• Hive Five
  • Posts
  • 🐝 Hive Five 163 – Learn to build, then learn to break

🐝 Hive Five 163 – Learn to build, then learn to break

Top 10 free OSINT tools, detect secrets in video content, $50k Google AI Hack

Hi friends,

Greetings from the hive!

One of my goals this year is to be more prolific, which to me means:

  • Imperfect action

  • Augment myself

  • Create flywheels

  • Betting on myself

  • Challenging myself

  • Don't overthink shit

  • Increase luck surface

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Security 101 by Microsoft is a course designed to teach you fundamental cybersecurity concepts to kick-start your security learning. It is vendor-agnostic and is divided into small lessons that should take around 30-60 mins to complete. GITHUB

  2. Top 10 free OSINT tools (with demos) for 2024. They cover What’s my name Web, Web Archive, Search By Image, Obsidian, and more. YOUTUBE

  3. Set up a Mac in 2024 for Power Users and Developers. In this video, CJ covers OS settings, essential productivity apps, terminal setup, zsh settings, VS Code setup and VS Code Extensions. YOUTUBE

  4. How-to: Detecting secrets in video content. Gitlab open-sourced their internal solution for detecting secrets in video content. GITLAB

  5. Joseph "rez0" Thacker, Justin "Rhynorater" Gardner, and Roni "Lupin" Carta Hacked Google A.I. for $50,000. The story you are about to read starts in Las Vegas at the Venetian Hotel, travels to the heart of Tokyo, and finally ends in France. LANDH

💪 Sponsor

Hive Five is the go-to resource for industry professionals, decision-makers, and builders/creators in the security and technology space, providing them with the tools they need to 10x their job to be done.

🍯 Last week on the Hive

🔥 Buzzworthy

✅ Changelog

  1. EvenBetter v1.7 is out, introducing a new EvenBetter Library tab. Install workflows into your Caido project with a single click. TWITTER

  2. Caido v0.32.1 introduces a new command palette. Easily run commands and browse different sections without relying on your mouse or shortcuts. TWITTER

  3. PentesterLab released 3 new introduction videos: CGI Sign, DOMPDF RCE II, and DOMPDF RCE III. TWITTER

  4. Ben started recording from his new office/studio. TWITTER

  5. Fabric v1.1.2 updates setup and --update flags to make a more fluid install. GITHUB

🐝 Command palettes are one of the most underrated tools to boost your productivity and become a power user. Most of the apps you use nowadays have one. Think Google Suite, GitHub, and more. Another tip is to add one to your OS, my go-to is Raycast.

📅 News

  1. Elon Musk recently sued OpenAI stating that it betrayed its original mission to provide artificial intelligence for the benefit of humanity. YOUTUBE

🎉 Celebrate

  1. Dawgyg is alive and kickin', he bought a house and is getting back into hacking. TWITTER

  2. Zseano received some cool awards during a National Cyber Security Centre event in the UK. Awesome! TWITTER

  3. Katie passed her driving theory test. Woot! TWITTER

  4. Joaxcar is going to try out full-time bug bounty for three months. You got this! TWITTER

  5. d0nut found a vulnerability in a widely used (>1mil / week downloads) open source security library. Amazing! TWITTER

💰 Career

  1. Ushi was laid off from Google. They have experience in vulnerability research, incident response, and for the last 2 years they’ve been focused on cloud vulns/pentesting type stuff for aws GCP & azure. TWITTER

  2. Philip is looking for another role. They have over 20 years of information security experience, with over half in offensive security. I have worked as a penetration tester, as a consultant, and as an internal penetration testing resource for companies. TWITTER

  3. Datadog has 182 engineering roles open, with more coming. TWITTER

  4. From Software Engineer to 6 Figure Product Manager ft. Dania Luc. Step into the world of a Product Manager who was a former software engineer to discuss life as a Product Manger with a technical background with Dania Luc. YOUTUBE

  5. 37 pieces of career advice Ryan Holiday wishes he’d known earlier. RYANHOLIDAY

⚡️ Community

  1. Alethe on unlimited PTO being a scam: "It counts on the fact that employees don’t understand that Paid Time Off is part of their total compensation package. And any UNUSED PTO is same as CASH in many states." TWITTER

  2. Mason is traveling around Asia. If you're around, hit him up! TWITTER

  3. Bug bounty hunters that pay their bills from bug bounty. TWITTER

  4. Nathaniel predicted in 2021 that Caido would become a major Burp Suite competitor in 2023. Love to see it! TWITTER

  5. Jason will be dedicating 70% of his time to his new company and 20-30% to working with some companies through strategic positions. TWITTER

📰 Read

  1. Critical RCE Patched in Bricks Builder Theme. This vulnerability was originally reported by snicco to the Patchstack bug bounty program for WordPress. PATCHSTACK

  2. Joomla: Multiple XSS Vulnerabilities. Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla. The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726. SONARSOURCE

  3. Who Am I? Conditional Prompt Injection Attacks with Microsoft Copilot. How a prompt injection payload can contain conditional instructions for certain situations. EMBRACETHERED

  4. How TruffleHog Verifies Secrets. In 2019, when they founded Truffle Security, the state-of-the-art in secret scanning was entropy checks and a smattering of regular expressions. Now, they programmatically check that a credential can be used to authenticate to the issuing service. TRUFFLESECURITY

  5. Defending LLMs against Jailbreaking Attacks via Backtranslation. Although many large language models (LLMs) have been trained to refuse harmful requests, they are still vulnerable to jailbreaking attacks, which rewrite the original prompt to conceal its harmful intent. ARXIV


  1. Corben on finding easy critical vulnerabilities: "It just takes finding unique attack surfaces." TWITTER

  2. d0nut (and corben) on hacking: "Learn to build, then learn to break." TWITTER

  3. Wes Kao on managing up 101: "Be explicit with what you need." TWITTER

  4. There is a Nancy Pelosi tracker on Twitter that highlights politicians' trades so everyonec can invest alongside. TWITTER

  5. You can cancel floors in elevators by long pressing them. TWITTER

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @epsilon_zeroh | zer0h | Emergency Medicine Resident | 25 | Bug Bounty Hunter.

  2. @avasdream_ | Avasdream | Self-proclaimed human. B. Sc. in CS. Passionate Software & Security Engineer. OSCP, CRTO, cISsP.

  3. @cassiecodes | Cassie Evans | cosycore devrel @GreenSock. Proudly @okaydevs.

  4. @PwnFunction | PwnFunction | 🎥 YouTuber, Animated cybersecurity videos | Building @TheHackerCamp | DevRel @pdiscoveryio.

  5. @seanqsun | Sean Sun | running @miscreantshq + building something new.

🚀 Productivity

  1. Feedly filtering and sorting extension enhances the feedly website with advanced filtering and sorting capabilities. GITHUB

  2. This workspace setup will change your life. YOUTUBE

  3. You can make a movie with AI (in 60 Minutes). Dave Clark can show you exactly how in less than 60 minutes. He’s a film director with a body of work that includes both feature films and commercials for brands like Google. YOUTUBE

  4. Full Neovim configuration walkthrough as a DevOps engineer on MacOS. YOUTUBE

  5. 4 Principles to 10x Your Results: 1. Match Energy to Output, 2. Move, 3. Leverage Parkinson’s Law, and 4. Presence is Everything. YOUTUBE

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

  1. DHH switched to windows and now he's adopted Neovim. Always fun to see people expand their horizon. TWITTER

  2. Chris Coyier talks about CSS-Tricks, its current state, and its future. It was sold in March 2022 to DigitalOcean. CHRISCOYIER

  3. The Tech Industry Doesn’t Understand Consent. Thanks to Samantha Cole at 404 Media, we are now aware that Automattic plans to sell user data from Tumblr and WordPress.com for "AI" products. SOATOK | RELATED

  4. Derek Sivers shares his backup system. It takes him about ten seconds per day and five minutes per month to maintain. SIVE

  5. LSP Explained (in 5 Minutes). Language Server Protocol questions answered. YOUTUBE

🧠 Wisdom

  1. Dr. Gurner on taking action instead of wondering what to do with your life: "Choose one thing you can do, tomorrow, that will get you closer." TWITTER

  2. Twitterverse sharing the most impactful podcast episodes they've listened to in the last 6 months. What are yours? TWITTER

  3. Nassim Taleb spends 30 hours every week reading books. Here are 27 of his reading tips: "A good book gets better at the second reading. A great book at the third. Any book not worth rereading isn’t worth reading." TWITTER

  4. Justin on the 2 ways every business problem can be solved: "1. looking at your data, or 2. talking to your customers." TWITTER

  5. Justin gives you the framework on how to change your life in 18-24 months. TWITTER

💛 Cross-pollination

  1. The History of Blindfolded Super Mario 64. YOUTUBE

  2. All you ever wanted to know about typography and fonts. DAILYINFOGRAPHIC

  3. Twitterverse sharing their bug bounty tattoos. I've been thinking about getting a bee one. TWITTER

  4. How to Organize Meetups Good. This is meant as a meetups oriented complement to How to Do IRL Conferences Good and is a subset of the broader How To Community genre. DX

  5. Dave on how to get on a podcast: "the best thing you can do is already be talking about something." DAVERUPERT

💭 Quote

"What is important is seldom urgent and what is urgent is seldom important.”

Dwight D. Eisenhower

💪 Become a Premium Member

Hive Five is an authentic, hand-crafted, human-written weekly newsletter that is free, but not cheap. Consider supporting my work by becoming a paid member for just $8.25 p/mo ($99 p/yr).

  •  Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.

  •  Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.

  •  EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.

  •  MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.

  •  Deep DISCOUNTS on paid content.

  •  Experience NEW BENEFITS continuously added.

Subscribe to the Hive Five to read the rest.

Become a paying subscriber of the Hive Five to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
Experience continuously added NEW BENEFITS.