Bug Bytes #49 – WHY YOUR HACKING QUESTIONS ARE FRUSTRATING!!! (and more)

By Intigriti

December 17, 2019

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from 06 to 13 of December.

Our favorite 5 hacking items

1. Tutorial of the week

Quality of Life Tips and Tricks – Burp Suite

These tips are very helpful for improving your Burp experience. Some are old news but I’m discovering others for the first time:

  • How to reduce the size of Burp projects for long term storage (Burp project hoarders, hello!)

  • How to leverage Match and Replace for simplifying the use of complex or long test username/passwords (Simple yet genius! Useful especially with mobile tests)

  • How to rearrange Burp Repeater request and response tabs (So useful for taking screenshots for reports!)

2. Tool of the week

Bookmarks

Have you ever used Burp Repeater as a bookmarking feature? I do, and the result is not pretty. Tens of tabs open, which is not practical and slows down Burp.
So, this bookmarking extension can be life-changing. It allows you to save interesting requests/responses, replay requests directly in the extension’s tab, sent it to Repeater/Intruder, and highlight the request in Burp Proxy.

3. Video of the week

Docker For Pentesting And Bug Bounty Hunting & Bug Bounty Toolkit

This is an excellent introduction to Docker. If you are not already using it, you can learn in less than 40 minutes why and how to leverage it for pentest and bug bounty.
An example toolkit is also provided. It basically allows you to customize any Linux distribution by adding tools. The list of tools installed can be modified. This would be a good exercise for practicing with Docker.

4. Tip of the week

Trying to use Masscan through a VPN client?  Use -e to specify the interface.  Similarly, Nessus won’t scan over a VPN interface unless you set the source_ip setting in the advanced options to your VPN interface’s IP.

Tip added to knowledge base! This is good to know and might save me (and you maybe?) time when using a VPN for either pentest or bug bounty.

5. Non technical item of the week

Learning How to Learn: Powerful mental tools to help you master tough subjects & @knoxxs’s notes

I know someone who can literally learn anything in a very short period of time. I don’t think it is due to an abnormal intelligence or anything, but because of skills like the ability to detect the missing knowledge, where to get it and what to prioritize to get quick results.
These skills can be taught. This free Coursera course is an excellent start. Personally, I’ve added it to my list of online courses to go through in 2020. It explains both theory and practical techniques to improve learning, tackle procrastination, and understand how memory works.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

More tools, if you have time

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Malicious apps/sites

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/06/2019 to 12/13/2019.

Disclaimer:

The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti

You may also like