to authentication bypassing and leaking sensitive keys.

4. Indie Hackers #251 - The Best Ways to Make Money in Tech with Julian Shapiro of Julian.capital.

5. Truthers: Tiffany Dover Is Dead: Back in December of 2020, a nurse named Tiffany Dover fainted on camera while she was talking to reporters after getting her first COVID shot. She got right back up and gave another interview, but it was too late. A conspiracy theory was already racing around the world: Dover had died.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.