🐝 Hive Five 142 - Hacking Full Time

Hi friends,

Greetings from the hive!

Let’s take this week by swarm!

🐝 The Bee’s Knees

1. SQL Injecting Beyond Strict Filters: Union without comma. Can it be done? IppSec dives in. YOUTUBE

2. Bridging the Gap: Integrating Digital Forensics with Open-Source Intelligence (Keynote). Explore how Artificial Intelligence and Machine Learning (AI/ML) can supercharge the efficiency of our analysis. YOUTUBE

3. Hacking Full Time with NahamSec. This blog post gives you insight into his career, transitioning to working for himself, and he even discusses planning, finances, and execution. NAHAMSEC| VIDEO

4. Patrik launched an open-source Practical Bug Bounty project. The platform is designed to help users discover bug bounty-related videos, organized into categories, offering a curriculum-like experience. GITHUB

5. The Cybears open-sourced all of the challenges from the Cybears 2023 CTF. You can find all of the code and walkthroughs here. GITLAB

Which Bee’s Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)! 👉 Share on X

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. GreyNoise released Sift, an automated treat hunting experience curating a report of new + interesting traffic observed by GreyNoise sensors daily after doing much of the analysis and triage work itself. TWITTER

2. gwen001/cloudflare-origin-ip v1.1.4 tries to find the origin IP of a webapp protected by Cloudflare. GITHUB

3. j3ssie/metabigor v1.2.6 is an intelligence tool, its goal is to do OSINT tasks and more but without any API key. GITHUB

4. jq 1.7 is its first new release in five years! The project has moved from a solo maintainer to a new team with a dedicated GitHub organization. A ton of new features in this release. GITHUB

5. FleexSecurity/fleex v2.0 brings significant updates and improvements to Fleex. Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads. GITHUB

📅 News

1. Truffle Security is holding a Detector Competition with great prizes for HackToberFest. TWITTER

2. You won’t be able to use Discord as your filehost by the end of the year. ALICORN

3. Kuromatae launched his new blog. You will find here all the things they want to share like write-ups and tools. HKS

4. The AI Summit is underway, Day 1 and Day 2 will be livestreamed (10/9 + 10/10) and recorded. YOUTUBE

🎉 Celebrate

1. NahamSec reached 100K subscribers on YouTube. Congrats! TWITTER

2. Abiral hit 20K reputation points on HackerOne. Let’s go! TWITTER

3. Sentry has funded 1,922 of their 2,015 direct dependencies. They have given more than $300K to open source software since March 2021. Amazing! TWITTER

4. Meg is off on another backpacking adventure. Have fun! TWITTER

5. Wlayzz joined the top 100 hacker on YesWeHack. Woot! TWITTER

💰 Career

1. Return to office is bullshit and everyone knows it: “Trust arrives on foot, but leaves on horseback.” — Dutch proverb. SOATOK

2. When it comes to business, many developer-turned-small-business-owners, are really quite green. Jeffrey shares his journey and reassures you that you’ll figure it out. LARACASTS

3. The $645,099 business pivot. Life can come atcha pretty quickly. In January of 2023 RadReads got hit by a quadruple-whammy. RADREADS

⚡️ Community

1. TomNomNom found images of his old desk setup and desktop — I wish I still had mine with that sleek Winamp skin! TWITTER

2. Jason strives to be elite in other areas other than hacking. TWITTER

3. Emily received her first challenge coin ever, and it’s a speaker ops goon coin! So cool. TWITTER

📰 Read

1. Exploring the human side of cybersecurity, this post delves into personal stories, industry challenges, and the urgent need for innovation and collaboration. “Take risks, innovate fearlessly, stay human. The future needs you.” HAKLUKE

2. A Real OSINT Case: Uncovering a Hacker Group. OSINT investigations are like intricate puzzles that require meticulous research, often leading to a maze of different paths. SOCIALLINKS

3. Thousands of GitHub Comments Leak Live API Keys. Unlike accidentally committing a secret to git, GitHub users are inserting passwords into text boxes and publicly posting them for all to see. TRUFFLESECURITY

4. Translating Latin demonology manuals with GPT-4 and Claude. LLM-assisted translation and analysis of primary sources will end up being an extremely useful tool for historical researchers and translators. But it will be just that: a tool. Not a replacement. SUBSTACK

💡 Tips

1. You can execute a CSRF attack by changing a POST request with body params to a GET request with query string params. TWITTER

2. Jack: “Remember when you did something hard that you doubted you could even do it? Remember that next time.” TWITTER

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @moxie | Moxie Marlinspike | Founder @signalapp.

2. @cybersecmeg | meg west | CISSP | CCSP | MSc Cybersecurity | X-Force Cybersecurity Incident Responder @IBMSecurity | Tweets about dogs & tacos & APTs, oh my.

3. @gkhck_ | 0x496 | Senior Information Security Engineer.

4. @Nephastieke | Nephastieke | Founder of CyberSKool, Pen Tester, awesome female superhero! Belgian geek and beer lover. Part-time godzilla.

5. @_staaldraad | @[email protected] | Security researcher and breaker of things.

🚀 Productivity

1. 10 ONE-MINUTE Email Habits for Productivity. YOUTUBE

2. How a seasoned Obsidian user would begin again in Obsidian. YOUTUBE

3. Bryan’s fully automated daily note review system in Obsidian — I’ve implemented this immediately. YOUTUBE

4. Use ChatGPT to set clear learning goals that exceed most expensive coaching advice. TWITTER

5. Vitalik’s 40-liter backpack travel guide. VITALIK

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It’s my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. Can You Use a Laptop as a Home Server? Wolfgang finds out. YOUTUBE

2. Neovim & Extensibility is TJ’s recent talk from Jane Street, filled with live demos and examples. YOUTUBE

3. “The intelligence coup of the century” - U.S. and German intelligence agencies partnered on a scheme to dupe dozens of nations into buying rigged encryption systems — taking their money and stealing their secrets. WASHINGTONPOST

4. A list of the lines of codes of popular apps and games, such as WoW 5.5 million vs Telegram’s 50K — I don’t know where these numbers are from, so take it with a grain of salt. TWITTER

5. This one made me chuckle, Dion asks: “What is the name for the size a company gets when the company laptop becomes fully managed and you can’t use the apps that have made you productive no mo?” TWITTER

🧠 Wisdom

1. Steph on to stop limiting yourself because your concern of other people’s vision of you. TWITTER

2. Alex on the cons of building on platforms you have zero control over. TWITTER

3. Steve Jobs on memento mori: “[…] avoid the trap of thinking you have something to lose.” TWITTER

4. Every year, David reads fewer and fewer books, but goes deeper and deeper on the books he does choose — Do less, better. TWITTER

5. “No one’s complaining” so it fine. “No one” really means “no one has complained to you”. It doesn’t mean no one is complaining to someone else, somewhere else. HEY

💛 Cross-pollination

1. These are the best and worst banks to use according to “How to Get Rich” host Ramit. TWITTER

2. Ask HN: What software did you purchase that positively impacted your family life — Answers range from Kagi (paid search engine) to Google Photos. YCOMBINATOR

3. “I realized then the importance of selling. That no matter what you have—if you have a podcast, if you have a movie, if you have a painting, if you have a car, a technology, a medicine, whatever it is—if people don’t know about it, you have nothing.” — @schwarzenegger INSTAGRAM

4. When something mildly interesting happens Nick makes a note of it in his phone. Once the list reaches 10 things, he calls his grandfather — What a great way to make notes actionable! TWITTER

🐝 Fact

If you suddenly acquire bees that have little or no food, you can feed them during the winter by buying candy or fondant, often in large blocks, available from equipment suppliers or from a home bakery. The easiest way to cut off a large slice is to use a wet knife and keep wetting it as you cut. Remove the hive’s inner cover and place the candy on top of the frames, directly over the cluster of bees. Cover it with something like a plastic food tray followed by insulation such as news-paper. Surround it with an empty super and replace the inner cover and cover.

This bee fact is brought to you by The Beekeeper’s Bible: Bees, Honey, Recipes & Other Home Uses.

Subscribe to the Hive Five to read the rest.