- Hive Five
- Posts
- 🐝 Hive Five 107 – The Anti-Recon Recon Club, Till REcollapse, and Privacy Guides.
🐝 Hive Five 107 – The Anti-Recon Recon Club, Till REcollapse, and Privacy Guides.
Hi friends,
Greetings from the hive!
I hope you are crushing your yearly goals. I recently Tweeted asking what people used as a daily search engine. For me, Google and even DuckDuckGo weren’t providing the results I needed.
I mentioned that I tried out Kagi and that I loved it, but sadly the trial ran out. At first, paying a monthly fee seemed a bit much, but this HackerNews thread and deciding to invest in productivity changed my mind.
What was your latest productivity investment?
Let’s take this week by swarm!
🐝 The Bee’s Knees
The Anti-Recon Recon Club (using ReconFTW). Recon is important, but some people hate it. Jason gets it. When you’re in the zone and ready to pounce on a target, you just want to start hacking. more
Till REcollapse: Fuzzing the Web for Mysterious Bugs by @0xacb (NahamCon2022EU). more
MyBB <= 1.8.31: Remote Code Execution Chain. MyBB is one seriously popular type of open-source forum software. However, even a popular tool can contain bugs or even bug chains that can lead to the compromise of an entire system. more
Privacy Guides is your central privacy and security resource to protect yourself online. more
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails. Many enterprise organizations that deal with large amounts of data that needs to be shared between employees or stakeholders often use enterprise file transfer software. more
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🔥 Buzzworthy
✅ Changelog
xnLinKFinder v3.0: Lots of bug fixes and some small improvements, mainly around the new wordlist option. more
FFuF v2.0.0: A fast web fuzzer written in Go. more
bbrf-client v1.3.1: This release includes the following Support for CIDR scopes; you can now add an IP address or range in scope, e.g. bbrf inscope add 1.1.1.0/24 and later add URLs. more
📅 Events
YesWeHack will be hosing a bug bounty event on March 9-10 at Nullcon DE 2023. It’s open to all attendees! more
🎉 Celebrate
💰 Career
Rachael got laid off from Okta and is looking for work. She is a cybersecurity risk manager with 20 years of experience and a great track record. more
Three job openings on the BloodHoundEnterprise team: Salaries range from $120k-170k USD, excellent benefits, and fully remote. They are looking for back- and front-end engineers and a Technical Account Manager. more
Hadrian Security is hiring Junior through Senior offensive security engineers. more
⚡️ Community
Damian developed 7 new golang tools over several weeks and it became his favorite language. more
STÖK shows you how you can turn a small room into a decent studio. Hashtag goals. more
Nathaniel earned $683K AUD in the past couple months and is going to spend this year prioritizing being physically and mentally fit. more
Companies or products people wish had a bug bounty program to hack on. more
d0nut has been having a ton of fun learning a couple of new languages. more
📰 Read
How to use mksub: Beyond the basics. mksub is a simple tool. It generates subdomains by combining words from a wordlist with a target domain. more
Security Advisory: Remote Command Execution in binwalk. more
A hacker’s guide to SSL certificates, featuring TLSx. more
RCE in Avaya Aura Device Services. For those who haven’t had the pleasure, Avaya Aura is a (rather complicated) platform for managing IP phones. more
Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit. Metasploit recently released version 6.3 and with it came a whole lot of new features related to LDAP operations and using Kerberos authentication. more
📚 Resources
🎥 Watch
Linux Privilege Escalation for Beginners. more
Cheat Engine Introduction (tutorial 1-4) - Game Hacking Series. In this video, they discuss the bug bounty in relation to game hacking, install cheat engine (7.4), run through the basic functionality and beginner tutorials (steps 1-4). Finally, they’ll apply the techniques we learnt to a real game (AssaultCube) more
TCP for Hackers: Wireshark Basics (with @ChrisGreer). more
A walkthrough of HackTheBox Response. more
Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL. This lab has an unprotected admin panel. more
🎵 Listen
NeedleStack S1E16 - Dark web research tips for the OSINT-curious. Michael James of the OSINT Curious Project joins the podcast to give expert tips on conducting dark web research. more
Cyber Idiots Podcast EP8 - It’s time to talk about mental health in cyber w/ Lily Clark. more
Bug Bounty Podcast 183 - CSS Injection and a Google Cloud Project Takeover Bug. Starting off the week strong with a CSS injection turned full-read SSRF, and a MyBB exploit chain from XSS to server-side code injection. more
Critical Thinking - Bug Bounty Podcast S01 E04: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon. more
Critical Thinking - Bug Bounty Podcast S01 E05: AI Security, Hacking WiFi, the New XSS Hunter, and more. more
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.