- Hive Five
- Posts
- ๐ Hive Five 196 - How To Make $100k Bug Hunting in 2025
๐ Hive Five 196 - How To Make $100k Bug Hunting in 2025
The 2024 Best Inventions list, Notion Email client, Neovim Markdown setup, 20 essential Gmail settings, HeroCTF v6 writeups, and more...
Hi friends,
Greetings from the hive!
After a short detour, we're back to regular scheduling. The OG newsletter outline is back. Last week's issue didn't feel the same.
While curating for this newsletter, the following quote by Sahil stood out to me: "The same things that make you 'weird' as a kid are what will make you successful as an adult. Your unique blend of interests, hobbies, and eccentricities attract lucky events into your life."
Let's take this week by swarm!
๐ The Bee's Knees
HeroCTF v6 Writeups covering: Express, Chromium cache partitioning, Service Worker hijacking through the Cache API, and Webpack DOM clobbering. MORE
The 2024 Best Inventions list, curated by editors from Time magazine, showcases innovative products and technologies across various categories. Google's NotebookLM is one of the winners. MORE
How a programmer with over three decades of experience writes code using Cursor. The real value is changing how you code. MORE
"Cursor is the best example of the potential of LLM coding assistants, and if you want to explore how this type of tool might be of value I suggest you give it a spin."
Want to sponsor an upcoming issue? Letโs partner up!
Upgrade Yourself โ
You're getting the free version. Members get more โ including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Table of Contents
๐ฐ Updates
๐ฏ My work
๐จ News
At GitHub Universe, Microsoft announced Anthropicโs Claude 3.5 Sonnet, Googleโs Gemini 1.5 Pro, and OpenAIโs o1-preview and o1-mini are coming to GitHub Copilotโbringing a new level of choice to every developer. MORE
Ivan Zhao, the founder of Notion, held a 1-hour keynote at the company's first in-person conference, announcing 8 new launches that are sure to captivate the audience. The one that stood out to me the most was their email client. MORE
This reminds me of a 37 Signal play. Only difference is that they have a proven track record. I suppose Notion has the user base.
New payloads in PortSwigger's URL Validation Bypass Cheat Sheet. MORE
โ Changelog
OWASP Noir, a static analysis tool, has just released version 0.18.1, introducing passive scan, status code flags, and more. MORE
The release of version 2.2.4 of the gau tool contains several fixes and a merge request. MORE
uro v1.0.1 makes the declutters URL lists tool 80x faster. MORE
Arjun, a tool for discovering HTTP parameters, has released version 2.2.7, introducing two new flags and several fixes. MORE
The latest Burp feature update added some features, including the ability to use Bambdas to perform match / replace in the Proxy. MORE
๐ผ Work
๐ฐ Career
Chompie is starting a new offensive research team at X-Force and is hiring a security researcher. MORE
Ivan on their career move to Meta's WhatsApp: "I donโt want to spend the next 10 years of my life perfecting detection capabilities in the desktop world when the smart kids spent their last 10 years exiting it." MORE
Ania Wysocka built a business that scaled to $2m in revenue with a staff of zero. She founded Rootd, the worldโs leading app for managing panic attacks. MORE
Why David Quit his high-paying Wall Street job to revive his family's struggling air filter business, embarking on a mission to build a world-leading indoor air quality company. MORE
A step-by-step approach to landing two six-figure remote Gov tech jobs in two weeks. MORE
๐ Productivity
Marc Andreessen shares personal anecdotes of Elon Musk's remarkable effectiveness, shedding light on how he achieves so much. MORE
Cartographer is a powerful tool that leverages evolving Natural Language Processing (NLP) models to search through your document bases right from the comfort of your text editor. MORE
A Neovim markdown setup, including all plugins and tips for taking markdown notes. MORE
Some problems have straightforward solutions, while others require immense effort, resources, and coordination to overcome their complexity. Focus on simple but difficult problems. MORE
"What truly matters, though, are the important problems. The ones that arenโt rocket science, but need a significant amount of guts, emotional labor and community coordination to solve."
This guide covers 20 essential Gmail settings to transform your inbox experience. From disabling annoying nudges to setting up efficient swipe actions on mobile. MORE
๐ Community
๐ Celebrate
Firefox celebrates 20 years, and everyone who has used it is vital in making the internet better. Thank you! MORE
NahamSec reported an RCE to Meta this weekend and has received an initial "good find". Exciting! MORE
STรK announced his exciting new role on the security team at Visma. Love it! MORE
Bugcrowds secured $50M in growth capital from Silicon Valley Bank. Boom! MORE
โก๏ธ Timeline
People complain about bug bounty payout disputes, but nobody forces them to participate. Payout levels are often pre-defined, so if they still choose to proceed, it is their own decision. MORE
Katie had a medical emergency while in the US, which they have now recovered from. However, the experience was frightening, as dealing with medical issues in the US can be difficult. MORE
๐ Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@kepano | kepano | making Obsidian.
@niemand_sec | Niemand | Independent Security Consultant - Founder at SwordBytesSec - Ex immunityinc.
@seanyeoh | sean | appsec @ bytedance | former assetnote.
@bitquark | bitquark.
sunilyedla2 | Sunil Yedla | Trying to make the Internet a safer place by helping companies find security loopholes.
๐ Level up
๐ฐ Read
"Finding a vulnerability in a widely-used and well-fuzzed open-source project is an exciting result! When provided with the right tools, current LLMs can perform vulnerability research."
"If you're thinking without writing, you only think you're thinking."
๐ก Tips
TIL you can use ChatGPT in iOS Shortcuts. MORE
I can't wait for Claude to add this feature as well. The automations this unlocks is mindblowing. An example in the link above.
Reset your dopamine and change your life by learning the power of brain chemicals from neuroscientist TJ Power. MORE
Tip by ZwinK: "If you get a 403 or 401 on an API path, try url encoding parts of the path or add one of these to the end of path
/, ?, #, %2f, %3f. Or, add // or %2f%2f
. Sometimes it throws off the access control logic and lets you in." MORE
๐ง Wisdom
"a lot of very capable people outsmart themselves with complex plans that involve working a lot on fake prerequisites."
What "Follow Your Dreams" Misses. In his commencement speech at Harvey Mudd in 2024, Grant Sanderson urged graduates to remain adaptable, view passion as fuel, and follow opportunities instead of dreams. MORE
The fight-or-flight response is an automatic physiological reaction to perceived threats, preparing the body to either confront or flee from danger. A more accurate sequence might be Freeze, Flight, Fight, Fright. MORE
NFL quarterback Jayden Daniels uses VR every morning to simulate live reps that include moving in the pocket and throwing into tight windows. MORE
๐ Resources
A wide range of more than 100 powerful BadUSB scripts exclusively designed for Mac OS & the Flipper Zero device. MORE
Resources for learning Kubernetes, Docker, Cloud Native tech, and cloud computing. Find certification suggestion guides, childrenโs books that explain cloud concepts simply, and more. MORE
The Hacker News community shares their favorite text-based adventure games. MORE
XSS WAF Bypass: One payload for all. MORE
Everyone should take advantage of these free online resources: free online courses, educational videos, and open-source software. MORE
๐ Explore
๐งฐ Tools
If I was still a Windows user I would jump on this! I have never been so effective managing windows as when I was using i3wm on my Ubuntu install.
Get $200 to try DigitalOcean โ the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
๐ฅ Watch
Web Dev Challenge #7: Build an app thatโs haunted. Make it spooky, make it creepy. Joel Hooks, Douglas Rogers, Danny Thompson, and Jason Lengstorf took on the challenge. MORE
How Union Square Ventures Built an AI Brain for Venture Capital. MORE
Lina Lau's talk at BSides Canberra 2024 she shares that you can be an iOS hacker: Stack Pivots and JOP/ROPs. MORE
A comparison between Github Spark, v0, and Bolt.new that allow you to prompt, run, edit, and deploy full-stack web apps. MORE
Justin and MatanBer delve into browser extensions. They talk about the structure and threat models and cover things like service workers, extension pages, and isolated worlds. MORE
๐ต Listen
Scott Hanselman and Mark Russinovich explore AI's evolving role, from boosting coding productivity with tools like GitHub Copilot to pondering the pitfalls of over-reliance on AI, as it reshapes education and professions. MORE
The DevZero Podcast discussed key decisions, communication, and what drives effective engineering teams. MORE
Unorthodox frameworks for growing your product, career, and impact by Bangaly Kaba (Director of Product YouTube, ex-Instagram, ex-Facebook, ex-Instacart). MORE
I had no idea what to expect with this one, but it blew my mind. From the frameworks to the advice. Fascinating! What stuck with me the most is the importance of โunderstand workโ.
๐ Technology
AI at its best, adding 'bolt.new' in front of a GitHub repo starts building it right away. This allows you to begin working on the project immediately. MORE
This is actually crazy. Who would have thought this was ever going to be a thing. I sure didn't.
Best Free Fonts is a curated selection of free fonts, including serif, sans serif, script, and monospace varieties. MORE
Angela Jin recently departed her role as Head of Programs & Contributor Experience at Automattic and stepped away from the WordPress project. MORE
mymind is a private workspace to save one's most cherished notes, images, quotes, and highlights, enhanced with AI to aid memory without the burden of categorization. MORE
As a daily Obsidian user, I wouldn't replace the PKM portion. However, as a swipe file, focused on visuals, I think it would be hugely beneficial to anyone.
Six techniques to create a great user experience for shell scripts, including providing clear error messages, using interactive prompts, and incorporating helper functions. MORE
๐ Interesting
Book Cover Review provides a platform for authors and publishers to receive professional feedback on their book covers. MORE
Colorango offers a collection of free, printable coloring pages for all ages, covering a wide range of themes from animals to seasonal designs. MORE
77 cocktail recipes visualized. MORE
How Vinyl Records Are Made (feat. Third Man Records). MORE
TimeGuessr is a web-based game that challenges players to guess the time shown in a series of images. MORE
๐ญ Quote
"Let us remember: One book, one pen, one child, and one teacher can change the world."
๐ Learned something?
Upgrade Yourself โ
You're getting the free version. Members get more โ including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Share Hive Five โ
Share this newsletter with your friends and colleagues.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE
Until next week, take care of yourself and each other,
Bee ๐
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.