Hi, hackers! This week, it was particularly hard to select only 5 items. The hacker community is so prolific these days! But we had to choose, so other interesting findings of this week will probably appear in our next newsletters.

Now, here is our weekly selection, take a comfortable seat and enjoy!

1. Writeup of the week #

Getting read access on Edmodo by Shawar Khan

This is a nice example of how to exploit a SSRF. If you are learning about this vulnerability type, it’d be helpful to dissect the article and add all the tips and steps to your methodology.

2. Non technical article of the week #

So you want to be a security researcher by James Kettle

This article is a great roadmap for wannabe pentesters & bug bounty hunters. Even if you’re already in the field, it might give you new ideas for taking your skills to the next level.

3. Awesome bug bounty hunting tips #

Post-recon methodology by Jobert Abma

Jobert Abma’s post recon methodology. Combine it with The bug hunter’s methodology 2.0 by Jason Haddix, and you’ve already got a solid methology to build upon!

4. Blog of the week #

https://0xpatrik.com/ by Patrik Hudak

As of now, there are only 5 articles, but each one is a goldmine of information. I’d highly advise you to read them carefully and start following Patrick Hudak: https://twitter.com/0xpatrik?lang=en.

5. Motivational podcast about coping with rejection #

The evil tester show - Episode 005 - Rejection by Alan Richardson

Most of my days are made of yoga and hacking. I feel like they are one and the same: daily stretching and strengthening my mind and body to go further and further, and access new territories…

As a penetration tester or bug bounty hunter, you probably have to deal with psychological hurdles too: no vulnerabilities found, imposter syndrome, mental blocks, pentest reports challenged by the client, unrewarded duplicate bugs…

So this podcast is very refreshing. It reminds us that nothing of value comes easily and gives practical tips to deal with rejection and KEEP GOING!

See you next time!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…