The 5 Hacking NewsLetter 5

T5HN4.png Hi, hackers! This week, it was particularly hard to select only 5 items. The hacker community is so prolific these days! But we had to choose, so other interesting findings of this week will probably appear in our next newsletters.

Now, here is our weekly selection, take a comfortable seat and enjoy!

1. Writeup of the week

Getting read access on Edmodo by Shawar Khan

This is a nice example of how to exploit a SSRF. If you are learning about this vulnerability type, it’d be helpful to dissect the article and add all the tips and steps to your methodology.

More …

The 5 Hacking NewsLetter 4

Hi, I’m very happy to present you this week’s five items! After a few weeks break due to rich personal circumstances, it is time to resume our weekly shenanigangs…

T5HN4.png

1. Collection of hacker conferences

https://infocon.org/

This site is a “Hacking conference archive”. It gathers presentation videos and slides from a lot of conferences, documentaries, podcasts and also rainbow tables. I love going through it to discover new conferences and talks from around the world!

More …

Conference notes: It's the little things (Disobey 2018) & Doing recon like a boss (LevelUp 2017)

Hi, these are the notes I took while watching the “Doing recon like a boss” talk given by Ben Sadeghipour on LevelUp 2017.

[UPDATE] I modified these notes after watching the updated version of this talk: “It’s the little things” by Ben Sadeghipour & Jon Bottarini (Disobey 2018).

default.png

Overview

  • Why: Bigger attack surface, more bugs, more bounties, more problems

Traditional way for finding subdomains (brute forcing)

  • Brute force
    • Sublist3r
More …

Conference notes: Esoteric subdomain enumeration techniques (LevelUp 2017)

default.png Hi, these are the notes I took while watching the “Esoteric subdomain enumeration techniques” talk given by Bharath Kumar on LevelUp 2017.

More …