MonkeHacks #32

H1-0131 has concluded (congratulations to Frans for getting another MVH!) so my attention switches to CTF for a while, as the European Cybersecurity Challenge is coming up in the next 2 weeks. I was 39th of 86 hackers overall, so I consider this event to be a success - this is my best LHE performance yet. I became friends with some great hackers (and finally had a conversation with Nahamsec!) so a huge thank you to HackerOne for organising the event. The swag was also very neat - some cool clothes, a Timbuk2 backpack (if you’re a travel nerd like me, you know how good these are), a Yeti bottle… and the list goes on. I’m bringing the Timbuk2 pack with me for ECSC.

I’ve made enough from the event to cover my bills for a while, so I’m taking a step back from active hunting to write some tools for a month or so. I’ve used Cursor in the past, but I want to fine-tune my workflow properly with it.

Weekly Ideas / Notes 

• Some more reflections from the LHE:

  • It pays off to pick an area of scope and stick with it. LHE scope tends to be incredibly broad, so digging deep results in better bugs and less duplicates.

  • Hackers with an unusual niche, such as hardware or game hacking, tend to get more invites based on their proficiency in their unique skillset.

  • Everything is vulnerable. If Amazon and AWS scope together - hardened as it is - can result in $2 million in bounties, then imagine how many bugs sit on other programs!

  • This event has renewed my determination to get to another LHE. I need to work on writing more tooling for myself, and being more efficient in investigating scope, among other things. I want to start using more hotkeys in Caido as well.

• James Kettle released the version of Param Miner with his latest timing analysis research built into it. I think Burpsuite could really benefit from having a clearer UI for viewing these results and such, the UI is still very cluttered.

• Just a thought, but if the wider industry realised just how much is swept under the rug via bug bounty programs, nobody would sleep safely at night. We’re your guardian angels! I’m talking to you, software engineers. You owe your sleep to us, who pick up the bugs that slip through internal red team assessments and pentests.

• I’ve seen a very smart new generation of bug bounty hunters crop up in the past year or so, and it’s made me realise that I’ve been around this community for almost 5 years now. Time flies!

Resources

• Hacking Kia: Remotely Controlling Cars With Just a License Plate: More incredible, scifi-like hacking from Sam Curry.

• Attacking UNIX Systems via CUPS, Part I: The hyped “CVSS 9.9 in Linux” bug. Spoilers: it is not. Still a cool writeup! But not 9.9!