The 5 Hacking NewsLetter 98

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 13 to 20 of March.

T5HN98.png

Our favorite 5 hacking items

1. Tutorials of the week

The first article shows how to bruteforce an OTP when your target is using Web Sockets with encryption. In this scenario, traditional bruteforce with Burp Intruder is not possible so @MilindPurswani uses Selenium instead. I don’t think this is a scenario you will often encounter but if you do, this might be of great help.

The second tutorial is an introduction to URL structure. Understanding these basics helps understand how differences in URL parsers can cause serious vulnerabilities.

More …

The 5 Hacking NewsLetter 97

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 06 to 13 of March.

T5HN97.png

Our favorite 5 hacking items

1. Conference of the week

BSidesSF 2020, especially:

The range of (interesting) topics tackled in this conference is amazing. There are at least 10 talks I really need to watch. During these difficult times of Coronavirus quarantine / social distancing, this is an excellent way to pass time.

More …

The 5 Hacking NewsLetter 96

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 28 of February to 06 of March.

T5HN96.png

Our favorite 5 hacking items

1. Tools of the week

Pulsar is described as a Network footprint scanner platform. I didn’t get to test it yet, but it looks promising. It is a wrapper around many recon tools, automates many recon features like subdomain enumeration, cloud resources discovery and basic vulnerability scanning. You can run custom checks periodically, and results are presented in a very cool dashboard.

FUSE and its accompanying research paper are also worth checking out. It helped discover 30 file upload vulnerabilities in 23 Web apps!

More …

The 5 Hacking NewsLetter 95

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 21 to 28 of February.

T5HN95.png

Our favorite 5 hacking items

1. Conference of the week

AppSec California 2020

So many good talks and prestigious speakers! Topics range from Web security to Cloud, Kubernetes, Credential stuffing, DevSecOps, Car hacking and more.

I’m starting with JWT Parkour - Louis Nyffenegger and Are You Properly Using JWTs? - Dmitry Sotnikov. What about you?

More …

The 5 Hacking NewsLetter 94

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 14 to 21 of February.

T5HN94.png

Our favorite 5 hacking items

1. Video of the week

Low Competition Bug Hunting (What to Learn) - ft. #AndroidHackingMonth

If you are discouraged by bug bounty and think all the bugs are gone, watch this. @InsiderPhD gives an awesome explanation of why it is not true, and what you need to do to start finding bugs.

I love her way of thinking. She deconstruct the question into several chunks and tackles one after the other: Which targets/industry to choose? Which assets and bugs to focus on? Which techniques to learn? How to interpret and use bug bounty statistics?

More …