🐝 Hive Five 81 – Self-Learning Reverse Engineering in 2022, Hacker Summer Camp, and Interstitial Journaling

Hi friends,

Greetings from the hive!

I hope you had a good week and a wonderful weekend. I finally set up this monitor arm I've had for quite a while. I was holding off until I was going to purchase a new monitor but deemed that unnecessary.

This weekend I learned about interstitial journaling. It combines note-taking, to-dos, and time tracking. Before, I never used timestamps in notes I took throughout the day. So I think this might be an excellent way to approach things.

Did you learn anything new this past week?

Let's take this week by swarm!

🐝 The Bee's Knees

1. Self-Learning Reverse Engineering in 2022: There are some awesome tools nowadays to accelerate your self-education for reverse engineering. godbolt and dogbolt are amazing to quickly learn basic assembly and reversing.

2. Online No One Knows Youre Dead - ShmooCon 2016: Most hackers have a massive digital footprint: social media, servers at co-location sites, servers at home, overly-complicated IT infrastructure, and various other IT gear connected in crazy ways. What happens when one of us suddenly dies? How do our loved ones pick up the pieces.

3. Hacking Together an ASM Platform Using ProjectDiscovery Tools: I leaked the tools before the release of this article. Sorry! In this article, they’re going to walk through hacking together a simple attack surface monitoring platform by using ProjectDiscovery tools, bash, and, flask. They will also be using MongoDB & Redis for scan data and scan queues.

4. seclilc Talks About Hacking, Recon and Breaking Into Cybersecurity: Lilly has one of the most amazing stories about how she has broken into cybersecurity and what she did to get her first pentest job.

5. Operational, Digital, and Personal Preventative Self-Care at hackersummersamp - "New Normalish" Edition: CJE usually writes a piece for first-timers and newbies on how to get the most out of Hacker Summer Camp and how to stay safe digitally and physically. This tradition began in the early days of Bugcrowd, when DEF CON was part of new-hire induction.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition.

You can also follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. interactsh web client update: There's now a notification panel that lets you directly post the interaction information to supported platforms.

2. waymore v1.6: You can now run a docker version of 𝘄𝗮𝘆𝗺𝗼𝗿𝗲 thanks to @wellpunk, and more.

3. One List For All v2.4.1.1: Rockyou for web fuzzing.

📅 Events

1. The Diana Initiative - BiaSciLab Beginning Soldering - Hands on Workshop: This class teaches you the basics of soldering as you build the BiaSciLab Fluffy McGlitter Sparkle badge! This class is open to up to 20 people on a first come first serve basis - no fee! Aug 11 2-3pm.

2. Jason's Hacker Summer Camp calendar and guide.

3. RedTeamVillage DEFCON keynote lineup.

4. Miscreants are dropping a whole collection at DC30.

5. Cyber Kitten is doing a giveaway.

🎉 Celebrate

1. Sharing the MCH2022CTF sentiment towards all volunteers: Thank you!

2. Watching dee___see work is amazing: Yes!

3. nikhil is speaking at synack's booth at BlackHat: Exciting!

4. Katie's home office is finished: Let's go!

5. d0nut reflecting where he was and where he's at now: Love it!

💰 Career Corner

1. Marcus J. Carey 7/28/2022 Cybersecurity Job Thread.

2. Sahil Bloom on 10 common questions to nail your next interview.

3. Zain Kahn on 11 soft skills to accelerate your career.

⚡️ From the Community

1. dawgyg is busy with Live Hacking Events: "im going to start on the programs for the bash tomorrow. spent the last 2 weeks on h1-702, now need to do the bug bash"

2. Nagli's setup is ready for Bugcrowd's bug bash events.

3. Michael is looking foward to DEFCON: "[..] Hopefully I'll be able to meet some people from this great community."

4. Candace will be opening up a scholarship for 5 Sec+ exams: They co-run a Discord server called SecurityNewbs.

5. Geekboy will be in Vegas for DEFCON: "If you're interested in security, automation and opensource or like what we're doing at @pdiscoveryio and have feedback, discussion, or insights to share, don't hesitate to reach out."

📰 Articles

1. Exploiting GitHub Actions on open source projects: GitHub Actions is a commonly used CI/CD pipeline for automated testing and deployment. While Actions make it easier to test and deploy, it also adds security risks to the project and its subsequent infrastructure if misconfigured.

2. Want to start hacking? Here's how to quickly dive in: Johan Carlsson started part-time hacking in May 2021 and is already number 7 on GitLab's HackerOne Top 10 list.

3. Automata - A General-Purpose Automation Platform: In this post, CaptainFreak summarizes how they ended up building Automata. A platform to easily create and run arbitrary and powerful workflows that during their executions, can also store data as well as invoke alerts.

4. How to write excellent reports, techniques that save Triager’s time, and mistakes that should be avoided in reports.

5. Orchestrating deployment of myexploit2600's hacklab with Ansible and Vagrant REDUX.

📚 Resources

1. secfiles: edoardottt's files for security assessments, bug bounty and more.

2. Best infosec (adjacent) books via Katie.

3. safe-harbour: security.txt collection of most popular world-wide domains.

4. Ffuf the web - automatable web attack techniques.

5. Katie's live tweet thread of H1-702.

🎥 Videos

1. Ippsec walking through HackTheBox - Late.

2. May Contain Hackers 2022 - World's Largest Hackercamp: It's held every 4 years, this time it was near Amsterdam.

3. Hacking WORDLE ?! x64 "pwn" Binary Exploitation - RET2 WarGames Platform.

4. 2022-style OAuth account takeover on Facebook - $45,000 bug bounty.

🎵 Audio

1. Upbeat Study Music for Concentration - Peak Focus Isochronic Tones.

2. The Privacy, Security, & OSINT Show #272 - Processor Attacks Explained: This week Paul Asadoorian joins the pod to explain vulnerabilities within computer processors with potential solutions.

3. Smashing Security #285 - Uber's hidden hack, tips for travel, and AI accent fixes: Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial intelligence.

4. Darknet Diaries EP 121 - Ed: In this episode we hear some penetration test stories from Ed Skoudis.

5. Malicious Life - Silk Road: The Amazon of drugs, Part 2.

Get $100 to try DigitalOcean - The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Subscribe to Premium to read the rest.