- Hive Five
- Posts
- 🐝 Hive Five 145 - Using Discord Bots for OSINT Investigations
🐝 Hive Five 145 - Using Discord Bots for OSINT Investigations
Hi friends,
Greetings from the hive!
Juggling a lot of stuff at home but we keep on moving forward. I hope you're well 🙏
Let's take this week by swarm!
🐝 The Bee's Knees
After Okta was breached, they recommended sanitizing all credentials and cookies/session tokens within HAR files—Cloudflare said: hold my beer, and released such a tool. CLOUDFLARE
The Beginner's Guide to Blind XSS (Cross-Site Scripting). YOUTUBE
Pieter Levels: The Indie Hacker’s Guide to AI Startups. He claims that "Indie Hacking is dead." Yet, Pieter runs several indie AI startups (and a few traditional ones), totaling $250,000 in revenue every month. YOUTUBE
HITB2023HKT D2T1 talk by Yassine Aboukir: Hunting For Amazon Cognito Security Misconfigurations. YOUTUBE
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966. It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway. ASSETNOTE
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🔥 Buzzworthy
✅ Changelog
lc/gau v2.2.0 fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. GITHUB
hahwul/noir v0.10.0 is an attack surface detector form source code. GITHUB
Detectify Crowdsource is enhancing its reward system with more continuous and lucrative payouts. TL;DR: Starting November 1, 2023, the reward for each time a submitted module is found in customers’ assets (pay-per-hit) will be doubled for critical, high, and medium severity modules, while fixed payouts will be phased out. DETECTIFY
📅 News
X Engineering shares their accomplishments in what they call a year full of engineering excellence. TWITTER
Semgrep launched Semgrep Secrets, their secrets detection solution that enables security teams to detect sensitive credentials in code that other solutions miss while integrating directly within the developer workflows. SEMGREP
🎉 Celebrate
kai has entered the arena. He soft launched his new cybersecurity firm: Protexity. Congrats! TWITTER
Back in August 2023, TESS took his brother to HackerOne's Live Hacking Event. Now, he's finding bugs all on his own on giant programs. Love it! TWITTER
Katie joined TraceableAI as an API security content creator. Woohoo! TWITTER
Mason says there's no better feeling than triaging someone's first crit. My favorite, uplift and celebrate! TWITTER
💰 Career
Day in My Tech Life with Teneika Askew GS-15 GovTech Data Engineer by 30. YOUTUBE
Blake was laid off. If anyone is needs a red teamer with 7 years of experience who loves what they do, DM them! TWITTER
What computer science majors should REALLY be doing, according to Beez: GovTech. YOUTUBE
An interview with Shenetworks: leveraging content creation to build a career in Cybersecurity. YOUTUBE
Jobs
⚡️ Community
How insiderPhD made her animated VTuber avatar. SUBSTACK
Allegedly, an intern at offsec is claiming others' exploits as his own. TWITTER
Meg did an AMA on Twitter. She's 27, worked in cybersecurity for 6 years, has her masters in cybersecurity, has traveled to nearly 30 countries, and has lost over 90 pounds of weight. TWITTER
Some delicious puns by Adam in the new Hacking Hub: Mega Bites for learning Blind XSS. TWITTER
enleak is looking for a OSCP study partner. Hit 'em up! TWITTER
📰 Read
Oh-Auth: Abusing OAuth to take over millions of accounts. Hackers could take over millions of accounts on Grammarly, Vidio and Bukalapak. SALT
Revisiting an Old Bug: File Upload to Code Execution CVE-2021-27198. SECURIFERA
CVE-2023-22515: Broken Access Control Vulnerability in Confluence Data Center and Server. S1R1US
Infra writeup of DownUnderCTF 4.0 which ran on the weekend of the 1-3 September. DOWNUNDERCTF
DOM-based race condition: racing in the browser for fun. RYOTAK
💡 Tips
Does Frans have a shell? DOESFRANSHAVEASHELL
Justin shares some takeaways from the past two live hacking events, which are unparalleled learning environments. TWITTER
Whenever you put something away in a new or different place, write it down. TWITTER
🍯 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@vict0ni | Viktor Vaughn | Said to James Bond my name is Viktor, Viktor Vaughn.
@notdan | genuinely flawed satire.
@JoshCGrossman | Josh Grossman (tghosth) | Your friendly AppSec Ghost | @OWASP_IL | @OWASP_ASVS.
@TheGrandPew | Pew | 18 Year Old Websec dude, plays ctf with @Water_PaddlerBlackhat and Defcon 22 speaker. Security / Vulnerability Researcher @assetnote, Blockchain @osec_io.
@timurguvenkaya | Timur Guvenkaya | Co-founder & CTO of (soon) | Building & Leading top engineering teams | Building and auditing protocols on EVM/@substrate_io/@NEARProtocol | Ex @HalbornSecurity.
🚀 Productivity
zidoro/pomatez is a free elegant multi-platform Pomodoro desktop app to boost your productivity released under the MIT license. GITHUB
Examine what puts and keeps you in flow. Now, set up systems to streamline it, says Dr. Julie. TWITTER
A beginners tutorial for one of my most used Obsidian plugin: Dataview. It's a high-performance data index and query language. YOUTUBE
Fireside Chat with @kepano, CEO of Obsidian. In this session, you will learn: How Kepano got involved with Obsidian, how the Obsidian team uses Obsidian, and more. YOUTUBE
The best way to use Obsidian Canvas: Hub Note Explained. YOUTUBE
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
🌐 Technology
blame.email: a client-side one-way email generator. BLAME
homeport/termshot is a terminal screenshot tool, which takes the console output and renders an output image that resembles a user interface window. GITHUB
Astro Web Framework Crash Course. Astro is an all-in-one web framework for building fast, content-focused websites like landing pages, blogs, technical documentation, and more. YOUTUBE
denandz/sourcemapper extracts JavaScript source trees from Sourcemap files. GITHUB
openai/web-crawl-q-and-a-example teaches you how to crawl your website and build a Q/A bot with the OpenAI API. GITHUB
🧠 Wisdom
All voices matter: "We hope for a world where dialogue is encouraged, where diverse opinions are respected, and where justice is non-negotiable." TWITTER
Mark Manson on competence: "Competence is how good you are when there is something to gain. Character is..." TWITTER
Paul on superlinear returns. Teachers and coaches implicitly told us the returns were linear. "You get out," I heard a thousand times, "what you put in." They meant well, but this is rarely true... PAULGRAHAM
Dr. Julie wants you to ask yourself: "What is the one thing that would really level up your performance in this space?" and start doing that thing. TWITTER
On the importance of curation in the creative process: "You’re not lacking creativity, you’re overwhelmed." THEJORGEMEDINA
💛 Cross-pollination
An Illustrated Guide to Plastic Straws. If you don't know the exact location where your plastic is recycled, throw it in the regular garbage instead — I had no idea recycling was shipped to overseas...with devastating impact. SUBSTACK
Molding a Champion: Battle of the Baddest—Mike Tyson training Francis Ngannou. YOUTUBE
Map of the Best: Collection of the world's best restaurants and bars. MAPOFTHEBEST
Never overpay online again. Stores mark up their products. Spoken finds the same product elsewhere, for less. Stop paying more for the same thing. SPOKEN
🐝 Fact
This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.