• Hive Five
  • Posts
  • 🐝 Hive Five 158 – Is it possible to have privacy in 2024?

🐝 Hive Five 158 – Is it possible to have privacy in 2024?

Rook to XSS, Obsidian 2024 gem winners, CVEmap, and more...


Hi friends,

Greetings from the hive!

Sharing an observation that my YouTube recommendations have been suggesting some marvelous videos and channels.

Some, are seemingly unrelated to my interests or search history, but resonating with me nonetheless. I like it!

Speaking of YouTube, I went ahead and blocked shorts using last week's uBlock tutorial by ippsec.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Rook to XSS: How Jake hacked chess.com with a rookie exploit. SKII

  2. Obsidian 2023 Gems of the year winners. It has been nearly four years since the first line of code of Obsidian was written on January 31st, 2020. OBSIDIAN

  3. Multiple vulnerabilities on GestSup 3.2.44, an application used for ticketing purposes and device management. SYNACKTIV

  4. Failing Upwards (or not) by Andy Gill: "If you find yourself on the path of leading a team, make sure you set critical baselines with your team. Always do what is best for your team and set them up for success." PART ONE | PART TWO

  5. ProjectDiscovery released their latest tool CVEMap to navigate the Common Vulnerabilities and Exposures jungle with ease. It's a CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases. PROJECTDISCOVERY

Which Bee's Knees was your favorite? Reply with the number (#1, #2, #3, #4, or #5)!

️πŸ’ͺ Sponsor

πŸ”₯ Buzzworthy

βœ… Changelog

  1. xnl-h4ck3r waymore v2.3 release: Add jira as a default keyword for option -ko/--keywords-only. GITHUB

  2. jswzl 2024.1.1 is out: Big performance improvements, Native ARM64 build for Mac OS/Apple Silicon, More Client Behavior descriptors, and Improved Object Schemas. TWITTER

πŸ“… News

  1. Obsidian asked its users what to prioritize in 2024 and the first item they'll attack is making mobile faster and better. I'm a power user and don't even notice any mobile friction, but..I've got a need for speed. TWITTER

  2. Vote on the Top 10 web hacking techniques of 2023. Closing time: 31 January 2024 00:00:00 (UTC). PORTSWIGGER

πŸŽ‰ Celebrate

  1. Tanya received the SANS Difference Makers Award for Mentor of the Year. Congrats! YOUTUBE

πŸ’° Career

  1. An interesting job posting for a Windows 3.11 Administrator?! Required skills include MS DOS. Young teen me would kill this. GULP

  2. From $12,000/mo FAANG Intern to Snapchat Security Engineering Lead at 25. YOUTUBE

  3. Ask HN: Those making $500/month on side projects in 2024 show and tell. YCOMBINATOR

  4. Salary negotiation in 30 seconds. Rule nr. 1: Don’t ever tell them your current salary. CRITTER

⚑️ Community

  1. Trash Puppy was overwhelmed with the generosity of strangers on the internet. This is what I love to see! TWITTER

  2. Did you know that TomNomNom has a guitar channel called StrumNumNum? TWITTER

  3. Patrik shares what's on his ThinkCentre M910q Tiny self-hosted bug bounty box: XSSHunter, Portainer, Adguard, and more... TWITTER

πŸ“° Read

  1. Atlassian Confluence: Remote Code Execution (CVE-2023-22527). A critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence Instance, thereby enabling the execution of arbitrary code and system commands. PROJECTDISCOVERY

  2. Hunting for Prototype Pollution gadgets in jQuery (intigriti 0124 challenge). The challenge ran for one week in January 2024. The intended solution was not found by anyone during the timeframe of the challenge, while multiple participants found an unintended solution using the jQuery attr() function. JOAXCAR

  3. The Certification Industrial Complex and other Cyber Education Embarrassments. Graham questions the overreliance on certifications and advocates for a shift towards personalized learning plans and unique demonstrations of competence. GRAHAMHELTON

  4. I’m Not A Pentester (And You Might Not Want To Be One Either). An article written by assume-breach: "We all want to get paid to pwn. The problem is that the business of hacking is much different than OffSec Proving Grounds or HackTheBox Certified Whatever networks." MEDIUM | RESPONSE BY ALEX

πŸ’‘ Tips

  1. A one-liner to find out what your most used CLI command is. Mine are ls and cat... both (bad) habits. TWITTER

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @nbk_2000 | ₦฿₭ (@[email protected]) | Paw / Pwn / Purr.

  2. @frgx | Devdatta Akhawe | Security @figma. Previously, Dropbox and Berkeley Grad Student.

  3. @jasonfried | Jason Fried | Founder & CEO at 37signals (makers of Basecamp and HEY). Non-serial entrepreneur, serial author. No DMs.

  4. @JohnONolan | John O'Nolan | Founder/CEO @Ghost - Geographically restless. Publishing, open source, and independent business around the world.

  5. @j3ssiejjj | j3ssie (Ai Ho) | A passionate security engineer and creator of @OsmedeusEngine, Metabigor, and Jaeles.

πŸš€ Productivity

  1. Dr. K talks Meaning, Purpose, and Motivation. YOUTUBE

  2. Highlight what you hear. It sounds nice but I haven't found a good way to do so yet. This solution works if you use Overcast. PODHIGHLIGHTER

  3. Danny used Opal to overcome his Twitter addiction by blocking all social apps and websites for 24h per day. Whenever you open one of the apps, you need to open Opal first to "snooze" the block for 5 minutes. TWITTER

  4. Extreme brainstorming questions to trigger new, better ideas. ASMARTBEAR

  5. The Knowledge Economy Is Over. Welcome to the Allocation Economy. EVERY

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

  1. Learn by Doing: How LLMs Should Reshape Education. The path toward hands-on autonomous learning is through large language models (LLMs). Jon Udell shows how the EdTech sector can use AI. THENEWSTACK

  2. Self-Rewarding Language Models. They argue that to achieve superhuman agents, future models require superhuman feedback in order to provide an adequate training signal. Skynet is that you? ARXIV

  3. Alternatives to Ahrefs for SEO. Some suggestions are Mangool and LowFruits. TWITTER

  4. Nightshade is a tool that protects artists' images online by poisoning AI, making them learn unexpected things from the pictures. UCHICAGO

  5. jub0bs created a Go course for beginners. GITHUB

🧠 Wisdom

  1. Daniel shared a paradox, if you need something done very well, you often have to do it yourself and not hire a pro. Pros will often choose efficiency over quality. TWITTER

  2. 11 biggest takeaways from meeting Tony Robbins. Number one is that most give in order to get. The goal is to transcend that, give no matter what you get back. GOOGLE

  3. "I had a teacher that didn't like me and I didn't like him. At the end of the year he decided to fail me. The ironic thing is that the topic was chemistry. I have the distinction of being the only chemistry laureate who failed the topic in high school!" β€” Nobel Prize winner Tomas Lindahl. Don't let anyone define your story. TWITTER

  4. "Creating your own opportunities, is so much more efficient than waiting for them." β€” Dr. Gurner TWITTER

πŸ’› Cross-pollination

  1. Watching Sopranos content led to the following YouTube recommendation: inside Michael Imperioli's History-Filled New York Home. YOUTUBE

  2. Another YouTube recommendation is Goldberg's Garage walkaround. Although I'm not a car enthusiast, WWE was part of my childhood. YOUTUBE

  3. NearbyWiki is a map you can use to find places nearby that have their own Wikipedia page. NEARBYWIKI

  4. teachyourselfmath brings you good math problems that are hidden inside textbooks and online documents. TEACHYOURSELFMATH

🐝 Quote

β€œPeople are more adept at working against things than oftentimes we give them credit for. We often think of people working for things, but they often work against things. They work against poverty. They work against their upbringing. They work against some of these things just as much as they’re working for them. Some people are very fear-driven. We talk about fear as being very negative, but it also can be very positive.”

β€” Dr. Julie Gurner

πŸ‘‡ Join the Hive! Upgrade to a membership and unlock exclusive content below, featuring valuable tools, essential resources, and must-watch/listen recommendations.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.