The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on October 22, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 11 to 18 of October.
@zseano walks us through what to look for in them and how, plus an introduction to Google and Github dorks.
This is a nice cheetsheet to help with XXE detection, exploitation and Out-Of-Band exploitation, and WAF bypass. A good reference!
Do you remember this awesome video snippet with @daeken where he was clapping because obviously some kind of exploit or bug worked? It turns out that he was working on a Ghostscript payload in LibreOffice, in collaboration with @bbuerhaus, @smiegles, and @erbbysam.
It did work, and this is the writeup of the whole research that led to that bug. It touches on many topics: Ghostscript, fingerprinting LibreOffice, LFD, SSRF… This is worth reading and a great example of research in Web app security.
A well curated 60s playlist for those slow Saturday mornings
This is a really cool playlist. 100% Stök, only happy vibes. I’ve been listening only to Deep House & Electro mixes (from Kygo, Dj Drop G…), so this is a refreshing change.
Retrieving a list of whitelisted hosts from CSP headers is not a new recon technique. But the novelty with this tool from @EdOverflow is that it automates the process.
You can get a list of hosts with a one-liner, and feed it to your other tools.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/11/2019 to 10/18/2019.
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…