5 things I wish I knew when I started as a junior penetration tester

Hi, today I’m going to share with you some advice that I wish somebody told me as a beginner penetration tester.

Working on your technical skills is important. But from my experience, mindset and productivity/organizational habits are even more important. They are the basis on which you will build solid technical skills, while maximizing your time and efforts.

The following tips are not exotic or extraodinary. But if you apply them and make them habits, they will help you up your game as a pentester and bug hunter.

5-things-i-wish-i-knew.png

More …

The 5 Hacking NewsLetter 25

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 19 to 26 of October.

T5HN25.png

Our favorite 5 hacking items

1. Conference of the week

Beyond your studies & Slides by Ange Albertini

Wow, this talk is a gem (the slides also)! I wish I’d seen it as a teenager. It puts a light on so many truths related to infosec, job search, corporate environments, studies, the mold society tries to put you in, etc.

Watch it, even if you’re not a student or that young. If applied, this is life-changing advice.

More …

Source code disclosure via exposed .git folder

Hi, I recently found a .git folder exposed on a public bug bounty program and used it to reconstruct the Web app’s source code. I can’t disclose specific details yet, but wanted to share with you this tutorial on how to find and exploit this kind of bugs.

exposed-git-folder.png

.git exposure can pay well or not, depending on the assets found. But it is interesting anyway because:

  1. It is very easy to detect
  2. Analyzing the source code can reveal other vulnerabilities that are even more critical and interesting
More …

5 tips to make the most of Twitter as a pentester or bug bounty hunter

twitter-tips.png

Hi, if you ask any experienced bug hunter or pentester, they’ll tell you that Twitter is one of their main sources of information & learning resources.

But keeping up with all the tweets, tips, tools and links shared there is not an easy task. It requires a bit of organization.

The following 5 features combined together will help you stay up to date without feeling overwhelmed. They’ll also end your search for old tweets and the need to scroll your bookmarks endlessly to find something saved before.

More …

The 5 Hacking NewsLetter 24

Hey hackers! Here are our favorite resources for pentesters and bug hunters discovered last week.

This issue covers the week from 12 to 19 of October.

T5HN24.png

Our favorite 5 hacking items

1. Tutorial & Tool of the week

Embedding Meterpreter in Android APK by Black Hills Information Security AndroidEmbedIT

This is a great tutorial on how to embed a Metasploit payload into a legitimate Android app. It is accompanied by AndroidEmbedIT, a tool to automate the process, but you’ll find the most value in the tutorial.

Even if you’re not planning on tricking all your friends or deploying the next Android malware botnet, you could still learn a lot from it: decompiling APKs, integrating Metasploit payloads, adding permissions, recompiling and signing APKs…

More …