• Hive Five
  • Posts
  • šŸ Hive Five 114 - How to Lose a Pentester in 10 days, Badsecrets, and Account Takeover in OpenAI

šŸ Hive Five 114 - How to Lose a Pentester in 10 days, Badsecrets, and Account Takeover in OpenAI

Author

Bee Gagliardi
March 27, 2023

Hi friends,

Greetings from the hive!

I hope you had a good weekend. I rode my bike for the first time in a long while, and it was wonderful.

Tech-wise, I cleaned up my neovim config and replaced packer with Lazy. I tried some different color schemes as well but always come back to the tried and true gruvbox.

I hope to open source all of my dotfiles soon on my GitHub account.

What were you up to this weekend?

Letā€™s take this week by swarm!

šŸ The Beeā€™s Knees

  1. Beloved hacking veteran Kelly ā€˜Aloriaā€™ Lum passes away at 41. Aloria will be remembered for her hacking acumen, memorable memes and unparalleled karaoke skills. more

  2. Linus Tech Tips was hacked. He shares how his channel(s) and videos were deleted, what happened, and prevention measures. more

  3. NahamCon2022EU: Managing a Bug Bounty Program From a Hackerā€™s Perspective by 0xlupin. more

  4. How to Lose a Pentester in 10 days. Ippsec talks about the importance of thinking outside of the box, build blue team motivation, and help shape the attacker mindset. more

  5. Black Lantern Security introduced Badsecrets. A library for detecting known or weak secrets across many web frameworks. more | tool

ļøšŸ’Ŗ Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

šŸ”„ Buzzworthy

āœ… Changelog

  1. Oege de Moor quit GitHub. He led the creation of GitHub Copilot and GitHub Advanced Security (previously Semmle). more

  2. Jason Haddix started a newsletter! Sign up for ā€œExecutive Offenseā€ a newsletter at the center of offensive security and security strategy. For technical leaders in cyber security. more | subscribe

  3. xnLinkFinder v3.10 is available: Find even more parameters in responses. more

  4. The author of GitLeaks, Zach Rice, joined Truffle Security. more

  5. For the last two months the assetnote wordlists had not been updated due to a missing JS library used by bigquery. This has now been fixed. more

šŸ“… Events

  1. Jason Haddix added a second run and weekend to his live course. more | registration

  2. Join Bellingcatā€™s April 2023 Hackathon and increase the accessibility of Open Source Tools. Bellingcat will host a remote global hackathon for teams of up to three people to increase the accessibility of software tools used in digital investigations between 21 and 23 April. more

  3. Defcon615 speaker for March 28th at 6:30pm CST will be none other than Jayson Street. more | discord

šŸŽ‰ Celebrate

  1. bsysop won the Buggy Awards 2022: Community Champion. Well deserved! more

  2. Azeriaā€™s book ā€œArm Assembly Internals & Reverse Engineeringā€ is up for pre-order. Go check it out! more

  3. ZwinK hit 100 P1s with Bugcrowd. Letā€™s go! more

  4. Lupin passed the 10k followers on Twitter. 20k next! more

šŸ’° Career

  1. Initigriti is looking for a hacker community manager. more

  2. Interviewersā€™ favorite questions to ask for infosec jobs - via Matt Jay. more

  3. Infosec Interviews: Why Itā€™s Never Too Late to Change Your Path to Infosec. Rudra Pratap, smart contract triager at Immunefi, interviews Farah Hawa. more

āš”ļø Community

  1. Max Yaremchuk sent their most extensive report up to date. Itā€™s 9k chars long and contains 15 reproduction steps. more

  2. Ananda et al held their first-ever live hacking meetup where they hacked on the HackerOne Ambassador World Cup targets all day and found some cool bugs. more

  3. lil c is learning video editing by putting out some videos to sharpen her skills. more | YouTube

  4. Katie has been sick for a week with multiple infections and itā€™s been so frustrating to not be able to do anything, Please send her healing vibes. more

  5. Bug bounty hunters discussing the desire to disclose findings. more

šŸ“° Read

  1. Nagli found a critical account takeover vulnerability in OpenAI. The vulnerability was ā€œWeb Cache Deceptionā€. more

  2. Mustafa and Osirys discovered an interesting case of SQL injection on the Synack Red Team target which was black box testing. more

  3. Exploiting aCropalypse: Recovering Truncated PNGs. (I forgot to include this blog post last week when I first mentioned aCropalypse.) more

  4. 4 more essential tips for using the Wayback Machine. more

  5. How different hacker roles contribute to crowdsourced security. Codingo canā€™t say this too often: Adopters of crowdsourced security are only as successful as the hackers/security researchers with whom they collaborate, whether itā€™s in a crowdsourced penetration test, bug bounty, or something else. more

šŸ“š Resources

  1. Keyboard suggestions via Jason Haddix. Donā€™t believe it was mentioned, but Iā€™m eyeing the glove80 keyboard. more | glove80

  2. The MySQL for Developers course is live. A free, 7 hours long course, thatā€™s split into 64 videos! more

  3. Client-side path traversal vulnerability class explained - $6,580 GitLab bug bounty. more

  4. Learn how to dockerize a Node.js Application. Key take-aways include using multi-stage builds, running your container as a non-root user, and pushing your image to Docker Hub. more

  5. awesome-selfhosted/awesome-selfhosted is a list of free software network services and web applications which can be hosted on your own servers. more

šŸŽ„ Watch

  1. Avoiding false positive reports in bug bounty. more

  2. HackTheBox - Vessel walkthrough. more

  3. Broken Access Control - Lab #9 UID controlled by param with data leakage in redirect. more

  4. Choosing how YOU hack! Fitting in to bug bounty. g0lden talks about why finding your own methodology and area to hack in can increase your success and enjoyment. more

  5. Hacker Interviews with TJ_Null. more

šŸŽµ Listen

  1. Prolific creator devaslife shares the music behind his coding tutorials. more

  2. Binary Exploitation Podcast 198 - TOCTOUs in Intel SMM and Shannon Baseband Bugs. Theyā€™ve got a pretty nice root/super-use check bypass in XNU this week, and a sort of double fetch issue in Intelā€™s SMM leading to a potential privilege escalation into the Management system. more

  3. Bug Bounty Podcast 197 - Popping Azure Web Services and Apollo Config Bugs. Recovering data from a cropped image (thanks to an undocumented API change, bypassing an origin check with an emoji, and a trivial SSRF filter bypass all in this weekā€™s bug bounty podcast. more

  4. The Privacy, Security, & OSINT Show 292 - Vital News & Updates. This week they provide several important updates including Android vulnerabilities, Mint Mobile acquisition, BreachForums disappearance, and many new OSINT tools. more

  5. Critical Thinking - Bug Bounty Podcast episode 12: JHaddix on Hacker -> Hacker CISO, OG Hacking Techniques, and Crazy Reports. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • ā€¢ Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
  • ā€¢ Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
  • ā€¢ EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
  • ā€¢ MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
  • ā€¢ Deep DISCOUNTS on paid content.
  • ā€¢ Experience continuously added NEW BENEFITS.