- Hive Five
- Posts
- 🐝 Hive Five 128 - The Rise of the AI Engineer
🐝 Hive Five 128 - The Rise of the AI Engineer
Hi friends,
Greetings from the hive!
This weekend turned out to be a forced dopamine detox. First, due to Reddit’s new API policy, my Reddit app of choice is no longer.
Then, on Saturday, Twitter implemented some bizarre rate-limiting and broke all sorts of functionality, such as advanced search queries. RIP TweetDeck?!
This trend of a less open and user-friendly web is extremely disappointing.
We crave transparency, closeness, innovation, and collaboration.
Let’s take this week by swarm!
🐝 The Bee’s Knees
Reversing Citrix Gateway for XSS. One of the targets Assetnote looked at late last year was Citrix Gateway. Citrix Gateway is another of these “all-in-one” network devices, combining a load balancer, firewall, VPN, etc. more | advisory
Yassine talks about the road to Most Valuable Hacker and working while traveling the world. more
How Graham got hired on Google’s red team. A summary of all the information he learned while looking for new jobs and how he ended up getting hired by Google. more
The boom, the bust and the adjust. In this article, Maor covers the industry dynamic from different points of view and how each entity affected the other. more
The Rise of the AI Engineer. We are observing a once in a generation “shift right” of applied AI, fueled by the emergent capabilities and open source/API availability of Foundation Models. more | AI Engineer Summit
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🔥 Buzzworthy
✅ Changelog
Canada announced new immigration pathways that are tech friendly. more
DOMPurify 3.0.4 is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. more
Burp Suite Professional now has a powerful yet simple scripting language, BCheck, that allows you to quickly build on our world class scanning engine. more
📅 Events
Security’s Got Talent! Share your story in this short video contest! How has your password manager changed your life? more
🎉 Celebrate
Youssef won first place in the Meta Bug Bounty Researcher Conference. Amazing! more
Phillip is going all in on his new show, the Phillip Wylie Show. Let’s go! more
Matti brought home 4 trophies and a 40k bonus in Intigriti’s latest LHE. Congrats! more
TheOubliette made some awesome metal tags for Defcon. Wow! more
Tuan is taking part in a Las Vegas LHE for the first time. I’m rooting for you! more
💰 Career
Mandiant is hiring a Senior Technical Researcher for the Advanced Research and Collection team. more
Bugcrowd is hiring a Junior Security Engineer. A purple team job on a great team. more
Learn how to become the go-to AI person on your team by creating the internal prompt library. more
How to make $200K+ as a dev. Moving up the career ladder and into higher salary bands as an engineer requires growth. But it’s less about code than you might think. more
The Advantage Of Being A Little Underemployed. To realize how outdated the five-day, 40-hour workweek is, you have to know where it came from. more
“The secret to doing good research is always to be a little underemployed. You waste years by not being able to waste hours.”
⚡️ Community
Follow along with Monke’s 30 days of bug bounty challenge — I would link to a search query but Elon has broken that as well. more
Masonhck357 is aiming for a top 100 spot in Bugcrowd. You got this! more
STÖK is enjoying the silence before the Las Vegas storm. more
Nathaniel shares his experience with ADHD, medication, and exercise. more
Osirys made a slick custom (private) tool to find out valid addresses, mobile numbers, and various IDs for other countries for login/signup forms. more
📰 Read
Hacking Auto-GPT and escaping its docker container. They showcase an attack which leverages indirect prompt injection to trick Auto-GPT into executing arbitrary code. more
Jonathan Bouman takes a closer look at an app that allows one to report improper behavior at work. more
The massive bug at the heart of the npm ecosystem. Bad actors can hide malware & scripts in direct or transitive dependencies that go undetected. more
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover. more
Stored XSS to Account Takeover (ATO) via GraphQL API. Late last year, during a HackerOne LHE, Peter found an extremely challenging vulnerability on a major brand’s web site involving several layers of exploitation. more
📚 Resources
All ProjectDiscovery Tools in 30 minutes. more
HTTPLeaks aims to enumerate all possible ways, a website can leak HTTP requests. In one single HTML file. more
alephsecurity/research contains research material, tools and Proof-of-Concepts for Aleph research findings. more
25 book recommendations by Katie. They range from genres but roughly overlap with her audience’s interests of technology, information security or hacking and work or productivity. more
A Practical Guide to GNU find With Examples. more
🎥 Watch
Learn how to intercept Android App Traffic with BurpSuite. more
Ippsec walks through HackTheBox - Pollution. more
Securing Open Source Dependencies talk by Rana Khalil at NahamCon 2023. This presentation will introduce Software Composition Analysis (SCA) - the process of identifying vulnerabilities in open-source dependencies. more
Finding Your First API Bug, a NahamCon 2023 by InsiderPhD. more
How to scale your cloud infrastructure (hosting CTFs) with the CTF wizard himself, John Hammond. more
🎵 Listen
Lex Fridman Podcast #387 - George Hotz: Tiny Corp, Twitter, AI Safety, Self-Driving, GPT, AGI & God. George Hotz is a programmer, hacker, and the founder of comma-ai and tiny corp. more
Malicious Life - Sony BMG’s Rootkit Fiasco. An arrogant and ill-advised decision to include a rootkit in its music CDs cost Sony BMG a lot of money - and painted it as a self-centered, self-serving company that cares more about its bottom line than its customers. more
Smashing Security 328: UPS smishing, ChatGPT 101, and storing secret files. UPS delivers some smishing advice (but have they kept something under wraps?), they ask ChatGPT to take a long hard look at itself, and they debate what the penalty should be for taking national secrets home with you. more
Critical Thinking - Bug Bounty Podcast Episode 25: 2xMVH & Multi-million dollar hacker Inhibitor181. In this episode they talk to Cosmin (@Inhibitor181), fresh off of winning his 2nd MVH! They chat about the time management and strategy of hacking Multi-Target LHEs, determining when to pivot, and how to find normalcy in bug bounty hunting and Live Hacking Events. more
The Privacy, Security, & OSINT Show 302 - Self-Hosted 4: The Next Level. This week they continue the self-hosted series with a discussion about password managers, 2FA, Docs, Photos, Backups, Comms, and Media. more
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It’s my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In