🐝 Hive Five 131 - The Art of Deception

Hi friends,

Greetings from the hive!

The first hacking book I ever owned and read was The Art of Deception. At the time, it was validation of my interests and a gateway into the scene. Though, it would take nearly a decade before I entered the infosec industry.

Last week, we learned that its author, Kevin Mitnick, was dealing with pancreatic cancer and had passed away. He is survived by his wife, Kimberley, and their unborn child. My thoughts and prayers go out to them.

When I found out the news, I was shocked. Then, someone mentioned that Steve Jobs died of complications with the same type of cancer.

They were both hackers in their own regard, both gone too soon, and both left a lasting legacy.

“Being a hacker has little to with your job. It’s in your blood, your soul — it’s a way of thinking. It’s curiosity, creativity, and challenging norms.” — Jason Haddix

Hearing about it reminded me to live deeply and intentionally. To be curious, challenge the status quo, and uplift others. As, eventually, for all of us, our breath will become air.

We often deceive ourselves, taking stuff for granted, and putting things off for too long. Squandering our most valuable resource: time. Let’s do less, better.

“It is not that we have a short space of time, but that we waste much of it.” — Seneca

Life is short, hack it!

🐝 The Bee’s Knees

1. Discover millions of leaked API keys with Forager — Although I shared the release of this tool last week, Dylan’s videos are always a must-watch. more

2. Shenetworks’ guide to landing your first tech job. Buckle up for this one because she’s about to give you A LOT of information. more | video

3. Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway. Recently, Citrix released an advisory which included a fix for a critical RCE vulnerability within Citrix ADC and NetScaler Gateway. more

4. Mastering SQL Injection - The Ultimate Hands-On Course. Learn how to find, exploit and defend against SQL Injection vulnerabilities. more | alternative

5. Abusing AMAZON VPC cni plugin for Kubernetes. Exploring an attack from Amazon EKS to AWS networks. more

Which Bee’s Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. jswzl 2023.3.2 release which improves the reliability and performance on Apple Silicon. more

2. gwen001/related-domains v1.2.2 finds related domains of a given domain. more

3. Amass v4.0.2 introduces the the Open Asset Model and Asset Database. more

4. jesseduffield/lazydocker v0.21.0 is the lazier way to manage everything docker. more

5. Burp Suite roadmap update: July 2023. more

📅 Events

1. Vrindavan in India has been flooded. Help out if you can. more

2. Jason is running two more live TBHM trainings later this year. One for UK/India/APAC and one for NA timezones. Dates are TBD. more

3. Katie is giving away two BSides Ahmedabad tickets. more

🎉 Celebrate

1. Inti got married. Congrats to the happy couple! more

2. Peter is honored to be part of H1-702 in Las Vegas. Go get ’em! more

3. VoidofBelow got their first bug triaged. Let’s go! more

4. Dee_see moved to Ireland. Awesome! more

5. Tae’lur got a job as a CVE Analyst at Semgrep. Yes! more

💰 Career

1. Why you struggle to write a strong cover letter. more

2. How Nathan Barry Built a $30 Million Software Company. more

3. tricks for staying healthy when life gets busy (as a software developer). more

⚡️ Community

1. Patrik has been experimenting with subdomain aggregation techniques using regular language ranking. more

2. Thanks to Adrien, Lupin is addicted to GraphQL hunting. more

3. Jason shares a trueism: “Being a hacker has little to do with your job. […]” more

4. “A hacking technique can seem blindingly obvious, and still be massively overlooked.” says James Kettle on a post from 2016 by BugbountyHQ. more

5. Cybersecurity Meg posted a life update, sharing where she’s been, future content, and more. more

📰 Read

1. Ryan from Akamai is working on an internal initiative to address security research bans. more

2. Qualys Security Advisory CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent. more

3. The Missing Semester of Your OSINT Education. In the field of Open-Source Intelligence (OSINT), it is essential to have a diverse set of skills to effectively collect, evaluate and analyze publicly available information. more

4. Lupin, Gentleman-Hunter and Pentester: Interview with Roni Carta. more

5. Escalating Privileges With SSRF. This post is about Kuldeep’s recent findings on Synack Red Team, which consisted of a total of 4 SSRF vulnerabilities. Three of them were authenticated SSRFs and the last was a fully unauthenticated SSRF. more

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It’s my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

💡 Tips

1. Common Crawl is a source for archived URLs, and Waymore checks all 95 indexes. more

2. A common thread highly successful bug hunters share is laser focus. Justin shares some tips so you can get there as well — While doing so, always keep your health in mind. more

3. TIL Canva enables you to make amazing videos — Have you tried it yet? more

4. The missing semester in hacking: GoogleFu, knowledge management, learning, communication, and community. more

5. TIL you can use Curl syntax directly with SQLMap. more

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @dr | Dan Rowden | Developer/designer.Building side projects towards $20k/m.Head of Developer Relations at @lmsqueezy. Built the best Twitter analytics.

2. @dabit3 | nader | nader . lens | Director of Developer Relations @aaveaave @lensprotocol // founder @developer_dao // experimenting @arweaveeco // web3 ᵍᵐ.

3. @TomNomNom | TomNomNom | Open-source tool maker, web security person, trainer, talker, fixer, eater, not really a sheep. He/him.

4. @Black2Fan | Sergey Bobrov.

5. @0xd0m7 | 0xd0m7.

🚀 Productivity

1. Often, procrastination is about emotional regulation, not time management. more

2. STÖK reminds us to go offline and touch grass. He disconnected for hours to pick and eat cloudberries. more

3. Be kind to your future self — future-proof your notes to be of service to you. more

4. Effective > Productive. There’s an endless stream of methodologies and tools promising to make you more productive. But more productive at what? more

5. How to give yourself time to think. Whether it’s for a few hours, a few days, or a full week, everyone needs dedicated time to reflect. more

🌐 Technology

1. Dan Abramov, creator of Redux and Create React App, is leaving his job at Meta. He has no plans for the feature yet. more

2. Deep fakes are about to change everything. more

3. Playlist of the talks at RailsConf 2023 (Atlanta), the world’s largest and longest-running gathering of Ruby on Rails enthusiasts, practitioners, and companies. more

4. Control your dev processes with Overmind. Forget about opening multiple tabs in your terminal and typing out several commands. more

5. Herd is a blazing fast, native Laravel and PHP development environment for macOS. It includes everything you need to get started with Laravel development, including PHP and nginx. more

🧠 Wisdom

1. Kenny on focusing purely on your art: “Just maybe, 1 year of making less content to work on your art without documenting every step could be what you need more than likes.” — Just do you. more

2. Before coming to the USA, legendary artist Yayoi Kusama burned 2000 of her paintings and said to herself: “I will paint much better than this.” — Always bet on yourself. more

3. As a hospital chaplain, J.S. Park has witnessed hundreds of deathbeds. Often, they tell him their regrets. Therefore, he pleads for everyone to live deeply and be present. more

4. Haven’t launched your business yet? You’re probably overthinking it. more

5. Prevent burnout when doing (full-time) bug bounty hunting by focusing on the effort, not the outcome. more

💛 Cross-pollination

1. How to take risks in times of uncertainty. In this talk, Polina Marinova Pompliano shares 7 practical frameworks on how to take smart risks in times of extreme uncertainty. more

2. 6 exercises that can start reversing the dangerous effects of sitting. more

3. How Justin redesigned his life with 100% intention at age 42. more

4. We outside: episode 10. Marc Rebillet improves live music. more

5. How to overcome social anxiety in 5 steps: desensitization, curiosity, humor, vulnerability, and authenticity. more

🐝 Fact

The origin of bees was regarded as a source of fascination to many ancient cultures. In Greek mythology, the god Aristaeus, son of Apollo, is often credited with being the first beekeeper, having been taught to tend bees by Mother Earth Gaia’s nymphs. According to the legend, Aristaeus fell in love with Eurydice, wife of Orpheus who, in haste to escape Aristaeus’s unwanted attentions, trod on a serpent that bit and killed her. In punishment, Eurydice’s nymphs destroyed Aristaeus’s precious bees.

In order to recover his bees, Aristaeus had to appease the nymphs by slaughtering four bulls and four heifers, leaving their carcasses for nine days in a leafy grove as a sacrificial offering. Miraculously, at the end of this period, bees swarmed from the carcass and Aristaeus was able to rebuild his hive and pass on his knowledge of beekeeping to humankind.

This belief that bees were born from the carcasses of dead animals persisted for centuries.

This bee fact is brought to you by The Beekeeper’s Bible: Bees, Honey, Recipes & Other Home Uses.

Subscribe to the Hive Five to read the rest.