Sponsored by

The 5 Hacking NewsLetter 31

Posted in Newsletter on December 10, 2018

The 5 Hacking NewsLetter 31

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 30 of November to 07 of December.

Our favorite 5 hacking items

1. Conference of the week

BSides Lisbon 2018, especially:

If you’re a professional pentester or looking for a pentesting job, then you should really watch the talk “How To Build Your Own Infosec Company”. It tackles a lot of topics: the advantages of small vs big pentesting companies, how to grow your own name and find your first client, how to organize your work and emails, plus many other tips.

2. Writeup of the week

RCE in Hubspot with EL injection in HubL

This is a great writeup to learn about server-side template injection in HubL.
It’s written like a tutorial, with details on how to go from detection (entering {{7*7}} and getting ‘49’ displayed back) to information gathering and full remote code execution.

3. Challenges of the week

Hackerone challenges on HackEDU

Hackerone and HackEDU teamed up to offer the community 5 hacking challenges (“hackboxes”). These are great because they mirror real bugs found by Hackerone bug hunters and disclosed on Hacktivity, and they’re free.

The bugs and reports are listed on this blog post: Test your hacking skills on real-world simulated bugs.

4. Non technical item of the week

The Paradox of Choice: Learning new skills in InfoSec without getting overwhelmed

As pentesters / bug hunters, we’ve all asked ourselves at some point: Where do I start? How do I become good at this? Or… How do I master it?

These are questions that Azeria already tried to answer in a previous talk and is now digging deeper in this new mini-series.

I strongly recommend reading both no matter where you are on the pentest / bug hunting mastery spectrum. Trying the strategy presented might help you deal better with the information overload that we all face in this field.

5. Article of the week

Blind XSS AngularJS Payloads

This is a good resource for digging deeper into Blind XSS vulnerabilities. It doesn’t explain the basics, but includes a polyglot, a list of payloads and links about AngularJS Blind XSS in particular.

This is specific enough to maybe help you (and me) find less trivial XSS bugs.

Other amazing things we stumbled upon this week




Slides only


Medium to advanced

Beginners corner


Pentest & Responsible disclosure writeups

Bug bounty writeups

Other writeups

See more writeups on The list of bug bounty writeups.


If you don’t have time

  • Scan Check Builder: BurpBounty made available on BApp store. Burp Suite extension to improve the active & passive scanner by means of personalized rules (requires Burp Suite Pro)
  • Scavenger: A multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as “interesting” files containing sensitive information

More tools, if you have time

Misc. pentest & bug bounty resources




Beginning today all Bugcrowd VDP or Bug Bounty programs will include Disclose.io messaging as the default policies within the program briefs

A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly

The personal information of 500 million guests stolen What makes this breach stand apart … is the data that was taken. Hotels collect more PII data than most enterprise organizations (birthdays, passport numbers, email and mailing addresses, and phone numbers)

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 11/30/2018 to 12/07/2018

Have a nice week folks!

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…