MonkeHacks #74

It’s been a hell of a week. I returned to Ireland to see my family, and spent a few days with them, and I flew to Las Vegas for Hacker Summer Camp. I’m visiting Vegas with my friend from university, so it was an entertaining flight. I played on my Switch 2 a ton on the way.

The first day of the live hacking event is over; it’s going alright, albeit with some frustrating parts, but that’s pretty standard for a LHE. I’m begrudgingly accepting of my performance this time. Not satisfied but not the worst.

I went to Vulnerability Vibes, which was fantastic - I spoke with some people I knew only online previously (such as Roll4Combat and Ryan Barnett). I’m looking forward to meeting more people at Bug Bounty Village.

Weekly Ideas / Notes 

• I’ve been wanting to get back into music, so I’ve decided to commit to learning guitar and harmonica again. I have a lower-end (Affinity) Fender Telecaster. I also have a very old Yamaha acoustic guitar that my ex-girlfriend’s family gifted to me, but I think I need to look at restoring it a bit (I haven’t touched it in a long time and it’s already about 30 years old, so it would benefit from a restoration). My preference is leaning towards using the acoustic, I think, because I like Elliott Smith’s music and I want to learn some of his songs.

• I’ve been waking up nice and early between 6am and 6:30am onsite in Vegas, which is perfect. My terrible sleep schedule in the UK has “fixed” itself in Vegas (it hasn’t changed at all).

• It’ll take me a while to dig through all of the new Blackhat/Def Con research; I’ll try to compile the ones that were interesting to me in a special segment of this newsletter next week, or the week after.

• I was writing this newsletter from the Starbucks in Resort World with rez0 and Lupin, and we turned around and… LiveOverflow was just standing there! We had a brief chat with him and got a photo with him. Super cool! I also spoke with James Kettle at Vulnerability Vibes yesterday, so it’s been a great few days of meeting my idols.

• Apologies for the short issue this time, as I’m a bit stuck for time. Hacker Summer Camp is busy.

Reading List

• Currently:

  • Fiction:

    • Solenoid by Mircea Cărtărescu (130/600 pages)

    • The Skeleton Road by Val McDermid (50/400)

  • Non-Fiction: A Random Walk Down Wall Street by Burton Malkiel (150/300 pages)

• Next on the list:

  • Fiction: Mort by Terry Pratchett

  • Non-Fiction: Day Zero to Zero Day by Eugene Lim (SpaceRaccoon)

Resources

• HTTP1 Must Die!: As close to a “flagship” vulnerability as you can get. James Kettle’s latest work.

• Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications: A nice authentication bypass from the Wiz team.

• Struts Devmode in 2025? Critical Pre-Auth Vulnerabilities in Adobe Experience Manager Forms: A series of vulnerabilities in AEM Forms that you’d have expected to have been found a long time ago. Good work from the folks at SL Cyber, formerly Assetnote!

• The campaign is not available in your country: XBOW discovered an SQLi while attempting to bypass geolocation restrictions: Another XBOW case study.