The 5 Hacking NewsLetter 11

Hey hackers! Here are our favorite resources for penetration testers and bug bounty hunters for last week (June 29 to July 6).

Our favorite 5 hacking items

1. Podcast of the week

Web Hacking Pro Tips #16 with Bull by Peter Yaworski

I loved watching this podcast! The story of Bull (@v0sx9b) is impressive: he’s a self-taught full-time bug bounty hunter since only 2016 and already making a lot of money. So it’s good to listen to his hunting philosophy and tips.

For example, he focuses on big bugs and doesn’t report small ones, but rather keeps them to chain them and report higher impact bugs. This way, he reports 6/7 bugs a month on average but with high criticality & reward.

Conference notes: Small Files And Big Bounties, Exploiting Sensitive Files (LevelUp 0x02 / 2018)

Hi, these are the notes I took while watching the “Small Files And Big Bounties, Exploiting Sensitive Files” talk given by Sebastian Neef and Tim Philipp Schäfers on LevelUp 0x02 / 2018.

Link

• Video: https://www.youtube.com/watch?v=pzH-gytUWWI

About

This talk is about how to extract information from sensitive files like .DS_Store files and .git directories.

Installing the latest pentest tools from Defcon 26 Demo Labs

DEF CON 26 didn’t take place yet, but the list of the Demo Labs has already been published.

I was just browsing it out of curiosity and realized that a lot of the tools that will be featured in these labs are already publicly available! So I decided to try them & see which ones are worth adding or are compatible with my pentesting arsenal & methodology.
This blog post is a summary of the steps I took to install these tools.

Note that I only chose the ones that are pertaining to the kind of tests I’m doing.
“PA Toolkit – Wireshark plugins for Pentesters” is the only one I’m interested in that wasn’t released yet, so I’m waiting for it! I will update this blog post to add it, after its release.

Conference notes: How To Become A Bug Hunter (Bug Bounty Talks)

Hi, these are the notes I took while watching the “Bug Bounty 101 - How To Become A Bug Hunter” talk given by Pranav Hivarekar for Bug Bounty Talks.

Link

• Video

About

• This talk is about how Pranav went from a total beginner in bug bounty hunting to finding bugs and earning money in only 3 years.

The 5 Hacking NewsLetter 10

Hey hackers! Here are our favorite resources shared this week by pentesters & bug bounty hunters. It covers the week from to the 22th to the 28th of June.

There are some goodies in this one, it was a lot of fun to compile it.

Our favorite 5 hacking items

1. Videos of the week

HackerOne Hacker Interviews by Hackerone

I absolutely LOVE watching these interviews! They’re not too long and remind me of a non technical version of Bugbountyforum’s AMAs.

I am in the process of becoming a full-time pentester/bug bounty hunter/ independant security researcher. This is my passion and a 100% what I want & need, but it involves a lot of work and some loneliness in the sense that almost all people around me do not even understand what I do. So watching these amazing people tell their own stories inspires me to keep going on and makes me feel I’m part of a beautiful community.