- Hive Five
- 🐝 Hive Five 149 - Hacking is a survival skill
🐝 Hive Five 149 - Hacking is a survival skill
Greetings from the hive!
A happy belated Thanksgiving to those who celebrated. We had a small Friendsgiving with delicious food and good company.
In other news, I believe I'm finally on the tail end of being sick! That's also what I'm thankful for, my health.
What are you thankful for?
Let's take this week by swarm!
🐝 The Bee's Knees
Everything about full-time bug bounty with Justin "Rhynorater" Gardner from the CTBB podcast. YOUTUBE
At this year’s VirusBulletin conference, VB2023, SentinelOne’s Juan Andrés Guerrero Saade, a.k.a. JAGS, Associate Vice President of SentinelLabs delivered a keynote speech calling for a reevaluation of the conventional understanding of the cybersecurity sector. SENTINELONE
An interview with Bryce Case Jr. AKA YTCracker who is a hacker, musician, and also a self-identified member of the hacker group Anonymous. Bryce has been called "The Original Digital Gangster" for his early adoption and manipulation of all things online. YOUTUBE
tmp.0ut Volume 3, an awesome ezine, is out: "Hacking is a survival skill." TMPOUT
Recordings of the 21st edition of the BlueHat security conference that ran from Oct 11 to Oct 13, 2023, in Redmond, WA USA. YOUTUBE
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
jswzl 2023.4.4 has been released: fixed decorator rendering in the code view, fixed two parser issues, and more. TWITTER
Dalfox by hahwul released v2.9.1: a powerful open-source XSS scanner and utility focused on automation. GITHUB
Bugcrowd VRT v1.11 release: Bugcrowd’s baseline priority ratings for common security vulnerabilities. GITHUB
xnl-h4ck3r released XnlReveal v3.4: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. GITHUB
SecLists 2023.4 release: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. GITHUB
xnl_h4ck3r released a modified version of TomNomNom's webpaste. It has auto-save to file, includes Google and Bing snippets, and more. GITHUB
GitLab is offering a reward for account takeovers without any user interaction. TWITTER
Have you submitted a talk for BSides Nashville yet? There's still time, submit your paper before Jan 8th. TWITTER
OpenAI's ex-CEO advice from his dad: "Consider your life as a series of 10-15 year projects." TWITTER
David cautions against hiring people who have enough experience to be prideful, but not enough to be wise. TWITTER
A cover letter ChatGPT trick, feed it the following: company's about us page, job ad, your resume, and voila. TWITTER
SyntaxFM is hiring 2 position: web dev teacher and video/audio production. TWITTER
Zseano is determined to quit vaping. You got this! Personal story, I smoked for nearly a decade, and have been clean even longer. TWITTER
Godfather Orwa shares his Burp extensions. TWITTER
justYnot launched their new website. TWITTER
Mark is about to do something that will change the entire landscape of Bug Bounty in the USA: "No more hunters getting screwed over. TWITTER
Nagli started a $50,000 bounties in 50 days challenge. Follow along with his progress. TWITTER
How to voltage fault injection. During physical security assessments of IoT devices, one of the goals is to take advantage of debug interfaces or accessible chips to study how the devices work. An ideal scenario is the extraction of the full file system to find a way to gain root access to the device. SYNACKTIV
Static Code Injections in OpenCart (CVE-2023-47444). In OpenCart versions 22.214.171.124 to 126.96.36.199, authenticated backend users having common/security “access” and “modify” privileges can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. 0XBRO
Analysis of CVE-2023-46214 + PoC. CVE-2023-46214 is a Remote Code Execution (RCE) vulnerability found in Splunk Enterprise which was disclosed on November 16, 2023 in the Splunk security advisory SVD-2023-1104. HRNCIRIK
Bassem shares a Two-Factor Authentication bypass of Facebook Accounts ($25,300). MEDIUM
Google search is bad. Now what? Almost 73% agree that Google has been getting worse at searching in recent years. OSINTAMBITION
Tae'lur's advice on getting into coding/cybersecurity: "Don't just chase certs or courses [...] set up a home lab/build projects while learning." TWITTER
Damian on the solid results when crafting your own wordlists. TWITTER
Lennaert on reporting bugs in a way others can understand: "Your report is your product, not the bug." TWITTER
Peter on setting a number of hours when doing deep research/recon, but also not to shy away from things that look hard on the surface. TWITTER
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@cryptoishard | cryptopotato | OSINT⁃Android⁃Hardware⁃Cryptography⁃Forensics⁃Virtualization⁃GameDev.
@soaj1664ashar | Ashar Javed | Web AppSec Researcher | in Microsoft's Top 100 Security Researcher List -2018 | in Microsoft's Most Valuable Researcher List -2019 & 2020.
@g0tmi1k | g0t mi1k.
Remembering what you've read is an active process. Here's something that can help, Read Recite Relate is a creative exercise from Hamed. INSTAGRAM
Monke shares his learning pipeline: Notion, Pocket, GPT-4 Voice, and more. TWITTER
Tynan, the inventor of the gear post, released his 2024 edition. TYNAN
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
A wild story about a tech conference using fake profiles that represented female speakers, and also catfishing as an IG tech influencer. WTF?! TWITTER
Tobi shares Black Friday Shopify stats (running on Rails): Shopify’s egress processed 145 billion requests on Friday. App servers handled peak of ~60 million requests per minute. Increase of 38%. Total GMV was $4.1b, up by 22% from last year. TWITTER
The best resources for mastering Turbo / Stimulus according to Twitter. TWITTER
g0lden takes his servers that have proxmox on them from the last video, and show you how he prepares them for either Docker (with docker swarm) or a full installation of kubernetes. YOUTUBE
Elon released all design and engineering of the original Tesla Roadster is now fully open source. TESLA
Alex says that you'll pay for education one way or another, either with money or with time. TWITTER
David on the maturity it takes to ship simple things: "The novice overcomplicates their work." TWITTER
George shares useful razors. Here's one of them, the Network Razor: If you have 2 quality people that would benefit from an intro to one another, always do it. Networks don't divide as you share them, they multiply. TWITTER
Alex shares a bug bounty maxim: "The lower the impact of the report, the more back and forth required to be awarded a bounty." TWITTER
Mario games teach us that even if something is essentially the same, psychologically it can be completely different — I never realized this, until I saw these side-by-side images. TWITTER
TIL you should train your neck, as it's a form of life insurance. TWITTER
I love this low-effort thing that you can do that has an outsized positive impact on the world: raising others' aspirations. TWITTER
They Started Playing Football as Young as 6. They Died in Their Teens and Twenties With CTE. INSTAGRAM
A list of legendary YouTube channels that don’t make videos anymore. REDDIT
Flighty is a cool iPhone app to track flights. The fastest push notifications, anywhere in the world. FLIGHTYAPP
Autumn tasks (average temperature 41-66°F / 5-19°C)
The autumn is a time for ensuring the bees that go into winter are well-fed and healthy and their colonies are strong.
These have the best chance of survival until the weather warms up again in early spring. As the outside temperatures fall and brood rearing has finished, the bees begin to form a winter cluster.
There are certain tasks the beekeeper has to do before this happens.
This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In