🐝 Hive Five 154 - Pipe Dreams

Hi friends,

Happy New Year from the hive!

One day late, but we out here. You won't believe it, but I managed to catch the flu right before the year's end. Not only that, it hit me during an 8-hour drive to an important medical appointment for my wife.

To make matters worse, while I'm writing this I'm still sick and I've been hit with an ongoing splitting headache.

Here's to a healthy 2024 🥂

Let's take this year by swarm!

🐝 The Bee's Knees

1. Pipe Dreams: The life and times of Yahoo Pipes. "Pipes," as it were, stemmed from the pipeline concept in Unix, in which one kind of program could straightforwardly feed, or pipe with a |, its output to the next, and so on. RETOOL

2. Rick Rubin shares how he deals with creative or writers block. He treats his work like a diary entry — when I heard this I thought it was brilliant. I'll be cultivating this mindset as well. TWITTER | PODCAST

3. In this 28-Day Get Hired Challenge by Alyssa, she tackles one topic from her book, Cybersecurity Career Guide. YOUTUBE

4. Operation Triangulation: The last (hardware) mystery: "...this is definitely the most sophisticated attack chain we have ever seen." SECURELIST

5. npm search RCE? Escape Sequence Injection. How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not. SOLIDSNAIL

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. jsqzl 2023.4.7 contains a new descriptor type: Client Behavior. This release includes: cookies, Local/Session Storage, messages. TWITTER

🎉 Celebrate

1. Monke shares their 2023 wins: 40k in bounties, attending live hacking events, getting published, and finishing university. Amazing! TWITTER

2. Pentester Land is back after an unplanned 2 month break. Welcome back! TWITTER

3. This year, Davin opened an Esports, Gaming, & Tech/Cyber Education center. Wonderful! TWITTER

4. Lilly finished 100 books in 2023. Awesome! TWITTER

5. Arthur ended 2023 in 2nd place in the Brazilian ranking, 17th in the 2023 world ranking and entered the All Time Leaderboard. Let's go! TWITTER

💰 Career

1. Equal pay for equal work is a list of organizations that pay remote workers equally regardless of their location. Some examples are Basecamp, ConvertKit, and DuckDuckGo. GITHUB

2. How to get hired as a dev in 2024. Watch this video for advice on how you can give yourself an advantage, demonstrate your potential to hiring managers, and become a developer that gets referrals for jobs. YOUTUBE

3. From 20 to Life to 500k/yr in GovTech Cyber as a Felon ft Raquese Harris. Step into the world of a Cybersecurity Technical Project Manager at AWS with Raquese Harris. YOUTUBE

4. Matt and his wife worked 100 hours from a McDonalds PlayPlace. When you have 3 kids, you have to be flexible and improvise. TWITTER

⚡️ Community

1. Justin imploring platforms and programs to work together to figure out a way to allow bug hunters to perform source assisted assessments. TWITTER

2. Michael's power has been out since Christmas after a tornado combined with a heat wave. Stay safe! TWITTER

3. Ali is looking for sponsors for an insane party in NYC in March. They're expecting over 200+ high profile hackers and infosec folks. TWITTER

4. Charlie has a new website to match the new year. I'm loving the usage of yellow. CERIKSEN

📰 Read

1. SSH ProxyCommand unexpected code execution (CVE-2023-51385). GITHUB

2. Don't Believe Your Eyes: A WhatsApp Clickjacking Vulnerability. Imagine you have received a WhatsApp message with a link to ln.instagram.com. Where do you think the link leads? GITHUB

3. LuemmelSec shares their first-ever reported public vulnerability: Amazon Cognito Ratelimit Bypass. GITHUB

4. Prince, inspired by Daniel Miessler's post "What I'm doing and How it's Going", writes about the Career Dilemma. He wants to remind you that you're not alone in this journey of uncertainty. PWNMACHINE

💡 Tips

1. A third of Justin's bug bounty earnings came from 3 reports this year: two Epic Games reports and one Shopify report. "Go for the big bounties - it pays off." TWITTER

2. Amanda reminds us that growth happens in macro, not micro: "Don’t let the next 31 days define your entire year." TWITTER

3. Check out packetstorm (tip by Jason) if you're in need of generic "path" wordlists in different languages. TWITTER

4. While screenshotting with a headless browser, do this as well. TWITTER

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @avlidienbrunn | ­Mathias Karlsson | Web security fiddler. Bug bounty bastard.

2. @vinodsparrow | Vinoth Kumar | co-founder & ceo @zerogatehq.

3. @katherinecodes | Katherine Oelsner | Senior Software Engineer @github.

4. @ustayready | Mike Felch (Stay Ready) | Red Teamer / Security Research | Prior: CrowdStrike / Current: BHIS | In Christ’s grip | Pentesting since 1997 | Security Focus: Cloud.

🚀 Productivity

1. Frooodle's Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files, such as splitting and adding images — To this day I still wrestle with PDFs. Next time this might come in handy. GITHUB

2. Neville's productivity advice for 2024: write your todo list the night before, never add to it the same day, once finished, you must hard-stop working. TWITTER

3. Nik's goal setting framework: 1. Identify WHAT you want, 2. Stop Thinking Small, 3. Create the Plan, 4. Create a Feedback Loop. TWITTER

4. Noah's yearly goal chart divides goals in 4 areas. Each area is limited to 4 goals or less for simplicity. TWITTER

5. The importance of saying no, visualized. TWITTER

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. mithril-security's BlindChat is a fully in-browser privacy solution to make Conversational AI privacy-friendly. GITHUB

2. Aaron ranked his own baby for the "world's happiest baby" search term. It took him a year to do so. TWITTER

3. Increase your programming productivity by being able to restate hard problems as simple ones. For this, DHH recommends the book "Are your lights on?" by Gerald M. Weinberg. TWITTER

4. Nick spent over $5k on mice and tested over 25+ ones to find a winner. It's the MX Ergonomic Advanced Wireless Trackball, which coincidentally is my mouse. TWITTER

🧠 Wisdom

1. Trung shares 8 gems of putting historical dates in perspective. Here's one: A really well-travelled person could have potentially met Socrates (470-399 BCE) Confucius (551-479 BCE) and Buddha (563-483 BCE). TWITTER

2. Dax reminding us to find ways NOT to knock at the front door of a company with everyone else. This was a response to Cloudflare sharing their job application stats, extending offers to less than 0.1%. TWITTER

3. Ali on procrastination being an emotional problem: "You don't put things off because you're lazy, unmotivated, or lack discipline." TWITTER

4. Picking a purpose: "Victor Frankl wrote Man’s Search for Meaning after surviving a concentration camp during World War II. He observed the outer extreme of what happens to people who no longer have a WHY to live for." HEY

💛 Cross-pollination

1. Gokul shared their spreadsheet to keep track of subscription hell and it blew up. TWITTER | TEMPLATE

2. Most of us have a pretty terrible understanding of history. Our knowledge is spotty, with large gaps all over the place. For example, did you know that Martin Luther King and Anne Frank were born in the same year? WAITBUTWHY

3. HNers share their favorite (software) blog posts of 2023. Such as this gem called Bicycle. YCOMBINATOR

Subscribe to the Hive Five to read the rest.