🐝 Hive Five 90 – Taking control of your time, RCE via GitHub import, and the origin of XSS

Hi friends,

Greetings from the hive!

I hope you're doing well. Listening to Taking Control of Your Time by Hidden Brain reminded me once more about the importance of being intentional with your time.

They discuss the research of the book Happy Hour: How to Beat Distraction, Expand Your Time, and Focus on What Matters Most.

A takeaway from the book/podcast is to start time-tracking your daily activities. Every 30 minutes, note down and rate what you're doing. You'll notice patterns, and what you love doing most will stand out.

Do you make time to smell the roses?

Let's take this week by swarm!

🐝 The Bee's Knees

1. Dissect: A collection of Python libraries and tools to facilitate enterprise-scale incident response and forensics. Build from various parsers and implementations of file formats, developed by Fox-IT.

2. Rhynorater Talks About Grafana SSRF, Picking Bug Bounty Targets, and His Favorite Hacking Tools!.

3. The Origin of Cross-Site Scripting (XSS) - Hacker Etymology: Why is it called "XSS"? Where does it come from and who influenced this type of website vulnerability?

4. BruCON 0x0E recordings: an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society.

5. Reflecting on 2 Years of Bug Bounty: In September 2022, h1pmnh celebrated 2 years doing bug bounty as the anniversary of their first paid bounty on HackerOne passed.

🔥 Buzzworthy

✅ Changelog

1. Frida 16.0.0 out now .

2. HackerOne Triage is changing their usernames: "Picking our triage names based on an item on our desk was one of my favorite traditions from when we created the triage team at @Hacker0x01 7 years ago."

3. Intigriti is building a researcher API: Let them know what you like to see.

4. IIS ShortName Scanner update: It should now work with the latest version of Java.

5. Deadfinder v1.2.3: Find dead-links (broken links).

📅 Events

1. Wild West Hackin' Fest - 11-14 October: Saddle up folks... Corben will be at the Deadwood con speakin' on "How a Teenager hacked a TransAtlantic Cable".

2. null Ahmedabad 16 October.

3. ProjectDiscovery.io asking for feedback: Help them shape the future of cybersecurity and get some awesome swag while doing it.

4. Opportunity - Women's Cyber Security Immersion Academy: All applicants must meet the following requirements: Senior in college; preferably pursuing a degree in a Computer/IT-related field or technical STEM discipline.

🎉 Celebrate

1. Niv Levy ranked top 7 for September (P1-P2) on Bugcrowd: Congrats!

💰 Career

1. ‌Renwa is looking for a app sec job: "I just got my 5th job applying rejection, open for any remote jobs, web application security, penetration testing, mobile/desktop apps security and any other related cyber security fields. RT appreciated or write down any jobs available"

2. John Strand on opening more pathways into the industry: "Please do me a favor. Talk to your hiring departments and ask them to look at an individuals success in online cyber ranges the same as certs. We need to open more pathways into this industry."

3. Alice on meetings: "Meetings suck. If you have an async team, and especially an open source team, stop having them. They're exclusionary (time zones, disability, language proficiency), hard to schedule, paper over bad process and lead to knowledge loss. [...]"

4. HN - Companies that are hiring (October 2022).

5. Hiring - Associate Director of Security Engineering: EFF is seeking a full-time Associate Director of Security Engineering to guide the continual improvement of the security of the organization’s digital infrastructure, users, and data as part of the Technical Operations Department.

⚡️ Community

1. d0nut on TwitchCon: "Going to TwitchCon was one of the top 3 decisions I made in 2022."

2. STÖK is enjoying hacking lately: "[...] Been mixing web with reversing. Black box with white box."

3. c14dd49h thoroughly enjoyed Agarri's Mastering Burp course: "I'm now able to automate lot of tasks on @Burp_Suite which were boring to do for a human."

4. Best database type to store asset recon data (via spaceraccoon).

5. Interested in giving a guest lecture about infosec?: hit up Katie!

📰 Articles

1. Summary of Hussein's "Bug bounty on steroids" talk.

2. Ahsan Khan AMA.

3. d0nut on the difficulty of anonymizing data.

4. How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud: When performing security research or connecting over untrusted networks, it’s often useful to tunnel connections through a VPN in a public cloud.

5. Cloning internal Google repos for fun and… info?: As a normal bug-bounty exercise, they were checking Google subdomains to see if they could find anything interesting. One of them caught their attention: googlesource.com.

📚 Resources

1. Remote Command Execution via Github import: This is very similar to CVE-2022-2884 and allows arbitrary redis commands to be injected when imported a GitHub repository.

2. Open Circuits (book): Ever wondered what's going on inside your headphone jack? Pondered the inner-workings of a power cable? Open Circuits is your window to the unseen design of everyday electronics.

3. readloud/Google-Hacking-Database-GHDB: The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers.

4. Awesome Tunneling: List of ngrok alternatives and other ngrok-like tunneling software and services. Focused on self-hosting.

5. SSH Bad Keys: This is a collection of static SSH keys (host and authentication) that have made their way into software and hardware products.

🎥 Videos

1. HackTheBox - OpenSource walkthrough: Attacking a Python WebApp and Backdooring GIT Configurations.

2. Your passwords are not safe. OSINT investigations.: Hacks seem to happen every day. Data is stolen and posted online. Your usernames, your passwords, your e-mail address and other confidential information may be easily available.

3. Real use case for Obsidian - Dataview and Database Folder: In this real use case for Obsidian, they use plugins like Dataview, Database Folder, QuickAdd, Templater, and Buttons to create a database in Obsidian to track Kickstarter projects they've backed.

4. Day[0] 155 - Akamai Cache Poisoning and a Chrome Universal XSS: Some varied issues this week, a file format allowing JScript for a $20,000 bounty, Akamai Cache Poisoning, Universal XSS in Chrome.

🎵 Audio

1. The Privacy, Security, & OSINT Show #281 - The Obsession Of Extreme Privacy: This week they revisit some impacts of extreme privacy and security on our mental health when we become obsessed with the little things, and offer ways they keep their own balance in check.

2. Smashing Security #292 - Trussterflucks and eBay stalking: Has new UK prime minister Liz Truss been careless with her mobile phone, and hear the most extraordinary story of corporate cyberstalking.

3. Risky Business #681 - It's Exchangehog Day.

4. Darknet Diaries EP 125 - Jeremiah: Jeremiah Roe is a seasoned penetration tester. In this episode he tells us about a time when he had to break into a building to prove it wasn’t as secure as the company thought. You can catch more of Jeremiah on the We’re In podcast.

5. Hacking Stock Markets, Part 1: In any trading market, at any time in history, no matter where you are, the most important thing you can possess isn’t actually money, or influence, or anything like that. Knowledge -- in particular, knowing something before everybody else -- is far more valuable.

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.