- Hive Five
- Posts
- π Hive Five 184 - Achieving Your Childhood Dreams
π Hive Five 184 - Achieving Your Childhood Dreams
How To Use AI Effectively, Confusion and Web-Timing Attacks, Awesome WHOIS Resources, and much more...
Hi friends,
Greetings from the hive!
Scrolling through Twitter and Instagram stories this weekend gave me a serious case of FOMO. But, I managed to manifest that energy into inspiration.
DEFCON for me means community. Finally meeting face-to-face after countless hours of online collaboration. There's just something magical about that connection.
I've been incredibly fortunate in my journey to meet some fantastic hackers along the way, and I cheer for every last one of them.
One of the things I love most about the hacker community is how supportive everyone is of each other's growth. Seeing friends smash their goals and level up their skills is genuinely heartwarming.
It reminds me of the importance of surrounding yourself with people who inspire and challenge you.
So, here's a thought for you: How can we bring that DEFCON energy into our daily lives?
Let's take this week by swarm!
π The Bee's Knees
A research scientist at Google DeepMind with 20 years of experience uses AI effectively for various tasks, leveraging it as a powerful tool to enhance productivity and problem-solving. MORE
Randy Pausch, a Carnegie Mellon professor, gave a moving last lecture on achieving childhood dreams before his passing. His lessons and advice inspired the packed auditorium and the world. MORE
In this first session of "Coding with Cursor", Sahil (Gumroad CEO) is joined by Josh, showcasing building a mini-tool in real-time while talking through the entire process of using AI to code. MORE
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server. This research introduces several Httpd architectural debts, including 3 different Confusion Attacks, 9 new vulnerabilities, 20 attack methods, and more than 30 case studies. MORE
Listen to the whispers: web timing attacks that actually work. Novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack surface. MORE
Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.
Table of Contents
π° Updates
π― My work
Extracting a Single Page from a PDF on macOS. MORE
Streamlining Tweet Creation from Markdown β A Bash Script and Espanso Magic. MORE
π― Bee-side 183 - What People Get Wrong About Imposter Syndrome β Remove Stopwords w/ Golang, Retrieve Deleted Tweets, Access Data From Private Repos, AI Winter, and more (PREMIUM). MORE
π News
httpx now has a dashboard with built-in asset management, available on the ProjectDiscovery Cloud Platform (PDCP). MORE
OpenAI now supports structured outputs, allowing developers to specify response formats and schemas. This feature enhances the API's flexibility and integration capabilities. MORE
Black Forest Labs offers FLUX.1, a state-of-the-art image generation with prompt following, quality, detail, and diversity. MORE
πΌ Work
π° Career
π Productivity
Pie Menu is a MacOS tool that allows you to evolve your workflow with a radial menu customized for your active app. MORE
Boost Google Docs productivity with these 10 handy tips, including mastering the "@" command, leveraging pageless mode, and more. MORE
The Blank Sheet Method transforms passive reading into active learning by encouraging note-taking without preconceptions. MORE
This plugin gives you all the features of a standard doc and sheet tool in Obisidian. You can build a powerful Sheet or Doc within Obsidian. MORE
A Software Engineer shares what AI tools theyβre currently using, including a couple of Neovim and Raycast extensions. MORE
π Community
π Celebrate
β‘οΈ Word on the street
STΓK reflects on 10 days in Vegas, meeting inspiring people - from the cyber-curious to OG influencers: "Employers & brands come and go, but the people that do the real work remain the core of it all." MORE
This year's DefCon was hands down NahamSec's favorite. MORE
Grugq on the hostile hotel room searches in Vegas: "The key takeaway is to think of a hotel room as sort of like email in that it feels private, but it isn't. Don't leave anything in your hotel room that you wouldn't leave with the security services." MORE
Albinowax was unable to present in person at Black Hat and DEF CON due to the unexpected early birth of their child. MORE.
Rana had some busy months adjusting to life in Qatar. Weekly YouTube videos returning in September. Brand new course coming soon. MORE
π Level up
π° Read
Breaking his hand forced Erik to write all his code with AI for 2 months, and he's never going back. MORE
You Can't Spell WebRTC without RCE: Part 1 - Surveying Signal/WebRTC and Injecting Vulnerabilities. MORE
Matt used an LLM to generate structured data for a long-running BBC radio series. The "reason" key is essential in the JSON output. MORE
Bypassing browser tracking protection for CORS misconfiguration abuse. MORE
GitHub Actions exploitation: A new technique leverages the Dependabot GitHub app to compromise some repos, leading to arbitrary code push. MORE
π‘ Tips
Success comes from learning from failure. This video explores turning setbacks into opportunities through a structured approach, drawing on personal experiences. MORE
Christoffer StjernlΓΆf built a delightfully simple shell script on top of LLM, called q. It allows you to get an answer back straight away in your terminal. Piping works too. MORE
π§ Wisdom
The Ultimate Stress Relief Cheat Sheet. Techniques to lessen pain and quell anxiety. MORE
Life is not a race, as a mother reminds her young son Jackson. People are going to different places, just like in life, so there's no need to rush. MORE
Becoming oneself is a process of reduction, saying no as the ultimate unlock. MORE
An interview with Sadhguru, a renowned yogi and mystic, has influenced millions worldwide through his transformative programs. He is an internationally acclaimed speaker and author of the New York Times bestseller. MORE
π Resources
Awesome whois resources: Protocol Analysis and Applied Research, Reconnaissance, RDAP, and WHOIS - RFC 3912. MORE
A collection of phone numbers OSINT resources. MORE
9 Underrated Books That Will Make You a Smarter Person, including The Denial of death, The Lessons of History, and more. MORE"
An introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames. MORE
Splitting the email atom: exploiting parsers to bypass access controls. Learn how to turn email parsing discrepancies into access control bypasses and even RCE. MORE
π Quote
π Explore
π§° Tools
Get $200 to try DigitalOcean β the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
SanicDNS is a lightning-fast DNS resolution tool that can handle an incredible number of requests per second, provided the right hardware and resolvers are in place. MORE
SecretMagpie is a powerful secret detection tool that scans repositories across various platforms, uncovering hidden secrets. MORE.
JavaScript AST analysis tool to quickly identify dangerous code and patterns, enabling better code evolution and security research. MORE
SSHamble simulates potential attack scenarios, including unauthorized remote access due to unexpected state transitions, remote command execution in post-session login implementations, and more. MORE
Certainly is an offensive security toolkit to capture large amounts of traffic in various network protocols in bitflip and typosquat scenarios. MORE
π₯ Watch
In May 2024, Google accidentally deleted the private cloud of a multi-billion dollar fund in Australia, causing an unprecedented outage. MORE
Aerospace is a tiling window manager for macOS that has been a breath of fresh air for the author, who has previously struggled with Yabai and Amethyst. Here's a complete guide on how to use it. MORE.
Expert OSINT Tools: Free, Powerful Bookmarklets for Digital Investigators. They allow you to quickly extract User IDs, access full-size profile images, locate hidden JSON data, and so much more. MORE
Packy McCormick, an influential tech voice, explains how AI aids his writing and investing. MORE.
MailMate is a powerful email client for macOS, boasting a wealth of features and customization options. This video provides you with everything you need to know. MORE
π΅ Listen
Opt Out Podcast is a platform where passionate individuals discuss the importance of privacy, share their tools and techniques, and inspire others to prioritize personal privacy and data sovereignty. MORE
Programmatic SEO Projects With Josh Pigford. The strategy, the technical approach, and exactly what (and how) he built some of his AI-generated content marketing strategies for his projects. MORE
π Technology
Apple Intelligence Foundation Language Models research paper β a βΌ3 billion parameter model designed to run efficiently on devices and a large server-based language model designed for Private Cloud Compute. MORE
Dave has become obsessed with the cost of fueling their body during working hours, estimating the monthly expense at around $359.26/month. MORE
Real-time face swap and one-click video deepfake with only a single image. MORE
Enhance your image quality online for free with our advanced AI technology. Enlarge your images up to 10x and 12K for significant clarity improvement. MORE
Find out why they call Ember.js the "the Rails of JavaScript". Learn what it is and how you can use it in your web projects. MORE
π€ Interesting
Tired of screen-sharing limitations, the author has created a 1-FPS encrypted screen-sharing solution for introverts, eliminating the need for paid subscriptions and audio. MORE
The original meaning of 'prestigious' was not positive, but referred to deception or illusion. MORE
Tragic loss at CrossFit games, a young man's life was claimed due to negligence. A GoFundMe has been created to honor Lazar Dukic's memory. MORE
The 400m sprint is considered the most painful track & field event as it pushes the body's energy production to the limit. No person can run the 400m all-out from start to finish, with different energy systems engaged at various MORE.
Friends often return from trips gushing about the joy of walking everywhere. To shift to walking, we must prioritize dignity by designing walkable communities where people can easily access their daily needs. MORE
Until next week, take care of yourself and each other,
Bee π
P.S. Enjoy the newsletter? Please forward it to a friend. It only takes 16 seconds. Making this one took 16 hours.
Upgrade Yourself β
You're getting the free version. Members get more β including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, and so much more. See what you're missing.
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.