🐝 Hive Five 87 - How to turn security research into profit, How a teenager hacked Uber, and Creating a CTF challenge

Hi friends,

Greetings from the hive!

I hope you had a good weekend. Does anyone know of a strong bug bounty/security research team looking for help in improving the researcher experience?

I’m looking for something new!

The last couple of years of leading security researcher experience at Bugcrowd was a dream opportunity. Working with a world-class team and engaging with and advocating for some of the best hackers in the world has been a highlight of my career, and I would love to continue on this path.

(RTs appreciated + DMs are open)

Let's take this week by swarm!

🐝 The Bee's Knees

1. How a teenager hacked Uber: Going over what's currently known about the major Uber breach, and how the hacker was able to compromise their entire network in very little time. Uber security update.

2. Introducing - CloudFox: CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure.

3. Multiverse, not Metaverse: Generative AI lets us explore Many worlds owned by Nobodies, and this is fundamentally better than One world owned by Somebody.

4. The Last Algorithms Course You'll Need (Free): Welcome to a super fun, beginner-friendly data structures and algorithms course.

5. Challendar - Creating a Challenge for The Infosecurity Challenge 2022: Although spaceraccoon doesn't actively participate in CTFs, he enjoys creating CTF challenges as it forces him to learn by doing. Creating a good CTF challenge is an art, not a science. As the winner of last year’s $30k The InfoSecurity Challenge (TISC), he decided to contribute a challenge this year.

🙏 Support the Hive

Enjoy reading the Hive Five? Consider sponsoring the next edition or buying me a coffee.

You can also share the newsletter with your friends and follow me on Twitter.

🔥 Buzzworthy

✅ Changelog

1. DalFox v2.8.1: DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility.

2. GitLS v1.0.4: Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline.

3. Chameleon v1.0.1: Chameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies.

4. Arjun v2.2.1: HTTP parameter discovery suite.

📅 Events

1. HackerOne's kicked off H13493: Keep an eye out for the leaderboard to follow along next week as they bring you the latest live from Barcelona.

2. Keep up with Intigriti’s events in September and October: Summer might be nearly over, but things are still hot around here. Between trade shows, community meetups, webinars, and talks, they have more than ten events in their calendar for September and October.