Photo by Matthew Henry / Unsplash

Hi friends,

Greetings from the hive!

I hope you are well—no major updates from me. I've been busy with work and personal matters.

I look forward to iterating further on my website and newsletter. I even have ideas for other projects.

Make sure you hug your loved ones.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Some log4j resources:

    1. CVE-2021-44228 - Log4j - minecraft vulnerable! (and so much more).

    2. Gist with expl️oitation detection ideas and rules.

    3. Huntress Log4Shell Vulnerability Tester.

    4. Thinkst Canary point & click log4shell token.

    5. NCC Group is maintaining a meta thread on Reddit.

    6. Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package.

    7. Bugcrowd - Log4Shell, The Worst Java Vulnerability in Years.

  2. Why do you Duplicate so much with Bug Bounties?: Codingo shares how to dupe less.

  3. CISA Director Jen Easterly's Keynote at Black Hat USA 2021.

  4. Don’t Reply - A Clever Phishing Method In Apple’s Mail App.

  5. How Acunetix addresses HTTP/2 vulnerabilities.

🙏🏻 Support the Hive

sponsor the hive five

🔥 Buzzworthy

Changelog

  1. Proxy Intercept is off by default in Burp early adopter release.

  2. Burp Suite 2021.12 release: with multi-host Intruder attacks, customizable Inspector panel, and a dedicated version for Mac M1 machines.

  3. Shodan introducing GeoNet: a free API to ping an IP or do DNS lookups from multiple locations around the world.

  4. DOMPurify 2.3.4 release.

  5. FullHunt Integration with Amass + SpiderFoot: FullHunt Public API is now a data provider for Amass + SpiderFoot.

📅 Events

  1. HackerOne's HackyHolidays is back: Brought to you by adamtlangley and Congon4tor.

  2. Polarity’s Holiday Triage Tournament: The Triage Tournament is a competition to find the fastest security professionals and techniques in a battle of data triage.

  3. Blue Team Con 2022 Call For Papers.

  4. NULLCON Berlin 2022 Call For Papers.

  5. HackTheBox - Hacking Party: Cyber Santa is Coming to Town 14 December 3PM UTC.

🎉 Celebrate

  1. STÖK reached 100k YouTube subscribers: Amazing!

  2. Women Cyber Security Rising Stars of 2021: Congrats!

  3. Mustafa received unique Bugcrowd swag: Looking good!

  4. Truffle Security forbes30under30 and Series A announcement: Wow!

  5. meg receives (ISC)² trophy: Woohoo!

💰 Career Corner

  1. Hiring - Appomni is looking for someone to help them hack and find misconfigs in SaaS apps.

  2. Resource - Writing matters - How to improve your written communication skills: It’s tempting as leaders to declare intention only in meetings, but without a written document explaining larger initiatives, it becomes very challenging to express intent consistently and widely across time.

  3. Hiring - Snyk - Security Researcher, Security R&D: looking for an experienced Security Researcher to join Snyk’s Security Labs team and take part in leading research projects in Open Source libraries, SAST, Containers and Infrastructure as Code domains and products.

  4. BanjoCrashland's IRL Job Hunting Like a Hacker: Job hunting VOD of Friday, 12/10, on Twitch livestream.

  5. Alyssa's advice - know you worth: Two real-life recent examples of know your worth and get paid for the job you'll be doing.

📰 Articles

  1. A phishing document signed by Microsoft – part 1: This blog post is part of series of two posts that describe weaknesses in Microsoft Excel that could be leveraged to create malicious phishing documents signed by Microsoft that load arbitrary code. These weaknesses have been addressed by Microsoft in the following patch: CVE-2021-28449.

  2. How to audit Solana smart contracts Part 3: penetration testing: This article introduces a few penetration testing tools to help detect vulnerabilities in Solana or Rust programs in general.

  3. Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021: In this second blog in the series, ZDI Vulnerability Researcher Hossein Lotfi looks at the root cause of CVE-2021-21220.

  4. How to write idempotent Bash scripts - Fatih Arslan: It happens a lot, you write a bash script and half way it exits due an error.

  5. Find command injection in source code - ShiftLeft Blog: When learning how to find, exploit, or prevent different types of security vulnerabilities, you’ll want to understand the vulnerability’s root causes and what happens to an application when it’s exploited.

📚 Resources

  1. OSINT Username generation guide.

  2. Open source security tools: A list of interesting open-source tools 3rdpart lists.

  3. Learning Python resources via Rana: This is the most asked question when it comes to my Rana's WebSecAcademy.

  4. Recognize/Counter Online Disinformation resources.

  5. Resources from someone who just passed the Security+.

🎥 Videos

  1. HackTheBox - Writer.

  2. I opened on a malicious email attachment.. and this is what happened: We have all been told to NOT open attachments or click on links inside emails.

  3. How I Passed My CCSP (Certified Cloud Security Professional) Exam & How You Can Too.

  4. $28k IDOR that broke Apple Shortcuts - Apple bug bounty.

  5. The Mobile Sec Special - Melbourne Chapter (Virtual) Meetup - 23rd Nov 2021.

🎵 Audio

  1. Alice and Bob learn application security Chapter 7 - an appsec program.

  2. How to fix the internet - Pay a Hacker, Save a Life: Cindy and Danny speak with cybersecurity expert Tarah Wheeler.

  3. SyntaxFM 293 - Stretching for developers with Scott.

  4. The One Where Phillip Wiley Wrestles A Bear | KnightLife On ITSPmagazine With Alissa Valentina Knight.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Upgrade Now

Get access to premium content

Subscribe

Keep Reading

© 2026 Hive Five.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv