The 5 Hacking NewsLetter 16

Hey hackers! These are our favorite resources shared last week by hackers, pentesters, bug hunters and red teamers.

This issue covers the week from 10 to 17 of August.

T5HN16.png

Our favorite 5 hacking items

1. Tips/Video of the week

Burp Hacks for Bounty Hunters by James Kettle (@albinowax)

These are advanced Burp hacks by James Kettle of PortSwigger Web Security. His day job is to design vulnerability detection techniques for Burp Suite, so when he shares tips on how to maximize your Burp ROI, he knows his stuff!

The talk is addressed to bug hunters, but the tips also apply to pentesters. I’ve been using Burp pro for years and wasn’t aware of many of these hacks.

More …

The 5 Hacking NewsLetter 15

Hey hackers! These are our latest favorite resources related to pentest & bug bounty.

This issue covers the week from 03 to 10 of August.

T5HN15.png

Our favorite 5 hacking items

1. Writeup of the week

How I gained commit access to Homebrew in 30 minutes by Eric Holmes (@vesirin)

Eric was able to make an unauthorized commit to Homebrew’s GitHub repositories. It took 4 steps and less than 30 minutes:

  • He used Gitrob to automate the organization’s Github recon
  • He looked at previously disclosed issues on https://hackerone.com/Homebrew and found a Jenkins instance (intentionally) publicly exposed
  • Git authenticated push meant that credentials were stored somewhere…
  • The “Environment Variables” page exposed a valid GitHub API token
More …

The 5 Hacking NewsLetter 14

Hey hackers! Once again, we scoured the Web to bring you the latest best resources related to pentest & bug bounty.

This issue covers the week from 27 of July to 03 of August.

T5HN14.png

Our favorite 5 hacking items

1. Tip of the week

Finding domains belonging to a specific target by @edoverflow

One of the most important steps during recon is finding domains that belong to your target.

Many talks and tweets tackle the question of subdomains enumeration, but there is a lot less information out there about finding domains. So it’s nice to read these practical tips from a confirmed bug hunter.

More …