Conference notes: Small Files And Big Bounties, Exploiting Sensitive Files (LevelUp 0x02 / 2018)

Hi, these are the notes I took while watching the “Small Files And Big Bounties, Exploiting Sensitive Files” talk given by Sebastian Neef and Tim Philipp Schäfers on LevelUp 0x02 / 2018.



This talk is about how to extract information from sensitive files like .DS_Store files and .git directories.

More …

Installing the latest pentest tools from Defcon 26 Demo Labs

DEF CON 26 didn’t take place yet, but the list of the Demo Labs has already been published.

I was just browsing it out of curiosity and realized that a lot of the tools that will be featured in these labs are already publicly available! So I decided to try them & see which ones are worth adding or are compatible with my pentesting arsenal & methodology.
This blog post is a summary of the steps I took to install these tools.

Note that I only chose the ones that are pertaining to the kind of tests I’m doing.
“PA Toolkit – Wireshark plugins for Pentesters” is the only one I’m interested in that wasn’t released yet, so I’m waiting for it! I will update this blog post to add it, after its release.

More …

The 5 Hacking NewsLetter 10

Hey hackers! Here are our favorite resources shared this week by pentesters & bug bounty hunters. It covers the week from to the 22th to the 28th of June.

There are some goodies in this one, it was a lot of fun to compile it.


Our favorite 5 hacking items

1. Videos of the week

HackerOne Hacker Interviews by Hackerone

I absolutely LOVE watching these interviews! They’re not too long and remind me of a non technical version of Bugbountyforum’s AMAs.

I am in the process of becoming a full-time pentester/bug bounty hunter/ independant security researcher. This is my passion and a 100% what I want & need, but it involves a lot of work and some loneliness in the sense that almost all people around me do not even understand what I do. So watching these amazing people tell their own stories inspires me to keep going on and makes me feel I’m part of a beautiful community.

More …

Vulnhub Bsides Vancouver 2018 walkthrough


This is a walkthrough of Bsides Vancouver 2018, a beginner boot2root challenge. It was used by Mohamed Shahat (@Abatchy) in a workshop during Bsides Vancouver 2018.

It’s an easy challenge, but since there are 2 distinct ways to obtain root, this is a nice opportunity to test for different vulnerabilities and try different tools.

LITTLE WARNING: This is going to be a crazy long walkthrough because I’m going to detail my methodology (pentest style) including what didn’t work, as well as many different tools and manual exploitation techniques (because you can’t rely too much on tools).
I want to give you as many ideas as possible that you can later apply on real-life penetration tests, and not just what “magically” works.

More …