The 5 Hacking NewsLetter 43

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 22 of February to 1 of March.

T5HN43.png

Our favorite 5 hacking items

1. Webcast of the week

Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them

One of the first things I was told as a junior pentester was that writing a report is the most important part of a pentest. The reason is that even if you find the craziest vulnerabilities, they’ll bring no value to the customer if you can’t explain them clearly enough. Information like risks, impacts, how the bug works, and how to fix it must be crystal clear so that the client and developers know why they must fix the bug and how.

The good news is that writing good reports is not a magical art, it can be taught. This webcast by SANS has great tips on this topic. These are 10 mistakes to avoid and what to do instead. They apply whether you write your reports in english or any other language.

This is a must-read resource if want to improve the quality of your reports.

More …

The Bug Hunter Podcast Ep. 2: Wayback Machine & Reading ebooks on the move

the-bug-hunter-podcast-episode-2.png

Hi, here’s a new episode of the Bug Hunter podcast!

You can now listen to it using the widget below or on the following platforms: Google Podcasts, Anchor, Spotify, Breaker, Pocket Casts and RadioPublic.

Apple podcasts (iTunes) is in the works. And if your favorite podcasting app is missing from this list, please let me know so I can add it.

Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding all links or commands mentioned in the audio.


More …

The 5 Hacking NewsLetter 42

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 15 to 22 of February.

T5HN42.png

Our favorite 5 hacking items

1. Resource of the week

NetSPI SQL Injection Wiki

This is a great wiki on SQL injection for both beginners and advanced testers.

I’m always talking abount maintaining a personal knowledge base. If you need inspiration, this is a perfect example of one which is very well organized and includes most things you need to learn or remember for testing SQL injections:

  • Payloads for detection (by type of request)
  • How to identify the Database Management System in use
  • The different injection types and techniques including WAF evasion techniques
  • Payloads for different attack queries (for information gathering, OS commands execution, privilege escalation, etc)
More …

The Bug Hunter Podcast Ep. 1: Hacker mindset & Network pentest

the-bug-hunter-podcast-episode-1.png

Hi, I am so happy to finally launch this podcast. The idea behind it is to provide hackers with a unique mix of various topics: technical stuff like hacking Q&As and tool reviews, and non technical advice on productivity, personal growth…

You can listen to the first episode using the widget below or on https://anchor.fm/bughunter. I’m working on making it available on all major platforms like iTunes, Spotify, etc.

Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding all links or commands mentioned in the audio.

Transcript

More …