- Hive Five
- Posts
- ๐ Hive Five 189 - Do it because you canโt not.
๐ Hive Five 189 - Do it because you canโt not.
The Art of Recon, How To Start a Startup, The Effects of Generative AI on High Skilled Work, Tiny Trick & Experiments, and more...
Hi friends,
Greetings from the hive!
I overthink. A lot.
It prevents me from doing a lot of things in life. Some, I should've done a long time ago.
However, there's an exception. Curation.
I've been collecting and sharing ever since I've laid my hands on a keyboard.
It's effortless. Mushin no shin.
Being able to share my findings with you is a great privilege.
Another one of those things is my passion for experience engineering. By creating better user experiences, everyone wins.
I think that's the next step.
Let's take this week by swarm!
๐ The Bee's Knees
Benjamin and Aliz spent $20 to achieve RCE and accidentally became the admins of .MOBI. MORE
3 Critical 0-click TikTok Account Takeover Vulnerabilities, 2FA bypass, and more security issues in TikTokโs system. MORE
The Art of Recon: Strategies for Modern Asset Discovery. Assetnote breaks down their approach to reconnaissance into five key elements: breadth, depth, context, amplification, and focus. MORE
Before there was YC, there was YC. Learn how to start a startup with this lecture series from Paul Graham, Sam Altman and the early YC founders and team. MORE
The Effects of Generative AI on High Skilled Work: Evidence from Three Field Experiments with Software Developers. Researchers compare results from three studies to discover how GitHub Copilot affects developer productivity. MORE
"Though each separate experiment is noisy, combined across all three experiments and 4,867 software developers, our analysis reveals a 26.08% increase (SE: 10.3%) in the number of completed tasks among developers using the AI tool. Notably, less experienced developers showed higher adoption rates and greater productivity gains."
Upgrade Yourself โ
You're getting the free version. Members get more โ including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Do you have a product or service to promote? Find out more about advertising in Hive Five.
โ๏ธ Table of Content
๐ฐ Updates
๐ฏ My work
โ Changelog
The Param Miner 1.51 release from PortSwigger fixes an error during value probing on JSON discoveries. MORE
Burp Suite has received a performance update that makes it faster than ever, empowering hands-on security professionals with a tool they can rely on and enjoy using. MORE
OpenAI released two new preview models, o-preview and o-mini, previously codenamed "strawberry". These models are part of the o1 chain-of-thought family. MORE
Gareth beta launched the new web Hackvertor, featuring a brand-new tag parser, sandboxed iframes for executing user-supplied tags, and a save URL feature. MORE
A new horse entered the arena: DarkHorse makes crowdsourced and offensive security accessible, affordable, and scalable for all, though the application is not optimized for mobile devices. MORE
๐ผ Work
๐ฐ Career
Jason Fried, co-founder of Basecamp, discusses innovative startup ideas and frameworks for building products people love, as well as his thoughts on the current software landscape. MORE
Hadrian's Security is hiring hackers, both full-time and interns, in India, the Netherlands, and remotely. MORE
As performance review season gets underway in many places, hereโs a rough model to help you think about how others perceive you along the following 3 dimensions: Content, Confidence, and Context. MORE
๐ Productivity
The book "Tiny Experiments" aims to help readers redefine their notions of success and discover their unique paths in life, as a neuroscientist shares insights from their personal experiences. MORE
A Burning Man 2024 set to vibe out on and get in that flow state: RรFรS DU SOL (DJ SET) - Mayan Warrior. MORE
Prompt techniques that go beyond simply adding "Think step-by-step." They encourage the model to articulate logic and justify conclusions. MORE
๐ Community
๐ Celebrate
โก๏ธ Timeline
Nahamsec purchased a new streaming setup and plans to resume regular streaming sessions. MORE
Naffy raises an intriguing question about the dominance of a small group in bug bounty, despite the industry's apparent abundance of web application testing professionals. MORE
The advent of AI tools like Cursor, Copilot, and Momentic has radically transformed software engineering workflows. Over 140 engineers recently convened for a 24-hour hackathon, exploring how to leverage AI to build better, faster software. MORE
Calling all Nahomies for the upcoming CTF challenge that launches Sept 20th. Join the Discord to team up, collaborate, and tackle the puzzle together. MORE
๐ Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@j3ssiejjj | j3ssie (Ai Ho) | A passionate security engineer and creator of @OsmedeusEngine, Metabigor, and Jaeles.
@TheAlexLichter | Alexander Lichter | Web Dev Consultant โข Founder of Developmint โข @nuxt_js team.
@hateshaped | hateshape.
@0xpatrik | Patrik Hudak | (Automation x AI)ยฒ.
@foobar0x7 | foobar7 | IT Security Consultant & Bug Hunter.
๐ Level up
๐ฐ Read
Exploiting JavaScript Interface for Unauthorized Access in a 'global' cryptocurrency exchange Android app. MORE
Zero-Click Calendar invite โ Critical zero-click vulnerability chain in macOS. MORE
CVE hunting is more accessible than many realize, and the methodology outlined in the blog post requires only a bit of coding knowledge, allowing Eddie to discover numerous CVEs in just three Sunday afternoons. MORE
The Novice's LLM Training Guide covers the basics, fine-tuning, LoRa, training hyperparameters, and interpreting learning curves. MORE
Wietze demonstrates how
argv[0]
, typically harmless, can be used to deceive security analysts, bypass detections, and break defensive software, across all main operating systems. MORE
๐ก Tips
Google Search now allows users to view archived webpages directly through the Internet Archive's Wayback Machine, a significant step forward for digital preservation. MORE
A free and open-source alternative to the Cursor AI IDE, offering a local and fully free option: VSCode + Aider + Supermaven. MORE
The most important things you need to understand to interact with LLM-based systems like ChatGPT and Claude effectively. MORE
Extract API endpoints and constructing complex HTTP requests from JavaScript files using AI, without the need for fancy tools. MORE
You can pinpoint the first commit that introduced a specific code snippet using the command
git log --reverse -S <code>
. MORE
๐ง Wisdom
Software developers, especially skilled ones, often take pride in crafting intricate solutions that showcase their expertise, despite the potential for costly mistakes. MORE
Practical approaches to improving teamwork, such as "Give credit, take responsibility". MORE
100 tiny tricks to help with everything from digital overwhelm to lumpy sugar and unpaid bills. MORE
According to George Hotz, embodied intelligence will be a significant force in the next 20 years, far surpassing the impact of humanoid robots. Hardware is not the problem, it's good software 2.0 infrastructure. MORE
Obsessing over configuring Grafana dashboards and CI/CD pipelines for a simple CRUD app might not be the best use of your time. MORE
๐ Resources
idekCTF 2024 was home to an interesting problem called srcdoc-memos, which delved into the intricacies of iframes and related knowledge. MORE
Google's Cloud Vulnerability Research team (CVR) presents vulnerabilities in a third-party JPEG 2000 image library called Kakadu. MORE
The Android courses from hextree.io aim to teach everything needed to get started with Android Bug Bounty, particularly the Google Mobile VRP. MORE
Awesome Go is a curated list of excellent Go frameworks, libraries, and software that can aid in the development of applications in the Go programming language. MORE
A curated list of awesome websites, applications, tools, and shiny things for Apple Notes. MORE
๐ญ Quote
"You do it for yourself. You donโt expect to change the world. You donโt even expect to influence your family or your friends. You do it because you canโt not do it and be who you are. Or who youโre meant to be."
๐ Explore
๐งฐ Tools
Octoscan is a static vulnerability scanner for GitHub action workflows. MORE
Read Their Lips, powered by Symphonic Labs, allows users to analyze lip movements in a video file and convert them to text. MORE
BrowserSnatch is a versatile tool designed to extract sensitive data from various web browsers, including Chromium-based browsers like Edge and Chrome, as well as Gecko-based browsers like Firefox. MORE
gotop
is a terminal-based graphical activity monitor written in Go, inspired by and similar tovtop
, providing a visual way to monitor system performance. MOREDynamic File Searcher is an advanced, Go-based tool for deep web crawling, able to dynamically generate and explore paths based on target hosts, enabling more comprehensive scans than traditional tools. MORE
Get $200 to try DigitalOcean โ the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
๐ฅ Watch
This talk by joohoi and STรK explores how a single bit change in the domain name google.com can lead to a variety of valid "bitflip" domains, highlighting the potential security implications of such subtle modifications. MORE
Watch all of the talks from OrangeCon 2024โa community-driven, non-profit cybersecurity conference in the Netherlands. MORE
Deno, created by the minds behind Node.js, represents a new chapter in the world of JavaScript runtime. It aims to improve upon the foundations laid by Node.js, offering a fresh approach to modern web development. MORE
Simon Willison discusses how blogging can serve as an accountability mechanism, and how to build intuition with large language models. He also talks about starting a startup with his partner on their honeymoon. MORE
Explore how to leverage AI to become a more effective lifelong learner, featuring insights from Simon Eskildsen on using AI tools to augment personal growth and knowledge acquisition. MORE
๐ต Listen
Nick is a seasoned journalist who has written for prestigious publications like The New York Times and Vanity Fair. He combines his expertise in screenwriting, authoring, and murder mystery enthusiasm to craft captivating stories that engage readers. MORE
Jason Fried and Derek Sivers, both entrepreneurs, share their perspectives on learning from the past and the importance of independence in entrepreneurship. MORE
David Heinemeier Hansson discusses his return to Linux, concerns about Apple's App Store control, and setting up servers on the web. MORE
10 Startups with Stock Grants Thatโll Make You A Millionaire aka Saraโs List 2024. MORE
Zigging vs. zagging: How HubSpot built a $30B company ft. Dharmesh Shah (co-founder/CTO). MORE
๐ Technology
The web's clipboard can store various data types, including images, rich text content, and files. Understanding the clipboard's capabilities is useful for developers working with web applications. MORE
Fatih replaced their home lab setup with the latest Unifi hardware, including gateways, switches, access points, and cameras, after living in their current house for almost four years. MORE
Scott, the co-founder of GitHub, finally shares why GitHub won over competing version control systems: GitHub started at the right time and had good taste. MORE
Julia celebrates their enduring love for the fish shell, a command-line interface, detailing both long-standing and newfound reasons for their affection. MORE
๐ Interesting
The vagus nerve, branching from the brain through organs, orchestrates bodily functions and aspects of the mind, like mood, pleasure, and fear. MORE
Tim Ferriss, the author of "The Four Hour Work Week" and "Four Hour Body", demonstrates the proper technique for the kettlebell swing. MORE
This video follows UFC bantamweight contender Merab Dvalishvili as he prepares to face champion Sean O'Malley at UFC 306 in Las Vegas. MORE
The importance of good posture using three key exercises to improve it: Grip and Upper Body strength, Glutes, and Deltoids. MORE
The cost of 3D printers has plummeted from $300,000 in 1984 to $199 today, showcasing the rapid technological progress and democratization of this transformative technology. MORE
GeoGuessr World Cup - grand finals. MORE
Until next week, take care of yourself and each other,
Bee ๐
๐ Learned something? Dive deeper.
Upgrade Yourself โ
You're getting the free version. Members get more โ including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Share Hive Five โ
Share this newsletter with your friends, colleagues, and BFFs.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE