🐝 Hive Five 78 – Dirty dancing, Reversing Malware, and Dorking on Steroids

Hi friends,

Greetings from the hive!

I hope you had a good weekend. Eid Mubarak to all celebrating!

I spent this weekend on a variety of things. I did some networking, writing, and volunteering.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Account hijacking using "dirty dancing" in sign-in OAuth-flows: About ten years ago, when bug bounties were just getting started, Frans was inspired by Nir Goldshlager and Egor Homakov’s multiple blog posts about account hijacking related to OAuth.

2. alh4zr3d talks about his background, Red Teaming, Security Certificates and more.

3. Reversing Malware - Also How is APT 29 Successful with This Phishing Technique.

4. Someone tried to hack samczsun with a crypto stealer: Learn about how the attack works, how to protect yourself, and some basic malware analysis.

5. Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135): TL;DR Jira is vulnerable to SSRF which requires authentication to exploit. There are multiple ways to create user accounts on Jira in order to exploit this issue depending on the configuration of the Jira instance.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition or buying me a coffee.

You can also share the newsletter with your friends and follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. Go 1.19 Release Candidate 1 is released.

2. Nuclei templates v9.0.0 release: 47 New Templates️, 20 Contributors, 07 New Contributors.

3. PortSwigger - DOM invader improvements.

🎉 Celebrate

1. Happy Birthday to EFF - 32 years of fighting for technology users around the world: Thank you!

2. Sunil got their dream bike: Congrats!

3. kiroxan and his wife found a great bug on Pinterest (via Z-Wink): Awesome!

4. Jobert found his first smart contract CTF vulnerability: Yahoo!

5. Ankit exploited Web Cache Poisoning live at an event: Nice one!

💰 Career Corner

1. Hiring - CISAgov's vulnerability scanning team is looking for full-time developers (web, systems, and cloud development).

2. Hiring - Nicole Beck (Kroger) is hiring.

3. [Hiring - Information Security Engineer, Waze Security](https://careers.google.com/jobs/results/92090455929299654-information-security-engineer-waze-security/?distance=50&hl=en_US&jlo=en_US&q=Penetration Tester).

4. Hiring - Mozilla Careers — Add-ons Code Security Analyst — Open Positions.

5. AASLR - Job Hunting With Jason and Serena.

⚡️ From the Community

1. Bounty Thursdays is on summer break.

2. STÖK started to enjoy the XSS process: "XSS bugs have never really been my thing. But lately I def have started to enjoy the process of reading JavaScripts, identifying, escaping, bypassing and maximizing impact."

3. A sneak peek at Katie's API course: What is an API? What makes them special? And what kind of APIs are out there?

📰 Articles & Threads

1. A Case Study of API Vulnerabilities - Part 2, and Empty Heads: This writeup presents another thing to test for when you have a full-or-partial-read SSRF.

2. An apple AirTag was put on Hannah to track her location: Now she's sharing what happened to her so you know what to look for.

3. Dorking on Steroids: It is common knowledge that Google dorking is a powerful tool for finding just about anything on targets.

4. Using SpiderFoot to Investigate Phishing Domains Targeting Ukrainian Soldiers.

5. DoD Promotion Recon: pipsh wrote a quick write-up as to how to start doing recon, especially when it's a wide scope.

📚 Resources

1. What people think makes a good Bug Bounty Program via Glenn.

2. Nagli's top 10 Public HackerOne programs to hunt on in 2022.

3. social-media-hacker-list: Growing list of apps and tools for enhancing social media experiences.

4. Big List of Naughty Strings: An evolving list of strings which have a high probability of causing issues when used as user-input data.

🎥 Videos

1. Farah's updated bug bounty resources.

2. Find XXE with Burp Suite Intruder Content-Type Scanning: In this video, Z-Wink uses a HacktheBox environment to show how quickly scanning POST requests for different supported content-types can lead to XXE (which is a bug bounty P1).

3. So You Think You Can Google? Workshop With Henk van Ess.

4. Improving your secure code review skills #2 - Bug class exploration.

5. HackerOne's live hacking events are back : Check it out while NahamSec shows you around.

🎵 Audio

1. The Privacy, Security, & OSINT Show #269 - New OSINT Tools & Breach Data Lessons: This week they release the new online OSINT tools, offer three lessons from new breach data, and address several updates from past shows.

2. Smashing Security #282 - Raising money through ransomware, China's mega-leak, and hackers for hire: A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.