The 5 Hacking NewsLetter 46

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 15 to 22 of March.


Our favorite 5 hacking items

1. Tip of the week


This is an awesome trick for any bug hunter who uses Chrome. You can create shortcuts to query sites like Shodan, VirusTotal, RiskIQ, etc.

For instance, you can type s google (for

To do this, go to Settings in Chrome, then Manage search engines. Add a new one with s as the Keyword and as the URL.

More …

Compilation of recon workflows

Hi, this is a compilation of recon workflows found online. Use it as inspiration for creating your own Web pentest / bug bounty recon workflow.

These are all the ones that I could find. So if yours is missing and you want to see it featured above too, please send it to [email protected].

I will update this every time I have a new flowchart or mindmap. So keep an eye on this page!


More …

How to think out of the box with @zseano


Hey hackers! This is the first post of a series on the topic of: How to think out of the box?

When I was preparing the Bug Hunter podcast Ep. 4 on this same topic, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:

  • How to find bugs that are not duplicates?
  • How to find new areas of research (like in @securinti’s last blog post or what James Kettle does)?
  • How to find logic bugs or bugs that don’t fall under any category, can’t be found with tools or require real thinking?

@zseano was one of the hackers I reached out to, and he was kind enough to respond with awesome advice!
Here is his response:

More …

The 5 Hacking NewsLetter 45

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 8 to 15 of March.


Our favorite 5 hacking items

1. Conference of the week

OWASP AppSec California 2019, especially:

OWASP AppSec conferences are great for anyone interested in (both offensive and defensive) Web app security. This one is particularly good, as you can judge from the list of talks above that I’m planning to watch!

Some of the topics addressed are: extracting endpoints from JS files, FaaS & GraphQL security, Web Caching vulnerabilities, scaling visual identification for bug hunters, new features in ZAP, interesting OWASP tools for white box pentesting…

The only thing missing is the video/slides from workshops which look really interesting. Gonna have to go there myself some day!

More …

The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box


Hi, here’s a new episode of the Bug Hunter podcast!

You can now listen to it using the widget below or on the following platforms: Apple podcasts/iTunes, Google Podcasts, Podbean, Anchor, Spotify, Breaker, Pocket Casts, Overcast and RadioPublic.

If your favorite podcasting app is missing from this list, please let me know so I can add it.

Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding any links or commands mentioned in the audio.

More …