Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 06 to 13 of December.
Our favorite 5 hacking items
1. Tutorial of the week
Quality of Life Tips and Tricks – Burp Suite
These tips are very helpful for improving your Burp experience. Some are old news but I’m discovering others for the first time:
- How to reduce the size of Burp projects for long term storage (Burp project hoarders, hello!)
- How to leverage Match and Replace for simplifying the use of complex or long test username/passwords (Simple yet genius! Useful especially with mobile tests)
- How to rearrange Burp Repeater request and response tabs (So useful for taking screenshots for reports!)
2. Tool of the week
Have you ever used Burp Repeater as a bookmarking feature? I do, and the result is not pretty. Tens of tabs open, which is not practical and slows down Burp.
So, this bookmarking extension can be life-changing. It allows you to save interesting requests/responses, replay requests directly in the extension’s tab, sent it to Repeater/Intruder, and highlight the request in Burp Proxy.
3. Video of the week
Docker For Pentesting And Bug Bounty Hunting & Bug Bounty Toolkit
This is an excellent introduction to Docker. If you are not already using it, you can learn in less than 40 minutes why and how to leverage it for pentest and bug bounty.
An example toolkit is also provided. It basically allows you to customize any Linux distribution by adding tools. The list of tools installed can be modified. This would be a good exercise for practicing with Docker.
4. Tip of the week
Trying to use Masscan through a VPN client? Use -e to specify the interface. Similarly, Nessus won’t scan over a VPN interface unless you set the source_ip setting in the advanced options to your VPN interface’s IP.
Tip added to knowledge base! This is good to know and might save me (and you maybe?) time when using a VPN for either pentest or bug bounty.
5. Non technical item of the week
Learning How to Learn: Powerful mental tools to help you master tough subjects & @knoxxs’s notes
I know someone who can literally learn anything in a very short period of time. I don’t think it is due to an abnormal intelligence or anything, but because of skills like the ability to detect the missing knowledge, where to get it and what to prioritize to get quick results.
These skills can be taught. This free Coursera course is an excellent start. Personally, I’ve added it to my list of online courses to go through in 2020. It explains both theory and practical techniques to improve learning, tackle procrastination, and understand how memory works.
Other amazing things we stumbled upon this week
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
If you don’t have time
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Breaches & Attacks
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/06/2019 to 12/13/2019.
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.