The 5 Hacking NewsLetter 6 (New format)

Hey, hackers!
OMG, this week there were even more interesting things published & shared accross Youtube, Twitter, Medium, blogs, etc, than last time!
It was just impossible to choose only 5 items, and this is becoming a habit. So we’re trying a new format: Our 5 favorite items (just a matter of personal preference) commented, followed by all the other fantastic findings in the form of a list of links.

Let me know if you prefer this format or the older one, and if you have any suggestions or comments. It’s always a pleasure to hear from you!

T5HN6.png

Our favorite 5 hacking items

1. Writeup of the week

I love the simplicity yet effectiveness of this technique. It was rewarded $1,500 and shows (yet again) the importance of recon, particularly retrieving and analyzing certificates from censys.io.

2. Non technical video of the week

Infosec Resume No-Nos by Lesley Carhart

This is a short video that offers great advice for anyone in the infosec / cybersecurity field working on their resume. It reviews the most common errors people make.
It might be helpful if you’re looking for a job!

3. Tip / Tweet of the week

Tip to access a 403 forbidden page: instead of going straight to the file for example :index.html Add a / behind the index.html: index.html/. Worked multiple times for me
By Van Ingh Quinten

Nice trick to bypass 403 Forbidden page errors. Already added to my testing checklist!

4. Tutorial of the week

Blind XSS for beginners

This is a great introduction to blind XSS. It sums up everything you need to know to start looking for this type of vulnerability.

5. Must watch conference

LevelUp 2018 by Bugcrowd

Does it need any introduction? I’m sure you did not need me to inform you of this conference, but I couldn’t not mention here. I’ve been waiting for it for months and it did not disappoint.

High quality talks, a lot of tips, pentest and bug bounty techniques mentioned, the latest “Bug bounty hunter methodology” by Jason Haddix, etc. A must watch!

Other amazing things we stumbled upon this week

Videos

Tutorials

Writeups

Tools

Training material

Tweets

Non technical

Pentest & bug bounty resources

* Not tested yet because my phone is broken!


See you next time!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments