The 5 Hacking NewsLetter 79

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 01 to 08 of November.

T5HN79.png

Our favorite 5 hacking items

1. Conference of the week

Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks - Alyssa Herrera & Other Hack.lu 2019 talks

The slides for this talk were published months ago, and I was really hoping for the talk to be public too. Alyssa is known for focusing on server-side bugs, especially SSRF. So, this is a must watch for anyone who wants to learn about this bug class. It is also a good example on the kind of thinking and focus you need to find critical bugs and become an expert at a specific topic.

More …

The 5 Hacking NewsLetter 78

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 25 of October to 01 of November.

T5HN78.png

Our favorite 5 hacking items

1. Podcast of the week

The Bug Bounty Podcast - Episode #1 - STÖK

This podcast is A-M-A-Z-I-N-G! It makes you feel like you’re at a live hacking event, sitting with two seasoned bug hunters discussing all kinds of subjects. It goes from how to pronounce CSRF, how @stokfredrik overcame depression, to his race conditions research, etc.

This is perfect for when you want to listen to something relaxing but still informational and related to bug bounties. To accompany with a nice cup of coffee, hygge style!

More …

The 5 Hacking NewsLetter 77

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 18 to 25 of October.

T5HN77.png

Our favorite 5 hacking items

1. Tools of the week

Github-subdomains.py
Erlenc

Github-subdomains.py is one of many Github scripts shared lately by @gwendallecoguic for Github recon. It takes a domain as input and returns its subdomains found on Github. Sometimes, this is just what you need for recon or OSINT!

Erlenc also does one thing: It is a command line tool for URL-encoding and URL-decoding data streams. It can be useful for scripting, or if you find yourself playing with URL encoding all the time during tests.

More …

The 5 Hacking NewsLetter 76

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 11 to 18 of October.

T5HN76.png

Our favorite 5 hacking items

1. Video of the week

Lets be a dork and read .js files with zseano

JavaScript analysis is a very important step when testing the security of a website. If, like me, you never were a programmer and struggle with this, then this video is a must!

@zseano walks us through what to look for in them and how, plus an introduction to Google and Github dorks.

More …

The 5 Hacking NewsLetter 75

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 04 to 11 of October.

T5HN75.png

Our favorite 5 hacking items

1. Video of the week

Bug Bounty - Hunting Third Level Domains

If you have heard of recursive subdomain enumeration and wished to see practical examples, this is a video for you.

@thecybermentor shows how to enumerate subdomains, spot interesting ones, and iterate enumeration to get third level domains. He also shows how to organize findings, automate the whole process, and go further by using Nmap and Eyewitness. Really helpful for beginners to automation and recon!

More …