🐝 Hive Five #24 – Heroes, good vibes, and cache money

Hi friends,

Greetings from the hive!

I hope you had a great weekend and an awesome Father's Day. I spent mine reading and watching NahamSec's Sunday recon stream with Daniel Miessler. I highly recommend this episode about recon, mental health, personal growth, and stoicism.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Quick Analysis for the SSID Format String Bug: Days ago a twitter post revealed a bug in iOS Wi-Fi service: @vm_call: After joining their personal WiFi with the SSID “%p%s%s%s%s%n”, their iPhone permanently disabled it’s WiFi functionality.

2. Security Research Device Cohort – 2021: The Security Research Device Cohort (SRD Cohort) operates a Private Slack Channel, Build Infrastructure and provides Code Examples, Cryptex Examples, Loaner Gear and more to increase engagement with the SRD.

3. codingo_ Shares His Recon Approach Using SecurityTrails, FDNS, Whoxy and more!: Every hacker has a different approach when it comes down to Recon. Check out Codingo's recon methodology using tools like SecurityTrails, FDNS, Whoxy, and more!

4. Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public): William is a full time Software Developer and long-time CTF player, based out of Australia, who recently started trying his hand at Bug Bounties in his free time. When not hacking, he likes to go walking with the family and playing little known sports such as underwater hockey.

5. iOS App Testing Through Burp on Corellium: In recent weeks defparam had an itch to take another look at mobile testing. The last time they looked at mobile testing most of their environment revolved around applications developed for Android.

🙏🏻 Enjoy This Newsletter?

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

💌 Want to sponsor an issue?

🔥 Buzzworthy

✅ Changelog

1. Dalfox 2.4.0: New payload mode, remote assets, headless browser, bug fixes, and more.

2. Release InjuredAndroid 1.0.11: Added flag eighteen! This flag is all about File Providers. The intended solution is meant to be difficult, you'll need to leverage another Android application to access internal directories.

3. Findomain - Introducing Smart Nuclei Alerts (SNA): Implemented a feature that will allow users of the Special and Corporative plans of our platform to receive the vulnerabilities found by Nuclei before anyone else, the feature will be called Smart Nuclei Alerts (SNA).

📅 Events

1. Okta (virtual) Bug Bash: 2021!: Ever wanted to participate in a Bug Bash, but never got an invite or didn't know how to get on the list? Now's your chance!

2. Limited edition - 250 pairs STÖK glasses: Release date - 29th of June Price - $60/pair International shipping.

3. Nicolas Grégoire Burp training: Update on my trainings for Q3/Q4 2021. Out of the 12 seats available for each session, here's what is left: - September French UTC+2: 1 seat - September English UTC+2: 6 seats - October English UTC-4: 5 seats - December English UTC+1: 3 seats.

4. Josh Christ Memorial Fund: Josh Christ passed away on Monday, June 14 2021 due to complications of Leukemia. Josh was one of the most genuine people anyone could hope to meet. He was very down-to-earth and was very honest with himself and others.