🐝 Hive Five 147 - Take up space

Hi friends,

Greetings from the hive!

Happy Diwali 🪔. I'm under the weather while writing this, so not much of an update from me.

Let's take this week by swarm!

🐝 The Bee's Knees

1. A talk by Orange Tsai at HEXACON2023: A 3-Year Tale of Hacking a Pwn2Own Target. The attacks, vendor evolution, and lessons learned. YOUTUBE | SLIDES

2. Take up space is a beautiful and powerful talk by Shirley Wu at React Rally 2023. A story about identity, burnout, finding courage, rekindling a dream, and settling into the discomfort of not knowing what comes next. YOUTUBE

3. Ruby on Rails: The Documentary. Ruby on Rails has one of the most faithful communities online, it also has one of the most controversial, rabble-rousing creators out there, Danish programmer, David Heinemeier Hansson — RoR was my introduction to building full stack web apps, so it always holds a special place in my heart. YOUTUBE

4. What types of DoS bugs will get you a bounty? A case study of 138 DoS bug bounty reports. YOUTUBE

5. AI Engineering 101 workshop. An introductory course for AI Engineers where you build 5 small projects covering GPT3 API Basics, Prompt Tooling and Memory , Code Generation with GPT4, Image Generation with Dall-E, Stability AI, Lexica, and Midjourney, Speech-to-Text with Whisper. YOUTUBE

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. PentesterLab added 5 new intro videos to their Unix labs. TWITTER

2. XnlReveal v2.3 is a Chrome/Firefox browser extension to show alerts for relfected query params, show hidden elements and enable disabled elements. TWITTER

3. xnl-h4ck3r/knoxnl v2.4 is a python wrapper around the amazing KNOXSS API by Brute Logic. GITHUB

4. ZMap 4.0.0 RC1 introduces the notion of multi-port scanning, which has been a long requested feature. GITHUB

📅 News

1. Intigriti has a new Head of Hackers, and it's none other than r0adrunn3r. TWITTER

🎉 Celebrate

1. Corgi is down 45 pounds. Let's go! TWITTER

2. STÖK leveled up. Happy birthday! TWITTER

3. d0nut received some banging feedback on his latest talk: "Compile-Time Authorization." Love it! TWITTER

4. Meg sharing her fitness goals and what she can't do...yet. Get some! TWITTER

5. bsysop reached the all-time top 14 on Bugcrowd. Congrats! TWITTER

💰 Career

1. Emily has three talented folks looking for work: a sysadmin, visualization engineer, and L3 helpdesk. TWITTER

2. How designers can create "secret missions" at work to increase impact — This can be applied to any role. YOUTUBE

3. Day in My Tech Life with Brie G. who's making 250k/yr as a BA/Product Owner. YOUTUBE

4. Aaron Francis talks about "Publishing Your Work" at Laracon US 2023 Nashville. In this inspiring session he shares the transformative power of sharing your work with the world. YOUTUBE

5. It’s important to remember that insert company is just a phase in people’s lives. At some point everyone currently working at insert company will leave. CRITTER

⚡️ Community

1. A nano pop quiz by Jack! Without looking it up, how do you copy and paste within nano? (using keyboard only.) TWITTER

2. STÖK on how easy it is to underestimate how much time and effort goes into quality content creation. TWITTER

3. jensec is the latest hacker to earn $1 million in bounties on HackerOne. TWITTER

4. A compilation of Bugcrowd's Bug Bash 2023 in Las Vegas, NV. YOUTUBE

5. Shubs regrets not trying out Caido sooner. Have you tried it? TWITTER

📰 Read

1. Usurping Mastodon instances (CVE-2023-42451). This blog post gives details about the GHSA-v3xf-c9qf-j667 vulnerability (for which GitHub issued CVE-2023-42451) and how it could be exploited. GITHUB

2. Adversarial Attacks on LLMs. Adversarial attacks are inputs that trigger the model to output something undesired. GITHUB

3. Navigating the Sea, Exploiting DigitalOcean APIs—a deep dive into the nitty-gritty of its role-based access control. IMPERVA

4. Plundering Postman with Porch Pirate. During one of their engagments, they observed a significant number of secrets being committed to Postman workspaces by the company's developers. MANDCONSULTING

5. The New Kings of Open Source AI (Oct 2023 Recap). Mistral is the new open source unicorn in town, top takes from the AI Engineer Summit, and our usual highest-signal recap of top items for the AI Engineer from Oct 2023. LATENT

💡 Tips

1. TIL you can add a .png to the end of your GitHub profile link and it'll give you your profile picture. TWITTER

2. Jayesh shares their $16K ATO bug: "Always test unusual login flows by logging in with a 3rd party provider without sharing email with the target site." TWITTER

3. Justin answers the age old question: "How do you find high and critical impact vulns?" He says to start thinking bigger. TWITTER

4. Justin on building extensible tools that can interact with multiple products. TWITTER

5. Monke tells themself if they can't find bugs, it's just a skill issue and they need to be more creative. A great approach, but remember to be kind to yourself. TWITTER

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @inkdrop_app | Takuya aka devaslife | Maker of a Markdown note-taking app | 150k subs.

2. @naglinagli | Nagli | Founder & CEO at @shockwave_sec , 4th Hacker in the world at @Hacker0x01 for 2022 | Bug Bounty Hunter | Speaker @DEFCON, GISEC.

3. @Laughing_Mantis | Greg Linares (Mantis) | Infosec. Computer Goth. Musician. Autistic. Art @MalwareArt. 3 x Pwnie Nominee. Blue & Red team. VXer. Chronic Illness Fighter. I love Smite & Synths.

4. @HazanaSec | ʜᴀᴢᴀɴᴀ.

5. @Corb3nik | Ian Bouchard | Security Enthusiast, CTF Fanatic, Bug Bounty Hunter, @opentoallctf/perfect.blue/NorthernCoalition Web guy, @CaidoIO Co-Founder.

🚀 Productivity

1. Dr. Julie on the benefit of spending just 30 minutes to plan you week. You'll be organized, prepared, and more effective. TWITTER

2. Thomas on generators of happiness: excercise, connection, and feeling helpful. TWITTER

3. Daniel on limiting or reducing scope. As Peter Thiel puts it: "If you have a 10-year plan of how to get [somewhere], you should ask: Why can’t you do this in 6 months?" TWITTER

4. 9 ways to keep your home organized — Nothing groundbreaking but it's a continuous struggle for me still. YOUTUBE

5. Jason on time management: "Don't get better at managing your time, get better at eliminating obligations." TWITTER

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. 7 anti-ego principles by swyx: "10 year career start with 10 day sprints." TWITTER

2. How to move your local AWS creds to IAM identity center. TWITTER

3. When a vim user makes a product: a spacebar peek — I don't even know what the product is, but I just had to share this. Keyboard shortcuts for life! TWITTER

4. githubnext/monaspace is a monospaced type superfamily with some modern tricks up its sleeves — I'm a sucker for fonts. I gotta catch 'em all' GITHUB

5. continuedev/what-llm-to-use is a perspective from the Dev+AI. The first choice you typically make is whether you are going to use an open-source or a commercial model. GITHUB

🧠 Wisdom

1. The television series Mozart in the Jungle reminds us of the beauty of being an amateur: "You say 'amateur' as if it was a dirty word. 'Amateur' comes from the Latin word 'amare', which means to love. To do things for the love of it." Source: Mozart in the Jungle JAMESCLEAR

2. Jack on not settling down and to thrive in mind and spirit. TWITTER

3. Chase talks about How To Be Yourself: "Be yourself, everyone else is already taken." YOUTUBE

4. Douglas on the under appreciation about the joy that comes with being a novice at something: "Enjoy it!" TWITTER

5. A reminder from Justin that you aren't rewarded for hard work. You're rewarded for creating something of value. TWITTER

💛 Cross-pollination

1. Kepano on being in good hands: "[...] When I am in good hands I open myself to a state of curiosity and appreciation [...]" TWITTER

2. Lenny interviews Brian Chesky on his new playbook. Brian is the co-founder and CEO of Airbnb. Under his leadership, Airbnb has grown into a community of over 4 million hosts who have welcomed more than 1.5 billion guests across over 220 countries and regions. YOUTUBE

3. bald and bankrupt crossed the World's Deadliest Jungle: Darien Gap. YOUTUBE

4. Behind The Scenes Of Dragon's Den. Steven Answers The Top 10 Most Google'd Questions — I'm always fascinated with behind the scenes and a day in the life of content. YOUTUBE

5. Famous pickpocket Apollo Robbins demonstrates tricks of the trade. YOUTUBE

🐝 Fact

There is an art to lighting a smoker and keeping it lit so that it is available when acquired during a colony examination. A good smoker fuel burns slowly and produces a cool smoke. Soft rotten wood, wood chips, small pieces of kindling, or long pine needles are all suitable. Other useful materials are raw cotton fibers or compressed straw pellets. Avoid using any materials that have been treated with a fire retardant or chemicals such as insecticides.

This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.

Subscribe to the Hive Five to read the rest.