🐝 Hive Five 74 – Emulating Reality, Linking Your Thinking, and Data Engineers

Hi friends,

Greetings from the hive!

I hope you had a good weekend. We went to visit a Safari park and had a grand time.

Last week, I saw Swyx mentioning the lack of data engineers. Not knowing what a data engineer exactly is, I went down the rabbit hole. It looks interesting! So, if you see any data engineering resources below, now you know why!

Let's take this week by swarm!

🐝 The Bee's Knees

1. Self XSS we’re not so different you and I - Mathias Karlsson - Security Fest 2017: Self-XSS is a type of XSS defined by the fact that it only affects the currently authenticated user. Harmless at first sight, but with the right premises Self-XSS is just as dangerous as good old regular XSS.

2. Bug Bounty 101 #21 - Hacking Pinterest for Two Weeks: In this video, Z-Wink goes over his high level process and methodology for looking at the public Pinterest bug bounty program over the last two weeks. It takes a good bit of organization to keep 2-3 lists of object IDs grouped together and keep track of which URLs have and have not been tested among.

3. Awesome iOS Security: A collection of awesome tools, books, courses, blog posts, and cool stuff about iOS Application Security and Penetration Testing.

4. Photorealism — Emulating Reality: First of all, yes, with DALL·E you can achieve stunning photorealistic images. But the question is: what do you mean by this term? “Photorealism”. Our perception is oversaturated by the media. Our expectations might embrace “the same quality as in real life”.

5. Linking Your Thinking conference: 15 hour long sessions on all aspects of note-making, productivity, and general sensemaking.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition.

You can also follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. Burp Suite project file parser v1.0: "A Burp Suite Extension for parsing Project Files from the CLI."

2. metabigor v1.12.1: Intelligence tool but without API key.

3. Meg v0.3.0: Adds go.mod, go.sum, fixed release script.

4. Bugcrowd's Researcher Submission Templates: They’re designed to improve your submission time, improve your reports and improve your experience on the Bugcrowd platform.

5. reconftw v2.3.1: Download fresh resolvers before DNS resolution, Terraform deployment fixes, Enhancements on subdomains recursive search, and more.

🎉 Celebrate

1. Richard shouting out NahamSec, Jhaddix, and STÖK: Yes!

2. Cyber Kitten started her fitness journey: Let's go!

3. Johan's first disclosure to reach 100 upvotes: Awesome work!

4. Shrirang Kahale got a new keyboard: Looking good!

5. Bugcrowd Engineering website launch: Nice one!

💰 Career Corner

1. Kelly wants to help recently laid off software engineers: "I opened up some time on my calendar for 15-minute sessions to either review your resume or offer interviewing advice on Monday, Wednesday, and Friday from 12-1 PM ET."

2. Data Engineering Road Map - How To Learn Data Engineering Quickly( By A FAANG Data Engineer).

3. Why ThePrimeagen Quit Netflix.

4. The Arc of the Practical Creator: Regardless of which stage you’re in, understand that there is no easier or harder. There is just challenge.

⚡️ From the Community

1. Tips on what to do in Denver Colorado via pry0cc.

2. What is your dream location to work from? via Katie.

3. d0nut is in a solid mood: "This has been a very stressful week and while I'm still incredibly busy, today just went really really well. Lots of things I was hoping for happened, and other good things continued as a result. In a solid mood for sure :)"

4. Jason was able to get together with like-minded people and reconnect.

5. Ayoub sharing a story of a customer turned hacker.

📰 Articles

1. Just Turn Work Off, Literally: The importance of time management and life balance.

2. Dockerizing A Web Testing Environment - Part 3: In the previous posts, part 1 and part 2, for this blog series they created an environment where we can test directory enumeration tools and adjust rate limiting.

3. Critical SSRF on Evernote: "The first day hunting on evernote I didn't find anything juicy after 2 hours so I stopped. [...]"

📚 Resources

1. Code review resources via pry0cc.

2. How to reverse engineer and patch an iOS application for beginners.

3. Data engineering wiki: The best place to learn data engineering. Built and maintained by the data engineering community.

4. Awesome-RedTeam-Cheat-sheet: Active Directory & Red-Team Cheat-Sheet in constant expansion.

5. Security Study Plan: A Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on with free/paid resources, tools and concepts to excel.

🎥 Videos

1. Ippsec walking through HackTheBox - Meta.

2. Bug Bounty 101 #22 - Testing File Upload Dialogues: In this bug bounty video, Z-wink explains the basics of testing file upload dialogues in a 3-step process broken down into filename/extension, content type, and content body.

3. LiveOverflow's Minecraft Hacked Series - Illegal Minecraft Adventures?

4. Top Ten Security Tips for APIs: APIs are being attacked by bots all the time, being abused all over the internet.

5. Command Injection - Lab #1 OS command injection, simple case | Long Version: In this video, Rana covers Lab #1 in the Command Injection module of the Web Security Academy.

🎵 Audio

1. The Privacy, Security, & OSINT Show #265 - HP Dev One with Pop!_OS: This week they get their hands on the new HP Dev One with Pop!_OS pre-installed and offer a full review.

2. Smashing Security #278 - Tim Hortons, avoiding sanctions, and good faith security research.

3. Malicious Life Hackers vs. Spies - The Stratfor Leaks, Pt. 1: George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker.

4. The Knowledge Project with Shane Parrish #88 Derek Sivers - Innovation Versus Imitation: Musician, speaker, writer and entrepreneur, Derek Sivers chats about creating and running CD Baby, reading, mental models, living a meaningful life and that biggest mistake he’s ever made.

5. Focused Mental Models: David & Mike share some of their favorite mental models and how to use them for better sensemaking.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.