🐝 Hive Five 77 – Virtual Sticker Swap, Bot Bounty, and Mid-Year Reflection & Planning

Hi friends,

Greetings from the hive!

I hope you had a good weekend. To those celebrating, happy 4th of July!

It's July, which is not only the start of a new month but also the halfway mark of the year. This means it's time for a monthly and mid-year review. Here's a framework I shared last week, where you ask yourself these 3 questions:

1. What really matters right now in my life?

2. Are my current systems aligned with my long-term goals?

3. What do I need to cut from my life?

Let's take this week by swarm!

🐝 The Bee's Knees

1. ToolTime - WayMore (Historical Content Discovery): Jason Haddix takes a look at WayMore by xnl-h4ck3r.

2. MetaMask - stealing ETH by exploiting clickjacking - $120,000 bug bounty.

3. A Deeper Look at Hacking Laws: A deeper look into the german hacking laws to see what kind of actions are illegal. There are some surprising edge cases and lots of room for debates.

4. Two faces of the same PDF document: In this article, they introduce a parser differential attack targeting PDF readers. The attack makes it possible to create a malicious PDF document which presents different content based on the reader application used.

5. Building on an AppSec Pipeline with Burp Suite data - Part 1: In this two part series Willis is going to take Burp Suite Project files as input from the command line, parse them, and then feed them into a testing pipeline. Part 2.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition.

You can also follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. First pull request for waymore.

📅 Events

1. Jason Haddix will be speaking at Black Hat CISO Summit - Tuesday, August 9, 2022.

2. NahamSec's Sunday Recon w/ Phillip Wylie - July 10th: 11:30AM PST | 06:30PM UTC | 12:00AM IST.

3. Virtual Sticker Swap 2022.

🎉 Celebrate

1. any1 finished 3rd with Synack. Nice one!

2. Dave and Erin started TrustedSec 10 years ago: Awesome!

3. Nagli has a blast hunting on Bugcrowd: Wonderful!

4. BugBountyHQ became a Granddad. Congrats!

💰 Career Corner

1. Jen Easterly on entry level jobs: "[...] It's all about APTITUDE & ATTITUDE."

⚡️ From the Community

1. PenTester Nepal started a newsletter.

2. Masonhck357 has a new profile picture.

3. Behind the Scenes of NahamCon2022.

4. Sam Curry found a bot bounty.

📰 Articles

1. Jason's masterclass in scoping and running a bug bounty program.

2. $10,000 for a vulnerability that doesn’t exist.

3. CVE-2022-28219 - Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus.

4. Hacking my Tesla Model 3 - Security Overview: A lot of the existing knowledge about the internal systems are specific to the older Model S cars since their security is pretty non-existent. The Model 3 (and presumably the newer Model S/X/Y) has numerous layers of security measures. See the follow up at Hacking my Tesla Model 3 - Internal API

5. Notes on running containers with bubblewrap: About a year ago Julia got mad about Docker container startup time.

📚 Resources

1. What tools and services hackers spent their money on via Farah.

2. API Security Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API.

3. elttam's semgrep rules: Regularly developed rules during code-assisted security audits and software security research.

4. Scanner User Agents: A list of user agents belonging to common web scanners.

5. Reversing course: Some notes on reverse engineering on various architectures, mostly using free software such as the radare2 framework, gdb, frida, x64dbg among others.

🎥 Videos

1. The Kuwaiti Banking Malware Mystery - Darknet Diaries #120 - Voulnet: When Mohammed Aldoub found a vulnerability online, he tweeted about it to protect others. Then he got in a storm of trouble.

2. Attack Surface Management Series - EP0 - What is ASM: All in under 10 mins.

3. Examining Period Tracker Apps.

4. HackTheBox - Undetected.

5. Command Injection - Lab #4 Blind OS command injection with out-of-band interaction: In this video, Rana covers Lab #4 in the Command Injection module of the Web Security Academy. This lab contains a blind OS command injection vulnerability in the feedback function.

🎵 Audio

1. The Privacy, Security, & OSINT Show #268 - CCW Permits, UNREDACTED 003, & Linux Questions.

2. Smashing Security #281 - Debug ransomware and win $1,000,000, period-tracking apps, and AI gets emotional: A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling.

3. Hacking into Security #26 with Michael Skelton (Codingo): Poker player, Developer, Penetration Tester, top 20 bug hunter and Global Head of Security Operations and Researcher Enablement at Bugcrowd.

4. Risky Biz Soap Box - HD Moore on taking Rumble to the cloud: The Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.