Sponsored by

The 5 Hacking NewsLetter 6

Posted in Newsletter on June 1, 2018

The 5 Hacking NewsLetter 6

Hey, hackers!
OMG, this week there were even more interesting things published & shared accross Youtube, Twitter, Medium, blogs, etc, than last time!
It was just impossible to choose only 5 items, and this is becoming a habit. So we’re trying a new format: Our 5 favorite items (just a matter of personal preference) commented, followed by all the other fantastic findings in the form of a list of links.

Let me know if you prefer this format or the older one, and if you have any suggestions or comments. It’s always a pleasure to hear from you!

Our favorite 5 hacking items

1. Writeup of the week

How i was able to get admin panel on a private program

I love the simplicity yet effectiveness of this technique. It was rewarded $1,500 and shows (yet again) the importance of recon, particularly retrieving and analyzing certificates from censys.io.

2. Non technical video of the week

Infosec Resume No-Nos by Lesley Carhart

This is a short video that offers great advice for anyone in the infosec / cybersecurity field working on their resume. It reviews the most common errors people make.
It might be helpful if you’re looking for a job!

3. Tip / Tweet of the week

Tip to access a 403 forbidden page: instead of going straight to the file for example :index.html Add a / behind the index.html: index.html/. Worked multiple times for me By Van Ingh Quinten

Nice trick to bypass 403 Forbidden page errors. Already added to my testing checklist!

4. Tutorial of the week

Blind XSS for beginners

This is a great introduction to blind XSS. It sums up everything you need to know to start looking for this type of vulnerability.

5. Must watch conference

LevelUp 2018 by Bugcrowd

Does it need any introduction? I’m sure you did not need me to inform you of this conference, but I couldn’t not mention here. I’ve been waiting for it for months and it did not disappoint.

High quality talks, a lot of tips, pentest and bug bounty techniques mentioned, the latest “Bug bounty hunter methodology” by Jason Haddix, etc. A must watch!

Other amazing things we stumbled upon this week





Training material


Non technical

Pentest & bug bounty resources

* Not tested yet because my phone is broken!

See you next time!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…