- Hive Five
- Posts
- π Hive Five 199 - Security Footguns
π Hive Five 199 - Security Footguns
Most Used Open-Source Repos, Ghost Engineers, Breaking the Most Popular WAFs, Black Friday 2024 Deals, Vim while Cycling, and more...
Hi friends,
Greetings from the hive!
We've had a week...I hope you and yours are doing awesome.
AirBnB is truly a crapshoot. This time I'm coming to you live from a hotel after a disrupted stay.
Let's take this week by swarm!
π The Bee's Knees
Sketchy Cheat Sheet: Story of a Cloud Architecture Diagramming Tool gone wrong. Showcasing that following intuition and curiosity can prove to be extremely valuable. MORE
Breaking the most popular Web Application Firewalls in the market. This is a walk-through that shows how to bypass the SQL injection and cross-site scripting rules of the following Web Application Firewalls. MORE
Researchers discovered two Non-Production Endpoints as an Attack Surface in AWS. MORE
The Transit app can now locate underground trains without GPS by using offline motion detection to show users' locations between stations and alert them when their stop is coming up. MORE
Spelunking in Comments and Documentation for Security Footguns. MORE
Brought to you by β
Hive Store: For Hackers Who Get It
Wear the gear the community is whispering about.
Our merch isn't just clothing - it's a statement piece to show the world that you hack a life you love.
Think witty AI jokes that'll make engineers buy you drinks. Privacy puns so sharp, the EFF would high-five you.
Join the cross-pollinators already flexing these conversation-starting pieces.
Upgrade Yourself (π¨ Black Friday Deal 40% OFF) β
You're getting the free version. Members get more β including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
π° Updates
π οΈ News
Black Friday 2024
Black Friday 2024 data set, with details about various product sales and promotional offers. MORE
The Ken's 2024 Gifting Guide. The publication has been delivering sharp, original, insightful, analytical journalism about business and start-ups across India since 2016. MORE
The Rambull Gift Guide presents a curated selection of holiday gifts for 2024, featuring products from various categories. MORE
The US government aims to break up Google's search engine monopoly by forcing it to sell its Chrome browser, with potentially profound implications for the future of big tech. MORE
Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, will depart the government agency after more than three years at the helm. MORE
Research at Stanford uncovers that ~9.5% of software engineers are "Ghost Engineers" who contribute virtually nothing (0.1x-ers). The data spans over 50,000 engineers from hundreds of companies. MORE
Claude.ai now allows users to integrate Google Docs into their chats and projects. Pro, Teams, and Enterprise users can paste links or select recent documents to add them seamlessly. MORE
π― My work
β Changelog
SecLists received its fourth (and final) release of 2024. MORE
De-cluttering URLs is the focus of version 2.2 of the 'urless' project. MORE
DOMPurify v.3.2.1 is a fast, tolerant, and highly configurable XSS sanitizer for HTML, MathML, and SVG, offering a secure default with numerous hooks for customization. MORE
The new release of xnldorker, version 1.3, gathers results from dorks across various search engines, enabling users to enhance their reconnaissance efforts. MORE
Lazydocker, a tool for managing Docker with ease, has released version 0.24.1. MORE
πΌ Work
π° Career
Jasmine Star, a Hampton member, dropped out of law school to become a photographer despite not owning a camera. She then built a multimillion-dollar SaaS business. MORE
How Ali Built a New $1m Productivity related product in 12 Months. MORE
How to Start a Startup according to Paul Graham. You need three things to create a successful startup: to start with good people, to make something customers actually want, and to spend as little money as possible. MORE
"If you want to do it, do it. Starting a startup is not the great mystery it seems from outside. It's not something you have to know about "business" to do. Build something users love, and spend less than you make. How hard is that?"
How to operate as an indie hacker: cherry-pick what works for you, be a generalist, and more. MORE
π Productivity
Obsidian Templater templates for converting and processing text selections. MORE
Terminal-based pomodoro timer with task tracking, inspired by the commercial Pomotodo service. MORE
The video demonstrates how Garrett Brown Designs, a woodshop, utilizes Basecamp to manage its operations simply and effectively. The approach emphasizes keeping things uncomplicated. MORE
Marie Poulin, a Notion expert, will share her approach to using Notion as a tool for curiosity and personal development, offering a glimpse into her digital workspaces and showcasing how she harnesses Notion to explore ideas, track patterns, and fuel her creative process. MORE
π Community
π Celebrate
π« Pulse
People share their top 5 programmers of all time including Fabrice Bellard, John Carmack, John McCarthy, Linus, and Dennis Ritchie. MORE
Jane Wong wasn't happy with her way of living before, so she's changing her lifestyle, social circles, exercising, etc. MORE
Nautilus offers a three-month gap program in San Francisco, where participants get paid to pursue their most ambitious projects, no strings attached. MORE
π Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@Jamuse | Josh Amishav-Zlatin | I write about data breach monitoring for enterprise security teams | Indexed ~30 billion passwords | Former pen tester turned OSINT collector.
@holme_sec | Holme | Love to learn.
@alicanact60 | Ali TΓΌtΓΌncΓΌ | Security Researcher.
@angealbertini | Ange | Corkami, CPS2Shock, PoC||GTFO, Sha1tered. Security engineer @ Google. He/him.
@rosiesherry | Rosie Sherry | Building a portfolio of communities.
π Level up
π° Read
Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey. MORE
From an Android Hook to RCE: $5000 Bounty. How Voorivex reverse-engineered a famous Android application called MyIrancell. MORE
Arc Browser UXSS, Local File Read, Arbitrary File Creation and Path Traversal to RCE. MORE
Over-engineering backups using Restic. MORE
Restic is a modern backup program that can back up your files:
from Linux, BSD, Mac and Windows to many different storage types, including self-hosted and online services easily, being a single executable that you can run without a server or complex setup effectively, only transferring the parts that actually changed in the files you back up securely, by careful use of cryptography in every part of the process verifiably, enabling you to make sure that your files can be restored when needed freely - restic is entirely free to use and completely open source
How some of the world's most brilliant computer scientists got password policies so wrong. MORE
π‘ Tips
Did you know you can work at a desk, using vim, while cycling? MORE
Favourite or most under-utilized dev tools tips by the community. MORE
A domain with an IIS welcome screen and no online presence is discovered. ZwinK tells you what to do next. MORE
Easiest way to find the manifest.json file of a Chrome extension: grab the extension ID from chrome://extensions, then go to chrome-extension://ID/manifest.json
π§ Wisdom
If you want to make something, go make it. Wanting to do it is reason enough. MORE
Elite colleges were meant to create equal opportunities for smart students, but instead they've made a system where mostly rich kids get ahead through test scores and grades. MORE
Nabeel S. Qureshi, a startup founder, shares hard-discovered principles, such as "Once you are ok with people telling you βnoβ, you can ask for whatever you want. (Make reality say no to you.)" MORE
Checklists are a powerful tool allowing us to unload cognitive stress, from surgical safety to event production. MORE
The essence is the daily choice: engage in busy work, procrastinate, or create value for others, even if the intended recipient does not payβsomeone else will. MORE
π Resources
Tomnomnom, prolific infosec tool creator and teacher, collected his wealth of talks and interviews that offer insights on various topics. MORE
Most used Open Source you didn't know about. Search through the top 1000 repos. MORE
How CodeQL, a code analysis tool, can be used to find bugs in the Chrome browser. It showcases the effectiveness of CodeQL in uncovering vulnerabilities and improving the security of Chrome. MORE
List of tech-related Bluesky starter packs. MORE
Importing a frontend Javascript library without a build system. MORE
π Explore
Get $200 to try DigitalOcean β the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
π§° Tools
Deck.blue offers a multi-column (Tweetdeck) layout to enhance your experience on Bluesky. MORE
Fedica, formerly Tweepsmap, offers social media analytics and publishing tools to predict impact, prove campaign results, and make smarter decisions. MORE
Juumla is a Python tool that identifies the Joomla version, scans for vulnerabilities, and locates sensitive files. MORE
Garak, a tool developed by NVIDIA, probes large language models for weaknesses such as hallucination, data leakage, prompt injection, and toxic output generation, much like the network scanner nmap for computer systems. MORE
Embed a payload inside a PNG file. MORE
π₯ Watch
A conversation with vintage watch collector and dealer Adam Victor. He's the quintessential vintage hunter in a way that you don't see much of anymore. MORE
Nahamsec, a renowned bug bounty hunter, shares five valuable lessons that have helped him earn over $1 million since 2022. MORE
Becca shares an ethics statement about sponsorships, brand deals, trips, speaking engagements, and gifts, hoping to create a solid foundation for an honest conversation on these topics. MORE
A tutorial on designing a landing page in Figma, discussing best practices and techniques for creating efficient components and adding content and typography. MORE
This case study examines techniques for privilege escalation in bug bounty programs. It delves into the details of a full privilege escalation exploit. MORE
π΅ Listen
In this episode, Sharon Brizinov recounts his journey from iOS development to leading a research team at Claroty, touching on the differences between HackerOne and PwnOwn, and delving into the intricacies of IoT security. MORE
3 Stories Of People Making Millions In Weird Ways: the Polymarket whale who made millions off the election, Ozempic for sleep, and Martha Stewart. MORE
π Technology
A compact AI cluster built with M4 Mac Minis, Thunderbolt 5 interconnect, and LLMs like Nemotron 70B and Llama 405B, achieving impressive performance benchmarks. MORE
Perplexica is an AI-powered search engine. It is an Open source alternative to Perplexity AI. MORE
WikiChat is an improved RAG. It stops the hallucination of large language models by retrieving data from a corpus. MORE
The desire to own a digital identity and host it oneself has long been a recurring theme among tech enthusiasts. However, this "decentralization dream" is more of a patch than a true solution. MORE
Rexan gave a demo to a high school computer science class on building websites with CursorAI, showcasing how the way and speed of coding is set to change. MORE
π Interesting
50 Watts is a blog featuring science fiction illustrations from Japan, including works by Naoyuki Katoh, Kozo Yokoi, and books published by Watts Books, a Japanese bookstore. MORE
The Harvard debate guy has won 2 world debating championships with his unique RISA framework, which helps people find a better way to disagree. This framework consists of 6 key strategies to win any argument without saying much. MORE
Fanta, the orange soft drink, was created in Nazi Germany during World War II by the German Coca-Cola bottling company due to the lack of shipping between Germany and the United States. MORE
Sara Sigmundsdottir, a professional CrossFit athlete, shares an authentic glimpse into her life, sharing the good, the bad, the ugly, and the beautiful. MORE
The Last Player on a Dead Server β And Why a Streamer Bought Him a PC. MORE
π Quote
"Make the work with great care and precision, but do not ever let it become too precious."
π Learned something?
Upgrade Yourself (π¨ Black Friday Deal 40% OFF) β
You're getting the free version. Members get more β including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Share Hive Five β
Share this newsletter with your friends and colleagues.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE
Until next week, take care of yourself and each other,
Bee π
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.