🐝 Hive Five 153 - How to Make 2024 The Best Year of Your Life

Hi friends,

Greetings from the hive!

Merry Christmas and happy holidays. I hope you're able to spend time with family and friends.

Today's quote in my Obsidian system is a timely one:

While writing this, I'm listening to the Blue Eye Samurai soundtrack.

Let's take this last week of the year by swarm!

🐝 The Bee's Knees

1. rez0 talks about AI Application Security: Understanding Prompt Injection Attacks and Mitigations. YOUTUBE

2. SMTP Smuggling: Spoofing E-Mails Worldwide. In the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin - known for his DNS protocol attacks - discovered a novel exploitation technique for yet another Internet protocol. SEC-CONSULT

3. Sam shares a blind XSS bug on Apple's iCloud+ that led to a base64 encoded Harry Potter quote on an internal iCloud account debug and administration page. TWITTER

4. The Security Research Legal Defense Fund aims to help fund legal representation for persons who face legal issues due to good faith security research and vulnerability disclosure in cases that would advance cybersecurity for the public interest. SECURITYRESEARCHLEGALDEFENSEFUND

5. Blue Eye Samurai: Driven by a dream of revenge against those who made her an outcast in Edo-period Japan, a young warrior cuts a bloody path toward her destiny — Whether you're a seasoned Anime watcher or first-timer, I'd recommend this show to anyone. It's a masterpiece. NETFLIX | SOUNDTRACK

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. waymore v1.37 by xnl-h4ck3r: Find way more from the Wayback Machine. GITHUB

2. knoxnl v2.8 by xnl-h4ck3r release: A Python wrapper around the amazing KNOXSS API by Brute Logic. GITHUB

3. waymore v2.0 by xnl-h4ck3r release: Find way more from the Wayback Machine. GITHUB

4. Bugcrowd released v1.12 of the Vulnerability Rating Taxonomy. New additions include AI application security and LLMs. BUGCROWD

🎉 Celebrate

1. d0nut's channel is eligible to apply to the YouTube Partner Program. Let's go! TWITTER

2. Rhys is a year older. Congrats! TWITTER

3. Meg is thankful to work at her current job. Awesome! TWITTER

4. Tuan passed the $1M milestone on Bugcrowd. Huge congrats! TWITTER

5. sumgr0 is on a 12-month streak at HackerOne. Woot! TWITTER

💰 Career

1. From $4 an Hour to Fortune 500 CEO: "I Did What Nobody Else Wanted to Do". YOUTUBE

2. Making $300/hr as a Cybersecurity GRC SME ft. Miranda Stanfield, CISA. YOUTUBE

3. The big "secret" about confidence and success. YOUTUBE

4. shenetworks shares a crappy interview performance and others share theirs. TWITTER

5. The vuln research team at Rapid7 is hiring for a lead Security Researcher. TWITTER

⚡️ Community

1. Justin remembers Kris Nóva. YOUTUBE

2. A vlog of late 2022, when STÖK and P4fg went to Copenhagen for 13371122. YOUTUBE

3. The 2023 Ambassador World Cup Final: Results, Impact, and Looking Ahead. HACKERONE

4. Community answers to what people are most proud of doing/being a part of in 2023. TWITTER

5. STÖK shared his first day of his new minimalistic nomadic life experiment. TWITTER

📰 Read

1. CVE-2023-43826: Integer overflow in handling of VNC image buffers. This write-up describes the details of an integer overflow vulnerability discovered in Apache Guacamole. GITHUB

2. Retro Gaming Vulnerability Research: Warcraft 2. NCCGROUP

3. Facebook Is Being Overrun With Stolen, AI-Generated Images That People Think Are Real. 404MEDIA

4. Verizon Gave Her Data to a Stalker. ‘This Has Completely Changed My Life’ - “Verizon royally fucked up,” Poppy told me in a phone call. “There’s no way around it.” Verizon, she added, was “100% at fault. 404MEDIA

5. What Are Server-Side Request Forgeries And How To Exploit Them? Server-Side Request Forgeries (SSRF) vulnerabilities arise when any kind of web service or component (like an app or API) uses your input to craft a request on behalf of the server. NOVASEC

💡 Tips

1. bashbunni warns us not to buy SanDisk portable SSDs because of their high failure rate. TWITTER

2. Midjourney v6 text generation tips for the best results. TWITTER

3. Cobalt is your go-to place for downloads from social and media platforms. zero ads, trackers, or other creepy bullshit. Simply paste a share link and you're ready to rock. COBALT

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @shehacks_ke | SheHacks KE | A community of women cyber warriors founded & led by women, looking to bridge the skills and gender gap in InfoSec in Kenya.

2. @arcwhite | Andy White | Employee #1 and Director of Software Engineering (AU) @bugcrowd. Ruby, infosec, pol. He/him.

3. @smaury92 | smaury | Co-Founder @ShielderSecCTF Player @JBZTeamCliff Jumping Lover (23mt max so far)@[email protected].

4. @sw33tLie | sw33tLie | Hacker and CS student, 22yo.Top 50 @ Bugcrowd.

5. @ddprrt | Stefan Baumgartner @deadparrot@mastodon.social | Author | writes about Rust.

🚀 Productivity

1. How to Make 2024 The Best Year of Your Life with Ali Abdaal. YOUTUBE

2. Amanda wakes up every morning and writes from 5-7am. Her 8yo daughter started joining her. TWITTER

3. Heynote is a dedicated scratchpad for developers. HEYNOTE

4. Nominate your Obsidian 2023 Gems of the year. You can nominate projects in the following categories: plugins themes, tools, content, vault templates. OBSIDIAN

5. How to have buckets of time. One of the most important techniques DHH embraced for managing my time is to direct related tasks to a bucket, let that bucket accumulate until full, then empty it all in one go. HEY

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. A totally comprehensive history of web development and JavaScript frameworks. YOUTUBE

2. A cool story about how Maria started contributing to Neovim. YOUTUBE

3. How to use coding AI assistants effectively with Ado Kukic. What can an AI coding assistant do, and what’s the best way to add one to your workflow? YOUTUBE

4. Ask HN: What's your "it's not stupid if it works" story? Here are two of them: displaying a screenshot full-screen to do GUI manipulations and renaming Google Chrome to firefox.exe just to get it to run. YCOMBINATOR

5. A collection of Consumer electronics magazine from 1954 to 2003 in several renewed editions. WORLDRADIOHISTORY

🧠 Wisdom

1. Dr. K teaches us why you need to get better at doing nothing. YOUTUBE

2. sunil on what we used to call "surfing" has been replaced by "doomscrolling". It's time to take things back in control. TWITTER

3. "The mark of a novice is wasted movement. They do too much. Experts do less. [...]" says David Perell. TWITTER

4. Sahil talks about Shoshin, a Zen Buddhist idea that means "the beginner's mind.". This is something we should apply to everything. TWITTER

5. 8 Japanese Techniques to Overcome Laziness. INSTAGRAM

💛 Cross-pollination

1. Ancient Therapy for Modern Problems: Stoic Philosophy Explained. YOUTUBE

2. Scarface: Tiny Desk Concert — This one radiates with his decades-long passion as an emcee and producer. It might be my favorite Tiny Desk so far. YOUTUBE

3. Vincenzo Capuano is a 3rd generation Neapolitan pizza master. He learned “Arte Bianca” — the art of baking (the literal translation is “white art”) — from his grandfather. The dough-making skills are next level. TWITTER

4. TIL that people get part-time jobs for the employee discount. TWITTER

5. Tech stuff for Ten-yr-olds. Tech stuff for Ten-year-olds Chromebook; iPad Mini; Kindle Paperwhite Kids; Nintendo Switch. SUBSTACK

🐝 Fact

AUTUMN TASKS (average temperature 41-66°F/ 5-19°C)

The autumn is a time for ensuring the bees that go into winter are well-fed and healthy and their colonies are strong.

These have the best chance of survival until the weather warms up again in early spring. As the outside temperatures fall and brood rearing has finished, the bees begin to form a winter cluster.
There are certain tasks the beekeeper has to do before this happens.

This bee fact is brought to you by The Beekeeper's Bible: Bees, Honey, Recipes & Other Home Uses.

Subscribe to the Hive Five to read the rest.