• Hive Five
  • Posts
  • 🐝 Hive Five #33 – Live life

🐝 Hive Five #33 – Live life

Hi friend,

Greetings from the hive!

I hope you had a great weekend. Mine was unexpectedly intense. There was a medical emergency in my family but thankfully all turned out well.

This event further emphasized a recurring thought I've been having, to live life to the fullest. Long-term goals are fine and all but make sure you're making the most out of every day. Let your loved ones know you care and don't forget to be silly once in a while!

In lighter news, I've recently purchased AfterShokz Aeropex, open-ear bone conducted headphones, to accompany me on my daily runs. So far I'm liking them a lot!

Let's take this week by swarm!

🐝 The Bee's Knees

  1. How MarkMonitor left >60,000 domains for the taking: Thanks to Nagli and d0xing for helping figure out what was happening with this issue.

  2. How does cryptography ACTUALLY work?: In this video they attempt to introduce you to some of the maths behind modern cryptography, which is in a sense how the world around us works now.

  3. AutoRecon v2 (Introduction + Plugin Development): The reveal of AutoRecon v2.

  4. Zoom RCE from Pwn2Own 2021: On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021.

  5. Rana Khalil's Web Security Academy Series: This course is based on a Youtube series called the Web Security Academy Series.

πŸ™πŸ» Enjoy This Newsletter?

Join the Hive community! You can reach me on Twitter, or replying to this email also works.

πŸ’Œ Want to sponsor an issue?

  • Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

πŸ”₯ Buzzworthy

βœ… Changelog

πŸ“… Events

  1. buraaq is giving away a BugBountyHunt3r membership.

  2. Six2dez is releasing ReconFTW v2.0: during their talk at @DragonJARCon 2021, 09/01.

  3. Bugcrowd releases friends feature: Platform Collaboration in 5 Easy Steps.

πŸŽ‰ Celebrate

πŸ’° Career Corner

πŸ“° Articles

  1. Oauth client secret leak and possible IDOR leading to PII Disclosure.

  2. Blind XXE Leads to Internal Port Scanning Through SSRF.

  3. How to Inspect Network Traffic: Weed out the noise to drill down to what your systems are doing and what could be a true threat.

  4. How to set up Docker for Varnish HTTP/2 request smuggling: Alfred Berg, Security Researcher at Detectify, shows you how to set up an environment to test out HTTP/2 request smuggling.

  5. Attack Surface Management. You’re (probably) doing it wrong..

πŸ“š Resources

πŸŽ₯ Videos

  1. Controversial Security - BSides Berlin 2021.

  2. Decentralizing Git Workflows with Abbey Titcomb of Radicle: Radicle is a new kind of code collaboration network built entirely on open protocols.

  3. Cross-Site Request Forgery (CSRF) | Complete Guide: Covering the theory behind Cross-Site Request Forgery (CSRF) vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them.

  4. "You Changed My Life" with John Hammond (Hacker Heroes #11).

  5. Prototype pollution in Google Analytics?! Solution to August '21 XSS Challenge.

🎡 Audio

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.