- Hive Five
- Posts
- 🐝 Hive Five 47 – Parkinson’s Law
🐝 Hive Five 47 – Parkinson’s Law
Photo by Tingey Injury Law Firm / Unsplash
Hi friends,
Greetings from the hive!
I hope you had a cozy weekend. Of course, being from the Netherlands and all, I had to celebrate Sinterklaas. My mother even sent several gifts.
Productivity-wise, I want to get more out of my Apple devices. So, I will be looking into Apple Shortcuts, widgets, and focus modes.
I also ran a record amount of miles this weekend, and I'm feeling it.
What have you been up to? Let me know.
Let's take this week by swarm!
🐝 The Bee's Knees
Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon: The way in which an attacker could compromise any domain under the “.to” TLD.
Craftsmanship and My Father — MacSparky: Craftsmanship means caring about what you create.
Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809): When assessing an attack surface, they came across an instance of Jamf Pro installed on premise. To them, when they saw this paradigm of deploying Jamf Pro to the internet and having it externally exposed, their security research team was quite curious about potential vulnerabilities that existed within it. Advisory: Jamf Pro SSRF - CVE-2021-39303 & CVE-2021-40809.
Hakluke - Creating the Perfect Bug Bounty Automation: Luke is addicted to building bug bounty automation. He's built a full bug bounty automation framework from the ground up 3 times now. It has become better every time, but he's still not happy.
Proxy Agent — a tool for mobile penetration testers: Earlier in March this year, they introduced Autowasp — A Burp Suite extension that integrates Burp issues logging with OWASP’s Web Security Testing Guide (WSTG) to streamline the security testing flow for penetration testers, particularly those working on web applications.
🙏🏻 Support The Hive
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
🔥 Buzzworthy
✅ Changelog
The mystery of the missing Mac release: Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate.
📅 Events
Rust Moderation Team Resignation: This resignation is done in protest of the Core Team placing themselves unaccountable to anyone but themselves.
TryHackMe! Advent of Cyber - 2021 KICKOFF: 25 Days of Learning CYBERSECURITY.
Bugcrowd's TeamHunt2021: Inspiring to see all of the collaboration. Final results coming soon.
🎉 Celebrate
shubs's AssetNote will be posting numerous blogs. Can't wait!
rez0 pushed over 1k points on Bugcrowd: Nice one!
Vegeta received their first salary: Wonderful!
💰 Career Corner
📰 Articles
How Social Media can be Used to Gather Actionable Threat Intelligence.
Arbitrary package tampering in Deno registry + Code Injection in encoding/yaml.
Former Ubiquiti dev charged for trying to extort his employer.
10 Unknown Security Pitfalls for Python: Within Python, just like in any other programming language, there are certain features that can be misleading or misused by developers.
📚 Resources
awesome-kubernetes-security: A curated list of awesome Kubernetes security resources.
bheda's shares top smart contract vulnerabilities: broken down into easily digestible snippets.
Vickie Li AMA: They're a dev evangelist at security company @ShiftLeftInc.
🎥 Videos
Beginners Guide for TraceLabs CTFs (OSINT for Missing People).
Hardwear.io NL 2021 - Over The Air-Tag: Shenanigans With A Keyfinder by Jiska , Fabian And Thomas.
Dream - The Infiltration Of The Dark Net: via Katie.
Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.