• Hive Five
  • Posts
  • 🐝 Hive Five 173 - Where Are The Builders?

🐝 Hive Five 173 - Where Are The Builders?

When privacy expires, NahamCon 2024 Workshops, Dealing with Uncertainty, and more...

Hi friends,

Greetings from the hive!

When I was going to college, I listened to three albums on repeat: 50 Cent - Get Rich or Die Tryin', Justin Timberlake - Justified, and Nelly Furtado - Loose.

It was the soundtrack of my life at the time. The latter just did a Tiny Desk concert that you can check out in the Listen section.

What album(s) did you listen to when you went to college?

Let's take this week by swarm!

🐝 The Bee's Knees

  1. Pompompurin and BreachForums. An open-source investigation into who he was, how he became the creator of BreachForums, and how he ended up detained. MORE

  2. When privacy expires: how Inti got access to tons of sensitive citizen data after buying cheap domains. MORE

  3. Where are the builders? As the agency of the average consumer decreases, the ceiling for the agency of outliers increases. MORE

  4. NahamCon 2024 Workshops: Capture The Flag 101, Acing WordPress Hacking with Code Review, The Art of Bypassing WAFs, and SQL Injection Tips & Tricks. MORE

  5. CVE-2024-4367 is a vulnerability in PDF.js, a JavaScript-based PDF viewer maintained by Mozilla, that allows an attacker to execute arbitrary JavaScript code when a malicious PDF file is opened. MORE

οΈπŸ‘€ Sponsor

Have a great product or service that would benefit the Hive? Reach an engaged colony of cybersecurity and tech professionals. They're already seeking insanely great tools to stay up-to-date and hack a life they love.

Advertising in Hive Five is your opportunity to get your insanely great product or service discovered by the people who "get it" from the jump.

Don't let these forward-thinkers miss the next best thing. Reserve your sponsorship slot today and cross-pollinate your brand with Hive Five's rapidly growing hive of VIBs.

πŸ“° Updates

🍯 My work

βœ… Changelog

  1. The blog post announces the release of curl 8.8.0, detailing the changes, bug fixes, commits, new functions, options, and contributors. MORE

  2. lazydocker v0.23.3 is a tool that simplifies Docker management, providing a user-friendly interface. MORE

  3. DOMPurify 3.1.4 is a fast and tolerant XSS sanitizer for HTML, MathML, and SVG, with a secure default and extensive configurability. MORE

  4. jwt-hack v1.2.0 is a tool for security testing and hacking of JSON Web Tokens (JWT). MORE

  5. Gap Burp Extension v5.2 helps find potential endpoints, parameters, and generate a custom target wordlist. MORE

πŸ“… News

  1. After three years, Fun Fun Function Returns on June 3rd. MORE

  2. Orange Tsai is presenting at Black Hat USA 2024 on Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server. MORE

  3. Bugcrowd acquired Informer, a specialist in assessing and maintaining attack surface management (ASM). MORE

πŸ’Ό Work

πŸ’° Career

  1. Devs who pivoted to new careers in their 30s/40s share their experiences, advice, and thoughts on their transitions. MORE

  2. Jason Fried, Basecamp CEO, built an 8-figure business using an unconventional approach to business writing, challenging Silicon Valley startup norms. MORE

  3. Comprehensive guide to preparing for product management interviews, covering common questions, frameworks, and available courses. MORE

  4. 3 LinkedIn tips to help job seekers: 1) Optimize your profile, 2) Engage with your network, 3) Leverage LinkedIn's job search features. MORE

  5. Salary Negotiation: Make More Money, Be More Valued. MORE

πŸš€ Productivity

  1. This episode explores controlling the brightness of external displays using the command line on Apple silicon macOS devices. MORE

  2. Mactop is a terminal-based monitoring tool "top" designed to display real-time metrics for Apple Silicon chips. MORE

  3. Dealing with uncertainty: starting your own freelance company. Misha encourages viewers to put in the work and resist unhealthy escapes, while also emphasizing the importance of surrendering to a higher power and trusting the process. MORE

  4. There Are Two Types of People: those who seek permission to live their desired life and those who take action and grant themselves permission. MORE

🌎 Community

πŸŽ‰ Celebrate

  1. Another successful NahamCon in the books. Congrats! MORE

  2. STΓ–K encourages everyone to send love to their favorite creators. It's not easy! MORE

  3. Gavin obtained their Certified Red Team Operator Badge. LFG! MORE

⚑️ Community

  1. Dani Grant, Jam.dev's community building expert, discusses in-person community building for their product-led growth tool, Jam, which has over 100k users and fixed more than 2 million bugs. MORE

  2. d0nut is living his best life on the beach. MORE

  3. HackerOne's internal hack week is coming up. What do you want them to explore? MORE

πŸ’› Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @Agarri_FR | Nicolas GrΓ©goire | Web hacker and Burp Suite Pro trainer.

  2. @ippsec | ippsec.

  3. @_phzn | Kevin Lewis | Running Developer Relations at @Directus. Director @YouGotThisConf. Loves RedRoxProjects. Boardgamer. Disney Adult. 2x Dad. he/him.

  4. @andirrahmani1 | Andi Rrahmani | Recon.

  5. @sherlocksecure | Udhaya Prakash | Product Security Zomato | SynackRedTeam | Bugcrowd Ambassador.

⬆️ Level up

πŸ“° Read

  1. The newly discovered CVE-2024-32002 vulnerability allows remote code execution through a simple git clone command. Reversing the Git RCE, from initial discovery to crafting a working exploit. MORE

  2. The OSINT community is filled with highly skilled individuals who produce impressive investigations, analyses, and findings. However, it's crucial to embrace failure and learn from mistakes in order to continue improving. MORE

  3. Inside the iOS bug that made deleted photos reappear. MORE

  4. Samsung WB850F Firmware Reverse-Engineering. MORE

πŸ’‘ Tips

  1. The Hacker News thread asks users to share their customization prompts for ChatGPT. MORE

  2. Seeking "MAGICAL" Places. MORE

  3. Hacking WordPress sites for up to $10,000. MORE

Get $200 to try DigitalOcean. Level up your bug bounty game with the ultimate VPS solution. It's my go-to for all recon, automation, and even VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

🧠 Wisdom

  1. Award-winning journalist Sasha shares 50 things they know. MORE

  2. This episode of "Cold Wisdom" discusses 5 underrated ideas to transform your life, covering building skills, ignoring advice, and more. MORE

πŸ“š Resources

  1. Research in the field of email service attacks, including all aspects related to email messages. MORE

  2. Hunting bugs in Nginx JavaScript engine (njs), a JavaScript interpreter that is being used as part of the nginx webserver’s backend. MORE

  3. While assessing a client, an instance of ReCrystallize Server was found with various issues, including insecure configurations and newly discovered vulnerabilities that could be chained to achieve Remote Code Execution (RCE). MORE

  4. 9 Top OSINT webinars to discover the latest OSINT trends and innovations, Tools, techniques, and use cases. MORE

  5. OSINT newsletters recommendations for professionals. MORE

πŸ’­ Quote

❝

"Be regular and orderly in your life like a bourgeois, so that you may be violent and original in your work."

β€” Gustave Flaubert

Here's to the curious ones. The rebels. The hackers. The ones who see life not as it is, but as it could be. The ones who are crazy enough to think they can hack their way to a life they love.

Share the Hive Five newsletter with the doers, those who dare to dream and explore. Together we'll unlock the secrets of infosec, technology, and productivity to design a better world.

πŸ›  Explore

🧰 Tools

  1. Firecrawl is a tool developed by Mendable.ai to crawl and convert any website into LLM-ready markdown. It is currently in the early stages of development, with ongoing merging of custom modules. MORE

  2. Dataherald is a natural language-to-SQL engine that enables enterprise-level question answering over structured data. It allows you to set up an API from your database to answer questions in plain English. MORE

  3. AI Subdomain generates unique subdomain names and runs the httpx tool on them. MORE

  4. The graphqlMaker helps find GraphQL queries in JavaScript files. MORE.

  5. A Terminal UI for browsing security vulnerabilities (CVEs). As default, it uses the vulnerability database (NVD) from NIST and provides search and listing functionalities in the terminal with different theming options. MORE

πŸŽ₯ Watch

  1. Shubham Shah, a renowned security researcher and entrepreneur, shares modern WAF bypass techniques on large attack surfaces. MORE

  2. David Heinemeier Hansson, the creator of Ruby on Rails, discusses SQLite and its advantages over other databases, highlighting its simplicity, performance, and suitability for many use cases. MORE

  3. In this episode, Henri shares his journey from having no tech experience to becoming a SOC Analyst in cybersecurity, offering insights into the path to becoming one. MORE

  4. A masterclass on creating and selling online courses by someone who made $10 million in doing so. MORE

  5. Shodan and WAF Evasion Techniques by godfatherOrwa. MORE

🎡 Listen

  1. Nirav Patel, CEO of Framework Computer, discusses building a new laptop company focused on repairability and openness. MORE

  2. Nelly Furtado's Tiny Desk concert showcased her career highlights, featuring a selection of her biggest hits spanning over 25 years. MORE

  3. iPhone users can recover deleted photos, Scarlett Johansson is concerned about AI voice cloning, and there's an incident involving celebrity fakes. MORE

  4. Underdo the Competition β€” In business, the idea that more is better often leads companies to engage in an endless race to add more features while losing sight of what truly matters to their users. MORE

🌐 Technology

  1. Git's --force-with-lease and --force-if-includes options allow safe force pushing by ensuring the remote branch hasn't changed since your last fetch. MORE

  2. Comparison of the capabilities of various AI chatbots, including ChatGPT, Claude, Copilot, Gemini, and Perplexity, using their paid versions to assess their full range of abilities across different tasks. MORE

  3. Yann LeCun and Marc Andreessen are not considering the potential power of AI systems that combine generative AI with other tools and features. MORE

  4. The iPad Pro 13" teardown reveals a repair-friendly change that could save hours in repair time. Additionally, the Apple Pencil Pro is destroyed in the process. MORE

  5. Zellij is a terminal workspace. It has the base functionality of a terminal multiplexer (similar to Tmux or screen) but includes many built-in features that would allow users to extend it and create their own personalized environment. MORE

πŸ”‘ Visit

  1. Lugg provides on-demand moving and furniture delivery services, offering a truck and movers in under an hour to load, haul, and deliver anything. Get an estimate and try it today! MORE

  2. Steve Eimers, a rural Tennessean with 6 adopted kids, various farm animals, and no engineering background, became the "Guardrail Guy" after an X-Lite guardrail incident. MORE

  3. Windows 98 in your browser?! Talk about nostalgia. MORE

Until next week, take care of yourself and each other,

Bee 🐝

This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.