• Hive Five
  • Posts
  • 🐝 Hive Five 206 - AI Crash Course

🐝 Hive Five 206 - AI Crash Course

Google white paper on AI Agents, HuntDB: track and monitor CVEs, 2024 Good Tech Awards, Bugcrowd HackerCup '24 Winners Interview, InternetCTF, How To Become a Hacker, and more...

Author

Bee Gagliardi
January 13, 2025

In partnership with

Hi friends,

Greetings from the hive!

We’ve finally got a real winter here on the East Coast, the kind of weather that makes you really feel it. And honestly, it got me thinking about our friends out in California.

These wildfires... I can’t even fathom the chaos and loss they cause. My heart goes out to everyone impacted.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Achieving financial success involves courage, persistence (trying at least ten times), and developing key skills like building, selling, and leveraging luck. MORE

  2. HuntDB allows you to monitor, analyze, and respond to real-time CVEs affecting your infrastructure. MORE

  3. The combination of reasoning, logic, and access to external information that are all connected to a Generative AI model invokes the concept of an agent. Google's whitepaper dives into all these and associated aspects in more detail. MORE

  4. The 2024 Good Tech Awards celebrated tech projects with clear benefits to humanity, in a year of AI progress, "founder mode" drama, and a Trump election win. MORE

  5. @Bugcrowd Carnival of ChAIos HackerCup '24 winners @godiego_ , @sw33tLie, and @bsysop share their collaboration insights, critical vulnerabilities, and bounty hunting strategies. MORE

Brought to you by β†’

Fyxer AI: Automate Emails, Meetings, and Team Tasks in Seconds

Fyxer AI automates daily email and meeting tasks:

  • Email Organization: It organizes your inbox so you see important emails first.

  • Automated Email Drafting: Crafts replies that sound like youβ€”convincing, concise, and flawlessly written in any language.

  • Meeting Notes: Keeps you focused by taking notes, summarizing meetings, and drafting follow-ups.

Fyxer AI adapts to teams and sets up in just 30 seconds with Gmail or Outlook.

If you like what you're seeing, maybe your brand belongs here too. Learn about partnerships.

Upgrade Yourself β†’

You're getting the free version. Members get more β€” including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.

Table of Contents

πŸ“° Updates

🍯 My work

🐝 Hive Five 205 - Join or die

A vulnerability in Nuclei scanner, multiple hackers report record-breaking 2024 earnings, including a $100k Meta payout. Paper on TikTok's novel Monolith recommendation system, and significant shifts in LLM capabilities throughout 2024.

www.hivefive.community/p/hive-five-205-join-or-die

βœ… Changelog

  1. Google announced InternetCTF, which allows one to capture the flags of the Internet. Find 0-days in OSS and write scanners to detect them. MORE

  2. The latest version of Lazygit, v0.45.0, brings significant improvements thanks to the dedicated contributors. MORE

πŸ’Ό Work

πŸ’° Career

  1. Cate reflects on their previous career advice in a bad market, acknowledging two great reasons not to quit that they didn't consider earlier. MORE

  2. Learn evidence-backed salary negotiation secrets from LinkedIn's data. 3 tips to master the art of getting paid more. MORE

  3. How to become a hacker. It's less about age and more about relentless commitment and practical execution. Forget the myths, build a strong foundation, and keep iterating. MORE

  4. Jason is hiring an Executive Assistant to CEO Arcanum Information Security. MORE

πŸš€ Productivity

  1. GalaxyBrain is a groundbreaking knowledge base, database, and programming language that promises to revolutionize how we create and interact with knowledge. MORE

  2. Getting a "modern" terminal setup involves customizing various components, including the terminal emulator, shell, prompt, and additional tools, to create a personalized and efficient command-line experience. MORE

  3. Boost your career impact with these 5 tips: manage up, create SOPs weekly, offensive vs defensive time, two do list, and operating rhythm. MORE

  4. Remote tech worker's 2025 goals and routine: refocusing for success. MORE

  5. "Shmonday" is a productivity hack that involves spending 2 hours on Sunday to make Mondays more impactful. MORE

🌎 Community

πŸŽ‰ Celebrate

  1. Nahamsec made it into TechCrunch with his $100,000 Facebook finding, a vulnerability that allowed them to control an internal server, granting access to the company's ad platform! MORE

  2. Tae'lur shares a quick view of her new loft in Bangkok. MORE

  3. Nahamsec's Discord Hunt stream was a hit, reaching over 300 viewers. MORE

⚑️ Timeline

  1. PortSwigger's top 10 web hacking techniques of 2024 is now open for nominations. MORE

  2. This tweet made me chuckle: "A lot of what you consider best practice only exists to deal with 1 annoying person who probably isn't even on the team anymore." MORE

  3. @Zseano and @JonathanBouman have been hacking Amazon for 6 years and are still going strong. Now, they're joined by two juggernauts: @fransrosen and @avlidienbrunn. MORE

πŸ’› Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @CyberSecRicki | The Infosec recruiter - Ricki Burke | Champion for neurodiversity. Founder of CyberSec People. Host of Hacking into Security podcast. Co-organiser of @SecTalks_GC and @BSidesGC

  2. @ZephrFish | Andy | Defcon goon, offensive security/ adversarial engineering & research.

  3. @JamesClear | James Clear | Author of the #1 NYT bestseller Atomic Habits | Write about building good habits.

  4. @m0chan98 | m0chan 󠁧| Scotland | Security Researcher.

  5. @nnwakelam | Nathaniel.

πŸ„ Level up

πŸ“° Read

  1. Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal. MORE

  2. WorstFit: Researchers uncover hidden Transformer vulnerabilities in Windows ANSI! Orange Tsai shouts out Splitline's co-authorship being invaluable in this groundbreaking research. MORE

  3. Clickjacking attacks have been a threat for over a decade, but the rise of "SameSite: Lax" cookies in modern browsers is making them less practical. A new technique called "DoubleClickjacking" could be the next evolution of this attack vector. MORE

  4. SwiftOnSecurity narrates their process of investigating and resolving complex technical issues as the final escalation tier, sharing insights for new InfoSec/IT professionals. MORE

  5. Can LLMs write better code if you keep asking them to "write better code"? MORE

πŸ’‘ Tips

  1. Polypane is the browser for ambitious web developers. A stand-alone browser with everything you need to build responsive, accessible, and performant web apps. MORE

  2. New contemplation prompt that LLMs like Claude and GPT-4o benefit from. MORE

  3. Bryan Johnson and his team created a food guide (v1) based on evidence, using the heuristic that every calorie must fight for its life. MORE

🧠 Wisdom

  1. Mastering the "Engineer Mind" is crucial for successful pentesting and AppSec engineering, involving visualizing code and architecture to uncover vulnerabilities. MORE

  2. Switching to a new senior engineering role? Approach your first days with a deliberate plan to onboard and make a strong impact. MORE

  3. Dr. Russell Barkley shares essential ADHD parenting tips to help kids thrive, empowering families with his expert insights. MORE

  4. The benefits of walking, highlight the remarkable feat of Jean BΓ©liveau who walked around the world, inspiring us to embrace this simple yet transformative exercise. MORE

  5. 34 Life Lessons from 34 Years. MORE

"The worst prison in the world is having the talent and intelligence to achieve something great but lacking the courage to go out and do it."

πŸ“š Resources

  1. Central repository for many useful Tsunami Security Scanner plugins. MORE

  2. Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. MORE

  3. Collection of Server-Side Prototype Pollution gadgets and exploits. MORE

  4. AI Crash Course to help busy builders catch up to the public frontier of AI research in 2 weeks. MORE

  5. Hacker News users share their favorite new blogs discovered in 2024, sparking discussions on the evolving landscape of the blogosphere. MORE

The top comment is also my choice: Simon Willison’s blog. Non-stop actionable information with just the right level of detail and technical depth.

πŸ›  Explore

Get $200 to try DigitalOcean β€” the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🧰 Tools

  1. A high-performance virtual host fuzzing tool designed to discover virtual hosts by testing different host headers against IP addresses. It supports concurrent scanning, custom paths, and flexible filtering options. MORE

  2. Stagehand is the easiest way to build browser automation. It is fully compatible with Playwright, offering three simple AI APIs (act, extract, and observe). MORE

  3. Hollywood is an incredibly fast and low-latency actor engine designed for high-performance applications like game servers, advertising brokers, and trading engines. MORE

"The Actor Model is a computational model used to build highly concurrent and distributed systems. It was introduced by Carl Hewitt in 1973 as a way to handle complex systems in a more scalable and fault-tolerant manner."

  1. All-in-one OSINT tool for analyzing any website. MORE

  2. Tools for finding SMTP smuggling vulnerabilities in inbound/receiving and outbound/sending SMTP servers. MORE

πŸŽ₯ Watch

  1. How the terminal.shop team used SST (Serverless Stack) to build and deploy a coffee shop web application, including its folder structure, configuration, database setup, domain management, authentication, and API implementation. MORE

  2. Transform your AI IDE with a 1000x Cursor workflow for building iOS apps. MORE

  3. An artist befriends the thief who stole her paintings. She becomes his closest ally when he is severely hurt in a car crash and needs full-time care, even if her paintings are not found. But then the tables turn. MORE

🎡 Listen

  1. Darknet Diaries delves into the world of stolen bikes, interviewing Bryan from Bike Index about the investigation into bike theft and where the stolen bikes end up! MORE

  2. GitLab patched a critical SSRF vulnerability, the first since 2020. Johan shares how he did it. MORE

  3. Beating Google at Search with Neural PageRank and $5M of H200s β€” with Will Bryk of Exa.ai. Building a new search engine on neural PageRank, why search should take 1 day, and why nap pods are important. MORE

  4. Wes Kao on strategies for communicating with leaders. De-risking strategies to avoid surprises and the significance of celebrating good decision-making processes rather than just successful outcomes. MORE

Takeaways

- Working autonomously means communicating more, not less.
- Surprises in the workplace are generally unwelcome.
- Celebrate the process of good decision-making, not just results.
- Make your proposals easy for others to present.
- Communication should be proactive, not reactive.

🌐 Technology

  1. Automate your application localization process with an AI-powered CLI and pipeline that streamlines translations for developers. MORE

  2. How to stay sane implementing Stripe, including unresolved shortcomings. MORE

  3. This is a specification for recognizing contributors to an open-source project in a way that rewards every contribution, not just code. MORE

  4. OpenHands is a platform that empowers autonomous software engineers to collaborate with human developers, leveraging AI and language models to write code, fix bugs, and deliver features.

  5. The web's long-standing caching model has undergone a fundamental shift due to privacy concerns, introducing "double-keyed caching" and challenging traditional performance optimization techniques. MORE

πŸ‘€ Interesting

  1. Explore the captivating Solar System with an interactive visualization! Discover planets, moons, asteroids, and more in a mobile-friendly experience. MORE

  2. UK electricity bills are skyrocketing due to a complex interplay of factors, including rising wholesale costs, policy decisions, and market dynamics. MORE

  3. This tool converts letters and numbers into the NATO phonetic alphabet, allowing for clear communication in critical situations. MORE

  4. Free air quality index widget for iOS, iPadOS, watchOS and macOS. MORE

  5. S3: The Stories of People Changing the World. Captivating weekly documentaries that inspire and empower you to make a difference. MORE

πŸ’­ Quote

❝

"The way to succeed is to double your error rate."

Thomas J. Watson

πŸ“ˆ Learned something?

Upgrade Yourself β†’

You're getting the free version. Members get more β€” including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.

Share Hive Five β†’

Share this newsletter with your friends and colleagues.

1 REFERRAL = 20% OFF EVERYTHING IN THE STORE

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.