- Hive Five
- Posts
- π Hive Five 186 - Calling All Hackers
π Hive Five 186 - Calling All Hackers
Phrack is Back, Monke's Guide to Bug Bounty Methodology, The Red Team Dream, AI-powered Git Commits, and more...
Hi friends,
Greetings from the hive!
Apologies for the delay in getting the newsletter out this morning, the entire family has been sick. Iβll start this one off with the following:
"They say that 'hacker' is a dying identity. [β¦]
I disagree. As long as the hacker ethos is alive, regardless of any particular scene, the identity will always exist. However, now is a crucible moment as a diaspora of hackers, young and old, venture out into the world.
Calling all hackers: never forget who you are, who you will become, and the mark you leave."
Let's take this week by swarm!
π The Bee's Knees
Phrack, the legendary hacker publication, has returned after a 3-year hiatus, breaking the spell. MORE
Monke's Guide to Bug Bounty Methodology shows that effective bug bounty hunting involves more than just running tools β it's a holistic approach encompassing tools, mindset, experience, and collaboration. MORE
Palmer Luckey's journey: from selling Oculus to Facebook for $2.7B, to founding a defense tech startup Anduril now valued at $14B, with failed ventures in between, exemplifying the highs and lows of his goal to forge a new America. MORE
Pieter Levels, a Dutch self-taught developer and digital nomad, has launched over 40 startups, several of which have achieved significant success. His approach emphasizes rapid shipping, iterative development, and strategic use of AI and automation. MORE
Hacking as a pathway to building better Products: "Hacking requires peeling back layers and understanding a little more about the foundations than even the developers or designers. This cross-stack knowledge is a treasure trove for building better products." MORE
Upgrade Yourself β
You're getting the free version. Members get more β including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, and so much more. See what you're missing.
Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.
Table of Contents
π° Updates
π― My work
β Changelog
πΌ Work
π° Career
Becoming competitive at a new job involves strategic approaches, but individualization and context are paramount. "do the job, do it well, do it fast, do it a lot and with heart, make real relationships." MORE
As one advances towards leadership in the tech career, the focus shifts from technical to enabling leaders and team members to solve problems. MORE
Life at SpecterOps: The Red Team Dream. They offer unique opportunities for personal growth and development, emphasizing career progression, technical expertise, and personal sustainability. MORE
Work layoffs operate as an algorithm with sub-organizations: Safe, Unsafe, and Recurse groups. The algorithm consistently progresses, eventually identifying specific individuals for layoff or retention. MORE
From construction to frying chicken to software developer to Director Of Technology, one's journey is a testament to the power of perseverance. Struggling financially in 2007, Danny now earns more in a month than their yearly salary back then, a remarkable transformation. MORE
π Productivity
Facebook PathPicker is a command line tool that simplifies the process of selecting files from bash output, solving a pervasive problem. MORE
Building a client register from scratch in Obsidian, a powerful note-taking app, demonstrates a methodical approach to organizing and maintaining client information, leveraging the versatility of this digital tool. MORE
10 Mac apps that are hidden gems, covering file management, system boosters, and handy utilities that users may not be aware of but should consider using. MORE
Focumon! is a gamified pomodoro / flow time timer that transforms productivity into an adventure, allowing users to turn to-do lists into quests and conquer them with a team of Focumon. MORE
The importance of a daily practice of reaching a point of completion cannot be overstated. It provides a sense of accomplishment, focus, and personal growth. MORE
π Community
π Celebrate
Nagli joins Wiz to enhance Risk & Threat Exposure Management and build a new disruptive Risk MDR offering, after working on Shockwave as a solopreneur for the past couple of years. MORE
β‘οΈ For you
Nahamsec, a renowned bug bounty hunter, shares insights from his DEFCON 32 experience, exploring the vibrant hacker community and advancements in the field of cybersecurity. MORE
LiveOverflow recounts his return to DEF CON and Black Hat in Las Vegas, noting significant changes since prior visits. The experience was quite emotional, with gratitude expressed for the opportunity. MORE
Alex shares the mourning of the loss of ChloΓ«, his daughter who passed away 6 years ago. MORE
Programming evolves rapidly, and Karpathy, a prominent AI researcher explores new tools like VS Code Cursor and Sonnet 3.5, finding that most "programming" now involves crafting English prompts and reviewing/editing the resultsβa potential net win. MORE
π Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@restr1ct3d | Niv Levy | Penetration Testing Engineer / Offensive Security Certified Professional / Bug Bounty Hunter.
@s0md3v | Somdev Sangwan | I hack stuff and build evil software.
@_sbzo | RLobo | Security Researcher | Hacker.
@b0rk | Julia Evans | programming and exclamation marks. she/her.
@bug_dutch | Floerer | Bug Bounty Hunter.
β¬οΈ Level up
π° Read
Are we indeed living in an age of info-determinism, where our digital trails and data exhaust shape our future? This profound question probes the deeper implications of our information-saturated world. "[...] Conversations among machines will shape conversations about humans." MORE
SQL has been the dominant language for working with data, used across mainstream database systems, but research by Google suggests potential improvements to its syntax, particularly with a 'pipe' operator. MORE
Repo Jacking: The Great Source-code Swindle explores a powerful, yet widely unknown attack vector known as 'Repo Jacking' which has emerged in the last couple of years. MORE
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft's Copilot Studio via a server-side request forgery (SSRF), granting access to potentially sensitive service internals with cross-tenant impact. MORE
Remotely identifying Bluetooth devices raises concerns about healthcare device oversight. A Firewalla firewall is exploited to prove a point. MORE
π‘ Tips
Cursor's Composer allows you to leverage one input into multiple file editing using AI. A handy use case for this is generating popular CSS themes such as Monokai and Solarized-Light, automating the creation of theme variations. MORE
This repository presents a reproduction of the "Confusion Attacks" by Orange Tsai, exploiting hidden semantic ambiguity in Apache HTTP Server. MORE
Feed your todos into Cursor as markdown, and the AI will write the code for youβthe future is letting AI do the work while you guide it. MORE
Use Claude 3.5 Sonnet to generate watercolor style thumbnails for blog post open graph images, replaced in 3 seconds for $0.02 per image, with incredible results. MORE
A sticker book is a practical storage solution for stickers not immediately affixed to a laptop. MORE
I can't believe I've never thought of that! Sticker book inc.
π§ Wisdom
After 3 years of welcoming 2 healthy kids and career progression at Stripe, the last 3 years were the hardest for Olivia. Juggling work, child care, and day-to-day obligations led to her taking an indefinite break in my career. MORE
Design your dream life in 7 minutes by defining your core values, picturing your ideal life, and taking small steps towards it. MORE
Action is a skill honed through repetition. Consistent practice is the key to becoming adept at taking high-impact action. MORE
If more developers ran Linux on their desktops, they might be less intimidated by managing their own servers. However, the fundamentals of the internet are being forgotten at an alarming rate. MORE
π Resources
Recently, a regression or bypass was discovered that again allowed data exfiltration via image rendering during prompt injection on Google AI Studio, but it has been quickly fixed. MORE
Developers must be cautious when handling LLM responses, as attackers can exploit AI chatbots to exfiltrate data. MORE
Sploitify is an interactive cheat sheet of curated public server-side exploits, aiming to aid in offensive security while eschewing illegal or malicious use. MORE
This repository contains a list of tools used by ransomware and extortionist gangs. Defenders can exploit the fact that these tools are often reused, enabling threat hunting, detection deployment, and blocking to eliminate the ability of adversaries. MORE
Blind SSRF vulnerabilities can be chained in various ways, allowing for more complex and powerful attacks. Here's an exhaustive list of all the possible ways to do so. MORE
π Quote
"Who looks outside, dreams. Who looks inside, awakes."