The 5 Hacking NewsLetter 33
Posted in Newsletter on December 25, 2018
Posted in Newsletter on October 29, 2018
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 19 to 26 of October.
Beyond your studies & Slides by Ange Albertini
Wow, this talk is a gem (the slides also)! I wish I’d seen it as a teenager. It puts a light on so many truths related to infosec, job search, corporate environments, studies, the mold society tries to put you in, etc.
Watch it, even if you’re not a student or that young. If applied, this is life-changing advice.
Cookie-based-injection XSS making exploitable with-out exploiting other Vulns by @agrawalsmart7
This writeup is a good example of cookie-based XSS exploitation. Once you’ve found a vulnerable URL, transform it by adding the cookie’s name & value to the URL as GET parameters: https://example.com
Making victims click on a GET URL is easier than injecting HTTP headers / cookies. So this is a better PoC for pentest & bug bounty reports.
flAWS challenge by @0xdabbad00
Challenges to train for finding bugs on AWS are harder to come by than other vulnerabilities like XSS, SQL injection, etc.
This is a good one. It’ll allow you to learn more about AWS flaws, with tips if you’re stuck. And the great part is that you won’t need to install anything, or bother with configuring a AWS instance, it is all already online and waiting for you!
The Cybersecurity Hiring Gap is Due to The Lack of Entry-level Positions by @DanielMiessler
Everybody has been complaining about the cybersecurity hiring crisis for years. I’ve heard about it since I started in 2012!
Juniors can’t find a job because companies only hire experienced candidates. And companies have trouble finding the experienced candidates they need.
This piece by Daniel Miessler is enlightening. He explains the mistakes made by both parties that cause this crisis, and what they could do better.
This could help you if you’re either hiring or looking for a job.
Local Linux privilege escalation overview by @L0vvebug
This is a comprehensive tutorial on Linux privilege escalation. It presents multiple techniques to gather information on a system post-exploitation, and to escalate your privileges to root.
This is a good reference: A lot of techniques and commands condensed on the same page, but still understanble and detailed. It should be useful for penetration tests and passing the OSCP.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/19/2018 to 10/26/2018
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…