MonkeHacks #88

Christmas, End of Year Review, 2026 Plans

Author

Monke
December 30, 2025

MonkeHacks #88

You’ve reached the end of the year. Great job! Keep going.

In the past week I spent my Christmas here in Edinburgh, but I returned to Cork from Dec 27th to Dec 29th to visit my relatives. I took a good break this week and spoiled myself a bit. My Christmas present to myself was the paperback version of the 40th anniversary edition of Phrack 72. I’ve read a few articles from this before, which I’ve covered in this newsletter, but I look forward to reading the entire issue from start to finish. The temperature here dropped sharply towards freezing, but thankfully it’s been dry and not too icy. I listened to the Acquired podcast episode on Visa, which was really interesting - have you ever thought about how Visa was founded, and how it operates? Probably not. It’s really cool.

That aside, it’s time to review 2025. An incredible year for me, and I hope you had a great year too.

This innocent face hides a mind of evil and chaos.

Weekly Ideas / Notes 

Reviewing 2025

  • I won’t disclose my income, but I absolutely shattered my goals. This was a split between bug bounty and consulting/pentesting.

  • I attended 5 LHEs! Tokyo, Las Vegas, Mexico on the Google side, and Sydney and Amsterdam with HackerOne. This yielded one MVH, one Most Creative Finding, 2nd Place and Best AI VRP Researchers.

  • I adopted two kittens. They’re growing very fast and it’s been very fulfilling to have them around, although taking care of them is a tremendous amount of work.

  • I’m definitely in better shape than I was at the start of the year. I was lifting quite consistently for a few months this year, but I lost the discipline and I’m weak again (aside from the bouldering muscles). I’m determined to get back to lifting in January. I play soccer every week now, which is fantastic aerobic exercise, and I’m still bouldering weekly as well. But lifting eluded me and I WILL get back to it.

  • I’ve been budgeting with YNAB very consistently for the last few months. I am broadly in control of my finances, although I’ve been working hard to do better financial planning this month. This is important to me as it enables everything else in my life.

  • My 1,600-day Duolingo streak has continued with a Perfect Streak (no streak freezes used) of 90 consecutive weeks. I still journal daily, which is now at 2,200 days. In case you couldn’t tell, I like compounding habits.

  • I visited some very interesting places - Mexico, Australia, New Zealand, Taiwan, and Japan to name a few. I expect to travel quite a bit less in 2026 as I have pets now.

  • I spoke at several conferences - I gave a workshop at Bsides Dublin, spoke at HackAICon in Portugal, and I was a main stage speaker at the Irish government’s national conference in Dublin. This ticks off one of my goals at the start of this year.

  • I started learning guitar and going to therapy. I take weekly guitar lessons, and I go to therapy every two weeks. Therapy has been a fantastic addition to my life - I know myself very well now.

  • In short: it was a very, very good year for me. I feel that I’m much more aligned to where I want to be in life. There’s always more work to be done, though, and that’s the next section.

2026 Plans

  • I’m in control of my finances right now, but I’m not investing anything, so I’d like to fix that soon. Given that my income is irregular, this requires some chats with my accountant, which I anticipate doing in January once I’ve done some more research.

  • I want to set new PBs in running and lifting. I know I can do it - I had a good streak of lifting in 2025, but I want to firmly make it a good habit of mine in 2026.

  • I’m intending to tie it all together with some kind of “Life Dashboard”. I want to link YNAB to my Notion, or perhaps just a vibe-coded UI, and track my progress in every aspect with proper numbers. Notion is probably the easiest option here. I can track my sleep/heart rate and such with my Apple Watch and a third party app called Bevel, which basically imitates Whoop in setting “scores”. I dug up my old sunrise alarm clock from Lumie, so that’s set up by my nightstand now to wake me up more naturally. I need to look at what Bryan Johnson (the immortal unc) is doing - he makes extensive use of things like biomarkers, and while that’s an extreme, I need to at least take a blood test soon to identify any problem areas.

  • I want to maintain a strong financial performance, and to continue diversifying my income. My startup has some problems in scaling that I need to solve first before I can post about it.

  • And finally, in 2026, I want to act on a longtime goal of mine, and try to create a documentary of some kind. I hope to cover my entire 2026, including any Live Hacking Events and my travels. I have a vision for how I want to do this. Time will tell if I can do this idea justice, but the objective is to meet and interview some hackers around the world to show everyone the people behind these handles, as well as to weave it into a narrative through my adventures.

  • Overall: my focus for 2026 is to spend less time working, and more time building up other areas of my life. I want to apply the Pareto Principle and reduce myself to the 20% of work that brings 80% of the income. Like pruning a bonsai tree. A “re-alignment”. A life lived with intention is a life well-lived.

Here’s to 2025, and here’s to a good and hopefully peaceful 2026. I turn 25 next year, and that thought makes me feel old. The kind of lifestyle I live is quite disjointed, and time doesn’t flow very smoothly for me. I think I need to fix that. I wish you the best and have a great new year.

Reading List

  • Currently:

    • Fiction:

      • Solenoid by Mircea Cărtărescu (130/600 pages)

      • Guards! Guards! by Terry Pratchett

    • Non-Fiction:

      • A Random Walk Down Wall Street by Burton Malkiel (150/300 pages)

      • How The World Made The West by Josephine Crawley Quinn (265/400 pages)

      • Founders At Work by Jessica Livingston (190/472 pages)

Resources

  • Cross-Site ETag Length Leak: This is a ludicrously clever technique. Not very useful in bug bounty, but the ingenuity behind it is brilliant.

  • Can you compromise a multi-billion dollar company via /health?: I think you can guess the answer.

  • how to hack discord, vercel and more with one easy trick: An excellent writeup about vulnerabilities in Mintlify that led to RCE in a variety of platforms.

  • MongoBleed explained simply: MongoBleed was a dangerous vulnerability in MongoDB that emerged this week. Unfortunately they published it on Dec 26, so everyone had to go straight back to work to patch this after Christmas.

  • bugbounty.forum: A very interesting new forum site launched by my friend Pomme. The concept is simple: it’s anonymised, but you can verify your earnings via DKIM records to have your bug bounty income amount next to your name, which adds weight to your words. Unfortunately my earnings are all in Protonmail, which tampers with the DKIM records, so I can’t sign up to this site.