• Hive Five
  • Posts
  • 🐝 Hive Five 47 – Parkinson’s Law

🐝 Hive Five 47 – Parkinson’s Law

Hi friends,

Greetings from the hive!

I hope you had a cozy weekend. Of course, being from the Netherlands and all, I had to celebrate Sinterklaas. My mother even sent several gifts.

Productivity-wise, I want to get more out of my Apple devices. So, I will be looking into Apple Shortcuts, widgets, and focus modes.

I also ran a record amount of miles this weekend, and I'm feeling it.

What have you been up to? Let me know.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon: The way in which an attacker could compromise any domain under the “.to” TLD.

  2. Craftsmanship and My Father — MacSparky: Craftsmanship means caring about what you create.

  3. Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809): When assessing an attack surface, they came across an instance of Jamf Pro installed on premise. To them, when they saw this paradigm of deploying Jamf Pro to the internet and having it externally exposed, their security research team was quite curious about potential vulnerabilities that existed within it. Advisory: Jamf Pro SSRF - CVE-2021-39303 & CVE-2021-40809.

  4. Hakluke - Creating the Perfect Bug Bounty Automation: Luke is addicted to building bug bounty automation. He's built a full bug bounty automation framework from the ground up 3 times now. It has become better every time, but he's still not happy.

  5. Proxy Agent  —  a tool for mobile penetration testers: Earlier in March this year, they introduced Autowasp — A Burp Suite extension that integrates Burp issues logging with OWASP’s Web Security Testing Guide (WSTG) to streamline the security testing flow for penetration testers, particularly those working on web applications.

🙏🏻 Support The Hive

  • Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

🔥 Buzzworthy

✅ Changelog

  1. The mystery of the missing Mac release: Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate.

📅 Events

  1. Hacking bundle by No Starch Press.

  2. Rust Moderation Team Resignation: This resignation is done in protest of the Core Team placing themselves unaccountable to anyone but themselves.

  3. TryHackMe! Advent of Cyber - 2021 KICKOFF: 25 Days of Learning CYBERSECURITY.

  4. Bugcrowd's TeamHunt2021: Inspiring to see all of the collaboration. Final results coming soon.

🎉 Celebrate

💰 Career Corner

📰 Articles

📚 Resources

  1. awesome-kubernetes-security: A curated list of awesome Kubernetes security resources.

  2. Mahmoud Workflow To Parse JS Files.

  3. bheda's shares top smart contract vulnerabilities: broken down into easily digestible snippets.

  4. People that are crushing it in infosec via Caleb.

  5. Vickie Li AMA: They're a dev evangelist at security company @ShiftLeftInc.

🎥 Videos

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
  • • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
  • • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
  • • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
  • • Deep DISCOUNTS on paid content.
  • • Experience continuously added NEW BENEFITS.