- Hive Five
- Posts
- 🐝 Hive Five 126 - NahamCon2023, Networking Fundamentals, and Pioneering The Bug Bounty Platform
🐝 Hive Five 126 - NahamCon2023, Networking Fundamentals, and Pioneering The Bug Bounty Platform
Hi friends,
Greetings from the hive!
I hope you had a good weekend. Unfortunately, I wasn’t able to attend NahamCon2023.
Come to think of it, this might’ve been the first event that NahamSec organized that I wasn’t able to participate in.
What did you do this weekend?
Let’s take this week by swarm!
🐝 The Bee’s Knees
NahamCon2023’s Bug Bounty Village with 4 workshops: Capture the Flag 101, Ethereum Smart Contract Hacking, Automation tricks for Burp Suite Pro, and Linux & Windows PrivEsc Workshop. more
The hackcompute group hacked root EPP servers to take control of zones. Their efforts in this space led to the ability to control the DNS zones of numerous ccTLDs, including .ai. more
How to perform an account takeover? A case study of 146 bug bounty reports. more
Networking Fundamentals. The ultimate video series which will teach you the core of Networking: How data flows through the Internet. more
Casey Ellis: Pioneering The Bug Bounty Platform To Empower Ethical Hackers. Casey Ellis, the founder of Bugcrowd, is interviewed by Phillip Wylie, who admires Casey’s connection to the hacker community. more
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🔥 Buzzworthy
✅ Changelog
Tool - six2dez/reconftw v2.7 highlights: Improved GH repos scan, added Mantra for JS secrets, Shellcheck compliant, and more. more
Platform - HackerOne now supports in-platform translation from over 60 languages. more
Tool - Caido v0.26.0 release introduces the Caido Assistant for Pro users. more
Tool - six2dez/reconFTW v2.7 is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. more
BBP - GitHub revamped its VIP Bug Bounty Program to include a clear and accessible criteria for receiving an invitation to the program and more. more
📅 Events
🎉 Celebrate
Renniepak listed his CVEs. Nice ones! more
Corben had 3 vulnerabilities rewarded on immunefi. Go get em! more
GitHub VIP Bug Bounty delighted Alex with a swag pack. Love to see it! more
Katie received a grant to do cool novel computing security research stuff at work. Woohoo! more
Mert finished 1st on the Bugcrowd leaderboard of May. Let’s go champ! more
💰 Career
Justin’s 30-30-30 method for a better business. 30m per week talking to customers, 30m per day figuring out how to solve them, and 30m per day writing content about it. more
Hadrian is hiring an Engineering Manager. more
Marina is looking for opportunities in Cybersecurity Awareness. more
The Pathless Path made Ali quit his career as a Doctor. Now, he shares 10 lessons that’ll make you rethink everything. more
The Pivot with Henri Beek from DataExpert: Senior Law Enforcement OSINT Trainer. He has more than 13 years of professional experience working in the Open-Source Intelligence (OSINT) space. more
⚡️ Community
Orange Tsai withdrew his DEFCON31 talk because the US continues to deny his ESTA application. He resubmitted it to EU/ASIA conferences. more
Halvar Flake is looking to preserve Warez scene release NFOs (1996-2006]. more
Lupin announces his company with his brother: Lupin & Holmes. They focus on offensive cybersecurity and social engineering. more
Alex on the stunning comic book covers in HackerOne’s yearbook. more | Yearbook
Meg shares the origin of “cybersecmeg” and her journey to trying to be just Meg going forward. more
📰 Read
Hussein challenged himself to take the number one spot of a hardened bug bounty program. 30 days later he achieved his goal through self belief, collaboration, managing emotions, and more. more
Soroush shares the ups and downs of his bug bounty journey. more
MOVEIt Transfer RCE Part Two (CVE-2023-34362). Since a public proof-of-concept has been posted, Assetnote details the steps they took to reverse the vulnerability. more
One Bug at a Time: Last 15 days of 30daysofbugbounty. Continuing where we left of in Hive Five issue 123, Gavin breaks down his finding and shares useful tips. more
Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames. more
📚 Resources
Slides from Agarri’s NahamCon talk: Automation tricks for Burp Suite Pro. more
How to delete information about yourself from various services. more
People sharing their favorite lab environment and learning platforms. more
jonkeegan/behind-this-website is a checklist for investigating the provenance and ownership of websites. more
Awesome Sec Challenges is a curated list of Awesome Security Challenges, aimed at getting beginners and experts alike, involved in upskilling their ethical hacking, pentesting, and crypto skill through online challenges. more
🎥 Watch
How to give a great conference talk. Some practical tips Lee learned to help improve your next conference talk. more
Directory Traversal - Lab #6 Validation of file extension with null byte bypass. more
IppSec takes on HackTheBox - Escape where he uses CrackMapExec to enumerate file shares among other things. more
Rami (Bugcrowd) interviews Nerdwell. Get to know Nerdwell, a 20 year long hacker veteran, educator, multiple-time MVP winner, Level 4 P1 Warrior, and Bugcrowd Ambassador. more
Louis covers how an AppSec team can create and leverage “Building Blocks” to scale their security impacts. more
🎵 Listen
Intruder Alert Ep2 - Your Printer is Spying on You, Why IoT Security Sucks, Certs vs Degrees. more
The Privacy, Security, & OSINT Show 300 - Self-Hosted 2: Offline Knowledge. This week they continue the self-hosted series with several easy options from which anyone can benefit. more
Risky Business #710 - Why your corporate VPN will get you owned. more
Smashing Security 326 - Right Royal security threats and MOVEit mayhem. There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation. more
Critical Thinking - Bug Bounty Podcast Episode 23: Hacker Loadouts. In this episode they delve into a different aspect of hardware, their personal loadouts. more
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.