The 5 Hacking NewsLetter 9

Hey hackers! Here’s our collection of the best resources shared this week by pentesters & bug bounty hunters. It covers the week from to the 15th to the 22th of June.

Have a good reading!

T5HN9.png

Our favorite 5 hacking items

1. Tutorial of the week

Credential stealing with XSS without user interaction

This is not a new technique, but it’s a good exploitation scenario to show one pratical risk of XSS vulnerabilities. From experience, using <script>alert(0)</script> in pentest reports is not very convincing for clients.
I try to always include proof of concepts that show what exactly is possible on the particular context being tested: redirection, iframe inclusion, cookie theft, credentials theft from the browser, etc.

More …

Conference notes: Trickle Down PwnOnomics (LevelUp 0x02 / 2018)

trickle-down-pwnonomics.png Hi, these are the notes I took while watching the “Trickle Down PwnOnomics” talk given by Darrell Damstedt (aka Hateshape) on LevelUp 0x02 / 2018.

About

  • This talk is about how Hateshape “went from having zero bug bounty experience to regularly experiencing ($$$) success”.
  • Trickle Down Pwnonomics: A theory promoting the discovery and reduction of vulnerabilities on a bug bounty program as a means to stimulate my bank account.
More …

The 5 Hacking NewsLetter 8

Hey hackers! As usual, this is a collection of our favorite resources for penetration testers and bug bounty hunters. It covers the week from to the 8th to the 15th of June.

There’s a lot to read, so grab a nice plate of watermelon (yeah, it’s summer baby!) and good reading!

T5HN8.png

Our favorite 5 hacking items

1. Tutorial of the week

Should this be public though? by Rojan Rijal

This tutorial presents great OSINT techniques for finding sensitive information leaked by employees.
A tool, LeakFinder, is also provided to automate the process. The author used it successfully on 2 bug bounty programs but the reports have not yet been disclosed.

More …

The 5 Hacking NewsLetter 7

Hey hackers! Once again, I scoured the Web to get you the best resources on hacking, pentesting and bug bounty hunting shared this week.

I’m publishing this a little late because there’s a lot of research involved and, well, sometimes life gets in the way… So the week covered is from the 1st to the 8th of June.

Have fun reading this, and don’t forget to share, retweet, comment, ask…!

T5HN7.png

Our favorite 5 hacking items

1. Webcast I enjoyed watching

Attack Tactics Part 1 by Black Hills Information Security

This is a great webcast! I loved watching it for all the state of the art information, tips and feedback from professional pentesters.

More …

The 5 Hacking NewsLetter 6 (New format)

Hey, hackers!
OMG, this week there were even more interesting things published & shared accross Youtube, Twitter, Medium, blogs, etc, than last time!
It was just impossible to choose only 5 items, and this is becoming a habit. So we’re trying a new format: Our 5 favorite items (just a matter of personal preference) commented, followed by all the other fantastic findings in the form of a list of links.

Let me know if you prefer this format or the older one, and if you have any suggestions or comments. It’s always a pleasure to hear from you!

T5HN6.png

Our favorite 5 hacking items

1. Writeup of the week

I love the simplicity yet effectiveness of this technique. It was rewarded $1,500 and shows (yet again) the importance of recon, particularly retrieving and analyzing certificates from censys.io.

More …