The 5 Hacking NewsLetter 15

Hey hackers! These are our latest favorite resources related to pentest & bug bounty.

This issue covers the week from 03 to 10 of August.

T5HN15.png

Our favorite 5 hacking items

1. Writeup of the week

How I gained commit access to Homebrew in 30 minutes by Eric Holmes (@vesirin)

Eric was able to make an unauthorized commit to Homebrew’s GitHub repositories. It took 4 steps and less than 30 minutes:

  • He used Gitrob to automate the organization’s Github recon
  • He looked at previously disclosed issues on https://hackerone.com/Homebrew and found a Jenkins instance (intentionally) publicly exposed
  • Git authenticated push meant that credentials were stored somewhere…
  • The “Environment Variables” page exposed a valid GitHub API token
More …

The 5 Hacking NewsLetter 14

Hey hackers! Once again, we scoured the Web to bring you the latest best resources related to pentest & bug bounty.

This issue covers the week from 27 of July to 03 of August.

T5HN14.png

Our favorite 5 hacking items

1. Tip of the week

Finding domains belonging to a specific target by @edoverflow

One of the most important steps during recon is finding domains that belong to your target.

Many talks and tweets tackle the question of subdomains enumeration, but there is a lot less information out there about finding domains. So it’s nice to read these practical tips from a confirmed bug hunter.

More …

The 5 Hacking NewsLetter 13

Hey hackers! These are our latest favorite resources related to pentest & bug bounty.

This issue exceptionally covers two weeks, from 13 to 27 of July.

T5HN13.png

Our favorite 5 hacking items

1. Non technical item of the week

Under the Hoodie Videos: True Stories from Rapid7 Pen Testers
Under the Hoodie - Lessons from a Season of Penetration Testing

I absolutely loved watching these videos, especially “The Bank Job”!

Having only conducted technical “classic” penetration testing and never social engineering or red team engagements, I find these tales mind-blowing. It’s like watching a good action movie made by real hackers.

More …