MonkeHacks #45

First things first - if you celebrate - I hope you had a great Christmas! I’m back in Cork, Ireland with my family. Naturally, I took a break over Christmas and did little hacking. When I wasn’t relaxing, I spent most of my time thinking about 2024, and setting goals for 2025.

The Christmas period has been really busy, so I’ve taken a step back from bug bounty this week to recover from my exhaustion. I’m going to take a few days off, and then hack a lot in the first week of January (for most of the second week, I’ll be on holiday in Vienna in Austria).

Weekly Ideas / Notes 

• This being the last issue of 2024, it’s time to acknowledge some folks. Infosec is so much more than just finding and fixing bugs - it’s a community, and it’s up to us to keep the space wholesome and supportive. In that spirit, I’d like to thank a few people.

  • Firstly - thank you to Mikey96. As well as being a longtime friend of mine, he helped me move to Edinburgh in June, and for that and many other things I thank you.

  • Thank you rez0 for being the greatest hype man and an awesome friend - he and I have big ideas for 2025. And as he recently announced on the latest CTBB episode, he’s switching to doing bug bounty full-time - congratulations!

  • Some shoutouts to my new friends from 2024 - Clover, Synthetica83, Matanber, Kevin Mizu, greenjam, Hakupiku and many more!

• In 2025, I plan on splitting my time evenly between coding and hacking. I want to work on a few ideas, and I think part of the indie-hacking ethos requires that I write about my journey. I’ve vaguely assembled the core skills needed to pull this off (full-stack engineering, scalable cloud infrastructure, etc) over the past two years, so I’m looking forward to applying some of those skills.

• In the last few weeks, I’ve been setting aside some time each week to read a book in a cafe with a friend. I’m finally getting through that huge backlog of books I have, and I think I can get through one book a month at the current rate of progress.

• I got a Meta Quest 3 as a kind of present to myself. Virtual reality has always been fascinating to me.

  • I want to try to hack this thing - spacial computing presents a whole new series of attack vectors!

  • I also want to see how efficient this is as an “external monitor”. The Apple Vision Pro is a bit too expensive for what it does, and I think the Meta Quest is a reasonably priced substitute for it.

• I thought that this would be a giant edition, but nobody actually wrote anything because it’s Christmas, and I also didn’t do very much, so please accept this normal-sized issue instead.

• I need some more time to assemble my thoughts for 2025 so I’ll write a bit more about that next week.

• Finally, big thank you to you, the reader, for following my journey and my work over the last few months, and I hope you have a great new year! I hope we can look back on 2025 in an equally positive manner.

Resources

It was a quiet week, so I don’t have too much to add here, but there were a few cool things.

• Celesian built PugRecon: an insanely fast subdomain database of over 1.6 billion subdomains. Really, really impressive. Seeing this shortly after seeing Ghostty makes me want to write fast code and not the slow, clunky crap that I currently write. I know Python, Javascript/Typescript, Go and a bit of Rust, but I would’t say that my code is performant. It’s functional.

• How I Became The Most Valuable Hacker: Nice brief blog post from Douglas Day - he’s a LHE regular and good friend of mine, we catch up once or twice a year at LHEs. And it goes without saying that he’s a very skilled hacker.

• The Ruby on Rails _json Juggling Attack: A JSON parsing differential in Ruby on Rails.