🐝 Hive Five #39 – Green lights

Hi friends,

Greetings from the hive!

I hope you were able to spend this weekend doing what you love. As some of you might know, I enjoy watching (mixed) martial arts. In my younger years, I also partook.

This weekend was an excellent place for it! We had the UFC, BKFC, and boxing, Tyson Fury versus Deontay Wilder. Exciting times!

Let's take this week by swarm!

🐝 The Bee's Knees

1. Phrack #70 Volume 0x10, Issue 0x46, Phile 0x01 of 0x0f: Phrack is back! It was five years ago that issue 0x45 was released.

2. Tools to explore BGP: There was a big Facebook outage caused by BGP. Julia has been vaguely interested in learning more about BGP for a long time, so they were reading a couple of articles. This blog post shows some tools you can use to look up BGP information.

3. Staying sane in cybersecurity and dealing with burnout by Hakluke: Working in infosec is an intense blend of creativity, technical prowess, and responsibility. When infosec becomes your job, it can be quite demanding to sustain this intense level of performance long term.

4. A Step-by-Step Guide for Reusing Development Test Code to Validate Smart Contract Exploits: This step-by-step guide, written by whitehat Lucash-dev for Immunefi will help you use developmental test code to validate smart contract exploits.

5. Douglas Day on Decision Paralysis: Bug Bounty Hunting is an ever-changing ecosystem - what works in one season may not work in another. Read more about how he handles it.

🙏🏻 Enjoy This Newsletter?

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

💌 Want to sponsor an issue?

🔥 Buzzworthy

✅ Changelog

1. Taborator UI update: Taborator is updated to clear up some UI confusion. It now has the text "Number to generate" to make it clear that box is for generating payload amounts not the actual poll time.

2. Two new PentesterLab challenges: Covering how to exploit the latest Apache Httpd RCE (CVE-2021-41773) via SSRF: File disclosure and RCE (CGI enabled).

📅 Events

1. BSides Ahmedabad: Revealing their keynote 0x01 - @thecybermentor. Join them at this edition of BSides Ahmedabad with Heath's virtual opening remarks.

2. Free PortSwigger Burp Suite Certification: Fancy getting Burp Suite Certified for free? Book, take, and pass your exam before 15th Dec 2021 and they'll refund you your $99.

3. Pentesterlab started a newsletter: Sharing articles worth reading discovered the previous week.

🎉 Celebrate

1. d0nut is starting a new appsec role: They're lucky to have you!

2. STÖK is building a 4k production studio at TrueSec: Exciting!

3. Ash_F0x started streaming again on Twitch: Check him out!

4. Happy birthday to caffeinevulns: Congratulations!

5. hunt4p1zza passed their exam: Yay!

💰 Career Corner

1. Bugcrowd is hiring for the Security Solutions Architecture team: a Senior Manager position in the US, remote, primary desires are management and pentesting experience.

2. Apple Incident Response is hiring: in Sydney, London, and the US (Bay Area). Specific to the US role, they’re looking for defenders with 2 - 5 years experience.

3. DevOps salaries in 2021 - where do you rank?: This is the first in an occasional series of blog posts looking at DevOps salaries and careers.

4. The greatest resume I've ever seen: Today’s story is adapted from the Cloud Resume Challenge Book, which breaks down many more inspiring stories of people who followed a nontraditional path to cloud.

5. Why flow matters more than passion: Unfortunately, focusing on passion can create and permeate some toxic ideals: That your career must be your life; that you can’t be a programmer for a paycheck and do good work; and that the career itself is only meant for a few, select people.

📰 Articles

1. Vim Anti-Patterns That Cause Beginners to :Quit: As much as they can recommend vim since they've made the switch many years ago, there’s a bunch of anti-patterns they’ve commited myself (and later saw others repeat them), which often resulted in frustration and writing off the idea, perhaps prematurely.

2. How to Remember Everything, Using Roam for Bug Bounty Notes: They talk about all of this in the context of bug bounty, but the concepts apply to a lot of topics.

3. How we automated our PingCastle security audit reports for our Active Directory: As SysAdmin in charge of the Active Directory at ManoMano, it is important for them to guarantee a very high level of security.

4. How I got access to many PIIs through a source code leak: A write-up from a recent P1 found and exploited on an external bug bounty program which led to a leak of many PII (Personally Identifiable Information).

5. 60 Days Of 120 Days High Frequency Hacking: This article will act as a small read for a “check-in” regarding 120 days of frequent hacking along with Kuldeep.

📚 Resources

1. Atlassian Confluence Arbitrary File Read (CVE-2021-26085): Can read all files in WEB-INF and META-INF directories.

2. SANS Memory Forensics Cheat Sheet 2.0 Mind Map: This Mind Map provides a general overview of Memory Forensics by Chad Tilbury.

3. OSINT Search Tools: Complex OSINT Search Tools.

4. Attacking laptops that are protected by Microsoft Bitlocker drive encryption: Join them on a journey where they break into this CEO’s laptop to steal company secrets and plant malware.

5. Siguza/ios-resources: Useful resources for iOS hacking.

🎥 Videos

1. How to get Hacked by making random requests? (SSRF).

2. CSRF - Lab #5 CSRF where token is tied to non-session cookie | Long Version: This lab's email change functionality is vulnerable to CSRF.

3. CSRF - Lab #6 CSRF where token is duplicated in cookie | Long Version: It attempts to use the insecure "double submit" CSRF prevention technique.

4. How To Circumvent SSRF Protection: Learn how to find server-side request forgery (SSRF) vulnerabilities.

5. Confidently Measuring Attack Technique Coverage by Asking Better Questions by Matt Graeber: If a tree falls down in the woods and no one is around to hear it, did it make a sound?

🎵 Audio

• Greenlights: “McConaughey’s book invites us to grapple with the lessons of his life as he did—and to see that the point was never to win, but to understand.” —Mark Manson.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.