The 5 Hacking NewsLetter 107
Posted in Newsletter on May 27, 2020
Posted in Newsletter on March 17, 2020
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 06 to 13 of March.
BSidesSF 2020, especially:
The range of (interesting) topics tackled in this conference is amazing. There are at least 10 talks I really need to watch. During these difficult times of Coronavirus quarantine / social distancing, this is an excellent way to pass time.
The second vulnerability is an HTTP Request Smuggling CL.TE hijack attack found on Slack. It was possible to steal victims’ session cookies by redirecting them to an attacker-controlled Collaborator server. The writeup is pretty explanatory. And the attack could have been exploited for massive account takeovers.
@Mrtuxracer Talks About Monitoring Endpoints, Binary Exploitation, Continuous Recon and More!
This is definitely worth watching if you want to learn about bug hunting methodology, differentiating yourself, or which kind of custom tools other bug hunters are using.
Bug Bounty Hunting Tips #4 — Develop a Process and Follow It
“Admittedly, it can feel great for the first hour or so but after that, you can start to become bored and frustrated if you don’t find anything. And without a structured bug bounty hunting process, you probably won’t find anything new.”
Do this ring any bell? This excellent article goes over how to create a high-level process for bug hunting. Apart from technical methodologies, some decisions can help avoid frustration. This includes choosing a bug hunting approach, deciding minimum and maximum time to spend on a target and minimum time for writing reports.
Bug Business #2 – Hacking, traveling and vlogging with @STÖK
There are only two publications related to bug bounty that I wait for impatiently and devour as soon as they’re published: EdOverflow’s newsletter and this new interview series. The first issue was with EdOverflow. The last one is an excellent read if you want to learn how Stök juggles between different projects, his filming process, how he manages full-time bug hunting without pulling all-nighters (Early birds, hello!)…
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 02/06/2020 to 02/13/2020.
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…