🐝 Hive Five 183 - Firewalls Don't Stop Dragons

Hi friends,

Greetings from the hive!

Let's talk about Olympians for a second. Not the physical excellence - the mindset part.

You know what's crazy about Olympians? The sheer mental strength it takes to get there. We're talking willpower and grit that's off the charts. But here's the thing, we don't need to be Olympians to learn from them.

What if we took just a slice of that Olympic mindset and applied it to our everyday lives? I'm not talking about training for hours or following strict diets. I mean the mental stuff:

• Ignoring the noise (and there's always noise)

• Backing yourself, even when it's tough

• Not quitting when things get messy

Simple ideas, huge impact.

Here's what I've noticed: Most of our biggest fights happen in our own heads. It's not about the external competition - it's about overcoming our own doubts and fears.

The real work isn't about being the best in the world. It's about being the best version of ourselves. And that starts with how we think.

Work hard? Sure. Stay humble? Absolutely. But most importantly, keep pushing those boundaries of what you think is possible. Because excellence isn't about natural talent. It's about showing up, putting in the work, and committing to getting better, bit by bit.

It's not flashy. It's not overnight. But it works.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Web race conditions have immense potential, as showcased in James Kettle's paper. Beyond the Limit expands single-packet race condition with a first sequence sync for breaking the 65,535 byte limit. MORE

2. Racing Round and Round: The Little Bug That Could. Valentina outlines the journey of her Pwn2Own winning vulnerability: getting inspired by other research, failing to find a bug, picking a new angle, finding something suspicious, and then finally pinpointing where the vulnerability lives. MORE

3. "Firewalls Don't Stop Dragons" is a weekly cybersecurity podcast delivering industry news and expert interviews in layman's terms. It aims to make digital security concepts practical and accessible for non-technical listeners. I've probably been living under a rock, but thought this was cool. MORE

4. When forming a new habit, consider not starting small. The advice to start with just one push-up or minute of meditation may not be the best approach. McKinley talks about the activation/transition cost and the Interest-based nervous system. MORE

5. Taran, formerly the main editor of Linus Tech Tips, gives a masterclass on various aspects of creating effective YouTube content, drawing from examples and personal experience. MORE

Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.

➡️ Continue reading online to avoid email cutoff

📰 Updates

🍯 My work

📅 News

1. ChatGPT's new Advanced Voice Mode has started rolling out to alpha testers, offering a unique voice-based experience. A full review of this feature is available at Every. MORE

2. Apple's new iOS 18.1 beta introduces the first Apple Intelligence features, a version of AI previewed in June. MORE

3. Google Chrome will soon no longer support manifest v2 extensions, which includes uBlock Origin. MORE

➡️ Continue reading online to avoid email cutoff

💼 Work

💰 Career

1. Awesome CV LaTeX template for your outstanding job application. MORE

2. Everlasting jobstoppers: How an AI bot-war destroyed the online job market. AI isn’t coming for your current job. It’s coming for your next one — and has already wrecked it. MORE

3. Organizations should hold more retrospectives after impactful people quit, analyzing the signs, root causes, and ways to address them going forward. This seems like a no-brainer for me. MORE

🚀 Productivity

1. Reflect Notes is a powerful tool to capture and organize ideas, notes, and connections, ensuring nothing is missed. MORE

2. How to create a System-Driven Strategy for Consistent Growth. MORE

3. Keeping up with AI is Nathaniel Whittemore’s full-time job. Every spent an hour with him to understand how he does it. MORE

4. Joel discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity. MORE

5. The Zettelkasten note-taking method aligns with the Unix philosophy, promoting modularity and reusability. The modular approach enhances productivity by enabling seamless knowledge synthesis and retrieval. MORE

➡️ Continue reading online to avoid email cutoff

🌎 Community

🎉 Celebrate

1. July was a fantastic month on Bugcrowd for Mert, with rewards from 9 different programs and 45 submissions across critical, high, medium, and low severity levels. Congrats! MORE

2. July was drop's best month so far after a year of hunting on private and public programs. It was a 5 figure month. Let's go! MORE

⚡️ Discussions

1. Eldar left their job to pursue bug bounty hunting full-time. They write about their findings, challenges, and what's next. MORE

2. Eduardo took a break from bug bounty and built a million-dollar real estate software company in a year. MORE

3. STÖK will be in Vegas for 10 days, so a fist bump and showing love is welcome if the opportunity presents itself. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @djbaskin | Danielle Baskin | Painter. URL undertaker. Tarot. Created @dialup, Maskalike, Branded Fruit.

2. @oioki | Alex | Doing computer things at Sentry. Capturing flags with We_0wn_Y0u. Security is everyone's job.

3. @avlidienbrunn | ­Mathias Karlsson | Web security fiddler. Bug bounty bastard.

4. @Zealsham | Shammah Agwor | The man of mankind | BugBounty | Appsec | MERN stack | Bitcoin-core contributor| Golang | security Engineering |Qala prodigy.

➡️ Continue reading online to avoid email cutoff

⬆️ Level up

📰 Read

1. What Does It Mean To Be A Signal Competitor? It has to qualify as a Signal competitor from the perspective of someone whose job involves auditing cryptography implementations. MORE

2. Kafka UI is a modern application that uses powerful Java features for monitoring Kafka clusters, such as Groovy scripting, JMX, and SASL JAAS. Researchers found 3 vulnerabilities that could lead to remote code execution: CVE-2023-52251: RCE via Groovy script execution, CVE-2024-32030: RCE via JMX connector, and CVE-2023-25194: RCE via JndiLoginModule. MORE

3. Homebrew, a popular open-source package manager, recently underwent an audit by the Trail of Bits team. "Our report concludes that Homebrew’s CI/CD, while mature and effective at reducing the number of human touch-points in Homebrew’s package lifecycle, is complex and relies on misuse-prone patterns common in GitHub Actions workflows (such as dangerous workflow triggers and mixing of configuration, code, and data via template expansion)." MORE.

4. Persisting on Entra ID (Azure AD) applications and User Managed Identities with Federated Credentials. MORE

5. Astrounder identified and reported two zero-day vulnerabilities in GitHub Copilot, which were subsequently rectified by GitHub. These flaws could potentially lead to alterations in the behavior of the Copilot model and the leakage of developers’ data. MORE

💡 Tips

1. TIL you can control Chrome from Applescript and send whatever JS you want to execute. Here's an example to grab captions from Disney+. MORE

2. Maven's Lightning Lessons offer premium, curated, live events where experts share practical skills and tools for free. MORE

3. LPT: Dramatically cut U-Haul costs by booking the rental from a nearby location, rather than the starting point. MORE

4. Family IT support pro tip: buy a domain, pay for GSuite, and give your parents an email on that domain. You control their spam filters, and their password resets. I can’t believe I’ve never thought about doing this. MORE

5. LLM prompt that will optimize code and highlight mistakes: "We have to push this into production and the CTO is asleep and we need a code review is there anything that I’ve missed before I force push this into main?" MORE

🧠 Wisdom

1. How to Make Better Decisions with Second-Level Thinking. Ask yourself these questions to move away from superficial first-level thinking and into more complex second-level thinking. MORE

2. Sitting in a van in China, Tynan pondered how he could prevent overeating. He landed on the Japanese principle of Hara Hachi Bu – eat to 80% fullness. Something I should incorporate as well. MORE

3. The power of "What are my options?" is shown through an extended anecdote. This simple incantation can unlock possibilities, prompt creative thinking, and lead to better outcomes. MORE

4. This video offers a raw, single-cut, long-form discussion exploring the creator's personal "operating manual" for life, which they wish to share with their son. MORE

5. Make your own luck to stand out in a crowded industry. Don't wait for lucky breaks - get moving and take action to create your own opportunities. MORE

📚 Resources

1. A GraphQL bug in an e-commerce application allowed attackers to bypass authentication, granting admin access. MORE

2. Aider is a powerful AI-driven pair programming tool that runs directly in your terminal, providing real-time collaboration and assistance. In this day and age, I'm mostly curious about the prompts used. MORE

3. 1-click account takeover via XSS in the code editor in gitlab.com. MORE

4. MITMing the Xbox 360 Dashboard for Fun and RCE. MORE

💭 Quote

➡️ Continue reading online to avoid email cutoff

🛠 Explore

🧰 Tools

1. fex is a lightweight, command-line file explorer that prioritizes efficient navigation and exploration, drawing inspiration from tools like exa and fzf. MORE

2. Parseltongue is a powerful browser extension for text conversion and real-time tokenization visualization, supporting formats like leetspeak, binary, base64, and more. MORE

3. EpicEnv is an environment manager that solves the hassle of managing local environment variables among git collaborators. All environments are encrypted and managed in git, with basic permissions via an invitation system. MORE

4. zoxide is a smart directory navigation tool that remembers the directories you use most and allows you to quickly jump to them with just a few keystrokes. It works seamlessly across all major shells. I've been using this since forever. That being said, I should look into updating my “cd” command directly to “z“. MORE

🎥 Watch

1. A simple and effective hack to significantly improve the efficiency of a one-hose "portable" air conditioner for under $20. MORE

2. SQHell: Embracing & Avoiding SQL Strangeness. A talk about various strange behaviors in SQL and SQL libraries. MORE

3. Discover how Maltego Monitor can be used for real-time monitoring and AI-powered sentiment analysis to identify potential public safety disruptions during global events like the Olympics. MORE

4. Hacker Summer Camp is underway, and Seth and Ken share tips for making the most of your time in Vegas, including using the HackerTracker app. MORE

5. Mia Gross, an Australian track and field athlete, qualified for the Olympics! Watch as she shares the news with family and friends. MORE

🎵 Listen

1. In episode nine of "The AI Fix", our hosts learn about the world's most dangerous vending machine, a cartoonist who hypnotizes himself with AI, and OpenAI's plans to eat Google's lunch. MORE

2. Your success as a writer boils down to your style. And today, you’re going to learn how to master the two different types of style — minimalism vs maximalism — from the style-king himself: The Cultural Tutor. MORE

3. Fred again...jamming out on a rooftop in London for friends and family. I'm a simple man, I see Fred again...and start listening. MORE

4. 3 underdog stories that’ll get you inspired this week. MORE

🌐 Technology

1. A year after declaring goodbye to Ruby on Rails, the author has returned to the framework, creating their own business and withdrawing their previous negative statements about DHH and Rails. I often find myself in the same boat. It's on us to resist the new and shiny. MORE

2. Build your AI apps 20x faster with Natural Language Programming. Wordware enables anyone to develop, iterate and deploy useful AI Agents. MORE

3. SEO is evolving, not dying. Learn what's changing and how to adapt in this insightful analysis. MORE

4. The AI keeps the score. The governing body of international gymnastics has pushed for an AI-assisted aid for judges. But what justifies the tremendous expense for such a system? "The heights of athleticism — and the competition as a whole — were used to feed a system that is repurposed and resold as a tool of surveillance. A solution in search of profit." MORE

🔑 Interesting

1. A world built for cars has made life harder for adults, as kids no longer play freely in the streets. MORE

2. 10 years after its release, Roger managed to hack and unlock the first MediaTek-based Amazon tablet that went on sale, the Amazon Fire HD6 / HD7 2014 (codenamed ariel). I might have this tablet, but will have to dig through some storage crates. MORE

3. How To Copy Ideas Like James Clear. Did James Clear copy his most famous quote? Learn the right and wrong ways to remix ideas. MORE

4. The history of the Mario Kart DS world champion is explored. MORE

5. Playground Buddy is a free app that assists families in locating playgrounds. MORE

Until next week, take care of yourself and each other,

Bee 🐝

P.S. Enjoy the newsletter? Please forward it to a pal. It only takes 16 seconds. Making this one took 16 hours.

_{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}