🐝 Hive Five 82 – Must-watch talks at DEFCON, how to become an expert, and how to ask and get a yes

Hi friends,

Greetings from the hive!

I hope you had a good weekend. If I seem more absent on social media lately, my personal life has been turbulent. Nothing bad, just busy.

Also, I will be at DEFCON, so hit me up if you're going too! I'd love to meet up. This also means that there'll be no edition next week.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Tom Anthony - Fuzzing XSS Sanitizers for Fun and Profit (talk).

2. Bugcrowd will be hosting two Bug Bash events in Vegas at Hacker Summer Camp: After months of hard work and late nights, Bugcrowd is stoked to announce it'll be hosting two Bug Bash events in Vegas at Hacker Summer Camp!

3. LiveOverflow on how to become an expert: "In order to learn you have to be practicing at the edge of your ability, pushing beyond your comfort zone. You have to use a lot of concentration and methodically repeatedly attempt things you aren't good at." Source: The 4 things it takes to be an expert.

4. Must-watch talks at DEFCON via CJE.

5. Snyff Talks About Hacking, Learning and Creating PentesterLab.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition.

You can also follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. renniepak wants to get more experience with deep diving.

2. hakluke on making his own schedule: "I've been doing this for about 11 weeks now. [...]"

3. SecLists 2022.3: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.

📅 Events

1. The Diana Initiative - August 10-11, 2022: In-Person at The Westin Las Vegas Hotel & Spa.

2. DEF CON 30 - August 11-14.

🎉 Celebrate

1. sw33tLie's Vegas LHE dream came to reality: Let's go!

2. dawgyg became a $2 million hacker. Congrats!

3. H1702 winners: Awesome!

4. Omar Espino is back from their bug bounty break: Welcome back!

5. Sajeeb Lohani (sml555) is going to be at DEFCON and Bsides for the first time: Amazing!

💰 Career Corner

1. Job opening - Sr Info Sec Vulnerability Assessment Specialist.

2. Summer pentester internship.

3. Oliver Müller on being an Astronomer in Data Analyst Big Tech.

4. How to Work Flexibly.

5. Things I Wish I knew Starting Out In Cybersecurity.

⚡️ From the Community

1. Bug bounty legends via Ben Sadeghipour.

2. TechEmiiily DEFCON30 manicure.

3. Abartan Dhakal (MAD) is on his way to Vegas.

4. Julien Ahrens is visiting iceland.

5. ᗩᒪETᕼE - Stalk her for stickers at DEFCON.

📰 Articles & Threads

1. Nomad drained for $150M - One of the most chaotic hacks via samczsun.

2. Taking leaps, not steps: "Today is a big day filled with a lot of different feelings. [...]"

3. How To Hack Web Applications in 2022 - Part 2: TL/DR: Web applications have both authentication and authorization as key concepts and if bypassed by an attacker, it can compromise sensitive data.

4. CVE-2022-31813 - Forwarding addresses is hard.

5. reconFTW, an overview: Reconnaissance, assets discovery, attack surface mapping, subdomains discovery… the initial step in a pentesting or bug hunting assessment is one of the most important and will help you find those sites that nobody found before.

📚 Resources

1. Top 20 sources of OSINT-related news, blogs, and publications.

2. Michael Bazzell's Credential Exposure Removal Guide.

3. Teaching someone to hack - first thing you'd tell them via hakluke.

4. Things Douglas Day learned during H1702.

5. Must-bring DEFCON items via shenetworks.

🎥 Videos

1. Musical & Spoken Security Awareness Videos - Rachel Tobac.

2. Kernel Exploitation Stack Overflow + HEVD Environment Setup.

3. BHIS | How to Fail at a Pentest with John Strand | 1-Hour.

4. XSS through SQL injections?! Solution to July '22 XSS Challenge.

🎵 Audio

1. The Privacy, Security, & OSINT Show #273 - Credential Exposure Removal.

2. Smashing Security #286 - Hackers doxxed, Pornhub probs, and Co-op security measures.

3. Malicious Life - Andrew Ginter - A 40-Year-Old Backdoor ML B-Side: Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983 when he described a nifty hack that could allow an attacker to plant almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the SolarWinds attack.

Get $100 to try DigitalOcean. The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have **every cloud resource you need** at an affordable price.

Subscribe to the Hive Five to read the rest.