🐝 Hive Five 146 - What needs to stay human?

Hi friends,

Greetings from the hive!

While I'm dealing with a sick household, I want to leave you with this quote: "Strive not to be of success, but rather to be of value." — Albert Einstein

Let's take this week by swarm!

🐝 The Bee's Knees

1. x1trap/websec-answers is a rep that contains in-depth answers for websec interview questions by tib3rius. GITHUB

2. Matt Brown is an Embedded Security Pentester and Reverse Engineer that loves all things IoT. His YouTube channel shows you hands on examples of IoT hacking and shares insights he's gained from working in embedded security. YOUTUBE

3. From Akamai to F5 to NTLM... with love. In this post, d3d shows how they were able to abuse Akamai, so they could abuse F5 to steal internal data including authorization and session tokens from their customers. MALICIOUS

4. Hacking HP Display Monitors via Monitor Control Command Set (CVE-2023-5449). Have you ever wondered how display monitor software can change various settings like brightness over a simple display cable? As it turns out, this relies on a standard protocol that can lead to interesting vulnerabilities. SPACERACCOON

5. Breaking In: Taelur's Journey from Code to Cybersecurity. Three months ago, she landed her first cybersecurity role after being in software development for over 4 years. She was inspired to code in 2017 when she watched a documentary on Aaron Swartz. TAELURALEXIS

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. PentesterLab released two new code review labs: CVE-2022-XX910 and CVE-2022-342XX. TWITTER

2. xnl-h4ck3r/waymore v1.28 allows you to find way more from the Wayback Machine. GITHUB

3. xnl-h4ck3r/knoxnl v2.3 is a python wrapper around the amazing KNOXSS API by Brute Logic. GITHUB

4. lc/gau v2.2.1 fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. GITHUB

5. sw33tLie updated bbscope to support Intigriti's recent platform changes. TWITTER

📅 News

1. NeovimConf is calling for lightning talks! Show off something neat you've been working on, or share what excited you with the community. TWITTER

2. HackerOne launched a new Hacktivity. It comes with many new filtering capabilities, powerful search, and better performance. TWITTER

3. Immunefi launches the Whitehat Awards: a formalized way for security researchers to measure their bug bounty achievements on Immunefi and receive perks as they progress tiers. MEDIUM

4. A virtual CTF for the hacking community: Intigriti 1337UP LIVE 2023 on Nov 17th. 1st prize receives €1337, 3 x HTB Academy Silver Annual, 3 x 12 Month TCM. INTIGRITI

🎉 Celebrate

1. Valerio turned 28 today. Congrats! TWITTER

2. Shrirang's first attempt at making roti. Looks delicious! TWITTER

3. Katie has 1 former and 1 current student who will be speaking at BSides London in December. Keep an eye out for them! TWITTER

4. Michael rejuvenated 37 mango trees that hadn't born fruit for the past two years. Magnificent! TWITTER

5. Arkadiy is 1 year sober. Let's go champ! TWITTER

💰 Career

1. Why getting into Government Technology, and getting a 6-figure job, is easier than you think. YOUTUBE

2. JXoaT on our ability to shift into new trades (Skill Switching) and find new passions we didn’t know existed. MEDIUM

3. Breaking Into Cybersecurity: First, choose your specific role such as an analyst, a governance risk and compliance officer, or a penetration tester based on your interests. YOUTUBE

4. A conversation with DFW Hacker Community Member Emily. She shares invaluable advice for those new to cybersecurity or wanting to start a cybersecurity career. She emphasizes the importance of taking the initiative by gaining real-world experience through internships or volunteer work to build up skills. YOUTUBE

5. Anne gives two LinkedIn tips for job hunters: make sure your keywords are on point, and post once a week. TWITTER

⚡️ Community

1. HackerOne Live Hacking Event Recap in London with Salesforce. Hackers gather in London, U.K. to partner with the Salesforce security team as they work to keep their digital landscape and users safe. YOUTUBE

2. To CVSS or not to CVSS. That's the question. There was quite the commotion around the following recently disclosed HackerOne report. What are your thoughts? TWITTER

3. Philippe on amass v4: "I don't understand a thing. Documentation is inaccurate [...]" — Changes in tooling is never my favorite, but hope it works out! Have you tried v4? If so, What are your thoughts? TWITTER

4. Alex wants to look at some macOS desktop apps and is on the lookout for macOS VPS providers. TWITTER

5. Caido GitHub issues that could use an upvote: "Add New Convert Workflow Features" and "Search Tab Re-work". TWITTER

📰 Read

1. Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick (CVE-2023-4634). PATROWL

2. Compromising F5 BIGIP with Request Smuggling. PRAETORIAN

3. Hacking Google Bard: From Prompt Injection to Data Exfiltration. When Google’s LLM returns text it can return markdown elements, which Bard will render as HTML. EMBRACETHERED

4. Operational Information Gathering Methodologies of an Analyst. "In the digital age, intelligence is the double-edged sword that can protect or threaten individual freedom." — Edward Snowden. ALLERTASULWEB

5. ""?! ANSI Terminal security in 2023 and finding 10 CVEs. DGL

💡 Tips

1. Turn off new default Twitter audio and video calling feature to prevent unwanted interactions. TWITTER

2. TIL you can enumerate valid email addresses for any G Suite domain with a HTTP request. TWITTER

3. Anker all the things — While I have a lot of Anker chargers, I haven't gotten this one yet but Scott's recommendations are always solid. I've also yet to purchase the latest iPhone for the USB-C. TWITTER

4. xnl_h4ck3r shares an alias to clean up empty files in a folder after running recon tools. TWITTER

5. Mason shares 2 endpoints to add to your wordlist. TWITTER

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @CISAJen | Jen Easterly | Director of CISA—America’s Cyber Defense Agency. Veteran. 80s music & art lover. Proud mom & wife.

2. @taylorotwell | Taylor Otwell | Founded and creating Laravel for the happiness of all sentient beings, especially developers. Space pilgrim.

3. @sushiwushi2 | iamsushi | Smart contract auditor, I find false positives.

4. @shehackspurple | Tanya Janca | Best-selling author of Alice and Bob Learn Application Security. #AppSec & sec coding training | she/her.

5. @skypackjs | Skypack (prev. pika) | Move the web forward.

🚀 Productivity

1. 8 Time Management Tips for Busy People from Jeff Su, Product Marketer at Google and YouTuber. YOUTUBE

2. The ideal NaNoWriMo Obsidian setup that enables you to write 1700 words a day. YOUTUBE

3. Anne-Laure and Nick discuss the concept of combinational creativity and how it can lead to new and innovative ideas. Anne-Laure is the founder of Ness Labs and ex-Googler. She holds an MSc in Neuroscience, and has been featured in WIRED, Rolling Stone, and more. YOUTUBE

4. 7 Twitter Thread Templates that Nicolas used to write over 200 threads. TWITTER

5. Wes on lazy vs rigorous thinking, an organizational force multiplier that allows your team to produce higher quality work, faster, even when resources are limited. TWITTER

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. Organizing multiple Git identities (e.g. personal, work, client1, client2).  For every identity, you keep a separate gitconfig file and include it in the main ~/.gitconfig. GARRIT

2. Interviewing with Fortune 500 and big tech using Live AI transcription + ChatGPT. What could go wrong? TWITTER

3. The distance between personal hardware and the cloud is becoming smaller. "Maybe we'll get a hybrid model, SaaS running locally", says Kelsey. TWITTER | RELATED

4. Kepano on fearmongering lobby and regulatory capture of centralized AI: "it's essential that we establish digital human rights [...] these rights belong to individuals." TWITTER

5. An interactive collection of internet artifacts through history. NEAL

🧠 Wisdom

1. Bashbunni on not needing an expensive computer to start programming or hacking. TWITTER

2. Pieter shares a PSA that most awards, certifications, and press features are pay-to-play, including Webby awards and 30 under 30 lists. TWITTER

3. Alex on things you DON'T need to do what's required of you. TWITTER

4. What people do when they don't feel motivated to keep hacking. TWITTER

5. Christina Garnett: the question shouldn't be "what do we automate?", it should be "what needs to stay human?" LINKEDIN

💛 Cross-pollination

1. The USDA has a meal plan called MyPlate that shows your food group targets, what and how much to eat within your calorie allowance. Your food plan is personalized, based on your: age, sex, height, weight, physical activity level. MYPLATE

2. My best friend died and this is for him. Sam wrote this post as therapy for himself. He just lost his dog, who he loved terribly. THEANTIMBA

3. How Sarah bought a multi-million dollar egg carton business for $0. A wild story of being a troubled teen, making it to Harvard Business School, and buying a multi-million dollar business with $0 and no experience. YOUTUBE

4. Type 1 is a short film about a Type 1 diabetic and his wife on a search for insulin - before it's too late. YOUTUBE

5. Rage Against the Machine delivers a fitting Hall of Fame induction speech: "Aim for the world you really want, without compromise or apology [...]" TWITTER

🐝 Fact

An ideal out-apiary is easily accessible by vehicle. It is far better not to have to lift heavy boxes over fences to get them back to the vehicle. The out-apiary should have room for a reasonable number of hives to make visits economical and have extra space for spare hives and equipment. If your out-apiary is in the corner of a field with livestock, construct a fence around the hives. A beehive makes an ideal scratching post for sheep, cows, or horses, but if knocked over can have disastrous consequences.

This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.

Subscribe to the Hive Five to read the rest.