🐝 Hive Five 201 - Egoless Engineering

Hi friends,

Greetings from the hive!

Throughout this road trip, it became more and more apparent that I strongly prefer to live outside of (big) cities.

This brings us to other non-negotiables, such as direct access to nature. Being active outside heals most of my wounds and hones my thoughts.

In such environments, it also encourages me to go outside.

Speaking of optimal environments, I've also started to simplify my PKM system and workflows to make them more effective.

Let's take this week by swarm!

🐝 The Bee's Knees

1. An inspirational talk by Aaron called "Publish your work, change your life." MORE

2. Egoless Engineering: "One big thing that a lot of people love to do is create new role types. For any new thing a company wants to do, the tendency is to put up a new job description." MORE

3. SecHub (Mercedes-Benz Group) is a free and open-source security platform that provides a central API for testing software with various security tools, both free and open-source as well as proprietary. MORE

4. Handling Cookies is a Minefield: "What servers SHOULD send and what browsers MUST accept are not aligned [...]" MORE

5. It has taken well over 7 years before this geolocation challenge was resolved. Sector breaks down how they did it. MORE

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

• 📈 Learned something?

📰 Updates

🍯 My work

Excited to share the revamped High Five Partnership Program for 2025!

From brand visibility to community impact, we offer dynamic sponsorship tiers to match your goals. See how your brand can thrive with the Hive.

✅ Changelog

1. PayloadsAllTheThings 2024.2 reached a major milestone: 8 years of progress and a new beginning. The first release of PayloadsAllTheThings as an Ebook on Leanpub. MORE

2. The color orange is displacing blue as the dominant hue in the tech industry, think: mymind, Perplexity, Claude, and more. MORE

3. @HackingDave on cybersecurity automation with AI/LLMs starting to become and will be one of the most desired skill sets in the next 3-5 years in all of security. MORE

4. XINTRA is actively seeking new trainings for targeting blue/red teams. They offer payment and all trainings will be assessed by their Review Board. MORE

💼 Work

💰 Career

1. The Cold Email Handbook outlines a playbook for growing a startup through personalized outbound campaigns, from infrastructure to launching scalable campaigns. MORE

2. The fastest way to kill your business is through tolerance. Write down what excellence looks like. MORE

3. 5 Steps to Start Making $10k/Month Writing Online. MORE

4. Cybersecurity career paths, including certification roadmaps, domain overviews, and career maps to guide aspiring professionals in navigating this dynamic field. MORE

5. A masterclass in writing better landing pages, positioning your brand and products, and building features that customers want. MORE

🚀 Productivity

1. A markdown-like language for plainly recording logs, charts, blogs, journals, and other time-based content. A versatile tool for chronicling one's life and work. MORE

2. Neovim users share their coolest keymaps, including Folke himself! MORE

3. This session walks through how to get the most out of Linear, shares strategies to onboard your team, and guides the setup of key features. MORE

4. Yearly reflecting on one's past experiences can unveil recency bias; a more balanced approach involves progressive summarization across daily, weekly, and quarterly intervals. MORE

🌎 Community

🎉 Celebrate

1. The Centre for Information Resilience is dedicated to exposing human rights violations and threats to democracy through open-source investigations and research. Worthy cause! MORE

2. Critical Thinking - Bug Bounty Podcast celebrates 100 episodes, but also bids farewell to co-host Joel, who will be leaving the show. Thanks for all you've done Joel! MORE

3. After complications from major surgery months ago, Meg is back in the gym 5-day-a-week. LFG! MORE

4. @nahamsec finding has prompted a software update that will reach millions of devices, a testament to the impact of their work. Awesome! MORE

⚡️ Timeline

1. Rami Tawil (@drunkrhin0), a talented hacker, was born with an insatiable curiosity and a deep desire to understand how systems work, even if it meant breaking the rules. MORE

2. @ctbbpodcast on how to run a successful bug bounty program that hackers will enjoy hacking on, including tips on program setup, engagement, and rewards. MORE

3. Shift by @rez0__ and @rhynorater enhances your hacking with AI-powered automation in @CaidoIO. You can sign up for the beta waitlist. MORE

4. @monkehack demonstrates using voice with Shift (AI HTTP proxy), with a Stream deck executing hotkeys for Shift, dictation, and enter after a few seconds. MORE

5. After 5.5 years at Google, @raizamrtn (NotebookLM lead), is leaving to build something new. MORE

🍄 Level up

📰 Read

1. A lightning-fast journey from Guest User to Account Takeover. Plugins and in-depth techniques to facilitate the enumeration of the target and the discovery of Salesforce Experience Cloud vulnerabilities. MORE

2. The fall of Silk Road has not diminished the demand for illicit substances, as people continue to seek out dark web marketplaces for their needs. The intent of this article is to shed light on its security model as a technical curiosity. MORE

3. The Great Google Password Heist: 15 years of hacking passwords testing their security (and build team culture!). MORE

4. A critical vulnerability in Kemp's LoadMaster Load Balancer allows remote exploitation through the Web User Interface, enabling full system compromise without any authentication. MORE

5. RyotaK discovered that the OpenWrt firmware is built using an online service, allowing for a supply chain attack via a truncated SHA-256 collision and command injection. MORE

💡 Tips

1. Exposed Internal PKI Infrastructure Detection nuclei template. MORE

2. Stop fighting your natural tendencies. Embrace them and use them to your advantage. Fighting them is like being a sprinter forced to run marathons — exhausting and futile. MORE

3. Crowd-sourced best tech, workout gear, boots, knives, and belts from 50 acquaintances, intending to help others find superior goods for the holiday season. MORE

4. What steps to take if you were to win $656 million in the lottery. MORE

5. An SSRF tip by @ArchAngelDDay to put req.query.cont:"https%3A%2F%2F into your @CaidoIO search bar after hacking on a target for a while and see what comes up. MORE

🧠 Wisdom

1. Thinking About Risk: An introduction to thinking about risk. Risk = Likelihood × Impact. MORE

2. Amanda on life being meant to be full of AND. MORE

3. Don't wait for the perfect conditions to take action. Just as one wouldn't delay a drive from LA to NY due to potential construction or accidents, one should bet on themselves and take action to solve problems. MORE

4. Jordan Peterson, a renowned psychologist, exhorts listeners to discipline themselves, pursue meaning over happiness, and avoid wasting their lives. MORE

5. The rise of foundation models has incentivized a diversification of skillsets in both software engineering and AI research itself. MORE

📚 Resources

1. (Re)Building the Ultimate Homelab NUC Cluster: how to deploy a cluster using proxmox, the hardware setup, and building your own Active Directory Lab environment. MORE

2. Bellingcat's Open Source Challenge invites users to test their open-source research skills through a series of unlockable challenges. MORE

3. AI Model Comparison allows you to see and compare every AI model easily. 100% free & open-source. MORE

4. UEVR: An Exploration of Advanced Game Hacking Techniques. MORE

5. Awesome list of keywords and artifacts for Threat Hunting sessions. MORE

🛠 Explore

🧰 Tools

1. Nerve is a tool that allows creating stateful agents with any language model of one's choice, without requiring any code writing. MORE

2. Studio is a lightweight, browser-based GUI client for managing SQLite-based databases like Turso, LibSQL, and rqlite, offering a range of features to simplify database management. MORE

3. Recon scripts for Red Team and Web blackbox auditing. MORE

4. QuickSSRF is a plugin designed to integrate with CAIDO and leverage the Interactsh service from ProjectDiscovery. MORE

5. AutorizePro is an innovative Burp plug-in with a built-in AI analysis module that focuses on unauthorized access detection. MORE

🎥 Watch

1. The ideas behind Rock-solid curl, their new long-term support curl release branches. How they work, why they do them, how the different from the normal curl releases and so on. MORE

2. Van spent 3 weeks and $599.47 fixing a dumb playground toy. MORE

3. A YouTuber and full-stack engineer discusses using Lovable and Supabase to build a SaaS startup, covering product management, web technologies, and client-server architectures. MORE

4. The remarkable progress of AI is demonstrated by the ability to complete a 60-minute coding task in just 60 seconds, as shown in this podcast episode where an app was built with a single prompt. MORE

5. @0xtib3rius demonstrates how to hack websites using XML External Entities (XXE). MORE

🎵 Listen

1. Jarett Dunn, known as StaccOverflow, orchestrated a dramatic heist dubbed the "Stacc Attack", stealing millions from a website called Pump Fun. MORE

2. Bolt.new, Flow Engineering for Code Agents, and >$8m ARR in 2 months as a Claude Wrapper. The Stackblitz and Qodo CEOs dish on building production coding agents, from going viral as the hottest new consumer/low-code agent, to the gnarliest enterprise deployments for code/test agents. MORE

🌐 Technology

1. exo is a project that allows running an AI cluster on everyday devices like iPhones, iPads, Android, Mac, and Linux, forgoing the need for expensive NVIDIA GPUs. It aims to unify one's existing devices into a powerful GPU. MORE

2. Elastop is a terminal-based dashboard for monitoring Elasticsearch clusters in real-time. MORE

3. Writing down (and searching through) every UUID. MORE

4. Next-level frosted glass with backdrop-filter. MORE

5. Learn everything you need to start writing Lua in 30 minutes. MORE

👀 Interesting

1. Filmgrab is an extensive online archive of film stills, providing a visually captivating exploration of cinematic history. MORE

2. While fuzzy pattern matching may develop into reasoning over many iterations, this does not necessarily make it the optimal approach to reasoning. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}