MonkeHacks #13

I’m back in Tokyo now, but tomorrow I’m going to meet my mom in Tokyo Station to go to Sendai and see our relatives. I got my second tattoo on my left arm on Sunday - a very Japanese design to pay tribute to that side of my heritage. I won’t post that here, but you might see it once it heals.

In Osaka, I went to a startup hub and chatted with some folks in the coworking space with my friend. It was an interesting experience. I picked apart and critiqued my friend’s startup plans to help him move forward. It was a very useful and successful brainstorming session. He actually runs a business helping companies to use Notion in their workflows (niche, right?) so he kindly gave me a cool template to manage my tasks. It’s working well so far.

I took an excellent evening nap in the Shinjuku Gyoen Gardens on Saturday. It was nice and warm, but not too hot. The sun was warm on my face and I had some coffee with me as well. There’s a Starbucks in that park. A really cool one, too.

This week, too, I was pretty busy with life, and I didn’t get as much done as I would’ve liked. Definitely feeling the self-imposed pressure right now. So here’s a reminder that that’s okay! Sometimes you just need to sit back and look at your tasks, and break them down one by one. Don’t slack off, but don’t beat yourself up for an off-day, or even an off-week. I’m two weeks into my off-phase, but I can feel myself leaving this phase.

It’ll be a productive week this week because there’s absolutely nothing to do in Sendai near my grandma’s house, except drink coffee and hack. Hehe. So here’s my promise to you that this week, I’m gonna knock out a ton of work! So you’d better do the same.

After that? I’m flying back to Europe this week on May 17. I think I need a routine to be more productive. Here’s hoping that I can settle into one next month - I’m still moving around this month, unfortunately.

More slow progress on some side projects. I’ll be posting some less technical content soon as well, so stay tuned. This content won’t be in the email format, and instead will only be published as an article, so don’t worry about noise.

And here’s one more aside for a fairly bulky life section this week. My friend has been minding my apartment in The Hague (Netherlands) while I’m travelling, and during Eurovision, he decided to drape a Joost Klein poster over my balcony as a show of support. Well, for some reason, one of the largest Dutch newspapers - De Telegraaf - decided to use that poster as a cover image for their article about Joost’s disqualification. What the hell?

I’m moving out of that apartment very soon, so there’s no point in OSINTing me.

100-Hour Challenge Updates

Here are this week’s statistics:

Still no response from HackerOne triage. I am disappointed by the triagers assigned to this program, to be honest. I have no further work done towards this challenge.

After mediation and a long struggle to get the High bug rectified… it was finally reviewed! The team has since apologised and they paid an additional $9k, bringing this to $22k! I’m very happy with this outcome, as I was uncertain about what would happen for a long, long time. I’m just relieved that this was resolved properly.

Weekly Ideas / Notes 

• JSON Patch - a really interesting idea from h4x0r_DZ on Twitter. I can’t attest to the usefulness of it but it’s a good thing to add to your methodology.

• Tools using local LLMs - bytehx and I were chatting about tools using local LLMs like ollama. This is a space that I’d really like to see expand for hacking tools.

• Following up on the collaborative Caido system - I’ve been thinking more about the ultimate compact hacking setup.

  • Maybe foldable phones like the Galaxy Fold, connecting to Caido in a VPS? That would be super compact, and you could probably configure an upstream proxy and also use mobile data to hack from anywhere.

  • Foldable keyboards are really useful for simple travel. I have one that folds up really small, but I forget the name of it. This could be combined with the foldable phone to have an extremely small but effective hacking setup.

  • In theory, a Steam Deck would be great for this type of thing.

  • Of course, this is all just an ideal. Who cares what you use?Just start hacking. All you need at this point is internet access to hack.

• On a more general note, there’s a really well-known but nonetheless effective comment on Reddit about self-discipline that I find really valuable. It deals with this idea of “non-zero days” where you do something, no matter how small, on your task every day. Yes, it’s ironic because cybersecurity zero-days. Ha ha. Anyway, here’s the link. I hope you find it useful.

• OpenAI launches GPT-4o: a new model that’s been trained on text, visuals and audio, all at once. We’re closer than ever to having real-time, personal AI assistants. They’re also releasing a desktop app for MacOS, which I’m looking forward to.

• My friend Hacktus found an LLM vulnerability with rez0 in HackerOne’s Hai!

Resources 

• Digging for SSRF in NextJS apps - do Shubs and his team ever miss with their research? Nope. Apparently not. Another excellent writeup from the team over at Assetnote.

• Hackyx - a cybersecurity search engine by Aituglo. Really cool site!