• Hive Five
  • Posts
  • 🐝 Hive Five 60 - Start with Why

🐝 Hive Five 60 - Start with Why

Photo by Millo Lin / Unsplash

Hi friends,

Greetings from the hive!

I hope you're doing well. Take care of yourself and your loved ones. A lot is going on. If you're able, do something nice for someone. We need more kindness in this world.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Black Hat EU 2021 - Picking Lockfiles: Attacking and Defending Your Supply Chain.

  2. Write plain text files: Reliable, flexible, portable, independent, and long-lasting. Plain text files will be readable by future generations, hundreds of years from now.

  3. Pwning a Server using Markdown: Hashnode is a blogging platform for developers where you can host your blogs for free with your custom domains. This is packed with features and one such feature is the "Bulk Markdown Importer".

  4. Bounty Thursdays - live #2: news/tools and community questions with STΓ–K and Jason Haddix.

  5. Sunflower Con - Charity fundraiser conference: Joe Gray from TheOSINTion and Bryan Brake from BrakeSec Podcast setup the conference to raise funds for Ukraine families.

πŸ™πŸ» Support the Hive

πŸ”₯ Buzzworthy

βœ… Changelog

  1. feroxbuster 2.6.0 release: A fast, simple, recursive content discovery tool written in Rust.

  2. Go 1.17.8 and 1.16.5 are released: Includes a security fix for regexp/syntax (CVE-2022-24921).

  3. PentesterLab released 5 HTTP badge videos.

  4. Gau v2.0.9 release: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

  5. Osmedeus v4.0.3 release: A Workflow Engine for Offensive Security.

πŸ“… Events

πŸŽ‰ Celebrate

πŸ’° Career Corner

  1. Z-winK on the demand of pentesters.

  2. Ask HN - Who is hiring? (March 2022).

  3. Dr. K about getting fired: Dr. K addresses a subreddit post about getting fired, moving on, and getting a new job.

  4. How to make the most out of a mentoring relationship: Whether or not you have a formal or more casual mentor in your life, the benefits of a trusted confidant reach far beyond increased engagement and sense of belonging.

πŸ“° Articles

  1. Reading RFCs for bug bounty hunters.

  2. How zoid hacked a crypto company and could steal 1 million dollars worth of Bitcoin: Breaking path normalisation has been their biggest interest in the past couple of years.

  3. More secure Facebook Canvas Part 2 - More Account Takeovers: After publishing the write-ups about the bugs they previously found in Facebook Games Platform ( Canvas ), they thought about taking a more in depth look into the code and changes made to it after fixes, as sometimes a fix of a bug can introduce another one.

  4. Crypto is Exciting Because It Changes Incentives: Most of the talk around crypto is the argument around legitimacy. Is there a there there? Is it hype? Is it a fad? Is it the next internet? The second big conversation around crypto is about the tech itself. Bitcoin, ETH, and the thousands of others trying to carve a path.

πŸ“š Resources

  1. Hackerone Stats: Hackerone Stats is a bunch of automation built to keep track of data from all public bounty programs listed on Hackerone.

  2. param-miner-doc: Unofficial documentation for the great tool Param Miner by James 'albinowax' Kettle, who also contributed to the repo.

  3. Bash tricks you'd share with a friend via pry0cc.

  4. Collection of Twitter BugBounty Tips.

  5. Basic OpSec tips and tricks for OSINT researchers.

πŸŽ₯ Videos

  1. InsecureNature Talks About Hacking, Certificate Transparency, TruffleHog, and more: Ever wanted to hear directly from one of @trufflesec / TruffleHog's founder?

  2. "Prevention First" - An Approach to Cybersecurity w/ Minerva Labs.

  3. Learn about Time-Based Blind SQL Injection: In this video, you are going to have a look at how to retrieve data from a PostgreSQL database by monitoring DB sleeps using the pg_sleep() function.

  4. ImageGear JPEG Vulns, NetFilter, and a LibCurl Memory Disclosure [Binary Exploitation Podcast]: Quick episode with four somewhat simple bugs in JPEG parsing, a remote memory disclosure in libcurl due to the difference sizeof(long) on Linux vs Windows, and a heap out of bounds write in the Linux Kernel.

  5. Introduction into APIs and Postman.

🎡 Audio

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.

Subscribe to keep reading

This content is free, but you must be subscribed to Hive Five to continue reading.

Already a subscriber?Sign In.Not now