• Hive Five
  • Posts
  • 🐝 Hive Five #29 – The last dance

🐝 Hive Five #29 – The last dance

Hi friends,

Greetings from the hive!

I hope you had a delightful weekend. I recently finished watching The Last Dance, a series revolving around the career of Michael Jordan. I thought it was fantastic. It also reminded me of how much I used to love basketball when I was a kid.

What have you watched lately?

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Should you do Bug Bounties for a Living?: Let's talk about what you should consider, before deciding whether or not to do Bug Bounties full time for a living. Written companion guide.

  2. Some of the (Many) Problems with Security Skills: More extended title; Some of the problems with Security/Infosec/Insert whatever you want to call this industry here and the discussion around skills shortage plus realisation that the expectation vs reality on both sides of the fence needs to be reaffirmed.

  3. How to achieve enterprise-grade attack-surface monitoring with open source software: Attack surface monitoring has become increasingly important and popular in recent years as the internet footprint of organizations has increased. Hackers are utilizing advanced recon methods for discovering and monitoring internet-facing assets of an organisation.

  4. A hackers perspective on bug bounty triage: In the last few days, shubs has been able to have productive conversations with his peers in the bug bounty community including Patrik who works on the triage team and Luke who leads community efforts from HackerOne.

  5. BugHuntr.io is the beginnings of a training platform by Alex Chapman Learn bug hunting skills, hone techniques and play with the newest shiny vulnerabilities.

πŸ™πŸ» Enjoy This Newsletter?

  • Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

πŸ”₯ Buzzworthy

πŸ“… Events

  1. STΓ–K wants to know what you would like to see on Bounty Thursdays.

  2. Ben Sadeghipour is thinking about hosting virtual training: Two days in August, 6-8 hours for each day.

  3. Sam Stepanyan will be speaking at OWASP Ottawa: August 18th showcasing and live-demoing the awesome free & open-source OWASP Nettacker Project and how to use it for recon & vulnerability scanning!

  4. Hussein Daher is giving a workshop: At Threatcon in September. If you're interested in bug bounties and general web app vulnerabilities, this is for you.

πŸŽ‰ Celebrate

πŸ’° Career

  1. Cybersecurity Jobs Thread: 7/23/2021 Edition by Marcus: If you are hiring Cybersecurity folks please post a link to the position here. Please indicate if position can be REMOTE.

  2. Blue team/SecOps folk looking for work: "Hey, so it appears that quite a few of my former coworkers (and current friends) found out yesterday that they would be affected by Rackspace's layoffs. I've got ~10 folks with solid blue team/SecOps experience and another couple with lots of firewalls or systems experience."

  3. How to Write a Cover Letter and Not Hate the Process.

  4. Finding your first remote job.

πŸ“° Articles

  1. The NSO β€œSurveillance List”: What It Is and Isn’t: When more than a dozen media outlets published stories this week about a spy tool that targeted the phones of journalists, activists, and others, the public took note in ways it hadn't in the past.

  2. Bugcrowd - Points don’t matter; Your skills do: For years, researchers have relied on points as an easy, single flat metric for gauging one’s success on the platform – those with more points were ranked higher than those with fewer points.

  3. How Orwa Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools.

  4. Forgot password? Taking over user accounts Kaminsky style: The "Forgot password?" feature and how DNS vulnerabilities may allow the takeover of user accounts.

  5. Can Infosec Professionals Be Vulnerable To Phishing?: Multitasking can be a dangerous thing.

πŸ“š Resources

πŸŽ₯ Videos

  1. Hacker Heroes #6 - dccybersec (Interview): A talk with David Lee (@dccybersec) who is a Youtuber and co-founder of multiple companies.

  2. SQL Injection - Lab #16 Blind SQL injection with out of band data exfiltration: To solve the lab, we exploit the out-of-band SQL injection vulnerability to output the administrator password.

  3. So many different techniques to learn here! - CTF walkthrough: Combine multiple techniques, such as subdomain enumeration using various methods, SQL injection, Broken Access Control, password bruteforce, and many more, when solving a CTF challenge that mimics a bug bounty target on ctfchallenge.com.

  4. HACKING HTTP/2: h2c SMUGGLING.

  5. Hacker Tools - Aquatone: In this week's episode of Hacker Tools, a look at Aquatone.

🎡 Audio

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.