• Hive Five
  • Posts
  • 🐝 Hive Five #21 – Marriage, Systems, and Milestones

🐝 Hive Five #21 – Marriage, Systems, and Milestones

Hi friends,

Greetings from the hive!

I hope everyone had a great weekend. Today here in the US, we remember those who gave all.

Yesterday I decided to set systems in place, cycles of endless refinement and continuous improvement. For example, I'm fairly productive, but I'm not consistent on all fronts.

As James Clear puts it, "You do not rise to the level of your goals. You fall to the level of your systems."

While making this newsletter I'm vibing to Verzuz with Timbaland vs Swizz Beatz. It's mind-blowing to hear hit after hit.

What did you do this weekend?

Let's take this week by swarm!

🐝 The Bee's Knees

  1. NorthSec 2021, Ange Albertini - You are not an idiot talk: A personal talk about school, failure, success, diploma, impostor syndrom, manipulators, burn out, suicide, and how to deal with them (Slides).

  2. Robert G. Reeve about privacy: Back from a week at his mom's house he's now getting ads for her toothpaste brand.

  3. CVE-2021-33564 Argument Injection in Ruby Dragonfly: During a recent client engagement they discovered an argument injection vulnerability in certain configurations of Refinery CMS.

  4. Saving Your Access: After revisiting old internal discussions, an area of interest was the possibility of using screensavers for persistence on macOS.

  5. Playing with ImageTragick like it's 2016: ImageMagick is an image manipulation tool that can read and write images in a lot of formats. Several dangerous features and vulnerabilities were previously found on ImageMagick and were fixed over time.

🙏🏻 Enjoy This Newsletter?

  • Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

🔥 Buzzworthy

✅ Changelog

  1. OWASP/Amass - Release v3.13.0: includes the initial implementation for the information sharing ecosystem.

  2. nccgroup/LoggerPlusPlus - Release v3.19: Tagging, Filter Additions, and more.

  3. projectdiscovery/httpx - Release v1.0.7: Bug fixes, added support to print followed URLs in the output, and more.

  4. danielmiessler/SecLists - Release 2021.2: Second release of 2021, this release includes multiple updates from the community.

📅 Events

  1. Corellium is offering free trials: if you do mobile vuln research (or any kind of mobile appsec really) do yourself a favor and check it out.

  2. todayisnew AMA with NahamSec: on June 2, 2021, at 10:00 a.m. PT.

🎉 Celebrate

  1. pry // Ben Bidmead: got married. Congrats!

  2. Rana Khalil 🇵🇸: achieved Youtube channel milestone #3, eligible for channel monetization. Well deserved!

  3. Ali Tütüncü: is proud to announce that they're ranked in Top 100 on HackerOne All-Time Leaderboard. Amazing!

  4. Adam Langley: is really glad to have found his niche after 20 years and gets to do what he loves every day. Love it!

  5. Bugcrowd disables points on VDPs: Starting June 1st at 17:00 Pacific Time (UTC-7), points on VDPs will be disabled. If you have already obtained points on VDPs, they will not disappear.

💰 Jobs

📰 Articles

  1. Exhaust EL1 memory from the app sandbox: It's always important to keep up with the accessible IOServices exposed to userspace, specifically those that reachable from the app sandbox.

  2. That single GraphQL issue that you keep missing: With the increasing popularity of GraphQL on the web, we would like to discuss a particular class of vulnerabilities that is often hidden in GraphQL implementations.

  3. 10 Interesting Vulnerabilities in Instagram – Arne Swinnen's Security Blog: During this technical talk, 10 interesting vulnerabilities identified in Instagram will be presented (A golden oldie).

  4. Infosec Bugbounty AMA with Infosec Community.

  5. The Full Story of the Stunning RSA Hack Can Finally Be Told: In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

📚 Resources

  1. Android Application Penetration Testing Mindmap.

  2. Public penetration testing reports: Curated list of public penetration test reports released by several consulting firms and academic security groups.

  3. Some of the best Burp extensions - as chosen by you.

  4. Mobile Nuclei Templates: These Nuclei Templates are created to aid mobile security assessments.

  5. Mindmaps for bug bounty hunters, pentesters, and security professionals.

🎥 Videos

  1. Andreas Kling: is building an OS and a browser and sharing the process on YouTube.

  2. EP05 with Chloé Messdaghi | Security Shorts.

  3. Lending Privilege: Diversity and inclusion have become hot topics in technology, but you may not know how you can make a difference. This talk will help you understand that, no matter your background, you have privilege and can lend it to marginalized groups in tech.

  4. How to manage projects, tasks, people, and yourself using the Obsidian app with Francisco Bricio: If you're wondering how to manage projects, tasks, teams and yourself using the Obsidian app, prepare to receive great value from this presentation by Francisco Bricio.

🎵 Audio

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
  • • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
  • • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
  • • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
  • • Deep DISCOUNTS on paid content.
  • • Experience continuously added NEW BENEFITS.