🐝 Hive Five #22 – Meritocracy, Methodology, and Managing

Hi friends,

Greetings from the hive!

I hope you had an awesome weekend. It was a hot one over here, so my morning runs were sweatier than usual.

I made some progress with my productivity system — Cleaned up my Obsidian workflow and am in the process of setting good habits in place.

Oh, I also received my second Covid shot. LFG!

Let's take this week by swarm!

🐝 The Bee's Knees

1. Hacker Culture Meritocracy?: Is hacking a meritocracy? Who is not good enough? Successful people are the most skilled? Am I just jealous?

2. How to manage projects, tasks, people, and yourself using the Obsidian app with Francisco Bricio: If you're wondering how to manage projects, tasks, teams and yourself using the Obsidian app, prepare to receive great value from this presentation.

3. GitHub's new policies allow removal of PoC exploits used in attacks: GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service.

4. Finding 0day to hack Apple: They started hacking on Apple after the infamous blog post by Sam, et al. The goal was to focus on critical findings such as PII exposure or getting access to Apple's servers/internal network. These are the types of bugs we thought Apple would be most interested in.

5. Simplifying the development of your own one-shot extensions: First, a warning, Nicolas doesn't recommend writing custom extensions every now and then. It's much more efficient to master a few highly-configurable ones, like Logger++ or Hackvertor.

🙏🏻 Enjoy This Newsletter?

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

💌 Want to sponsor an issue?

🔥 Buzzworthy

✅ Changelog

1. Corben Leo added concurrency to gau: Tired of waiting for gau to run on a bunch of domains? Corben is too.

2. bee-san/pyWhat - Release Filters for CLI + APi, with new regex: Filtration support (#62) @piatrashkakanstantinass - This is the big one!

3. 0x00sec has a new FAQ: Recently, there has been a large influx of new forum threads consisting of trivial questions that have either been answered multiple times on the forum or on our Discord.

📅 Events

1. Black Hat - Reverse Engineering the M1: The talk will cover interesting quirks of Apple ARM architecture variant, such as memory access issues (and how to recognize them) and the novel AMX vector instruction set.

🎉 Celebrate

1. Sam Curry jokingly added a blind XSS payload to his Google Nest: It actually fired on their admin panel and he got rewarded through their VDP. Nice one!

2. Dave Kennedy successfully transplanted bees: He now has happy bees that are getting plenty of food and water. Love it!

3. rez0 helped Regala set up axiom using ffuf: and he found a crit the next day. Wow!

4. Vegeta got rewarded for their first bug: After lots of hard-work, consistency and patience. Awesome!

5. renniepak's: second CVE just got published - CVE-2021-24368. Yay!

💰 Jobs

1. Starting a new job? write a letter to yourself that is your retention plan: Know what you require to stay and thrive, don't accept anything less or people will choose for you.

2. Things your manager might not know: When people talk about “managing up”, sometimes it’s framed as a bad thing – massaging the ego of people in charge so that they treat you well. In my experience, managing up is usually a lot more practical.

📰 Articles

1. BugBountyHunter.com re-opened membership: Btw, zseano's sought-after methodology is now available for free.

2. What TryHackMe rooms should you do? A free guide for beginners.

3. A Cyber Threat Intelligence Self-Study Plan: Part 1: There are many ways to learn. While some people prefer to have a live instructor in a course, others are great at doing self-study.

4. Introducing Security By Design: Integrating security into your app development lifecycle can save a lot of time, money, and risk.

5. OSEP & PEN-300 Course Review.

📚 Resources

1. PenTester_Nepal asks who inspired your infosec journey thread.

2. Collection of HolyBugx's favorite Bug Bounty Resources.

3. indianajson/can-i-take-over-dns: Inspired by the increasingly popular Can I Take Over XYZ? This project is uniquely oriented towards DNS takeovers.

4. GitHub Advisory Database.

5. Kubernetes Goat: The Kubernetes Goat designed to be intentionally vulnerable cluster environment to learn and practice Kubernetes security.

🎥 Videos

1. OSCP Prep v10: FINAL VIDEO: 3 medium-level OSCP-Similar HTB Machines in 20 minutes.

2. interview with h13- #1 bug bounty hunter on Shopify | methodology, mistakes, tips & more....

3. How this website hides its code.: In this episode we'll explore the world of HTTP and CSS to hide some code.

4. How to easily search through Hackerone reports? : The extension name, Instant Data Scraper.

5. Writing the best MapleStory cheats in the world: We go through the history of them hacking of MapleStory, and describe some of their amazing cheats.

🎵 Audio

• STÖK presents AFTERWORK // SESSIONS: Epic live sets by STÖK, Anderiket, and Callas - join the Discord

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.