• Hive Five
  • Posts
  • 🐝 Hive Five 126 - NahamCon2023, Networking Fundamentals, and Pioneering The Bug Bounty Platform

🐝 Hive Five 126 - NahamCon2023, Networking Fundamentals, and Pioneering The Bug Bounty Platform

Author

Bee
June 19, 2023

Hi friends,

Greetings from the hive!

I hope you had a good weekend. Unfortunately, I wasn’t able to attend NahamCon2023.

Come to think of it, this might’ve been the first event that NahamSec organized that I wasn’t able to participate in.

What did you do this weekend?

Let’s take this week by swarm!

🐝 The Bee’s Knees

  1. NahamCon2023’s Bug Bounty Village with 4 workshops: Capture the Flag 101, Ethereum Smart Contract Hacking, Automation tricks for Burp Suite Pro, and Linux & Windows PrivEsc Workshop. more

  2. The hackcompute group hacked root EPP servers to take control of zones. Their efforts in this space led to the ability to control the DNS zones of numerous ccTLDs, including .ai. more

  3. How to perform an account takeover? A case study of 146 bug bounty reports. more

  4. Networking Fundamentals. The ultimate video series which will teach you the core of Networking: How data flows through the Internet. more

  5. Casey Ellis: Pioneering The Bug Bounty Platform To Empower Ethical Hackers. Casey Ellis, the founder of Bugcrowd, is interviewed by Phillip Wylie, who admires Casey’s connection to the hacker community. more

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

Changelog

  1. Tool - six2dez/reconftw v2.7 highlights: Improved GH repos scan, added Mantra for JS secrets, Shellcheck compliant, and more. more

  2. Platform - HackerOne now supports in-platform translation from over 60 languages. more

  3. Tool - Caido v0.26.0 release introduces the Caido Assistant for Pro users. more

  4. Tool - six2dez/reconFTW v2.7 is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. more

  5. BBP - GitHub revamped its VIP Bug Bounty Program to include a clear and accessible criteria for receiving an invitation to the program and more. more

📅 Events

  1. The Critical Thinking - Bug Bounty Podcast is doing a Caido Pro giveaway. more

  2. Soroush might start sharing Burp Suite’s techniques or tricks with everyone. more

🎉 Celebrate

  1. Renniepak listed his CVEs. Nice ones! more

  2. Corben had 3 vulnerabilities rewarded on immunefi. Go get em! more

  3. GitHub VIP Bug Bounty delighted Alex with a swag pack. Love to see it! more

  4. Katie received a grant to do cool novel computing security research stuff at work. Woohoo! more

  5. Mert finished 1st on the Bugcrowd leaderboard of May. Let’s go champ! more

💰 Career

  1. Justin’s 30-30-30 method for a better business. 30m per week talking to customers, 30m per day figuring out how to solve them, and 30m per day writing content about it. more

  2. Hadrian is hiring an Engineering Manager. more

  3. Marina is looking for opportunities in Cybersecurity Awareness. more

  4. The Pathless Path made Ali quit his career as a Doctor. Now, he shares 10 lessons that’ll make you rethink everything. more

  5. The Pivot with Henri Beek from DataExpert: Senior Law Enforcement OSINT Trainer. He has more than 13 years of professional experience working in the Open-Source Intelligence (OSINT) space. more

⚡️ Community

  1. Orange Tsai withdrew his DEFCON31 talk because the US continues to deny his ESTA application. He resubmitted it to EU/ASIA conferences. more

  2. Halvar Flake is looking to preserve Warez scene release NFOs (1996-2006]. more

  3. Lupin announces his company with his brother: Lupin & Holmes. They focus on offensive cybersecurity and social engineering. more

  4. Alex on the stunning comic book covers in HackerOne’s yearbook. more | Yearbook

  5. Meg shares the origin of “cybersecmeg” and her journey to trying to be just Meg going forward. more

📰 Read

  1. Hussein challenged himself to take the number one spot of a hardened bug bounty program. 30 days later he achieved his goal through self belief, collaboration, managing emotions, and more. more

  2. Soroush shares the ups and downs of his bug bounty journey. more

  3. MOVEIt Transfer RCE Part Two (CVE-2023-34362). Since a public proof-of-concept has been posted, Assetnote details the steps they took to reverse the vulnerability. more

  4. One Bug at a Time: Last 15 days of 30daysofbugbounty. Continuing where we left of in Hive Five issue 123, Gavin breaks down his finding and shares useful tips. more

  5. Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames. more

📚 Resources

  1. Slides from Agarri’s NahamCon talk: Automation tricks for Burp Suite Pro. more

  2. How to delete information about yourself from various services. more

  3. People sharing their favorite lab environment and learning platforms. more

  4. jonkeegan/behind-this-website is a checklist for investigating the provenance and ownership of websites. more

  5. Awesome Sec Challenges is a curated list of Awesome Security Challenges, aimed at getting beginners and experts alike, involved in upskilling their ethical hacking, pentesting, and crypto skill through online challenges. more

🎥 Watch

  1. How to give a great conference talk. Some practical tips Lee learned to help improve your next conference talk. more

  2. Directory Traversal - Lab #6 Validation of file extension with null byte bypass. more

  3. IppSec takes on HackTheBox - Escape where he uses CrackMapExec to enumerate file shares among other things. more

  4. Rami (Bugcrowd) interviews Nerdwell. Get to know Nerdwell, a 20 year long hacker veteran, educator, multiple-time MVP winner, Level 4 P1 Warrior, and Bugcrowd Ambassador. more

  5. Louis covers how an AppSec team can create and leverage “Building Blocks” to scale their security impacts. more

🎵 Listen

  1. Intruder Alert Ep2 - Your Printer is Spying on You, Why IoT Security Sucks, Certs vs Degrees. more

  2. The Privacy, Security, & OSINT Show 300 - Self-Hosted 2: Offline Knowledge. This week they continue the self-hosted series with several easy options from which anyone can benefit. more

  3. Risky Business #710 - Why your corporate VPN will get you owned. more

  4. Smashing Security 326 - Right Royal security threats and MOVEit mayhem. There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation. more

  5. Critical Thinking - Bug Bounty Podcast Episode 23: Hacker Loadouts. In this episode they delve into a different aspect of hardware, their personal loadouts. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.