Subdomains Enumeration Cheat Sheet

Hi, this is a cheat sheet for subdomains enumeration.

I will update it every time I find a new interesting tool or technique. So keep an eye on this page!

subdomains-enumeration-cheatsheet.png

More …

The 5 Hacking NewsLetter 27

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 02 to 09 of November.

T5HN27.png

Our favorite 5 hacking items

1. Conference of the week

Wild West Hackin’ Fest 2018, especially:

Wild West Hackin’ Fest is a relatively new security conference by Black Hills Security, a company known for its penetration testing services.I’ve already shared with you many of their high-quality webcasts on penetration testing.

This time, it’s no different. These 3 talks present pentesting tips, tricks, and traps. They could help if you’re considering becoming a professional pentester.

More …

5 Kali Linux tricks that you may not know

Hi, after our 5 tips to make the most of Twitter as a pentester or bug bounty hunter and 5 things I wish I knew as a junior penetration tester, we continue our series of tips & tricks…

Here are 5 Kali Linux tricks only known by Kali power users!

5-kali-tricks.png

Install Kali tools anywhere with Kali Linux Git Repositories

I don’t know if this trick is well known because I haven’t seen it documented anywhere. You can install Kali Linux APT packages on any Debian machine. Yes, any Debian, not Kali!.

Why would you wanna do that? Well, let’s say your employer wants you to do tests from a Debian server. It happened to me, they wanted all tests to originate from the same IP and provided a shared Debian server.
Some tools are only available as Kali packages, and can’t be found on Github or anywhere else. Also, installing tools with APT is always better because then they’re easier to update (with apt-get update && apt-get upgrade).

More …

The 5 Hacking NewsLetter 26

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 26 of October to 02 of November.

T5HN26.png

OMG, this is a spooky one! The story of a whitehat hacker (maybe) wrongfully convicted, CIA agents killed because of Google dorking, researchers theorizing about human memory hacking… Plus the quantity of items listed this time!

There was so many good things shared that I could hardly choose, so this newsletter is even longer than usual. But of course, you don’t have to consume everything if you’re short on time. Just start with what interests you more, as many different topics are covered.

Enjoy and you can share feedback, suggestions, questions, likes… whatever you feel like.

Our favorite 5 hacking items

1. Tutorial of the week

How to perform the static analysis of website source code with the browser — the beginner’s bug bounty hunters guide

If you can only check one item from this newsletter, this is it! Reading and analyzing HTML & JavaScript code when testing web applications is a must. But it can be difficult for non-developers, especially because the best bugs are generally found manually.

This guide explains everything: the tools you need, what to look for and where, how to use a JS debugger, etc.

So if you’ve been wondering how to get better at bug bounties, drop everything and read this.

More …