🐝 Hive Five 54 – Calling Bullshit

Hi friends,

Greetings from the hive!

I hope you had a good weekend. I'm continuing on my self-improvement journey and added journaling to my arsenal.

After finishing the book Can't Hurt Me, I'm now reading Range: Why Generalists Triumph in a Specialized World.

When was the last time you did something for the first time?

Let's take this week by swarm!

🐝 The Bee's Knees

1. DON'T call yourself a hacker...: John Hammond answers Premier's tweet, referencing the blog post Your Value Comes From Your Output by Daniel Miessler.

2. How to do Code Review - The Offensive Security Way: In this session, we will explore how source code analysis can lead to finding vulnerabilities in large enterprise codebases.

3. The Cyber Plumber's Handbook: This repo contains the PDF book The Cyber Plumber's Handbook - The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss.

4. Stealing administrative JWT's through post auth SSRF (CVE-2021-22056): The advisory for this issue can be found here. The CVE for this issue is CVE-2021-22056.

5. Abusing Reverse Proxies, Part 1: Metadata: Many cloud service providers offer a "metadata" service on their virtual machines. These services offer sensitive details about the instance and cloud operating environment. Metadata services offer REST APIs to programmatically retrieve this data. Abusing Reverse Proxies, Part 2: Internal Access.

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Become a sponsor

🔥 Buzzworthy

✅ Changelog

1. Latest iteration of axiom-exec: Control fleets interactively (beta), evaluate complex one-liners, it’s faster!

2. Shodan introduces the internetDB API: Fast IP lookups for open ports and vulnerabilities.

3. HackerOne's new opportunity discovery.

4. A modern, elastic design for Burp Collaborator server.

📅 Current Events

1. Bounty Hunters hackathon: Make an awesome new hacking tool, share it with us and the world, and win a cash prize.

2. Secure Software Summit 2022: Inaugural Secure Software Summit, which brings together leading innovators and practitioners of secure software development on January 27, 2022.

🎉 Celebrate

1. Jonathan is awarded the first-ever Dan Kaminsky Fellowship: Wonderful!

2. Mustafa completed another HackerOne CTF as #1: Amazing!

3. Maciej found his 7th CVE in Google: Wow!

4. _justYnot turned 22: Congrats!

5. iQimpz passed the 2k mark on Intigriti: Let's go!

💰 Career Corner

1. Best choice you made for your career?: Casey asks.

2. Ubisoft is hiring Security Architects.

3. NCCGroup hiring Senior Security Consultant: Join their Hardware and Embedded Systems team.

4. AssetNote is hiring a Security Researcher: Remote, full time.

5. Cloud Architect job: If you've got experience with Cloud Native architecture and want to research and work with emerging technology, this might be a good opportunity. Location: Hyderabad, India.

📰 Articles

1. The Tale of a Click leading to RCE: In today’s industry, we often hear that humans may weaken a company’s security leading to a potential breach.

2. Cosmos Team Created a Custom Exploit for CVE-2021-35211: Learn more about fuzzing, see it in action, and start using it in your own projects.

3. Debugging a Java application with decompiled source code: When reviewing a local Java-based target for vulnerabilities the first thing they do is decompile the class files into Java with the aid of several decompilers such as CFR, Procyon, etc, then load it into an IDE.

4. CVE-2021-45467: CWP CentOS Web Panel – preauth RCE: CentOS Web Panel or commonly known as CWP is a popular web hosting management software, used by over 200,000 unique servers, that can be found on Shodan or Census.

5. security.txt adoption in Switzerland: Recently, @ant0inet (Antoine) tweeted about a cursory scan they did against the .ch TLD to determine how many security.txt files are hosted on the .ch zone.

📚 Resources

1. Favorite talks selected by speakers themselves: Great question by Ian Coldwater!

2. Craziest pentest stories: Luke Tucker wants to know the gnarliest thing you’ve seen or experienced with a client or found while bug hunting.

3. Bug Bounty standards: This repository is a list of situations that occur in bug bounty programs and how they should be handled.

4. Horrifying PDF experiments.

5. OSINT tools collection: @cyb_detective shares different services, techniques, tricks and notes about OSINT and more.

🎥 Videos

1. Visual application security testing with ZAP and Simon Bennetts: Keith Hoodlet, Field Security Architect, chats with Simon Bennetts about OWASP Zed Attack Proxy (ZAP) the world's most used open source web application security tool.

2. Finding security vulnerabilities with GitHub's new code search: GitHub is about to publicly release a brand new code search - Luke got to try out the early access version and it's scary. But awesome.

3. Introduction to Fuzzing: Binary Exploitation (Spike, Boo-Fuzz, Boo-Gen, and Custom Scripts): Busra Demir publishes another educational video on exploit development.

4. How To Get Into An Incident Response Career.

5. Easy IDOR hunting with Autorize.

🎵 Audio

1. WeHackPurple podcast episode 50 with guest Adam Shostack: In this episode host Tanya Janca learns about Threat Modelling with guest Adam Shostack.

2. Human Factor Security Episode 176 - Sam Humphries: In this episode Jenny chats with Sam Humphries of Exabeam.

3. Breadcrumbs episode 16 - Find Some Way to Like Reporting with BB King.

4. Smashing Security 258 - Tesla remote hijacks and revolting YouTubers.

5. Risky Business #651 - Russia's ransomware diplomacy.

Subscribe to the Hive Five to read the rest.