- Hive Five
- Posts
- š Hive Five 141 - Thereās work and thereās your lifeās work
š Hive Five 141 - Thereās work and thereās your lifeās work
Hi friends,
Greetings from the hive!
āThereās work and thereās your lifeās work.ā
Introspection and reflection show me that my ikigai is to create meaningful digital experiences that enhance peopleās lives.
Iāve ran away from it, ignored it, and even straight-up avoided it in the past.
Now, itās time to break the pattern.
2023 is 75% complete. What are you waiting for?
Letās take this week by swarm!
š The Beeās Knees
The Bug Bounty Podcast is back with itās 215th episode: DEF CON, HardwearIO, Broken Caching, and Dropping Headers. YOUTUBE
The story behind archive[.]today: On the trail of the mysterious guerrilla archivist of the Internet. GYROVAGUE
RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044). Over the last year or so, weāve seen the mass exploitation of managed file transfer software. From GoAnywhere MFT, MOVEIt, and Assetnotesā own work on Citrix Sharefile. ASSETNOTE
Exploiting HTTP Parsers Inconsistencies. Unveiling Vulnerabilities in HTTP Parsers: Exploiting Inconsistencies for Security Breaches. HASHNODE
Illwill brings us down memory lane by sharing the complete source code to Sub7 2.1.3 before their talk at BSides CT. Sub7 or SubSeven is a (RAT) Remote Access Trojan horse program originally released in 1999. GITLAB
Which Beeās Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
ļøšŖ Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
š„ Buzzworthy
ā Changelog
The latest version of bbscope contains several improvements, including a fix for the HackerOne 1K scope elements limit per program. TWITTER
Noir v0.9.0 added a new flag and more. GITHUB
DOMPurify 3.0.6 is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. GITHUB
Obsidian made it into the latest Trace Labs OSINT VM. GITHUB
š News
š Celebrate
James is starting as a SOC analyst soon. Letās go! TWITTER
Zseano hit 10K reputation on HackerOne. Congrats! TWITTER
BattleAngel received some dope HERO Recognition swag from Synack. Looking good! TWITTER
003random ported his old blog to a new environment. Looking good! TWITTER
Bishal joined the Bugcrowd top 10 leaderboard for the first time in his journey. TWITTER
š° Career
The Feel-Good Business Model: How to Make Money While Being Happy. YOUTUBE
What to do after earning your first cybersecurity certificate. TWITTER
Roadmap[.]sh now has a roadmap editor that allows you to create your own. TWITTER
Thomas Frank sharing his accomplishments ā If you have a vision, donāt listen to people who you wouldnāt take advice from. Blaze your own trail. TWITTER
ā”ļø Community
š° Read
A design flaw in Riot Vanguard could allow arbitrary user to acquire a full privileged process handle. GITHUB
Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity (JetBrains). SONARSOURCE
Client-side JavaScript Instrumentation. There is a ton of code that is not worth your time and brain power. Binary reverse engineers commonly skip straight to the important code by using ltrace, strace, or frida. You can do the same for client side JavaScript using only common browser features. DOYENSEC
Basic OPSEC tips & Tricks for OSINt researchers. DUTCHOSINTGUY
šÆ Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@ArmanSameer95 | TESS | Application Security Researcher | ex @pdiscoveryio.
@ThisIsDK999 | Debangshu | In it for the thrill and the bills | Top 200 @bugcrowd.
@ropnop | Ronnie Flathers | security engr, pentester, researcher. i sometimes blog and code based on motivation/caffeine levels. Principal Security Engineer @Marqeta.
@searchbound | Peter Askew | Domain name investor turned onion farmer, ranch employer, etal | Tall trees grow slow.
@val_brux | Valerio Brussani | Agonistic Hacker breaking web & mobile software stuff @nozeroio | SRT-Envoy @SynackRedTeam / Lead Pentester @Cobalt_io | @BugCrowd @Hacker0x01 | CTF @mhackeroni.
š Productivity
If you click and hold the ā=ā on the iPhone, it will give you the āā ā. TWITTER
Jason on getting things done: āThe best way to get better and go faster is to work from the real thing. Not mockups, not wirframes, not sketches, not descriptions.ā TWITTER
The Surprising Benefits of Laziness. In the wild, conserving energy was a survival tactic, leading us to instinctively choose the path of least resistance. YOUTUBE
How to quickly get to the important truth inside any Privacy Policy. THEMARKUP
RikunjSindhwad/Task-Ninja is a versatile and extensible task automation framework designed to simplify and streamline your workflow. GITHUB
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. Itās my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
š Technology
An interview with, Yoel Roth, former Head of Trust and Safety at Twitter an hour before Linda Yaccarino, current X CEO, took the stage. YOUTUBE
Things Simon learned about building CLI tools in Python, including a cookiecutter template. SIMONWILLISON
AI | UX: Beyond the Textbox. In early April, a conversation swyx had snowballed into a SF meetup centered around joint interests as UX people crossing over into AI. YOUTUBE
Prompt-visual injection, Bingās captcha got captchaād. TWITTER
š§ Wisdom
Maddie with a mic drop slide: āAttackers will only do what is necessary to accomplish their goal. Make them hack you with 0-days.ā GITHUB
DHH on small bets: āYou can get excited about a business bet without risking everything on it.ā TWITTER
Nathaniel on not listening to people who try to define your ceiling. TWITTER
TESS reminding us that good health is the greatest wealth ā Someone close to me is dealing with severe health issues and I couldnāt agree more. Itās so easy to take for granted. TWITTER
David on optimizing for taste: āThe strength of making a decision is making it. You can always make a new one later. Choose the obvious path forward, and if you donāt see one, find someone who does.ā CRAMR
š Cross-pollination
A heartfelt and in-depth post of someone who has to close their business after 18 years. REDDIT
Looking for reading materials? Check out the Commandant of the Marine Corps Reading List. The USMC Reading List contains 50 books and is broken up into Profession Of Arms, innovation, Leadership, Strategy, CMC Choice, Fundamentals, podcasts & Periodicals. DODREADS
This speech by Charlie Munger: Psychology of human misjudgement is life changing according to Andrew. TWITTER
Favorite travel accessories, long haul plane flight tips, jetlag ideas, and general travel insights from a one bag travel pro. YOUTUBE
š Fact
EMERGENCY QUEENS
If a colony becomes queenless, perhaps because the queen dies unexpectedly, then the colony can raise a new queen on worker larvae that are up to four days old. These larvae are developing in worker cells but by changing their diet to one of royal jelly throughout the larval stage, they will develop into queens. In this case, the cells are elongated to house the larger insect but they are built out from a worker cell within the comb rather than from the specially constructed queen cell cups on the face of the comb, and appear shorter than normal queen cells.
They are known as emergency queen cells.
This bee fact is brought to you by The Beekeeperās Bible: Bees, Honey, Recipes & Other Home Uses.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- ā¢ Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- ā¢ Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- ā¢ EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- ā¢ MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- ā¢ Deep DISCOUNTS on paid content.
- ā¢ Experience continuously added NEW BENEFITS.