🐝 Hive Five 92 – Why web tech is like this, Chrome browser exploitation, and hacker healthcare

Hi friends,

Greetings from the hive!

Happy Diwali to those that are celebrating. Lately, I've been watching League of Legends Worlds. It's usually on in the background, while I'm doing other things. Whenever I do though, I don't listen to the default commentary. This comes back to making every experience your own, and is part of my credo: "Life is short, hack it."

What do you do differently than others?

Let's take this week by swarm!

🐝 The Bee's Knees

1. $29,000 GitLab - Arbitrary File Read using symlinks: This video is about a vulnerability in GitLab that allowed reading any files from the server. The reporter, William Bowling, was rewarded $29,000 of bug bounty.

2. [CVE-2022-1786] A Journey To The Dawn: Back in April, they found a 0-day vulnerability in the Linux kernel and exploited it on Google’s kCTF platform. They reported the bug to Linux kernel security team and helped them fix the vulnerability.

3. Keynote - Why web tech is like this - Steve Sanderson: Ever wondered why browsers look like they do? Why we use port 80, or why it’s img src=… and not image source=… ? How did JS and CSS take over, and what could there have been instead? Who invented modern web dev tooling, and how have your favourite server and client frameworks been battling?

4. Chrome Browser Exploitation, Part 1 - Introduction to V8 and JavaScript Internals: Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software applications are delivered to users via a web browser in the form of web applications.

5. Basic recon to RCE III: For the 3rd and the last episode of the series, they’re going to continue with the same target as the episode 2.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition or buying me a coffee.

You can also share the newsletter with your friends and follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. xnLinkFinder v2.1: New Waymore mode, pass a waymore results directory to xnLinKFinder and get way more.

2. reconftw v2.5: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

📅 Events

1. Hardwear.io Security Trainings and Conference - 24th - 28th October 2022: Europe’s prime hardware security conference.

🎉 Celebrate

1. Happy birthday to Tuan Anh Nguyen: Congratulations!

2. d0nut found an auth bypass without tools: Nice one!

3. GodFather Orwa found a RCE: Awesome!

4. Nagli started his own startup called Shockwave: Exciting!

5. chompie joined X-Force Red: Let's go!

💰 Career

1. Bella is looking for a summer 2023 job, primarily in the dc-metro area: They like to do reverse engineering / malware analysis / vulnerability research.

2. TCM Security is hiring a Social Media Manager.

3. ThreatOptix is hiring a Golang backend dev.

4. The concept of “work” is a Rorschach test: An inkblot that you can project pretty much anything onto.

5. meg west on entry level personnel outgrowing their pay: "they rapidly advance and outgrow the entry level pay they were originally valued at - but the hiring org tends to continue paying them a low salary, which forces the individual to move companies."

⚡️ Community

1. shubs collaborated with Frans and Sean: He's grateful to know them and work with them.

2. Justin Kennedy on H1 mediation: "It has been 2 months since a friend and I submitted ~10 crits and highs to a program on @Hacker0x01 (100+ hours spent on the program) and over a month since we requested mediation when the program tried to screw us out of those bugs. And it's still not resolved. Ridiculous."

3. STÖK celebrating his relationship with Frans: "My personal & technical growth has been exponential since we first met, and would never have ended up like it did if i didn’t meet Frans."

📰 Articles

1. PHP filters chain - What is it and how to use it: It all started from research on gadgets chains to improve code analysis skills on PHP.

2. Second Order XXE Exploitation: This writeup is about their recent discovery on Synack Red Team which was a Second Order XXE that allowed them to read files stored on the web server.

3. Hacker Healthcare: "One of the most common problems that prevent successful bug bounty hunters from quitting their day job is that, in the USA, your healthcare is nearly always tied to your job."

4. Inside the Ransomware Gangs That Extort Hospitals: They shut down patient care and put lives at risk. Would the pandemic finally slow them down?

5. Practical Attacks against NTLMv1 – n00py Blog: This blog is meant to serve as a guide for practical exploitation of systems that allow for the NTLMv1 authentication protocol.

📚 Resources

1. Awesome Guidelines: A set of guidelines for a specific programming language that recommend programming style, practices, and methods for each aspect of a program written in that language.

2. orwagodfather/WordList.

3. Hacking Android Applications for Bug Bounty and Pentesting: This course is designed to help you kick-start the journey of android pentesting with right tools and methodology.

🎥 Videos

1. CNN's Donie asked Rachel Tobac to hack him, again?!.

2. Nuclei Template Generator BurpSuite Plugin: Showcasing the Nuclei Template Generator BurpSuite Plugin.

3. DAY[0] 159 - GitHub to GitLab RCE and a new PHP Supply Chain Attack: This week they look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text).

4. HackTheBox - Faculty walkthrough.

5. I Leaked My IP Address: How bad is it to leak your IP address? VPN providers want us to believe it is dangerous, but he wanted to share his thoughts on the matter.

🎵 Audio

1. Favorite running and dancing songs via Sarah Drasner.

2. Darknet Diaries EP 126 - REvil: REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world.

3. Malicious Life - What Would Happen if CBS Got Hacked?: Media companies probably get hacked no more than other, non-media oriented organizations such as hospitals, banks, etc.

4. The Privacy, Security, & OSINT Show #282 - Major OSINT Updates: This week they offer numerous new OSINT strategies and their corresponding IntelTechniques tool usage, plus the latest news and updates.

5. Smashing Security #294 - The Virgin trains swindler, cyber clowns, and AirTag election debacle: Someone’s election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany, and a swindler steals a fortune due to trains being delayed.

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.