In this episode, I will give you my honest review of CRTO (certified red team operator certification) from Zeropoint Security. Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free Read more on the blog: https://thehackerish.com Support this work: https://thehackerish.com/how-to-support Awesome collection of well-known Active Directory attacks: https://attack.stealthbits.com The bible of Active Directory hacking: https://adsecurity.org Pentester Academy...

In this video, I give my own experience with Offshore, a real-world pentest lab provided by hackthebox.eu  Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free  Read more on the blog: https://thehackerish.com  Support this work: https://thehackerish.com/how-to-support     Awesome collection of well-known Active Directory attacks: https://attack.stealthbits.com The bible of Active Directory hacking: https://adsecurity.org  Pentester Academy Lab with...

JavaScript Enumeration is a critical skill to have if you want to level  up your penetration testing or bug bounty hunting game. Yet, not  everyone does it, partly because it is a boring exercise or it consumes  most of your time, not to mention how intimidated you might feel reading  someone else’s code. Today, we will explore this topic and understand  why it matters, and how you can perform it.    Further reads mentioned in the...

Hello Ethical Hackers! Today I share with you the best hacking books I  enjoyed reading since the beginning of my career in Information  Security! I will constantly update the list as I read more, but you  already have enough hacking books to get you started in the information  security industry. It also contains some advanced hacking books for  those who want to level up their hacking skills. Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free  Read more...

Hello ethical hackers! In this episode, you will learn everything  related to OSCP certification. What is OSCP? Why is it a strong  certification? What sets it apart? What are the requirements? How to  properly prepare for the exam? What to do the day of the exam? And  what's next once you earn your OSCP certification? Read more on the blog: https://thehackerish.com/oscp-certification-all-you-need-to-know/  https://thehackerish.com/best-hacking-websites-for-ethical-hackers/  Hacking...

I often get asked from many of my friends and colleagues about where  should I start to learn to hack. My answer always includes a handful of  hacking websites which I found very useful during my journey in this  awesome industry. Today I will share with you the best hacking websites  you should definitely use. Read the Blog article: https://thehackerish.com/best-hacking-websites-for-ethical-hackers/  Download your FREE Web hacking LAB:...

Hello ethical hackers and bug bounty hunters! Welcome to this bug  bounty write-up where I show you how I found a Server-Side Request  Forgery vulnerability (SSRF). Then, I will explain how I was able to  escalate it to obtain a Remote Code Execution (RCE). Finally, you will  see how it is possible to gain a full SSH shell on the vulnerable  server. If all this seems intimidating for you, let me tell you that  shouldn’t be; just make sure you stick with me until the end. I promise  you are...

Hello ethical hackers and bug bounty hunters! I’ve recently conducted  a successful penetration testing against a web application built using  Google Web Toolkit, and I want to share with you the process I followed  and the bugs I found. Hopefully, this episode will inspire you to try  harder during your own bug bounty hunting and penetration testing  journey. I will briefly explain what Google Web Toolkit is and what research  has already been made around it. Then, I will explain why and...

Hello ethical hackers and welcome to the world of hacking and bug bounty hunting. Today, I will share the tools I use to gather open source intelligence and perform subdomain enumeration. Every craftsman has its toolbox and a bounty hunter is no different. However, it’s easy to get lost in the growing number of bug bounty tools which get published by the community everyday. That’s why one of the goals of this article is to provide you with the minimal tools which provide the maximum...

Hello dear ethical hackers and welcome to this new article about bug bounty hunting. In this episode, you will discover my report template and learn how you can write outstanding bug bounty reports which you will be proud of.  If you’ve been following along from the beginning, you have hopefully found at least one bug by now. If it’s the case,  then congratulations! Now it’s time to report that bug right? Well, I  have been working as a triage Analyst for more than a year, and trust me  when...

Welcome again to the Hack for Fun and Profit podcast, where we explore topics related to cyber security and bug bounty hunting. Last time, I showed you the best resources I use to stay up to date in bug bounty hunting. Today, I will share with you my bug bounty methodology when I approach a target for the first time. This is going to be divided into several sections. First, I will show how I choose a bug bounty program. Then, I will dive into how I enumerate the assets. From there, I will...

In this episode, we will  explore the best bug bounty resources and how you can properly use them  to efficiently stay up to date. Some are robust resources provided by  the bug bounty platforms and the community. Others are general websites  which you can customize to fit your bug bounty needs. It’s easy to get  lost in the huge amount of information. That’s why it’s important to be  strategic in your choices. The idea is to maximize your return on the  time you invest.

Hello ethical hackers, today we explore what causes burnout and suggest ways to heal  from it and preserve your mental health while still doing what you’re  passionate about: Hacking! As a side note, although burnout and  depression share some symptoms, they are different. If you suffer from  depression, you should visit a mental health professional. These  suggestions reflect what worked with my own burnout experience. They are  not based on scientific facts and don’t replace your doctor’s...

Imagine a world where companies come to you and ask you to hack them. In return, they will pay you whenever you find a unique vulnerability. And the best part, you don’t have to leave your home! It sounds unrealistic right? Well, let me tell you that it’s now a real job, not a fantasy anymore with the rise of bug bounty hunting! In this episode, we will explore the history of the bug bounty career, understand its ecosystem, analyze its benefits and talk about some of its drawbacks. 

This is an introduction of the Hack for Fun and Profit Podcast.