- Hive Five
- Posts
- 🐝 Hive Five 122 - STÖK is back, WTF is information disclosure, and a $1MM bounty
🐝 Hive Five 122 - STÖK is back, WTF is information disclosure, and a $1MM bounty
Hi friends,
Greetings from the hive!
I hope you had a nice weekend. I love the phrase, “let him cook”. I was reminded of it while watching a Marc Rebillet live stream.
It emphasizes giving someone the space and encouragement to do their thing. A form of celebration and acknowledgment of uniqueness and talent.
Let’s take this week by swarm!
🐝 The Bee’s Knees
Off By One Security Stream strives to bring more technical focused content to the community. Make sure to check out the “Live” tab where they cover a range of topics, such as a deep dive series into the Windows OS exploit mitigations introduced by Microsoft. more
In this bug bounty basics, InsiderPhD covers information disclosure. One of the more interesting bugs because they’re so varied in their technicality. more
STÖK is back! In this video he talks about escaping the grind and decompiling python 3.9 pyc files to find vulnerabilites. He’s been reversing apps to get a deeper insight into what happens underneath the hood using vscode and codeql to identify vulnerabilites. more
How to turn a write-based path traversal into a critical. This video presents an analysis of disclosed bug bounty reports about write-based path traversal vulnerabilities. Specifically, it’s about what files you should write to show the maximum impact of a path traversal like this, ideally escalating it to RCE. more
A $1,000,000 bounty? The KuCoin User Information Leak. more
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🏞️ Bee’s Eye View
🔥 Buzzworthy
✅ Changelog
HackerOne now has a command palette to navigate the web app. Navigation using the keyboard is one of my favorite UX improvements anyone can make. more
SecLists 2023.2 release — SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. more
Hahwul/deadfinder v1.3.1 — Find dead-links (broken links). more
📅 Events
🎉 Celebrate
Corgi got promoted. Well deserved! more
ZwinK and Gotcha1G celebrate Bugcrowd as the best bug bounty platform. more
Nagli was awarded a $22,000 bounty and joined the exclusive 30,000 reputation club. Congrats! more
NahamSec is at 88,000 YouTube subs. Let’s go! more
Loop daddy is back outside again. Let him cook! more
💰 Career
BigCommerce is hiring a Sr Security Engineer - Australia remote. more
The best resources for finding a cybersecurity job. more
Inject My PDF: Prompt Injection for your resume. To escape a deluge of generated content, companies are screening your resumes and documents using AI. But there is a way you can still stand out and get your dream job: Prompt Injection. more
A Career Cold Start Algorithm that can help you ramp up quickly — and in several cases — have an impact in a relatively short period of time, while minimizing collateral damage. more
How Kaylie landed her dream job – that didn’t exist. She was quite cheeky in the cover letter that she sent to Checkly. more
⚡️ Community
In a single day, Jason hacked a fortune 50, had a call with the Government, and spoke to a movie producer. more
Renniepak celebrated his one year as a full-time bug bounty hunter, including stats and commentary. Wonderful! more
Meg landed one of her dream partnerships with a huge cybersecurity training company. Let’s go! more
Taylor graduated with her Master’s Degree in Information and Cybersecurity. Congrats! more
Lina started working full time on her business Xintra. Let’s go! (use code: IMFREE to get 13.37% off all courses for a month.) more
📰 Read
Bypass TCC with Telegram in macOS (CVE-2023-26818). This article focuses on a weakness in the Telegram application on macOS that allows for the injection of a Dynamic Library (or Dylib for short). more
State of DNS Rebinding in 2023 - Different forms of DNS rebinding attacks have been described as far back as 1996 for Java Applets and 2002 for JavaScript (Quick-Swap). more
CS:GO: From Zero to 0-day. They identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to their malicious python CS:GO server. more
Testing a new encrypted messaging app’s extraordinary claims. How crnkovic accidentally breached a nonexistent database and found every private key in a ‘state-of-the-art’ encrypted messenger called Converso. more
📚 Resources
Mustafa explains a RCE he found on enterprise software. more
Extract contact information from resumes using the Python duckduckgo_search package and PDFgrep utility. more
cqcore/OSINT-Browser-Extensions is a collection of Chrome extensions, to help with OSINT, OPSEC, Privacy & Obfuscation. more
trickest/cloud monitors the cloud landscape. Their mission with this project is to provide an always up-to-date and freely accessible map of the cloud landscape for every major cloud service provider. more
nikitastupin/orgs-data maps bug bounty and vulnerability disclosure programs to respective GitHub organizations. more
🎥 Watch
HackTheBox Precious walkthrough leveraging a command injection vulnerability in a web application to gain access to the system. more
Directory Traversal - Lab #2 File path traversal, traversal sequences blocked. more
We Hack Purple Streams: The Canvas Method with guest Richard Kranendonk. The Canvas Method for Information Security helps non-technical teams to identify information security risks in their own work, and lets them take ownership of improvements. more
OSCP got upgrades but are they good? Hakluke shares his review. more | Rana review
The Pivot with guest Nico Dekens from ShadowDragon: Make The World A Safer Place With OSINT. Nico Dekens, known as the Dutch_OsintGuy online, is an All Source Analyst specializing in Open Source Intelligence (OSINT), online Human Intelligence (HUMINT) and Online investigations. He has over 20 years of experience as an all source Intelligence Analyst at Dutch Law Enforcement. more
🎵 Listen
Who Would Hack the Largest U.S. Bank, But Not Steal a Penny? Darknet Diaries Ep. 76: Knaves Out. In 2013, 83 million user accounts at JPMorgan Chase had been compromised by an attack so sophisticated, authorities assumed it was a nation state actor — especially because no money had been stolen. more
Day[0] Bug Bounty Podcast 211 - OverlayFS to Root and Parallels Desktop Escapes. Some awesome bugs this week from tricking Dependabot and abusing placeholder values, to an IIS auth bypass. Ending off with a kernel bug (OverlayFS) and a VM escape. more
The Privacy, Security, & OSINT Show 297 - KYC, 2FA, macOS, & OSINT Updates. This week they offer many updates including new Know Your Customer concerns, better 2FA options, their latest macOS Devices digital guide, OSINT tool changes, and how to get your own free TV which of course monitors everything you do. more
Critical Thinking - Bug Bounty Podcast E19 - Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more. more
Smashing Security 322 - When you buy a criminal’s phone, and paying for social media scams. Personal information is going for a song, and the banks want social media sites to pay when their users get scammed. more
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.