The 5 Hacking NewsLetter 44

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 1 to 8 of March.

T5HN44.png

Our favorite 5 hacking items

1. Tool of the week

Rescope & Introduction

Wow, I love this tool! Have you’ve ever experienced the discomfort of adding tens of targets one by one or playing with regexes to configure your Burp scope? If yes, worry no more!

It is now possible to copy a bug bounty program’s scope from their page, paste it to a .txt file, and convert it to Burp scope using one command.

Rescope takes as input a file containing your target domains, subdomains, IPs, wildcard subdomains, etc. And outputs a JSON file that you can import in Burp to automagically configure your scope. In one shot, and no regex required.

Here’s an example input file:

In Scope:
Critical admin.example.com/login.aspx
Critical https://example.com/upload:8080
Critical *.dev.example.com and *.prod.example.com
High 192.168.0.1-2 (internal testing)

Out of Scope:
!EXCLUDE
bgp.example.com:179
*.vendor.example.com
192.168.10.9

It can contain any text and descriptions. The tool extract targets wherever they are. The only thing to remember is to put !EXCLUDE before to list your exclusions, because by default all targets found are considered included.

More …

The Bug Hunter Podcast 3: Nmap outputs & motivation vs inspiration

the-bug-hunter-podcast-episode-3.png

Hi, here’s a new episode of the Bug Hunter podcast!

You can now listen to it using the widget below or on the following platforms: Apple podcasts/iTunes, Google Podcasts, Anchor, Spotify, Breaker, Pocket Casts, Overcast and RadioPublic.

If your favorite podcasting app is missing from this list, please let me know so I can add it.

Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding any links or commands mentioned in the audio.


More …

The 5 Hacking NewsLetter 43

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 22 of February to 1 of March.

T5HN43.png

Our favorite 5 hacking items

1. Webcast of the week

Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them

One of the first things I was told as a junior pentester was that writing a report is the most important part of a pentest. The reason is that even if you find the craziest vulnerabilities, they’ll bring no value to the customer if you can’t explain them clearly enough. Information like risks, impacts, how the bug works, and how to fix it must be crystal clear so that the client and developers know why they must fix the bug and how.

The good news is that writing good reports is not a magical art, it can be taught. This webcast by SANS has great tips on this topic. These are 10 mistakes to avoid and what to do instead. They apply whether you write your reports in english or any other language.

This is a must-read resource if want to improve the quality of your reports.

More …

The Bug Hunter Podcast Ep. 2: Wayback Machine & Reading ebooks on the move

the-bug-hunter-podcast-episode-2.png

Hi, here’s a new episode of the Bug Hunter podcast!

You can now listen to it using the widget below or on the following platforms: Google Podcasts, Anchor, Spotify, Breaker, Pocket Casts and RadioPublic.

Apple podcasts (iTunes) is in the works. And if your favorite podcasting app is missing from this list, please let me know so I can add it.

Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding all links or commands mentioned in the audio.


More …