• Hive Five
  • Posts
  • 🍯 Bee-side 162 - Is perfectionism a form of cowardice?

🍯 Bee-side 162 - Is perfectionism a form of cowardice?

Hundreds of curated links that didn't make it into the weekly Hive Five newsletter.

Hi friends,

Greetings from the hive!

This week's premium-only Bee-side 162 is available to ALL subscribers.

Get access to hundreds of carefully curated links that didn't make it into the weekly free Hive Five newsletter

All you have to do is subscribe and log in.

Previous editions:

What I Eat In A Day - 5 Science-Backed Principles To Get Ripped, Run Fast, & Lift Heavy - In this video, I'll walk you through what I eat in a day as a hybrid athlete, targeting aesthetic, distance running, and strength training goals. I'll break down the specific ingredients I use, the macros of each meal, and the 5 nutrition principles that have significantly improved my physique, heal YOUTUBE

HackTheBox - Visual - 00:00 - Introduction 00:50 - Start of nmap 02:00 - Examining the request the server makes to us 04:15 - Using docker to run a Gitea Instance 06:20 - Using docker to install a DotNet Container (make sure its the SDK) 09:00 - Using the dotnet CLI to create a project and adding a solutions file to it YOUTUBE

How to Get Started with Notion (without losing your mind). YOUTUBE

A Perfect Homelab Motherboard That You Can't Buy (ASRock IMB-X1231). YOUTUBE

Absolute AppSec Ep. #235 - 2023 Top 10 Web Hacking Techniques, LLM Agent Hacking - Podcast viewers will be familiar with Portswigger's annual list of Web Hacking Techniques. Ken and Seth take some time to digest the list and recommend reviewing not only the top 10, but also the nominations. A discussion on the use of LLM Agents as a dynamic scanning engine for identifying vulnerab YOUTUBE

Is PERFECTIONISM a form of COWARDICE? - Perfection vs. good enough. Join our PATREON to support the channel and gain access to Early-Release Videos, Exclusive Director’s Commentaries, Q&A Livestreams, Peer Discussions, Limited Edition Zines and Patron-Only Videos: Ari's Instagram: YOUTUBE

244 - Linux Burns Down CVEs [Binary Exploitation Podcast] - Linux becomes a CNA and takes a stance on managing CVEs for themselves, and underutilized fuzzing strategies are discussed. YOUTUBE

Hackers just log in - So many hacks happening today because of leaked credentials. No need to do something technical when you can just login. Hackers have realized that it's easier to just log in rather than hack. Big thanks to Cisco for sponsoring my trip to Cisco Live and this video. // Tom’s SOCIAL // LinkedIn: ht YOUTUBE

Answering all of your XSS questions LIVE. YOUTUBE

#133 Daily Life in February | Clean & Organize, Blueberries Banana Bread… YOUTUBE

The official writeup for Intigriti's February '24 Challenge, which involves unicode normalisation (DOMPurify bypass), XSS and cookie manipulation (path precedence). YOUTUBE

Working with others in Obsidian with Peerdraft—a new community plugin and accompanying web app that brings real-time collaboration to Obsidian. YOUTUBE

How to Start a Business | The Tim Ferriss Experiment - This is episode 8 from his TV show, The Tim Ferriss Experiment The show is like MythBusters meets Jason Bourne. YOUTUBE

Using Obsidian Canvas to visualize your thoughts and ideas is great, but imagine if I told you it's also possible to create presentations, flowcharts, and more In this video, I'll show you how you can achieve this, using Advanced Canvas community plugin. YOUTUBE

A video that explains and demonstrates how eye tracking works in Talon Voice for new users, using Control Mouse gen2, for hands-free mousing. Talon is a hands-free input replacement for the keyboard and mouse. YOUTUBE

Married people splitting their finances is foolish and asking for trouble. - I’ve never understood why married couples do this. It’s not helpful. It creates separation that leads to jealousy and ridiculous debates about mon REDDIT

I love the simplicity of this simple journaling system built with Mind and Telescope. REDDIT

People share their Apple automations. TWITTER

Scott shows us how to stream simultaneously to YouTube and TikTok, both horizontally and vertically. TWITTER

Zack's daughter did not make it. TWITTER

MKBHD is joining Ridge as chief creative partner and joining the board.

How will this save money or make money. TWITTER

Andrej Karpathy on technical accessibility. TWITTER

John Carmack wants companies to publicly share the AI behavior guardrails that are set up with prompt engineering and filtering. TWITTER

DEFCON increased their pricing again? TWITTER

This one made me giggle and cry at the same time. Bittersweet. TWITTER

Systems > Goals. Show me your workflows, routines, and processes. TWITTER

Walk your own path. Prolific maker and indiehacker Pieter Levels continuously defies dev norms and conventions. This time he shared that he doesn't use SQL JOINs but does it in PHP instead. TWITTER

Gumroad public board meeting Q1 2024. TWITTER

Dan on documenting childhood of your children via a unique email address where you mail everything to. When they turn 18, you hand over the log-in. TWITTER

spellshift/realm - Realm is a cross platform Red Team engagement platform with a focus on automation and reliability. - GitHub - spellshift/realm: Realm is a cross platform Red Team engagement platform with a focus on automation and reliability. GITHUB

v2.9 - This is a python wrapper around the amazing KNOXSS API by Brute Logic - Release v2.9 · xnl-h4ck3r/knoxnl GITHUB

kdheepak/monochrome.nvim - monochrome.nvim Install using Packer: use {'kdheepak/monochrome.nvim', config = function() vim. GITHUB

1.0.0-beta.13 - Contribute to RetireJS/ASTronomical development by creating an account on GitHub. GITHUB

v4.7 - Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - Release v4.7 · xnl-h4ck3r/GAP-Burp-Extension GITHUB
Kali-Clean - My kali i3 desktop setup. Some people have been asking so I wrote a quick installer to get going. After cloning the repo just run ./install.sh . This installs a lot of stuff, including all nerd-fonts, so it will take a while (about 20 minutes last time I checked). Feel free to optimize ;) GITHUB

0xdevalias/chatgpt-source-watch - Analyzing the evolution of ChatGPT's codebase through time with curated archives and scripts. ChatGPT Source Watch is a meticulously curated repository that serves as a treasure trove for those interested in observing the evolution of ChatGPT's webpack chunks. GITHUB

A compilation of Clojure-related talk transcripts. GITHUB

Obsidian Office Hours: The Relationship Between Bookmarks and Notes. YOUTUBE

jthack/hero - This project is a proof of concept for a Hackbot, an AI-driven system that autonomously finds vulnerabilities in web applications. It takes a raw HTTP request as input and attempts to identify and exploit potential security vulnerabilities. GITHUB

0.0.99 Red Balloons - Axiom Pro Instance Orchestration. Contribute to swarmsecurity/axiompro development by creating an account on GitHub. GITHUB

tannercollin/t0pic - Command line image host. This allows you to upload images from your command line or browser. A URL to the image is returned. GITHUB

This writeup covers the process of exploiting Empire C2 Framework <5.9.3 and concludes with recommendations for offensive and defensive teams. ACERESPONDER

Cache Deception Without Path Confusion - Today, we’ll talk about a unique case of a cache deception vulnerability that I found in one of the Synack Red Team targets. I call this particular case of cache deception vulnerability unique because unlike the usual cache deception exploits, this exploit did not rely on path confusion. KULDEEP

A DOMPurify 3.0.8 bypass (fix) Mizu recently discovered when the CUSTOM_ELEMENT_HANDLING and FORBID_CONTENTS configuration options are used together. This issue is not a major concern as it doesn't involve a full DOMPurify bypass using the default configuration. MIZU

Guidelines for Public Interest OSINT Investigations. OBSINT

How Mukund Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution. MEDIUM

a low power tool for html - How does it work? htmz is an iframe named "htmz". You invoke htmz by loading a URL into the iframe via target=htmz. By using an iframe, we lean on the browser’s native capability to fetch the URL and parse the HTML. After loading the HTML resource, we take the resulting DOM via an onload handler. LEANRADA

5 simple tricks to quickly analyze a larger list of URLs - During investigations related to people and companies, investigators often have to deal with long lists of URLs. Here are some examples of popular tools that return a list of URLs: OSINTAMBITION

ChatGPT: how it went from 0 to 100M Users - Just a year in, and ChatGPT had already hit over 100 million users a week. The OpenAI team had to hustle to keep up with this explosive growth, figuring out how to scale up without missing a beat - a seemingly impossible task. DIGITALDIGGING

AI Hacking Agents Will Outperform Humans. rez0 believes AI Agents will outhack humans. JOSEPHTHACKER

360: LockBit locked out, and funeral Facebook scams - Heaven’s above Scammers are exploiting online funerals, and LockBit – the “Walmart of Ransomware” – is dismantled in style by cyber cops. SMASHINGSECURITY

Gathering Structures - I think “wouldn't it be great if I knew people also designing interfaces for language models”, or “I wish I could explore web animation with people also trying to learn it”, or “Jesus, paper is wild, who can I talk to about this??” Then I go looking for local events and social spaces th MAGGIEAPPLETON

Command Line Fundamentals presented by this Bellingcat Tech Series. YOUTUBE

Online PKM system by brian BRIANLOVIN

Start your adventure today - What is StartPlaying? StartPlaying is the largest online platform for players to find tabletop roleplaying games and professional GMs for any game system and any virtual tabletop STARTPLAYING

Live-hacking Dropbox @ H1-3120 - In 2018, Dropbox has focused on improving our world-class bug bounty program. From increasing bounties to protecting our researchers, we’re always looking for more creative and meaningful ways to stay ahead of the game when it comes to running this program. DROPBOX

Plain Text Journaling - I cobbled together a journaling system with {neo,}vim, coreutils and dateutils. This system is loosely based on Ryder Caroll’s Bullet Journal method. I start the week by writing a header and each item that week is placed on its own line. The items are prefixed with a todo or a done signifier. PEPPE

s l o w r o a d s - endless driving zen in your browser SLOWROADS

Signal finally introduced usernames, so you can use it without giving your phonenumber. TWITTER