🐝 Hive Five 167 - The internet is ours

Hi friends,

Greetings from the hive!

Last week, I started a YouTube channel and published my first video. Check it out!

I’m also starting to augment myself more with AI, using Simon's brilliant LLM tool combined with Anthropic.

The first task I used it on was summarizing hundreds of link descriptions which would've taken me 1-2 hours. AI enabled me to do it in seconds and it cost me 1 cent.

How could you augment yourself?

Let's take this week by swarm!

🐝 The Bee's Knees

1. Sophisticate backdoor in XZ Utils allows RCE (CVE-2024-3094): everything you need to know to detect, mitigate, and more. WIZ | MORE 2 | MORE 3 | MORE 4 | VISUAL

2. Salma on the ridiculousness of pleasing the algorithm: "The internet is ours. It's time to take back control." TWITTER

3. d3f4ult casually shares a wild piece of lore about themselves. He also has the receipts to back it up, including a Darknet Diaries episode. TWITTER | DARKNETDIARIES

4. Principal Threat Researcher Tom shares his favorite tools that most are not taking advantage of: Aeon Timeline, Validin, Stairwell, Synapse Enterprise, and GaboRE — I've never heard of any of these, which I find fascinating. He also has an in-depth write-up on how he uses Aeon. TWITTER

5. Mind Blowing Reverse Shell Demo with DNS data bouncing exfiltration using unconventional methods of exploiting the PowerShell Gallery. YOUTUBE

🍯 My work

🔥 Buzzworthy

➡️ Continue reading online to avoid email cutoff

📅 News

1. Caido is holding a monthly town hall — What a great way to engage with the community. TWITTER

2. The Caido Plugin StarterKit repository on GitHub offers a starting point for developing plugins for the Caido platform. For now it only supports Frontend plugins. GITHUB

🎉 Celebrate

1. TrackPacer got a promotion. Let's go! TWITTER

2. 0verw4tch received their first critical bounty for a sensitive information disclosure vulnerability. Congrats! TWITTER

3. Max reached the top 100 all-time on Intigriti. Amazing! TWITTER

4. Zseano is back to coding and content creation mode. Looking forward to it! TWITTER

💰 Career

1. Graham on bullet proofing your career: be as technically competent as you can and make yourself known. TWITTER

2. The article discusses strategies for hiring low-experience, high-potential individuals and the value they can bring. WORKTOPIA

3. The Science of 7 Figure Salaries: 9 Ways to Get Ahead of 99% of People. The video shares career advice that truly makes a difference, offering insights for professionals starting out. YOUTUBE

4. Eugene discusses the importance of communication skills in the cybersecurity field, offering valuable insights for professionals. YOUTUBE

5. Cure53 is expanding their team. They're looking for an editor to polish 60-120 report pages per week. TWITTER

➡️ Continue reading online to avoid email cutoff

⚡️ Community

1. TracketPacer shares an insane work story. Holy shit! TWITTER

2. Jason is working on some dope designs for Arcanum. TWITTER

3. XNL-H4ck3r is loving the Neo Miami EP by MachineCode. TWITTER

4. Dope albums to listen to in their entirety by infosec Twitter. TWITTER

5. Is Burp Suite going downhill lately? The consensus of the responses is yes. TWITTER

📰 Read

1. Daniel tracks 10,000 bugfixes in 10,000 days, demonstrating curl's commitment to quality and stability. These bugfixes happened thanks to 3,134 contributors, out of which 1,252 persons have authored commits merged into the curl source repository. HAXX

2. PHP is not known for its speed, but Florian decided to enter the "The One Billion Row Challenge" and wanted to see how fast it can get. Spoiler alert: he went from 25 minutes to 12.73 seconds. DEV

3. Gi7w0rm explores the mechanics and implications of browser fingerprinting. They focus on of VexTrio, a malicious TDS (Traffic Distribution System), which makes use of 29 different functions to check the legitimacy of a visitor who visits an infected webpage. GI7W0RM

4. Discover how to pan for gold by sifting through network logs to write a new tag. Brianna pulls the curtain back a little bit on how they find and tag on less popular internet traffic. GREYNOISE

💡 Tips

1. Mason having success with mcipekci's advice: "If you find 1 sql injection, there's a strong chance there is more." TWITTER

2. The latest LLM plugin by Simon, llm-cmd, lets you run a command to to generate a further terminal command, review and edit that command, then hit enter to execute it or ctrl-c to cancel. SIMONWILLISON

3. TIL that Angular's ngInit can be used as a CSS class. TWITTER

➡️ Continue reading online to avoid email cutoff

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

1. @Mik317_ | Michele Romano | "The walls of Sparta are the chests of its warriors" - Agesilao

2. @dan_abramov | дэн | welcome to my island

3. @SwiftOnSecurity | SwiftInSecurity | computer security person at a place. former helpdesk. they/them/tay. Microsoft MVP, Client Security.

4. @BanjoCrashland | Jason Blanchard | Storyteller. Christian. Husband. Father. Author: I Am Whale Man. Black Hills InfoSec: Excitement Co-Creator. REKCAH! Comics: Co-Publisher.

5. @k_v0 | vishnu.

🚀 Productivity

1. Quartz is a simple second brain and digital garden project hosted on GitHub. GITHUB

2. rez0 demonstrates how to supercharge Vim and enhance bug bounty recon using AI-powered tools and techniques. YOUTUBE

3. BookPecker provides bullet point summaries of thousands of books, helping readers discover their next read. BOOKPECKER

4. The author showcases the best tasks plugin in Obsidian, enhancing productivity and task management. YOUTUBE

5. How to Create Custom Fabric Patterns. A quick tutorial on how to create custom Patterns (AI Prompts) using the Fabric framework. YOUTUBE

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

➡️ Continue reading online to avoid email cutoff

🌐 Technology

1. Optimizing JavaScript for performance can yield significant improvements, as the author shares common techniques. ROMGRK

2. Google's blog discusses preventing cross-service UDP loops in QUIC. Infinite loops between servers are something that must be carefully avoided to prevent performance degradation or network overload. GOOGLE

3. Semgrep's rewriting capabilities, enhanced by LLMs, enable powerful AutoFixes that can revolutionize code maintenance. CHOLY

4. Emerge tools is breaking down why the LinkedIn iOS app is half a GB. TWITTER

5. Explore the official Apple Developer YouTube channel. YOUTUBE

🧠 Wisdom

1. Alex on breaking out of self developed barriers by experiencing things you thought were not possible. TWITTER

2. The Harvard Commencement 2018 speech by graduate speaker Pete Davis addresses graduates with inspiring words. YOUTUBE

3. Not every day needs to be a big day. YOUTUBE

4. Explore the daily life in March of a family in a small village in Germany, including garden clean-up, cheese potatoes, geocaching, and DIY orange candle making. YOUTUBE

5. Ryan on surrounding yourself with people smarter than you. TWITTER

💭 Quote

💛 Cross-pollination

1. Are you flying Boeing? Boeing's been in the news for all the wrong reasons lately. Check your flight number and see your fate. AMIFLYINGONABOEING

2. I was looking for easily to carry bags and stumbled upon Flip & Tumble. They offer stylish, modern, and reusable bags, backpacks, and purses for eco-conscious consumers. FLIPANDTUMBLE

3. Exploring the link between ADHD and obesity, providing insights for those affected. YOUTUBE

4. Witness a day in the life of a dishwasher at a top NYC restaurant. YOUTUBE

5. The Anxious Generation: How the Great Rewiring of Childhood is Causing an Epidemic of Mental Illness. TWITTER

🔥 Now, let’s get into the good stuff. I cover the latest tools, in-depth resources, and the best things I've watched and listened to this week.

Subscribe to the Hive Five to read the rest.