🐝 Hive Five #10 - “If you want to go quickly, go alone. If you want to go far, go together.” — Proverb

Hi friends,

Greetings from the hive!

Happy Monday, I hope you had a great weekend. Mine was chock-full of awesomeness.

I revealed some exciting news, I joined Nathanial (d0nutptr) to work on resync! We celebrated it with the launch of the website. Resync is a massively scale-able and easily extensible recon solution, that focuses on high accuracy, scale, and speed.

On Sunday it was time for the second edition of NahamCon! It'd grown substantially since last time. It's always hectic, and even moreso with additional moving parts, but the mods handled it wonderfully. It's always awesome to be able to help people, watch awesome talks, compete in the CTF, and meme in the chat. Kudos to everyone involved!

For the occasion I've added a special NahamCon section with videos, slides, and repos. Let's goooo!

🐝 The Bee's Knees

• Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github: Microsoft-owned Github quickly deleted the code, which exploited vulnerabilities apparently used by Chinese hackers to break into a series of companies.

• How I Passed the CompTIA A+ 1001 Core 1 Exam | 10 Tips | Kali Reanna: 10 tips that can be utilized to pass the exam. They can also be used for other exams as well outside of A+. There's no specific formula to follow.

• The Best Ethical Hacking Tools of 2021 (and their basic usage): Today, we’re talking about hacking tools. Specifically, hacking tools that are being used most frequently by penetration testers and bug bounty hunters in 2020.

• Offensive Security Experienced Penetration Tester (OSEP) Review and Exam: Offensive Security announced that it was retiring the Offensive Security Certified Expert (OSCE) certification and replacing it with three courses, each with their own certification. Eugene decided to take the 60-day OSEP package from January to February 2021.

• The 2021 Hacker Report: HackerOne find out what motivates hackers, what they've been hacking over the past year and what vulnerabilities they've found.

NahamCon 2021 Recap

CTF

• bootplug: Won the CTF, after an exhausting weekend. Their friends @kalmarunionenDM put up a really hard fight and ended up on 2nd.

• NahamCon CTF 2021 - My Perspective (Data, Feedback, & More): John Hammond reflects back on the wildly successful NahamCon CTF.

Talks

Amassive leap in host discovery - ITSecurityGuard - slides repoLearn to hack, choose a target, ???, get a bounty - Katie (InsiderPhD) - slidesIIS hacking - Shubs (@infosec_au) - slides

Recon Village

rez0 - ffuf scripts and tricks - videod0nutptr - Building Faster-than-light Reconnaissance - video slideshonoki - BBRF: Kickstart your recon - video slides repopry0cc - Introduction to Axiom - The Dynamic Infrastructure Framework for Everybody! videocodingo - Dooked - monitoring of DNS for Green, Blue and Red Teams video

Red Team Village

Full session

🔥 Buzzworthy

Upcoming

• Women’s History Month: In honor of Women’s History Month, the CARE Lab is doing a spotlight feature series that will showcase phenomenal women in the cyber/STEM field.

• SECURITY Magazine: picoCTF 2021, an online cybersecurity competition run by security & privacy experts in @CarnegieMellon's @CyLab, begins March 16 at 12 p.m.

🎉 Celebrations

• STÖK ✌️: sold out his owasp talk, 230+ slides under 60 minutes. Amazing!

• Joel Margolis: bought a house, congrats Joel!

• pry // Ben Bidmead: The latest addition to the Darwin hacking team, 0xLupin. Awesome!

• Floerer: After never having found interesting CORS misconfigurations they found 2, which both lead to complete account takeover. Killing it!

• hakluke: Is getting ready to release a new tool "haktrails", a Golang client for easily querying SecurityTrails API data. Can't wait!

• zseano 🛡️: Donates a laptop to @eXfilPr4tik for his dedication AND he has a baby on the way!

• Nagli: Following @zseano talk on NahamCon2021 Nagli decided to share his already crafted research on the entire Google TLD domains scraped from OSINT sources, everything on the trello board is in GoogleVRP scope. Go crash it!

📰 Articles

• Inside Israel’s lucrative — and secretive —cybersurveillance industry: The country’s hacking software is recognized the world over, not everyone thinks it’s a good thing.

• 6 Red Flags I Saw While Doing 60+ Technical Interviews in 30 Days: What is the one thing you would look out for if you had to join a company?

• How to Regex: A Practical Guide to Regular Expressions (Regex) for Hackers: Regular Expressions (a.k.a regex, or regexp) is one of those things that has a fairly steep learning curve, but once you dedicate an hour or so to learning the basics, you will find that you will be far more efficient with everyday tasks.

• Generalists vs specialists – who has a greater chance of success?: What is the right age to make a career choice? Should one choose early and take a distraction free path? Or should.

• How Raising the Minimum Wage Can Accelerate Human Job Loss to Automation: Imagine you own McDonald’s, except every store location is corporate-owned instead of being franchises.

• Write libraries instead of services, where possible: A service has constant administration costs which are paid by the service provider, a properly designed library instead moves these costs to the users of the library.

• CVE-2020-29653: Stealing Froxlor login credentials using dangling markup: This is a guest blog from Detectify Crowdsource ethical hacker, Valerio Brussani aka Val_brux.

• Open source developers are using GitHub's 'sponsors' program to get paid for work they used to do for free — and some are making 6 figures: Although open source software powers some of the world's most well-known technologies, even the most popular projects are often maintained by developers who volunteer their time and effort.

• A Russian ISP confirms Roskomnadzor’s Twitter-blocking blooper: The tarpit attack did not only affect Twitter's t.co domain as intended—it affected all domains that included the substring t.co, for example microsoft.com and Russian state-operated news site rt.com.

• Git clone vulnerability announced: Today, the Git project released new versions to address CVE-2021-21300: a security vulnerability in the delayed checkout mechanism used by Git LFS during git clone operations affecting versions 2.15 and newer.

• Finding Issues In Regular Expression Logic Using Differential Fuzzing: Regular expressions (or commonly known as regex) have been used for years to provide developers a quick way to pattern match or parse various data in applications.

• An Object-Oriented Language for the '20s: Object-oriented programming is out of fashion now, and it has been for a while.

• The Part Time Creator Manifesto: No urge to blog about leaving the "rat race".

• You don't need to quit your job to make: I want to debunk the myth that originality requires extreme risk taking and persuade you that originals are actually far more ordinary than we realize.

📚 Resources

• Hardware Hacking NZ: Hardware Hacking NZ is a special interest group for people interested in hardware and embedded system hacking.

• Oliver's Blueteam Toolkit: This repo contains software I've written for the 2021 CrikeyCon Red vs Blue CTF.

• m4ll0k/Bug-Bounty-Toolz: m4ll0k's Bug Bounty Tools.

• CSP Bypass Guidelines: Content Security Policy (CSP) is the last line of defense against the exploitation of a XSS vulnerability, here we will deal with the possible ways to abuse flaws in its implementation.,

• Using FOCA for OSINT Document Metadata Analysis: FOCA, which stands for (Fingerprinting Organizations with Collected Archives) is a pretty nifty tool to use for collecting documents from a target domain and analyzing metadata found within them.

• Messing with GitHub's fork collaboration for fun and profit: GitHub has a useful feature called fork collaboration. It works as follows: Interestingly, you don’t have to own a repository to create a pull request from it.

• Leaked Credentials gives access to internalfb.com: Facebook uses a contracting company in Someplace called Something to test new and upcoming features across the Facebook family.

• 🍳 Based Cooking 🍲: Only Based cooking.

• ATTL4S: You Do (Not) Understand Kerberos" slides.

• Awesome CTO: A curated and opinionated list of resources for Chief Technology Officers and VP R&D, with the emphasis on startups and hyper-growth companies Contents General Hiring Management Handbooks Development process Architecture Tech.

• Engineering Manager Resources: Engineering Manager Resources A list of engineering manager resource links.

• 0xSobky/HackVault: This is a container repository for 0xSobky's public web hacks.

• Bugcrowd Tip Jar 🧠: A curated collection of wisdom nuggets to level up your bug bounty game.

• Kishore Krishna (@sillydadddy) infosec AMA #38: A Twitter AMA with Ali Tütüncü @alicanact60 as guest.

• ej s nyman: Asks if there are more tech comics, such as b0rk's.

• Michael Skelton: Twitter thread, of the best tricks for generating client-specific wordlists.

• RegEx Crossword: It's a crossword puzzle where you need to fill in the hexes with character sequences, so that they match the regular expressions listed around the edges.

• OSEP Code Snippets: Based on Offensive Security's PEN-300 course, classes and methods are public, so most binaries should allow for reflective loading as below.

• alevchuk/vim-clutch: Purchased 2 USB foot switches (pedals) from China, used Ankaka.com and payed 20 USD (includes 2 pedals and shipping to California).

• WP-XSS-Admin-Funcs: JavaScript functions intended to be used as an XSS payload against a WordPress admin account.

• Google Bookmarklets: Harvesting lists of urls, titles, dates and descriptions from a Google search query is a recurrent need in digital methods and a hardly automatable one because of Google's restrictions towards robots.

🎥 Videos

• $5,000 YouTube IDOR - Bug Bounty Reports Explained: This video is about IDOR vulnerability in YouTube that existed in integration of YouTube with Google Ads.

• Impostor Syndrome and How we Talk about it in Infosec: A quick discussion about impostor syndrome and some thoughts about how to better discuss it in information security.

• Netflix Security: Conference talks and more by the Netflix Security teams.

• The Subtle Art of Not Giving a F*ck - Summarized by the Author: This is the official summary of the mega-bestseller 'The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life' by Mark Manson.

• Pentester Diaries Ep1: Understanding Business Logic: For their first episode, Jon Helmus talks with Dan Beavin, a pentester with a passion for applying his architect background to security.

• SQL Injection - Lab #2 SQL injection vulnerability allowing login bypass: In this video, they cover lab #2 in the SQL injection track of the Web Security Academy.

• John Breth (JB) - How To Build Secure Networks" Masterclass: 20 network security best practices.

• Vim QuickFix Lists: Quick fix lists are by far the most amazing feature in vim.

• Top Gun: Maverick - Official Trailer IN LEGO: After months of painstaking work, they created the TOP GUN: MAVERICK trailer in Lego, one frame at a time.

• Attack Surface Management, Monitoring, & Mapping - Jeff Foley - ESW #219: The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.

• DEVS ANSWER: Michael Chan: In this series, some of your favorite developers record their answers to your most pressing questions.

• 10 Minute Tip: Basic Linux Terminal Skills - 1: This OSINT Curious 10 Minute Tip by Micah Hoffman shows how to use the built-in Linux terminal window to navigate and interface with the Linux system.

• Linkedin XSS vulnerability affecting 40+ domains via Adobe AEM Dispatcher filter rules bypass "NEW": An interesting way to bypass Adobe AEM dispatcher filter rules which allows one to successfully trigger XSS vulnerability on multiple Linkedin websites.

• Spectre: This site hosts a proof of concept for the Spectre vulnerability written in JavaScript.

• ProxyLogon: ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin.

• OPSEC: In Theory and Practice (course)

🎵 Audio

• Ask The Experts w/ Scott Hanselman, Wes Bos, Sarah Drasner, Troy Hunt, and Kent C. Dodds Part 1: Take a journey with Scott Hanselman, Wes Bos, Sarah Drasner, Troy Hunt, and Kent C. Dodds as they answer questions about getting from Junior to Senior!

• Pentester Diaries Ep1: Understanding Business Logic: Pentester Diaries is a new podcast series that shines a light on the not so secret, yet somewhat anonymized, and at times glamorized life of offensive security professionals.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.