The 5 Hacking NewsLetter 12

Hey hackers! These are our favorite pentest & bug bounty related resources for the week from 6 to 13 of July.


Our favorite 5 hacking items

1. Videos of the week

SteelCon 2018 - , particularly:

I would have loved to go to SteelCon 2018 and see all these talks live! They are not all technical but when I’m looking for something to watch/pass the time, I usually prefer watching conference videos like these to TV shows. They teach me new technical skills/information and help put me in a hacker’s mindset and motivate me for better bug hunting.

More …

Owasp Broken Web Apps - Owasp Bricks Challenge walkthrough

These are my solutions to the OWASP Bricks challenge. They can be considered easy and unrealistic Web challenges but they are a great place to start to practice manually finding and exploiting SQL injection and unrestricted file upload vulnerabilities.


I once had to train junior pentester colleagues, and gave them similar Web challenges. They skimmed through them, read the solutions without trying, seemed uninterested by the tedious task of solving these exercises one by one, and said that they already knew how to find such vulnerabilities. But when we were on real pentest engagements, they would miss many basic vulnerabilities and, even if given the vulnerable endpoint, were unable to exploit them manually.

So I really advise you to take the time to practice even the simplest challenges, take notes, improve your testing checklist/methodology, and profit from this controlled environment to explore new techniques: How to exploit SQL injections to read files on the remote system, how to go from a simple basic Webshell to a TTY shell or a Meterpreter shell, how to get the same kind of information sqlmap returns but manually…
Taking your time and notes is the best way to build solid knowledge and considerably improve your skills over time, challenge after challenge.

More …