🐝 Hive Five 91 – Live Hacking Event tips, the ultimate Nuclei guide, and a unique subdomain enumeration method

Hi friends,

Greetings from the hive!

I hope you had a good weekend. We went to an apple orchard, had some cider and picked some delicious apples.

Throughout the week I saw a lot of useful wisdom nuggets floating around on Twitter. Two that stood out to me were "Just because I'm good at it, doesn't mean I'm meant to do it." and "practice makes progress, not perfect."

What were you up to this past week?

Let's take this week by swarm!

🐝 The Bee's Knees

1. Live Hacking Event tips by Justin Gardner: Over the past 6 months, he had the pleasure of participating in 5 HackerOne Live Hacking events. It has been quite the challenge to his work-life balance and his hacking skills, but after ranking in the top 5 at every event, here are some lessons he learned.

2. The Ultimate Guide to Finding Bugs With Nuclei: Efficient, extensible, flexible, open source vulnerability scanning. Introduction Nuclei is a fast, efficient, and extensible vulnerability scanner. It can scan thousands of hosts in just a few minutes.The nuclei engine uses text-file templates to define the steps required to detect a vulnerability.

3. Regulator: A unique method of subdomain enumeration: combine the idea of regular language ranking with regular language induction. The goal is to be able to automagically learn regexes that capture idiosyncratic features of observed DNS data. Then, using these learned patterns, attempt to brute force for new subdomains that follow these same patterns.

4. PiRogue tool suite: An open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices, IoT devices, and in general any device using wi-fi to connect to the Internet.

5. Semgrep - Writing quick rules to verify ideas: When you want to quickly grep for something but the pattern is too elaborate, Semgrep comes in really handy.

🔥 Buzzworthy

✅ Changelog

1. deadfinder 1.3.0: Find dead-links (broken links).

2. osmedeus v4.1.3: A Workflow Engine for Offensive Security.

3. Dalfox 2.8 Release.

📅 Events

1. Texas Cyber Summit San Antonio - US - Oct 20, 2022

2. WOPR Summit - Philadelphia - US - Oct 20, 2022

3. SECUREWV - Charleston - US - Oct 21, 2022

4. No Hat - Bergamo- IT - Oct 22, 2022

5. DevOpsDays - Warsaw- PL - Oct 24, 2022

🎉 Celebrate

1. Alex Chapman passed 6000 rep on HackerOne: Congrats!

2. s3c claimed his spot as one of TikTok's top contributors for the second consecutive year : Nice one!

3. bsysop ended top 4 in September Bugcrowd p1-p2 leaderboard: Amazing!

4. Lupin received a nice bounty with a PoC based on one of IAmMandatory's articles: Remix!

5. Yassine ran half a marathon in Bruges, Belgium: Inspiring!

💰 Career

1. Possibilities to get a job in cybersecurity without certifications.

2. Robinhood's Appsec team (d0nut!) is hiring.

3. Zomato is hiring a security engineer and analyst.

4. hermit is looking for a security researcher job.

5. Cyber Security Career Pathways.

⚡️ Community

1. dawgyg was feeling down and called upon hacker friends: he has since thankfully perked up a bit, and seems to be in better spirits.

2. STÖK on letting go: "One of the hardest things in life is to know when to let go. Had the privilege to spend 15 years with our freespirit / catbuddy skuggan, but after a few days of intense medical care, he’s organs are starting to fail, so it’s time to make the hard decision, to let him go."

3. Hackers first bug bounty report via Frans Rosén: "Ten years ago today I sent my first bug bounty report. It was to PayPal. Fascinating to see some things are very different now from then, but some things are still exactly like they were."

4. Favorite things about hacking - a discussion via hakluke.

📰 Articles

1. Microsoft Azure made some changes with cloudapp.net profiles via Mustafa: "Once profile dropped, it becomes available after approx. 3 days for claiming by other accounts."

2. Corb3nik Introduces Caido: Ian, is a long time CTF enthusiast and bug bounty hunter. Currently, they're the co-founder for a web security toolkit called Caido.

3. Login form of Online Magazine Management System v1.0 is prone to SQL injection: An attacker could exploit parameters username and password to get administrator access.

4. postMessage Braindump: PostMessage-related bugs have landed Rhynorator some serious bounties during the past couple live hacking events. Here is a quick summary of what you need to know about postMessage: According to the docs, postMessages “safely enables cross-origin communication between Window objects.

📚 Resources

1. Z-winK shares his average payouts over 2 years with Bugcrowd.

2. Nagli et al successfully replicated and confirmed the public PoC for CVE-2022-40684: Which grants SSH access without any interaction to vulnerable FortiOS instances, with CVSS score of 9.6. Nuclei template.

3. Reverse engineering firmware resources.

4. Philippe Harewood's slides from his Meta iOS hunting talk at Bountycon.

5. AWSome pentesting cheatsheet: This guide was created to help pentesters learning more about AWS misconfigurations and ways to abuse them.

🎥 Videos

1. HackTheBox - Perspective walkthrough.

2. NullCon Cybersecurity Interview With Vandana Verma, Security Leader, Chair at Owasp & InfosecGirls.

3. kuromatae - Hacker Interview.

4. The Pivot | Vicente Diaz from VirusTotal: Exploring the World of Threat Hunting: Vicente Diaz is a specialist in Threat Intelligence and Threat Hunting. He works in the VirusTotal team in Google as Threat Intelligence Strategist and holds a degree in Computer Science and an MSc in Artificial Intelligence.

5. Farah's BSides Ahmedabad vlog.

🎵 Audio

1. DAY[0] 157 - Got UNIX Sockets and Some Filter Bypasses: No actual bounties this week, but they start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for.

2. Risky Business #682 - Starlink goes dark on Ukraine's front line.

3. Smashing Security #293 - Massive crypto bungle, and the slave scammers: A couple unexpectedly find $10.5 million in their cryptocurrency account, and in Cambodia people are being forced to commit scams.

4. Malicious Life Vishing - Voice Scams: Rachel spoke with Nate Nelson, their Sr. producer, about Vishing: how common is it, where attackers get the information they need to impersonate someone from, and the many many psychological tricks they can employ to fool the person on the other side of the call.

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.