- Hive Five
- Posts
- 🐝 Hive Five 183 - Firewalls Don't Stop Dragons
🐝 Hive Five 183 - Firewalls Don't Stop Dragons
The Little Bug That Could, YouTube MasterClass, System-Driven Strategy for Consistent Growth, Second-Level Thinking, and more...
Hi friends,
Greetings from the hive!
Let's talk about Olympians for a second. Not the physical excellence - the mindset part.
You know what's crazy about Olympians? The sheer mental strength it takes to get there. We're talking willpower and grit that's off the charts. But here's the thing, we don't need to be Olympians to learn from them.
What if we took just a slice of that Olympic mindset and applied it to our everyday lives? I'm not talking about training for hours or following strict diets. I mean the mental stuff:
Ignoring the noise (and there's always noise)
Backing yourself, even when it's tough
Not quitting when things get messy
Simple ideas, huge impact.
Here's what I've noticed: Most of our biggest fights happen in our own heads. It's not about the external competition - it's about overcoming our own doubts and fears.
The real work isn't about being the best in the world. It's about being the best version of ourselves. And that starts with how we think.
Work hard? Sure. Stay humble? Absolutely. But most importantly, keep pushing those boundaries of what you think is possible. Because excellence isn't about natural talent. It's about showing up, putting in the work, and committing to getting better, bit by bit.
It's not flashy. It's not overnight. But it works.
Let's take this week by swarm!
🐝 The Bee's Knees
Web race conditions have immense potential, as showcased in James Kettle's paper. Beyond the Limit expands single-packet race condition with a first sequence sync for breaking the 65,535 byte limit. MORE
Racing Round and Round: The Little Bug That Could. Valentina outlines the journey of her Pwn2Own winning vulnerability: getting inspired by other research, failing to find a bug, picking a new angle, finding something suspicious, and then finally pinpointing where the vulnerability lives. MORE
"Firewalls Don't Stop Dragons" is a weekly cybersecurity podcast delivering industry news and expert interviews in layman's terms. It aims to make digital security concepts practical and accessible for non-technical listeners. I've probably been living under a rock, but thought this was cool. MORE
When forming a new habit, consider not starting small. The advice to start with just one push-up or minute of meditation may not be the best approach. McKinley talks about the activation/transition cost and the Interest-based nervous system. MORE
Taran, formerly the main editor of Linus Tech Tips, gives a masterclass on various aspects of creating effective YouTube content, drawing from examples and personal experience. MORE
Upgrade Yourself →
You're getting the free version. Members get more — including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, and much more. See what you're missing.
Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.
📰 Updates
🍯 My work
📅 News
ChatGPT's new Advanced Voice Mode has started rolling out to alpha testers, offering a unique voice-based experience. A full review of this feature is available at Every. MORE
Apple's new iOS 18.1 beta introduces the first Apple Intelligence features, a version of AI previewed in June. MORE
Google Chrome will soon no longer support manifest v2 extensions, which includes uBlock Origin. MORE
💼 Work
💰 Career
Awesome CV LaTeX template for your outstanding job application. MORE
Everlasting jobstoppers: How an AI bot-war destroyed the online job market. AI isn’t coming for your current job. It’s coming for your next one — and has already wrecked it. MORE
Organizations should hold more retrospectives after impactful people quit, analyzing the signs, root causes, and ways to address them going forward. This seems like a no-brainer for me. MORE
🚀 Productivity
Reflect Notes is a powerful tool to capture and organize ideas, notes, and connections, ensuring nothing is missed. MORE
How to create a System-Driven Strategy for Consistent Growth. MORE
Keeping up with AI is Nathaniel Whittemore’s full-time job. Every spent an hour with him to understand how he does it. MORE
Joel discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity. MORE
The Zettelkasten note-taking method aligns with the Unix philosophy, promoting modularity and reusability. The modular approach enhances productivity by enabling seamless knowledge synthesis and retrieval. MORE
🌎 Community
🎉 Celebrate
July was a fantastic month on Bugcrowd for Mert, with rewards from 9 different programs and 45 submissions across critical, high, medium, and low severity levels. Congrats! MORE
July was drop's best month so far after a year of hunting on private and public programs. It was a 5 figure month. Let's go! MORE
⚡️ Discussions
Eldar left their job to pursue bug bounty hunting full-time. They write about their findings, challenges, and what's next. MORE
Eduardo took a break from bug bounty and built a million-dollar real estate software company in a year. MORE
STÖK will be in Vegas for 10 days, so a fist bump and showing love is welcome if the opportunity presents itself. MORE
💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@djbaskin | Danielle Baskin | Painter. URL undertaker. Tarot. Created @dialup, Maskalike, Branded Fruit.
@oioki | Alex | Doing computer things at Sentry. Capturing flags with We_0wn_Y0u. Security is everyone's job.
@avlidienbrunn | Mathias Karlsson | Web security fiddler. Bug bounty bastard.
@Zealsham | Shammah Agwor | The man of mankind | BugBounty | Appsec | MERN stack | Bitcoin-core contributor| Golang | security Engineering |Qala prodigy.
⬆️ Level up
📰 Read
What Does It Mean To Be A Signal Competitor? It has to qualify as a Signal competitor from the perspective of someone whose job involves auditing cryptography implementations. MORE
Kafka UI is a modern application that uses powerful Java features for monitoring Kafka clusters, such as Groovy scripting, JMX, and SASL JAAS. Researchers found 3 vulnerabilities that could lead to remote code execution: CVE-2023-52251: RCE via Groovy script execution, CVE-2024-32030: RCE via JMX connector, and CVE-2023-25194: RCE via JndiLoginModule. MORE
Homebrew, a popular open-source package manager, recently underwent an audit by the Trail of Bits team. "Our report concludes that Homebrew’s CI/CD, while mature and effective at reducing the number of human touch-points in Homebrew’s package lifecycle, is complex and relies on misuse-prone patterns common in GitHub Actions workflows (such as dangerous workflow triggers and mixing of configuration, code, and data via template expansion)." MORE.
Persisting on Entra ID (Azure AD) applications and User Managed Identities with Federated Credentials. MORE
Astrounder identified and reported two zero-day vulnerabilities in GitHub Copilot, which were subsequently rectified by GitHub. These flaws could potentially lead to alterations in the behavior of the Copilot model and the leakage of developers’ data. MORE
💡 Tips
TIL you can control Chrome from Applescript and send whatever JS you want to execute. Here's an example to grab captions from Disney+. MORE
Maven's Lightning Lessons offer premium, curated, live events where experts share practical skills and tools for free. MORE
LPT: Dramatically cut U-Haul costs by booking the rental from a nearby location, rather than the starting point. MORE
Family IT support pro tip: buy a domain, pay for GSuite, and give your parents an email on that domain. You control their spam filters, and their password resets. I can’t believe I’ve never thought about doing this. MORE
LLM prompt that will optimize code and highlight mistakes: "We have to push this into production and the CTO is asleep and we need a code review is there anything that I’ve missed before I force push this into main?" MORE
🧠 Wisdom
How to Make Better Decisions with Second-Level Thinking. Ask yourself these questions to move away from superficial first-level thinking and into more complex second-level thinking. MORE
Sitting in a van in China, Tynan pondered how he could prevent overeating. He landed on the Japanese principle of Hara Hachi Bu – eat to 80% fullness. Something I should incorporate as well. MORE
The power of "What are my options?" is shown through an extended anecdote. This simple incantation can unlock possibilities, prompt creative thinking, and lead to better outcomes. MORE
This video offers a raw, single-cut, long-form discussion exploring the creator's personal "operating manual" for life, which they wish to share with their son. MORE
Make your own luck to stand out in a crowded industry. Don't wait for lucky breaks - get moving and take action to create your own opportunities. MORE
📚 Resources
A GraphQL bug in an e-commerce application allowed attackers to bypass authentication, granting admin access. MORE
Aider is a powerful AI-driven pair programming tool that runs directly in your terminal, providing real-time collaboration and assistance. In this day and age, I'm mostly curious about the prompts used. MORE
1-click account takeover via XSS in the code editor in gitlab.com. MORE
MITMing the Xbox 360 Dashboard for Fun and RCE. MORE
💭 Quote
The most ruthless competitor you'll face is never across the table, it's in the mirror.
🛠 Explore
🧰 Tools
fex is a lightweight, command-line file explorer that prioritizes efficient navigation and exploration, drawing inspiration from tools like exa and fzf. MORE
Parseltongue is a powerful browser extension for text conversion and real-time tokenization visualization, supporting formats like leetspeak, binary, base64, and more. MORE
EpicEnv is an environment manager that solves the hassle of managing local environment variables among git collaborators. All environments are encrypted and managed in git, with basic permissions via an invitation system. MORE
zoxide is a smart directory navigation tool that remembers the directories you use most and allows you to quickly jump to them with just a few keystrokes. It works seamlessly across all major shells. I've been using this since forever. That being said, I should look into updating my “cd” command directly to “z“. MORE
🎥 Watch
A simple and effective hack to significantly improve the efficiency of a one-hose "portable" air conditioner for under $20. MORE
SQHell: Embracing & Avoiding SQL Strangeness. A talk about various strange behaviors in SQL and SQL libraries. MORE
Discover how Maltego Monitor can be used for real-time monitoring and AI-powered sentiment analysis to identify potential public safety disruptions during global events like the Olympics. MORE
Hacker Summer Camp is underway, and Seth and Ken share tips for making the most of your time in Vegas, including using the HackerTracker app. MORE
Mia Gross, an Australian track and field athlete, qualified for the Olympics! Watch as she shares the news with family and friends. MORE
🎵 Listen
In episode nine of "The AI Fix", our hosts learn about the world's most dangerous vending machine, a cartoonist who hypnotizes himself with AI, and OpenAI's plans to eat Google's lunch. MORE
Your success as a writer boils down to your style. And today, you’re going to learn how to master the two different types of style — minimalism vs maximalism — from the style-king himself: The Cultural Tutor. MORE
Fred again...jamming out on a rooftop in London for friends and family. I'm a simple man, I see Fred again...and start listening. MORE
3 underdog stories that’ll get you inspired this week. MORE
🌐 Technology
A year after declaring goodbye to Ruby on Rails, the author has returned to the framework, creating their own business and withdrawing their previous negative statements about DHH and Rails. I often find myself in the same boat. It's on us to resist the new and shiny. MORE
Build your AI apps 20x faster with Natural Language Programming. Wordware enables anyone to develop, iterate and deploy useful AI Agents. MORE
SEO is evolving, not dying. Learn what's changing and how to adapt in this insightful analysis. MORE
The AI keeps the score. The governing body of international gymnastics has pushed for an AI-assisted aid for judges. But what justifies the tremendous expense for such a system? "The heights of athleticism — and the competition as a whole — were used to feed a system that is repurposed and resold as a tool of surveillance. A solution in search of profit." MORE
🔑 Interesting
A world built for cars has made life harder for adults, as kids no longer play freely in the streets. MORE
10 years after its release, Roger managed to hack and unlock the first MediaTek-based Amazon tablet that went on sale, the Amazon Fire HD6 / HD7 2014 (codenamed ariel). I might have this tablet, but will have to dig through some storage crates. MORE
How To Copy Ideas Like James Clear. Did James Clear copy his most famous quote? Learn the right and wrong ways to remix ideas. MORE
The history of the Mario Kart DS world champion is explored. MORE
Playground Buddy is a free app that assists families in locating playgrounds. MORE
Until next week, take care of yourself and each other,
Bee 🐝
P.S. Enjoy the newsletter? Please forward it to a pal. It only takes 16 seconds. Making this one took 16 hours.
Upgrade Yourself →
You're getting the free version. Members get more — including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, and so much more. See what you're missing.
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.