🐝 Hive Five 181 - What the Dying Teach the Living

Hi friends,

Greetings from the hive!

I'm excited about several new projects I'm working on, one of which is an Obsidian blog series. I've been using it since its inception and look forward to sharing what I've learned.

But here's the rub: I'm allergic to the last 10%. You know, the tedious stuff - posting, sharing, crafting the perfect hashtag that makes Gary Vee weep with envy.

Now, I'm exploring whether AI is the medicine.

But enough about me. What have you been up to? Are you building, learning, or just going with the flow?

Let's take this week by swarm!

🐝 The Bee's Knees

1. Lessons learned in 35 years of making software. It’s more about soft skills than technical skills. MORE

2. One of the most innovative tools I've seen: Lemma — a Python-based AWS Lambda package and client designed to execute packaged command-line tools in a scalable, remote environment on AWS Lambda. MORE

3. Unveiling TE.0 HTTP Request Smuggling: Discovering a Critical Vulnerability in Thousands of Google Cloud Websites. MORE

4. Gooby, a former neurosurgeon with 20 years of training and experience, left his career due to dissatisfaction and ethical concerns about the effectiveness of his work. He discovered that lifestyle factors like diet, exercise, and stress management were more crucial for patients' recovery than surgeries. MORE

5. Panic! at the SWE Job Market: "When did developers stop being part of the actual product creation process and instead just become project management task workers?" MORE

Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, and read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.

📰 Updates

🍯 My work

✅ Changelog

1. GAP-Burp-Extension v5.4 is a powerful Burp Suite extension that helps you find potential endpoints, parameters, and generate a custom target wordlist. MORE

2. xnLinkFinder v6.4 is a powerful Python tool that discovers endpoints, potential parameters, and generates a target-specific wordlist to aid in your security assessment. MORE

3. XnlReveal v3.7 is a powerful Chrome/Firefox browser extension that enhances web security by providing various utilities, including detecting reflected query params, accessing Wayback Machine archives, and interacting with hidden or disabled elements. MORE

4. Retire.js 4.4.3 scanner is detecting the use of JavaScript libraries with known vulnerabilities. It can also generate an SBOM of the libraries it finds. MORE.

5. Pro users of Caido can now access nightly builds to test new features early. MORE

➡️ Continue reading online to avoid email cutoff

💼 Work

🚀 Productivity

1. Slimzsh is a compact and practical configuration for ZSH, the powerful shell. It effortlessly integrates with fasd, a tool that enhances your workflow. MORE

2. 7 actionable tips to end your phone addiction. Including using apps to block other apps, setting automatic focus modes, and replying to messages from a computer instead of the phone. MORE

3. In this video, you'll learn how to use and customize the Epic Wheel of Life Audit template in Obsidian to get a more holistic view of your life. MORE

4. Danny shares why Morgen, an impressive calendar tool, has been an integral part of his workflow for the past 3 years. MORE

5. Configure Neovim for Golang development and set up an LSP, Debugger, and other plugins to write Golang code effectively. MORE

➡️ Continue reading online to avoid email cutoff

🌎 Community

🎉 Celebrate

1. John Hammond discussed CrowdStrike's activities on CNN! MORE

2. Blaklis was awarded a $10,000 bounty on HackerOne for finding two different bugs, worth $6000 and $4000 respectively. Bringing him closer to his goals! MORE

3. Pwnii and Brumens received a €50k reward for finding a bug in a public program. Encourage others to hunt for bugs in public programs as well. MORE

4. Cyber Kitten is leaving Bugcrowd to start a new director-level role. Congrats! MORE

5. Mert is on a 2-month streak, discovering 25 critical/high-level vulnerabilities across 11 different programs in June. Impressive work! MORE

⚡️ Stories

1. Alternatives to Sticker Mule. MORE

2. Kimberly fondly remembers Kevin Mitnick, a year after his passing. Kevin's story and work inspired many to pursue the field, a testament to his lasting impact. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @tywilson21 | Tyrone E. Wilson | GirlDad. Cover6Solutions & DCCyberWarriors.

2. @binaryz0ne | Ali Hadi | B!n@ry | DFIR and Adversary Simulation | dfir @ protonmail.

3. @adrianhetman | Adrian Hetman | Teaching and tweeting about Web3 and Web3 Security | Tech Lead of the Triaging team immunefi.

4. @RayRedacted | Ray [REDACTED] | •He/him • Assoc Producer Emeritus: DarknetDiaries Cybersecurity Researcher.

5. @eboda_ | eboda.

➡️ Continue reading online to avoid email cutoff

⬆️ Level up

📰 Read

1. The Wild West of Proof of Concept Exploit Code (PoC). An analysis of CVE-2024-6387 by the Qualys TRU. MORE

2. AgentPoison: Red-teaming LLM Agents via Poisoning Memory or Knowledge Bases. MORE

3. WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive CVE-2024-4885. MORE.

4. Writing doesn't just refine your thinking, it can actually help you think in the first place. MORE

5. Encoding Differentials: Why Charset Matters. The absence of charset information can lead to severe XSS vulnerabilities when attackers are able to change the character set that the browser assumes. MORE

💡 Tips

1. Cassidoo's Cleaning Tip: Don't leave the room while cleaning. Put items that don't belong at the door, and focus on finishing the task at hand to avoid distractions. MORE

2. NoSQL injection can be detected by testing for parameters like $lookup, $unionWith, and $match in your wordlist. This research, credited to irsdl, can help identify potential vulnerabilities. MORE

🧠 Wisdom

1. Embrace action over perfection. Start small, overcome uncertainty, and create more. MORE

2. The AI Engineer in a nutshell, know how to: 1) program well and 2) use LLMs efficiently. MORE

3. Peter Thiel on Pessimism: "If you think you're going to win, it doesn't mean you're going to win. If you think you're going to lose, you will lose." MORE

4. Tracking your work in a journal helps you regain focus and clarity when tackling complex problems, like fixing deployment pipeline permissions. MORE

📚 Resources

1. Substrate is a crowdsourced project designed to enhance understanding, communication, and action in order to move humanity forward. MORE

2. The-OSINT-Toolbox by cqcore — discover links to useful, OSINT, Privacy & OPSEC resources, tradecraft, tools, techniques & tactics. MORE

3. Crafting an engaging bug bounty brief is crucial for success, as it attracts top talent and drives meaningful results. MORE

4. The Co-Founder of MorningBrew shares his 6-step process to build a successful newsletter business from scratch. MORE

5. Ask HN: What is the best way to author blogs in 2024? Consensus seems to be static site generators and a (free) hosting provider such as Netlify or Cloudflare Pages. MORE

💭 Quote

➡️ Continue reading online to avoid email cutoff

🛠 Explore

🧰 Tools

1. APKscan is a tool that scans decompiled and deobfuscated Android files for sensitive data, helping to prevent security leaks. MORE

2. This project is a CLI tool for testing various types of captchas including puzzle, text, complicated text, and reCAPTCHA using Python and Selenium. The tool also uses OpenAI GPT-4 to help solve the captchas. MORE

3. Gigaproxy, unlike the single-host limitation of fireprox, allows you to target multiple hosts at once. MORE.

4. Graphpython is a powerful Python tool for enumerating and exploiting the Microsoft Graph API across platforms. MORE

5. The reverse shell is a staple technique in the offensive security industry. In this article, Daniel proposes a new tool "oneshell" to solve some of the problems with existing tooling. MORE

🎥 Watch

1. What could you create if you had 30 minutes to plan and 4 hours to build? Lindsay Wardell, Dev Agrawal, Ben Hong, and Jason Lengstorf took on the Web Dev Challenge to find out. creation

2. The Paris Games face deepfakes and misinformation threats. Cybersecurity experts warn about fake documentaries and the growing use of deepfakes to disrupt the world's biggest sporting event. MORE

3. Reverse engineering the AI of the classic Age of Empires game. MORE

4. Harry is a master copywriter — and that’s not hyperbole. With Marketing Examples, he’s taught over 100,000 people how to write copy that rips. Learn how to copy that. MORE

5. Death’s Honesty. In one of Long Now’s most moving talks, Ostaseski began: "I’m not romantic about dying. This is the hardest work you will ever do. It is tough. It’s sad and it’s messy and it’s cruel and it’s beautiful sometimes and mysterious, but above all that, it’s normal. It’s a boat we’re all in. It’s inevitable and intimate." MORE

🎵 Listen

1. In a puzzling incident, the founder of Canada's largest Bitcoin exchange, Gerald Cotten, died under mysterious circumstances during a trip to India, sparking allegations of an exit scam. MORE

2. Explore Scott Galloway's journey to $100M on Hampton's MoneyWise podcast with Sam Parr. Learn about financial sacrifice, entrepreneurship, diversification, and giving back from this serial entrepreneur and professor. MORE

3. Swyx's Fave Podcasts of 2024 - The Big Reset. MORE

4. Justin and Sina Kheirkhah talk about the start of Shina's hacking journey and explore the differences between the Pwn2Own and HackerOne Events. MORE

5. David & Mike revisit the topic of moving the needle to discuss what's working and what's changed. MORE

🌐 Technology

1. Get a 1Password team account for free to support your open-source initiatives. MORE

2. AI-powered tools face distinct UX challenges across generative tools, copilots, agents, and chat interfaces. These challenges range from reliability and workflow integration to user control, process visibility, and accessibility for non-expert users. MORE

3. Starting a home lab for DevOps doesn't require an expensive setup. You can do it for $0 by using free tools and repurposing old hardware. MORE

4. AI Tooling for Software Engineers in 2024: Reality Check (Part 1). How do software engineers utilize GenAI tools in their software development workflow? more

5. Embedding Neovim HTML within Obsidian allows for seamless integration of text editing and note-taking, empowering users to harness the power of Neovim in their daily workflow. MORE

🔑 Interesting

1. A day in the gym with Action Bronson and Joe Rogan. Joe shares his workout routine, focusing on kettlebells and windmills. MORE

2. 12-Minute Foundation Training is a simple solution that gives you the means to change the way you move and correct the imbalances caused by our modern habits. MORE

3. Feedback on creative work often focuses on minor, unimportant details, rather than the bigger picture, hampering the creative process. MORE

4. Dead simple, drag & drop websites for anything. Websites don’t have to be so cookie-cutter. MORE

Until next week, take care of yourself and each other,

Bee 🐝

P.S. Enjoy the newsletter? Please forward it to a pal. It only takes 16 seconds. Making this one took 16 hours.