- Hive Five
- 🐝 Hive Five 154 - Pipe Dreams
🐝 Hive Five 154 - Pipe Dreams
Happy New Year from the hive!
One day late, but we out here. You won't believe it, but I managed to catch the flu right before the year's end. Not only that, it hit me during an 8-hour drive to an important medical appointment for my wife.
To make matters worse, while I'm writing this I'm still sick and I've been hit with an ongoing splitting headache.
Here's to a healthy 2024 🥂
Let's take this year by swarm!
🐝 The Bee's Knees
Pipe Dreams: The life and times of Yahoo Pipes. "Pipes," as it were, stemmed from the pipeline concept in Unix, in which one kind of program could straightforwardly feed, or pipe with a |, its output to the next, and so on. RETOOL
Rick Rubin shares how he deals with creative or writers block. He treats his work like a diary entry — when I heard this I thought it was brilliant. I'll be cultivating this mindset as well. TWITTER | PODCAST
In this 28-Day Get Hired Challenge by Alyssa, she tackles one topic from her book, Cybersecurity Career Guide. YOUTUBE
Operation Triangulation: The last (hardware) mystery: "...this is definitely the most sophisticated attack chain we have ever seen." SECURELIST
npm search RCE? Escape Sequence Injection. How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not. SOLIDSNAIL
Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!
Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.
jsqzl 2023.4.7 contains a new descriptor type: Client Behavior. This release includes: cookies, Local/Session Storage, messages. TWITTER
Monke shares their 2023 wins: 40k in bounties, attending live hacking events, getting published, and finishing university. Amazing! TWITTER
Pentester Land is back after an unplanned 2 month break. Welcome back! TWITTER
This year, Davin opened an Esports, Gaming, & Tech/Cyber Education center. Wonderful! TWITTER
Lilly finished 100 books in 2023. Awesome! TWITTER
Arthur ended 2023 in 2nd place in the Brazilian ranking, 17th in the 2023 world ranking and entered the All Time Leaderboard. Let's go! TWITTER
Equal pay for equal work is a list of organizations that pay remote workers equally regardless of their location. Some examples are Basecamp, ConvertKit, and DuckDuckGo. GITHUB
How to get hired as a dev in 2024. Watch this video for advice on how you can give yourself an advantage, demonstrate your potential to hiring managers, and become a developer that gets referrals for jobs. YOUTUBE
From 20 to Life to 500k/yr in GovTech Cyber as a Felon ft Raquese Harris. Step into the world of a Cybersecurity Technical Project Manager at AWS with Raquese Harris. YOUTUBE
Matt and his wife worked 100 hours from a McDonalds PlayPlace. When you have 3 kids, you have to be flexible and improvise. TWITTER
Justin imploring platforms and programs to work together to figure out a way to allow bug hunters to perform source assisted assessments. TWITTER
Michael's power has been out since Christmas after a tornado combined with a heat wave. Stay safe! TWITTER
Ali is looking for sponsors for an insane party in NYC in March. They're expecting over 200+ high profile hackers and infosec folks. TWITTER
Charlie has a new website to match the new year. I'm loving the usage of yellow. CERIKSEN
SSH ProxyCommand unexpected code execution (CVE-2023-51385). GITHUB
Don't Believe Your Eyes: A WhatsApp Clickjacking Vulnerability. Imagine you have received a WhatsApp message with a link to ln.instagram.com. Where do you think the link leads? GITHUB
LuemmelSec shares their first-ever reported public vulnerability: Amazon Cognito Ratelimit Bypass. GITHUB
Prince, inspired by Daniel Miessler's post "What I'm doing and How it's Going", writes about the Career Dilemma. He wants to remind you that you're not alone in this journey of uncertainty. PWNMACHINE
A third of Justin's bug bounty earnings came from 3 reports this year: two Epic Games reports and one Shopify report. "Go for the big bounties - it pays off." TWITTER
Amanda reminds us that growth happens in macro, not micro: "Don’t let the next 31 days define your entire year." TWITTER
Check out packetstorm (tip by Jason) if you're in need of generic "path" wordlists in different languages. TWITTER
While screenshotting with a headless browser, do this as well. TWITTER
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@avlidienbrunn | Mathias Karlsson | Web security fiddler. Bug bounty bastard.
@ustayready | Mike Felch (Stay Ready) | Red Teamer / Security Research | Prior: CrowdStrike / Current: BHIS | In Christ’s grip | Pentesting since 1997 | Security Focus: Cloud.
Frooodle's Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files, such as splitting and adding images — To this day I still wrestle with PDFs. Next time this might come in handy. GITHUB
Neville's productivity advice for 2024: write your todo list the night before, never add to it the same day, once finished, you must hard-stop working. TWITTER
Nik's goal setting framework: 1. Identify WHAT you want, 2. Stop Thinking Small, 3. Create the Plan, 4. Create a Feedback Loop. TWITTER
Noah's yearly goal chart divides goals in 4 areas. Each area is limited to 4 goals or less for simplicity. TWITTER
The importance of saying no, visualized. TWITTER
Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
mithril-security's BlindChat is a fully in-browser privacy solution to make Conversational AI privacy-friendly. GITHUB
Aaron ranked his own baby for the "world's happiest baby" search term. It took him a year to do so. TWITTER
Increase your programming productivity by being able to restate hard problems as simple ones. For this, DHH recommends the book "Are your lights on?" by Gerald M. Weinberg. TWITTER
Nick spent over $5k on mice and tested over 25+ ones to find a winner. It's the MX Ergonomic Advanced Wireless Trackball, which coincidentally is my mouse. TWITTER
Trung shares 8 gems of putting historical dates in perspective. Here's one: A really well-travelled person could have potentially met Socrates (470-399 BCE) Confucius (551-479 BCE) and Buddha (563-483 BCE). TWITTER
Dax reminding us to find ways NOT to knock at the front door of a company with everyone else. This was a response to Cloudflare sharing their job application stats, extending offers to less than 0.1%. TWITTER
Ali on procrastination being an emotional problem: "You don't put things off because you're lazy, unmotivated, or lack discipline." TWITTER
Picking a purpose: "Victor Frankl wrote Man’s Search for Meaning after surviving a concentration camp during World War II. He observed the outer extreme of what happens to people who no longer have a WHY to live for." HEY
Most of us have a pretty terrible understanding of history. Our knowledge is spotty, with large gaps all over the place. For example, did you know that Martin Luther King and Anne Frank were born in the same year? WAITBUTWHY
Subscribe to the Hive Five to read the rest.
Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In