🐝 Hive Five 177 - Mastering the Balance Point

Hi friends,

Greetings from the hive!

Time stops for no one. So, start doing all those things you said you'd do later when the "time is right".

This becomes even more apparent when you have kids. Time. Flies.

Live your best life. Do the scary things. Have fun.

Let's take this week by swarm!

🐝 The Bee's Knees

1. MrTuxracer and Evan Connelly identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of victim users. MORE

2. The case against morning yoga, daily routines, and endless meetings. How to maximize 10x work and avoid thoughtless daily 1x work routines. MORE

3. Learning to wheelie at 49 Years Old. Mastering the Balance Point: A Journey of Persistence and Personal Growth. MORE

4. Sluicing Scripts with TomNomNom. Tools and tricks to make some sense of messy JavaScript, build hyper-focused wordlists, and find useful stuff in web applications. MORE

5. Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages. Learn more about the vulnerabilities and how to avoid them. MORE

Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.

Hive Five is brought to you by:

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• ⬆️ Level up

• 🛠 Explore

📰 Updates

🍯 My work

✅ Changelog

1. Wappalyzergo v0.1.7 release, a high-performance Go implementation of the Wappalyzer technology detection library. MORE

2. Datasette 0.64.8 addresses a potential security vulnerability where missing database or table names could be used to display arbitrary text to users. MORE

📅 News

1. Google announces Bugcrowd as a new payment option on bughunters.google.com, allowing bug hunters more flexibility in receiving rewards. MORE

2. Anthropic released a new language model, Claude 3.5 Sonnet, which is likely the best available LLM. MORE

3. Learning platform Hextree moved into early access, people on the waiting list should receive invites in the upcoming weeks. MORE

TIL that Anthropic's AI development is guided by a commitment to user privacy, not training on user data without explicit permission. MORE

➡️ Continue reading online to avoid email cutoff

💼 Work

💰 Career

1. Demystifying the Process: Threat Detection Engineering Interviews. MORE

2. Peter's entrepreneurship journey was unplanned, driven by repeated layoffs that infuriated them, rather than a dream or an inevitable path, he had to save himself. MORE

3. In this episode, NahamSec, a bug bounty hunter and content creator, shares his experiences on using bug bounties to break into cybersecurity. MORE

4. Marc launched his 24th startup, sharing everything from getting the idea, building fast, and launching a micro startup. MORE

5. 5 high-income skills for students in 2024, such as Software Consulting, Writing, and more. MORE

🚀 Productivity

1. AeroSpace is an i3-like tiling window manager for macOS. Unlike other apps, it does not require you to disable System Integrity Protection. MORE

2. KeyCluCask is a simple and handy tool that provides an overview of all shortcuts for any application. MORE

3. How to Build Anything Extremely Quickly using "Outline speedrunning". This approach recursively has you outlining an MVP, speedrunning filling it in, and then perfecting it. MORE

4. Solo developers use a variety of tools and techniques to stay organized, such as using a paper notebook for ideas, task management apps, and personal kanban boards. MORE

5. To become a decision-maker, reflect on your thought process, document it, and revisit it later to identify any biases. Includes Decision making template. MORE

➡️ Continue reading online to avoid email cutoff

🌎 Community

🎉 Celebrate

1. Daeken is back! MORE

2. Hgreal (and others) received an invite to the HackerOne LHE h1702 event in Vegas. Exciting opportunity! MORE

3. Alexandro achieved major career and personal milestones this quarter, including reaching 4k rep, meeting 2024 bounty goal, and starting at Microsoft. LFG! MORE

⚡️ Community

1. HackerOne Live Hacking Event Recap: Tokyo w/ PayPal. MORE

2. Next Gen Hackers are NEXT level. Angelina started coding when she was in elementary school. MORE

3. NahamSec is hosting a 3-day stream event from June 30th, with guest appearances from Rhynorater on Monday and STÖK on Tuesday. MORE

4. STÖK is heading to Vegas to participate in H1702, speak at BlackHat, and hang out at DEFCON. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @MasterSEC_AR | edduu | Security Researcher. BB Hunter.

2. @TatianaTMac | Tatiana Mac | Tech Misanthropologist. Engineer/OSS maintainer SelfDefinedApp. Shop tech merch StyleDotCSS. Gender evil. Chaotic nonbinary. ViệtAm.

3. @BeeFaauBee09 | Ibad Shah.

4. @LiveOverflow | LiveOverflow.

5. @cybersecmeg | meg west | CISSP | CCSP | MSc Cybersecurity.

➡️ Continue reading online to avoid email cutoff

⬆️ Level up

📰 Read

1. A deeper look into ACE, an anti-cheat system by Tencent, and the growing tension between ensuring fair online gaming and protecting personal privacy. MORE

2. Jason and Sam, the creators of Dot, have been using their AI prototype for a year and want to share their experiences and how they've changed over time. MORE

3. The Triton Inference Server, an open-source software released by NVIDIA, has a pre-authentication remote code execution vulnerability. MORE

4. GreyNoise tracks SolarWinds Serv-U (CVE-2024-28995) vulnerability with a new honeypot, including tricking a human attacker into making mistakes. MORE

5. ViewState is used by ASP.NET to maintain web control state between postbacks. This write-up is based on hunting artifacts from HTB: Pov, but purely from a memory dump perspective. MORE

💡 Tips

1. 4 actionable strategies for controlling your dopamine: 1) Pain before pleasure, 2) Rule of Avoidance, 3) Rule of Barries, and 4) Rule of Boredom. MORE

2. Prompt LLMs to list wrong assumptions before answering a question: "Before you answer, make a list of wrong assumptions people sometimes make about the concepts included in the question." MORE

3. Hackers share what improved their skills the most. MORE

4. 95% of hunters remove images from endpoints. However, these can contain valuable information according to GodfatherOrwa. MORE

5. STÖK discusses how using Splunk with custom regex extractions and advanced queries provides more speed, visibility, and easy action on data analysis compared to traditional tools like grep, awk, and jq. MORE

🧠 Wisdom

1. Achieving your goals is not inherently difficult, but the key is taking consistent daily action. The difference between those who succeed and those who don't is the willingness to put in the necessary work. MORE

2. People share therapy advice that changed their lives. MORE

3. Ambitious people in their late 20s receive fitness and life/business wisdom during a chest, shoulders, and triceps workout. MORE

4. A teacher illustrates the impact of words. MORE

5. Shaan Puri argues against the dangerous mindset of postponing dreams and ambitions for a "safer" future. MORE

📚 Resources

1. Part-time bug bounty hunter Evan shares their iOS Web Hacking Setup: Surge, Termius, and Caido. MORE

2. OpenCTI is an open-source platform for managing cyber threat intelligence, enabling organizations to structure, store, and visualize threat data. MORE

3. A collection of resources to learn Reverse Engineering from start. MORE

4. The OpenDNS Security Ninjas AppSec Training is a hands-on lab that covers real-world hacking exercises corresponding to the OWASP Top vulnerabilities, with hints and solutions provided. MORE

5. Sun Knudse, privacy and security researcher, showcases the contents of their everyday carry. MORE.

💭 Quote

➡️ Continue reading online to avoid email cutoff

🛠 Explore

🧰 Tools

1. secbutler is a utility tool made for pentesters, bug-bounty hunters and security researchers that contains all the most used and tedious stuff commonly used while performing cybersecurity activities. MORE

2. DMARC Subdomains is a Python script that uses Playwright to retrieve a list of domains with the same DMARC record as a specified domain. MORE

3. ReconAIzer is a Jython extension for Burp Suite that uses OpenAI to optimize bug bounty recon. MORE

4. Effortlessly deploy a status page and start monitoring endpoints in minutes. MORE

🎥 Watch

1. IoT hacking the Netgear AC NightHawk device, quickly obtaining a UART root shell and investigating the underlying Linux system. MORE

2. Why Andrew switched from LF to Yazi, a blazing fast terminal file manager written in Rust, based on async I/O. MORE

3. Rachel Lee Nabors, a versatile web developer, author, and artist, embraces risk and failure as paths to growth, evident in her diverse accomplishments. MORE

4. Shopify CEO Tobi shared a talk he gave to his team, which he finds valuable for founders building their own company and those trying to understand Shopify's mindset and culture. MORE

5. Simon gave a talk on accessing Large Language Models from the command-line. Focused on his Python command-line utility and ways you can use it (and its plugins) to explore LLMs and use them for useful tasks. MORE

🎵 Listen

1. Sara Walker, an astrobiologist and theoretical physicist, discusses her new book "Life as No One Knows It: The Physics of Life's Emergence" with Lex Fridman, covering topics like physics of life, time, complexity, and aliens. MORE

2. On Defensive vs Offensive AI Engineering and the ML First mindset: Presenting our ultimate guide to Hiring AI Engineers (and How to Source Them). MORE

3. From Architecture to Headhunting, A Million-Dollar Exit Story with Marshall Haas. MORE

4. Listen To These 40 Minutes To Unf*ck Your Life: “What would I work on if I wasn't afraid?” MORE

🌐 Technology

1. 2023 State of JS: JavaScript's growth continues, with a stream of innovations in server components, actions, signals, compilers, and more, challenging developers to keep up. MORE

2. Adam, teacher/streamer/co-founder, redid his personal website, including live Twitch notifications. MORE

3. Claire Vo built ChatPRD, an AI-powered chief product officer, as a side hustle while working as CPO at LaunchDarkly. It generates 6-figure revenue and serves over 1000 product managers. MORE

4. The blog post discusses the prevalence of the curl library in Steam games, with over a hundred games found to be using it. The author finds it "amazing" that so many games have incorporated the curl library. MORE

🔑 Visit

1. The best months to visit US National Parks by region. MORE

2. Explainthatstuff.com is a free online resource that provides simple and easy-to-understand explanations on various science and technology topics, from the physics of floating ships to the mechanics of self-cleaning windows. MORE

3. Odd One Out: Google game that challenges users to identify AI-generated images among real art. MORE

4. Get an 80s workout while you type. Watch this full-body keyboard in action. MORE.

5. Weird topics people enjoy watching. This led me to cow hoof trimming, which is surprisingly fascinating. MORE

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.