🐝 Hive Five #20 – Low Hanging Fruit and Peaches

Hi friends,

Greetings from the hive!

I hope you had a great weekend. I'm writing this while watching d0nutptr's stream which is always enjoyable and informative.

My week was pretty fun, still learning and growing into my role at Bugcrowd. My workstation is a work in progress, so far the only thing I've settled on is a standing desk. I think I'll stick with one monitor and I'm leaning towards a split keyboard. Let me know if you have any input.

Also FREEINSIDERPHD. YouTube please stop this nonsense.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Inside Security S01E11 | Most Threat Actors suck!: Why is that? Is it just too easy with the low hanging fruit out there or are they just script kiddies? Listen to when @dlilja & @pry0cc joins Inside Security and spend the entire episode talking about this very thing.

2. Finding and Exploiting Unintended Functionality in Main Web App APIs: Some thoughts on how they recently found two impactful vulnerabilities in APIs. The steps and techniques below should be generic enough to help find similar API vulnerabilities — IDORs, Privilege Escalation, Information Disclosure, and more.

3. Life’s a Peach (Fuzzer): How to Build and Use GitLab’s Open-Source Protocol Fuzzer: The Peach protocol fuzzer was a well-known protocol fuzzer whose parent company — Peach Tech — was acquired in 2020 by GitLab. While Peach Tech had previously released a Community Edition of Peach fuzzer, it lacked many key features and updates found in the commercial editions.

4. MOBISEC : Mobile Security Course: material and resources for the Mobile Systems and Smartphone Security (aka Mobile Security, aka MOBISEC) course, first taught in Fall 2018 at EURECOM (Note: the material reflects the last edition, MOBISEC 2020).

5. Great getting started resources for new users of Burp Suite Professional: A list of resources to help you get started. Whether you're a pentester looking to do more in less time, or you want to take your bug bounty hunting to the next level, there's something here for everyone.

💌 Bees

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

👉 Sponsor an issue

🔥 Buzzworthy

✅ Changelog

1. BBRF - Custom tag filters are now live!: Go check it out, but make sure to upgrade your BBRF server first: bbrf server upgrade.

2. Burp Bounty Pro v2.0: Burp Bounty Pro is a Burp Suite Pro extension that improve the active and passive scanner by means of advanced and customized vulnerability profiles through a very intuitive graphical interface.

3. Sublime Text 4: The first stable release of Sublime Text 4 has finally arrived! They've worked hard on providing improvements without losing focus on what makes Sublime Text great.

📅 Events

1. Celebrating todayisnew with the 100K CTF, AMA, and Giveaway: Starting June 2, 2021, at 10:00 AM PT.

2. Join the Hack Girl Summer Discord Server!: for women who are traveling to Vegas for defcon/BH this summer!

3. Bounty Talks with Ariel: a twitch streaming about Bug Bounty - interviewing the best hackers in Latin America, but they'll will be translating all interviews and adding subtitles in English.

🎉 Celebrate

1. rez0: really loves the bug bounty community, they were recently thinking about how they would be able to see a friend (or have a resource in an emergency) in many places in the world due to the bug bounty community. Love it!

2. Patrik Fehrenbach: bought a house. Congrats!

3. Ali Tütüncü: is proud to announce that they rank in the Top 100 on HackerOne All-Time Leaderboard. Amazing!

💰 Jobs

1. Senior Vulnerability Research Engineer: This Senior Vulnerability Research Engineer position is 100% remote.

📰 Articles

1. ‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers on filling a gap in infosec education: One year after the launch of their hacking video channel, Ron Chan, ‘FileDescriptor’, and ‘EdOverflow’ tell The Daily Swig about their approach towards inspiring the next generation YouTube has seen an explosion of hacking tutorials and infosec research breakdowns in recent years.

2. Zero2auto review, 0x02 initial Stagers: This chapter is called ‘Initial Stagers’ and focuses on the stages used by malware to infect a host and how to analyse each stage, this part of the course is broken down into 5 videos.

3. How to exploit GraphQL endpoint: introspection, query, mutations & tools: How GraphQL works? How to perform Introspection? How to use Mutations? Exploitation of GraphQL endpoint can have a big impact and can bring high rewards, let’s take a look.

4. My bounty infrastructure: After some problems with Rengine for certificate management and a new service that they want to use, they switched to a full docker infrastructure on my server, apart from the use of a few containers it’s their first experience with Docker.

5. Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps: This bug allows an attacker to manipulate the callback endpoint that would receive the Oculus access token used by third-party websites that chose to use the Oculus “Account Linking” feature which enables an Organisation to link a certain Oculus account with his/her website account.

📚 Resources

1. Bugcrowd asks how did you discover hacking, and what motivated you to learn?.

2. ~ / punk_fairybread / asks What’s your favourite OSINT tool or technique?.

3. Michael Skelton asks - What's your best Burp Suite tip or trick and where did you learn it?.

4. The Google Cloud Developer's Cheat Sheet: This list only includes products that are publicly available.

5. Project Resonance: Internet wide surveys to study and understand the security state of Internet as well as facilitate research into various components / topics which originate as a result of our surveys.

6. Java-Deserialization-CVEs: This is a dataset of CVEs related to Java Deserialization.

🎥 Videos

1. No BS Guide - ADVANCED BURP (FREE) TRICKS FOR BUG BOUNTY.

2. Troubleshooting AFL Fuzzing Problems: We are using afl to fuzz the sudo binary, but we run into a lot more issues. In this video we are troubleshooting some issues and come up with solutions.

3. GraphQL APIs from bug hunter's perspective by Nikita Stupin: This talk looks at practical techniques of finding vulnerabilities in GraphQL APIs as well as specific tools that makes this process easier for researcher, including one private tool from the speaker.

4. 5 Minutes to Build a Basic Monitoring and Alerting System for New Subdomains: In this video, Hakluke walks you through how to set up a system that monitors for new subdomains and sends you a message on Discord, Slack or Telegram when one pops up.

5. Stealing all your passwords from LastPass due to URL parsing vulnerability - $1,000 bounty.

🎵 Audio

1. S1REN on advice for women in Infosec, essential technical skills and more!.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.