• Hive Five
  • Posts
  • 🐝 Hive Five #28 – Hunt for jobs like a hacker

🐝 Hive Five #28 – Hunt for jobs like a hacker

Hi friends,

Greetings from the hive!

I hope you had a great week and a wonderful weekend.

Earlier today, I watched another excellent Sunday live recon session. This one came with a twist, it was a resume edition, where Ben and Jason shared tips and tricks. This excellent subject reminded me ofget your work recognized: write a brag document and how to hunt for jobs like a hacker.The latter is featured in my Must-watch infosec talks of 2020, naturally both Ben and Jason are on the list as well.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. July Lightning Event Featuring Ben Sadeghipour: Ben delves into the different ways hackers can leverage their experience with bug bounties to create revenue streams that works best for them.

  2. Nagli's BountyTricks: Sharing Bug Bounty tips and tricks with the community including but not limited to automation, one liners and useful thoughts.

  3. Awesome Penetration Testing: A collection of awesome penetration testing resources, tools and other shiny things.

  4. Sliding Bounties and Why You Should Use Them: If you’ve been doing bug bounty for any time, either as a hunter or a program, you’ve doubtless heard complaints about CVSS scoring.

  5. Inside the War Room That Saved Primitive Finance: It was 5:50pm in Lisbon on a Saturday evening when Mitchell Amador of Immunefi messaged Alexander Angel of Primitive Finance. There are some things you don’t want to hear. β€œU up?” is one of them.

πŸ™πŸ» Enjoy This Newsletter?

  • Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

πŸ”₯ Buzzworthy

βœ… Changelog

  1. Frida 15.0 Released: So much has changed. Let’s kick things off with the big new feature that guided most of the other changes in this release: Earlier this year they were brainstorming ways they could simplify distributed instrumentation use-cases.

  2. bbscope update: Just released an update for bbscope so it now uses the new HackerOne API token.

  3. HackerOne researcher API: This release is now out of beta and is available to the hacker community. It includes a collection of API endpoints that help automate common workflow tasks.

  4. Fleex 1.1: Introduction to modules, Bug fixes, improved scan, improved install script, and more.

  5. Cerbrutus implemented FTP: Modular brute force tool written in Python, for very fast password spraying SSH, and in the near future other network services.

πŸ“… Events

  1. Jason Haddix thinking about dropping TBHM V4: "If I can get the motivation, I’m thinking about dropping the bug hunters methodology v4 narrow/appsec/non-recon edition at a smaller venue for feedback."

  2. DEFCON 29 speakers.

πŸŽ‰ Celebrate

  1. Harsh Bothra got a new home: it's a big goal checked off from their list. Awesome!

  2. honoki's BBRF passed 300 stars on GitHub: it really motivates him to continue making it better. Congrats!

  3. cje is over the moon about Bugcrowd & Corellium partnership: he's been a fanboy of Corellium's tech for a long time. So exciting!

  4. Naffy is 100 days nicotine free. You got this!

  5. RogueSMG: is celebrating 365+ Days. 22 Videos. 3000+ Fam. 5x Learnings. 50x Friends. Amazing!

πŸ’° Jobs

  1. Manchester Metropolitan University Cyber Security Engineer/Analyst: work full time on an 2-year Knowledge Transfer Partnership (KTP) to develop an AI-Augmented Security capability for IoT-enabled critical national infrastructure.

  2. Principal Product Manager at Bugcrowd.

  3. Careers β€” Krebs Stamos Group: KSG strives to maintain a simple and straightforward set of positions and career paths. We envision that successful early-career applicants will fit into one of two career tracks:

  4. Discord β€” Senior Security Engineer.

  5. Senior Analyst - Red Team Corporate Support Center: The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.

πŸ“° Articles

  1. The July 2021 Security Update Review: Looking at the remaining patches, you’ll note seven patches for Exchange Server, but only some of these are actually new.

  2. My Experience on Bug Bounty Hunter: "The only true wisdom is in knowing you know nothing." ~Socrates This was them when they first got into Bug Bounty.

  3. BugBountyHunter Chats: 0xblackbird, YouGina, JTCSec and HolyBugx have been members from very early on and have shown great progress, but recently they paused testing on BARKER and got together to collaborate on a chosen bug bounty program.

  4. Chapter 2: Is a Bug Bounty Program Right for You?: You might be intrigued by the idea of interacting with researchers, and wondering about the risks of exposure that comes with researchers hacking away at your product.

  5. ProTips - Catching Bugs with Adrien Jeanneau: Adrian will share his favorite expert tips on how he stays successful in hunting bugs on most of the major bug bounty platforms.

πŸ“š Resources

  1. My Javascript Recon Process - BugBounty: This is a simple guide to perform javascript recon in the bugbounty.

  2. TomNomNom on the find command: The 'find' command is one of my most used commands.

  3. emadshanab/Acomplete-guide-to-dir-brute-force-admin-panel-and-API-endpoints: A complete guide to dir brute force,admin panel and API endpoints.

  4. CTF Writeups for events participated in as part of {The NaN Squad}.

  5. GF-Patterns-Redux: These are small modifications on Tomnomnom and 1ndian133t's GF patterns.

πŸŽ₯ Videos

  1. SQL Injection - Lab #16 Blind SQL injection with out of band data exfiltration.

  2. $20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204: This video is an explanation of bug bounty report submitted to GitLab by William Bowling.

  3. Hacker Heroes #5 - rana__khalil: An educator, Youtuber and security specialist.

  4. Hacker Tools - CyberChef: A look at CyberChef and a practical example of how to use it in your day-to-day bug bounty life.

  5. ep03 - CTF development - creating a CTF from scratch: In this video, Adam builds and hosts a CTF from scratch, taken from a vote the vulns were an IDOR which pivoted to a blind XSS.

🎡 Audio

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.