- Hive Five
- Posts
- 🐝 Hive Five 124 - Scraping Kit and the Benefits of Creating in Public
🐝 Hive Five 124 - Scraping Kit and the Benefits of Creating in Public
Hi friends,
Greetings from the hive!
I hope you had a nice weekend. Sadly, one of our dogs was attacked by another dog and spent a while at the emergency vet. Thankfully, she’s a miracle dog and is recovering well.
Let’s take this week by swarm!
🐝 The Bee’s Knees
An interview with Shubham Shah, one of the hackers people look up to in the bug bounty space, and an expert in source code review who regularly finds 0days. more
Scraping Kit comprises several tools for scraping services for keywords, useful for the initial enumeration of Domain Controllers or if you have popped a user’s desktop with access to their Outlook client. more | tool
A few month after competing in DEF CON CTF 2021, SuperFashi receives a mysterious envelope. more
Troy Hunt discusses several aspects of cybersecurity, including the importance of his website, Have I Been Pwned, in notifying users of data breaches in which their information has been compromised. more
Talkback is a smart infosec resource aggregator, designed to help security enthusiasts, practitioners and researchers be more productive. more
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🏞️ Bee’s Eye View
![[CleanShot 2023-06-03 at [email protected]]]
🔥 Buzzworthy
✅ Changelog
RetireJS/retire.js 4.3.0 is a scanner detecting the use of JavaScript libraries with known vulnerabilities. more
projectdiscovery/nuclei v2.9.5 is a fast and customizable vulnerability scanner based on simple YAML based DSL. more
j3ssie/osmedeus v4.4.2 is a workflow engine for Offensive Security. more
📅 Events
NahamSec will be giving a 2-day training at DEFCON: Hacking Organizations: Phishing Not Required (August 14th-15th 2023). more
NahamCon 2023 CTF, workshops, and talks (June 15-17). more
James Kettle announced his Black Hat talk: Smashing the State Machine: The True Potential of Web Race Conditions. more
On June 12th, many subreddits will be going dark to protest Reddit’s third-party policy announcement. more | price change
🎉 Celebrate
Jane moved to SF Bay Area, leaving Hong Kong to embark on a new journey in tech. Exciting! more
Mason has a new profile picture. Let’s go champ! more
Mustafa hit 1MM dollars in all time earning combined from all platforms and external programs. Amazing! more
May was an awesome month for bombon in bug bounty. Congrats! more
Bishal purchased a new laptop with bug bounty earnings. Beautiful! more
💰 Career
Creating in public can and has landed people jobs. It allows you to represent your ideas and skillset. more
⚡️ Community
📰 Read
Jason describes how he achieved the complete compromise of a password manager company. more
Stored XSS via Kroki diagram on GitLab by vakzz. more
Sector035, the person behind Week in OSINT, shares more about themselves and their OSINT journey. more
Hacking a “smart” toothbrush. After buying a new Philips Sonicare toothbrush Cyrill was surprised to see that it reacts to the insertion of a brush head by blinking an LED. more
🙏 Support
Enjoy reading the Hive Five? You can treat me to a coffee!
You can also share the newsletter with your friends.
📚 Resources
2nd level subdomain bruteforcing method, which is built into ReconFTW. more | reconFTW
People share their favorite types of swag to receive at conferences. more
Occamsec/CVE-2023-2825 contains the PoC for GitLab CVE. This PoC leverages a path traversal vulnerability to retrieve the /etc/passwd file from a system running GitLab 16.0.0. more
valeriyshevchenko90/WhereToGo shows you where to go with an account within the corporate environment. more
ihebski/DefaultCreds-cheat-sheet is one place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password. more
🎥 Watch
XSS via ES6 Reflect API, the solution to Intigriti’s May ’23 Challenge. more
Authentication Bypass Using Root Array. LiveOverflow explores the technical details of a tweet to understand where the tip came from, why it was wrong, and eventually learns about the real underlaying vulnerability. more
A SecurityFest 2023 talk by Tomer Bar: OopsSec - The bad, the worst and the ugly of APT’s operations security. more
An introduction to JWT Attacks, helping you learn about JSON Web Token (JWT) vulnerabilities. more
Mentoring the Formerly Incarcerated talk at DevOps Days ATX 2023. more
🎵 Listen
Malicious Life - Ad Fraud, Part 1. Learn how Aleksandr Zhukov defrauded some of the biggest American corporations for millions of dollars. more
Smashing Security 324: .ZIP domains, AI lies, and did social media inflame a riot? ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for “a website that moves you”? more
Critical Thinking - Bug Bounty Podcast E21: Chill Chat with Legendary DoD Hacker Corben Leo. They chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. more
The Privacy, Security, & OSINT Show 299 - Self-Hosted Part I. This week they begin the conversation about self-hosting everything, plus offer the latest privacy news. more
The Application Security Podcast: The Future of Application Security Engineers. Jeevan Singh, the director of product security at Twilio, discusses the future of application security engineers. more
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In