The 5 Hacking NewsLetter 33
Posted in Newsletter on December 25, 2018
Posted in Newsletter on August 13, 2018
Hey hackers! These are our latest favorite resources related to pentest & bug bounty.
This issue covers the week from 03 to 10 of August.
How I gained commit access to Homebrew in 30 minutes by Eric Holmes (@vesirin)
Eric was able to make an unauthorized commit to Homebrew’s GitHub repositories. It took 4 steps and less than 30 minutes:
Colorize your hunt by Gwendal Le Coguic (@gwendallecoguic)
Another great blog post by Gwendal Le Coguic! He presents his configuration to test for IDOR & vertical/horizontal escalation:
Bugcrowd University videos & Github repository by Bugcrowd
Many of us have been waiting for the release of Bugcrowd University, since it was first announced during Level Up 0x02.
It currently includes links to previous LevelUp talks and beginner modules with videos, slides and lab guides. If you’re a seasoned bug hunter, still keep a look at it because a few more advanced modules are also planned.
Practical Web Cache Poisoning by James Kettle (@albinowax) https://hackxor.net/mission?id=8
James Kettle published this blog post following his Black Hat talk on “How to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.”.
I haven’t finished reading and digesting everything but it is a must for bug hunters. The techniques presented have already been added as new features to Burp Suite 1.7.37.
Also, you can test your knowledge on Web cache poisoning by trying Jame’s challenge.
This is how i fixed my chronic lower back pain by Aditya Agrawal (@exploitprotocol)
If you’re on this blog, it probably means that you’re into infosec and spend a great deal of time sitting on a desk in front of your computer.
I prefer working from bed or a sofa, but it still means sitting 8 to 10 hours every single day! I’ve had crippling knee issues for years and needed orthopedic soles to avoid pain but did not link it to having weak hips and knees from sitting all the time.
I’ve only recently arrived to the same conclusion as Aditya: Incorporating simple consistent habits into my daily routine is key to maintaining a healthy body (especially since I work from home).
It’s inspiring to read how he was able to fix his lower back pain. I plan on trying some of his advice starting with the Strechtly app.
You can find the latest bug bounty writeups in our dedicated page: List of bug bounty writeups.
Only writeups that did not make it to this selection are listed below. This does not mean that they aren’t worth reading, just that they are not BUG BOUNTY writeups. We will soon post more details about how our curation process.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 08/03/2018 to 08/10/2018
Have a nice weekend folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…