Hack for Fun and Profit
By thehackerish
For subscription-only episodes, enroll using this link: anchor.fm/thehackerish/subscribe
Hack for Fun and ProfitJun 04, 2020
CRTP, CRTE, PACES, CRTO under 1 year 🎉 Listen to my story!
In this episode, I share my review of the four red team certifications I passed this year.
📙 Become a successful bug bounty hunter: https://thehackerish.com/a-bug-bounty-hunting-journey-book
🆓 Download your FREE Web hacking LAB and starting hacking NOW: https://thehackerish.com/owasp-top-10-lab-vm-free
🌐 Read more on the blog: https://thehackerish.com
💪🏻 Support this work: https://thehackerish.com/how-to-support
- Facebook Page: https://www.facebook.com/thehackerish
- Follow us on Twitter: https://twitter.com/thehackerish
- Listen on Anchor: https://anchor.fm/thehackerish
- Listen on Spotify: https://open.spotify.com/show/4Ht8jEbPzyZnfbIlhFG91x
- Listen on Google Podcasts: https://podcasts.google.com/?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy8xYTVkYTgxYy9wb2RjYXN0L3Jzcw%3D%3D
Certified Red Team Operator Review
In this episode, I will give you my honest review of CRTO (certified red team operator certification) from Zeropoint Security.
Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free
Read more on the blog: https://thehackerish.com
Support this work: https://thehackerish.com/how-to-support
Awesome collection of well-known Active Directory attacks: https://attack.stealthbits.com
The bible of Active Directory hacking: https://adsecurity.org
Pentester Academy Lab with walk-through: https://www.pentesteracademy.com/activedirectorylab
Facebook Page: https://www.facebook.com/thehackerish
Follow us on Twitter: https://twitter.com/thehackerish
Real-life Active Directory Penetration testing review
In this video, I give my own experience with Offshore, a real-world pentest lab provided by hackthebox.eu
Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free
Read more on the blog: https://thehackerish.com
Support this work: https://thehackerish.com/how-to-support
Awesome collection of well-known Active Directory attacks: https://attack.stealthbits.com
The bible of Active Directory hacking: https://adsecurity.org
Pentester Academy Lab with walk-through: https://www.pentesteracademy.com/activedirectorylab
Facebook Page: https://www.facebook.com/thehackerish
Follow us on Twitter: https://twitter.com/thehackerish
JavaScript Enumeration for bug bounty hunters
JavaScript Enumeration is a critical skill to have if you want to level up your penetration testing or bug bounty hunting game. Yet, not everyone does it, partly because it is a boring exercise or it consumes most of your time, not to mention how intimidated you might feel reading someone else’s code. Today, we will explore this topic and understand why it matters, and how you can perform it.
Further reads mentioned in the video:
https://thehackerish.com/cross-site-scripting-xss-explained/
https://portswigger.net/web-security/cross-site-scripting/dom-based
https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/
https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9
Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free
Read more on the blog: https://thehackerish.com
Facebook Page: https://www.facebook.com/thehackerish
Follow us on Twitter: https://twitter.com/thehackerish
The best hacking books for ethical hackers
Hello Ethical Hackers! Today I share with you the best hacking books I enjoyed reading since the beginning of my career in Information Security! I will constantly update the list as I read more, but you already have enough hacking books to get you started in the information security industry. It also contains some advanced hacking books for those who want to level up their hacking skills.
Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free
Read more on the blog: https://thehackerish.com
Facebook Page: https://www.facebook.com/thehackerish
Follow us on Twitter: https://twitter.com/thehackerish
OSCP Certification: All you need to know
Hello ethical hackers! In this episode, you will learn everything related to OSCP certification. What is OSCP? Why is it a strong certification? What sets it apart? What are the requirements? How to properly prepare for the exam? What to do the day of the exam? And what's next once you earn your OSCP certification?
Read more on the blog: https://thehackerish.com/oscp-certification-all-you-need-to-know/
https://thehackerish.com/best-hacking-websites-for-ethical-hackers/
Hacking websites to sharpen your skills: https://youtu.be/iZLo8WiooIY
Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free
Facebook Page: https://www.facebook.com/thehackerish
Follow us on Twitter: https://twitter.com/thehackerish
Best hacking websites for ethical hackers
I often get asked from many of my friends and colleagues about where should I start to learn to hack. My answer always includes a handful of hacking websites which I found very useful during my journey in this awesome industry. Today I will share with you the best hacking websites you should definitely use.
Read the Blog article: https://thehackerish.com/best-hacking-websites-for-ethical-hackers/
Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free
Facebook Page: https://www.facebook.com/thehackerish
Follow us on Twitter: https://twitter.com/thehackerish
From a lame SSRF to a full $4000 RCE
Hello ethical hackers and bug bounty hunters! Welcome to this bug bounty write-up where I show you how I found a Server-Side Request Forgery vulnerability (SSRF). Then, I will explain how I was able to escalate it to obtain a Remote Code Execution (RCE). Finally, you will see how it is possible to gain a full SSH shell on the vulnerable server.
If all this seems intimidating for you, let me tell you that shouldn’t be; just make sure you stick with me until the end. I promise you are going to learn many things today!
Read more on https://thehackerish.com/bug-bounty-write-up-from-ssrf-to-4000/
Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free
Facebook Page: https://www.facebook.com/thehackerish
Follow us on Twitter: https://twitter.com/thehackerish
Hacking a new web application from start to finish
Hello ethical hackers and bug bounty hunters! I’ve recently conducted a successful penetration testing against a web application built using Google Web Toolkit, and I want to share with you the process I followed and the bugs I found. Hopefully, this episode will inspire you to try harder during your own bug bounty hunting and penetration testing journey.
I will briefly explain what Google Web Toolkit is and what research has already been made around it. Then, I will explain why and how I built a Burp extension to help me during the penetration testing process. Finally, I will share with you some vulnerabilities I found, especially a cool one which required further effort. So stay with me as we smash this web application into pieces!
Read more details on https://thehackerish.com/hacking-a-google-web-toolkit-application/
Watch the Broken Access Control approach on https://youtu.be/TJQpOrtet8E
Read about IDOR on https://thehackerish.com/idor-explained-owasp-top-10-vulnerabilities/
Bug bounty tools you should start using!
Hello ethical hackers and welcome to the world of hacking and bug bounty hunting. Today, I will share the tools I use to gather open source intelligence and perform subdomain enumeration. Every craftsman has its toolbox and a bounty hunter is no different. However, it’s easy to get lost in the growing number of bug bounty tools which get published by the community everyday. That’s why one of the goals of this article is to provide you with the minimal tools which provide the maximum returns.
Links to all the tools are available on the blog post on: https://thehackerish.com/bug-bounty-tools-from-enumeration-to-reporting/
This is how you write bug bounty reports that stand out!
Hello dear ethical hackers and welcome to this new article about bug bounty hunting. In this episode, you will discover my report template and learn how you can write outstanding bug bounty reports which you will be proud of.
If you’ve been following along from the beginning, you have hopefully found at least one bug by now. If it’s the case, then congratulations! Now it’s time to report that bug right? Well, I have been working as a triage Analyst for more than a year, and trust me when I tell you that only few hunters master the art of writing good bug bounty reports. If you don’t give enough care and love when writing, be aware that it is a mandatory soft skill which brings you higher bounties. Every hunter should know how to write good bug bounty reports. And today, you will see how you can do just that!
Read more on https://thehackerish.com
Follow us on Twitter: @thehackerish
Watch videos on Youtube: https://www.youtube.com/channel/UCIXot2vRgeM5alhAlpTbhQA
My bug bounty methodology and how I approach a target for the first time
Welcome again to the Hack for Fun and Profit podcast, where we explore topics related to cyber security and bug bounty hunting. Last time, I showed you the best resources I use to stay up to date in bug bounty hunting. Today, I will share with you my bug bounty methodology when I approach a target for the first time. This is going to be divided into several sections. First, I will show how I choose a bug bounty program. Then, I will dive into how I enumerate the assets. From there, I will explain how I pick a web application and how I test it. Finally, I will evaluate this bug bounty methodology by enumerating its pros and cons so that you know exactly what to expect from it. There are plenty of bug bounty tips and tricks along the way, so make sure to stick around until the end.
Learn the OWASP Top 10 on the blog: https://thehackerish.com
Watch our videos on Youtube: https://www.youtube.com/channel/UCIXot2vRgeM5alhAlpTbhQA
Follow us on Twitter: https://twitter.com/thehackerish
Top 9 bug bounty resources to stay up to date
In this episode, we will explore the best bug bounty resources and how you can properly use them to efficiently stay up to date. Some are robust resources provided by the bug bounty platforms and the community. Others are general websites which you can customize to fit your bug bounty needs. It’s easy to get lost in the huge amount of information. That’s why it’s important to be strategic in your choices. The idea is to maximize your return on the time you invest.
Bug bounties: Burnout and your mental health
Hello ethical hackers, today we explore what causes burnout and suggest ways to heal from it and preserve your mental health while still doing what you’re passionate about: Hacking!
As a side note, although burnout and depression share some symptoms, they are different. If you suffer from depression, you should visit a mental health professional. These suggestions reflect what worked with my own burnout experience. They are not based on scientific facts and don’t replace your doctor’s intervention.
If you'd like to visit the references mentioned in this episode, head to our blog post at https://thehackerish.com/bug-bounty-burnout-and-your-mental-health/
Bug bounty hunting bird' eye view and realistic expectations
Imagine a world where companies come to you and ask you to hack them. In return, they will pay you whenever you find a unique vulnerability. And the best part, you don’t have to leave your home!
It sounds unrealistic right? Well, let me tell you that it’s now a real job, not a fantasy anymore with the rise of bug bounty hunting!
In this episode, we will explore the history of the bug bounty career, understand its ecosystem, analyze its benefits and talk about some of its drawbacks.
The podcast in a nutshell
This is an introduction of the Hack for Fun and Profit Podcast.