🐝 Hive Five 164 - Craftsmanship is timeless

Hi friends,

Greetings from the hive!

Toriyama, the creator of Dragon Ball Z, passed away last week. The first time I saw DBZ was in the 90s while vacationing in France. Even though my brother and I didn't speak the language, we were instantly hooked.

What stood out was the craftsmanship. Even Masashi Kishimoto, the creator of Naruto, considered Toriyama his sensei and an inspiration.

I witnessed another form of craftsmanship during my plane ride last week as I watched "Jiro Dreams of Sushi."

The dedication, mystery, and eye for detail were awe-inspiring.

Let's take this week by swarm!

🐝 The Bee's Knees

1. In this comprehensive guide, Reza delves into the world of iOS security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise iOS devices and infiltrate their sensitive data. HASHNODE

2. How to Become a Wikipedian in 30 minutes. Have you ever thought about getting started editing Wikipedia, but then decided not to because you were just overwhelmed by the number of policies it felt like you needed to understand? MOLLYWHITE

3. Hunting for Fortinet CVE-2024-21762: Vulnerability Research for Detection Engineering. Knowing both the affected and patched versions is going to mean a patch diff, but with Fortinet being proprietary software, finding these versions and decrypting them is going to be the first battle… GREYNOISE

4. How to use Trello as a versatile yearly planner by splitting the year in calendar weeks, yearly and quarterly goals, and leveraging fixed categories. YOUTUBE

5. This Chrome extension intermittently checks your installed extensions to see if the developer information listed on the Chrome Web Store has changed. If anything is different, the extension icon will display a red badge, alerting you to the change. GITHUB

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

🍯 Last week on the Hive

🔥 Buzzworthy

✅ Changelog

1. Waymore v3.3 added a Discord notification webhook. GITHUB

2. xnLinkFinder v5.1 refines error messages regarding connection issues and ensuring removal of trailing slashes from scope prefixes to avoid double slashes in output links. GITHUB

3. Fabric v1.1.3 contains multiple enhancements for additional models and easier installation process. GITHUB

4. Noir v0.13.0 added a Lightweight LexerParser for analyzing the syntax of source code to enable better analysis, and more. GITHUB

5. A new addition to PortSwigger's XSS cheat sheet by h4nsmach1ne using onformdata. TWITTER

📅 News

1. HackerOne is kicking off their next Live Hacking event in April. It takes place in Singapore. TWITTER

2. NahamSec et al are hosting a web app and recon hacking training with HackingHub at Hack Space Con. TWITTER

3. Google announced its March 2024 core update and new spam policies. This is designed to improve the quality of Search by showing less content that feels like it was made to attract clicks, and more content that people find useful. GOOGLE

4. Cloudflare announces Firewall for AI. It's an advanced Web Application Firewall (WAF) specifically tailored for applications using LLMs. CLOUDFLARE

🎉 Celebrate

1. Ebrietas earned nearly $150k on Bugcrowd's T-Mobile program. Wow! TWITTER

2. Ben and Justin both join Caido as advisors. Exciting! TWITTER

3. Meg completed her first-ever unassisted pull up. Let's fucking go! TWITTER

4. Ian signed a job offer. Well deserved! TWITTER

5. After over 5 years of bug bounty and filing almost 2000 reports, Douglas achieved the Insecticide bug for 500 reports closed as resolved. TWITTER

💰 Career

1. x1m is hiring a Senior Infrastructure Pentester in the Netherlands. TWITTER

2. In this episode of Day in My Tech Life step into the world of a Data Scientist who previously worked in Tech Sales with Indiana. YOUTUBE

3. GreyNoise Intelligence is seeking a Deception Engineer to join their team. In this role, you will architect and create hyperrealistic decoys and sensors across their global sensor network to expand and improve threat detection to enrich cyber threat intelligence data. GREENHOUSE

4. Roasting based on the role that you're applying for, e.g. design. TWITTER

5. Never work for free, but not all compensation is monetary, e.g. think of portfolio pieces, recommendations/endorsements, and access. TWITTER

⚡️ Community

1. Mason enjoys how smooth Caido is, and says it's tough to justify another year of a Burp Suite Pro license. TWITTER

2. Birb shares why they left the Hack The Box community. TWITTER

3. While STÖK enjoys Caido and the community's attention, he's still happy with Burp. TWITTER

4. d0nut is in love with Caido's workflows. TWITTER

5. Jswzl is hopeful that there'll be a plugin for Caido soon. TWITTER

📰 Read

1. Corben on an attack surface being larger than you'd expect. He explains how to find network misconfigurations and publicly accessible internal assets. TWITTER

2. Using form hijacking to bypass CSP. The idea is you have a HTML injection vulnerability that is protected by CSP. PORTSWIGGER

3. A Technical Deep Dive: Comparing Anti-Cheat Bypass and EDR Bypass. WHITEKNIGHTLABS

4. Key tools and approaches for using AI in OSINT and investigations. SUBSTACK

💡 Tips

1. Paul hits us with another one-line leveraging subfinder, dnsx, httpx, and katana. TWITTER

2. Justin shares a CSS injection tip: "CSS import statement don't have to be at the top of a style sheet, if the CSS injection sink is insertRule." TWITTER

3. TIL that CyberChef is developed by the UK's intelligence, security and cyber agency. Also, version 10 just dropped. TWITTER

4. When directory brute-forcing, never filter based on status code, says Corben. TWITTER

5. Corben on directory brute-forcing based on framework, using different HTTP methods. TWITTER

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @ShawarkOFFICIAL | Shawar Khan | Just a guy who breaks into web like a .357 bullet. Security Researcher | Red Team Member at @synackredteam | Synack Acropolis | Acknowledged by Top Tech Giants.

2. @CyberSecRicki | The Infosec recruiter - Ricki Burke | Champion for neurodiversity. Founder of CyberSec People. Host of Hacking into Security podcast. Co-organiser of SecTalks_GC and @BSidesGC.

3. @bitquark | bitquark.

4. @kyliestew | Kylie Czajkowski | growth engineering manager @vercel • ambassador @notionhq • avid hiker • fan of dogs, mountains, javascript, open source • she/her.

5. @turakbusra | Busra | Cyber Security | OSCP | Bug Hunter | Researcher @SynackRedTeam.

🚀 Productivity

1. Projectable is a highly configurable TUI project manager. You can do everything your project needs from a comfortable and smooth interface. GITHUB

2. Plumber is a no-code solution that helps public officers automate their repetitive tasks and eliminate human error, so they can focus on their more important work. It supports a growing list of both government and commercial apps and services. GITHUB

3. How to take notes when you suck at it. In this episode of the Bug Bounty course, Katie talks about the importance of developing a personal note-taking system that supports both hacking and learning. YOUTUBE

4. Chris Titus shows off his new desktop featuring Wayland, Hyprland, and Systemdboot. YOUTUBE

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. Puter is an advanced open-source desktop environment in the browser, designed to be feature-rich, exceptionally fast, and highly extensible. GITHUB

2. xh is a friendly and fast tool for sending HTTP requests. It reimplements as much as possible of HTTPie's excellent design, with a focus on improved performance. GITHUB

3. termbot is a CLI tool for interacting with GPT, analyze local files, and more. GITHUB

4. Download tipsheets and audio recordings from sessions at the 2024 NICAR data journalism conference. IRE

5. Swyx says that every AI engineer should be building their own therapist using voice. TWITTER

🧠 Wisdom

1. Bashbunni shares things you can do instead of doomscrolling on your phone, such as playing board games and having a cooking party. TWITTER

2. TIL about Rejection Therapy - where you confront rejection until it no longer evokes a fear response and normalizes it instead. TWITTER

3. Mark Manson on critics: "If you wouldn't ask them for advice, then fuck their criticism." TWITTER

4. How Derek Sivers suggests you learn JavaScript: learn plain JavaScript, make it stick, and avoid shortcuts. SIVE

5. Underrated Open-Source Projects that deserve more recognition according to HN. One example from the comments is Bruno, an alternative to postman, that's fully local and syncs to git easily. YCOMBINATOR

💛 Cross-pollination

1. Why children need risk, fear, and excitement in play — This was something that was definitely more prevalent and normalized in the 90s. AFTERBABEL

2. CM–15 is a tiny studio microphone with a large-diaphragm capsule and groundbreaking features. It's the latest addition to Teenage Engineerings field system, a versatile studio quality, ultra-portable microphone that comes with a built-in professional usb-c audio interface with built-in preamp. TEENAGE

3. The Case Against Caffeine—Reduce anxiety, improve sleep, and effects on productivity. SUBSTACK

4. Before Macintosh: The Apple Lisa. This is a documentary that explores the history, technology, people, stories and industry influence of this lesser-known personal computer. VIMEO

5. Discover Open-Source Alternatives to Popular Software. OPENALTERNATIVE

💭 Quote

Subscribe to Premium to read the rest.