The 5 Hacking NewsLetter 62

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 05 to 12 of July.

T5HN62.png

Our favorite 5 hacking items

1. Tips of the week

All you need to know to exit VIM without unplugging your laptop
10 tips that are helpful if you are not finding vulns/bugs
Why http://1.0.0.1 is the same as http://1.1
How to use Tmux/Screen AFTER you’ve started Nmap

These tweets are so good that I had to mention all four. They’re about:

  • How to exit VIM, and more importantly how to make :!Q (which isn’t currently an option) quit it too
  • Awesome advice to improve your environment and methodology, and start finding vulns/bugs
  • Why some SSRF payloads include IP addresses like 1.1.1, and how routers know that it means 1.1.0.1 and not 1.1.1.0. I’ve been wondering about that and the answer was… RTFM!
  • What to do when you’re hours into an Nmap scan and you forgot to start it in a Tmux/Screen session (Genius!)
More …

The 5 Hacking NewsLetter 61

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 28 of June to 05 of July.

T5HN61.png

Our favorite 5 hacking items

1. Webinar of the week

Intro to Cloud for Pentesters and Bug hunters | Security and Research Company (SECARMY)

This is an excellent introduction to cloud security for pentesters and bug hunters. If you’ve ever felt intimidated by AWS testing, this is a perfect opportunity to tackle this topic. You’ll learn about cloud computing, the difference between IaaS, PaaS and SaaS, common misconfigurations of four components of AWS (including AWS S3 and IAM) with examples and links to writeups.

More …

The 5 Hacking NewsLetter 60

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 21 to 28 of June.

T5HN60.png

Our favorite 5 hacking items

1. Discussion of the week

Do you use vulnerability scanner on bug bounty program? How is the result?

This is an interesting discussion for beginner bug hunters on why you shouldn’t use scanners in bug bounty. Vulnerability scanners are of low added value because many other people (including internal pentesters) have probably already run them. So it’s improbable that they’ll allow you to find anything new of real value. This, combined with the risk of causing Denial of Service if many bug hunters use scanners on the same target, is why scanners are generally not allowed.

The following reasons apply to pentesting too: the risk of causing an email flood to a client email address (happened to me once!), and the risk of deleting resources by using spidering on authenticated pages.

These risks are good to know whether you’re a bug hunter or pentester. It helps decide which tools to run or not and avoid causing service disruptions.

Also, I find cym13’s stance on Burp interesting. There really is no ‘one size fits all’!

More …

The 5 Hacking NewsLetter 59

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 14 to 21 of June.

T5HN40.png

Our favorite 5 hacking items

1. Video of the week

VIM tutorial: linux terminal tools for bug bounty pentest and redteams with @tomnomnom

Oh my! We’re really spoilt this week between this video tutorial with @tomnomnom and @nahamsec’s recon tips video (see below).

@tomnomnom shares so many tips that are worthy to discover whether your are a beginner or seasoned bug hunter. This includes the tools he uses for recon (including custom ones like assetfinder and html-tool), BASH basics, how to manually search for secrets in Git repos, how to use (and exit) VIM and a lot more.

This is a must watch if you’re into Web app security!

More …

The 5 Hacking NewsLetter 58

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 07 to 14 of June.

T5HN58.png

Our favorite 5 hacking items

1. Conference of the week

BSides London 2019, especially:

Stress, anxiety and depression are three health risks that we should all be aware of and have strategies to avoid. This talk is a perfect reminder of their distinctions, why they affect us and what to do to avoid them or to get better. This is very helpful especially for us, hackers, who can spend days in front of our computers, forgetting to exercise, sleep or eat properly.

More …