🐝 Hive Five 56 – When Hip-Hop Was Young

Hi friends,

Greetings from the hive! I hope all is well.

Over the weekend I watched The Tinder Swindler on Netflix. What a wild ride. Here's the plot: Posing as a wealthy, jet-setting diamond mogul, he wooed women online then conned them out of millions of dollars.

What did you do this weekend?

Let's take this week by swarm!

🐝 The Bee's Knees

1. samczsun, gf_256, and ret2jazzy reverse engineer the wormhole crypto exploit: Wormhole didn't properly validate all input accounts, which allowed the attacker to spoof guardian signatures and mint 120,000 ETH on Solana, of which they bridged 93,750 back to Ethereum.

2. How I hacked a hardware crypto wallet and recovered $2 million: I've previously shared this in article form but the video is a must-watch. Joe Grand was contacted to hack a Trezor One hardware wallet and recover $2 million worth of cryptocurrency (in the form of THETA).

3. Solving DOM XSS Puzzles: DOM-based Cross-site scripting (XSS) vulnerabilities rank as one of spaceraccoon's favorite vulnerabilities to exploit. It's a bit like solving a puzzle; sometimes you get a corner piece like $.html(), other times you have to rely on trial-and-error.

4. OrwaGodFather Methodology: Video series where GodFather Orwa explains their bug bounty methodology.

5. What Bypassing Razer's DOM-based XSS Patch Can Teach Us: An old story of a bug EdOverflow uncovered and reported to Razer’s vulnerability disclosure program resurfaced recently while they were chatting with Linus Särud.

🙏🏻 Support the Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

sponsor the hive five

🔥 Buzzworthy

✅ Changelog

1. SecLists 2022.1 release: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.

📅 Current Events

1. Infosec WriteUps' Conference 2022: February 26th & 27th.

2. NahamCon 2022: 👀

3. Unchained - RazzorSec Feb 26, 2022.

🎉 Celebrate

1. Masonhck357 doing work: Let's go!

2. bl4de joined Adobe: Congrats!

3. equatorium hit their goal at age 16: Awesome!

4. Terry Zhang is no. 3 on the MSRC 2021 Q4 Azure Security Researcher Leaderboard: Great work!

5. Heath acquired a PAM company: Boom!

📰 Articles

1. Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite: Lark is an online, all-in-one collaborative platform offering calendar, document and chat functions.

2. Hacking Google Drive Integrations: Have you ever observed Google Drive integrations in your bug bounty targets and wondered what else might be there besides the OAuth CSRF? Is it possible to hack this integration a step further? That's exactly what you'll explore today.

3. Moodle - Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397): Earlier this year 0xkasper participated in the bug bounty program of Moodle. By doing both static and dynamic analysis they found a few vulnerabilities. This lead to a nice bounty and their very first CVE IDs.

4. mBot v2.0.0 - An update to my mission bot for Synack Red Team members: Due to the frequent session timeouts experienced on the Synack platform, un4gi and various others decided that it would be great to be able to automate the login process.

5. OSINT without APIs: APIs are great – they make things almost too easy because data is validated and gathered for you, then served to you on a beautifully formatted JSON platter.

📚 Resources

1. PentesterLab made Wordle but for CVE.

2. cve-schema: Specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE record.

3. reapoc: OpenSource POC and Vulnerable-Target Storage Box.

4. misp-warninglist: Warning lists to inform users of MISP about potential false-positives or other information in indicators.

5. Global Security Database (GSD): The GSD data files are JSON and use a simple name spacing strategy to support multiple data formats.

🎥 Videos

1. Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond: Web applications commonly rely on proxy servers adding, modifying, or filtering HTTP headers to pass information to back-end servers.

2. Reverse Engineering 101 - Introduction to IDA PRO Reversing/Patching a Binary from crackmes.one: This week Busra shares a tutorial on IDA PRO by patching/reversing a binary from crackmes.one. This will be an ongoing series for various binaries from crackmes by using different tools such as Ghidra or IDA Pro.

3. John Hammond tackles SQLi, SSTI & Docker Escapes / Mounted Folders - HackTheBox University CTF "GoodGame".

4. InsiderPhD's API Testing Automated Toolbox: APIs in the real world are huge, especially on large scope programs.

5. Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046: After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed.

🎵 Audio

1. Human Factor Security - Episode 178 Gina Fiore: In this episode Jenny chats to professional gambler Gina Fiore. They discuss Gina’s awesome career and the similarities it has with social engineering as well as evasion tactics, disguises and the pressures of undercover work.

2. Sh*t you don't learn in school - 42. Finding Meaning in Sudden Death: Death is universal part of the human experience. During our lives, we often must confront the painful reality of death around us, and eventually, we face that reality ourselves.

3. Cybercrime Magazine - History of Hacking, Joe "Kingpin" Grand, Hardware Hacker. Former L0pht Member.: Joe Grand is a product designer, hardware hacker, and the founder of Grand Idea Studio, Inc. He specializes in creating, exploring, manipulating, and teaching about electronic devices.

4. Risky Business #653 - REvil arrests, sometimes a banana is just a banana.

5. EFF How to fix the internet - Saving Podcasts from a Patent Troll: Imagine getting a letter in the mail—and then another, and then another—telling you that if you don’t pay $25,000 to a company you’ve never heard of, you’ll have to shut down the small business that you’ve worked for years to build.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.