- Hive Five
- Posts
- 🐝 Hive Five 102 – Running a Mastodon server, Reverse Prompt Engineering, and 2022 reviews
🐝 Hive Five 102 – Running a Mastodon server, Reverse Prompt Engineering, and 2022 reviews
Hive Five
By securibee 🐝
Hi friends,
Greetings from the hive!
Happy New Year! I hope you and yours are in good health and achieved all that you set out to.
The start of the year often means reviewing what you have accomplished in the previous one. This prompted me to check out my newsletter stats (which I should do more often). The Hive Five in 2022 had a 77% open rate, an 83% click rate, and contained 390582 words.
I have also looked at different methods and implementations of how people review their year. This format by Mike stood out to me, and I thought I’d share. He listed “six areas of life balance” from his goals page and rated each. So I might give it a try.
Did you have any yearly goals? If so, how did you do on them?
Let’s take this week by swarm!
🐝 The Bee’s Knees
Hachyderm’s Kris Nova on running a Mastodon Server. In Hanselminutes Podcast 872, Scott talks with Kris Nova who has been building and scaling Hachyderm, a Mastodon instance that began in her basement and is now moving into the cloud. more
Hunting for Amazon Cognito Security misconfigurations. This is a talk that was delivered as part of NahamCon EU 2022 virtual conference. The topic outlines and discusses a few common security misconfigurations that affect Amazon Cognito implementation along with various techniques and methods to test against these security issues. more | slides
Reverse Prompt Engineering for Fun and (no) Profit. For the non-technical folks, the term “prompt injection” was chosen to evoke SQL Injection, the third worst security vulnerability in traditional web applications. more
A list of interesting macOS/iOS Kernel Security research in 2022 by Alex. more
Pass-the-Challenge: Defeating Windows Defender Credential Guard. New techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender Credential Guard. more
️💪 Sponsor
Want me to write about your company? Sponsor the Hive Five.
🔥 Buzzworthy
✅ Changelog
j3ssie/osmedeus v4.3.0 includes AWS Provider Support, integration with an S3 bucket, new built-in scripts for importing and extracting workspace data. more
The 10th edition of OSINT Techniques is now available. The book is required reading for numerous college courses, university degrees, and government training academies. more
📅 Events
Justin Gardner and 0xteknogeek are launching a new podcast called Critical Thinking. You can expect coverage of new web hacking techniques, bug bounty tips, exclusive bug explanations, and sick interviews. more
ZwinK is planning to publish a Z-winK University series on Udemy. more
Omar Espino is starting a new journey at websec as a Senior Security Consultant. more
Architecture Notes announces their first CTF which is live now. This is a encryption challenge that is open to participants of all skill levels and I dare you to solve. This first challenge will test your knowledge around encryption and networking. more
🎉 Celebrate
Nagli finished 2022 as the 4th Hacker in the world on HackerOne. Amazing! more
In 2022 SickSec earned a massive 100K+ in bounties, including a huge 60K$ from a single program in Q4. They also achieved Rank 1 in Uber bug bounty program and reached the top of the leaderboards. Keep going! more
zseano’s proudest achievement in 2022 was winning H1702. He also managed to finish 3rd amongst UK hackers on HackerOne this year. Awesome! more
In 2022 Mustafa managed to earn 500k in bounties through Synack and with collaborations on Bugcrowd’s LHE. Let’s go! more
MrTuxracer earned more than $500k in bounties which is almost twice their goal. They also got their OSWE certification, resurrected their blog, and did more binary exploitation. more
⚡️ Community
Best bug people found in 2022. more
John Hammond shares the behind the scenes to his YouTube channel with half a million subscribers. more
sumgr0 on Axiom, developed by pry0cc and 0xtavian, being a game changer. more
Ryan Dewhurst shares that 2022 was the hardest year of his life. more
Viktor looks back on 2022 and celebrates his wins. more
📰 Read
Netcomm unauthenticated Remote Code Execution. Research performed against the NF20MESH router revealed an unauthenticated remote code execution vulnerability that affects devices running firmware prior to version R6B025. more
Katie is surprised that some things haven’t entered the bug bounty community. E.g. Mixer vs Twitch like exclusivity contracts for hackers, platforms could offer better invites, a % on top of all bounties and various other perks for x hours minimum spent hacking on the platform. more
0 click Account Takeover and Two-Factor Authentication Bypass. In September they decided to search in recovery flow processes in web and mobile Facebook application. more
What We Do in the /etc/shadow: Cryptography with Passwords. Ever since the famous “Open Sesame” line from One Thousand and One Nights, humanity was doomed to suffer from the scourge of passwords. more
Reverse Engineering Rustlang Binaries is a series of notes of BrightProgrammer’s take on understanding how to reverse rustlang binaries. more
🙏 Support
Enjoy reading the Hive Five? You can treat me to a coffee!
You can also share the newsletter with your friends.
📚 Resources
The ABS programming language works best when you’re scripting on your terminal. It tries to combine the elegance of languages such as Python, or Ruby, to the convenience of Bash. more
Expanding Your Security Horizons: Learning The Ropes 102, a book by Andy Gill. LTR102 takes the lead from LTR101 and dives a little deeper into the wider security topics, bringing an insight into defensive, offensive and collaborative security fields. more
The Pocket Guide to Debugging e-zine. It has 47 of strategies for solving your sneakiest bugs. more
Fuzzing101 with LibAFL - Part I: Fuzzing Xpdf. Explore the library and writing fuzzers in Rust in order to solve the challenges in a way that closely aligns with the suggested AFL++ usage. more
zakird/crux-top-lists caches a CSV version of the Chrome top sites, queried from the CrUX data in Google BigQuery. more
🎥 Watch
The official writeup to Intigriti’s December ’22 XSS Challenge. more
Computer Networking (Deepdive). This video explains computer networking with pieces of paper, hopefully explaining why in some universities the OSi layer model is taught. more
2023 Path to Master Hacker, the path to becoming a master hacker. From zero to getting the skills you need to be successful. more
How To Bypass Website File Upload Restrictions. more
Using OSINT to find Mr. Beast video locations. more
🎵 Listen
Beautiful podcasts via Jack. Stories that inspire, delight, and show you something beautiful where you end up feeling like you’re floating. more
Darknet Diaries Ep. 131 - How Bitcoin Tracers Rescued 23 Kids From Sex Abuse. We like to think that cryptocurrencies are anonymous and private, but new rules for exchanges mean law enforcement can track dark money. This story is part of Andy Greenberg’s new book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency” more | book
The Tim Ferriss show: Steven Pressfield - The Artist’s Journey, Wisdom In Little Successes & More. A glimpse into the mind of the author of The War of Art. more
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In