MonkeHacks #48

Codebase Redesign, Celebrations, Climbing

Author

Monke
January 18, 2025

MonkeHacks #48

Yet again it was a really hectic week. Aside from pentesting, a friend from Ireland visited me, so that took up some time. The weather was nice and clear (highly unusual for Scotland in the wintertime) so I climbed Arthur’s Seat with my friend and enjoyed the sunshine. Now it’s back to cold weather, but it was nice while it lasted.

I went climbing three times this week, so I really, really need to stop renting climbing shoes and just buy my own. That’s on the to-do list for this upcoming week.

Automation was my main focus this week, so I spent a lot of time working with Cursor to refine my codebase.

A helicopter depositing gravel at the top of Arthur’s Seat to replace the paths.

Weekly Ideas / Notes 

  • I wrapped up the final stages of the pentest I was working on, and I switched focus to automation.

  • More specifically, I redesigned the codebase from scratch to be more services-focused. I made a lot of optimisations, and put up and reconfigured all of my old infrastructure, and got a version 1 of my code working well. I’ve been running into some stupid bugs in my code, so most of my time has been spent squashing those.

    • I use the free version of Cursor set to GPT-4o, relying on my OpenAI API key, which I’ve found to be very cost-effective. It can’t use Composer but I do most of the system design work myself anyway. I also run my finished code through a well-prompted o1 chat to examine any potential problems with it. Finally, everything is run through Kubernetes and I examine the logs in my Kubernetes pods to fix any remaining issues.

  • I managed to fix my sleep schedule. Let’s see how long this lasts…

  • Congratulations to my good friend rez0, who has started full-time bug bounty!

  • Aaaand another big congratulations to my friend Bálint, who landed a really nice 5-figure bounty on Google VRP! Bálint, of QR code text injection fame, is one of the most promising up-and-coming hackers I know.

  • For the rest of the month, I’m aiming to get my automation running to a satisfactory state. Once that’s done, I’ll focus on new research. Most likely I’ll dive into a research topic tangentially related to client-side.

Resources