🐝 Hive Five 150 - A Journey to Mastery

Hi friends,

Greetings from the hive!

Everything is connected. From the physical and the emotional to the past and the future.

Negative thoughts and limited beliefs can hold you back.

Keep moving forward, and don't listen to naysayers. And, remember, always be kind to yourself.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Keynote Session: "A Journey to Mastery" by Louis Nyffenegger, BSides Canberra 2023. He outlines this exhilarating journey, providing practical advice on how to seamlessly transition from one learning stage to the next. YOUTUBE

2. Reverse Engineering RollerCoaster Tycoon using Ghidra, x64dbg, and Obsidian — I don't know about you, but I spent countless hours building my amusement park growing up. YOUTUBE

3. GitHub: The state of open source and rise of AI in 2023. Trends: Developers are building with generative AI in big numbers, Developers are operating cloud-native applications at scale, and largest number of first-time open source contributors. GITHUB

4. Securing our home labs: Home Assistant code review. In July, the GitHub Security Lab team conducted a collaborative review of one of their favorite software pieces. GITHUB

5. InsiderPhD shares tips for approaching the Main App of a Bug Bounty Program. YOUTUBE

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. webpaste by xnl-h4ck3r v2.1: Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool. GITHUB

2. GAP-Burp-Extension by xnl-h4ck3r v4.4: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist. GITHUB

3. waymore by xnl-h4ck3r v1.30: Find way more from the Wayback Machine. GITHUB

4. XnlReveal by xnl-h4ck3r v3.5: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. GITHUB

5. Findomain v9.0.4: The fastest and complete solution for domain recognition. GITHUB

📅 News

1. YesWeHack Advent Calendar: 24 Days Of Challenges And Festive Fun. YESWEHACK

2. Immunefi and Zellic are partnering up to build a more secure Web3. Zellic is a security research firm with deep expertise in blockchain security. MEDIUM

3. NeovimConf 2023 is only a few days away, Dec 8th. NEOVIMCONF

4. Critical Thinking launched a Discord Community. YOUTUBE

5. Donate now to the Electronic Frontier Foundation (EFF), and a group of passionate supporters will match every dollar up to $304,200. EFF

🎉 Celebrate

1. More praise for Jason Haddix's amazing TBHM course. He's the machine! TWITTER

2. s1r1us celebrated their birthday. Congrats! TWITTER

💰 Career

1. Bugcrowd is hiring for various roles. TWITTER

2. NahamSec shows you how to build your CyberSecurity resume, which include experience, awards, skills, and security certificates. YOUTUBE

3. How to pick a career that you actually enjoy. YOUTUBE

⚡️ Community

1. Casey living that Anker life. I'm onboard as well, but not on that level yet. TWITTER

2. A great tweet by netspooky, asking people share cool things they did this year. TWITTER

3. Shubs shares a story about how Google Cloud Platform almost killed AssetNote in its infancy. TWITTER

4. Mason is considering taking mentees for 2024: "Be ready to put in work." TWITTER

5. Project Discovery Community Spotlight: Geeknik. PROJECTDISCOVERY

📰 Read

1. Everything you need to know to create a custom GPT: Unpacking OpenAI’s new GPT feature. MEDIUM

💡 Tips

1. Burp's "find references" is one of Justin's favorite features when doing black box assessments. TWITTER

2. Pass the root domain if you want to find everything when doing recon using waymore. TWITTER

3. Mason reminding us to revisit older (private) programs as there can be new subdomains or featured added. TWITTER

4. Zseano sharing how to get a 4 letter domain for blind XSS, SSRFs, and more. TWITTER

5. How jswzl makes dealing with large amount of JS files a breeze. It allows you to combine multiple JS files into one, so you can get an quick overview, extract data for brute forcing, and improve your testing efforts. YOUTUBE

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @sml555_ | Sajeeb Lohani (sml555) | Head of (Director) Cybersecurity @Bugcrowd | Web Security Lecturer (Masters) @ Melbourne University | Top 40 @Bugcrowd | #2 DVuln | Love all things automation!.

2. @HackingDave | Dave Kennedy | Founder of @Binary_Defense, @TrustedSec. Family, Hacker, Security, Health, CSO, Media/TV, USMC, Intel. Co-host @WeHackHealth. Life Motto: To Help Others.

3. @fasthm00 | b1twis3 | Prime numbers fan | personal feed only | security engineer & researcher | Bot

4. @colston3000 | Jon Colston | Serial Entrepreneur & White Hat Hacker

5. @hdmoore | HD Moore | He/Him | Chairman & Founding CTO of runZero (formerly Rumble Network Discovery) | Black Lives Matter.

🚀 Productivity

1. A simple Obsidian plugin that copies the selected text to your clipboard as HTML. Platforms like Slack and Google Docs allow users to paste HTML into their text areas and maintain the original formatting for their notes. GITHUB

2. Achieve high productivity sustained over long periods of time by co-working with friends over video. GUZEY

3. Jeff shares his simple Notion notes management system. YOUTUBE

4. A masterclass in note refactoring in Obsidian: inventory, structure, categorize, explain, and modularize. YOUTUBE

5. How Nick uses obsidian to organize his movie collection. YOUTUBE

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. This workspace by Mod Musings is breathtaking. Calm, cozy, and creative. Something that I inspire to replicate one day. MODMUSINGS

2. A list of women tech speakers & organizers. GITHUB

3. Awesome Roadmaps is a curated list of roadmaps, mostly about software development, which give you a clear route to improve your knowledge or skills. GITHUB

4. Are we about to enter a "post-SaaS era"? DHH explains the pendulum swing: subscription fatigue and essentially paying for commodities. TWITTER

5. Doublelift, one of the OG pro League of Legends players, official retires. I haven't kept up with LoL much lately, but I've played for years ever since their Beta. TWITTER

🧠 Wisdom

1. Dr. Gurner on the inversion of "one wrong decision" can change the course of your life. TWITTER

2. TIL you can call your bank, and ask "if I were to bring in new money, what's your offer?". You apparently can get paid several thousand dollars for asking this question. TWITTER

3. Dr. Gurner on making yourself small, although relatable, having an adverse effect. TWITTER

4. Alex on the benefit of working in 2-3 hr sprints (Deep Work), instead of staring at your screen for 8-10 hours a day. TWITTER

💛 Cross-pollination

1. Paralyzed man communicates first words in months using brain implant. He wanted a beer and to listen to Tool. TWITTER

2. Dr. K discusses the difficulties in achieving 100% effort, the impact of emotions and identity on motivation, and the importance of perception in staying motivated. YOUTUBE

3. Check out this channel if you're looking for your next career in woodworking. YOUTUBE

🐝 Fact

Bee diseases come in two types: those affecting the brood (brood diseases) and those affecting the adults (adult bee diseases). The most serious brood disease is American foulbrood (AFB). It is contagious and fatal to colonies. In states that have an Apiary Inspection Service, the local inspector should be notified to diagnose the disease and make recommendations.

This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.

Subscribe to the Hive Five to read the rest.