- Hive Five
- Posts
- π Hive Five 96 β How to build a cloud hacking lab, the return of NahamSec, and remediation archeology
π Hive Five 96 β How to build a cloud hacking lab, the return of NahamSec, and remediation archeology
Photo by Russ McCabe / Unsplash
Hi friends,
Greetings from the hive!
Change can be good, but in this case, I'm still figuring out how I feel about it. So what am I talking about? The new GitHub search.
When something changes that's so iconic, I always have mixed feelings. Is it generally worse, or am I just experiencing friction due to change?
Let me know what you think π
PS: You can also find me on Mastodon.
Let's take this week by swarm!
π The Bee's Knees
Jack Cable finished his fellowship in the Senate via @congressfellows. He worked for the Homeland Security and Governmental Affairs Committee under Senator Gary Peters. more
How much money Grzegorz made in his 1st year of bug bounty? Bounty vlog #4. more
How to Build a Cloud Hacking Lab - How easy is it to build your own cloud hacking lab? more
XMPP Stanza Smuggling or How I Hacked Zoom (talk) - XMPP is a popular instant messaging protocol based on XML that is used in messengers, online games and other applications. more | Black Hat USA 2022 | Black Hat Europe 2022 | Black Hat Asia 2022
Security concerns with the e-Tugra certificate authority. Certificate authorities (CAs) are a critical backbone of internet security; when they are compromised, users lose the ability to securely connect to websites without fear of interception. Websites cannot insulate themselves against a fully-compromised CA, even if they normally use other CAs. more
οΈπͺ Sponsor
Want me to write about your company? Sponsor the Hive Five.
π₯ Buzzworthy
β Changelog
π Events
DC44161 is having their first event on January 10th after two years of doing nothing at all with DEFCON Manchester! more
Rana Khalil will b e presenting at the BsidesOttawa conference on November 29th at 10:15 AM. more
10 more sleeps before our PentesterLab's black Friday special! more
Free Microsoft Security Skills Bootcamp, with 20 interactive sessions led by Microsoft and industry experts. (28 November β 1 December 2022) more
π Celebrate
Ali TΓΌtΓΌncΓΌ finished first at 1337UP1122. Congrats! more
PwnFunction joined Project Discovery. Let's go! more
Azeria submitted all her book chapters. Exciting! more
Sharik Khan reached a new milestone, 6601 Points @Bugcrowd , #41 Rank, with 99.3% Accuracy. Amazing! more
renniepak was having an insane week....and found 5 RCEs. Yahoo! more
π° Career
Paul on being stuck in a job due to H1B visa, e.g. Twitter. "Hiring someone with a H1B is trivial, last I heard it cost $6K and took two weeks." more
5 things to do when preparing for an interview Antonio by head of Finance at Google. more
Top tips for standing out as a candidate. more
Pick the company you work for based on the company you want to start. more
Jesse D'Aguanno has an opening on their team for a Senior or Principle Security Researcher. more
β‘οΈ Community
Tom decided to build out their own subdomain enum tool, inspired by G0LDEN_infosec. more
zseano is taking a bug bounty break and returns to dev work. more
Julien asks: "To all you binary fuzzers out there: what does your fuzzing infrastructure look like?" more
Corben is looking for insight on where do cybersecurity budgets go?! more | survey
NahamSec is returning to streaming, making content, and hacking full time. December 1st is going to be his last day at Hadrian. more
π° Read
A few scenarios that are real threats to the integrity of Twitter over the coming weeks. more
Making Cobalt Strike harder for threat actors to abuse. more
Techniques In Email Forensic Analysis - E-mail has emerged as one of the most important applications on Internet for communication of messages, delivery of documents and carrying out of transactions and is used not only from computers but many other electronic gadgets like mobile phones. more
Hacking Salesforce-backed WebApps - Salesforce is a cloud-based customer relationship management (CRM) platform used by thousands of companies. more
SEETF 2022 Smart Contract Write-Up. more
π Resources
the-xentropy/samlistsSamlists: Free, libre, effective, and data-driven wordlists for all. more
nathanlesage/academics-on-mastodon: This repository contains a collection of various lists of academics on Mastodon. more
cipher387/OSINT-and-Cybersecurity-accounts-in-Mastodon. This repository brings together tool creators, bloggers, speakers, book authors, and other interesting Mastodon accounts. more
Flare-On 2022 - This directory contains write-ups with my solutions for Flare-On 2022 that was hosted by FireEye from September 30 to November 11 2022. more
Micah made a made a tool called SMART (Start Me Aggregated Resource Tool). It grabs data from all the OSINT-focused start.me sites and puts them in one place. more | tool
π₯ Watch
Firefox privacy and security hardening guide (2022 revised edition). more
Taggart is trying out Caido, a new web proxy. more
Bounty Hacker Walkthrough - TryHackMe. more
Certificates of Authority: Do you really understand how SSL / TLS works? more
Kernel Exploitation on HEVD #5: Use-After-Free. more | blog post
π΅ Listen
Day[0] 167 - Bypassing Pixel Lock Screens and Checkmk RCE - A Pixel Lockscreen bypass and some discussion about dupes in bug bounty, then a long RCE chain, and a look at client-side path traversals. more
A new podcast called 404 Security Not Found. Join security experts Travis McPeak, Anna Westelius, William Bengtson and Leif Dreizler as they talk all things cybersecurity. more
Darknet Diaries Ep. 128: Gollumfun Part 1 - Beanie Babies Were the Gateway to a Life of Cyber Crime. more
The Privacy, Security, & OSINT Show 284 - Password Managers & 2FA Revisited - This week I revisit the importance of password managers and 2FA, and offer new Bitwarden strategies for daily usage. more
Risky Business #685 - Australia releases the hounds, and it might just work. more
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have **every cloud resource you need** at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- β’ Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- β’ Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- β’ EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- β’ MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- β’ Deep DISCOUNTS on paid content.
- β’ Experience continuously added NEW BENEFITS.