- Hive Five
- 🐝 Hive Five 152 - Never feed a beast you don't want to grow
🐝 Hive Five 152 - Never feed a beast you don't want to grow
Greetings from the hive!
When you find yourself unable to start a task, tell yourself to accept the initial agitation.
Let's take this week by swarm!
🐝 The Bee's Knees
Google OAuth is broken. TruffleSec released a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. TRUFFLESECURITY | YOUTUBE
Why Air Quality Matters. DHH's brand new house was making them sick. That lead him to study indoor air quality, and the findings were stunning. Besides the risk of making you physically sick, your mental capacity can take a serious hit. YOUTUBE
Apache Struts File Upload Exploit (CVE-2023-50164) analysis and POC. ALIYUN
Remote Code Execution on Ahold Delhaize, one of the biggest food retail groups. This critical CVSS 10 bug went unpatched for longer than 3.5 years after reporting it. MEDIUM
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
vx-underground is giving away 12 Evilginx Master courses. This over $5,000 worth of educational material. TWITTER
IntelTechniques's Irish Exit to the podcast. INTELTECHNIQUES
Zoom unveils VISS: a revolutionary approach to vulnerability impact scoring. While traditional scoring systems like the Common Vulnerability Scoring System (CVSS) focus on an attacker's viewpoint and worst-case scenarios, VISS takes a different stance. ZOOM
sumgr0 received their 3rd challenge coin within the last two months. Amazing! TWITTER
James Kettle got married. Congrats you two! TWITTER
NahamSec found a crit and received a sweet bounty. Nice find! TWITTER
d0nut and his partner of 8 years are engaged. Woohoo! TWITTER
Jason trained over 500 students in his live courses. Awesome! TWITTER
JP Morgan's Jamie Dimon shares the best career advice they’ve received. YOUTUBE
Day In My Tech Life: From Military to DOD Cyber Threat Hunter ft Kajhon Soyini. YOUTUBE
Why and how Linear does work trials. They believe the only way to build a quality product and business is to hire people they can trust to make good judgments, across all functions and levels. LINEAR
Daniel shares his updated Vim and Terminal config — Coincidentally, I've also started using the LazyVim base. TWITTER
STÖK on the benefits of AI, when leveraged correctly, making us better hackers and creatives. TWITTER
XNL-h4ck3r on donating to the Internet Archive if you've ever used them, as they are a non-profit org. TWITTER
Cybergibbons breaks down what the Flipper Zero does and how it's doing it. They start with the Mifare Classic reading. TWITTER
Frans shares the solution to his XSS-challenge from last week. TWITTER
An introduction to fuzzing. Fuzzing, or fuzz testing, is a technique where invalid, unexpected, or random data is passed into a system to discover coding errors and security loopholes. SUBSTACK
CrushFTP - CVE-2023-43177 Unauthenticated Remote Code Execution. The vulnerability could potentially allow unauthenticated attackers with network access to the CrushFTP Instance to write files in the local file system and eventually in some versions could allow the executing of arbitrary system commands. PROJECTDISCOVERY
0xblackbird shares an underrated way to quickly find new vulnerabilities: "Right before you stop working, go to your proxy interceptor's history and..." TWITTER
sw33tLie shares that you can run a local LLM model for when you don't have access to the internet. TWITTER
Max improved his bug bounty skills by using these 12 simple rules. TWITTER
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@TCMSecurity | TCM Security | Disrupting the education and hacking industry. Come learn to hack at TCM Security Academy! Veteran owned. Quality results.
@raymondcamden | Raymond Camden | Cats, adoption advocate, developer relations, Star Wars nerd, Jamstack, lover of good beer & good books. He/Him.
@Sil3nt_4unt3r | $!|3nt_4unt3r | Bug hunter, coder, blockchain enthusiast.
Flow Launcher allows for quick file search & app launcher for Windows with community-made plugins. GITHUB
logancyang brought CoPilot to Obsidian. Their goal is to make this AI assistant local-first and privacy-focused. It has a local vector store and can work with local models for chat and QA completely offline. GITHUB
Kevin Kelly's flow chart when deciding whether to work on something (or not). TWITTER
Two must-have macOS apps: Rectangle and Raycast — I'm with DHH on this one, except I use Magnet for the former. TWITTER
Note taking templates Nicole use in Obsidian (Obsidian Tour 2023). YOUTUBE
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
DHH shares his primary mission for Rails 8: PWA, installable apps, and to embrace the full realization of progress in storage. In that order. TWITTER
This week I learned that there is a Microsoft Excel Championship. It's been won by Andrew "The Annihilator" Ngai for the 3rd straight time. YOUTUBE
linexjlin collects leaked GPT prompts. GITHUB
Office chair recommendations from the X hivemind. TWITTER
4 Web Devs, 1 App Idea (Cassidy Williams, David Khourshid, Shaundai Person) build an app that has a leaderboard. YOUTUBE
Dr. Julie on fighting losing battles: "Never feed a beast you don't want to grow." TWITTER
Build your binge bank. Expand your luck by sharing publicly, without immediate success or views. TWITTER
Justin on playing to your strengths: "Don't look for a message that resonates with your audience..." TWITTER
Life lessons from a 44 year old — Here are some that resonated with me: "The small details of your day matter..." and "Put your phone down." ANNIEMACMANUS
Huberman shares his Yoga Nidra and NSDR meditations that he's done 1-7X per week since 2017. TWITTER
After failing 24 times over the last 17 years, Casey Neistat ran a marathon under 3 hours. LFG! TWITTER
These prompt questions help you choose the right thinking tool for a problem, decision or a system. UNTOOLS
Visiting The Giants Strength Of Hawaii: Stone Lifting, Wrestling, and Climbing. YOUTUBE
Random League of Legends news that stood out to me, a world famous ADC, Rekkles, joined T1 — I applaud him for challenging himself with a new language, culture, team mates, and new role.
Watch the best short films. SHORTOFTHEWEEK
Melting beeswax. For all candlemaking, clean beeswax must be melted in a double boiler or a stainless steel container in a hot water bath. The wax should not come into direct contact with the water or the heat. The temperature of the wax can be checked with a meat thermometer: different candlemaking methods require different temperatures for the best results. The melting point range for beeswax is 144-147°F (62-64°C).
This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In