The 5 Hacking NewsLetter 33

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 14 to 21 of December.

T5HN33.png

Our favorite 5 hacking items

1. Conference of the week

KringleCon 2018

Kringle con, Kringle con, Kringle all the way… Oh what fun it is to watch hacking conference talks!
Hum, sorry for the little “Jingle bells” song hijacking, I couldn’t help it!

More seriously, this is a great set of talks for penetration testers. They’re rather short (approximately between 6 and 25 minutes), but are all interesting and cover many different topics: Kubernetes security, web app security (relevant for bug hunters), malwares, forensics, social engineering, and even community building (non technical talk).

If you haven’t already watched them, it could be fun to do a KringleCon marathon. Bring the popcorn!

More …

The 5 Hacking NewsLetter 32

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 07 to 14 of December.

T5HN32.png

Our favorite 5 hacking items

1. Slides of the week

Hidden Gems in APKs

This is a great resource to learn more on testing Android apps. A lot of interesting information can be gathered even if the talk itself isn’t available.

The presentation includes three parts:

  1. How to analyze an APK and where to find vulnerable code
  2. Two cases studies with many examples of vulnerabilities found on real apps, plus other random findings
  3. Tools used: scanapk, kpa_esrever and kpa_esrever (couldn’t find them anywhere)
More …

The 5 Hacking NewsLetter 31

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 30 of November to 07 of December.

T5HN27.png

Our favorite 5 hacking items

1. Conference of the week

BSides Lisbon 2018, especially:

If you’re a professional pentester or looking for a pentesting job, then you should really watch the talk “How To Build Your Own Infosec Company”. It tackles a lot of topics: the advantages of small vs big pentesting companies, how to grow your own name and find your first client, how to organize your work and emails, plus many other tips.

More …

The 5 Hacking NewsLetter 30

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 23 to 30 of November.

T5HN30.png

Our favorite 5 hacking items

1. Resource of the week

WAF/IPS/DLP bypass Cheat Sheet

This is a cheat sheet of techniques for bypassing Web Application Firewalls. It might be useful and help you find bugs that others have missed.

Some of the techniques using double Host headers or double Content-Type headers, entering the HTTP method in lowercase or including tabs, etc.

More …

The 5 Hacking NewsLetter 29

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 16 to 23 of November.

T5HN29.png

On a personal note, really sorry for the delay. I’ve been under the weather and am still recovering. I’m also working on a training course and a new very exciting project. So there may be less articles (than usual) published in the next few weeks.

Our favorite 5 hacking items

1. Slides of the week

Bug bounty funshop

This is a great presentation for both web app pentesters & bug hunters. It presents a lot of tools, techniques and tips around recon, Burp Suite, reporting, testing mobile apps, etc.

I devoured it in order to add anything new to my current methodology. Hopefully, the video will be made public too.

More …