5 tips to make the most of Twitter as a pentester or bug bounty hunter

twitter-tips.png

Hi, if you ask any experienced bug hunter or pentester, they’ll tell you that Twitter is one of their main sources of information & learning resources.

But keeping up with all the tweets, tips, tools and links shared there is not an easy task. It requires a bit of organization.

The following 5 features combined together will help you stay up to date without feeling overwhelmed. They’ll also end your search for old tweets and the need to scroll your bookmarks endlessly to find something saved before.

More …

The 5 Hacking NewsLetter 24

Hey hackers! Here are our favorite resources for pentesters and bug hunters discovered last week.

This issue covers the week from 12 to 19 of October.

T5HN24.png

Our favorite 5 hacking items

1. Tutorial & Tool of the week

Embedding Meterpreter in Android APK by Black Hills Information Security AndroidEmbedIT

This is a great tutorial on how to embed a Metasploit payload into a legitimate Android app. It is accompanied by AndroidEmbedIT, a tool to automate the process, but you’ll find the most value in the tutorial.

Even if you’re not planning on tricking all your friends or deploying the next Android malware botnet, you could still learn a lot from it: decompiling APKs, integrating Metasploit payloads, adding permissions, recompiling and signing APKs…

More …

Installing ARM Android apps on Genymotion devices

Hi, this is a quick tip for anyone interested in testing the security of Android apps without using a physical device.

Genymotion is generally recommended over using the Android SDK emulator provided with Android Studio, because it is more performant.
Only Genymotion is x86-based, so if you try to install an app including ARM code on any Genymotion device, you will get this error that you wouldn’t have on a physical device:

An error occured while deploying the file.
This probably means that the app contains ARM native code and your Genymotion device cannot run ARM instructions. You should either build your native code to x86 or install an ARM translation tool in your device.

arm-on-genyotion-error.png

This will prevent you from installing a lot of apps that you may need for bug bounty hunting like Twitter, Netflix, Pinterest, Snapchat, etc.

More …

Conference notes: Practical recon techniques for bug hunters & pen testers (LevelUp 0x02 / 2018)

Hi, these are the notes I took while watching the “Practical recon techniques for bug hunters & pen testers” talk given by Bharath Kumar on LevelUp 0x02 / 2018.

practical-recon-techniques.png

About

This talk is about some practical recon techniques for bug hunters & pentesters. It’s a continuation of Bharath’s talk about niche subdomain enumeration techniques.

More …

The 5 Hacking NewsLetter 23

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 5 to 12 of October.

T5HN23.png

Our favorite 5 hacking items

1. Book of the week

The Art of Subdomain Enumeration by Appsecco

The folks from Appsecco regularly share great information and tools on recon and particularly subdomain enumeration, including two LevelUp talks and now this free book. I highly recommend it, but make sure to take notes and integrate the different techniques into your subdomain enumeration methodology to benefit from it.

More …