Posted in Newsletter on December 25, 2018
The 5 Hacking NewsLetter 2
Posted in Newsletter on March 15, 2018
Hi, this is the second edition of The 5 Hacking NewsLetter. It’s a few days late but better late than never, right?
Grab a nice cup of coffee (or herbal tea if you’re an old soul like me) and enjoy!
1. Tool of the week
For quick reference, here’s how to install and use it:
git clone https://github.com/UnaPibaGeek/ctfr.git
pip install -r requirements.txt
python ctfr.py -h # Show help
python ctfr.py -d example.com # Get subdomains of HTTPS website
2. Tweet of the week
This is one of the best definitions of hacking I’ve ever heard! It rings especially true on days I am doing pentest challenges (when I known for a fact that there is a vulnerability but can’t find it for hours).
3. Webcast that taught me a lot of testing tips
I think this webcast could be very helpful if you’re a pentester or bug bounty hunter. It offers many tips, some of which I haven’t been using and will help improve my recon process.
4. Bug bounty write-up of the week
$18,337 for a stored XSS and a SSRF on Google! I love this insight on where and what to test in order to find such vulnerabilities on highly tested targets like Google.
- The Dataset Publishing Language tool generates a zip file. It was downloaded, unzipped, modified to add the payload, then zipped again and uploaded.
5. Another web app security podcast & Youtube channel I like
Although started recently, this podcast / Youtube channel looks very promising. They tackle different security topics with a focus on Web app security.
See you next time!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…