🐝 Hive Five 42 – Man's search for meaning

Hi friends,

Greetings from the hive! I hope you had a wonderful weekend. On Friday, I watched day 1 of vimconf and thoroughly enjoyed it.

Meanwhile, I'm writing this on Saturday while watching the UFC. I'm still improving my processes, and starting to work on the newsletter on Saturday is one of them.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Vimconf: Connecting the vim community to share their love and passion for all things vim! Hosted by ThePrimeagen and TJ DeVries. One of the talks that stood out to me was Abbreviate Everything: Lessons from a Stenographer.

2. How to start reviewing code?: Too often, savvy code reviewers recommend to get started into code review by “Just reading code” and that is indeed the best way to get started.

3. GitLab CE CVE-2021-22205 in the wild: A few months ago one of their customers found two suspicious user accounts with admin rights on its Internet-exposed GitLab CE server, and asked them to investigate what it looked like a security incident.

4. Trojan Source - Invisible Vulnerabilities: a paper describing cool new tricks for crafting targeted vulnerabilities that are invisible to human code reviewers.

5. Texas Cyber 2021 videos: The Texas Cyber Summit is one of the largest practitioner led and operated deeply technical conferences that take place in October, Cyber-awareness Month.

🙏🏻 Enjoy This Newsletter?

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

💌 Want to sponsor an issue?

🔥 Buzzworthy

✅ Changelog

1. Caido: After months of work, they're launching their first beta.

2. Improvements to Burp Suite authenticated scanning: Burp Suite's authenticated scanning feature enables users to scan privileged areas of target web applications even when a complex login sequence is required.

3. Six2dez's reconFTW v2.1.2 release: fixes and stability improvements.

4. PortSwigger new lab - Response queue poisoning: a powerful form of request smuggling attack that causes a front-end server to start mapping responses from the back-end to the wrong requests.

📅 Events

1. TCM Security Mobile App Pentesting course: drops on Monday.

2. BSides Ahmedabad CTF registration has opened: Time for you to register and get prepared for the craziest CTF of the year.

3. PwnFunction's TheHackerCamp sneak peak.

4. Bugcrowd TeamHunt2021 event: May the best team win.

🎉 Celebrate

1. Nagli reached 7k rep on HackerOne: Let's go!

2. Samuel got their OSWE: Congrats!

3. ca$s:e cage is now Manager of Security Compliance & Assurance: Awesome!

💰 Career Corner

1. hakluke is looking for a technical writer: with a good grasp on cybersecurity.

2. Application Security Engineer with ManoMano: Help them build and mature their application security.

3. Seasoned Systems/Network Administrator: Are you in IT looking to move into infosec?

4. How Social Media Can Land You Your Dream Job: Have you ever wanted to know how to find a job without using a recruiter?

5. Sr. Cloud Penetration Tester - Rhino Security Labs Inc.

📰 Articles

1. Creativity, Self-Doubt & Doing Remarkable Work: If you work in a creative field such as fine art, programming or music - you likely got into it after seeing something interesting from that field.

2. Unicode Mapping on Domain names: Browsers support internationalized domains, but some Unicode characters are converted into English letters and symbols.

3. Writing about OSINT daily – interview with Cyber Detective.

4. How to Start Bug Bounties 101 & How to Make a Million in 4 Years: Firstly, they let you know that many roads lead to Rome. Every person has their own personality, characteristics, specialties and qualifications so this criteria could differ from one to another.

📚 Resources

1. List of bug bounty programs of companies/organizations in Switzerland: This website is an attempt to list open bug bounty and coordinated vulnerability disclosure programs in Switzerland.

2. Research Threats - Legal Threats Against Security Researchers: An ongoing collection of legal threats made against Security Researchers: over-reactions, demands, and cease & desist letters against good faith research.

3. 2021 CWE Most Important Hardware Weaknesses: the first of its kind and the result of collaboration within the Hardware CWE Special Interest Group (SIG), a community forum for individuals representing organizations within hardware design, manufacturing, research, and security domains, as well as academia and government.

🎥 Videos

1. Hack The Box Hacking Battlegrounds Streamed Tournament #2 - Commentated by IppSec and John Hammond.

2. Design Flaw in Security Product - ALLES! CTF 2021: In this video you are exploring a theoretical security product that automagically encrypts user data securely.

3. Shodan vs BinaryEdge: There has to be 1 crowned the best Internet Scanning service. In this video they go over their own personal rating of Binary Edge and Shodan.

4. Episode 1 - Hack Talk with Rodolfo Assis (aka Brute Logic): Hack Talk series will connect with top hackers or bug bounty hunters to understand their perspective of bug hunting and tips.

🎵 Audio

1. Syntax - A Podcast on Running a Podcast: In this episode of Syntax, Scott and Wes talk about running a podcast — recording, sponsoring, where to start, and more.

2. Security Nation - Jack Cable on Ransomwhere: In this episode of Security Nation, Jen and Tod chat with Jack Cable, security architect at the Krebs Stamos Group, about Ransomwhere, a crowdsourced ransomware payment tracker.

3. NIA Ep 20 - Behind Tom Osman's 1.3mil Ether Rock Flip, Discord vs Slack, Tokenized Communities + Web 3: Tom Osman recently made headlines by flipping an Ether Rock NFT for 400 ETH (1.3mil at the time of sale) after buying it for only 1.7 ETH ($5,340) 19 days before.

4. Victor E. Frankl - Man's search for meaning: A book for finding purpose and strength in times of great despair, the international best-seller is still just as relevant today as when it was first published.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.