The 5 Hacking NewsLetter 78

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 25 of October to 01 of November.

T5HN78.png

Our favorite 5 hacking items

1. Podcast of the week

The Bug Bounty Podcast - Episode #1 - STÖK

This podcast is A-M-A-Z-I-N-G! It makes you feel like you’re at a live hacking event, sitting with two seasoned bug hunters discussing all kinds of subjects. It goes from how to pronounce CSRF, how @stokfredrik overcame depression, to his race conditions research, etc.

This is perfect for when you want to listen to something relaxing but still informational and related to bug bounties. To accompany with a nice cup of coffee, hygge style!

More …

The 5 Hacking NewsLetter 77

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 18 to 25 of October.

T5HN77.png

Our favorite 5 hacking items

1. Tools of the week

Github-subdomains.py
Erlenc

Github-subdomains.py is one of many Github scripts shared lately by @gwendallecoguic for Github recon. It takes a domain as input and returns its subdomains found on Github. Sometimes, this is just what you need for recon or OSINT!

Erlenc also does one thing: It is a command line tool for URL-encoding and URL-decoding data streams. It can be useful for scripting, or if you find yourself playing with URL encoding all the time during tests.

More …

The 5 Hacking NewsLetter 76

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 11 to 18 of October.

T5HN76.png

Our favorite 5 hacking items

1. Video of the week

Lets be a dork and read .js files with zseano

JavaScript analysis is a very important step when testing the security of a website. If, like me, you never were a programmer and struggle with this, then this video is a must!

@zseano walks us through what to look for in them and how, plus an introduction to Google and Github dorks.

More …

The 5 Hacking NewsLetter 75

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 04 to 11 of October.

T5HN75.png

Our favorite 5 hacking items

1. Video of the week

Bug Bounty - Hunting Third Level Domains

If you have heard of recursive subdomain enumeration and wished to see practical examples, this is a video for you.

@thecybermentor shows how to enumerate subdomains, spot interesting ones, and iterate enumeration to get third level domains. He also shows how to organize findings, automate the whole process, and go further by using Nmap and Eyewitness. Really helpful for beginners to automation and recon!

More …

The 5 Hacking NewsLetter 74

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 27 of September to 04 of October.

T5HN74.png

Our favorite 5 hacking items

This time, exceptionally, we’re featuring way more items than usual… Why limit ourselves to 5 if both quantity and quality are there?

The following links are all really worth checking out if you are into Web application security.

1. Articles of the week

HTTP Desync Attacks: what happened next
Karim Rahal: Security Features of Firefox
The Top 8 Burp Suite Extensions That I Use to Hack Web Sites
5 Subdomain Takeover ProTips

These articles are, in order, about:

  • New research by @albinowax on HTTP Request Smuggling
  • 3 Firefox security features explained by @KarimPwnz, with good tips on how to use the “Multi-Account Containers” extension for hacking
  • A list of 8 Burp extension worth using, with everything you need to know about them in one page (what they do, installation & usage tips)
  • 5 tips by subdomain takeover master @0xpatrik
More …