• Hive Five
  • Posts
  • 🐝 Hive Five 167 - The internet is ours

🐝 Hive Five 167 - The internet is ours

Discover the secrets of LLM security, 9 Ways to Get Ahead of 99% of People, and more...

Hi friends,

Greetings from the hive!

Last week, I started a YouTube channel and published my first video. Check it out!

I’m also starting to augment myself more with AI, using Simon's brilliant LLM tool combined with Anthropic.

The first task I used it on was summarizing hundreds of link descriptions which would've taken me 1-2 hours. AI enabled me to do it in seconds and it cost me 1 cent.

How could you augment yourself?

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Sophisticate backdoor in XZ Utils allows RCE (CVE-2024-3094): everything you need to know to detect, mitigate, and more. WIZ | MORE 2 | MORE 3 | MORE 4 | VISUAL

  2. Salma on the ridiculousness of pleasing the algorithm: "The internet is ours. It's time to take back control." TWITTER

  3. d3f4ult casually shares a wild piece of lore about themselves. He also has the receipts to back it up, including a Darknet Diaries episode. TWITTER | DARKNETDIARIES

  4. Principal Threat Researcher Tom shares his favorite tools that most are not taking advantage of: Aeon Timeline, Validin, Stairwell, Synapse Enterprise, and GaboRE β€” I've never heard of any of these, which I find fascinating. He also has an in-depth write-up on how he uses Aeon. TWITTER

  5. Mind Blowing Reverse Shell Demo with DNS data bouncing exfiltration using unconventional methods of exploiting the PowerShell Gallery. YOUTUBE

️πŸ’ͺ Sponsor

Hive Five delivers indispensable insights and resources tailored for security and technology professionals. Our community connects you with field experts, innovative builders, and seasoned decision-makers. Whether you're staying ahead of emerging threats, vetting new tools, or driving strategic initiatives, Hive Five empowers you to operate at the cutting-edge.

🍯 My work

πŸ”₯ Buzzworthy

πŸ“… News

  1. Caido is holding a monthly town hall β€” What a great way to engage with the community. TWITTER

  2. The Caido Plugin StarterKit repository on GitHub offers a starting point for developing plugins for the Caido platform. For now it only supports Frontend plugins. GITHUB

πŸŽ‰ Celebrate

  1. TrackPacer got a promotion. Let's go! TWITTER

  2. 0verw4tch received their first critical bounty for a sensitive information disclosure vulnerability. Congrats! TWITTER

  3. Max reached the top 100 all-time on Intigriti. Amazing! TWITTER

  4. Zseano is back to coding and content creation mode. Looking forward to it! TWITTER

πŸ’° Career

  1. Graham on bullet proofing your career: be as technically competent as you can and make yourself known. TWITTER

  2. The article discusses strategies for hiring low-experience, high-potential individuals and the value they can bring. WORKTOPIA

  3. The Science of 7 Figure Salaries: 9 Ways to Get Ahead of 99% of People. The video shares career advice that truly makes a difference, offering insights for professionals starting out. YOUTUBE

  4. Eugene discusses the importance of communication skills in the cybersecurity field, offering valuable insights for professionals. YOUTUBE

  5. Cure53 is expanding their team. They're looking for an editor to polish 60-120 report pages per week. TWITTER

⚑️ Community

  1. TracketPacer shares an insane work story. Holy shit! TWITTER

  2. Jason is working on some dope designs for Arcanum. TWITTER

  3. XNL-H4ck3r is loving the Neo Miami EP by MachineCode. TWITTER

  4. Dope albums to listen to in their entirety by infosec Twitter. TWITTER

  5. Is Burp Suite going downhill lately? The consensus of the responses is yes. TWITTER

πŸ“° Read

  1. Daniel tracks 10,000 bugfixes in 10,000 days, demonstrating curl's commitment to quality and stability. These bugfixes happened thanks to 3,134 contributors, out of which 1,252 persons have authored commits merged into the curl source repository. HAXX

  2. PHP is not known for its speed, but Florian decided to enter the "The One Billion Row Challenge" and wanted to see how fast it can get. Spoiler alert: he went from 25 minutes to 12.73 seconds. DEV

  3. Gi7w0rm explores the mechanics and implications of browser fingerprinting. They focus on of VexTrio, a malicious TDS (Traffic Distribution System), which makes use of 29 different functions to check the legitimacy of a visitor who visits an infected webpage. GI7W0RM

  4. Discover how to pan for gold by sifting through network logs to write a new tag. Brianna pulls the curtain back a little bit on how they find and tag on less popular internet traffic. GREYNOISE

πŸ’‘ Tips

  1. Mason having success with mcipekci's advice: "If you find 1 sql injection, there's a strong chance there is more." TWITTER

  2. The latest LLM plugin by Simon, llm-cmd, lets you run a command to to generate a further terminal command, review and edit that command, then hit enter to execute it or ctrl-c to cancel. SIMONWILLISON

  3. TIL that Angular's ngInit can be used as a CSS class. TWITTER

🐝 Simon might be one of the most effective engineers I've ever witnessed, and he’s sharing everything in public. His writing, coding, and sheer output just leave me in awe. Protect him at all cost!

🍯 Follow

Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @Mik317_ | Michele Romano | "The walls of Sparta are the chests of its warriors" - Agesilao

  2. @dan_abramov | дэн | welcome to my island

  3. @SwiftOnSecurity | SwiftInSecurity | computer security person at a place. former helpdesk. they/them/tay. Microsoft MVP, Client Security.

  4. @BanjoCrashland | Jason Blanchard | Storyteller. Christian. Husband. Father. Author: I Am Whale Man. Black Hills InfoSec: Excitement Co-Creator. REKCAH! Comics: Co-Publisher.

  5. @k_v0 | vishnu.

πŸš€ Productivity

  1. Quartz is a simple second brain and digital garden project hosted on GitHub. GITHUB

  2. rez0 demonstrates how to supercharge Vim and enhance bug bounty recon using AI-powered tools and techniques. YOUTUBE

  3. BookPecker provides bullet point summaries of thousands of books, helping readers discover their next read. BOOKPECKER

  4. The author showcases the best tasks plugin in Obsidian, enhancing productivity and task management. YOUTUBE

  5. How to Create Custom Fabric Patterns. A quick tutorial on how to create custom Patterns (AI Prompts) using the Fabric framework. YOUTUBE

🐝 For tasks in Obsidian , I've been using Dataview. It's not as feature-rich as the tasks plugin, but useful enough. It's basically the swiss-army knife.

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🌐 Technology

  1. Optimizing JavaScript for performance can yield significant improvements, as the author shares common techniques. ROMGRK

  2. Google's blog discusses preventing cross-service UDP loops in QUIC. Infinite loops between servers are something that must be carefully avoided to prevent performance degradation or network overload. GOOGLE

  3. Semgrep's rewriting capabilities, enhanced by LLMs, enable powerful AutoFixes that can revolutionize code maintenance. CHOLY

  4. Emerge tools is breaking down why the LinkedIn iOS app is half a GB. TWITTER

  5. Explore the official Apple Developer YouTube channel. YOUTUBE

🧠 Wisdom

  1. Alex on breaking out of self developed barriers by experiencing things you thought were not possible. TWITTER

  2. The Harvard Commencement 2018 speech by graduate speaker Pete Davis addresses graduates with inspiring words. YOUTUBE

  3. Not every day needs to be a big day. YOUTUBE

  4. Explore the daily life in March of a family in a small village in Germany, including garden clean-up, cheese potatoes, geocaching, and DIY orange candle making. YOUTUBE

  5. Ryan on surrounding yourself with people smarter than you. TWITTER

πŸ’­ Quote

❝

"figure out what you’re good at without trying, then try"

Isabel

πŸ’› Cross-pollination

  1. Are you flying Boeing? Boeing's been in the news for all the wrong reasons lately. Check your flight number and see your fate. AMIFLYINGONABOEING

  2. I was looking for easily to carry bags and stumbled upon Flip & Tumble. They offer stylish, modern, and reusable bags, backpacks, and purses for eco-conscious consumers. FLIPANDTUMBLE

  3. Exploring the link between ADHD and obesity, providing insights for those affected. YOUTUBE

  4. Witness a day in the life of a dishwasher at a top NYC restaurant. YOUTUBE

  5. The Anxious Generation: How the Great Rewiring of Childhood is Causing an Epidemic of Mental Illness. TWITTER

🐝 I love day in the life videos. There's something endlessly fascinating and intriguing being able to experience someone else's life.

πŸ”₯ Now, let’s get into the good stuff. I cover the latest tools, in-depth resources, and the best things I've watched and listened to this week.

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • β€’ Join a private Discord COMMUNITY: Engage in chat, uplift one another, grow together, and explore shared interests.
  • β€’ Access to COMPLETE HIVE ARCHIVE: Unlock a treasure trove of tools, resources, videos, and audio, catering to all your needs.
  • β€’ EXCLUSIVE & BONUS content: Delve into hundreds of curated links that didn't make it into the newsletter.
  • β€’ MEMBER-ONLY events: Take part in digital meetups, focus sessions, and more.
  • β€’ Deep DISCOUNTS on paid content.
  • β€’ Experience continuously added NEW BENEFITS.