- Hive Five
- Posts
- 🐝 Hive Five 135 - The A.I. Dilemma
🐝 Hive Five 135 - The A.I. Dilemma
Hi friends,
Greetings from the hive!
I was shocked to hear that Kris Nova suddenly passed away. I didn’t know her well, but I knew of her, and would occasionally tune into her streams.
My condolences go out to her family and friends. What stood out to me, besides her brilliance, was her love for community and relentless drive. She made things better.
I’m afraid to live, but I’m glad she did. Showing us the way.
RIP.
Let’s take this week by swarm!
🐝 The Bee’s Knees
The A.I. Dilemma, March 9, 2023. Tristan Harris and Aza Raskin discuss how existing A.I. capabilities already pose catastrophic risks to a functional society, how A.I. companies are caught in a race to deploy as quickly as possible without adequate safety measures, and what it would mean to upgrade our institutions to a post-A.I. YOUTUBE
SAMLjacking a poisoned tenant. A demo combining two new SaaS attack techniques to make a simple, but effective attack chain. PUSHSECURITY
How Daniel Miessler went from a $350K FTE to $700K+ doing his own thing. And so could you. DANIELMIESSLER
DEFCON 31 Recon Village talks are up and ready for you to consume. YOUTUBE
Zero Touch Pwn: Abusing Zoom’s Zero Touch Provisioning for Remote Attacks on Desk Phones. SYSS
Which Bee’s Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
️💪 Sponsor
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
🔥 Buzzworthy
✅ Changelog
Noir v0.4.0 now supports Swagger analysis. When Swagger documents are detected in the target source code, the tool analyzes those files to identify and extract endpoints. GITHUB
🚨 News
AI-Powered Fuzzing: Breaking the Bug Hunting Barrier. Using LLMs is a promising new way to scale security improvements across the over 1,000 projects currently fuzzed by OSS-Fuzz and to remove barriers to future projects adopting fuzzing. GOOGLEBLOG
Researcher says they were behind iPhone popups at Def Con. TECHCRUNCH
🎉 Celebrate
💰 Career
The Pivot with Jane Frankland: Women In Cyber and IN Security Movement. Jane is a tech entrepreneur, book author, international speaker, and passionate women’s change agent. YOUTUBE
2023 Roadmap To Your First Cybersecurity Job. YOUTUBE
From Mid to Senior: Time Management and Prioritization. Stepping up the ladder from a mid-level developer to a senior role can feel like entering a whole new universe. IVANNOVAK
Former Google recruiter’s No. 1 resume red flag: “There’s zero chance you’re going to move forward”. There are various don’ts to keep in mind: Don’t misspell words. Don’t go over two pages. Don’t write a list of vague skills without providing proof you’ve actually accrued them. CNBC
⚡️ Community
Idea Amplification: Be a Hype Man For Your Friends. Rez0 explains the benefits of hyping up your friends’ ideas. REZ0
The Critical Thinking podcast want to know what you’d like to see next. Let them know! TWITTER
Non-tech related things that hackers nerd out about. Hakluke’s ones are: backpacks, flashlights, jazz, trumpet, minimalism, and camping. TWITTER
BugBountyHQ is a year older. Happy belated birthday! TWITTER
Rodolfo has been suffering from severe mental health issues. He asks for support by sharing his work and tool, KNOXSS. TWITTER
📰 Read
Spring WebFlux – CVE-2023-34034 Write-Up and Proof-of-Concept. Spring Security’s newly released versions contain a fix for a broken access control vulnerability. JFROG
Knocking on the Front Door (client side desync attack on Azure CDN). A few months ago, Jeti embarked on a security bug hunt within the scope of a private program available through the Intigriti platform. JETI
Michael shares some automation pitfalls and success in bug bounty. TWITTER
How Nagli earned 5-figure bounties from sensitive links, sent via email, that were leaked without any user interaction. TWITTER
Justin explains how skilled hackers find complex and creative bugs using chains of gadgets. TWITTER
🙏 Support
Enjoy reading the Hive Five? You can treat me to a coffee!
You can also share the newsletter with your friends.
💡 Tips
Random Robbie on leveraging the wayback machine browser extension. TWITTER
Hackers share the little things they’ve picked up along the way that stand out. TWITTER
Learn more about these TruffleHog commands: Git vs Filesystem. TRUFFLESECURITY
Join Louis as he introduces the power of tabletop exercises in enhancing your application security and team dynamics. YOUTUBE
🍯 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@DfirDiva | DFIR Diva | Jr IR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart.
@i_bo0om | Bo0oM | Web application security researcher@sploitus_com.
@sobedominik | Dominik Sobe | Indie Hacker and Surfer tweeting about bootstrapping SaaS. Sharing my lessons. Currently turning Notion Docs ➯ professional Help Center @HelpkitHQ.
@Rhynorater | Justin Gardner | Christian | Full-time Bug Bounty Hunter | 2x HackerOne MVH | Host of @ctbbpodcast | English, 日本語 | ♥️ @mariahchan_ ♥️.
@flaviocopes | flavio.
🚀 Productivity
How to Give Yourself Time to Think. Whether it’s for a few hours, a few days, or a full week, everyone needs dedicated time to reflect. BESIDE
Write about what you learn. It pushes you to understand topics better. ADDYOSMANI
Adam on the value of automated checkins to keep a company (or person) focused, and working on the right things. TWITTER
TIL that if you hold down CTRL in Windows, the process list in Task Manager freezes so you can select rows without them jumping around. TWITTER
Obsidian’s composability of templates will speed up your workflow. TWITTER
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It’s my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
🌐 Technology
Makefile Tutorial by Example. Chase built this guide because they could never quite wrap my head around Makefiles — me neither! MAKEFILETUTORIAL
dnakov/little-rat is a small chrome extension to monitor other extensions’ network calls. GITHUB
dillionverma/llm.report is an open-source logging and analytics platform for OpenAI Introduction. GITHUB
Why there aren’t more women in STEM. Comms Specialist and STEM/Space Influencer Alexandra shares her story. REDDIT
The Problem with Linus Tech Tips: Accuracy, Ethics, & Responsibility. This video covers our serious concerns regarding the data accuracy of Linus Media Group, including Linus Tech Tips, ShortCircuit, and TechQuickie. YOUTUBE
🧠 Wisdom
“If you have only one leg to a stool, it’s easy to kick out.” — Dr. Gurner
Justin reminds us of the bigger picture: “when you’re learning bug bounty, failing is a small W.” — I agree, and would apply that to all areas of life. TWITTER
Steph on creating: “When you have conviction that something should exist in the world, don’t let too many voices dilute that vision.” TWITTER
Learning to be okay with not doing bug bounty full-time is something Jason had to learn. TWITTER
💛 Cross-pollination
An 800 square feet garden in San Francisco’s Mission District. Planning started in 2015 and we finally planted in January 2017. ZACHKLEIN
RetroFlix is a project archiving public domain films, TV shows and cartoons. RETROFLIX
Halli talks about why he creates, obsessively, at Kinference in NYC. TWITTER
Danny Postma, a prolific solopreneur, shares lessons learned over the years — I liked this one: “Building a successful business is 95% marketing, 5% everything else.” TWITTER
🐝 Fact
“Up until 2010, it was illegal to keep beehives in New York City. Chicago, however, has a city-owned beehive on the roof of City Hall.”
This bee fact is brought to you by The Beekeeper’s Bible: Bees, Honey, Recipes & Other Home Uses.
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In