🐝 Hive Five #35 – Just do it

Hi friends,

Greetings from the hive!

I hope you had an awesome weekend! I went on some nice morning walks and talked to my family over the phone.

I've also been having fun using the dataview plugin for Obsidian. Check it out if you haven't already!

What did you do this weekend?

Let's take this week by swarm!

🐝 The Bee's Knees

1. OWASP Top 10 2021 DRAFT is out: Now available for peer review, comment, translation, and suggestions for improvements.

2. Mass assignment and learning new things.

3. How to learn anything in Computer Science or Cybersecurity | Security Simplified: This time on Security Simplified, let's talk about one of the most important skills you need in order to succeed in both computer science and cybersecurity: How to effectively teach yourself new things.

4. Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling.

5. Zoltán Balázs - Ethereum Smart Contract Hacking Explained like I’m Five.

🙏🏻 Enjoy This Newsletter?

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

💌 Want to sponsor an issue?

🔥 Buzzworthy

📅 Events

1. Detectify Lisp to HTML Converter: Take a shot at working on LISP! TomNomNom has created a very cool CTF about it.

2. THREAT CON 2021 - Happening Virtually: THREAT CON 2021 - Virtual Edition.

3. HacktivityCon: a HackerOne hosted hacker conference built by the community for the community on September 18, 2021.

🎉 Celebrate

1. shenetworks reached 100k: Congrats!

2. SecurityTrails announces Recon Master winners: Woohoo!

3. hakluke is now an AWS Certified Cloud Practitioner: Let's go!

4. John Jackson persevered: Awesome!

5. mert got their biggest reward ever: Amazing!

💰 Career Corner

1. Corey Quinn on taking an offer: So an anonymous Twitter person DM'd me this morning with a scenario...

2. IncredInComp is looking for a job: "Hi everyone! Im looking for a new job and would appreciate any assists. I would like to work somewhere where I can spend all my time on infosec stuff, since thats where my passion is. Analyst, engineer, penetration tester, incident response (these last two are what I really want)".

3. casey has interview advice for people getting into tech.

4. Getting Your First job in OSINT: People often ask me how I have managed to find OSINT work, since I tend to find myself giving the same advice most of the time, I felt it might be a good idea to put most of this information down for you guys to read and for those of you who want to know but are perhaps afraid to ask.

5. StateFarm Penetration Tester in Multiple Locations.

📰 Articles

1. Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.: Security researchers say Apple's bug bounty program is undermined by Apple's insular culture, confusion about payments, and long delays in fixing bugs.

2. An analysis on developer-security researcher interactions in the vulnerability disclosure process: This blog post is a special report providing insights into developers’ interactions with security researchers through the vulnerability disclosure process and their views and perspectives on the security research community.

3. Restricting Docker Access With a Reverse Proxy: One of the things that comes up a lot with Docker security is that, by default, the authorization model is all or nothing.

4. How I found my first AEM related bug.

5. Infosec Bugbounty AMA with MorningStar.

📚 Resources

1. Top 5 OSINT Sources for Penetration Testing and Bug Bounties.

2. Clint Gibler tech and security visualizations.

3. Renganathan Blind XSS thread.

4. MorningStar asks how you manage bug bounty data.

5. Sin's IP Addresses OSINT methodology.

🎥 Videos

1. Matthew Bryant (IamMandatory) Talks About Doing Research, Blind XSS, Creating XSSHunter, and more: Blind XSS and XSSHunter are both very popular amongst bug bounty hunters.

2. How Ethereum Smart Contract Hacking Looks Like: In this video you can see them working over 10h on hacking an Ethereum smart contract.

3. Adding infinite funds to your Steam wallet - $7,500 bug bounty report: This video is an explanation of $7,500 vulnerability reported to Valve bug bounty program.

4. LiveStream - Avinash Jain - Journey To Security Engineer Microsoft.

5. "Automation Is Going To Play Huge Role" with kapytein (Hacker Heroes #13).

🎵 Audio

1. The Privacy, Security, & OSINT Show: 226-Personal Ransomware Exposure.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.