- Hive Five
- 🐝 Hive Five 159 – Using Data Science to win Bug Bounty
🐝 Hive Five 159 – Using Data Science to win Bug Bounty
Greetings from the hive!
I've added a new section to the newsletter called From the Hive. Here, I'll share happenings from the member-only Discord server and what's coming up next in the Hive Five.
In other news, I'm excited to dive into Steph Smith's Internet Pipes course. Whatever she puts out is an instant-buy. You can find it under Productivity.
What have you purchased that you’re excited about?
Let's take this week by swarm!
🐝 The Bee's Knees
Using Data Science to win Bug Bounty. Justin sits down with Mayonaise (Jon Colston) to discuss how his background in digital marketing and data science has influenced his hunting methodology. YOUTUBE
WishfulSearch by hrishioa is a natural language search module for JSON arrays. Take any JSON array you have (notifications, movies, flights, people) and filter it with complex questions. GITHUB | DEMO
Daniel Miessler released his highly anticipated AI framework Fabric — An open-source framework for augmenting humans using AI. GITHUB
CVE-2023-5480: Chrome new XSS Vector. Google evaluated it at $16,000. SLONSER
Executive Offense Issue #9: Mobile Application Hacking Part 2. Including an off-the-cuff technical chat with Joel (aka teknogeek), one of the world's best mobile hackers. BEEHIIV
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!️
🍯 From the Hive
Added a new channel dedicated to tips. I shared the first one which was a 75% discount on a book. (member-only)
We shared custom snippets for bebiksior's EvenBetter. (member-only)
Starting a running Q&A on Discord, where I'll answer questions that'll be available to all members. (member-only)
Working on several blog posts, including music to hack to and my Obsidian setup.
Catch the March cohort of "The Bug Hunter's Methodology Live" before the prices go up! TWITTER
DEFCON has been canceled? After 25 years with Caesars, they canceled their contract. Uncanceled DEF CON 32 will now be held at the Las Vegas Convention Center. TWITTER
LocoMocoSec is Calling for Speakers. LocoMocoSec is a Hawaiʻi-based security conference and their motto is “one track, lots of flavor.” SESSIONIZE
Nagli won the Eradicator award at HackerOne's H1305. Woot! TWITTER
Tae'lur passed the PNPT. Let's go! TWITTER
Douglas was gunning for the MVH title in HackerOne's LHE in Miami. Spoiler alert: He did it. Big congrats! TWITTER
Mason is elevating his needs to the top of the list in 2024. I'm rooting for you! TWITTER
Chloe joined Hidden Layer as Head of Threat Intelligence. Nice one! TWITTER
Discover the life of a Test & Evaluation Lead Engineer with Beez's Dad, Raymond Berry Sr. With over 30 years of GovTech experience after joining the Air Force at 16 years old as a fighter jet mechanic. YOUTUBE
After you get a job in tech, how do you keep it? how do you grow? Jason shares his experience and thoughts in this almost 3 hour long video. YOUTUBE
A writeup story for "The truth of Plain" a challenge that's part of the "Real World CTF 6th" CTF. KULKAN
ChatGPT Account Takeover using Wildcard Web Cache Deception. GITHUB
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS IMPERVA
Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140). SPACERACCOON
Ivanti's Pulse Connect Secure Auth Bypass Round Two. After an authentication bypass and command injection to kick off the year, Ivanti are following with a second authentication bypass and a privilege escalation. ASSETNOTE
Mastering Burp Suite Pro tip: Hackvertor extension can display the most commonly used tags in a separate menu. TWITTER
Graham shares a vim keybinding to use leader + d to insert date. TWITTER
Howto: Use Burp Hackvertor Plugin to Re-sign Requests. PMNH
How to Learn Unfamiliar Software Tools with ChatGPT. JONUDELL
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@4n6lady | 4n6lady | DFIR & BlueTeam | IR & Threat Detection | OSINT enthusiast | lurker of spaces and breaker of things | waiting for HL3 | AWS.
@albinowax | James Kettle | Director of Research at PortSwigger aka Burp Suite.
@tabaahi_ | Mohsin Khan | 22y/o. Full-time BBH, Love & hate relationship with computers.
Ultimate Notetaking: Neovim Zettelkasten Based on Obsidian. Build in Obsidian but mostly interacted with using Neovim. YOUTUBE
hahwul created a collection of Caido Tweaks. GITHUB
Obsidian on the Vision Pro. The future is here. TWITTER
How to list today's events from Google Calendar in Obsidian using gcalcli and Templater. REDDIT
Steph Smith's Internet Pipes course: Opportunity is everywhere. Get the tools and knowledge to see it better than anyone else. INTERNETPIPES
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
The most important programming language you need to learn, yet should never use: C. Free course available. YOUTUBE
Using nTask to distribute tasks across multiple servers. nTask is a versatile program that uses API communications and WebSocket to distribute tasks, whether they are commands or programs, among different computers. R4ULCL
Golden Kitty Awards 2023. Unsurprisingly, the product of the year is GPT-4. PRODUCTHUNT
Kelsey on the importance of data. He states that if he started today, SQLite would be part of his learning journey. TWITTER
Why having a bedtime routine doesn't always work. YOUTUBE
How to Change your Life in a Year. Write down what you want and look at it every day. YOUTUBE
David Perell: "Profoundly change your life by publishing one screenshot essay per week." I want to give this a go... TWITTER
Kepano on the value of concise explanations to accelerate progress: "If you want to progress faster, write concise explanations. Explain ideas in simple terms, strongly and clearly, so that they can be rebutted, remixed, reworked — or built upon." TWITTER
What people do after a bad day to feel better. TWITTER
Breaking the World Record for Most Pull-ups in 24 Hours. I can never fully understand these undertakings but they sure are impressive. YOUTUBE
Artist Bobby Fingers creates Drunk Mel Gibson Arrest Diorama. The craftsmanship and artistry are mind-blowing. YOUTUBE
Map of sunshine hours: Europe vs US. As Pieter stated, I also wasn't aware of the sunnyness of the US compared to Europe. TWITTER
The quietest places in the world’s loudest cities. Where to find peace and quiet near you. EARTH
If you have kids, the movie Chupa is a great watch. Premise: While visiting family in Mexico, a lonely boy befriends a mythical creature hiding on his grandfather's ranch... To me, it's like a modern version of The Gremlins. NETFLIX
"Patience is a competitive advantage. In a surprising number of fields, you can find success if you are simply willing to do the reasonable thing longer than most people."
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In