The 5 Hacking NewsLetter 82

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 22 to 29 of November.

T5HN82.png

Our favorite 5 hacking items

1. Conference of the week

SecTalks Live 2019 - The Changing Landscape of Web Tooling | Questions? !questions & @xyantix’s notes

This is recap by @codingo_ of the latest changes in open source Web security tooling. Categories discussed are scaling, directory brute forcing, XSS subdomain discovery, API keys and build logs, and cloud based services.

With the year ending, it is nice to stop and reflect on the state of our tools. Better ones with more features and attack techniques are released all the time. Following the trends is necessary to avoid using outdated tools.

More …

The 5 Hacking NewsLetter 81

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 15 to 22 of November.

T5HN81.png

Our favorite 5 hacking items

1. Tip of the week

Rewarded with $xxxx for an issue which could have allowed me an access to stag & prod server. Sub-domain scan -> dir fuzz -> found a publicly exposed git -> extracted all committers email -> found one email in pw dump -> used it to log into git instance -> got creds for servers

I’ve never thought of this, but it is a great idea for exploiting exposed .git folders: In addition to extracting source code, you can also extract committer emails and search for them on password dumps. I’d also search for them on Google, Github, etc. Good idea for recon/OSINT!

More …

The 5 Hacking NewsLetter 80

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 08 to 15 of November.

T5HN80.png

Our favorite 5 hacking items

1. Conference of the week

DEF CON 27

Finally, DEF CON 27 videos are released! There is no introduction needed, right?

I’m watching this first: “Owning The Clout Through Server Side Request Forgery” by @NahamSec & @daeken. What about you?

More …

The 5 Hacking NewsLetter 79

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 01 to 08 of November.

T5HN79.png

Our favorite 5 hacking items

1. Conference of the week

Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks - Alyssa Herrera & Other Hack.lu 2019 talks

The slides for this talk were published months ago, and I was really hoping for the talk to be public too. Alyssa is known for focusing on server-side bugs, especially SSRF. So, this is a must watch for anyone who wants to learn about this bug class. It is also a good example on the kind of thinking and focus you need to find critical bugs and become an expert at a specific topic.

More …

The 5 Hacking NewsLetter 78

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 25 of October to 01 of November.

T5HN78.png

Our favorite 5 hacking items

1. Podcast of the week

The Bug Bounty Podcast - Episode #1 - STÖK

This podcast is A-M-A-Z-I-N-G! It makes you feel like you’re at a live hacking event, sitting with two seasoned bug hunters discussing all kinds of subjects. It goes from how to pronounce CSRF, how @stokfredrik overcame depression, to his race conditions research, etc.

This is perfect for when you want to listen to something relaxing but still informational and related to bug bounties. To accompany with a nice cup of coffee, hygge style!

More …