🐝 Hive Five 130 - New JavaScript analysis tools, and DEFCON advice

Hi friends,

Greetings from the hive!

Community, public roadmaps, and documentation are often overlooked or mishandled. Obsidian does all exceptionally well.

Not to mention that their product is amazing. The speed of iteration and level of craftsmanship is something to admire.

Looking at their roadmap makes me excited for the future.

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. Introducing jswzl: In-depth JavaScript analysis for web security testers by Charlie Eriksen. more

2. Deviant’s DEFCON Advice. Tips that help you in your planning for DEFCON, Black Hat, BSides, and the rest of Hacker Summer Camp. more

3. Dangerzone enable you to take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF. more

4. Secrets of an Android App Bug Hunter. Sergey Toshin tells the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. more

5. JSluice is a new tool by TomNomNom that extracts URLs, paths, secrets, and other interesting bits from JavaScript. more | talk | slides

️💪 Sponsor

Interested in being a sponsor?

​You can book an available spot here

🔥 Buzzworthy

✅ Changelog

1. DOMscan v0.0.2. comes with a handy new feature: --interactive, which pauses after each payload. more

2. Smol-ai/menubar v0.0.12 release added Local Models, Dark Mode, and new Icons. more

3. PentesterLab released 3 code review challenging in Java. more

4. Important Rana Khalil Academy changes, such as addition of modules, topics, and price changes. more

5. GAP Burp extension v3.5 is available. A major bug where site map roots with port numbers other than 80 or 443 weren’t processed correctly has now been fixed. more

📅 Events

1. Jason is launching another training later this year: Hacking your brand. more

2. Nicolas’s “Mastering Burp Suite Pro” public training sessions for 2024 are out. Seating is limited. more

3. Bugcrowd is hosting a live hacking session with Katie on July 28th. more

🎉 Celebrate

1. Giuseppe following his intuition and is going back to CTFs, exploring vulnerabilities, and finding bugs. Awesome! more

2. XNL-h4ck3r started a YouTube channel. Subscribe now! more

3. Celebrating everyone who started bug bounty hunting after 30. LFG! more

4. Patrik hasn’t spent a single minute in front of a screen this weekend. #goals! more

💰 Career

1. Guidelines to follow when you want to start a business as a family person with children. more

2. 13 infosec career hacks by Matt Johansen. more

3. You don’t HAVE to spend your work days hopping from meeting to meeting. more

4. How to unlock hidden remote jobs with Google. more

5. Long-form concept breakdowns, career thoughts, and immediately actionable advice, in chronological order. more

⚡️ Community

1. Julien has had less time for bug bounty but has been crushing local pentests. more

2. Hackers share people they admire and why, started by Douglas. more

3. NahamSec is shaving his head and beard for YouTube AND he’s getting a Nahomie tattoo. more

4. Jason shares his recent ADHD diagnosis. more

📰 Read

1. Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489). more | advisory

2. Reversing Mac Donald’s table beacon. more

3. All your parcel are belong to us, a Troopers 2023 talk. more

4. RCE in GitLab’s CLI tool. After starting at GitLab in October of last year, one of the first reviews that came their way was their CLI tool, which was only recently published officially. more

5. Root Cause Analysis of CVE-2023-32439 Type Confusion in Webkit by Sunjoo Park. more

🙏 Support

Enjoy reading the Hive Five? You can treat me to a coffee!

You can also share the newsletter with your friends.

💡 Tips

1. Gwendel shares a tip based on NahamSec’s usage of crt.sh. more

2. Paul shares how he’s using the newly released JS tools. more

3. Justin shares a methodology that helps you decide when to move on from your bug bounty target. more

4. Justin reiterates the importance of understanding basic browser functionality and key technologies. more

5. David shares a lifehack, order a coffee at a 5-star hotel and work in the lobby instead going to Starbucks. more

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. superhero1 | superhero1 | create educational content on IT security, CTFs & BugBounty.

2. willbtlr | Will Butler | Current: Red Team in FinTech | Former: Red Team @100xGroup, @Cruise, @Apple, and @PwC | I tweet about security, software, entrepreneurship, and fitness.

3. @jeffrey_way | Jeffrey Way | I am error.

4. @TJ_Null | Tony | Blue Teamer in Disguise | SANS Netwars Champion. Former community manager and founder of the Offsec community for @offsectraining.

5. @BrettFromDJ | Brett @ Designjoy | Built a one-man design agency to $2m/yr.

🚀 Productivity

1. Dickie’s process to improve anything: define, gather, systemize, and repeat. more

2. Douglas on putting Building a Second Brain in practice: “Ideas are grasshoppers. Catch them right away, so you don’t lose them!” more

3. Hack your brain with Obsidian. A deep-dive into No Boilerplate’s second brain, and if you take his advice, your second brain. more

4. Clean as you go (a life hack for code). Jason shares a story about a habit he picked up working in restaurants, and how the lesson he learned still helps him write better software to this day. more

5. Taking notes on podcasts with Snipd, Readwise, and Obsidian. more

🌐 Technology

1. Una tweeted something I never thought about: “Internet Explorer was such a great name.” — I agree! more

2. GPT for your specific use case by finetuning Falcon 7b/40b instructed with your own data. A step-by-step guide on how to train the falcon model to generate high quality midjourney prompt. more

3. Lima: a nice way to run Linux VMs on Mac. Lima stands for Linux on Mac and allows you to run Linux virtual machines for running containerd. more | tool

4. How to Use AI to Do Stuff: An Opinionated Guide. Ethan covers the state of play as of Summer, 2023. more

🧠 Wisdom

1. Daniel on diversification over doubling down. more

2. Meg shares her weight and life journey. more

3. The easiest way to stop sabotaging your future by reducing your cognitive load and more. more

4. 7 daily habits to improve your relationships. more

💛 Cross-pollination

1. A moving hack that blew my mind. What a game changer! more

2. Why We Create. Shot on a canon R5 C by Peter McKinnon. more

3. Adam Wathan used an accountability coach to lose 65 pounds and shared his journey in real-time. more

4. How to make a chicken sandwich in only 6 months. Oh, it’ll also cost you $1500. more

5. TIL you can expedite your US passport processing by contacting your congress person. more

🐝 Fact

A hangover is caused by the body’s production of acetaldehyde (ethanal) in the body from the alcohol consumed. Taking honey provides the body with sodium, potassium, and fructose, which aid recovery. Honey is also a rapid source of energy and the fructose accelerates alcohol oxidation in the liver, thereby acting as a sobering agent.

This bee fact is brought to you by The Beekeeper’s Bible: Bees, Honey, Recipes & Other Home Uses.

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It’s my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

Subscribe to the Hive Five to read the rest.