- MonkeHacks
- Posts
- MonkeHacks #20
MonkeHacks #20
Simian Security, Q3, Arthur's Seat
MonkeHacks #20
Well, here we are! Issue 20. On the personal side, I sorted out my living circumstances and moved into my new place. A Mongolian guy had been snoring loudly in my hostel for the last few days, so I was really glad to escape that place. This week, I can begin to build my routine again and go back to bouldering and such.
I launched Simian Security, my web security company. I’m keeping this newsletter separate from that, so you can visit my company website to read more about it.
As we enter Q3 this year, I’m super motivated to hack. It’s a Monday—a new week, a new quarter, and new stats to create. I live relatively close to the hill that I’ve posted below, and when I felt mentally exhausted this past week, climbing this thing and taking in the view gave me a big mental health boost.
Arthur’s Seat. It’s about 820ft (251m) tall so it takes only ~30mins to climb it.
100-Hour Challenge Updates
Here are this week’s statistics:
⌛️ Hours This Week | 0 |
⏳️ Hours Left | 17 |
🗞️ Total Reports (All-Time) | 3 |
✅ Total Triages (All-Time) | 3 |
✨ New Triages (This Week) | 0 |
💸 Bounties | $25533 |
I made no progress on the 100-hour challenge this past week —there was too much other stuff on my plate. However, I’ll try to knock out another 8 or 9 hours this week to put myself within touching distance of the finish line. More on that in the next issue.
Weekly Ideas / Notes
Portswigger raised $112M this week! This is awesome. In the past year or two, Portswigger has had to be more aggressive in pushing new features or rolling out bug fixes, and we can pretty safely attribute that to competitive pressure from Caido. Caido will continue to gather customers regardless of this competitive development, so I look forward to seeing how this space grows.
I didn’t get much hacking done this week because I was crafting my company website using React and Radix UI components. Sure, I could’ve used a site generator like Webflow or WordPress, but thanks to my manual work, I can now build relatively performant frontends in Typescript! That said, I did have a panic moment when I launched the page on LinkedIn and Twitter, and I realised that it had crap mobile responsiveness. To quote the poem The Road Not Taken, which I feel summarises how you should approach things pretty well:
Regarding the upgrades to the Primate Pack and other projects:
Aside from one project I’m working on with Mikey96, which I think will launch next week, I’ll focus on paying my own bills first. Once that’s off my mind, I can focus on the wishlist items on my to-do list.
Now that we’re at issue number 20, it’s time to reiterate what MonkeHacks is and will continue to be. To me, this is a place to deposit what I’ve been reading and a place to share my thoughts and ideas from the past week. And it’ll continue to be exactly that.
I wrestled with the idea of specialisation this past week, but I now more or less understand which direction I want to take. July warrants more experiments in this regard. I might write about my logical process to find this idea at some point, but not anytime soon.
Resources
Unleashing Claude 3.5 Sonnet as a Hacker - rez0 outlines how to use Claude 3.5 Sonnet for hacking purposes using a jailbreak.
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102): The blog post from Assetnote on the Magento XXE - you’ve probably heard about this bug by now.