- Hive Five
- 🐝 Hive Five 146 - What needs to stay human?
🐝 Hive Five 146 - What needs to stay human?
Greetings from the hive!
While I'm dealing with a sick household, I want to leave you with this quote: "Strive not to be of success, but rather to be of value." — Albert Einstein
Let's take this week by swarm!
🐝 The Bee's Knees
x1trap/websec-answers is a rep that contains in-depth answers for websec interview questions by tib3rius. GITHUB
Matt Brown is an Embedded Security Pentester and Reverse Engineer that loves all things IoT. His YouTube channel shows you hands on examples of IoT hacking and shares insights he's gained from working in embedded security. YOUTUBE
From Akamai to F5 to NTLM... with love. In this post, d3d shows how they were able to abuse Akamai, so they could abuse F5 to steal internal data including authorization and session tokens from their customers. MALICIOUS
Hacking HP Display Monitors via Monitor Control Command Set (CVE-2023-5449). Have you ever wondered how display monitor software can change various settings like brightness over a simple display cable? As it turns out, this relies on a standard protocol that can lead to interesting vulnerabilities. SPACERACCOON
Breaking In: Taelur's Journey from Code to Cybersecurity. Three months ago, she landed her first cybersecurity role after being in software development for over 4 years. She was inspired to code in 2017 when she watched a documentary on Aaron Swartz. TAELURALEXIS
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
PentesterLab released two new code review labs: CVE-2022-XX910 and CVE-2022-342XX. TWITTER
xnl-h4ck3r/waymore v1.28 allows you to find way more from the Wayback Machine. GITHUB
xnl-h4ck3r/knoxnl v2.3 is a python wrapper around the amazing KNOXSS API by Brute Logic. GITHUB
lc/gau v2.2.1 fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. GITHUB
sw33tLie updated bbscope to support Intigriti's recent platform changes. TWITTER
NeovimConf is calling for lightning talks! Show off something neat you've been working on, or share what excited you with the community. TWITTER
HackerOne launched a new Hacktivity. It comes with many new filtering capabilities, powerful search, and better performance. TWITTER
Immunefi launches the Whitehat Awards: a formalized way for security researchers to measure their bug bounty achievements on Immunefi and receive perks as they progress tiers. MEDIUM
A virtual CTF for the hacking community: Intigriti 1337UP LIVE 2023 on Nov 17th. 1st prize receives €1337, 3 x HTB Academy Silver Annual, 3 x 12 Month TCM. INTIGRITI
Valerio turned 28 today. Congrats! TWITTER
Shrirang's first attempt at making roti. Looks delicious! TWITTER
Katie has 1 former and 1 current student who will be speaking at BSides London in December. Keep an eye out for them! TWITTER
Michael rejuvenated 37 mango trees that hadn't born fruit for the past two years. Magnificent! TWITTER
Arkadiy is 1 year sober. Let's go champ! TWITTER
Why getting into Government Technology, and getting a 6-figure job, is easier than you think. YOUTUBE
JXoaT on our ability to shift into new trades (Skill Switching) and find new passions we didn’t know existed. MEDIUM
Breaking Into Cybersecurity: First, choose your specific role such as an analyst, a governance risk and compliance officer, or a penetration tester based on your interests. YOUTUBE
A conversation with DFW Hacker Community Member Emily. She shares invaluable advice for those new to cybersecurity or wanting to start a cybersecurity career. She emphasizes the importance of taking the initiative by gaining real-world experience through internships or volunteer work to build up skills. YOUTUBE
Anne gives two LinkedIn tips for job hunters: make sure your keywords are on point, and post once a week. TWITTER
HackerOne Live Hacking Event Recap in London with Salesforce. Hackers gather in London, U.K. to partner with the Salesforce security team as they work to keep their digital landscape and users safe. YOUTUBE
To CVSS or not to CVSS. That's the question. There was quite the commotion around the following recently disclosed HackerOne report. What are your thoughts? TWITTER
Philippe on amass v4: "I don't understand a thing. Documentation is inaccurate [...]" — Changes in tooling is never my favorite, but hope it works out! Have you tried v4? If so, What are your thoughts? TWITTER
Alex wants to look at some macOS desktop apps and is on the lookout for macOS VPS providers. TWITTER
Caido GitHub issues that could use an upvote: "Add New Convert Workflow Features" and "Search Tab Re-work". TWITTER
Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick (CVE-2023-4634). PATROWL
Compromising F5 BIGIP with Request Smuggling. PRAETORIAN
Hacking Google Bard: From Prompt Injection to Data Exfiltration. When Google’s LLM returns text it can return markdown elements, which Bard will render as HTML. EMBRACETHERED
Operational Information Gathering Methodologies of an Analyst. "In the digital age, intelligence is the double-edged sword that can protect or threaten individual freedom." — Edward Snowden. ALLERTASULWEB
"[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs. DGL
Turn off new default Twitter audio and video calling feature to prevent unwanted interactions. TWITTER
TIL you can enumerate valid email addresses for any G Suite domain with a HTTP request. TWITTER
Anker all the things — While I have a lot of Anker chargers, I haven't gotten this one yet but Scott's recommendations are always solid. I've also yet to purchase the latest iPhone for the USB-C. TWITTER
xnl_h4ck3r shares an alias to clean up empty files in a folder after running recon tools. TWITTER
Mason shares 2 endpoints to add to your wordlist. TWITTER
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@CISAJen | Jen Easterly | Director of CISA—America’s Cyber Defense Agency. Veteran. 80s music & art lover. Proud mom & wife.
@taylorotwell | Taylor Otwell | Founded and creating Laravel for the happiness of all sentient beings, especially developers. Space pilgrim.
@sushiwushi2 | iamsushi | Smart contract auditor, I find false positives.
@shehackspurple | Tanya Janca | Best-selling author of Alice and Bob Learn Application Security. #AppSec & sec coding training | she/her.
@skypackjs | Skypack (prev. pika) | Move the web forward.
8 Time Management Tips for Busy People from Jeff Su, Product Marketer at Google and YouTuber. YOUTUBE
The ideal NaNoWriMo Obsidian setup that enables you to write 1700 words a day. YOUTUBE
Anne-Laure and Nick discuss the concept of combinational creativity and how it can lead to new and innovative ideas. Anne-Laure is the founder of Ness Labs and ex-Googler. She holds an MSc in Neuroscience, and has been featured in WIRED, Rolling Stone, and more. YOUTUBE
7 Twitter Thread Templates that Nicolas used to write over 200 threads. TWITTER
Wes on lazy vs rigorous thinking, an organizational force multiplier that allows your team to produce higher quality work, faster, even when resources are limited. TWITTER
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
Organizing multiple Git identities (e.g. personal, work, client1, client2). For every identity, you keep a separate gitconfig file and include it in the main
Interviewing with Fortune 500 and big tech using Live AI transcription + ChatGPT. What could go wrong? TWITTER
Kepano on fearmongering lobby and regulatory capture of centralized AI: "it's essential that we establish digital human rights [...] these rights belong to individuals." TWITTER
An interactive collection of internet artifacts through history. NEAL
Bashbunni on not needing an expensive computer to start programming or hacking. TWITTER
Pieter shares a PSA that most awards, certifications, and press features are pay-to-play, including Webby awards and 30 under 30 lists. TWITTER
Alex on things you DON'T need to do what's required of you. TWITTER
What people do when they don't feel motivated to keep hacking. TWITTER
Christina Garnett: the question shouldn't be "what do we automate?", it should be "what needs to stay human?" LINKEDIN
The USDA has a meal plan called MyPlate that shows your food group targets, what and how much to eat within your calorie allowance. Your food plan is personalized, based on your: age, sex, height, weight, physical activity level. MYPLATE
My best friend died and this is for him. Sam wrote this post as therapy for himself. He just lost his dog, who he loved terribly. THEANTIMBA
How Sarah bought a multi-million dollar egg carton business for $0. A wild story of being a troubled teen, making it to Harvard Business School, and buying a multi-million dollar business with $0 and no experience. YOUTUBE
Type 1 is a short film about a Type 1 diabetic and his wife on a search for insulin - before it's too late. YOUTUBE
Rage Against the Machine delivers a fitting Hall of Fame induction speech: "Aim for the world you really want, without compromise or apology [...]" TWITTER
An ideal out-apiary is easily accessible by vehicle. It is far better not to have to lift heavy boxes over fences to get them back to the vehicle. The out-apiary should have room for a reasonable number of hives to make visits economical and have extra space for spare hives and equipment. If your out-apiary is in the corner of a field with livestock, construct a fence around the hives. A beehive makes an ideal scratching post for sheep, cows, or horses, but if knocked over can have disastrous consequences.
This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In