• Hive Five
  • Posts
  • šŸ Hive Five 141 - Thereā€™s work and thereā€™s your lifeā€™s work

šŸ Hive Five 141 - Thereā€™s work and thereā€™s your lifeā€™s work

Author

Bee
October 02, 2023

Hi friends,

Greetings from the hive!

ā€œThereā€™s work and thereā€™s your lifeā€™s work.ā€

Apple

Introspection and reflection show me that my ikigai is to create meaningful digital experiences that enhance peopleā€™s lives.

Iā€™ve ran away from it, ignored it, and even straight-up avoided it in the past.

Now, itā€™s time to break the pattern.

2023 is 75% complete. What are you waiting for?

Letā€™s take this week by swarm!

šŸ The Beeā€™s Knees

  1. The Bug Bounty Podcast is back with itā€™s 215th episode: DEF CON, HardwearIO, Broken Caching, and Dropping Headers. YOUTUBE

  2. The story behind archive[.]today: On the trail of the mysterious guerrilla archivist of the Internet. GYROVAGUE

  3. RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044). Over the last year or so, weā€™ve seen the mass exploitation of managed file transfer software. From GoAnywhere MFT, MOVEIt, and Assetnotesā€™ own work on Citrix Sharefile. ASSETNOTE

  4. Exploiting HTTP Parsers Inconsistencies. Unveiling Vulnerabilities in HTTP Parsers: Exploiting Inconsistencies for Security Breaches. HASHNODE

  5. Illwill brings us down memory lane by sharing the complete source code to Sub7 2.1.3 before their talk at BSides CT. Sub7 or SubSeven is a (RAT) Remote Access Trojan horse program originally released in 1999. GITLAB

Which Beeā€™s Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

ļøšŸ’Ŗ Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

šŸ”„ Buzzworthy

āœ… Changelog

  1. The latest version of bbscope contains several improvements, including a fix for the HackerOne 1K scope elements limit per program. TWITTER

  2. Noir v0.9.0 added a new flag and more. GITHUB

  3. DOMPurify 3.0.6 is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. GITHUB

  4. Obsidian made it into the latest Trace Labs OSINT VM. GITHUB

šŸ“… News

  1. Yahoo picks Intigriti to run their bug bounty program. TWITTER

  2. HackerOne removed the $10K transaction limit for bank transfers. TWITTER

  3. Caido Pro is now free for all students. TWITTER

  4. Huntress is hosting a free online CTF. Theyā€™re releasing new challenges every single day of October. TWITTER

šŸŽ‰ Celebrate

  1. James is starting as a SOC analyst soon. Letā€™s go! TWITTER

  2. Zseano hit 10K reputation on HackerOne. Congrats! TWITTER

  3. BattleAngel received some dope HERO Recognition swag from Synack. Looking good! TWITTER

  4. 003random ported his old blog to a new environment. Looking good! TWITTER

  5. Bishal joined the Bugcrowd top 10 leaderboard for the first time in his journey. TWITTER

šŸ’° Career

  1. The Feel-Good Business Model: How to Make Money While Being Happy. YOUTUBE

  2. What to do after earning your first cybersecurity certificate. TWITTER

  3. Roadmap[.]sh now has a roadmap editor that allows you to create your own. TWITTER

  4. Thomas Frank sharing his accomplishments ā€” If you have a vision, donā€™t listen to people who you wouldnā€™t take advice from. Blaze your own trail. TWITTER

āš”ļø Community

  1. Patrik included ntfy, a self-hosted notification server, in his automation setup and he loves it. TWITTER

  2. Andy shares a DMCA takedown notice for a tool and its forks ā€” Iā€™m not a fan. TWITTER

  3. HackerOne accidentally revoked everyoneā€™s Clear status, but it has since been resolved. TWITTER

šŸ“° Read

  1. A design flaw in Riot Vanguard could allow arbitrary user to acquire a full privileged process handle. GITHUB

  2. Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity (JetBrains). SONARSOURCE

  3. Client-side JavaScript Instrumentation. There is a ton of code that is not worth your time and brain power. Binary reverse engineers commonly skip straight to the important code by using ltrace, strace, or frida. You can do the same for client side JavaScript using only common browser features. DOYENSEC

  4. Basic OPSEC tips & Tricks for OSINt researchers. DUTCHOSINTGUY

šŸÆ Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @ArmanSameer95 | TESS | Application Security Researcher | ex @pdiscoveryio.

  2. @ThisIsDK999 | Debangshu | In it for the thrill and the bills | Top 200 @bugcrowd.

  3. @ropnop | Ronnie Flathers | security engr, pentester, researcher. i sometimes blog and code based on motivation/caffeine levels. Principal Security Engineer @Marqeta.

  4. @searchbound | Peter Askew | Domain name investor turned onion farmer, ranch employer, etal | Tall trees grow slow.

  5. @val_brux | Valerio Brussani | Agonistic Hacker breaking web & mobile software stuff @nozeroio | SRT-Envoy @SynackRedTeam / Lead Pentester @Cobalt_io | @BugCrowd @Hacker0x01 | CTF @mhackeroni.

šŸš€ Productivity

  1. If you click and hold the ā€œ=ā€ on the iPhone, it will give you the ā€œā‰ ā€. TWITTER

  2. Jason on getting things done: ā€œThe best way to get better and go faster is to work from the real thing. Not mockups, not wirframes, not sketches, not descriptions.ā€ TWITTER

  3. The Surprising Benefits of Laziness. In the wild, conserving energy was a survival tactic, leading us to instinctively choose the path of least resistance. YOUTUBE

  4. How to quickly get to the important truth inside any Privacy Policy. THEMARKUP

  5. RikunjSindhwad/Task-Ninja is a versatile and extensible task automation framework designed to simplify and streamline your workflow. GITHUB

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. Itā€™s my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

šŸŒ Technology

  1. An interview with, Yoel Roth, former Head of Trust and Safety at Twitter an hour before Linda Yaccarino, current X CEO, took the stage. YOUTUBE

  2. Things Simon learned about building CLI tools in Python, including a cookiecutter template. SIMONWILLISON

  3. AI | UX: Beyond the Textbox. In early April, a conversation swyx had snowballed into a SF meetup centered around joint interests as UX people crossing over into AI. YOUTUBE

  4. Prompt-visual injection, Bingā€™s captcha got captchaā€™d. TWITTER

šŸ§  Wisdom

  1. Maddie with a mic drop slide: ā€œAttackers will only do what is necessary to accomplish their goal. Make them hack you with 0-days.ā€ GITHUB

  2. DHH on small bets: ā€œYou can get excited about a business bet without risking everything on it.ā€ TWITTER

  3. Nathaniel on not listening to people who try to define your ceiling. TWITTER

  4. TESS reminding us that good health is the greatest wealth ā€” Someone close to me is dealing with severe health issues and I couldnā€™t agree more. Itā€™s so easy to take for granted. TWITTER

  5. David on optimizing for taste: ā€œThe strength of making a decision is making it. You can always make a new one later. Choose the obvious path forward, and if you donā€™t see one, find someone who does.ā€ CRAMR

šŸ’› Cross-pollination

  1. A heartfelt and in-depth post of someone who has to close their business after 18 years. REDDIT

  2. Looking for reading materials? Check out the Commandant of the Marine Corps Reading List. The USMC Reading List contains 50 books and is broken up into Profession Of Arms, innovation, Leadership, Strategy, CMC Choice, Fundamentals, podcasts & Periodicals. DODREADS

  3. This speech by Charlie Munger: Psychology of human misjudgement is life changing according to Andrew. TWITTER

  4. Favorite travel accessories, long haul plane flight tips, jetlag ideas, and general travel insights from a one bag travel pro. YOUTUBE

šŸ Fact

EMERGENCY QUEENS

If a colony becomes queenless, perhaps because the queen dies unexpectedly, then the colony can raise a new queen on worker larvae that are up to four days old. These larvae are developing in worker cells but by changing their diet to one of royal jelly throughout the larval stage, they will develop into queens. In this case, the cells are elongated to house the larger insect but they are built out from a worker cell within the comb rather than from the specially constructed queen cell cups on the face of the comb, and appear shorter than normal queen cells.

They are known as emergency queen cells.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.