Greetings from the hive!
Happy Holi! I hope you had an awesome week. Mine was pretty good, had some delicious food, and there were several sunny days. I even figured out that light-mode works wonders when working outside in bright weather.
My website received some major improvements (changelog). Most notably, I added a become a supporter section, where you can buy me a coffee, and a custom 404 page, with a random bee fact!
Some changes to the newsletter, as I didn’t like stuffing it to the brim. From now on there’ll be a maximum of 5 links per category, which lines up perfectly with my philosophy and the name, Hive Five. I’ve also added 3 new categories: changelog, people, and outside interests.
I have tons more in the works, so bee on the lookout.
Let’s take this week by swarm!
🐝 The Bee’s Knees
- Recovering a full PEM Private Key when half of it is redacted: A write-up covering how given a partially redacted PEM, the whole private key can be recovered. The Twitter user, SAXX, shared a partially redacted private RSA key in a tweet about a penetration test where they had recovered a private key.
- Mining Bitcoin on the Game Boy: In this video, they attempt to mine Bitcoin on the original Game Boy using the Raspberry Pi Pico as a link-cable to USB adapter!
- TomNomNom talk about Networking Fundamentals: In Tom's own words, let’s learn a bit about networking. Slides
- Hidden OAuth attack vectors: The OAuth2 authorization protocol has been under fire for the past ten years. You’ve probably already heard about plenty of “return_uri” tricks, token leakages, CSRF-style attacks on clients, and more.
- Chapter 1 Security Fundamentals - Alice and Bob Learn Application Security: Tanya and guests answer and discuss questions about chapters of her book (affiliate link).
Get $100 to try DigitalOcean — the go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
- BSides NoVA Security Conference 2021: You still have a few days to submit BSides NoVA. Northern Virginia’s Cyber Security Conference
- Announcing Uber’s Bug Bounty April Promo Event
- !!Con - Call for Talk Proposals!: !!Con is back for their eighth year of celebrating the joy, excitement, and surprise of computing, and want you to submit a talk proposal.
- Nicolas Grégoire: Company is 10 years old. Congrats!
- Martijn Luyckx: Won #1 in Cyber Security Challenge Belgium. Amazing! (team: @uhasselt and @HogeschoolPXL - @jorritgerets @FeribHellscream @PinkDraconian)
- Nathan Cavitt: Has his Bug Bounty Bday. What an amazing year!
- Prash: Had his last day at @Hacker0x01. Excited for what’s next!
- d0nut 🦀: Is feeling better and tackled a bug in resync, allowing it to run 4x faster. Yeet!
- Burp Suite HTTP logger: Sneak preview of the native HTTP logger that is coming soon to Burp Suite.
- BBRF v1.1.1 by Pieter: Has been released with a number of cool improvements.
- SAML Raider Release 1.4.0: SAML Raider is a Burp Suite extension for testing SAML infrastructures.
- OSINT VM: The 2021.1 release of the TraceLabs OSINT VM is out, this is a major release which includes a new menu, default browser change (#Chromium) and a new updater process.
- Telegram Voice Chats 2.0: Channels, Millions of Listeners, Recorded Chats, Admin Tools: Voice Chats first appeared in December, adding a new dimension of live talk to Telegram groups - now, they are available in channels too.
- The Ultimate Guide to Finding and Escalating XSS Bugs: What is XSS, Cross-Site Scripting (XSS) is the most common vulnerability discovered on web applications.
- APT Encounters of the Third Kind: A few weeks ago an ordinary security assessment turned into an incident response whirlwind.
- One day short of a full chain: Part 3 - Chrome renderer RCE: This is the last post of a series in which I exploit three bugs that can be used to form an exploit chain from visiting a malicious website in the beta version of Chrome 86 to gain arbitrary code execution in the Android kernel.,
- Thoughts on Threat Modeling: Personal views on threat modeling, how I approach threat modeling and what has worked for me (both as a Platform Security Engineer and vulnerability researcher).
- Critical netmask networking bug impacts thousands of applications: Popular npm library netmask has a critical networking vulnerability, the component gets over 3 million weekly downloads.
- Simpsonpt/AppSecEzine: Only just found out about AppSec Ezine and it has been releasing for 7 years!
- New to bounties? by bugcrowd: They created a page containing links to everything you need to know including free educational resources, researcher docs, how to find bugs, beginner resources, how to get private invites, and more.
- noraj/OSCP-Exam-Report-Template-Markdown: Now you can be efficient and faster during your exam report redaction.
- Abusing Data Protection Laws For D0xing & Account Takeovers: A paper on Abusing Data Protection Laws For D0xing & Account Takeovers, leading to over 5 figures in bounties.
- GraphQL hacking thread by Rami: Awesome collection of GraphQL resources.
- AMA - Bug Bounty with Alex Chapman (Public): Alex Chapman talks about his approach to bug hunting, why he hunts on our platform and about his favorite scene from the movie Hackers.
- $Echo - Nahamcon 2021 CTF Walkthrough: Optional’s method for working through the $Echo challenge for Nahamcon 2021.
- Function hooking, detours, inline asm & code caves [Game Hacking 101]: What happens if we want to do something which takes up more space than we actually have available to us?
- The HackerCON: Hacking is NOT a Crime and Red Team Village “The HackerCON” streamed on Saturday, March 27, 2021.
- SQL Injection - Lab #4 SQL injection UNION attack, finding a column containing text: Rana covering Lab #4 in the SQL injection track of the Web Security Academy.
- cosign: Container Signing, Verification and Storage in an OCI registry.
- Frogy’s Subdomain Enumeraton - It’s not yet another Subdomain Enumeration tool: Using the combination of different subdomain tools it tries to identify more subdomains using combination of bruteforce and other techniques. Warning: This is just a research project. Kindly use it with caution and at your own risk.
- Sponsor kgretzky/pwndrop: pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
- ransom - Fraktal’s Ransomware Emulator: Command-line executable that will emulate common ransomware functions for the purpose of testing endpoint detection and response tools.
- americanexpress/earlybird: EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
- Хавиж Наффи 🥕: SSRF tip
- Chevy Phillip: Sunday read recommendation: Web Application Security: Exploitation and Countermeasures for Modern Web Applications (affiliate link).
- Rachel Tobac: Sleep Trick Thread, the trick is called Cognitive Shuffling.
- Jason Haddix: Lifting the curtain, most big bug bounty hunters make the most money from their P2s/P3s/P4s at scale.
- Хавиж Наффи 🥕: If you run a bruteforce and notice weird behaviours - like “/admin/” redirecting to / always investigate these.
Part of my #365Bees Twitter series, where I put the spotlight on someone every day.
- Atul: Always sharing knowledge and know-how, active in various Discord communities.
- BanjoCrashland: Demos job hunt tactics/techniques using hacker mindset + OSINT to find jobs viewers want. w/ Jacque_InTheBox
- DanielMiessler: He explores the intersection of security, technology, and society. He posts great content + his podcast is a must-listen. Members get access to Slack and book club.
- todayisnew: Eric crossed $1M in bounties a while ago but you’d never know it. His handle is a great reminder to focus on the gift we are given with each new day. His friendly demeanor, and automation are highly sought after.
- ippsec: One of THE best FREE resources to learn hacking. He mainly covers hack the box videos, but does it in a way that’s easy to follow even for beginners. He also breaks down techniques, it’s where I learned tmux.
- A Vim Guide for Advanced Users: Third part of this series aimed to help you unleash a power never seen on Earth using the Almighty Vim.
- Why I’m unreachable and maybe you should be too: You may have noticed it’s practically impossible to send Pieter a message anywhere.
- The next frontier after remote work is async: It’s been almost a decade now that we’ve all been promoting the benefits of remote work and location independent living.
- Get better at programming by learning how things work: Although this is about getting better at programming, this can and should be the way you approach everything.
- Zsh Tricks to Blow your Mind: ZSH is an alternative shell to the well-known Bash shell.
🧠 Outside Interests
- Browse the Louvre’s entire collection online
- The Solution of the Zodiac Killer’s 340-Character Cipher—Wolfram Blog
- The Ancient Method That Keeps Afghanistan’s Grapes Fresh All Winter
If you enjoy this content, a quick share would be awesome.
Select links are affiliates that I get a kickback from. They must pass curation, no exceptions.
❤️ Don't bee a stranger
I'd love to hear your thoughts! You can reach me on Twitter, or replying to this email also works.
Until next week, take care of yourself and each other,