Hi, if you ask any experienced bug hunter or pentester, they’ll tell you that Twitter is one of their main sources of information & learning resources.
But keeping up with all the tweets, tips, tools and links shared there is not an easy task. It requires a bit of organization.
The following 5 features combined together will help you stay up to date without feeling overwhelmed. They’ll also end your search for old tweets and the need to scroll your bookmarks endlessly to find something saved before.
More …
Hey hackers! Here are our favorite resources for pentesters and bug hunters discovered last week.
This issue covers the week from 12 to 19 of October.
Our favorite 5 hacking items
Embedding Meterpreter in Android APK by Black Hills Information Security
AndroidEmbedIT
This is a great tutorial on how to embed a Metasploit payload into a legitimate Android app. It is accompanied by AndroidEmbedIT, a tool to automate the process, but you’ll find the most value in the tutorial.
Even if you’re not planning on tricking all your friends or deploying the next Android malware botnet, you could still learn a lot from it: decompiling APKs, integrating Metasploit payloads, adding permissions, recompiling and signing APKs…
More …
Hi, this is a quick tip for anyone interested in testing the security of Android apps without using a physical device.
Genymotion is generally recommended over using the Android SDK emulator provided with Android Studio, because it is more performant.
Only Genymotion is x86-based, so if you try to install an app including ARM code on any Genymotion device, you will get this error that you wouldn’t have on a physical device:
An error occured while deploying the file.
This probably means that the app contains ARM native code and your Genymotion device cannot run ARM instructions. You should either build your native code to x86 or install an ARM translation tool in your device.
This will prevent you from installing a lot of apps that you may need for bug bounty hunting like Twitter, Netflix, Pinterest, Snapchat, etc.
More …
Hi, these are the notes I took while watching the “Practical recon techniques for bug hunters & pen testers” talk given by Bharath Kumar on LevelUp 0x02 / 2018.
Links
About
This talk is about some practical recon techniques for bug hunters & pentesters. It’s a continuation of Bharath’s talk about niche subdomain enumeration techniques.
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 5 to 12 of October.
Our favorite 5 hacking items
1. Book of the week
The Art of Subdomain Enumeration by Appsecco
The folks from Appsecco regularly share great information and tools on recon and particularly subdomain enumeration, including two LevelUp talks and now this free book.
I highly recommend it, but make sure to take notes and integrate the different techniques into your subdomain enumeration methodology to benefit from it.
More …
