🐝 Hive Five #11 - “The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.” — Stephen Hawking

Hi friends,

Greetings from the hive!

I hope you had a great week. For me it was business as usual. I worked on various projects, ranging from dev work to a security assessment.

For fun I did what I love to do and that is to tinker on my website. Constantly improving the copy and curating this newsletter is definitely improving my writing. I also decided to add a "Most popular" section for easy access.

Let's do this.

🐝 The Bee's Knees

1. Infosec Job Hunting w/ BanjoCrashland: Black Hills Information Security show you how to combine OSINT, marketing technology, and a hacker/social engineer mindset to job hunting. Also on Twitch

2. Your words are wasted: An older article I was reminded of this week. It needs to be said again, perhaps this time more strongly. Your Blog is The Engine of Community. Dammit. You are not blogging enough. You are pouring your words into increasingly closed and often walled gardens.

3. Google: A mysterious hacking group used 11 different zero-days in 2020: A mysterious hacking group has deployed at least 11 zero-day vulnerabilities as part of a sustained hacking operation that took place over the course of 2020 and targeted Android, iOS, and Windows users alike, one of Google’s security teams said today.,

4. Katie Paxton-Fear - Lucky Socks for Bug Bounties: Katie tells you all you need to know about bug bounties and her lucky socks. This talk is so good it doesn't even need slides, but here are they anyway. I urge you to check out the entire PancakesCon. What a fun conference!

5. When Should I Interrupt Someone?: Is it OK if you interrupt someone else to get them to help you? Ian takes on the age old question.

🔥 Buzzworthy

📅 Upcoming

• Hack Alongside Hackers: AWS and HackerOne CTF | April 5, 12:00 PM PT to April 12, 12:00 PM PT.

• Michael Skelton: In light of the recent mass recon discussions, codingo wants to reshoot and pushed back his stream a week. Can't wait!

• Farah: Is looking forward to Day Of Shecurity on March 23 by Detectify. Don't miss it!

🎉 Celebrations

• rhys: celebrates the insane turnaround time of codingo_ and sml555_ - masters of their craft and incredibly wonderful humans. Wow!

• Daniel Stenberg: Spent 15,000 spare time hours on the curl project as it turns 23 years old. Thank you!

• Luke Tucker: can't wait to hand out some awards to several amazing hackers Jonathan Bouman zseano itscachemoney et al.

• LiveOverflow 🔴: started 6 years ago. Amazing!

• Patrik Fehrenbach🤖: Successfully migrated his entire workflow to docker. Awesome!

• Phillip Wylie: Gets ready to teach his first ine bootcamp!

• Alex Chapman: Is humbled being able to take part in Live Hacking Events, this time with ArchAngelDDay and spaceraccoonsec.

• pry // Ben Bidmead: Built something freaking cool at his new job. Can't wait to see it!

• renniepak: Passed 1k reputation on intigriti. Congrats!

💰 Jobs

• shubs: is hiring at assetnote, they're looking for a senior API backend engineer.

📰 Articles

• Performance comparison: counting words in Python, Go, C++, C, AWK, Forth, and Rust: A simple interview problem (counting frequencies of unique words), solved in various languages, comparing performance across them.

• A Hacker Got All My Texts for $16: A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

• Inside the Bug Bounty Council at GitLab: The Application Security (AppSec) team at GitLab works closely with engineering, product teams, and hackers that submit bugs, to ensure the security of their products.

• Another approach to portable Javascript Spectre exploitation: This post describes the techniques I used in browser-based Spectre proof-of-concepts that should work on any sufficiently out-of-order processor, and that can be amplified to use arbitrarily coarse timers.

• Rockstar thanks GTA Online player who fixed poor load times, official update coming: Update (March 16): The official patch is now live, and some players are reporting huge improvements.

• Detecting Sensitive Data Leaks That Matter: How to scan for PII leaks, credentials, and other sensitive data leaks using data flows.

• How to prevent localized pricing policy abuse: It’s no secret that localized pricing can boost conversions, especially with ever expanding global markets.

• The skill of naming what’s happening in the room: Your observations – of the energy on the call, of a change in someone’s tone or body language, of how you as a group are not meeting the desired goal – can reset this frustrated dynamic.

• $ziot HackerSpace Coin: An experimental hacker themed social token that creates an eco-system around bug bounty rewards and reports.

• The Art of Warez Documents the Lost ANSI Art Scene: British artist-filmmaker Oliver Payne and American painter Kevin Bouton-Scott have joined forces to produce a new documentary that tells an almost forgotten story of the ANSI scene.

• authorized_keys File Format: The second in their series of posts about SSH, covering things that people don’t always think about.

• Safety at conferences: There’s a lot of discussion on UK Twitter right now about women’s safety in public spaces. And of course, I’ve been afraid to walk after dark, and sometimes even during the daytime, in most places that I’ve lived and visited.,

• How I made it to Google HOF?: In this writeup talks about some of the valid bugs they submitted to Google VRP.

• Establishing asset ownership in vulnerability reporting: Something I see people struggle with consistently in vulnerability reporting is being able to answer the question of ownership - which is almost always the beginning clue to the question "where should I report my finding.

• Emacs is the 2D Command-line Interface: One of the most popular arguments against Emacs is that it is “a great operating system, lacking only a decent editor”.

• foone: Twitter thread - Did you ever notice that the theater in level 1 of Duke Nukem 3D has a big hallway off the lobby, and when you go through there, it's a bathroom?

• How we found and fixed a rare race condition in our session handling: On March 8, they shared that, out of an abundance of caution, they logged all users out of GitHub.com due to a rare security vulnerability.

• I self-learned to code at 30. And so can you.: Aditya learned how to code when they turned 30, launched a few side projects, and now run a full time SaaS biz (currently at $220 MRR).

📚 Resources

• Stealing arbitrary GitHub Actions secrets: You can never tell which parts of a structure depend on other parts,1 until you break one small piece and the whole architecture topples.

• r/BSidesSF - How to 10X Your Company’s Security (Without a Series D): Clint Gibler's Q&A for his talk.

• State of OSINT Interviews: Investigation trends, challenges, methodologies & strategies development - forecasting osint landscape changing.

• Burp Suite - solving E-mail and SMS TAN multi-factor authentication with Hackvertor custom tags: Teach automated tools to do things correctly each time, to get the sweet middle spot of semi-automated security testing, where the tools do the automatic and systematic security tests and the analyst can focus on the parts of a security test.

• Get Started with Nuxt with Debbie O'Brien: Build an application showcasing various planets from our solar system using Nuxt and then deploy it to Netlify for all the world to see.

• TikTok for Android 1-Click RCE: While testing TikTok for Android Application, dPhoeniixx identified multiple bugs that can be chained to achieve Remote code execution that can be triaged through multiple dangerous attack vectors.

• Getting Started with Frida : Hooking a Function and Replacing its Arguments: Frida is a dynamic code instrumentation toolkit that injects itself to the target process memory and allows you to manipulate the process in some cool ways, more on that later.

• Pepenote: Security learning resource collections/cheat sheet.

• Charts.css: Is a modern CSS framework using CSS utility classes to style HTML elements as charts.

• Alice and Bob Learn: Chapter Discussions: Shehackspurple will stream every month to discuss the questions from her book, starting March 20, 2021.

• CyberUp Campaign: A campaign calling for reform of the UK’s 30 year old cybercrime laws.

• Infosec Income Questionnaire v2: A simple income questionnaire for Infosec professionals that work in the field full time. Results v2. Results v1.

• David: Asks how to make Nmap tool nicer?

• Learning React: Debbie recently started learning React for her new job, and writes about it.

• Clone Wars - Open source clones of popular sites: 70+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Trello, Whatsapp, Youtube, etc.

• Ways to alert(document.domain): How many ways can you alert(document.domain)?

• Pim de Groot: Pim made a Cursed USB-C 2.0 device, it behaves differently based on the orientation of the plug.

• Meg: Asks about who to follow wrt InfoSec Governance and Risk and Compliance.

• SwiftOnSecurity: What are domains you greylist/block on your corporate networks for security reasons?

• HΔKLUKΞ: Discussion - Before learning hacking, what fundamental knowledge is important to focus on?

• codingo_: Discussion - What kind of guiding test can we provide beginners so they can better judge what are the right/wrong sources to trust?

• dawgyg@Braze: Anyone have any ideas on what to use for static code analysis on JS?

• Reverse Engineering Tutorial: This tutorial will begin with the basic concepts of malware reverse engineering and graduate to an entry-level basic examination of Assembly Language.

• BetterTweetDeck v4 is in beta: If you're interested in testing, please grab the appropriate version for your browser, run it, and comment in this thread if you find anything broken.

• Ffuf 1.3.0 is out: It's a major quality of life release, as it introduces an interactive mode of operation.

🎥 Videos

• BSidesSF 2021: Recharge Day 4: Offensive Javascript Techniques for Red Teamers (Or Anyone Really).

• Git scraping: tracking changes to a scraped data source using GitHub Actions: 5 minute lightning talk describing Git scraping, a technique for creating a history of changes to a scraped data source using a scraper that writes to a git repository, powered by scheduled GitHub Actions. More about Git scraping

• LiveQL Episode 2 - The Rhino in the room.: @pwntester and @pavgustinov analyze CVE-2020-13924 (an RCE on Apache Druid) and model it with CodeQL to find more variants.

• TomNomNom - Network Fundamentals: From Zero to HTTP. Slides

• Adobe AEM Security Web Series Part 1 | From dispatcher filter bypass to XSS on 40+ Linkedin websites: Adobe AEM Security Web Series Part #1, Dispatcher filter bypass to XSS affecting 40+ Linkedin sites.

• SSL & It's Unpinning - Sniffing Android '10' HTTPs traffic - Part - 01: SSL, TLS, and how it works.

• HackTheBox - Crossfit: IppSec takes us through another box and show us note taking tool Obsidian in action.

• SQL Injection - Lab #2 SQL injection vulnerability allowing login bypass: In this video covers lab #2 in the SQL injection track of the Web Security Academy.

• ZAP Deep Dive: Report Generation: In this episode, Simon introduces us to the new reporting framework plugin that was release March 9, 2021 at ZAPCon.

• Hunting for bugs in GraphQL APIs (Demo): Katie shows you how to write a basic query and mutation, shows you how to look at introspection and recon on a GraphQL API.

• How to Detect Exchange Servers Vulnerable to CVE-2021-26855: This video shows you how to check if a server is vulnerable to CVE-2021-26855.

• WeHackPurple podcast 9 with Katie Paxton-Fear: Host Tanya Janca learns what it's like to be a PhD student, Bug Hunter & Educational Youtuber, with Katie Paxton-Fear.

• Hacking How-To: In this series Pentest Architect and Offensive Security Researcher, Busra Demir, will share her research on the everyday findings encountered during a pentest.

• DEVS ANSWER: Randall Kanna: In this series, we got some of your favorite developers to record their answers to pressing questions.

• Hacking into Google's Network for $133,337: The story of how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total.

• Hacker Rates 12 Hacking Scenes In Movies And TV | How Real Is It?: Keren Elazari, an internationally recognized security analyst, researcher, author, looks at 12 hacking scenes from popular TV shows and movies and rates them based on realism.

• Truesec Threat Intelligence Report 2021 (The Swedish Cyber Threat Landscape 2020): Join members of the Truesec Threat Intelligence Team as they discuss the current cyber threat landscape in Sweden.

🎵 Audio

• LiveOverflow 🔴: Asks for the best drum’n’bass set or playlist for coding and hacking.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.