🐝 Hive Five 47 – Parkinson’s Law

Hi friends,

Greetings from the hive!

I hope you had a cozy weekend. Of course, being from the Netherlands and all, I had to celebrate Sinterklaas. My mother even sent several gifts.

Productivity-wise, I want to get more out of my Apple devices. So, I will be looking into Apple Shortcuts, widgets, and focus modes.

I also ran a record amount of miles this weekend, and I'm feeling it.

What have you been up to? Let me know.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon: The way in which an attacker could compromise any domain under the “.to” TLD.

2. Craftsmanship and My Father — MacSparky: Craftsmanship means caring about what you create.

3. Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809): When assessing an attack surface, they came across an instance of Jamf Pro installed on premise. To them, when they saw this paradigm of deploying Jamf Pro to the internet and having it externally exposed, their security research team was quite curious about potential vulnerabilities that existed within it. Advisory: Jamf Pro SSRF - CVE-2021-39303 & CVE-2021-40809.

4. Hakluke - Creating the Perfect Bug Bounty Automation: Luke is addicted to building bug bounty automation. He's built a full bug bounty automation framework from the ground up 3 times now. It has become better every time, but he's still not happy.

5. Proxy Agent  —  a tool for mobile penetration testers: Earlier in March this year, they introduced Autowasp — A Burp Suite extension that integrates Burp issues logging with OWASP’s Web Security Testing Guide (WSTG) to streamline the security testing flow for penetration testers, particularly those working on web applications.

🙏🏻 Support The Hive

• Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

sponsor the hive five

🔥 Buzzworthy

✅ Changelog

1. The mystery of the missing Mac release: Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate.

📅 Events

1. Hacking bundle by No Starch Press.

2. Rust Moderation Team Resignation: This resignation is done in protest of the Core Team placing themselves unaccountable to anyone but themselves.

3. TryHackMe! Advent of Cyber - 2021 KICKOFF: 25 Days of Learning CYBERSECURITY.

4. Bugcrowd's TeamHunt2021: Inspiring to see all of the collaboration. Final results coming soon.

🎉 Celebrate

1. Philippe Harewood received their Bugcrowd prize: Congrats!

2. Mustafa and team won $50000 for their submissions. Amazing!

3. shubs's AssetNote will be posting numerous blogs. Can't wait!

4. rez0 pushed over 1k points on Bugcrowd: Nice one!

5. Vegeta received their first salary: Wonderful!

💰 Career Corner

1. Marcus's 12/1/2021 Cybersecurity Job Thread.

2. Internships in cybersecurity ft. Rahul Sasi.

3. Mock React job interview (featuring Cassidy Williams).

4. DevOps Engineer - Remote - Assetnote.

5. Canva is hiring for various roles.

📰 Articles

1. How Social Media can be Used to Gather Actionable Threat Intelligence.

2. How to use dig.

3. Arbitrary package tampering in Deno registry + Code Injection in encoding/yaml.

4. Former Ubiquiti dev charged for trying to extort his employer.

5. 10 Unknown Security Pitfalls for Python: Within Python, just like in any other programming language, there are certain features that can be misleading or misused by developers.

📚 Resources

1. awesome-kubernetes-security: A curated list of awesome Kubernetes security resources.

2. Mahmoud Workflow To Parse JS Files.

3. bheda's shares top smart contract vulnerabilities: broken down into easily digestible snippets.

4. People that are crushing it in infosec via Caleb.

5. Vickie Li AMA: They're a dev evangelist at security company @ShiftLeftInc.

🎥 Videos

1. Katie's walkthrough of day 3 TryHackMe's advent of cyber.

2. Beginners Guide for TraceLabs CTFs (OSINT for Missing People).

3. Jitsi - a privacy-conscious alternative to Zoom.

4. Hardwear.io NL 2021 - Over The Air-Tag: Shenanigans With A Keyfinder by Jiska , Fabian And Thomas.

5. Dream - The Infiltration Of The Dark Net: via Katie.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to the Hive Five to read the rest.