- Hive Five
- 🐝 Hive Five 151 - It’s later than you think
🐝 Hive Five 151 - It’s later than you think
Greetings from the hive.
Don’t keep putting things off. Go for it! I believe in you. Whatever your dream is, I'll see you there.
Let's take this week by swarm.
🐝 The Bee's Knees
Next Gen Hacker? atomiczsec shares their experience as a hacker and how they use their skills in cybersecurity to solve problems and pursue their interests. YOUTUBE
An interview with MVH, DEFCON Black Badge, and Googler Sam Erb. In this episode of CTBB, they talk about the importance of understanding how systems work to find vulnerabilities, and how his engineering background influences his hunting style and methodologies. YOUTUBE
mega7 found an SSRF in HackerOne's Analytics Reports. The issue allowed attackers to make internal requests from our application servers by exploiting a lack of output sanitization in an error message. By crafting malicious requests, an attacker could have accessed internal AWS services and obtained temporary credentials. HACKERONE
Trains were locking up for arbitrary reasons after being serviced at third-party workshops. What they found after reverse engineering is wild. HACKERSPACE
Blind CSS Exfiltration: exfiltrate unknown web pages. It can extract input’s names and values, textarea name attributes, form actions and even anchor links. PORTSWIGGER
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
Happy 30th birthday to DOOM! TWITTER
Ian started Seats.aero 1.5 years ago as a fun side project. To his surprise, it grew much faster than expected. Let's go! TWITTER
Rohan achieved a spot in the HackerOne Top 100. Amazing! TWITTER
NahamSec hit the million-dollar milestone on HackerOne. LFG! TWITTER
Inti was awarded the "UNDER 30 - Cybersecurity Professional of the Year” title. Well deserved! LINKEDIN
Never thought about this before, but Connor shared how to max out PTO in 2024. TWITTER
Day In My Tech Life: FIRE with DOD Cybersecurity Engineer Huralain. Step into the world of a DOD Countermeasure Cybersecurity Engineer with her own government cybersecurity contracting company. YOUTUBE
Wes on how to raise the bar on your team: aim for a culture of high standards and high feedback. TWITTER
4n6lady is hiring on her team: AWS Customer Incident Response Team in various locations globally. TWITTER
This one made me laugh out loud. Kate on the three stages of career development: I want to be in the meeting, I want to run the meeting, I want to avoid meetings. TWITTER
Charlie shares a talk that's impacted his life profoundly: Richard Thieme - Staring into the Abyss at DEF CON 19. TWITTER
A hilarious Twitter post and comments on fun activities to do with a 6-week-old baby. TWITTER
Katie shared her desk setup and it looks amazing! TWITTER
2023 SANS Holiday Hack Challenge & KringleCon. Join the global cybersecurity community in its most festive cybersecurity challenge of the year. SANS
2024 HackerOne Live Hacking Events structure and rules. HACKERONE
Achieving Remote Code Execution in Steam: a journey into the Remote Play protocol. Valve, the company behind the widespread videogame platform Steam, released in 2019 a feature called Remote Play Together. It allows sharing local multi-player games with friends over the network through streaming. THALIUM
OWNCLOUD CVE-2023-49105 allows you to either get complete access to the files of any user (and potentially, get RCE), or if you already have an account, escalate your privileges to admin, paving the way for remote code execution. The other, CVE-2023-49103, is a PHPinfo. AMBIONICS
Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports - February 14, 2020, brought an unprecedented Valentine’s Day surprise for Costa Rican police –– in a shipping container of decorative plants, they discovered 3.8 metric tons of cocaine. OCCRP
Carlo, an infrastructure engineer at HackerOne, wrote about if infrastructure written as code can go stale. CARLO
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@chrisbiscardi | party-corgi.
@pikpikcu | pikpikcu | Stay kiddie stay wannabe.
@riskybusiness | Patrick Gray | Host of the Risky Business® podcast. Guests by invitation only.
@0xpatrik | Patrik Hudak | (Automation x AI)².
Categorize your life and use a journaling prompt to see how you align over time. YOUTUBE
Everyone's favorite proxy companion, FoxyProxy, introduced shortcuts for enabling/disabling the proxy. TWITTER
Greg on the benefit of outlining your vision for the future in detail: "A line is a dot that went for a walk." TWITTER
A simple productivity tip that no-one talks about: checklists — Whenever I incorporate these, such as for my newsletter, the results are immediate. I should really implement these further. YOUTUBE
A 1-minute short how to use fd, fzf, fzf-tmux, and neovim — I love this format! I even learned a thing or two. YOUTUBE
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
How one developer continues to defy the impossible. Nathan takes a deep dive into the Doom games. YOUTUBE
7 Days of indie game dev — I have no idea who this is or what the game is about but their approach and editing are great: . YOUTUBE
Building Basecamp project stacks with Hotwire. Nicklas shows us how they used Turbo and Stimulus to implement project stacks, a new feature to visually group projects in Basecamp. 37SIGNALS
Mozilla Hacks introduces llamafile, which lets you turn large language model (LLM) weights into executables. MOZILLA
In this series, Vhyrro explains how you can effectively script Neovim to become your perfect text editor. YOUTUBE
Paul on a superpower is to be interested in important things tha tmost other people find boring. TWITTER
A Portland father reflects on the sudden loss of his son: "It’s later than you think." OREGONLIVE
Danny on future work: generalists > specialists. Learn the basics and let AI do the heavy lifting. TWITTER
If you ever wondered how to stand out: just keep going. Paul shares how many people make it through each day of Replit's online 100 days of code tutorial. TWITTER
How Lauren (and the interwebs) found the original artists of a country song that played in the background of an X-files episode. TWITTER
World’s Strongest Man Lives The Sumo Wrestler Lifestyle For 72 hours. YOUTUBE
What you should include in the About page of your blog. TWITTER
52 things Tom learned in 2023, such as this gem: "When Italy banned Chat-GPT, productivity of coders in the country fell by 50% before recovering. (David Kreitmeir & Co)". MEDIUM
Advice therapists have that completely changed people's outlooks. REDDIT
The sacbrood virus prevents the bee larva from making its final moult when the prepupa turns into a pupa, and it dies before it can spin its cocoon.
Generally only a few larvae in a colony are infected. The dried larvae, in their larval skins, can look as though they have died from AFB but are more easily removed from their cells. The dead larvae have pointed ends that stick up, resembling the upturned toe of a Chinese slipper.
This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In