🐝 Hive Five 184 - Achieving Your Childhood Dreams

Hi friends,

Greetings from the hive!

Scrolling through Twitter and Instagram stories this weekend gave me a serious case of FOMO. But, I managed to manifest that energy into inspiration.

DEFCON for me means community. Finally meeting face-to-face after countless hours of online collaboration. There's just something magical about that connection.

I've been incredibly fortunate in my journey to meet some fantastic hackers along the way, and I cheer for every last one of them.

One of the things I love most about the hacker community is how supportive everyone is of each other's growth. Seeing friends smash their goals and level up their skills is genuinely heartwarming.

It reminds me of the importance of surrounding yourself with people who inspire and challenge you.

So, here's a thought for you: How can we bring that DEFCON energy into our daily lives?

Let's take this week by swarm!

🐝 The Bee's Knees

1. A research scientist at Google DeepMind with 20 years of experience uses AI effectively for various tasks, leveraging it as a powerful tool to enhance productivity and problem-solving. MORE

2. Randy Pausch, a Carnegie Mellon professor, gave a moving last lecture on achieving childhood dreams before his passing. His lessons and advice inspired the packed auditorium and the world. MORE

3. In this first session of "Coding with Cursor", Sahil (Gumroad CEO) is joined by Josh, showcasing building a mini-tool in real-time while talking through the entire process of using AI to code. MORE

4. Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server. This research introduces several Httpd architectural debts, including 3 different Confusion Attacks, 9 new vulnerabilities, 20 attack methods, and more than 30 case studies. MORE

5. Listen to the whispers: web timing attacks that actually work. Novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack surface. MORE

Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

📰 Updates

🍯 My work

1. Extracting a Single Page from a PDF on macOS. MORE

2. Streamlining Tweet Creation from Markdown — A Bash Script and Espanso Magic. MORE

3. 🍯 Bee-side 183 - What People Get Wrong About Imposter Syndrome — Remove Stopwords w/ Golang, Retrieve Deleted Tweets, Access Data From Private Repos, AI Winter, and more (PREMIUM). MORE

📅 News

1. httpx now has a dashboard with built-in asset management, available on the ProjectDiscovery Cloud Platform (PDCP). MORE

2. OpenAI now supports structured outputs, allowing developers to specify response formats and schemas. This feature enhances the API's flexibility and integration capabilities. MORE

3. Black Forest Labs offers FLUX.1, a state-of-the-art image generation with prompt following, quality, detail, and diversity. MORE

💼 Work

💰 Career

1. Gumroad seeks a senior software engineer to improve Gumroad by shipping product features, fixing bugs, and removing technical debt. MORE

2. Becoming more visible at work requires making a move, delivering quality work, knowing what's top of mind of key stakeholders, loving to learn, and more. MORE

🚀 Productivity

1. Pie Menu is a MacOS tool that allows you to evolve your workflow with a radial menu customized for your active app. MORE

2. Boost Google Docs productivity with these 10 handy tips, including mastering the "@" command, leveraging pageless mode, and more. MORE

3. The Blank Sheet Method transforms passive reading into active learning by encouraging note-taking without preconceptions. MORE

4. This plugin gives you all the features of a standard doc and sheet tool in Obisidian. You can build a powerful Sheet or Doc within Obsidian. MORE

5. A Software Engineer shares what AI tools they’re currently using, including a couple of Neovim and Raycast extensions. MORE

🌎 Community

🎉 Celebrate

1. sw33tLie, bsysop, and godiego won the Best Report Award for a single bug during a Bugcrowd bug bash that earned them $125k. Amazing! MORE

2. Lupin's week in Vegas was epic! Winning MVH at Google BugSWAT with Rhynorater, Google and H1702 Show 'N Tell, and more. MORE

⚡️ Word on the street

1. STÖK reflects on 10 days in Vegas, meeting inspiring people - from the cyber-curious to OG influencers: "Employers & brands come and go, but the people that do the real work remain the core of it all." MORE

2. This year's DefCon was hands down NahamSec's favorite. MORE

3. Grugq on the hostile hotel room searches in Vegas: "The key takeaway is to think of a hotel room as sort of like email in that it feels private, but it isn't. Don't leave anything in your hotel room that you wouldn't leave with the security services." MORE

4. Albinowax was unable to present in person at Black Hat and DEF CON due to the unexpected early birth of their child. MORE.

5. Rana had some busy months adjusting to life in Qatar. Weekly YouTube videos returning in September. Brand new course coming soon. MORE

🍄 Level up

📰 Read

1. Breaking his hand forced Erik to write all his code with AI for 2 months, and he's never going back. MORE

2. You Can't Spell WebRTC without RCE: Part 1 - Surveying Signal/WebRTC and Injecting Vulnerabilities. MORE

3. Matt used an LLM to generate structured data for a long-running BBC radio series. The "reason" key is essential in the JSON output. MORE

4. Bypassing browser tracking protection for CORS misconfiguration abuse. MORE

5. GitHub Actions exploitation: A new technique leverages the Dependabot GitHub app to compromise some repos, leading to arbitrary code push. MORE

💡 Tips

1. Success comes from learning from failure. This video explores turning setbacks into opportunities through a structured approach, drawing on personal experiences. MORE

2. Christoffer Stjernlöf built a delightfully simple shell script on top of LLM, called q. It allows you to get an answer back straight away in your terminal. Piping works too. MORE

🧠 Wisdom

1. The Ultimate Stress Relief Cheat Sheet. Techniques to lessen pain and quell anxiety. MORE

2. Life is not a race, as a mother reminds her young son Jackson. People are going to different places, just like in life, so there's no need to rush. MORE

3. Becoming oneself is a process of reduction, saying no as the ultimate unlock. MORE

4. An interview with Sadhguru, a renowned yogi and mystic, has influenced millions worldwide through his transformative programs. He is an internationally acclaimed speaker and author of the New York Times bestseller. MORE

📚 Resources

1. Awesome whois resources: Protocol Analysis and Applied Research, Reconnaissance, RDAP, and WHOIS - RFC 3912. MORE

2. A collection of phone numbers OSINT resources. MORE

3. 9 Underrated Books That Will Make You a Smarter Person, including The Denial of death, The Lessons of History, and more. MORE"

4. An introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames. MORE

5. Splitting the email atom: exploiting parsers to bypass access controls. Learn how to turn email parsing discrepancies into access control bypasses and even RCE. MORE

💭 Quote

🛠 Explore

🧰 Tools

1. SanicDNS is a lightning-fast DNS resolution tool that can handle an incredible number of requests per second, provided the right hardware and resolvers are in place. MORE

2. SecretMagpie is a powerful secret detection tool that scans repositories across various platforms, uncovering hidden secrets. MORE.

3. JavaScript AST analysis tool to quickly identify dangerous code and patterns, enabling better code evolution and security research. MORE

4. SSHamble simulates potential attack scenarios, including unauthorized remote access due to unexpected state transitions, remote command execution in post-session login implementations, and more. MORE

5. Certainly is an offensive security toolkit to capture large amounts of traffic in various network protocols in bitflip and typosquat scenarios. MORE

🎥 Watch

1. In May 2024, Google accidentally deleted the private cloud of a multi-billion dollar fund in Australia, causing an unprecedented outage. MORE

2. Aerospace is a tiling window manager for macOS that has been a breath of fresh air for the author, who has previously struggled with Yabai and Amethyst. Here's a complete guide on how to use it. MORE.

3. Expert OSINT Tools: Free, Powerful Bookmarklets for Digital Investigators. They allow you to quickly extract User IDs, access full-size profile images, locate hidden JSON data, and so much more. MORE

4. Packy McCormick, an influential tech voice, explains how AI aids his writing and investing. MORE.

5. MailMate is a powerful email client for macOS, boasting a wealth of features and customization options. This video provides you with everything you need to know. MORE

🎵 Listen

1. Opt Out Podcast is a platform where passionate individuals discuss the importance of privacy, share their tools and techniques, and inspire others to prioritize personal privacy and data sovereignty. MORE

2. Programmatic SEO Projects With Josh Pigford. The strategy, the technical approach, and exactly what (and how) he built some of his AI-generated content marketing strategies for his projects. MORE

🌐 Technology

1. Apple Intelligence Foundation Language Models research paper — a ∼3 billion parameter model designed to run efficiently on devices and a large server-based language model designed for Private Cloud Compute. MORE

2. Dave has become obsessed with the cost of fueling their body during working hours, estimating the monthly expense at around $359.26/month. MORE

3. Real-time face swap and one-click video deepfake with only a single image. MORE

4. Enhance your image quality online for free with our advanced AI technology. Enlarge your images up to 10x and 12K for significant clarity improvement. MORE

5. Find out why they call Ember.js the "the Rails of JavaScript". Learn what it is and how you can use it in your web projects. MORE

🤔 Interesting

1. Tired of screen-sharing limitations, the author has created a 1-FPS encrypted screen-sharing solution for introverts, eliminating the need for paid subscriptions and audio. MORE

2. The original meaning of 'prestigious' was not positive, but referred to deception or illusion. MORE

3. Tragic loss at CrossFit games, a young man's life was claimed due to negligence. A GoFundMe has been created to honor Lazar Dukic's memory. MORE

4. The 400m sprint is considered the most painful track & field event as it pushes the body's energy production to the limit. No person can run the 400m all-out from start to finish, with different energy systems engaged at various MORE.

5. Friends often return from trips gushing about the joy of walking everywhere. To shift to walking, we must prioritize dignity by designing walkable communities where people can easily access their daily needs. MORE

Until next week, take care of yourself and each other,

Bee 🐝

P.S. Enjoy the newsletter? Please forward it to a friend. It only takes 16 seconds. Making this one took 16 hours.

_{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}