Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 16 to 23 of November.
On a personal note, really sorry for the delay. I’ve been under the weather and am still recovering. I’m also working on a training course and a new very exciting project. So there may be less articles (than usual) published in the next few weeks.
Our favorite 5 hacking items
1. Slides of the week
Bug bounty funshop
This is a great presentation for both web app pentesters & bug hunters. It presents a lot of tools, techniques and tips around recon, Burp Suite, reporting, testing mobile apps, etc.
I devoured it in order to add anything new to my current methodology. Hopefully, the video will be made public too.
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 09 of November to 16 of November.
Our favorite 5 hacking items
1. Conference of the week
DEF CON 26 Recon Village, particularly:
- Emergent Recon fresh methodology and tools for hackers in 2018
- Bug Bounty Hunting on Steroids
- Supercharge Your Web Recon With Commonspeak
- Building Visualisation Platforms for OSINT Data Using OSS
- Skiptracer Ghetto OSINT for Broke Hackers
- Introducing YOGA Your OSINT Graphical Analyzer
I wasn’t sure if the DEF CON Recon village talks were going to be made public. Boy, was I happy to see them shared on Youtube!
I was rooting especially for:
- Jason Haddix’s latest methodology & tools for recon (but slides are missing)
- More information on how BountyMachine works. Sadly it won’t be open sourced :/
All the talks are interesting since they focus on recon in a very practical way.
More …
Hi, this is a cheat sheet for subdomains enumeration.
I will update it every time I find a new interesting tool or technique. So keep an eye on this page!
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 02 to 09 of November.
Our favorite 5 hacking items
1. Conference of the week
Wild West Hackin’ Fest 2018, especially:
Wild West Hackin’ Fest is a relatively new security conference by Black Hills Security, a company known for its penetration testing services.I’ve already shared with you many of their high-quality webcasts on penetration testing.
This time, it’s no different. These 3 talks present pentesting tips, tricks, and traps. They could help if you’re considering becoming a professional pentester.
More …
Hi, after our 5 tips to make the most of Twitter as a pentester or bug bounty hunter and 5 things I wish I knew as a junior penetration tester, we continue our series of tips & tricks…
Here are 5 Kali Linux tricks only known by Kali power users!
I don’t know if this trick is well known because I haven’t seen it documented anywhere. You can install Kali Linux APT packages on any Debian machine. Yes, any Debian, not Kali!.
Why would you wanna do that? Well, let’s say your employer wants you to do tests from a Debian server. It happened to me, they wanted all tests to originate from the same IP and provided a shared Debian server.
Some tools are only available as Kali packages, and can’t be found on Github or anywhere else. Also, installing tools with APT is always better because then they’re easier to update (with apt-get update && apt-get upgrade).
More …
