🐝 Hive Five #5 - "We become what we behold. We shape our tools, and thereafter our tools shape us." ― Marshall McLuhan

Hi friends,

Greetings from the hive!

I hope you had a good weekend. Mine was fairly exciting, as I joined an awesome project. More on that in the near future I'm sure.

Last week something raw and real happened as my family was met with sadness. One of our pets passed away. An event like that definitely brings perspective and forces reflection. She'll be sorely missed.

I also posted two beelog posts this week 18 Inclusive Communities Worth Joining and Bee Meets World - A Web Journey. Let me know what you think.

Let's end this introduction on a high note. I just found out that one of my friends, that I'd lost contact with, started a podcast. What a small world.

Now that we're all up-to-date, let's start the show!

The Bee's Knees

• jill wohlner started streaming on Twitch: Jill Wohlner, founder & CEO of underpin, started streaming on Twitch. She's been in the technical recruiting world for over a decade at companies like DigitalOcean, Fastly, Simple, Rackspace and more. She finds immense joy in helping folks find jobs they love.

• BurntSushi/ripgrep: A recent Tweet about grep reminded me of ripgrep, by Andrew Gallant (BurntSushi), a blazing fast alternative written in Rust. It supports backtracking with the --pcre2 flag.

• From Bug Bounty to Big Bounty - Lucas Philippe: YesWeHack's tech ambassador BitK explains how to exploit so called "low impact" bugs and maximize the impact. Focusing on (self) XSS, SSRF, and SSTI in Flask.

• The great SameSite confusion: A great blog post, where Julien Cretel dissects a common misconception about the SameSite cookie attribute, exploring its potential impact on web security.

• Android Pentesting Part 1 & Part 2: Hacking Simplified shows you how to perform an Android pentest. Part 1 covers architecture, static analysis with apktool, gf, and jadx. Part 2 goes in to detail about insecure logging, storage, setting up Genymotion and pidcat.

Buzzworthy

• AvasDream's collection of pentesting dockerfiles

• Ask HN: Any tips for a programmer wanting to switch into Security?

• Recon and Corporate OSINT with DNSGrep and Rapid7 Open Data

• Chatting with @Hacksplained about Bug Bounties and Infosec Jobs

• Getting a Gig: A Guide

• A GitHub bug bounty tip by EdOverflow

• No BS Guide - Top 6 Browser Extensions for Bug Bounty

• How I use Obsidian to prepare for and run my DnD games

• Bypassing WAFs (Web Application Filters)

• Developer-Y/cs-video-courses

• Collaboration Opportunities - findhunters

• @Busra Demir Talks About Pentesting, Content Discovery, Getting Started With OSCP, Creating Content

• ThugCrowd's Weekly Notes 20210126

• BugBountyHunting Search Engine

• How to Build a Personal Monopoly with Jack Butcher

• The 10 Most Common Bugs of 2021 So Far, and How to Find Them!

• pry0cc (Ben Bidmead) shifted his entire pentest and hacking methodology to using axiom

• InsiderPHD started streaming on Twitch

• Command & Conquer Online - CnCNet

Beeautiful

Image:

Song: JID, Denzel Curry – Bruuuh Remix

🙏🏻 Support

If you enjoy this content, a quick share would be awesome.

Select links are affiliates that I get a kickback from. They must pass curation, no exceptions.​

❤️ Don't bee a stranger

I'd love to hear your thoughts! You can reach me on Twitter, or replying to this email also works.​Until next week, take care of yourself and each other,

securibee 🐝