🐝 Hive Five 49 – Cyber Santa & Giveaways

Hi friends,

Greetings from the hive!

I hope you and your family are doing well. Make sure to enjoy the holidays and spend time together.

System improvement-wise, I've been getting into mindmaps and started creating my own. I look forward to turning this into a habit.

PSA, please support creators of your favorite tools and whatnot if you can.

Let's take this week by swarm!

🐝 The Bee's Knees

1. A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution: They want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with them, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with them on the technical analysis.

2. Hackers vs. Developers // CVE-2021-44228 Log4Shell: Let's try to make sense of the Log4j vulnerability. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability. This is part 1 of a two part series into log4j.

3. Cyber Santa is Coming to Town - Hacking Party: check it out if you're into bounties, web hacking, reversing, crypto or forensics.

4. ThinkstScapes Research Roundup - Q4 - 2021: Receive vendor neutral reports on key events and research findings as they occur with context, commentary and guidance.

5. Tunneling For Offensive Security: One thing that comes up a lot when it comes to red teaming, penetration testing and breaching a network is proxy or tunnel traffic into multiple environments. The most common methods are using SSH port forwarding or Socket Secure (SOCKS) proxies.

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Become a sponsor

🔥 Buzzworthy

✅ Changelog

1. PentesterLab released 5 new videos: covering their code review challenges: java_01, java_02, java_03, typescript_01 and python_02.

2. Findomain v5.1.1: Tune the DNS resolver configuration and DNS servers handling/load distribution so that queries take less time.

📅 Events

1. Hussein giveaway: He'll send 3 copies of his hacking workshop done at @THREAT_CON. That's +12 hours of content.

2. OSINT Summit 2022: Will be open to the community.

3. Bugcrowd Holiday Giveaways: End this year with some fun.

🎉 Celebrate

1. Émile is going to work on Caido full time: Exciting!

2. optional appreciating John Hammond: Yes!

3. STÖK's️ passion for video as art form was reignited: Let's go!

4. bxmbn on their bug bounty journey: Amazing!

5. Bugcrowd TeamHunt2021 1st place winner - Retired Hackers: Congrats!

💰 Career Corner

1. HIRING: Canva is hiring for many roles: Canva is hiring for many roles (not just in security). Remote Australia.

2. HIRING: Marcus's 12/15/2021 Cybersecurity Job Thread.

3. ADVICE: Roxkstar's indiehacker journey: "206 days ago, I left my startup, my country, and started over in Thailand. In 36 hours, I go home. What I've achieved, who I've become, and how I feel". I didn't know about this part w/ levelsio.

4. ADVICE: A strategy to land your first pentest job: In this blog post, we are going to cover a strategy to help you get a job as a pentester or application security professional.

5. HIRING: MoonPay is hiring a Senior Incident Response Engineer: This is a 100% remote position (US/EU applicants only).

📰 Articles

1. Analyzing two FreeSWITCH vulnerabilities – CVE-2021-41157 & CVE-2021-37624: This post is about two vulnerabilities that they researched a year ago in the FreeSWITCH VoIP server that were fixed and disclosed publicly a few weeks ago.

2. Getting root on Ubuntu through wishful thinking: “Exploits are really the closest thing to magic spells we have in this world.” Halvar Flake, keynote presentation, OffensiveCon 2020.

3. How I found the Grafana zero-day Path Traversal exploit that gave me access to your logs: TL/DR: On December 2, open-source analytics solution Grafana released an emergency security patch for critical zero-day Path Traversal vulnerability CVE-2021-43798, after proof-of-concept code to exploit the issue was published online.

4. The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think: If you’re reading this you’re underslept and over-caffeinated due to log4j.

5. Flickr Account Takeover: This post gives a deep dive into a critical security flaw that was present in Flickr’s login flow.

📚 Resources

1. bug-hunting-101: This repository is to help new-comers (like ourselves) of binary bug hunting area to improve their skills.

2. CISA Log4j (CVE-2021-44228) Vulnerability Guidance: A community sourced list of log4j-affected software.

3. Metasploit Cheat Sheet and Video: Need a quick handy reference guide for Metasploit?

4. Dan Lorenc on funding open-source software: They got to spend a lot of time over the last two years working on paying OSS maintainers at @Google.

5. Code for the paper Online Adversarial Attacks: Study of a hypothetical attack scenario where an attacker corrupts images that are fed into an AI system, and has only a few chances before risking being detected.

🎥 Videos

1. Hack The Box - Hacking Battlegrounds: 16 elite players, directly from the International CyberSecurity Challenge (ICC), gathered for the 3rd HBG tournament.

2. How to Identify and Exploit CVE-2021-43798 - Grafana Unauthenticated Directory Traversal: In this video we take a look at the recent 0day in Grafana: Unauthenticated Directory Traversal. How to identify a Grafana instance, how to exploit it and we also take a look at working POC.

3. HackThebox - Static by IppSec.

4. Can We Find a Exploit Strategy?: Looking for an exploit strategy for the sudo heap overflow.

5. Inside the Mind of a Hacker: hear Bugcrowd CTO Casey Ellis and security researchers Chris Inzinga and Majd Atiyat discuss what motivates this global and diverse community in 2021.

🎵 Audio

1. Katie asked for favorite podcasts.

2. Episode 169: Phillip Wylie: The Human Factor Security Podcast returns with this awesome interview with author, educator and podcast host Phillip Wylie.

3. 244-2021 Show Review & Updates - The Privacy, Security, & OSINT Show: This week a revisit of all show topics from 2021 with updates.

4. Smashing Security - 256: Virgin Media just won't take no for an answer, NFT apes, and bad optics.

5. Malicious Life by Cybereason: Shawn Carpenter, A Cyber Vigilante.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.