- Hive Five
- Posts
- π Hive Five 173 - Where Are The Builders?
π Hive Five 173 - Where Are The Builders?
When privacy expires, NahamCon 2024 Workshops, Dealing with Uncertainty, and more...
Hi friends,
Greetings from the hive!
When I was going to college, I listened to three albums on repeat: 50 Cent - Get Rich or Die Tryin', Justin Timberlake - Justified, and Nelly Furtado - Loose.
It was the soundtrack of my life at the time. The latter just did a Tiny Desk concert that you can check out in the Listen section.
What album(s) did you listen to when you went to college?
Let's take this week by swarm!
π The Bee's Knees
Pompompurin and BreachForums. An open-source investigation into who he was, how he became the creator of BreachForums, and how he ended up detained. MORE
When privacy expires: how Inti got access to tons of sensitive citizen data after buying cheap domains. MORE
Where are the builders? As the agency of the average consumer decreases, the ceiling for the agency of outliers increases. MORE
NahamCon 2024 Workshops: Capture The Flag 101, Acing WordPress Hacking with Code Review, The Art of Bypassing WAFs, and SQL Injection Tips & Tricks. MORE
CVE-2024-4367 is a vulnerability in PDF.js, a JavaScript-based PDF viewer maintained by Mozilla, that allows an attacker to execute arbitrary JavaScript code when a malicious PDF file is opened. MORE
οΈπ Sponsor
Have a great product or service that would benefit the Hive? Reach an engaged colony of cybersecurity and tech professionals. They're already seeking insanely great tools to stay up-to-date and hack a life they love.
Advertising in Hive Five is your opportunity to get your insanely great product or service discovered by the people who "get it" from the jump.
Don't let these forward-thinkers miss the next best thing. Reserve your sponsorship slot today and cross-pollinate your brand with Hive Five's rapidly growing hive of VIBs.
π° Updates
π― My work
You can only use 5 bug bounty tools.
Which ones would you choose?
β Thrive with the Hive π (@securibee)
9:58 PM β’ May 20, 2024
β Changelog
The blog post announces the release of curl 8.8.0, detailing the changes, bug fixes, commits, new functions, options, and contributors. MORE
lazydocker v0.23.3 is a tool that simplifies Docker management, providing a user-friendly interface. MORE
DOMPurify 3.1.4 is a fast and tolerant XSS sanitizer for HTML, MathML, and SVG, with a secure default and extensive configurability. MORE
jwt-hack v1.2.0 is a tool for security testing and hacking of JSON Web Tokens (JWT). MORE
Gap Burp Extension v5.2 helps find potential endpoints, parameters, and generate a custom target wordlist. MORE
π News
After three years, Fun Fun Function Returns on June 3rd. MORE
Orange Tsai is presenting at Black Hat USA 2024 on Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server. MORE
Bugcrowd acquired Informer, a specialist in assessing and maintaining attack surface management (ASM). MORE
πΌ Work
π° Career
Devs who pivoted to new careers in their 30s/40s share their experiences, advice, and thoughts on their transitions. MORE
Jason Fried, Basecamp CEO, built an 8-figure business using an unconventional approach to business writing, challenging Silicon Valley startup norms. MORE
Comprehensive guide to preparing for product management interviews, covering common questions, frameworks, and available courses. MORE
3 LinkedIn tips to help job seekers: 1) Optimize your profile, 2) Engage with your network, 3) Leverage LinkedIn's job search features. MORE
Salary Negotiation: Make More Money, Be More Valued. MORE
π Productivity
This episode explores controlling the brightness of external displays using the command line on Apple silicon macOS devices. MORE
Mactop is a terminal-based monitoring tool "top" designed to display real-time metrics for Apple Silicon chips. MORE
Dealing with uncertainty: starting your own freelance company. Misha encourages viewers to put in the work and resist unhealthy escapes, while also emphasizing the importance of surrendering to a higher power and trusting the process. MORE
There Are Two Types of People: those who seek permission to live their desired life and those who take action and grant themselves permission. MORE
π Community
π Celebrate
β‘οΈ Community
Dani Grant, Jam.dev's community building expert, discusses in-person community building for their product-led growth tool, Jam, which has over 100k users and fixed more than 2 million bugs. MORE
d0nut is living his best life on the beach. MORE
HackerOne's internal hack week is coming up. What do you want them to explore? MORE
π Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@Agarri_FR | Nicolas GrΓ©goire | Web hacker and Burp Suite Pro trainer.
@ippsec | ippsec.
@_phzn | Kevin Lewis | Running Developer Relations at @Directus. Director @YouGotThisConf. Loves RedRoxProjects. Boardgamer. Disney Adult. 2x Dad. he/him.
@andirrahmani1 | Andi Rrahmani | Recon.
@sherlocksecure | Udhaya Prakash | Product Security Zomato | SynackRedTeam | Bugcrowd Ambassador.
β¬οΈ Level up
π° Read
The newly discovered CVE-2024-32002 vulnerability allows remote code execution through a simple git clone command. Reversing the Git RCE, from initial discovery to crafting a working exploit. MORE
The OSINT community is filled with highly skilled individuals who produce impressive investigations, analyses, and findings. However, it's crucial to embrace failure and learn from mistakes in order to continue improving. MORE
Inside the iOS bug that made deleted photos reappear. MORE
Samsung WB850F Firmware Reverse-Engineering. MORE
π‘ Tips
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
π§ Wisdom
π Resources
Research in the field of email service attacks, including all aspects related to email messages. MORE
Hunting bugs in Nginx JavaScript engine (njs), a JavaScript interpreter that is being used as part of the nginx webserverβs backend. MORE
While assessing a client, an instance of ReCrystallize Server was found with various issues, including insecure configurations and newly discovered vulnerabilities that could be chained to achieve Remote Code Execution (RCE). MORE
9 Top OSINT webinars to discover the latest OSINT trends and innovations, Tools, techniques, and use cases. MORE
OSINT newsletters recommendations for professionals. MORE
π Quote
"Be regular and orderly in your life like a bourgeois, so that you may be violent and original in your work."
β Gustave Flaubert
Here's to the curious ones. The rebels. The hackers. The ones who see life not as it is, but as it could be. The ones who are crazy enough to think they can hack their way to a life they love.
Share the Hive Five newsletter with the doers, those who dare to dream and explore. Together we'll unlock the secrets of infosec, technology, and productivity to design a better world.
π Explore
π§° Tools
Firecrawl is a tool developed by Mendable.ai to crawl and convert any website into LLM-ready markdown. It is currently in the early stages of development, with ongoing merging of custom modules. MORE
Dataherald is a natural language-to-SQL engine that enables enterprise-level question answering over structured data. It allows you to set up an API from your database to answer questions in plain English. MORE
AI Subdomain generates unique subdomain names and runs the httpx tool on them. MORE
The
graphqlMaker
helps find GraphQL queries in JavaScript files. MORE.A Terminal UI for browsing security vulnerabilities (CVEs). As default, it uses the vulnerability database (NVD) from NIST and provides search and listing functionalities in the terminal with different theming options. MORE
π₯ Watch
Shubham Shah, a renowned security researcher and entrepreneur, shares modern WAF bypass techniques on large attack surfaces. MORE
David Heinemeier Hansson, the creator of Ruby on Rails, discusses SQLite and its advantages over other databases, highlighting its simplicity, performance, and suitability for many use cases. MORE
In this episode, Henri shares his journey from having no tech experience to becoming a SOC Analyst in cybersecurity, offering insights into the path to becoming one. MORE
A masterclass on creating and selling online courses by someone who made $10 million in doing so. MORE
Shodan and WAF Evasion Techniques by godfatherOrwa. MORE
π΅ Listen
Nirav Patel, CEO of Framework Computer, discusses building a new laptop company focused on repairability and openness. MORE
Nelly Furtado's Tiny Desk concert showcased her career highlights, featuring a selection of her biggest hits spanning over 25 years. MORE
iPhone users can recover deleted photos, Scarlett Johansson is concerned about AI voice cloning, and there's an incident involving celebrity fakes. MORE
Underdo the Competition β In business, the idea that more is better often leads companies to engage in an endless race to add more features while losing sight of what truly matters to their users. MORE
π Technology
Git's
--force-with-lease
and--force-if-includes
options allow safe force pushing by ensuring the remote branch hasn't changed since your last fetch. MOREComparison of the capabilities of various AI chatbots, including ChatGPT, Claude, Copilot, Gemini, and Perplexity, using their paid versions to assess their full range of abilities across different tasks. MORE
Yann LeCun and Marc Andreessen are not considering the potential power of AI systems that combine generative AI with other tools and features. MORE
The iPad Pro 13" teardown reveals a repair-friendly change that could save hours in repair time. Additionally, the Apple Pencil Pro is destroyed in the process. MORE
Zellij is a terminal workspace. It has the base functionality of a terminal multiplexer (similar to Tmux or screen) but includes many built-in features that would allow users to extend it and create their own personalized environment. MORE
π Visit
Lugg provides on-demand moving and furniture delivery services, offering a truck and movers in under an hour to load, haul, and deliver anything. Get an estimate and try it today! MORE
Steve Eimers, a rural Tennessean with 6 adopted kids, various farm animals, and no engineering background, became the "Guardrail Guy" after an X-Lite guardrail incident. MORE
Windows 98 in your browser?! Talk about nostalgia. MORE
Until next week, take care of yourself and each other,
Bee π
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.