- Hive Five
- Posts
- 🐝 Hive Five 157 - LLM: Full Stack Bootcamp & Web Attacks
🐝 Hive Five 157 - LLM: Full Stack Bootcamp & Web Attacks
Hi friends,
Greetings from the hive!
Welcome to all the new subscribers and members of the Hive. It’s an honor to have you with us.
This weekend, I dropped my first non-newsletter post of the year, diving into my 2024 setup—unveiling the gear and software that keeps me going.
I even took it for a spin during a quick trip to Seattle last week.
Let's take this week by swarm!
🐝 The Bee's Knees
Full Stack LLM Bootcamp. Learn best practices and tools for building LLM-powered apps, cover the full stack from prompt engineering to user-centered design, and get up to speed on the state-of-the-art. FULLSTACKDEEPLEARNING
Find out how you get started with OSINT in 2024. Micah Hoffman and Griffin Glynn share actionable resources. YOUTUBE
PortSwigger Web Security Academy now has a section dedicated to Web LLM attacks, including labs. PORTSWIGGER
Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript. Brett was hacking on a bug bounty program recently and discovered that the website is signing every request, preventing you from modifying the URL, including GET parameter values. BUER
The best Hacking Courses & Certs? Phillip Wylie shares his 2024 roadmap to Pentester success. YOUTUBE
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
️💪 Support the Hive
Sponsor the Hive and connect with a vibrant community of cutting-edge engineers, bug bounty hunters, security researchers, and ethical hackers – your gateway to an exceptionally engaged audience at the forefront of the industry.
Level up as a paid member and join the Hive! Support me directly and unlock exclusive perks, including a private community to delve into shared interests, full access to the Hive archive, exclusive content, and more.
🔥 Buzzworthy
✅ Changelog
pencode by ffuf release v0.4 is a complex payload encoder. GITHUB
In reconFTW v2.8.1 release, the web interface was removed, postman search was added, and there were various updates and fixes by different contributors. GITHUB
The latest bbscope release includes the restoration of Bugcrowd autologin functionality and now supports the new Intigriti API. GITHUB
Caido introduced HTTPQL: A new query language for hackers. CAIDO
📅 News
Jason now offers corporate custom trainings. TWITTER
NahamSec is working on a NahamCon rebrand. What do you think? TWITTER
Get All Parameters (GAP) is now available in the BApp Store. This extension helps find potential endpoints, parameters, and generate a custom target wordlist. PORTSWIGGER
🎉 Celebrate
Kaitlyn passed her OSCP. Woot! TWITTER
Jonathan and Felix launched Asymmetric Research, a web3 security venture. Congrats! TWITTER
NahamSec, John Hammond, and Adam Langley beta launched their educational platform Hacking Hub. Awesome! TWITTER
Alex reported 5 issues in the last 10 days. Let's go! TWITTER
Jason Haddix bet on himself and launched Arcanum Information Security. Exciting! TWITTER
💰 Career
Begin your journey into DFIR, Blue Team, Malware and Threat Hunting with Mary Ellen Kennel. YOUTUBE
DayInMyTechLife: From 40k to 6 Figures as a Technical Project Manager ft. Aysha Davis. YOUTUBE
Learn Application Security Testing in 2024. Tib3rius talks about how to build your foundation of knowledge and skills using free and paid resources. YOUTUBE
Jason on the dirty trick companies pull on us: "Companies can sometimes be like roach motels that make it REALLY hard for us to leave." YOUTUBE
If NahamSec started Bug Bounty Hunting in 2024, he'd do this. YOUTUBE
⚡️ Community
Fireside Chat with TomNomNom. Discover open source insights in cybersecurity and much more. YOUTUBE
Taelur put out her 3rd blog post of the month, wanting to leave a solid knowledge base for the community. TWITTER
Meg did (is doing?) an AMA: "I’m 28, have a masters in cybersecurity, have worked for both IBM’s x-force and crowdstrike doing proactive incident response consulting, am a gym rat who has lost 80+ pounds, have traveled to nearly 30 countries." TWITTER
What the "Hacker Mindset" means to the community. TWITTER
Find out what made full-time hackers leave their job to hunt for bug bounty. TWITTER
📰 Read
MyBB Admin Panel RCE CVE-2023-41362. This blog post explores a critical vulnerability in MyBB’s admin panel, leading to authenticated Remote Code Execution (RCE). MyBB is a popular forum software with a template system that utilizes eval() to render templates. SORCERY
Identify Slack Workspace Names from Webhook URLs. TruffleSec introduced whoamislack, a tool to enumerate Slack Workspace Names from Slack Webhook URLs. TRUFFLESECURITY
High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE. Ivanti disclosed two critical vulnerabilities affecting Ivanti Pulse Connect Secure - CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Remote Command Execution). ASSETNOTE
Learn more about Talkback, an infosec resource aggregator. Throughout 2023 they chipped away at adding new features, implementing bug-fixes, and also released an API. ELTTAM
Building a DigitalOcean OpenAI API Proxy. Liam recently took Daniel Miessler's Augmented course and thought he'd take a stab at implementing the OpenAI API proxy he discussed. SMALLSEC
💡 Tips
Dax shares his cable management approach, taking every single device and cable and thinking about how best to strap it to the desk to hide every detail. TWITTER
The Ship Fast stack for 2024 by Tibo — I'm already using screenstudio and beehiiv. TWITTER
TIL by xnl_h4ck3r that Katana has a -jsluice flag to enable jsluice parsing in JavaScript files. TWITTER
Cassie on accepting and leaning into when you work best, such as night owls. TWITTER
Steve Jobs: Asking for help is a superpower. TWITTER
🍯 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@freddyb | Frederik Braun | Now on mastodon as @freddy@security.plumbing / Dad in Berlin / Computer person at @MozillaSecurity / co-founder of @fluxfingers / he/him.
@ThePrimeagen | ThePrimeagen | Netflix | Vim | Twitch.
@beeamp_vicky | vicky zhao | Experimenting with the intersection of disciplines, ideas and cultures | Taking visual Zettelkasten notes (also on YouTube).
@carlospolopm | carlospolop | Pentester, Researcher & Developer
@tommyvedvik | tommy vedvik | Founder of Flatsome - The All-in-One WooCommerce Website Builder. Full-time Bootstrapper.
🚀 Productivity
Here's how Nicole's learning things in Obsidian in 2024, and the tools she uses in my information processing pipeline to read, listen, and watch content and turn that into ideas and output. YOUTUBE
Priming helps you to start each day of right. TONYROBBINS
Hiding Spam with uBlock Origins. YOUTUBE
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
🌐 Technology
AI-Generated Fakes: How to spot them, how they're made, and how they have been used to mislead. YOUTUBE
Gaming laptop recommendations from the hivemind. TWITTER
Slashing Data Transfer Costs in AWS by 99%, (via) Brilliant trick by Daniel Kleinstein. If you have data in two availability zones in the same AWS region, transferring a TB will cost you $10 in ingress and $10 in egress at the inter-zone rates charged by AWS. But... SIMONWILLISON
How to do math in shell environments (bash, zsh, ...). STEFANJUDIS
How David Perell Uses ChatGPT to Write for Millions. YOUTUBE
🧠 Wisdom
Taelur on progressing as long as you put in effort and consistency. TWITTER
Over the last 5 years, Gary worked hard to remind themselves that responsibility isn't always their fault and to take aggressive action to prevent problems from recurring. TWITTER
Maggie on adopting a One Good Thing habit and its benefits — I currently have a highlight in my daily note, but not a daily highlight. Food for thought. TWITTER
Dr. Gurner on resolving conflict, and using "Us vs The Problem" instead of "Me vs You" positioning. TWITTER
Sketching shows us how messy the creative process really is. Writing is the same. Don't compare your initial draft to someone's final one. TWITTER
💛 Cross-pollination
Six books Adam revisits most as a founder: Radical Candor, No Rules Rules, The Great CEO Within, Shape Up, Rework, and Anything You Want. TWITTER
'The Sopranos' Turns 25: How David Chase’s Series Changed the TV Rules — One of my all-time favorite shows. ROLLINGSTONE
Organize all your reference images in one place with Eagle — As an creative, this was quite exciting to find. For a one-time fee of 29.95, it seems like a steal. EAGLE
Sit in Shade helps you find the best bus seat to minimize sun exposure while traveling. SITINSHADE
Lifechanging items under $100 — Good pillows, supportive shoes, and socks are some of the comments.
🙏 Quote
"Wherever you go, there you are."
— Jon Kabat-Zinn
👇 Join the Hive! Upgrade to a membership and unlock exclusive content below, featuring valuable tools, essential resources, and must-watch/listen recommendations.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- • Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- • EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- • MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- • Deep DISCOUNTS on paid content.
- • Experience continuously added NEW BENEFITS.