🐝 Hive Five 38 – The Art of Not Giving a F*ck

Hi friends,

Greetings from the hive!

I hope you are well-rested, ready to take on the new week.

I started listening to the audio version of The Subtle Art of Not Giving a F*ck book. It was suggested by someone in this thread by STÖK.

I also bought Diablo II: Resurrected and am having some fun playing that. I never really played the first version. So it's all new to me.

What did you do this weekend? Let me know on Twitter or Discord.

Let's take this week by swarm!

🐝 The Bee's Knees

1. HacktivityCon 2021 talks are available.

2. How to Create a Better Infosec Resume (with jhaddix): This episode of Live Recon was not focused so much on the guest or doing any actual recon, but instead a workshop to help people with their resume. Whether you are a bug bounty hunter, someone with some IT or hacking.

3. Training XSS Muscles: XSS is all about practice. It requires a lot of time to print in the mind all vectors, payloads and tricks at our disposal. There are lots of XSS cases, each one requiring a different approach and construct to pop the alert box.

4. Prototype Pollution: An interesting vulnerability, either it is server-side or client-side. Based on the application logic, prototype pollution leads to other vulnerabilities.

5. Chasing a Dream - Pre-authenticated Remote Code Execution in Dedecms: a technical review of Dedecms (or “Chasing a Dream” CMS as translated to English) including its attack surface and how it differs from other applications.

🙏🏻 Enjoy This Newsletter?

Share with your friends or buy me a coffee.

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

• TCM Security Academy - courses, bundles, gift certs, and access passes. Cybersecurity Training That Doesn't Break the Bank. Don't overspend on your education!

💌 Want to sponsor an issue?

🔥 Buzzworthy

✅ Changelog

1. PentesterLab: Five new videos are available in the RECON badge, RECON_16 to RECON_20.

2. Dalfox v.2.5.0 release: Improved scanning, mining, logger and output, silence mode (progress), structure of the document page, and add contents.

3. Cyber Detective added 45 new tools to OSINT collection: Now there are 550 of them (22 categories, 38 subcategories).

4. Bugcrowd platform behavior standards: These straightforward company standards define not only the platform operating principles but also the culture at Bugcrowd.

5. jwt-hack 1.1.0 released: Improved the functionality of jku x5u payload (custom trust, attack url can be use) * Support M1 Macbook.

📅 Events

1. BSides Ahmedabad 0x02 CFP is open: Share your dexterity with infosec community. CFP ends: 24 Oct, 2021.

2. reconFTW is hacktoberfest friendly: Help them to improve the tool and get awesome swag thanks to digitalocean and feel free to contribute any other open source project during the month.

3. shubs will talk at Jamf's conference: about "Avoiding blindspots securing your infrastructure" on October 22nd 10:30AM Pacific Time.