🐝 Hive Five 95 – What is a server, hiring resources, and a Twitter refugee’s guide to Mastodon

Hi friends,

Greetings from the hive!

I hope you're doing wonderful. They say all good things come in twos. This week I got two shots, the flu vaccine and a Covid booster.

I also made two discoveries this week: I found out that you can view the traffic of a GitHub repo, and that regular Insulin costs $25but is slow acting, old, and not easy to manage.

Have you learned anything new?

PS: I'm trying out a new section format with the link(s) on the end. Let me know what you think!

Let's take this week by swarm!

🐝 The Bee's Knees

1. What is a Server? Let's look at server software and servers in data centers to understand how the word is used. more

2. pwn.college, a education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. more

3. Reverse Engineering the Apple MultiPeer Connectivity Framework. more

4. GCP Penetration Testing Notes. more

5. Accidental $70k Google Pixel Lock Screen Bypass. more

🔥 Buzzworthy

✅ Changelog

1. Introduction of the ability to privately report vulnerabilities to repository maintainers on GitHub. more

2. DOMPurify 2.4.1 - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. more

3. GitHub released two variable open source fonts, Mona Sans and Hubot Sans. more

4. Another GitHub release, code search. A new way to search and navigate code. more

📅 Events

1. dawgyg wants to hack and reach $100,000 between Nov 13th and Sunday Nov 20th. He'll donate half to a mental health/addiction charity. more

2. Neovimconf 2022 is happening! Dec 9th and 10th. more | website

🎉 Celebrate

1. TESS shouting out sw33tLie for creating SNS in a cleaner version. Love to see it! more

2. Viktor havin success focusing on one bug bounty program. Go get 'em! more

3. Happy birthday STÖK. Salute! more

4. TomNomNom (and many others) thank project discovery for being committed to open source. Awesome stuff! more

💰 Career

1. Hiring resources, tips, and quality companies that are hiring. more

2. The hiring process is ultra-competitive. Here are 16 ways to stand out in a hiring process. more

3. List of companies that are hiring software engineers, data engs, and EMs. more | doc

4. ali is looking for mid level developer roles. more

5. How to Social Engineer your way into your dream job by Jason Blanchard. more

⚡️ Community

1. Justin Gardner has been doing a security audit of the Amazon Echo Show lately and it's been a blast. more

2. Michał Bentkowski revived his old website. Let him know if you have feedback! more | website

3. Writing Python extensions for Burp Suite is getting more and more awful, Agarri says. more

4. WISP's top needs in 2023 survey. This survey data is used to prioritize their goals and focus areas for the upcoming year. more

5. hakluke started building a new SaaS and is back in Laravel after 7 years! more

📰 Read

1. In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. [more](Exploiting Wi-Fi Stack on Tesla Model S)

2. A Twitter Refugee's Guide to Mastodon. more

3. Sam Curry formed a small team of hackers and collectively hunted for vulnerabilities on John Deere’s security program. During their 10 day engagement, they found 100 unique vulnerabilities with 50 rated critical, 32 high, 14 medium, and 4 low severity. more

4. Practical client side path traversal attacks. more

📚 Resources

1. Jack Rhysider has a Darknet Diaries Discord with 15,000 members. more

2. InfoSec Black Friday Deals. All the deals for InfoSec related software/tools this Black Friday / Cyber Monday. more

3. Talk to Books - Browse passages from books using experimental AI. more

4. The Hitchhiker's Guide to DFIR: Experiences From Beginners and Experts. This is a book written for the DFIR community, by the DFIR community. more

5. ThinkstScapes Quarterly | 2022.Q3. 21 talks from three budding trends: using AI/ML to amplify side-channel attacks, clever cryptography that goes beyond simple data protection, and software analysis at scale. more

🎥 Watch

1. Stephen Sims - A Look at Modern Windows Kernel Exploitation. more

2. We Hack Purple Podcast Episode 59 with Guest Vitaly Unic, the head of AppSec Research at Bright Security. more

3. How to get greater bounties for MEDIUM and LOW risk reports? more

4. Hacker Interview with djdurado. more

5. HackTheBox - Shared walkthrough. more

🎵 Listen

1. DAY[0] Binary Exploitation Podcast 166 - OpenSSL Off-by-One, Java XML Bugs, and a Samsung Chain. more

2. DAY[0] Bug Bounty Podcast 165 - Apache Batik, Static Site Generators, and an Android App Vulnerability. more

3. Malicious Life - What can chess grandmasters teach us about Cyber? more

4. Risky Business #684 - DoJ seizes 50,000 stolen bitcoins from popcorn tin. more

5. Smashing Security 297: Mastodon 101, and the Hushpuppi saga - Graham offers some security and privacy advice for those exodusing Twitter to Mastodon, and Carole slams the door shut on a notorious scammer with a huge Instagram following. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have **every cloud resource you need** at an affordable price.

Subscribe to the Hive Five to read the rest.