- Hive Five
- Posts
- 🐝 Hive Five 119 - Deep Dive OSINT and Finding XSS in a Million Websites
🐝 Hive Five 119 - Deep Dive OSINT and Finding XSS in a Million Websites
Hi friends,
Greetings from the hive!
I hope all is well. I’ve been working on improving my Obsidian vault and PKM processes, which led me to this gem of dataview query examples. Dataview is by far my favorite plugin that allows you to query your data and display it in various formats.
What does your PKM process look like? Let me know in the comment below.
Let’s take this week by swarm!
🐝 The Bee’s Knees
Deep Dive OSINT (Hacking, Shodan and more) with Rae Baker. more
CodeQL query to detect RCE via ZipSlip resulting in a $5,500 bounty from GitHub Security Lab. more
Finding XSS in a million websites (cPanel CVE-2023-29489). cPanel is a web hosting control panel software that is deployed widely across the internet. To be exact, there are about ~1.4 million installations of cPanel exposed on the external internet at the time of writing this blog post. more | advisory
Git Arbitrary Configuration Injection (CVE-2023-29007). Git’s implementation used to rename or delete sections of a configuration file contained a logic error that resulted in improperly treating configuration values longer than a fixed length as containing new sections. more
A stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score (CVE-2023-1767). more
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🔥 Buzzworthy
✅ Changelog
IIS Short File Name scanner v2023.3 addressing an issue that it could miss some rare vulnerable servers due to an intrusive RegEx responsible to clean dynamic contents. more
httpx v1.3.0 by ProjectDiscovery added the ability to take screenshots of target URLs, pages, or endpoints along with the rendered DOM. more
HackerOne’s publicly disclosed reports are now automatically summarized using AI. more
Pentester Land has added ~20 new writeups to their collection. more
gwen001/related-domains v1.1.7 helps you find related domains of a given domain.
📅 Events
🎉 Celebrate
randomdeduction is the first female hacker to take home the MVH title at a HackerOne LHE. Let’s go! more
Nagli won the Exterminator award for the second time in a row at HackerOne’s H1-213. Congrats! more
Godfather Orwa & XHackerx007 earned $35,000 for their submission on Bugcrowd. more
Tae’lur passed the Security+. Woohoo! more
rez0 passed 10,000 reputation points on HackerOne. more
💰 Career
enleak is looking for SOC analyst 1 positions. They are entrolled in BTL1 and have their eJPT, Net+ and Splunk Certified Core User certs. more
How g0lden broke into Cyber Security… and how you can too. more
A definitive guide for job searching using ChatGPT by using good prompts to craft a compelling cover letter and tailor your resume to the job posting. more
A Cyber Threat Intelligence Self-Study Plan. Katie teaches SANS FOR578: Cyber Threat Intelligence. more
⚡️ Community
zseano is going AFK as their baby is around the corner. more
Chevon is looking to collab with a security researcher that specializes in Android App exploitation. Hit him up! more
Dave reflects back on his health journey: “the confidence that I can control my weight, my body, and continually train my mind really has been a game changer.” more | The Journey for Living Longer
at0m shared his 30 day bug bounty journey. more
Hussein thinks that bug bounty platforms will see a huge decrease of excellent hackers in the upcoming years due to various factors such as not building strong bonds and failed mediation processes. more
📰 Read
A discussion around the age old question: Should you learn to code before you learn to hack? — I agree with the overall sentiment, it makes it easier but isn’t a requirement. more
Ariel explains that we have to overcome three high complex roadblocks before LLMs are capable of finding 0days: statefulness, hallucination, and contamination. more
The Hugging Face Course will teach you about natural language processing (NLP) using libraries from the Hugging Face ecosystem. more
Blind SSRF to internal services in matrix preview_link API. more
HackerOne Ambassador Spotlight AWC Edition: Blaklis. He tries to hold monthly online meetups, with a vocal Q&A, open discussions, and sometimes followed by a live hunting session with people from the club. more
📚 Resources
Zellic made a dataset publicly available which consists of known Ethereum mainnet smart contract source code. more
netlas-io/netlas-dorks contains dorks for the Netlas.io search engine. They are divided into several categories, each dork also has a link by which you can immediately go to the query results. more
Ignitetechnologies/Mindmap contains many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them. more
cckuailong/awesome-gpt-security is a curated list of awesome security tools, experimental case or other interesting things with LLM or GPT. more
HITB2023AM talk by Matthias Frielingsdorf on Poisoned Apples: Current State of iOS Malware detection. more
🎥 Watch
The Hacker Factory Podcast with Phillip Wylie interviews Cybersecurity Content Creators Jason Haddix, Ben Sadeghipour, and Daniel Miessler. more
HackTheBox - MetaTwo walkthrough. It starts with a vulnerable WordPress application running an event booking plugin that allows for SQL injection. more
Web Security Academy SQL Injection Lab #17 walkthrough: SQL injection with filter bypass via XML encoding. more
Cloud Hacking: Google Cloud Platform (GCP). It covers topics like the similarities and differences between GCP and AWS, common vulnerabilities in GCP, accessing the metadata endpoint, scopes in GCP, Google privilege escalation using Access Management, and IAM privilege escalation techniques. more
Accidental LLM Backdoor - Prompt Tricks. In this video they explore various prompt tricks to manipulate the AI to respond in ways we want, even when the system instructions want something else. more
🎵 Listen
Day[0] Binary Exploitation Podcast 206 - A Ghostscript RCE and a Windows Registry Bug. A string escaping routine that goes out of bounds, a web-based information disclosure. And a couple kernel issues, one in the Windows registry, a logical bug leading to memory corruption, and an AppleSPU out of bounds access. more
Day[0] Bug Bounty Podcast 205 - SecurePoint UTM, Chfn, and Docker Named Pipe Vulns. A unique auth bypass in a firewall admin panel, desktop-based software bugs, and more. more
The Privacy, Security, & OSINT Show 295 - Breach Data Collection Revisited. This week they provide a detailed behind-the-scenes view into their weekly digestion of breach data, offer a new faster query option, and weigh in on the latest privacy updates. more
Smashing Security 319: The CEO who also ran IT, Strava strife, and TikTok tall tales. A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales. more
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.