In this episode, I will give you my honest review of CRTO (certified red team operator certification) from Zeropoint Security.Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-freeRead more on the blog: https:/

Real-life Active Directory Penetration testing review

Dec 8th, 2021 7m 18s

In this video, I give my own experience with Offshore, a real-world pentest lab provided by hackthebox.eu Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free Read more on the blog: https://thehackerish.com

JavaScript Enumeration for bug bounty hunters

Dec 24th, 2020 10m 55s

JavaScript Enumeration is a critical skill to have if you want to level up your penetration testing or bug bounty hunting game. Yet, not everyone does it, partly because it is a boring exercise or it consumes most of your time, not to mentio

The best hacking books for ethical hackers

Aug 12th, 2020 6m 52s

Hello Ethical Hackers! Today I share with you the best hacking books I enjoyed reading since the beginning of my career in Information Security! I will constantly update the list as I read more, but you already have enough hacking books to g

OSCP Certification: All you need to know

Jul 30th, 2020 14m 13s

Hello ethical hackers! In this episode, you will learn everything related to OSCP certification. What is OSCP? Why is it a strong certification? What sets it apart? What are the requirements? How to properly prepare for the exam? What to do

Best hacking websites for ethical hackers

Jul 17th, 2020 16m 15s

I often get asked from many of my friends and colleagues about where should I start to learn to hack. My answer always includes a handful of hacking websites which I found very useful during my journey in this awesome industry. Today I will

From a lame SSRF to a full $4000 RCE

Jul 5th, 2020 9m 49s

Hello ethical hackers and bug bounty hunters! Welcome to this bug bounty write-up where I show you how I found a Server-Side Request Forgery vulnerability (SSRF). Then, I will explain how I was able to escalate it to obtain a Remote Code Exe

Hacking a new web application from start to finish

Jun 4th, 2020 15m 34s

Hello ethical hackers and bug bounty hunters! I’ve recently conducted a successful penetration testing against a web application built using Google Web Toolkit, and I want to share with you the process I followed and the bugs I found. Hopefu

Bug bounty tools you should start using!

May 27th, 2020 13m 13s

Hello ethical hackers and welcome to the world of hacking and bug bounty hunting. Today, I will share the tools I use to gather open source intelligence and perform subdomain enumeration. Every craftsman has its toolbox and a bounty hunter is n

This is how you write bug bounty reports that stand out!

May 7th, 2020 15m 23s

Hello dear ethical hackers and welcome to this new article about bug bounty hunting. In this episode, you will discover my report template and learn how you can write outstanding bug bounty reports which you will be proud of. If you’ve been fo

My bug bounty methodology and how I approach a target for the first time

Apr 30th, 2020 18m 16s

Welcome again to the Hack for Fun and Profit podcast, where we explore topics related to cyber security and bug bounty hunting. Last time, I showed you the best resources I use to stay up to date in bug bounty hunting. Today, I will share with

Top 9 bug bounty resources to stay up to date

Apr 22nd, 2020 12m 2s

In this episode, we will explore the best bug bounty resources and how you can properly use them to efficiently stay up to date. Some are robust resources provided by the bug bounty platforms and the community. Others are general websites w

Bug bounties: Burnout and your mental health

Apr 12th, 2020 14m 31s

Hello ethical hackers, today we explore what causes burnout and suggest ways to heal from it and preserve your mental health while still doing what you’re passionate about: Hacking!As a side note, although burnout and depression share some

Bug bounty hunting bird' eye view and realistic expectations

Apr 5th, 2020 17m 12s

Imagine a world where companies come to you and ask you to hack them. In return, they will pay you whenever you find a unique vulnerability. And the best part, you don’t have to leave your home!It sounds unrealistic right? Well, let me tell yo