Just want to say, I'm extremely impressed with what Bram (Bee) is doing over here on his site. The combination of content and design is seriously A+, and signing up for the newsletter alone is worth the visit. Recommend++
Securibee has the best bounty newsletter! I definitely recommend you to sign up for it.
What a great way to distill down genuinely interesting tweets, HN posts, and short news bites.
I was inspired by securibee and his awesome newsletter!
It's so good! Nice work bee!
I really enjoy securibee's newsletter, I honestly find so much insightful stuff there.
I just subscribed and you should too! Great curated content :)
Loving this.
Just subscribed to your newsletter and oh my are there a lot of security related stuff. The only I knew about were intigriti's bug bytes.
Great newsletter! Suggested to everyone in
Inspired by securibee, "Only ever compare yourself with the you of yesterday" - subbed to your newsletter!
Hive Five #12
Hive Five
By securibee 🐝
Hi friends,
Greetings from the hive!
Happy Holi! I hope you had an awesome week. Mine was pretty good, had some delicious food, and there were several sunny days. I even figured out that light-mode works wonders when working outside in bright weather.
My website received some major improvements (changelog). Most notably, I added a become a supporter section, where you can buy me a coffee, and a custom 404 page, with a random bee fact!
Some changes to the newsletter, as I didn’t like stuffing it to the brim. From now on there’ll be a maximum of 5 links per category, which lines up perfectly with my philosophy and the name, Hive Five. I’ve also added 3 new categories: changelog, people, and outside interests. I have tons more in the works, so bee on the lookout.
Let’s take this week by swarm!
🐝 The Bee’s Knees
Recovering a full PEM Private Key when half of it is redacted: A write-up covering how given a partially redacted PEM, the whole private key can be recovered. The Twitter user, SAXX, shared a partially redacted private RSA key in a tweet about a penetration test where they had recovered a private key.
Mining Bitcoin on the Game Boy: In this video, they attempt to mine Bitcoin on the original Game Boy using the Raspberry Pi Pico as a link-cable to USB adapter!
Hidden OAuth attack vectors: The OAuth2 authorization protocol has been under fire for the past ten years. You’ve probably already heard about plenty of “return_uri” tricks, token leakages, CSRF-style attacks on clients, and more.
!!Con - Call for Talk Proposals!: !!Con is back for their eighth year of celebrating the joy, excitement, and surprise of computing, and want you to submit a talk proposal.
OSINT VM: The 2021.1 release of the TraceLabs OSINT VM is out, this is a major release which includes a new menu, default browser change (#Chromium) and a new updater process.
One day short of a full chain: Part 3 - Chrome renderer RCE: This is the last post of a series in which I exploit three bugs that can be used to form an exploit chain from visiting a malicious website in the beta version of Chrome 86 to gain arbitrary code execution in the Android kernel.,
Thoughts on Threat Modeling: Personal views on threat modeling, how I approach threat modeling and what has worked for me (both as a Platform Security Engineer and vulnerability researcher).
Simpsonpt/AppSecEzine: Only just found out about AppSec Ezine and it has been releasing for 7 years!
New to bounties? by bugcrowd: They created a page containing links to everything you need to know including free educational resources, researcher docs, how to find bugs, beginner resources, how to get private invites, and more.
AMA - Bug Bounty with Alex Chapman (Public): Alex Chapman talks about his approach to bug hunting, why he hunts on our platform and about his favorite scene from the movie Hackers.
cosign: Container Signing, Verification and Storage in an OCI registry.
Frogy’s Subdomain Enumeraton - It’s not yet another Subdomain Enumeration tool: Using the combination of different subdomain tools it tries to identify more subdomains using combination of bruteforce and other techniques. Warning: This is just a research project. Kindly use it with caution and at your own risk.
Sponsor kgretzky/pwndrop: pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.
ransom - Fraktal’s Ransomware Emulator: Command-line executable that will emulate common ransomware functions for the purpose of testing endpoint detection and response tools.
americanexpress/earlybird: EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
Atul: Always sharing knowledge and know-how, active in various Discord communities.
BanjoCrashland: Demos job hunt tactics/techniques using hacker mindset + OSINT to find jobs viewers want. w/ Jacque_InTheBox
DanielMiessler: He explores the intersection of security, technology, and society. He posts great content + his podcast is a must-listen. Members get access to Slack and book club.
todayisnew: Eric crossed $1M in bounties a while ago but you’d never know it. His handle is a great reminder to focus on the gift we are given with each new day. His friendly demeanor, and automation are highly sought after.
ippsec: One of THE best FREE resources to learn hacking. He mainly covers hack the box videos, but does it in a way that’s easy to follow even for beginners. He also breaks down techniques, it’s where I learned tmux.
✅ Productivity
A Vim Guide for Advanced Users: Third part of this series aimed to help you unleash a power never seen on Earth using the Almighty Vim.
Select links are affiliates that I get a kickback from. They must pass curation, no exceptions.
❤️ Don't bee a stranger
I'd love to hear your thoughts! You can reach me on Twitter, or replying to this email also works. Until next week, take care of yourself and each other,
securibee 🐝
Hive Five newsletter
Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.
As a thank you, you'll receive 100+ InfoSec RSS feeds.