MonkeHacks #86

NCSC, Manchester, FOMO

Author

Monke
December 07, 2025

MonkeHacks #86

It was a pretty interesting week - I gave my talk at the Irish government’s annual cybersecurity conference in Dublin to several hundred people, easily the largest in-person conference I’ve ever spoken at (Nahamcon was comparably large but that was virtual). I spoke about my career, bug bounty and a small bit on AI security. I met some very cool people - such as the senior staff from the Japanese embassy. Incredible event, all in all.

My cats are still recovering from their neutering - Tora is fine, but Meap had a minor complication. Unrelated to his recovery from his operation, he threw up this morning and he was very lethargic, so he’s spending the night at the emergency vet tonight. I’m very careful with what I leave lying about around the cats, so I have no idea what the root cause is, but I think he’ll be okay. Not that it makes the whole experience any less stressful.

Raising two kittens is like pseudo-fatherhood. It, of course, cannot be compared to actual fatherhood, but this is a crash course on how to care for another living creature. This feeling of responsibility alone has taught me so much in the last month.

In a stunning demonstration of how laziness can lead to innovation and efficiency, instead of learning to type on my new keyboard, I've turned to using voice dictation to dictate this newsletter instead. This is much faster than typing it out (even on my old MX Keys keyboard!). It also allows me to articulate my thoughts more succinctly.

73,000 people at Manchester United vs West Ham in Old Trafford. Unforgettable.

Weekly Ideas / Notes 

  • This week, my thoughts drifted to Waymo. I've been thinking about how this technology might impact our day-to-day lives. It strikes me as something that could radically upset how we currently use private hire transport. I know it's already in use in San Francisco and London and, evidently, it's going to spread to more parts of the world soon. This is, really, an existential threat to Uber. I think it's important to look ahead by two or three years within reason, and try to envision the world that we COULD live in because this can help you to make decisions that you make today. For example, if there was a large-scale solar event that wiped out computers worldwide, how screwed would you be for finding a job that isn't at a screen? Obviously this is an extreme example, but it's good to think about these things.

  • I went to watch Manchester United vs West Ham with my best friend. Manchester United drew 1-1, which was unfortunate, but I'm glad I saw a goal. On the way back to the city, there was a really, really long walk of about 10,000 people forming a steady stream of football pilgrims after the game. This pilgrimage back to the city really impacted me. It was like this ritual that no one ever talks about, and I had the fortunate opportunity to experience it myself. These are the small pockets of unforgettable experience that every traveller is looking for on a trip.

  • The reaction to React2Shell reminds me of Log4j. There is this initial flurry of automation, and then large programs start reacting in a panic. Vercel opened a bug bounty program just for bypasses. Now, the proof of concept was not as immediately public as Log4j was, but this is evidently still a very serious issue. With major vulnerabilities like these, there's always a feeling of FOMO. But at the same time, there are other opportunities that I haven't missed. You can't catch every train that comes your way. These are the shiny things that can distract you from your core mission.

  • I had a moment of reflection after being on stage in Dublin about where my life is going and how my life has led to this point. It's really not something I could ever have envisioned when I was getting into bug bounty or security in general. You can't really predict what opportunities you'll get in the future. You can only live your life in such a way that will 1) bring you more opportunities and 2) put you in a better position to use them. That's my general philosophy: to be well-prepared. With preparation, I can be better positioned to seize those opportunities when they arise. And if you're not prepared, well, you really have no one to blame but yourself. Or myself, in this case.

  • The building I live in now has some of the best views anywhere in Edinburgh. The terrace opened very recently and no one has been booking it, so I’ve been working from it occasionally. I find that my problems and worries seem so unimportant when I can see the world sprawling out before me. Views are important. Once I can drive, I’ll go hiking.

Reading List

  • Currently:

    • Fiction:

      • Solenoid by Mircea Cărtărescu (130/600 pages)

      • Guards! Guards! by Terry Pratchett

    • Non-Fiction:

      • A Random Walk Down Wall Street by Burton Malkiel (150/300 pages)

      • How The World Made The West by Josephine Crawley Quinn (265/400 pages)

      • Founders At Work by Jessica Livingston (190/472 pages)

Resources

  • SVG Clickjacking: Clever new technique discovered in the course of recreating Apple’s Liquid Glass effect.

  • React2Shell: read about it on the original author’s site, linked here.