Hive Five

By securibee 🐝

Hi friends,

Greetings from the hive!

I hope you had a great first week of 2023.

If you’ve been following my Tweets, you know that I’ve been working on my first Ghost site. I enjoy the project and love learning new things and designing websites.

Taking on this new project and working with an unknown platform is further reinforced by something I read a couple of weeks ago, to make success controllable.

Couple this with focusing on what you can control, and you win, even if it fails, as you acquire new skills and make new relationships.

Let’s take this week by swarm!

🐝 The Bee’s Knees

  1. Live Recon Interview in the Smart Contract Series with ret2jazzy. more
  2. Bypass firewalls with of-CORs and typo-squatting. more | video | repo
  3. 2022 was a record-breaking growth year for CVE data. Jerry goes through the data and highlights some of the most interesting data points. more | repo
  4. Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and more. more
  5. The Top 10 web hacking techniques of 2022 nominations are open. more

️💪 Sponsor

Want me to write about your company? Sponsor the Hive Five.

🔥 Buzzworthy

✅ Changelog

  1. Intigriti has a new content creator: CryptoCat. more
  2. reconFTW v2.5.1 is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. more
  3. DOMPurify 2.4.3 is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. more

📅 Events

  1. OWASP Vulnerability Management Guide on January 12th. more
  2. First episode of the Critical Thinking Bug Bounty Podcast comes out today (Monday). more

🎉 Celebrate

  1. MrTuxracer on his first bug of 2023: A quite crazy authentication bypass affecting a firewall vendor. Keep an eye out for CVE-2023-22620. Keep it up! more
  2. Masonhck357 found his first crit of the year on a 3 year old program. Yessir! more
  3. Valerio Brussani celebrates 2022. Awesome! more
  4. Jason Haddix will be the new CISO and Hacker in Charge at BuddoBot Inc. Let’s go! more

💰 Career

  1. Top 3 things you need to change in 2023 if you’re serious about getting a job in 2023 and more. more

⚡️ Community

  1. zseano is still having a rough time, dealing with sickness. Feel better soon! more
  2. I_Am_Jakoby is looking to collaborate with content creators in the cyber security field. Anyone interested? more
  3. Alethe had a awful experience with CompTIA. more
  4. Yassine Aboukir is flying out of Bali. Safe travels! more
  5. MrTuxracer shares his Bug Bounty goals for 2023. Crush it! more

📰 Read

  1. Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys. more
  2. Corben Leo hacked a large company (70k+ employees) through social engineering. Legally of course. more
  3. Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory. more
  4. Why 2022 was a record-breaking year in bug bounty awards for GitLab. more
  5. The Auditooor Grindset. So, you want to become a smart contract auditor. more

🙏 Support

Enjoy reading the Hive Five? You can treat me to a coffee!

You can also share the newsletter with your friends.

📚 Resources

  1. Offensive Security & Reverse Engineering (OSRE) course. This is the whole course that was covered at Champlain College during Spring 20/21. more | labs| notes | slides
  2. Adrian on how to become a Web3 Bug Bounty Hunter in 2023. more
  3. The top 20 bug bounty creators according to Intigriti. more
  4. A collaboratively curated list of awesome Open-Source Intelligence (OSINT) Resources by ARPSyndicate. more
  5. Educational content related to Smart contract auditing and web3 security throughout the 365 days of the year by Sm4rty-1. more

🎥 Watch

  1. I Hope This Sticks: Analyzing ClipboardEvent Listeners for XSS by spaceraccoon, a NahamCon2022EU talk. more
  2. sec4dev 2022 talk: Scaling AppSec by Clint Gibler. more
  3. HackTheBox - Health - 00:00 - Intro more
  4. Another NahamCon2022EU talk: Hunting for Amazon Cognito Security Misconfigurations by Yassine. more
  5. LevelUpX - Series 13: SPI Flash for Bug Bounty Hunters with Nerdwell. more

🎵 Listen

  1. Darknet Diaries top 13 most listened to episodes. more
  2. The Privacy, Security, & OSINT Show 287 - Listener Questions, UNREDACTED 5, & OSINT 10. more
  3. Malicious Life - Cyberbunker, Part 1. more
  4. Huberman Lab - Jocko Willink: How to Become Resilient, Forge Your Identity & Lead Others. more
  5. Derek Sivers – How to Live as a Creator and Why You Should Focus Like a Monomaniac. more

🧰 Tools

  1. cool-retro-term is a good looking terminal emulator which mimics the old cathode display. more
  2. pgfutter allows you to import CSV and JSON into PostgreSQL the easy way. more
  3. distribute-damage is designed to make Burp evenly distribute load across multiple scanner targets. more
  4. Kleber is a paste and file sharing platform that allows to remove metadata from uploaded files. E.g. removing EXIF data from uploaded images. more
  5. csp-report-extractor extracts CSP report urls from the report-uri part in the headers. more

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. Michael1026H1 | Michael Blake | H1: michael1026 | Application Security Engineer in Oregon.
  2. sobedominik | Dominik Sobe | Indie Hacker and surfer tweeting about bootstrapping SaaS. Sharing my lessons. Currently turning Notion Docs ➯ professional Help Center @HelpkitHQ.
  3. securinti | Inti De Ceukelaire | Hacker | @intidc (Dutch).
  4. sw33tLie | sw33tLie | Hacker and CS student, 22yo | Top 50 @ Bugcrowd.
  5. BeezSLS | Beez | Founder @sls_lifestyle | Tech Made | Angel: @LootBolt | Author: Financial Starter Kit.

🚀 Productivity

  1. Codie Sanchez shows you how to set yourself up for a successful week. more
  2. Santiago shares 11 ways ChatGPT can save developers hours of work every day. more
  3. What tools or techniques people use use to be more productive. more
  4. Bashbunni released pjs: a basic CLI for regularly updating your project’s status. more
  5. 12 Success Lessons for 2023. Introspection is a superpower in today’s fast moving world. more

🌐 Programming

  1. Making an Algorithm 1,606,240% faster. more
  2. Answer to the most asked software engineering question: how do I become a great engineer? more
  3. Copilot internals by Thakkar tries to answer specific questions about the internals of Copilot. more
  4. The web app futurecoder helps you learn to code from scratch. A 100% free and interactive Python course for beginners. more

🧠 Wisdom

  1. Jason Haddix reminding us to spend time with your friends. He calls it the ultimate mental health investment. more
  2. Important and thought-provoking questions. more
  3. TESS dropping knowledge: “Grow through what you go through.” more
  4. Ben Sadeghipour’s thread on educational content. more
  5. Wes Bos on seeking out ways to combat burnout. more

💛 Cross-pollination

  1. Jeffrey Way on calorie tracking to lose weight. more
  2. WinterFest 2021 is an initiative where Artisanal Software companies come together and offer discounts. more
  3. Best office chairs according to Twitter. more
  4. Awesome ChatGPT Prompts is a collection of prompt examples to be used with the ChatGPT model. more
  5. Tech content (blogs, podcasts) created by women. more

🐝 Fact

Although granulated honey appears solid, only about 15 percent of the honey is actually in the solid crystalline state, with the mesh of crystals holding liquid honey within it.

This bee fact is brought to you by The Beekeeper’s Bible: Bees, Honey, Recipes & Other Home Uses.

🙏🏻 Thank you for reading

Was this email forwarded to you? Sign up here.

If you enjoyed this email you can support me by sharing the newsletter with your friends (you can also forward the email). Lets keep in touch, follow me on Twitter (or Mastodon) and let me know what excites you!

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter can contain affiliate links that help support the cost of running the newsletter. They are for tools, courses, and resources that I have found useful myself.

This was issue #103 of Hive Five. You can subscribe or unsubscribe.

This email brought to you by Buttondown, the easiest way to start and grow your newsletter.