🐝 Hive Five 135 - The A.I. Dilemma

Hi friends,

Greetings from the hive!

I was shocked to hear that Kris Nova suddenly passed away. I didn’t know her well, but I knew of her, and would occasionally tune into her streams.

My condolences go out to her family and friends. What stood out to me, besides her brilliance, was her love for community and relentless drive. She made things better.

I’m afraid to live, but I’m glad she did. Showing us the way.

RIP.

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. The A.I. Dilemma, March 9, 2023. Tristan Harris and Aza Raskin discuss how existing A.I. capabilities already pose catastrophic risks to a functional society, how A.I. companies are caught in a race to deploy as quickly as possible without adequate safety measures, and what it would mean to upgrade our institutions to a post-A.I. YOUTUBE

2. SAMLjacking a poisoned tenant. A demo combining two new SaaS attack techniques to make a simple, but effective attack chain. PUSHSECURITY

3. How Daniel Miessler went from a $350K FTE to $700K+ doing his own thing. And so could you. DANIELMIESSLER

4. DEFCON 31 Recon Village talks are up and ready for you to consume. YOUTUBE

5. Zero Touch Pwn: Abusing Zoom’s Zero Touch Provisioning for Remote Attacks on Desk Phones. SYSS

Which Bee’s Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. Noir v0.4.0 now supports Swagger analysis. When Swagger documents are detected in the target source code, the tool analyzes those files to identify and extract endpoints. GITHUB

🚨 News

1. AI-Powered Fuzzing: Breaking the Bug Hunting Barrier. Using LLMs is a promising new way to scale security improvements across the over 1,000 projects currently fuzzed by OSS-Fuzz and to remove barriers to future projects adopting fuzzing. GOOGLEBLOG

2. Researcher says they were behind iPhone popups at Def Con. TECHCRUNCH

🎉 Celebrate

1. Vortex is changing his role at Bugcrowd to Technical Pentest Manager. Congrats! TWITTER

2. Lupin & Holmes launched their new website. Looks awesome! TWITTER

3. enleak is three weeks in as a SOC analyst. Let’s go! TWITTER

💰 Career

1. The Pivot with Jane Frankland: Women In Cyber and IN Security Movement. Jane is a tech entrepreneur, book author, international speaker, and passionate women’s change agent. YOUTUBE

2. 2023 Roadmap To Your First Cybersecurity Job. YOUTUBE

3. From Mid to Senior: Time Management and Prioritization. Stepping up the ladder from a mid-level developer to a senior role can feel like entering a whole new universe. IVANNOVAK

4. Former Google recruiter’s No. 1 resume red flag: “There’s zero chance you’re going to move forward”. There are various don’ts to keep in mind: Don’t misspell words. Don’t go over two pages. Don’t write a list of vague skills without providing proof you’ve actually accrued them. CNBC

⚡️ Community

1. Idea Amplification: Be a Hype Man For Your Friends. Rez0 explains the benefits of hyping up your friends’ ideas. REZ0

2. The Critical Thinking podcast want to know what you’d like to see next. Let them know! TWITTER

3. Non-tech related things that hackers nerd out about. Hakluke’s ones are: backpacks, flashlights, jazz, trumpet, minimalism, and camping. TWITTER

4. BugBountyHQ is a year older. Happy belated birthday! TWITTER

5. Rodolfo has been suffering from severe mental health issues. He asks for support by sharing his work and tool, KNOXSS. TWITTER

📰 Read

1. Spring WebFlux – CVE-2023-34034 Write-Up and Proof-of-Concept. Spring Security’s newly released versions contain a fix for a broken access control vulnerability. JFROG

2. Knocking on the Front Door (client side desync attack on Azure CDN). A few months ago, Jeti embarked on a security bug hunt within the scope of a private program available through the Intigriti platform. JETI

3. Michael shares some automation pitfalls and success in bug bounty. TWITTER

4. How Nagli earned 5-figure bounties from sensitive links, sent via email, that were leaked without any user interaction. TWITTER

5. Justin explains how skilled hackers find complex and creative bugs using chains of gadgets. TWITTER

🙏 Support

Enjoy reading the Hive Five? You can treat me to a coffee!

You can also share the newsletter with your friends.

💡 Tips

1. Random Robbie on leveraging the wayback machine browser extension. TWITTER

2. Hackers share the little things they’ve picked up along the way that stand out. TWITTER

3. Learn more about these TruffleHog commands: Git vs Filesystem. TRUFFLESECURITY

4. Join Louis as he introduces the power of tabletop exercises in enhancing your application security and team dynamics. YOUTUBE

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @DfirDiva | DFIR Diva | Jr IR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart.

2. @i_bo0om | Bo0oM | Web application security researcher@sploitus_com.

3. @sobedominik | Dominik Sobe | Indie Hacker and Surfer tweeting about bootstrapping SaaS. Sharing my lessons. Currently turning Notion Docs ➯ professional Help Center @HelpkitHQ.

4. @Rhynorater | Justin Gardner | Christian | Full-time Bug Bounty Hunter | 2x HackerOne MVH | Host of @ctbbpodcast | English, 日本語 | ♥️ @mariahchan_ ♥️.

5. @flaviocopes | flavio.

🚀 Productivity

1. How to Give Yourself Time to Think. Whether it’s for a few hours, a few days, or a full week, everyone needs dedicated time to reflect. BESIDE

2. Write about what you learn. It pushes you to understand topics better. ADDYOSMANI

3. Adam on the value of automated checkins to keep a company (or person) focused, and working on the right things. TWITTER

4. TIL that if you hold down CTRL in Windows, the process list in Task Manager freezes so you can select rows without them jumping around. TWITTER

5. Obsidian’s composability of templates will speed up your workflow. TWITTER

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It’s my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. Makefile Tutorial by Example. Chase built this guide because they could never quite wrap my head around Makefiles — me neither! MAKEFILETUTORIAL

2. dnakov/little-rat is a small chrome extension to monitor other extensions’ network calls. GITHUB

3. dillionverma/llm.report is an open-source logging and analytics platform for OpenAI Introduction. GITHUB

4. Why there aren’t more women in STEM. Comms Specialist and STEM/Space Influencer Alexandra shares her story. REDDIT

5. The Problem with Linus Tech Tips: Accuracy, Ethics, & Responsibility. This video covers our serious concerns regarding the data accuracy of Linus Media Group, including Linus Tech Tips, ShortCircuit, and TechQuickie. YOUTUBE

🧠 Wisdom

1. “If you have only one leg to a stool, it’s easy to kick out.” — Dr. Gurner

2. Justin reminds us of the bigger picture: “when you’re learning bug bounty, failing is a small W.” — I agree, and would apply that to all areas of life. TWITTER

3. Steph on creating: “When you have conviction that something should exist in the world, don’t let too many voices dilute that vision.” TWITTER

4. Learning to be okay with not doing bug bounty full-time is something Jason had to learn. TWITTER

💛 Cross-pollination

1. An 800 square feet garden in San Francisco’s Mission District. Planning started in 2015 and we finally planted in January 2017. ZACHKLEIN

2. RetroFlix is a project archiving public domain films, TV shows and cartoons. RETROFLIX

3. Halli talks about why he creates, obsessively, at Kinference in NYC. TWITTER

4. Danny Postma, a prolific solopreneur, shares lessons learned over the years — I liked this one: “Building a successful business is 95% marketing, 5% everything else.” TWITTER

🐝 Fact

“Up until 2010, it was illegal to keep beehives in New York City. Chicago, however, has a city-owned beehive on the roof of City Hall.”

This bee fact is brought to you by The Beekeeper’s Bible: Bees, Honey, Recipes & Other Home Uses.

Subscribe to the Hive Five to read the rest.