Hey hackers! These are our favorite resources shared last week by hackers, pentesters, bug hunters and red teamers.
This issue covers the week from 10 to 17 of August.
Our favorite 5 hacking items
1. Tips/Video of the week
Burp Hacks for Bounty Hunters by James Kettle (@albinowax)
These are advanced Burp hacks by James Kettle of PortSwigger Web Security. His day job is to design vulnerability detection techniques for Burp Suite, so when he shares tips on how to maximize your Burp ROI, he knows his stuff!
The talk is addressed to bug hunters, but the tips also apply to pentesters. I’ve been using Burp pro for years and wasn’t aware of many of these hacks.
More …
Hi, recently I was looking for a VPS for bug hunting. I didn’t find a comprehensive article on the subject, the information was scattered accross forums, talks and tweets. So I thought why not compile what I found and share it with you to save time!
More …
Hey hackers! These are our latest favorite resources related to pentest & bug bounty.
This issue covers the week from 03 to 10 of August.
Our favorite 5 hacking items
1. Writeup of the week
How I gained commit access to Homebrew in 30 minutes by Eric Holmes (@vesirin)
Eric was able to make an unauthorized commit to Homebrew’s GitHub repositories. It took 4 steps and less than 30 minutes:
- He used Gitrob to automate the organization’s Github recon
- He looked at previously disclosed issues on https://hackerone.com/Homebrew and found a Jenkins instance (intentionally) publicly exposed
- Git authenticated push meant that credentials were stored somewhere…
- The “Environment Variables” page exposed a valid GitHub API token
More …
Hey hackers! Once again, we scoured the Web to bring you the latest best resources related to pentest & bug bounty.
This issue covers the week from 27 of July to 03 of August.
Our favorite 5 hacking items
1. Tip of the week
Finding domains belonging to a specific target by @edoverflow
One of the most important steps during recon is finding domains that belong to your target.
Many talks and tweets tackle the question of subdomains enumeration, but there is a lot less information out there about finding domains. So it’s nice to read these practical tips from a confirmed bug hunter.
More …
Hi, these are the notes I took while watching “The Bug Hunters Methodology v3(ish)” talk given by Jason Haddix on LevelUp 0x02 / 2018.
Links
About
This talk is about Jason Haddix’s bug hunting methodology. It is an upgrade of:
More …
