🐝 Hive Five 86 – Mental Hacking, Fast-Foodification, and Firefox OOB to RCE

Hi friends,

Greetings from the hive!

Sorry, I’m late! I wasn’t feeling well on Sunday, when I usually craft the newsletter.

I hope you had a wonderful weekend. Mine was once again quite physically intense. Last time, I left it as a bit of a mystery, but I've been participating in a volunteer firefighting training program.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Hugh D'Andrade artwork to celebrate the life of Peter Eckersley: "[...] It's on a CC-By license, please feel free to use with attribution for any purpose! More pixels available on request."

2. A practical guide of how Johan Carlsson made it into GitLab bug bounty top 5.

3. Mental Hacking Ep 1 - How to Improve in Bug Bounty / Web Security?.

4. HOW DID THIS HAPPEN!? (13370822 LHE VLOG): It's been 2+ years since STÖK participated in a live hacking event and made a vlog about it.

5. Client-side desync vulnerabilities - a breakthrough in request smuggling techniques.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition.

You can also follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. Arjun 2.2.1: HTTP parameter discovery suite.

2. reconftw v2.4: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

📅 Events

1. Grab your change to participate in Visma's live hacking event: Anyone can apply for the last 3 seats. Apply before Sept 19.

2. Pay What You Can for SOC Core Skills 12-15 Sept: "Yes, $0 is an option. Let's break some gates down and get more cool people in the industry."

🎉 Celebrate

1. Ankit Singh was acknowledged by Apple again: Awesome!

2. mert reached 200+ on Bugcrowd p1 warrior leaderboard: Let's go!

3. Mohsin Khan celebrated their birthday: Congrats!

4. Samuel is in the top of Meta's 2022 leaderboard: Wow!

5. Masonhck357 hit the big 35: Cheers!

💰 Career Corner

1. Leads on entry level Infosec positions.

⚡️ From the Community

1. Frans can't make it to THREAT CON: He'll still be doing a virtual talk and do some Q/A after.

2. Ben binged "The Boys".

3. rez0 asks how many laptops + desktops people have.

4. Inti found an interesting way to track location of cars: He'll be revealing more details early this week.

📰 Articles, Discussions & Threads

1. Context-Aware Content Discovery with Chameleon: While there's already a handful of great directory bruteforce tools, the key to uncovering hidden files / endpoints will always be a good wordlist. A common approach they noticed being used by bug bounty hunters is using the same, huge, wordlist every time.

2. Browser Exploitation: Firefox OOB to RCE: In this post, they will exploit Midenios, a good introductory browser exploitation challenge that was originally used for the HackTheBox Business-CTF.

3. How dogwhohacks leant on browser defaults and a timing attack to obtain an XSS on a target.

4. What would Mohsin do if they started bug hunting from 0 again?.

5. HTTP://HTTP://HTTP://@HTTP://HTTP://?HTTP://#HTTP://: A surprisingly large number of people thought it reminded them of the old buffalo buffalo thing.

📚 Resources

1. What would you do to ensure hackers are happy?: If you were in charge of the vulnerability disclosure team at a huge company - assuming you had full control.

2. six2dez's obsidian-pentesting-vault: Sample Obsidian's vault for web pentesting.

3. Default Credentials Cheat Sheet: One place for all the default credentials to assist the pentesters during an engagement, this document has a several products default credentials that are gathered from several sources. You can turn the cheat sheet into a cli command and perform search queries for a specific product.

4. OWASP Firmware Security Testing Methodology: Whether network connected or standalone, firmware is the center of controlling any embedded device. As such, it is crucial to understand how firmware can be manipulated to perform unauthorized functions and potentially cripple the supporting ecosystem’s security.

🎥 Videos

1. WiFi Hacking with Airgeddon, Kismet and Kody's favourite hacking tools: Kody shares his favourite wifi hacking tools with us. Kody covers a range of tools from the cheap esp8266 to using Panda WiFi adapters with a Raspberry Pi and hacking Wifi using tools as Airgeddon and Kismet.

2. Combining AD Honey Pot Accounts with Canaries to Detect Password Sprays and Kerberoasting for free!.

3. Smart Contract Series - Episode 3 - Auditing Smart Contracts.

4. HackTheBox - Scanned - Escaping and Exploiting Chroot Based Jails via Unprotected File Descriptor.

5. Unboxing and Setting up the HAK5 WIFI Coconut with M1 Mac.

🎵 Audio

1. Risky Business #677 - A day late and a dollar short - China doxxes NSA op.

2. Smashing Security #288 - Chiquita banana, dumb criminals, and detecting ring binders: Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana.

3. Darknet Diaries #123 - Newswires: Investing in the stock market can be very profitable. Especially if you can see into the future. This is a story of how a group of traders and hackers got together to figure out a way to see into the future and make a lot of money from that.

4. Malicious Life - Hacking Language Models: Language models are everywhere today. Can these models be hacked to gain access to the sensitive information they learned from their training data?

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have **every cloud resource you need** at an affordable price.

Subscribe to the Hive Five to read the rest.