Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 25 of October to 01 of November.
Our favorite 5 hacking items
1. Podcast of the week
The Bug Bounty Podcast - Episode #1 - STÖK
This podcast is A-M-A-Z-I-N-G! It makes you feel like you’re at a live hacking event, sitting with two seasoned bug hunters discussing all kinds of subjects. It goes from how to pronounce CSRF, how @stokfredrik overcame depression, to his race conditions research, etc.
This is perfect for when you want to listen to something relaxing but still informational and related to bug bounties. To accompany with a nice cup of coffee, hygge style!
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 18 to 25 of October.
Our favorite 5 hacking items
Github-subdomains.py
Erlenc
Github-subdomains.py is one of many Github scripts shared lately by @gwendallecoguic for Github recon. It takes a domain as input and returns its subdomains found on Github.
Sometimes, this is just what you need for recon or OSINT!
Erlenc also does one thing: It is a command line tool for URL-encoding and URL-decoding data streams. It can be useful for scripting, or if you find yourself playing with URL encoding all the time during tests.
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 11 to 18 of October.
Our favorite 5 hacking items
1. Video of the week
Lets be a dork and read .js files with zseano
JavaScript analysis is a very important step when testing the security of a website. If, like me, you never were a programmer and struggle with this, then this video is a must!
@zseano walks us through what to look for in them and how, plus an introduction to Google and Github dorks.
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 04 to 11 of October.
Our favorite 5 hacking items
1. Video of the week
Bug Bounty - Hunting Third Level Domains
If you have heard of recursive subdomain enumeration and wished to see practical examples, this is a video for you.
@thecybermentor shows how to enumerate subdomains, spot interesting ones, and iterate enumeration to get third level domains. He also shows how to organize findings, automate the whole process, and go further by using Nmap and Eyewitness. Really helpful for beginners to automation and recon!
More …
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 27 of September to 04 of October.
Our favorite 5 hacking items
This time, exceptionally, we’re featuring way more items than usual… Why limit ourselves to 5 if both quantity and quality are there?
The following links are all really worth checking out if you are into Web application security.
1. Articles of the week
HTTP Desync Attacks: what happened next
Karim Rahal: Security Features of Firefox
The Top 8 Burp Suite Extensions That I Use to Hack Web Sites
5 Subdomain Takeover ProTips
These articles are, in order, about:
- New research by @albinowax on HTTP Request Smuggling
- 3 Firefox security features explained by @KarimPwnz, with good tips on how to use the “Multi-Account Containers” extension for hacking
- A list of 8 Burp extension worth using, with everything you need to know about them in one page (what they do, installation & usage tips)
- 5 tips by subdomain takeover master @0xpatrik
More …
