The 5 Hacking NewsLetter 58

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 07 to 14 of June.

T5HN58.png

Our favorite 5 hacking items

1. Conference of the week

BSides London 2019, especially:

Stress, anxiety and depression are three health risks that we should all be aware of and have strategies to avoid. This talk is a perfect reminder of their distinctions, why they affect us and what to do to avoid them or to get better. This is very helpful especially for us, hackers, who can spend days in front of our computers, forgetting to exercise, sleep or eat properly.

More …

The 5 Hacking NewsLetter 57

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 31 of May to 07 of June.

T5HN57.png

Our favorite 5 hacking items

1. Tip of the week

Foxyproxy.json for disabling distracting Firefox traffic from Burp

If you’re a regular Firefox + Burp user, you probably have noticed that Firefox generates some traffic that shows up in Burp, like requests to http://detectportal.firefox.com/ or update checks.

This JSON file is @liamosaur’s Foxyproxy configuration file that allows him to disables this unwanted traffic.

More …

The 5 Hacking NewsLetter 56

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 24 to 31 of May.

T5HN56.png

Our favorite 5 hacking items

1. Tool of the week

Keye

Keye is a really useful recon tool. It’s the first one I’ve come across that allows hackers to easily monitor changes in URLs.

It’s written in Python with SQLite3 integrated. You give it a list of urls, and run it periodically (using Cron for example). It then requests the urls and detects changes based on the responses’ Content-Length. You can also receive Slack notifications when changes are detected.

More …

The 5 Hacking NewsLetter 55

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 17 to 24 of May.

T5HN55.png

Our favorite 5 hacking items

1. Article of the week

Turning your time into bugs — zseano’s thoughts

If you’re into bug bounty, and want to get into the right mindset for success, then you need to read this and apply it.

The advice given is common sense, but sometimes what we need to hear is exactly that.

I love this piece, especially these two reminders: What you can try is limitless. And focus on specific goals to avoid burnout.

More …

The 5 Hacking NewsLetter 54

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 10 to 17 of May.

T5HN54.png

Our favorite 5 hacking items

1. Article of the week

The real impact of an Open Redirect

Open redirects are often considered low impact bugs by bug bounty programs (including Google). As such, they are not rewarded unless they can be used to exploit other vulnerabilities like XSS or OAuth token disclosure. So you want to increase their impact by chaining them with other bugs.

Also, if you’re a pentester not a bug bounty hunter, the same logic applies. If you want to convince clients which bugs are the most damaging and must absolutely be fixed, you need to tell them why by providing detailed attack scenarios.

This article can help. It shows how to combine open redirect with Referrer check bypass, XSS-Auditor bypass, SSRF & OAuth token theft.

More …