The 5 Hacking NewsLetter 88

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 03 to 10 of January.

T5HN88.png

Our favorite 5 hacking items

1. Videos of the week

The first video is about an interesting SSRF that was tricky to exploit. @NahamSec explains why it is important to identify the backend, and how to do it (by requesting an image or iframe). In this case, the backend was WeasyPrint. Since it is open source, analyzing its code helped find a tag which was not blacklisted and could be used to read internal and external resources.

The second video taught me 3 new helpful tips on Burp Repeater:

  • How to save the entire history of a tab - Useful for reporting
  • You can replay urls by copying them from browser into repeater - Saves times
  • Repeater has an option to “URL-encode as you type” - Encodes values automatically without having to do it manually with Burp Decoder
More …

The 5 Hacking NewsLetter 87

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 27 of December to 03 of January.

T5HN87.png

Our favorite 5 hacking items

1. Video of the week

Finding Your First Bug: Goal Setting / Remote Code Execution (RCE)

This title is voluntarily misleading. The video is not exactly about finding RCEs, rather how to use goal setting and motivation to learn and eventually get your first RCE.

This comes at a perfect time when many hackers (especially bug hunters) are sharing their goals for the new year.

But there is a huge different between a goal expressed as a wish, and measurable and realistic goals accompanied by an actionable plan.

So, this is an absolutely must watch if you want to learn about goal setting (using the S.M.A.R.T. method) applied to bug bounty, how to create an action plan (using the GROW method), non technical skills you need to develop as a hacker, and much more.

If I could like this a hundred times, I would! Thanks @InsiderPhD ♡

More …

The 5 Hacking NewsLetter 86

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 20 to 27 of December.

T5HN86.png

Our favorite 5 hacking items

1. Video of the week

@Arneswinnen Talks About Full Time Bug Hunting, Burp Suite Plugins, and Recon

I haven’t had the time to watch this whole video, but it is in my top work priorities given who the interviewee is.

@Arneswinnen literally made it rain bounties at Intigriti’s 1337UP1119 live hacking event. The bugs he found were out of this world. So, it is awesome to get to know more about him, his thought process, how he manages bug bounty full-time while still having a life, etc.

More …

The 5 Hacking NewsLetter 85

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 13 to 20 of December.

T5HN85.png

Our favorite 5 hacking items

1. Tutorials of the week

These are excellent tutorials to learn about:

  • iOS app pentesting. It’s THE tutorial you were waiting for. Everything is explained: Jailbreak with checkra1n, installing Frida and Objection, proxying traffic with Burp, bypassing certificate pinning with SSL Kill Switch 2, bypass Jailbreak detection, etc.
  • Detecting Magecart. Useful for penetration testers who want to know which indicators to keep an eye for to detect infected sites.
  • The poor man’s VPS setup. Useful for tests involving reverse shells and out of band vulnerabilities. No credit card required.
More …

The 5 Hacking NewsLetter 84

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 06 to 13 of December.

T5HN84.png

Our favorite 5 hacking items

1. Tutorial of the week

Quality of Life Tips and Tricks - Burp Suite

These tips are very helpful for improving your Burp experience. Some are old news but I’m discovering others for the first time:

  • How to reduce the size of Burp projects for long term storage (Burp project hoarders, hello!)
  • How to leverage Match and Replace for simplifying the use of complex or long test username/passwords (Simple yet genius! Useful especially with mobile tests)
  • How to rearrange Burp Repeater request and response tabs (So useful for taking screenshots for reports!)
More …