- Hive Five
- Posts
- 🐝 Hive Five 120 - Don’t be the best. Be the only.
🐝 Hive Five 120 - Don’t be the best. Be the only.
By securibee 🐝
Hi friends,
Greetings from the hive!
I hope you had a good weekend. Mine was pretty exhausting but fulfilling. The highlights were a bunch of great fights that took place this weekend, which I thoroughly enjoyed.
Newsletter-related, I want to incorporate more imagery and see how that feels. Speaking of which, here’s a screenshot of my daily not in Obsidian:
Let’s take this week by swarm!
🐝 The Bee’s Knees
Bug Bounty Basics: Cross-site Scripting. Is this the right bug to go for as a beginner? Or should it be left for advanced hackers? Katie breaks it down for you. more
Youssef Sammouda, the top-ranked Facebook bug bounty hunter, shares his experiences and approaches to bug hunting in this podcast. He discusses his preference for Facebook’s higher payouts and faster payment time. more
LangChain Prompt Injection Webinar where Prompt injection is explained by Simon Willison with video, slides, and a transcript. more | transcript
DevTernity 2019 talk by Scott Hanselman on Scaling Yourself. He covers various topics, from productivity to time management, taking care of oneself, and the importance of . He stresses that saying no is the ultimate productivity hack and that less is always more. more
Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera. If you work in the hospitality industry, it’s quite likely that you have seen or worked with Oracle Opera. This software is used by almost all of the largest hotels/resort chains around the world. more
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🏞️ Bee’s Eye View
🔥 Buzzworthy
✅ Changelog
Trickest 2.0 has a vibrant redesign and a lightning-fast workflow engine. more
jesseduffield/lazygit v0.38.2 contains a revamped commit message panel (@seand52), much better interactive rebase behaviour (@stefanhaller), and much less error-prone custom patch behaviour (also @stefanhaller). more
RetireJS/retire.js 4.2.1 is a scanner detecting the use of JavaScript libraries with known vulnerabilities. more
hisxo/ReconAIzer v0.7 is a Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more! more
Bugcrowd introduces Request a Response - A new standard for hacker and customer response time. more
📅 Events
Codingo et al started to get serious about BSidesGC planning. Expected in 2024, dates to follow soon as they’ve re-re-secured the venue. more
Compete in the 2023 Social Engineering Community Vishing Competition. Apply before June 1st. more
Bugcrowd and drunkrhin0’s first hacker AMA webinar with Nerdwell takes place on May 9th. more
🎉 Celebrate
Corben submitted his first critical Blockchain/DLT vulnerability on Immunefi. Let’s go! more
Cyber Detective reached 25k followers. Congrats! more
Peter made it to number 1 on the Synack Red Team 1 year leaderboard. Awesome! more
Alex Chapman welcomes Maddie into his family. Wonderful! more
Zseano helped deliver his second baby boy at home via the phone. Wow, amazing! more
💰 Career
⚡️ Community
How Osirys got their first job as pentester a few months after their arrival in Australia shows the benefit of increasing your luck surface. more
Corben received the first boring mattress prototype. more
Farah had fun catching up with TESS. more
Check out Matt’s newsletter: VulnerableU. Mental health meets information security. more
d0nut’s blog post was featured on Hashnode. more
📰 Read
Cookie Bugs - Smuggling & Injection. Recently, Ankur investigated how browsers encode & send cookies, and how they are parsed by various web frameworks. more
Why is OAuth still hard in 2023? Robin lists several problem such as OAuth standard being too big and complex. more
Redash SAML Authentication Bypass. Redash is a popular data analysis and visualization tool. Calif recently reported a critical SAML authentication bypass vulnerability affecting its latest version (10.1.0). The vulnerability could be exploited by anyone to gain highest possible privileges on the system. more
A young hacker reminisces about the covid lockdown and their learning journey. more
A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… All to achieve CSRF against an in-scope asset. more
📚 Resources
A collection of the best lightning talks (under 15 minutes) of all time. more
Hacker’s favorite ways to display and browse recon data: terminal, TUIs, Web UIs, and more. more
eugeneyan/open-llms is a list of open LLMs available for commercial use. more
Cloudflare Radar is a hub that showcases global Internet traffic, attack, and technology trends and insights. I had no idea this existed. Also, did you know 29% of the traffic is bots? more
CSS Injection via PostMessages to stealing Credit Card Info. more
🎥 Watch
How g0lden is learning Web3 — Smart Contracts, Security, and Bug Bounty. more
An interview with Eben Upton, founder and inventor of Raspberry Pi. He talks about the birthplace and home of the Raspberry Pi, how St John’s college played such an important role in the creation of the Raspberry Pi and why it all started. more
In this Directory Traversal guide you’ll learn the theory behind Directory Traversal vulnerabilities, how to find these types of vulnerabilities from both a white box and black box perspective, how to exploit them and how to prevent them. more
Windows Privilege Escalation for Beginners covers gaining a foothold, kernel exploits, impersonation attacks and more. more
Pentester Blueprint: Your road to success. Learn your path to success with the man who has wrestled a bear and lived to tell the tale! Phillip not only wrestled, was a bouncer, and a whole lot more, but also become a pentester! This is your Pentester Blueprint. // Books Mentioned // The Pentester Blueprint: The Ha more
Hack The Box - Flight walkthrough. more
🎵 Listen
Day[0] Bug Bounty Podcast 207 - Git Config Injection and a Sophos Pre-Auth RCE. more
In this first episode of Phillip Wylie’s new podcast he has a conversation with Cybersecurity Community OG and EH-net Founder Don Donzal. Don recently gave a talk about his almost two-year sabbatical where he learned lessons about work-life balance more
Critical Thinking - Bug Bounty Podcast Episode 17: LA Live Chat with Five Legendary Hackers. more
No Moat: Closed AI gets its Open Source wakeup call. Live reactions to the leaked Google Moat memo, with 2700 devs listening in, ft. Simon + Travis. Plus: the Google Brain Drain, and how Python gets 3500x faster with Mojo. more
Darknet Diaries EP 133: I’m the Real Connor. One day Connor Tumbleson got an email saying his identity has been stolen. And this was one of the strangest days he’s ever had. more
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.