The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on August 20, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 09 to 16 of August.
Bounty hunters: how do you organize your notes on targets, especially when switching targets back and forth and doing it for a long time?
This is a cool Twitter thread. Fisher (@Regala_) prompted the question about how other bug hunters organize their notes, and many hunters responded.
Tools mentioned include a private Github repo, simple notes and folders, SwiftnessX, OneNote, a whiteboard for logic flaws, Google Docs, XMind, etc.
It’s nice to get a peak at what others are using!
This is a good read to learn about you can go from self-XSS to a valid XSS by leveraging clickjacking.
The technique is nice to know in case you’re stuck with self-XSS and want to increase its impact.
@ThomasOrlita does an awesome job explaining all technical details as well as how he was able to find this on Google: he focused on Google Crisis Map, an old project that doesn’t seem to be used much anymore.
Improve Your Reconnaissance Performance By Using GNU Parallel
This is a concise tutorial about GNU Parallel. You might already know about it. But if you don’t and want to speed up your Bash scripts, this is the quickest way to learn about it and start using it today.
Parallel is interesting because it brings multi-threading to Bash. So if you want to iterate any tests on network protocols or targets (for recon, network pentesting…), Parallel allows you to go faster than if you use a while or for loop.
This new Burp extension is a must if you’re planning on collaboration with another Web app tester.
It allows you to share live/historical proxy requests, scope and reapeater/intruder payloads with each other in real time!
This is so useful for both bug bounty / pentest collaboration, and for education and mentorship.
You might also want to check out the other tools previously shared by the same author, Tanner Barnes (@_StaticFlow_).
Paged out! is a new free zine that features short articles on a variety of topics. It reminds me a bit of PoC||GTFO and Phrack.
This first issue has articles on no less than 12 categories: Algorithmics, Assembly, Electronics, File formats, OS internals, Phreaking, Programming, Radio, Retro (retro games), Reverse engineering, Sec/Hack (Web app security, reverse shells, Windows exploitation…) & SysAdmin.
I love that there is something for everyone. Personally, my focus is on pages 17, 52 and 62 because I’m more interested in Web app security.
If you would like to submit an article, the next submission deadline is October 20th.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 08/09/2019 to 08/16/2019.
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…