MonkeHacks #12

I’m in Osaka for a few days to visit some friends. I went to a small party yesterday and tomorrow I’m going to play basketball with some friends.

On Tuesday I met up with my good friend bubby963 in Yokohama, Japan. Yokohama is a really nice city (suburb?). It has a lot of foreign influences (particularly American) so it looks a bit different to the rest of Tokyo. I also saw the actual famous “Girl With Balloon” painting in Roppongi (that Banksy painting that shredded itself mid-auction). It was really cool! I had no internet on my train to Osaka so I also took some time to make some music using FL Studio.

After Osaka, I have a few days in Tokyo, and then I’m off to Sendai. My mom (who is Japanese) is arriving in Japan on the 12th so I’ll be travelling up to Sendai with her to see our relatives.

I have another project in the works that I may announce sometime this month, so stay tuned. I haven’t been as productive as I’d like to be recently, so I’m going to try to get back into the rhythm of things.

100-Hour Challenge Updates

Here are this week’s statistics:

HackerOne triage are slow as usual on the program. I got a Needs More Information response, so I expect another response from the H1 triager this week. Other than that - I’ve been working on a different program, so this program has not been my priority.

Weekly Ideas / Notes 

• I’ve been working extensively with doomerhunter recently. We’ve been doing some very technical but very interesting research on a target. So far, we’ve reported one vulnerability - an interesting client-side bug chaining multiple behaviours together. We have a lot of research done on the server-side environments, so that should pay off soon.

• We set up a collaborative Caido instance and it is amazing. This is the future of collaboration. I was genuinely in awe.

  • First, we set up Caido on a VPS, and made a project for our target.

  • Next, I shared my Caido credentials with doomerhunter (I don’t want to spend money on a Business subscription to enable Teams, so this was the easiest way).

  • He logged into the VPS with the credentials. We configured our local proxies to send traffic upstream to the Caido instance running on the VPS.

  • Using Replay Collections, we were able to track and assign HTTP requests to each other for further dissection.

  • We set up OpenVPN on the VPS server with some filters for outbound traffic to bypass region restrictions on the target.

  • I installed EvenBetter and my own extension, the Primate Pack, for some quality-of-life upgrades.

• Bytehx adds Linkfinder to Caido.

• On a more introspective note - I can honestly say - from working with doomerhunter and seeing how his brain works - that however much work you’ve put into researching your target, you can do more and you can do better. The depth and efficiency of doomerhunter’s research methodology was reminiscent of the time I got to witness Rhynorater trying his hand at hardware hacking. It’s crazy.

• I’m a big believer in building up great things from small habits. Taking 30 minutes a day to work on your daily habits can compound to great things over a long period of time.

  • My Duolingo streak is at around 990 days, and I know most of the Arabic alphabet because of this.

  • I have a journal I update daily - it has over 1500 entries, and documents the entirety of the pandemic.

  • I take some time every day to read new articles and writeups in the security space to stay informed.

  • And, of course, I write this newsletter for you guys 😄 

  • So, take some time to think about what you can start today, that may turn into something great if you chip away at it every day.

Resources 

• Send()-ing Myself Belated Christmas Gifts - Github.com's Environment Variables & GHES Shell : A very cool finding on Github abusing Kernel#send().

• CodeQL Zero to Hero Part 3: Learning to use CodeQL.

• An Obscure Actions Workflow in Google’s Flank: don’t neglect CI/CD pipelines!