🐝 Hive Five 178 - Slow Down To Achieve More

Hi friends,

Greetings from the hive!

Slow down to achieve more. Sounds counterintuitive, right? But it works.

The Navy SEALs have a saying: 'Slow is smooth, and smooth is fast.' It's not just for combat. It's for life.

When you slow down, you see more. You think clearer. You make fewer mistakes. And fewer mistakes mean less backtracking, less fixing, less wasted time.

It's like compound interest for your actions. Small, deliberate steps add up. They compound. Before you know it, you're way ahead of where you'd be if you were always rushing.

I'm trying to live this way. Slowing down. Being more deliberate. Doing things not just for some future payoff, but because the doing itself is worthwhile.

It's not easy. Our world screams 'Faster! Now!' But I'm learning that sometimes, the best way to speed up is to slow down.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects. MORE

2. AI has taken over major tech companies, making humans rely on machines to think. But what if we use AI to think more instead of less? MORE

3. Full-time bug hunter Alex Chapman, known for his high criticality findings, shares his insights and secrets. MORE

4. AI Engineer World's Fair 2024 keynotes and CodeGen track, showcasing the latest advancements in AI engineering. Features talks on Open Challenges for AI Engineering, Llamafile: bringing AI to the masses with fast CPU, and much more. MORE | SCHEDULE

5. Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models. Google Project Zero hopes that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities. MORE

Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• ⬆️ Level up

• 🛠 Explore

📰 Updates

🍯 My work

✅ Changelog

1. Nuclei Templates v9.9.0 introduces new Kubernetes Cluster Security templates, enabling automated security reviews and custom security checks, with results shared on the PDCP Cloud. MORE

2. The commit 1.2.0 of RetireJS/retire-site-scanner adds support for detecting the use of known bad CDNs. MORE

3. sw33tlie's updated ffuf fork now supports additional fuzzing techniques, including absolute URI fuzzing, invalid HTTP methods, no header canonization, invalid URL encoding chars, and invalid HTTP headers. MORE

📅 News

1. Polyfill.io is a convenient service that automatically provides front-end polyfills, however it's been compromised. MORE

2. Simian Security provides specialist penetration testing and security assessments to help organizations identify and address vulnerabilities. MORE

3. PortSwigger, the company behind the Burp Suite security tools, raises $112M. MORE

4. The latest creation of prolific indie maker Pieter Levels: A live ranking of airlines by how much luggage they are losing. MORE

➡️ Continue reading online to avoid email cutoff

💼 Work

💰 Career

1. Find out what those who've left the Software Engineering world transition into. MORE

2. What do GenZ software engineers really think? They discuss values, what frustrates them about working in tech, and what they think of older colleagues. MORE

3. Job hunting tips: apply for LinkedIn jobs with few applicants, hybrid/onsite roles in other cities, and recently posted roles to increase visibility. MORE

4. Kyle Pursell, Shopify's Head of Growth Optimization, discusses strategies for scaling upmarket, the power of product-led growth, and the importance of cross-functional collaboration in growth initiatives. MORE

5. Shenetworks offers career guidance and answers tech job-related questions. MORE

🚀 Productivity

1. The video discusses 4 productivity hacks the creator uses to stay productive while traveling, including high-altitude book writing and high-intensity workouts. MORE

2. Slow down to achieve more. Ali shares the 3 key principles that Cal Newport talks about in his new book Slow Productivity. MORE

3. To write like Ryan Holiday, focus on consistent productivity (16 books, daily newsletter), has 1.7 million YouTube subscribers, and runs his own creative agency. MORE

4. Ice is a powerful menu bar manager for macOS. MORE

5. How Steve Huynh (YouTuber, principal engineer, productivity junkie) started 5 Successful Side Projects Without Burning Out. MORE

➡️ Continue reading online to avoid email cutoff

🌎 Community

🎉 Celebrate

1. NahamSec started streaming live recon again! It'll be on YouTube soon. MORE

⚡️ Community

1. Alethe is the hitchHACKERs Guide to DEFCON, offering help with questions about the event, venue, and accommodations. MORE

2. Zseano underwent emergency surgery and is recovering well. Send him love! MORE

3. STÖK discusses the rich history and variety of Scandinavian saunas, from traditional steam and dry saunas to modern styles like crystal, herb, and infrared. He plans to experience the diverse range of sauna types. MORE

4. Adam shares a plant-based pre-workout meal. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @inhibitor181 | Cosmin | Bug bounty hunter.

2. @TJ_Null | Tony | Blue Teamer in Disguise | SANS Netwars Champion. Former community manager and founder of the Offsec community for @offsectraining.

3. @monicalent | Monica Lent | Dev founder | Courses & Community.

4. @synackodes | Elle Romanoff. The llama loving threat hunter| Black Widow of AppSec | Pro nap taker | Plant-based | A Cybermaiden who likes coding, motorsport, legos & sneakers.

5. @hdmoore | HD Moore | He/Him | Chairman & Founding CTO of runZero (formerly Rumble Network Discovery) | Black Lives Matter.

➡️ Continue reading online to avoid email cutoff

⬆️ Level up

📰 Read

1. Artifactory, a popular software repository manager, was found to be vulnerable to a Zip Slip attack. MORE

2. DevOps, once a promising concept, has fallen victim to the hype cycle, leaving many feeling exhausted and disillusioned. MORE

3. Mark Dowd, founder of Aziumuth Security and co-author of "The Art of Software Security Assessment", discusses the market for zero-day vulnerabilities and how mitigations affect monetizing offensive security work. MORE

4. Why nested deserialization is harmful: Magento XXE (CVE-2024-34102). It's estimated that there are over 140,000 instances of Magento running as of late 2023. MORE

5. Paul Graham's essays are aggregated and compiled into one complete collection for your reading pleasure. MORE

➡️ Continue reading online to avoid email cutoff

💡 Tips

1. When investing, Pieter's point is to diversify across companies, industries, countries, brokers, banks, and personal assets to mitigate risk. MORE

2. Success in bug bounty or hacking requires passion, dedication, and willingness to sacrifice. MORE

3. Attackers may exploit language models' vulnerabilities by injecting prompts that lead to blind XSS attacks. MORE

4. Explore this path to start earning in bug bounty. MORE

🧠 Wisdom

1. How to take the high road. When someone provokes you, it’s easy to react without thinking. Learn to slow down and respond in ways you’ll be proud of. MORE

2. Razors are rules of thumb that simplify decision-making. Here are 16 essential Razors everyone should know. MORE

3. Failure should not be viewed as a negative, especially in entrepreneurial circles. Instead, it should be seen as a learning experience to improve and grow. MORE

4. Plutchik's Wheel of Emotions provides a logical framework to understand and explore feelings, with a comprehensive emotions list. This is an interactive version. MORE

5. Pharrell advises the Gallery of Maurice creator to not take feedback personally, but instead observe it and address the issue: "Don't take it personal. Take note, and take care of it." MORE

📚 Resources

1. This repository provides an overview of free and commercial training and certifications related to secure software development. MORE

2. Comprehensive study notes covering various web hacking techniques, including information gathering, vulnerability analysis, and exploitation. MORE

3. Cts played with Blue Water in the GoogleCTF. Here are their challenge writeups. MORE

💭 Quote

🛠 Explore

🧰 Tools

1. Mihari is a framework for continuous OSINT-based threat hunting that provides a built-in web app for monitoring alerts. MORE

2. PackageSpy is a versatile command-line tool designed to simplify the process of searching for secrets within packages on popular package managers using Gitleaks. MORE

3. YetiHunter is a tool created by Permiso Security to query Snowflake environments for signs of compromise, leveraging indicators from Permiso and the community. MORE

4. mise is a polyglot tool version manager that replaces tools like asdf, nvm, pyenv, rbenv, etc. MORE

5. GQLSpection is a CLI tool and Python library for parsing GraphQL introspection queries and generating automatic queries. MORE

🎥 Watch

1. Great leaders approach hard conversations with empathy, transparency, and a focus on problem-solving, not blame. MORE

2. Join Dan and Marcello as they discuss and demonstrate the latest vulnerabilities from Protect AI's June report, with exclusive segments to enhance your hacking skills. MORE

3. This tutorial demonstrates how to conduct person of interest investigations using Maltego, starting with names and pivoting to personal identifiers to uncover digital footprints of public figures. MORE

4. Recon is the first step in hacking large corporations, involving gathering information about the target organization. MORE

5. The Web Dev Challenge participants have 30 minutes to plan and 3 hours to build an AI-powered app that's not another f%*#ing chatbot. MORE

🎵 Listen

1. How To Reinvent Your Life In 4 Months (Full Step-By-Step Process) by Cal Newport. MORE

2. Business Tricks From Gamblers, Pickup Artists, & Feynman. MORE

3. 5 Business Ideas To Start Today With $0 ft. Shark Tank's Sabri Suby. MORE

4. Financing the Deep Life with Noah Kagan. One of the most common strategies for achieving a powerful ideal lifestyle vision is to leverage entrepreneurial activities to find a stable source of income that allows autonomy and flexibility. MORE

🌐 Technology

1. Micro-features that improve the quality of life of any blog or website. MORE

2. 98.css is a CSS library that helps create Windows-like interfaces. MORE

3. Pikimov is a web-based motion design and video editing platform that allows users to create and edit videos with ease. MORE

4. This paper establishes a taxonomy of 58 text-only prompting techniques and 40 techniques for other modalities, providing a comprehensive understanding of prompting for generative AI systems. MORE

🔑 Interesting

1. Find out what you can build with Flipdiscs. They are a display type that uses electromagnetic pulses to flip small discs between two colors. This technology, despite being over 50 years old, remains largely unchanged. MORE

2. How many countries are there? Does the UN's official list of 195 include them all? MORE

3. Arun used 500 drones for his wedding speech, a highlight of his life. MORE

4. "Fight Inc: Inside the UFC" offers unprecedented access to UFC CEO Dana White and his team, while also delving into the stories of the promotion's biggest stars. MORE

5. The video discusses the reverse engineering of the original Age of Empires game to understand its AI system. MORE

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.