- Hive Five
- Posts
- π Hive Five 169 - Excellent Advice for Living
π Hive Five 169 - Excellent Advice for Living
Human-Centered AI Index Report 2024, Hacking Google's AI system, and more...
Hi friends,
Greetings from the hive!
Sorry for being a day late, but Iβm back from vacation and had a blast. Check out my Instagram for some pictures.
It was the first time I did proper water activities, and I managed to kayak the canals and rivers. I tried paddle boarding but it didn't work out. I was probably too nervous.
Then, on our way home, we visited a National Park. It was my first one! I had no expectations and it was wonderful.
Within days of being back home, I was inspired to complete two productivity projects from start to finish. A Hyperkey blog post and a Beehiiv search tool, the latter powers the newsletter.
For both of these, I followed Simon Willison's mantra to create a blog post for every project you finish.
What are you working on?
Let's take this week by swarm!
π The Bee's Knees
Jason offers wide-ranging advice to young people on cultivating luck, professional success, confidence, diverse skills, simplicity, self-worth, happiness and living in the present through stories and personal anecdotes. MORE
The Stanford University Human-Centered Artificial Intelligence Index Report 2024 provides a comprehensive assessment of the state of AI development and its impact on society. MORE
A collection of 101 additional bits of life advice by Kevin Kelly, founding executive editor of Wired magazine, compiled over 6 years. MORE
The Frog Sec Team showcases how they escalated a DOM XSS vulnerability into a sophisticated 1-click Account Takeover attack, earning them $8000. MORE
The video discusses how the creators hacked Google's AI system and received $50,000 in compensation. The video features a guest appearance by NahamSec. MORE
οΈπͺ Sponsor
Every week, thousands of hackers immerse themselves in the Hive Five for the best security resources, tech optimizations, and productivity improvements. To hack a life they love.
From a reader: "The newsletter is always a highlight of my week!β
Table of Contents
π° News and Updates
π― My work
β Changelog
Intigriti introduces read-only user roles "Program reader" and "Group reader" to enhance user experience and access control. MORE
DOMPurify 3.1.1 is a fast, tolerant XSS sanitizer for HTML, MathML, and SVG, with a secure default and configurable hooks. MORE
Fabric v1.4.0 added the ability to build on previous conversations using context. MORE
π Headlines
Google continues their killing spree. This time they let go of their Python team. In addition to contributing to upstream Python, they maintained a stable version of python within google, tools to keep thousands of third party packages constantly updated, and much more. MORE
Blizzard has decided not to hold BlizzCon in 2024, but will instead host global in-person events to celebrate Warcraft's 30th anniversary. This feels like the end of an era, but we'll see. MORE
Women Who Code shut down, but the story behind it appears murky. MORE
After 10 years at Netflix, ThePrimeagen is excited for what's next. MORE
πΌ Career and Productivity
π° Career
To build a reputation as a problem-solver and task-completer, keep a "WTF Notebook" to capture issues and next steps, complementing your bullet journal. MORE
Augustine Degorl transitioned from a retail job at Apple to a 6-figure Cybersecurity GRC Analyst role. He then founded his own cybersecurity firm, Symposia. MORE
3 tips to nail your next public speaking: 1) Focus on "Lego blocks", 2) Find Friendly Faces, 3) Confront the Spotlight Effect. MORE
Job Bounty: Draftboard is a platform that facilitates referral-based hiring, creating a win-win-win situation for employers, candidates, and referrers. MORE
Kierra Dotson transitioned from a Data Engineer to a 6-figure DevOps Engineer without prior DevOps experience, showcasing the adaptability of tech careers. MORE
π Productivity
Extensity is a Chrome extension that allows you to quickly enable or disable your installed extensions, helping you manage your toolbar and extensions. MORE
How to setup your goals: Rate life balance areas and construct inspiring 3-5 year vision to fulfill purpose. MORE
How to Job Search Journal with Obsidian, keeping detailed job search notes, including research, network connections, and daily updates. MORE
Email is not an efficient communication tool for all purposes, and one should consider the appropriateness of the tool for the task at hand. MORE
Max Stoiber, CEO of Stellate, shares how he uses Raycast to enhance his productivity and eliminate friction in his workflow. As a power user of Raycast, his setup offers valuable insights. MORE
π Community and Networking
π Celebrate
Nagli is officially top 5 all-time on the HackerOne leaderboard. Amazing! MORE
Ariel and Harley are running the official Bug Bounty Village at DEFCON. Cool stuff! MORE
NahamSec pulled working GitLab creds during a pentest in the first 50 minutes. Let's go! MORE
Monke is starting full-time bug bounty. You'll kill it! MORE
β‘οΈ Community
wunderwuzzi attended their first HackSpaceCon at Kennedy Space Center, a great conference with world-class swag and talks. MORE
The Ambassador World Cup is HackerOne's annual competition for its Brand Ambassador Program, featuring a FIFA World Cup-style format to drive global engagement in a timed, gamified hacking challenge. MORE
Alexandro shares his H1-65 LHE experience from the triage side. MORE
Leo Rac joined the 4k club on Intigriti. Let's go! MORE
Joaxcar turned 37. Happy birthday! MORE
π Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
thejustinwelsh | Justin Welsh | The Diversified Solopreneur | Building a portfolio of one-person businesses to $5M in revenue. Tweets and threads about the process.
Jamuse | Josh Amishav-Zlatin | I write about data breach monitoring for enterprise security teams | Indexed ~30 billion passwords | Former pen tester turned OSINT collector.
binaryz0ne | Ali Hadi | B!n@ry | DFIR and Adversary Simulation | dfir @ protonmail.
Mudit__Gupta | Mudit Gupta | CISO @0xPolygon | Tech Partner @Deltabc_fund | Blockchain Security Researcher | Ethereum & Web3 dev | Advisor & Angel Investor.
ramonvanmeer | Ramon van Meer | Entrepreneur & Investor. $10M+ in previous exits.
π Cross-pollination
Parallel-lives is an interactive timeline showcasing nearly 5000 years of notable historical figures, allowing users to explore their lives and connections. MORE
Nick, a prolific traveler, shares his essential travel items for 2024, including gear, gadgets, toiletries, and tech. MORE
Chris examines 30 years of Rolling Stoneβs βGreatest Albums of All Timeβ and discusses factors that contribute to an album being considered the greatest of all time, including critical acclaim, cultural impact, and longevity. MORE
The Rambull newsletter shares 6+ useful recommendations each week from a new career and family oriented 30-something. MORE
The article discusses using classical conditioning to trick the brain into enjoying running, similar to Pavlov's experiments with dogs. By associating running with positive rewards, the brain can be conditioned to enjoy the activity over time. MORE
π Thank you
As an independent publication, you can make a difference! If you find value in the newsletter, please take a moment and share it with others who might also benefit from my curation.
π Learning and Growth
π° Read
Adnan Khan reported a "Pwn Request" vulnerability in Google's Flank repository, an official open-source project for running Android and iOS tests in Firebase Test Lab. MORE
The blog post discusses the open source problem, mentioning Jia Tan, suggesting that similar user profiles exist within the community. MORE
BankID, a digital ID used by Swedes, is vulnerable to session fixation attacks that can hijack user accounts across various services. MORE
"Why can't my mom email me?", the trade-offs between security and usability in the context of encrypted communication. MORE
The researcher discovered a race condition vulnerability in the login function of a large company's eCommerce web application, leading to a full account takeover. MORE
π‘ Tips
10 Tips for DEF CON Newbies (2024 Edition). DEF CON is the greatest hacker convention, but overwhelming for first-timers. MORE
Leverage
HISTORY_IGNORE
to ignore commands like ls, cd etc. from filling up your shell history. MOREZseano shares a tip: XSS in email and phone numbers is underrated. MORE
TIL the iPhone Photos app allows you to look up plants, flowers, and more. MORE
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
π§ Wisdom
The Red Queen Effect: To maintain one's position, one must continually evolve and adapt, as standing still leads to falling behind. MORE
ThePrimeagen started streaming from a laundry room to a handful of viewers. He also had to set up and tear down his setup every night. MORE
David shares 18 of his favorite frameworks. MORE
How Navy Seals fall asleep within 2 minutes using the 4-7-8 breathing method. MORE
A thread of random advice. The following stood out to me: "If you use a product. Buy the stock and forget it. Just think when you first used Amazon, Nvidia, Netflix, Google, or Apple." MORE
π Resources
When editing friends' or coworkers' writing, look for clarity, conciseness, and consistency, making changes to improve flow and convey the message effectively. MORE
The Ultimate Burp Suite Exam and PortSwigger Labs Guide. The Burp Suite Certified Practitioner (BSCP) exam consists of two web applications, each with three stages, to be completed in two hours. MORE
Awesome secure by default libraries to help you eliminate bug classes. MORE"
cts pirated Ableton Live Suite 12 and live reversed the crack/keygen. MORE
Google Dorks for Bug Bounty is a comprehensive list of Google search queries to help identify potential vulnerabilities and security issues for bug bounty programs. MORE
π Quote
It's so hard to forget pain, but it's even harder to remember sweetness. We have no scar to show for happiness. We learn so little from peace.
π Tools and Media
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- β’ Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
- β’ Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
- β’ EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
- β’ MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
- β’ Deep DISCOUNTS on paid content.
- β’ Experience continuously added NEW BENEFITS.