OMG, this week there were even more interesting things published & shared accross Youtube, Twitter, Medium, blogs, etc, than last time!
It was just impossible to choose only 5 items, and this is becoming a habit. So we’re trying a new format: Our 5 favorite items (just a matter of personal preference) commented, followed by all the other fantastic findings in the form of a list of links.
Let me know if you prefer this format or the older one, and if you have any suggestions or comments. It’s always a pleasure to hear from you!
Our favorite 5 hacking items
1. Writeup of the week
I love the simplicity yet effectiveness of this technique. It was rewarded $1,500 and shows (yet again) the importance of recon, particularly retrieving and analyzing certificates from censys.io.
Hi, hackers! This week, it was particularly hard to select only 5 items. The hacker community is so prolific these days!
But we had to choose, so other interesting findings of this week will probably appear in our next newsletters.
Now, here is our weekly selection, take a comfortable seat and enjoy!
1. Writeup of the week
Getting read access on Edmodo by Shawar Khan
This is a nice example of how to exploit a SSRF. If you are learning about this vulnerability type, it’d be helpful to dissect the article and add all the tips and steps to your methodology.
Hi, I’m very happy to present you this week’s five items! After a few weeks break due to rich personal circumstances, it is time to resume our weekly shenanigangs…
1. Collection of hacker conferences
This site is a “Hacking conference archive”. It gathers presentation videos and slides from a lot of conferences, documentaries, podcasts and also rainbow tables.
I love going through it to discover new conferences and talks from around the world!
This is my walkthrough of JIS-CTF VulnUpload, a beginner boot2root challenge. Although relatively easy, it is a nice opportunity to train your skills and sharpen your tools.
Hi, these are the notes I took while watching the “Doing recon like a boss” talk given by Ben Sadeghipour (@nahamsec) on LevelUp 2017.
[UPDATE] I modified these notes after watching the updated version of this talk: “It’s the little things” by Ben Sadeghipour & Jon Bottarini (Disobey 2018).
- Why: Bigger attack surface, more bugs, more bounties, more problems
Traditional way for finding subdomains (brute forcing)