The 5 Hacking NewsLetter 28

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 09 of November to 16 of November.

Our favorite 5 hacking items

1. Conference of the week

DEF CON 26 Recon Village, particularly:
- Emergent Recon fresh methodology and tools for hackers in 2018
- Bug Bounty Hunting on Steroids
- Supercharge Your Web Recon With Commonspeak
- Building Visualisation Platforms for OSINT Data Using OSS
- Skiptracer Ghetto OSINT for Broke Hackers
- Introducing YOGA Your OSINT Graphical Analyzer

I wasn’t sure if the DEF CON Recon village talks were going to be made public. Boy, was I happy to see them shared on Youtube!

I was rooting especially for:

• Jason Haddix’s latest methodology & tools for recon (but slides are missing)
• More information on how BountyMachine works. Sadly it won’t be open sourced :/

All the talks are interesting since they focus on recon in a very practical way.

Subdomains Enumeration Cheat Sheet

Hi, this is a cheat sheet for subdomains enumeration.

I will update it every time I find a new interesting tool or technique. So keep an eye on this page!

The 5 Hacking NewsLetter 27

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 02 to 09 of November.

Our favorite 5 hacking items

1. Conference of the week

Wild West Hackin’ Fest 2018, especially:

• Hack for Show, Report for Dough
• The Top 10 Reasons It’s GREAT to Be a Pen Tester… And How You Can Help Fix that PROBLEM
• What to Expect When You Are Expecting…a Penetration Test

Wild West Hackin’ Fest is a relatively new security conference by Black Hills Security, a company known for its penetration testing services.I’ve already shared with you many of their high-quality webcasts on penetration testing.

This time, it’s no different. These 3 talks present pentesting tips, tricks, and traps. They could help if you’re considering becoming a professional pentester.

5 Kali Linux tricks that you may not know

Hi, after our 5 tips to make the most of Twitter as a pentester or bug bounty hunter and 5 things I wish I knew as a junior penetration tester, we continue our series of tips & tricks…

Here are 5 Kali Linux tricks only known by Kali power users!

Install Kali tools anywhere with Kali Linux Git Repositories

I don’t know if this trick is well known because I haven’t seen it documented anywhere. You can install Kali Linux APT packages on any Debian machine. Yes, any Debian, not Kali!.

Why would you wanna do that? Well, let’s say your employer wants you to do tests from a Debian server. It happened to me, they wanted all tests to originate from the same IP and provided a shared Debian server.
Some tools are only available as Kali packages, and can’t be found on Github or anywhere else. Also, installing tools with APT is always better because then they’re easier to update (with apt-get update && apt-get upgrade).

Conference notes: How to Differentiate Yourself as a Bug Bounty Hunter (OWASP Stockholm)

Hi, these are the notes I took while watching the talk “How to Differentiate Yourself as a Bug Bounty Hunter” given by Mathias Karlsson at OWASP Stockholm.

Links

• Video

About

This talk is about how to differentiate yourself from the crowd, to ensure that you are successful at doing bug bounties.