• Hive Five
  • Posts
  • ๐Ÿ Hive Five 46 - Melliferous

๐Ÿ Hive Five 46 - Melliferous

Author

Bee
November 28, 2021

Hi friends,

Greetings from the hive!

Iโ€™m thankful for all of the wonderful people Iโ€™ve met on my journey so far.

After further researching stoicism, I discovered the Latin phrase amor fati, translated as โ€œlove of fateโ€.

Iโ€™ll be adopting this mindset from now on, and when something unfortunate happens, Iโ€™ll embrace it and say thanks instead.

What are you thankful for?

Let's take this week by swarm!

๐Ÿ The Bee's Knees

  1. Monitor trending CVEs: Data comes from Twitter + NIST NVD APIs - back-end: Python, Flask, PostgreSQL, and Redis - front-end: React + Bootstrap.

  2. $16k Stealing secrets.yaml from GitLab using stored XSS - Hackerone bug bounty: This video is an explanation of a bug bounty report submitted to GitLab bug bounty program via Hackerone by William Bowling.

  3. Wordpress Plugin Update Confusion - The full guide how to scan and mitigate the next big Supply Chain Attack: A couple of month ago while browsing twitter on a weekend Nagli stubmled upon a rather interesting post from @vavkamil.

  4. Finding XSS on .apple.com and building a proof of concept to leak your PII information: Back in February of this year zseano hacked with members of BugBountyHunter.com on a public bug bounty program and we chose Apple as our target.

  5. Enzyme Finance Price Oracle Manipulation Bug Fix Postmortem: In 2020 and at the beginning of 2021, one of the worst phrases you could hear either as a DeFi security researcher or developer was, โ€œProject X was hacked due to Price Oracle manipulation using flashloans.

๐Ÿ™๐Ÿป Enjoy This Newsletter?

๐Ÿ”ฅ Buzzworthy

โœ… Changelog

๐Ÿ“… Events

Subscribe to keep reading

This content is free, but you must be subscribed to Hive Five to continue reading.

Already a subscriber?Sign In.Not now