🐝 Hive Five 156 - Hack Your Life using AI

Hi friends,

Greetings from the hive!

Welcome to the first edition on this new platform with a fresh domain. I was scrambling to get everything ready before this email went out. Luckily, the launch went smoothly.

Let's take this week by swarm!

🐝 The Bee's Knees

1. Hack your life (with demos) in 2024 using AI. Daniel Miessler shares what he's been working on, and how you can leverage it yourself. YOUTUBE

2. 500k/yr as a Full-Time Bug Hunter & Content Creator, an interview with NahamSec. They discuss the challenges he faced on his journey in bug bounty hunting and content creation, including personal struggles and the pressure of success. YOUTUBE

3. Using the OSINT Mind State for Better Online Investigations, a talk by Nico Dekens (Dutch Osint Guy). The OSINT state of mind” is key for keeping track of your investigative steps, picking the right tools and sources, analysing the data, and reporting to generate actionable intelligence. YOUTUBE

4. Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronisation of your history between machines, via an Atuin server. GITHUB

5. Obsidian added a new security page and had an independent audit completed by Cure53. Obsidian is designed to be a private and secure space for your thoughts. OBSIDIAN

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️💪 Sponsor

Sponsor the Hive Five and reach a highly engaged community of engineers, security researchers, and ethical hackers who are at the forefront of the industry.

🔥 Buzzworthy

✅ Changelog

1. waymore xnl-h4ck3r v2.2 release: Find way more from the Wayback Machine. GITHUB

2. Noir v0.12.1 release introduces the only-* format. For example, when analyzing source code for fuzzing, there may be a need to obtain a list of parameters. GITHUB

3. xnl-h4ck3r's GAP-Burp-Extension v4.6 release: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist. GITHUB

📅 News

1. Jason announced the next cohor of The Bug Hunter's Methodology Live. US: March 2-3, and EU: March 9-10. TWITTER

🎉 Celebrate

1. 9 years later, codingo bumped Dylan's first bug ever submitted on Bugcrowd. W's in the chat! TWITTER

2. Mason made it to the Bugcrowd Top 100. Let's go champ! TWITTER

3. Alex celebrates ServiceNow for the best public VDP terms he's ever seen. They even host a security.txt. TWITTER

4. STÖK celebrates all tool makers, creators, and hackers that share their hard work with the industry and community. Amen! TWITTER

💰 Career

1. Dynamic DevOps Roadmap by DevOpsHiveHQ is a master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024. GITHUB

2. Claire on shooting your shot to get the career and roles that you want: "I've created roles for myself multiple times." TWITTER

3. Lina has been in Sales for almost 20 years and sheds some light on how the sausage is made. TWITTER

4. Break into Tech as a Cloud System Administrator w/ Yellow Tail Tech ft Jubee. YOUTUBE

5. You’re Not Unqualified: How to pass 99% of your interviews. Frameworks for behavioral and situational interview questions. YOUTUBE

⚡️ Community

1. m4ll0k built a SaaS that detects the web app stack using a pre-trained AI model. TWITTER

2. Monke has an idea that bug bounty platforms should introduce a "Tip the Triager" feature. This changes the incentive from processing reports as fast as possible. TWITTER

3. SecGPT is Jason's personal GPT for offensive security. He uses it as a rubber duck and peer. TWITTER

4. An end of an era, Mustafa is no longer active on Synack. He had an amazing 3.5 years, but all good things come to an end. TWITTER

5. rez0 put some dope AI art on his wall that he created himself using MidJourney. TWITTER

📰 Read

1. Notes from the Latent Space paper club, weekly unrecorded Zoom meetings covering one important paper or reading in AI. GITHUB

2. ManageEngine CVE-2022-47966 Technical Deep Dive. On January 10, 2023, ManageEngine released a security advisory for CVE-2022-47966 (discovered by Khoadha of Viettel Cyber Security) affecting a wide range of products. HORIZON3

3. The Almanack of Naval Ravikant: A guide to health and happiness. AMAZONAWS

4. AppSec and LLMs: How to review the security implementation of an LLM product. PRATIKAMIN

5. AWS S3 Bucket Takeover: how to find it and maximize impact? The impact of an AWS S3 Bucket Takeover can range from none, account takeover, and even up to RCE. VIDOCSECURITY

💡 Tips

1. 7 Guiding Principles for Working with LLMs: 1. Think out loud, 2. Never trust, always verify, 3. Use a team of assistants, 4. Ask for choral explanations, 5. Outsource pattern recognition, 6. Automate transformations, 7. Learn by doing. THENEWSTACK

2. Jason is back with Executive Offense. This issue he covers Mobile Application Hacking Part 1. BEEHIIV

3. Budgeting with ChatGPT. How to use ChatGPT API to track, categorize, and monitor my spending — What's brilliant about this is the use of email forwarding. Apparently, Postmark has a feature that turns emails into JSON payloads. JONCALLAHAN

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @runasand | Runa Sandvik | Founder of @GranittHQ, securing journalists and at-risk people around the world.

2. @stokfredrik | STÖK | Hi.. im that hacker that your friends told you about. I create Cybersecurity Awareness / Educational Content and hacks all the things at @truesec.

3. @bbuerhaus | Brett Buerhaus | Security research and puzzles.

4. @ow | Owen Williams | Kiwi in Canada via Amsterdam • Design manager @stripe leading developer experience + apps. prev @shopify.

🚀 Productivity

1. ippsec on how to avoid burnout: establish a routine before you work, write down your wins for the day, put your phone in DND mode. TWITTER

2. Awesome Obsidian tweaks and tips you did not know you needed. YOUTUBE

3. How to be more productive: How do you get things done when life is chaotic? YOUTUBE

4. Bashbunnie and StudyTme discuss and plan their 2024 goals. YOUTUBE

5. Aim, fire, scan: the 80/20 of executing on big projects. INDIEHACKERS

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

1. People share LLM-driven products that they use often but aren't the usual suspects. Cursor.sh and perplexityAI are named a lot. TWITTER

2. Build a way to show real-time updates on the website for a Dungeons and Dragons-themed small business! 4 web devs built their own app based on this prompt. YOUTUBE

3. Researcher Geoffrey Litt and Dan built an app together using ChatGPT and Replit in under 60 minutes—while they talked. YOUTUBE

4. #! (pronounced shebang) is a Unix convention that's typically used for scripting languages like Python and Bash. This Dockerfile abuses it to let you package applications in a cross-distro and cross-platform way. GITHUB

5. A list of known AI agents on the internet. Insight into the hidden ecosystem of autonomous chatbots and data scrapers crawling across the web. DARKVISITORS

🧠 Wisdom

1. David on fear being the reason people repackage ideas and lose their writing edge. TWITTER

2. STÖK on his best decision he's ever made, living his life: "follow your own path and not the way you think is expected from you." TWITTER

3. Jelly Roll gave an acceptance speech that'll get you pumped: "I don't know where you're at in your life, or what you're going through, but I want you to keep going. [...]" TWITTER

4. Sam on that the world wants you to be vanilla, and to fight against that — I wholeheartedly agree, yet it can be scary, so be brave. TWITTER

💛 Cross-pollination

1. How to go from paying $25k/yr in health insurance for a family of 5 as an entrepreneur to $7k/yr with the same coverage. Don't use the healthcare dot gov channel. TWITTER

2. The Alex Hormozi Diet — I always enjoy how honest and to the point Alex is. YOUTUBE

3. maybe is an open source investment tracking + optimization platform.GITHUB

4. Proof allows you to Notarize a document in 15 minutes. Anywhere, anytime — I don't know about you, but I always dread the times I need to physically visit a notary. PROOF

5. The Cheapest Places to Live in the World in 2024. Each year Tim does an updated rundown of the cheapest places to live in the world, from the perspective of someone who wrote the book on this subject and regularly travels to the countries featured. CHEAPESTDESTINATIONSBLOG

🤲 Quote

"When you have 0 subscribers, create as if you had a million. If you have a million subscribers, create as if you had zero." — Matt Davella

Subscribe to the Hive Five to read the rest.