• Hive Five
  • Posts
  • ๐Ÿ Hive Five 189 - Do it because you canโ€™t not.

๐Ÿ Hive Five 189 - Do it because you canโ€™t not.

The Art of Recon, How To Start a Startup, The Effects of Generative AI on High Skilled Work, Tiny Trick & Experiments, and more...

Hi friends,

Greetings from the hive!

I overthink. A lot.

It prevents me from doing a lot of things in life. Some, I should've done a long time ago.

However, there's an exception. Curation.

I've been collecting and sharing ever since I've laid my hands on a keyboard.

It's effortless. Mushin no shin.

Being able to share my findings with you is a great privilege.

Another one of those things is my passion for experience engineering. By creating better user experiences, everyone wins.

I think that's the next step.

Let's take this week by swarm!

๐Ÿ The Bee's Knees

  1. Benjamin and Aliz spent $20 to achieve RCE and accidentally became the admins of .MOBI. MORE

  2. 3 Critical 0-click TikTok Account Takeover Vulnerabilities, 2FA bypass, and more security issues in TikTokโ€™s system. MORE

  3. The Art of Recon: Strategies for Modern Asset Discovery. Assetnote breaks down their approach to reconnaissance into five key elements: breadth, depth, context, amplification, and focus. MORE

  4. Before there was YC, there was YC. Learn how to start a startup with this lecture series from Paul Graham, Sam Altman and the early YC founders and team. MORE

  5. The Effects of Generative AI on High Skilled Work: Evidence from Three Field Experiments with Software Developers. Researchers compare results from three studies to discover how GitHub Copilot affects developer productivity. MORE

"Though each separate experiment is noisy, combined across all three experiments and 4,867 software developers, our analysis reveals a 26.08% increase (SE: 10.3%) in the number of completed tasks among developers using the AI tool. Notably, less experienced developers showed higher adoption rates and greater productivity gains."

Upgrade Yourself โ†’

You're getting the free version. Members get more โ€” including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.

Do you have a product or service to promote? Find out more about advertising in Hive Five.

โœ๏ธ Table of Content

๐Ÿ“ฐ Updates

๐Ÿฏ My work

โœ… Changelog

  1. The Param Miner 1.51 release from PortSwigger fixes an error during value probing on JSON discoveries. MORE

  2. Burp Suite has received a performance update that makes it faster than ever, empowering hands-on security professionals with a tool they can rely on and enjoy using. MORE

  3. OpenAI released two new preview models, o-preview and o-mini, previously codenamed "strawberry". These models are part of the o1 chain-of-thought family. MORE

  4. Gareth beta launched the new web Hackvertor, featuring a brand-new tag parser, sandboxed iframes for executing user-supplied tags, and a save URL feature. MORE

  5. A new horse entered the arena: DarkHorse makes crowdsourced and offensive security accessible, affordable, and scalable for all, though the application is not optimized for mobile devices. MORE

๐Ÿ’ผ Work

๐Ÿ’ฐ Career

  1. Jason Fried, co-founder of Basecamp, discusses innovative startup ideas and frameworks for building products people love, as well as his thoughts on the current software landscape. MORE

  2. Hadrian's Security is hiring hackers, both full-time and interns, in India, the Netherlands, and remotely. MORE

  3. As performance review season gets underway in many places, hereโ€™s a rough model to help you think about how others perceive you along the following 3 dimensions: Content, Confidence, and Context. MORE

๐Ÿš€ Productivity

  1. The book "Tiny Experiments" aims to help readers redefine their notions of success and discover their unique paths in life, as a neuroscientist shares insights from their personal experiences. MORE

  2. A Burning Man 2024 set to vibe out on and get in that flow state: RรœFรœS DU SOL (DJ SET) - Mayan Warrior. MORE

  3. Prompt techniques that go beyond simply adding "Think step-by-step." They encourage the model to articulate logic and justify conclusions. MORE

๐ŸŒŽ Community

๐ŸŽ‰ Celebrate

  1. Blaklis was awarded an $8,300 bounty on HackerOne, crossing the $1 million mark on HackerOne and $2 million on BugBounty. Congrats! MORE

  2. Mallok attended a lively hacking event in Las Vegas, placing in the top 5 overall, and passed over $2 million in bounties. LFG! MORE

โšก๏ธ Timeline

  1. Nahamsec purchased a new streaming setup and plans to resume regular streaming sessions. MORE

  2. Naffy raises an intriguing question about the dominance of a small group in bug bounty, despite the industry's apparent abundance of web application testing professionals. MORE

  3. The advent of AI tools like Cursor, Copilot, and Momentic has radically transformed software engineering workflows. Over 140 engineers recently convened for a 24-hour hackathon, exploring how to leverage AI to build better, faster software. MORE

  4. Calling all Nahomies for the upcoming CTF challenge that launches Sept 20th. Join the Discord to team up, collaborate, and tackle the puzzle together. MORE

๐Ÿ’› Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @j3ssiejjj | j3ssie (Ai Ho) | A passionate security engineer and creator of @OsmedeusEngine, Metabigor, and Jaeles.

  2. @TheAlexLichter | Alexander Lichter | Web Dev Consultant โ€ข Founder of Developmint โ€ข @nuxt_js team.

  3. @hateshaped | hateshape.

  4. @0xpatrik | Patrik Hudak | (Automation x AI)ยฒ.

  5. @foobar0x7 | foobar7 | IT Security Consultant & Bug Hunter.

๐Ÿ„ Level up

๐Ÿ“ฐ Read

  1. Exploiting JavaScript Interface for Unauthorized Access in a 'global' cryptocurrency exchange Android app. MORE

  2. Zero-Click Calendar invite โ€” Critical zero-click vulnerability chain in macOS. MORE

  3. CVE hunting is more accessible than many realize, and the methodology outlined in the blog post requires only a bit of coding knowledge, allowing Eddie to discover numerous CVEs in just three Sunday afternoons. MORE

  4. The Novice's LLM Training Guide covers the basics, fine-tuning, LoRa, training hyperparameters, and interpreting learning curves. MORE

  5. Wietze demonstrates how argv[0], typically harmless, can be used to deceive security analysts, bypass detections, and break defensive software, across all main operating systems. MORE

๐Ÿ’ก Tips

  1. Google Search now allows users to view archived webpages directly through the Internet Archive's Wayback Machine, a significant step forward for digital preservation. MORE

  2. A free and open-source alternative to the Cursor AI IDE, offering a local and fully free option: VSCode + Aider + Supermaven. MORE

  3. The most important things you need to understand to interact with LLM-based systems like ChatGPT and Claude effectively. MORE

  4. Extract API endpoints and constructing complex HTTP requests from JavaScript files using AI, without the need for fancy tools. MORE

  5. You can pinpoint the first commit that introduced a specific code snippet using the command git log --reverse -S <code>. MORE

๐Ÿง  Wisdom

  1. Software developers, especially skilled ones, often take pride in crafting intricate solutions that showcase their expertise, despite the potential for costly mistakes. MORE

  2. Practical approaches to improving teamwork, such as "Give credit, take responsibility". MORE

  3. 100 tiny tricks to help with everything from digital overwhelm to lumpy sugar and unpaid bills. MORE

  4. According to George Hotz, embodied intelligence will be a significant force in the next 20 years, far surpassing the impact of humanoid robots. Hardware is not the problem, it's good software 2.0 infrastructure. MORE

  5. Obsessing over configuring Grafana dashboards and CI/CD pipelines for a simple CRUD app might not be the best use of your time. MORE

๐Ÿ“š Resources

  1. idekCTF 2024 was home to an interesting problem called srcdoc-memos, which delved into the intricacies of iframes and related knowledge. MORE

  2. Google's Cloud Vulnerability Research team (CVR) presents vulnerabilities in a third-party JPEG 2000 image library called Kakadu. MORE

  3. The Android courses from hextree.io aim to teach everything needed to get started with Android Bug Bounty, particularly the Google Mobile VRP. MORE

  4. Awesome Go is a curated list of excellent Go frameworks, libraries, and software that can aid in the development of applications in the Go programming language. MORE

  5. A curated list of awesome websites, applications, tools, and shiny things for Apple Notes. MORE

๐Ÿ’ญ Quote

โ

"You do it for yourself. You donโ€™t expect to change the world. You donโ€™t even expect to influence your family or your friends. You do it because you canโ€™t not do it and be who you are. Or who youโ€™re meant to be."

Martin Sheen

๐Ÿ›  Explore

๐Ÿงฐ Tools

  1. Octoscan is a static vulnerability scanner for GitHub action workflows. MORE

  2. Read Their Lips, powered by Symphonic Labs, allows users to analyze lip movements in a video file and convert them to text. MORE

  3. BrowserSnatch is a versatile tool designed to extract sensitive data from various web browsers, including Chromium-based browsers like Edge and Chrome, as well as Gecko-based browsers like Firefox. MORE

  4. gotop is a terminal-based graphical activity monitor written in Go, inspired by and similar to vtop, providing a visual way to monitor system performance. MORE

  5. Dynamic File Searcher is an advanced, Go-based tool for deep web crawling, able to dynamically generate and explore paths based on target hosts, enabling more comprehensive scans than traditional tools. MORE

Get $200 to try DigitalOcean โ€” the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

๐ŸŽฅ Watch

  1. This talk by joohoi and STร–K explores how a single bit change in the domain name google.com can lead to a variety of valid "bitflip" domains, highlighting the potential security implications of such subtle modifications. MORE

  2. Watch all of the talks from OrangeCon 2024โ€”a community-driven, non-profit cybersecurity conference in the Netherlands. MORE

  3. Deno, created by the minds behind Node.js, represents a new chapter in the world of JavaScript runtime. It aims to improve upon the foundations laid by Node.js, offering a fresh approach to modern web development. MORE

  4. Simon Willison discusses how blogging can serve as an accountability mechanism, and how to build intuition with large language models. He also talks about starting a startup with his partner on their honeymoon. MORE

  5. Explore how to leverage AI to become a more effective lifelong learner, featuring insights from Simon Eskildsen on using AI tools to augment personal growth and knowledge acquisition. MORE

๐ŸŽต Listen

  1. Nick is a seasoned journalist who has written for prestigious publications like The New York Times and Vanity Fair. He combines his expertise in screenwriting, authoring, and murder mystery enthusiasm to craft captivating stories that engage readers. MORE

  2. Jason Fried and Derek Sivers, both entrepreneurs, share their perspectives on learning from the past and the importance of independence in entrepreneurship. MORE

  3. David Heinemeier Hansson discusses his return to Linux, concerns about Apple's App Store control, and setting up servers on the web. MORE

  4. 10 Startups with Stock Grants Thatโ€™ll Make You A Millionaire aka Saraโ€™s List 2024. MORE

  5. Zigging vs. zagging: How HubSpot built a $30B company ft. Dharmesh Shah (co-founder/CTO). MORE

๐ŸŒ Technology

  1. The web's clipboard can store various data types, including images, rich text content, and files. Understanding the clipboard's capabilities is useful for developers working with web applications. MORE

  2. Fatih replaced their home lab setup with the latest Unifi hardware, including gateways, switches, access points, and cameras, after living in their current house for almost four years. MORE

  3. Scott, the co-founder of GitHub, finally shares why GitHub won over competing version control systems: GitHub started at the right time and had good taste. MORE

  4. Julia celebrates their enduring love for the fish shell, a command-line interface, detailing both long-standing and newfound reasons for their affection. MORE

๐Ÿ‘€ Interesting

  1. The vagus nerve, branching from the brain through organs, orchestrates bodily functions and aspects of the mind, like mood, pleasure, and fear. MORE

  2. Tim Ferriss, the author of "The Four Hour Work Week" and "Four Hour Body", demonstrates the proper technique for the kettlebell swing. MORE

  3. This video follows UFC bantamweight contender Merab Dvalishvili as he prepares to face champion Sean O'Malley at UFC 306 in Las Vegas. MORE

  4. The importance of good posture using three key exercises to improve it: Grip and Upper Body strength, Glutes, and Deltoids. MORE

  5. The cost of 3D printers has plummeted from $300,000 in 1984 to $199 today, showcasing the rapid technological progress and democratization of this transformative technology. MORE

  6. GeoGuessr World Cup - grand finals. MORE

Until next week, take care of yourself and each other,

Bee ๐Ÿ

๐Ÿ“ˆ Learned something? Dive deeper.

Upgrade Yourself โ†’

You're getting the free version. Members get more โ€” including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.

Share Hive Five โ†’

Share this newsletter with your friends, colleagues, and BFFs.

1 REFERRAL = 20% OFF EVERYTHING IN THE STORE