• Hive Five
  • Posts
  • 🐝 Hive Five 63 – The Power of Now

🐝 Hive Five 63 – The Power of Now

Hi friends,

Greetings from the hive!

I hope you had a good weekend. I received a bunch of different books this week, and ordered one myself on Ben's recommendation: The Power of Now - A Guide to Spiritual Enlightenment.

I can't wait to read them all. Have you read anything interesting lately?

Let's take this week by swarm!

🐝 The Bee's Knees

  1. LiveOverflow has been Hacking for 10 Years! (Stripe CTF Speedrun): In 2012 he came across his first hacking CTF. Stripe organized a Capture the Flag competition with 6 levels to learn about different vulnerabilities. This is what it all started for him.

  2. rootxharsh Talks About Recon, Finding A $50,000 Remote Command Execution in Apple, and more!: rootxharsh is an amazing hacker with a ton of experience. In this interview, Harsh shares his story about how he got into hacking and bug bounties, his recon approach, as well as his $50,000 bounty on Apple!

  3. $100k Hacking any website in Safari with uXSS - a 0-day chain.

  4. C++ Memory Corruption (std::string) - part 4: This is the next part of the C++ memory corruption series*. In this post, we'll look at corrupting the std:string object in Linux and see what exploitation primitives we can gain.

  5. Thinking About the Future of InfoSec (v2022): Daniel is starting a new series with this 2022 edition where he thinks about what Information Security could or should look like in the distant futureβ€”say in 2050. The ideas will cover multiple aspects of InfoSec, from organizational structure to technology.

πŸ™πŸ» Support the Hive

πŸ”₯ Buzzworthy

βœ… Changelog

  1. ffuf v1.4.0 release: This is a release with a ton of bugfixes and few major new features from community contributors. And a new mascot!

  2. Sharpener v1.2 release: Now in BApp Store.

πŸ“… Events

  1. Bia will be speaking at H.O.P.E. conf: Hackers On Planet Earth - July 22-24, 2022 - Queens, New York City, USA.

πŸŽ‰ Celebrate

πŸ’° Career Corner

⚑️ From the Community

πŸ“° Articles

  1. Left To My Own Devices – Fast NTCracking in Rust.

  2. How to Disagree: Paul Graham has a great piece on how to disagree with people in the best possible way.

  3. Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121): This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group.

  4. Implementing a toy version of TLS 1.3.

  5. Basic recon to RCE II: They originally wanted to name this article β€œThe RCE that everyone missed”, but since it was too β€œclickbait”, this is the title you see now.

πŸ“š Resources

  1. Smart contract audit checklists.

  2. Which certs are best for particular InfoSec specializations (thread).

  3. What Jason Haddix uses for bug bounty: "Testing Environment: DO Ubuntu VPS, 2 vCPUs. 4GB mem / 60GB Disk, ($20/mo)."

  4. People's favorite hacker YouTube channels.

  5. Cybersecurity handbook: This digital handbook was crafted by the GuideSmith team in order to provide a simple and easy guide for newcomers.

πŸŽ₯ Videos

  1. CORS - Lab #2 CORS vulnerability with trusted null origin | Long Video: This video covers Lab #2 in the CORS module of the Web Security Academy.

  2. Heap Exploitation on Linux 101: The House of Force Technique.

  3. IppSec tackling HackTheBox - Secret.

  4. PHP Type Juggling - Why === is Important.

  5. Chrome Heap OOB Access and TLStorm [Binary Exploitation Podcast]: A few issues this week, a OOB access in chrome and in the Linux Kernel's Netfilter, and a few issues in Smart UPS devices.

🎡 Audio

  1. The Privacy, Security, & OSINT Show #255 -Dedicated VPN IP Addresses: This week discusses the benefits of a dedicated VPN IP address, and an overall update to thoughts on VPN providers.

  2. Smashing Security #267 - Virtual kidnapping, two helipads, and a naughty Apple employee: A Russian bank tells its customers to stop installing security updates, an Apple employee ends up in hot water, and learn our tips to avoid being virtually kidnapped.

  3. Risky Business #659 - Okta and Microsoft meet LAPSUS$.

  4. Malicious Life - Cyber PTSD.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.