How to think out of the box with @s0md3v

how-to-think-out-of-the-box-with-eraymitrani.png

Hey hackers! This is another AMA on the topic of: How to think out of the box?

The previous ones were with @zseano, @EdOverflow and @ErayMitrani.

The podcast episode that started this whole series is The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box.
While preparing it, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:

  • How to find bugs that are not duplicates?
  • How to find new areas of research (like in @securinti’s last blog post or what James Kettle does)?
  • How to find logic bugs or bugs that don’t fall under any category, can’t be found with tools or require real thinking?

@s0md3v was one of these hackers, and he was kind enough to respond with this awesome advice:

More …

The 5 Hacking NewsLetter 48

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 29 of March to 05 of April.

T5HN48.png

Our favorite 5 hacking items

1. Resource of the week

Introducing the Web Security Academy

The Web Security Acedemy is a new online training on Web security. What’s great about it that it’s free, and it’s from PortSwigger the company behind Burp Suite and The Daily Swig. Also, Dafydd Stuttard who is part of the team that created it, is the author of The Web Application Hacker’s Handbook.

All this to say that it is high quality like everything that the company produces.

There are only 4 modules for now: SQL injection, XSS, OS command injection and Directory traversal. Each one includes theory, resources and practical labs, plus related stories from The Daily Swig at the end of the page.

More vulnerabilities and labs will be added in the next months.

More …

How to think out of the box with @ErayMitrani

how-to-think-out-of-the-box-with-eraymitrani.png

Hey hackers! This is the third AMA on the topic of: How to think out of the box?

The previous ones were with @zseano and @EdOverflow.

The podcast episode that started this whole series is The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box.
While preparing it, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:

  • How to find bugs that are not duplicates?
  • How to find new areas of research (like in @securinti’s last blog post or what James Kettle does)?
  • How to find logic bugs or bugs that don’t fall under any category, can’t be found with tools or require real thinking?

@ErayMitrani was one of the awesome hackers who responded. Here is his advice:

More …

The 5 Hacking NewsLetter 47

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 22 to 29 of March.

T5HN47.png

Our favorite 5 hacking items

1. Tip of the week

Bugbounty scope expanding

This paste presents a set of recon steps to expand your bug bounty scope. All of them are well known and documented in most articles on recon, except one which I haven’t seen anywhere before:

Once you have a first list of subdomains (using scraping or bruteforce), split them up to build a new list of subdomains to test for.

For example, let’s say you first found:

  • test.dev.xyz123123ccc.com
  • cc.prod.xyz123123ccc.com

The new subdomains to try are:

  • dev.xyz123123ccc.com
  • prod.xyz123123ccc.com

It’s a simple idea but might allow you to find new “hidden” subdomains. It is very similar to what Altdns does, but I’m not sure splitting up subdomains like this is included in this tool.

More …

The Bug Hunter Podcast 5: Recon workflow & Out of the box thinking in day-to-day life

the-bug-hunter-podcast-episode-05.png

Hi, here’s a new episode of the Bug Hunter podcast!

You can now listen to it using the widget below or on the following platforms: Apple podcasts/iTunes, Google Podcasts, Podbean, Anchor, Spotify, Breaker, Pocket Casts, Overcast and RadioPublic.

If your favorite podcasting app is missing from this list, please let me know so I can add it.

Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding any links or commands mentioned in the audio.


More …