The 5 Hacking NewsLetter 107

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 15 to 22 of May.

T5HN107.png

Our favorite 5 hacking items

1. Tool of the week

Axiom

Project Axiom is a set of utilities for deploying and managing your own dynamic infrastructure on Digital Ocean. It includes different commands that you can use to work with VPS instances from the command line. Examples of actions available are launching a VPS instance, backing it up, connecting to it with SSH, deploying a VPN, etc.

An awesome, convenient project for bug hunters, red teamers and pentester!

More …

The 5 Hacking NewsLetter 106

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 08 to 15 of May.

T5HN106.png

Our favorite 5 hacking items

1. Tool of the week

Wuzz

If you ever want to send HTTP requests for a quick test without firing up Burp/ZAP, this is the tool for you. It is an interactive CLI tool for HTTP inspection. It allows you to send HTTP requests from the terminal, while controlling everything from the headers to the request’s type and data.

More …

The 5 Hacking NewsLetter 105

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 01 to 08 of May.

T5HN105.png

Our favorite 5 hacking items

1. Article of the week

Decrypting and analyzing HTTPS traffic without MITM

This article revisits a known technique for decrypting TLS traffic of mobile apps. It shows why Man-in-The-Middle is not always the best method, since bypassing certificate pinning or client certificate authentication can be complicated.

The idea is to use Frida to steal the session key, sniff traffic with Wireshark and decrypt it in real time by providing Wireshark with the session key, and finally import the requests to Burp using the PDML importer for Burp Suite.

More …

The 5 Hacking NewsLetter 104

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 24 of April to 01 of May.

T5HN104.png

Our favorite 5 hacking items

1. Tools of the week

postMessage-tracker is a Chrome extension presented by @fransrosen in his “Attacking Modern Web Technologies” talk. It monitors postMessage listeners in all subframes of the window and logs everything, helping find postMessage issues such as XSS and data extraction bugs.

Semgrep is like grep but for code. Both hackers and developers can use it to detect vulnerabilities by looking for anti-patterns in code. Here are two examples of patterns to look for in Go: 1 & 2. Languages supported are Python, JavaScript, Go, Java, C, and soon PHP and Typescript.

More …