🐝 Hive Five 211 - Stop Working So Hard

Hi friends,

Greetings from the hive!

A while ago I asked what you wanted me to improve. This led to me revamping part of my premium offering.

Instead of a constant stream of uncategorized links, I now provide actionable deep dives enabling you to work at the speed of thought.

My first deep dive reveals my optimal keyboard shortcuts. It's a 9 minute screencast explaining the philosophy and keybindings I use for maximum effectiveness.

Let's take this week by swarm!

🐝 The Bee's Knees

• What the Okta Bcrypt incident on Nov 1st 2024 can teach us about designing better APIs. MORE

• Exploring the DOMPurify library: Hunting for Misconfigurations. The piece delves into the challenges faced by @cure53berlin, illustrating the limitations of even the most effective security measures. MORE

• Hack like a pirate: treating your scope like a treasure hunt. Before going and looking for vulnerabilities, decide what the X-marks-the-spot is. MORE

• How two security researchers found a $50k vulnerability by exploiting its software supply chain. MORE

• Google's AI Studio offers a comprehensive demonstration of their AI capabilities, including long-context processing, reasoning models, and real-time AI. Presented by the lead PM, Logan Kilpatrick, the video covers the Gemini models and AI Studio platform in detail. MORE

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

• 📈 Learned something?

📰 Updates

✅ Changelog

• Shot-scraper 1.6 with support for HTTP Archives (HAR). The new shot-scraper har command can now create an archive of a page and all of its dependents. MORE

• Wappalyzer-next released version 1.0.10 with updated signatures and 170+ new technologies. MORE

• ProjectDiscovery v1 boosts Nuclei with AI for easier custom vulnerability detection. It improves template creation, search, and regression testing. MORE

💼 Work

💰 Career

• Want to level up your security engineering career? Master web app coding, cloud deployment, and pentesting to squash bugs and build bridges with clear communication. MORE

• Google DeepMind is hiring a Director of Security Engineering. MORE

• Battelle is seeking an aspiring Early Career Vulnerability Researcher to work in their Columbus, OH location. MORE

• Marily Nika, an AI PM at Google, shares how to become one, including necessary technical skills and collaboration with researchers. Learn to optimize your LinkedIn and navigate the evolving role of PMs in the age of AI. MORE

• Nat Eliason made bank with crypto, real estate, and now AI app-building, teaching others to ride the wave. He says storytelling is a must-have skill for the AI age. MORE

🚀 Productivity

• What you're missing: a notebook system for your life. Ryder Carroll, creator of the no-frills Bullet Journal method, explains how short notes capture life’s moments. One key tip: write as if someone else will read them. MORE

• Tired of slow DuckDuckGo bangs? Use Unduck as a custom search engine in your browser for faster redirects. MORE

• Tame your tab addiction with TabBoo. Add random jumpscares to sites you're trying to avoid. MORE

• Scriptable lets you add sleek, lightweight widgets and automation to your Apple devices. Widgets made using the Notion API provide a powerful productivity boost. MORE

• Become a (Neo)vim pro. Boost your productivity with tips on navigation, text manipulation, Telescope, marks, snippets, and custom plugins. MORE

🌎 Community

⚡️ Timeline

• The BBRE Awards highlight the best bug bounty reports, blogposts, and tools of 2024. MORE

• Taelur is weighing a leadership leap, realizing their knack for strategy and project skills could be a game-changer. MORE

• Theo may be the catalyst for Firefox finally addressing a 14-year-old bug affecting linear gradient rendering, which has negatively impacted website looks. MORE

• Netflix bounty alert! A NahamSec Discord member scored their first-ever reward by finding a critical vulnerability. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

• @r0x33d | Matt | Security Researcher | Bug Bounty Hunter | Developer.

• @GossiTheDog | Kevin Beaumont.

• @danielverlaan | Daniël Verlaan | tech journalist RTL Nieuws.

• @marcusjcarey | Marcus J. Carey | Hope Dealer. Hacker. Husband, Father, Author, Artist, Mentor, & Inventor.

• @d00xing | d0xing.

🍄 Level up

📰 Read

• Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108. MORE

• The future of security testing: harness AI-Powered Extensibility in Burp. MORE

• Leaking the email of any YouTube user for $10,000. MORE

• Researchers found a vulnerability that could potentially hijack over 1.6 million domains. The primary technical discovery is an unforeseen interaction between registrar practices and registry provisioning constraints. MORE

• Hacking Gemini's memory with prompt injection and delayed tool invocation. MORE

💡 Tips

• Comedian Jimmy Carr shares key public speaking tip: aim to speak at 92 beats per minute. MORE

• From PDFs to Insights: Structured Outputs from PDFs with Gemini 2.0. MORE

• Mischa shares his updated 2025 DevOps workflow on Neovim and Tmux. MORE

• Disable in-app ratings and reviews on your iPhone to eliminate those annoying pop-ups. MORE

🧠 Wisdom

• Stop working so hard. Discover how embracing what you love can lead to extraordinary rewards, as shown by figures like MrBeast and others who thrive by being their authentic selves. MORE

• Travel Tips from 50 Years of Experience: Discover the two modes of travel: retreat for relaxation and engagement for adventure. Learn how to optimize your trips by organizing around passions, minimizing luggage, and embracing spontaneity. MORE

• Frustrated you're not reaching your goals? This video reveals 5 reasons why, like not tracking progress or caring too much about others' opinions. Learn to overcome these roadblocks and start achieving success. MORE

📚 Resources

• CS 153: Infra @ Scale at Stanford lets you learn from tech founders/engineers on how to serve billions. Hear from leaders at NVIDIA, Cloudflare, Reddit, & Anthropic. MORE

• Become a master detective with SQL Noir - a crime-solving SQL game that puts your SQL skills to the test. MORE

• Learn how to effectively add a directory to your PATH with a comprehensive guide that covers various shell configurations and common pitfalls. Whether you're using bash or another shell, this step-by-step tutorial ensures you avoid mistakes and streamline your terminal experience. MORE

• Comprehensive collection of free resources and a roadmap to level up your Machine Learning and AI skills. MORE

🛠 Explore

🧰 Tools

• Simple tool to extract words from a list of subdomains, sort them by frequency, and output them. MORE

• LocalSend lets you securely share files and messages with nearby devices over your local network without an internet connection. Cross-platform app uses a REST API and HTTPS encryption for secure peer-to-peer communication. MORE

• Repomix packs your entire codebase into a single AI-friendly file. Perfect for feeding your repository to Large Language Models like Claude, ChatGPT, and Gemini. MORE

• View the HTTP and HTTPS requests made by any linux program by running httptap -- <command>. MORE

• IINA is a modern macOS video player with a sleek interface and features like Force Touch, Touch Bar, and Picture-in-Picture. MORE

🎥 Watch

• In just 54 minutes, Frey Chu built a profitable local directory using Ahrefs and WordPress. He shares his step-by-step methodology for identifying lucrative directory opportunities, using dog parks as a case study. MORE

• Tips, advice, and more in the day of the life of a solo developer who made $1M with a side project. MORE

• Joseph (rez0) Thacker's TEDx talk explores "hackbots"—AI that can hack websites on their own. He covers how they work, what they can do, and the risks they pose. MORE

• Ward Farnsworth is a law professor and former dean at the University of Texas School of Law who has written popular books about clear thinking, language, and philosophy. MORE

🎵 Listen

• Tyler Ramsbey shares his inspiring career journey from pastor to pentester, and how he's now training the next generation of cybersecurity professionals. MORE

• Bret Taylor on the AI Architect. The legendary CEO of Sierra, Chairman of OpenAI, and creator of Google Maps/Facebook Likes on the future of Software Engineering, and building great products and teams at the break of the dawn of AGI. MORE

• Chamath Palihapitiya discusses the future of open-source AI, the massive compute buildout, and how to build for the age of AI. MORE

🌐 Technology

• Supercharge your Supabase projects. These AI prompts will help you use tools like Cursor or GitHub Copilot to work more efficiently. MORE

• Run LLMs on macOS using llm-mlx and Apple’s MLX framework. llm-mlx is a brand new plugin for my LLM Python Library and CLI utility which builds on top of Apple’s excellent MLX array framework library and mlx-lm package. MORE

• AI vs. Therapists: Can you tell the difference? Study finds AI empathetic responses are highly rated, suggesting potential in therapy. MORE

• Duolingo few dozen nerds above a Pittsburgh sports bar, fueled by a wild dream to make the world's best education accessible to everyone. Duolingo has grown into a global language learning powerhouse. Here's their handbook. MORE

• Be a property owner and not a renter on the internet. The internet as we know it is changing. The decentralized web holds the promise of digital ownership and self-sovereign data. MORE

👀 Interesting

• How Did a $2 Billion Trove of Art End Up in a Random Attic in France? Michael Finkel tells the story of Stéphane Breitwieser, "perhaps the most successful and prolific art thief who has ever lived." MORE

• Before fancy graphics, screen savers were about preventing screen burn-in on old monitors. These early savers automatically dimmed the screen, a simple tech that's evolved into the power-saving displays we use today. MORE

• Recursive recipes where ingredients in the recipe can be replaced by another recipe. The more ingredients you replace, the more that the recipe is made truly from scratch. MORE

• Ever wondered why target="_blank" has an underscore? It’s a legacy from pre-HTML5 frame semantics, allowing developers to instruct browsers to open links in new tabs without relying on frame names, ensuring a seamless browsing experience. MORE

• Susie Lu redesigned a grocery receipt using data visualization, like bubble & bar charts, to highlight costs. The project shows how data visualization can improve everyday objects. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}