The 5 Hacking NewsLetter 66

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 02 to 09 of August.

T5HN66.png

Our favorite 5 hacking items

A. Slides of the week

Black Hat USA 2019 Slides & presentation materials

It feels like Hacker Summer Camp (Black Hat, Defcon, BSides Las Vegas…) has dominated the news this week. A huge chunk of new vulnerabilities, tools, slides, and whitepapers published were shared during these events.

So I am not going to share with you all the links because there are way too many. But you can find slides and whitepapers on the Black Hat website. You can start going through that while waiting for the video recordings to come out.

Also here is what I do to find materials on a topic I’m interested in: I check out the talk’s title and author in the presentations schedule or in the workshops page. Then I search for it on Twitter/Google/Github.

For example, I found these using this method:

Also, don’t forget to check out the arsenal section. You won’t necessarily see links to the tools there, but you can find them on Github/Google (e.g. Eyeballer & JSShell).

More …

The 5 Hacking NewsLetter 65

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 26 of July to 02 of August.

T5HN65.png

Our favorite 5 hacking items

1. Tool of the week

Ghostwriter, Introduction - Part 1 & Part 2

Ghostwriter is a new project management & reporting engine by SpecterOps. It is open source and free and has a lot of interesting features:

  • Client management: for tracking your pentest clients & the information like points of contact, project history, notes…
  • Project management: for information like the type of project (pentest, vulnerability assessment, etc), start & end dates, the team assigned to the project…
  • Infrastructure management: for tracking and monitoring the domain names & servers you use for the project (like C2 servers)
  • Reporting engine: to generate reports in different formats (JSON, docx, xlsx & pptx) with support for template keywords
  • Automation: running tasks in the background, released C2 domains at the end of a project & Slack notifications

These are just some functionalities. Ghostwriter is an excellent tool for pentest teams and red teams.

More …

The 5 Hacking NewsLetter 64

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 19 to 26 of July.

T5HN64.png

Our favorite 5 hacking items

1. Tutorial of the week

Markdown For Penetration testers & Bug-bounty hunters

This is an excellent tutorial on how to organize your pentest and bug bounty notes using a static website created with Mardown and Mkdocs.

I know… SwiftnessX and many other options already exist for taking notes. Why this one too?

Well, it’s worth trying if you’re looking for a self-hosted solution, want to use or learn markdown, want to share your notes with the world or make your site private, want a lightweight web-based tool to access your notes from any device…

More …

The 5 Hacking NewsLetter 63

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 12 to 19 of July.

T5HN63.png

Our favorite 5 hacking items

1. Tutorial of the week

Using Wireshark over SSH (WS on Windows traffic on Linux)

This is a short how-to for using Wireshark over SSH. It’ll be really handy if your main host is Windows, and you are using a Linux VPS for tests.

The steps described will allow you to run Wireshark locally, and use it to analyze traffic captured on the remote Linux server (even if you don’t have a GUI on the latter!).

More …

The 5 Hacking NewsLetter 62

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 05 to 12 of July.

T5HN62.png

Our favorite 5 hacking items

1. Tips of the week

All you need to know to exit VIM without unplugging your laptop
10 tips that are helpful if you are not finding vulns/bugs
Why http://1.0.0.1 is the same as http://1.1
How to use Tmux/Screen AFTER you’ve started Nmap

These tweets are so good that I had to mention all four. They’re about:

  • How to exit VIM, and more importantly how to make :!Q (which isn’t currently an option) quit it too
  • Awesome advice to improve your environment and methodology, and start finding vulns/bugs
  • Why some SSRF payloads include IP addresses like 1.1.1, and how routers know that it means 1.1.0.1 and not 1.1.1.0. I’ve been wondering about that and the answer was… RTFM!
  • What to do when you’re hours into an Nmap scan and you forgot to start it in a Tmux/Screen session (Genius!)
More …