hack the box
-
How to crack your WiFi network’s password with aircrack-ng
Hello again! If you read my last post on AP and Client discovery with Airodump-ng, then get ready to take the skills you learned to the next level! We’re not just going to be observers anymore. We’re going to hack wireless networks by cracking their passwords! This method involves using airodump-ng to capture the necessary
-
Make access control bug discovery fast and easy with Autorize
We’re back from our slight detour to swing back into web app testing! Don’t worry though, I haven’t given up on wireless stuff. More content for that coming soon! In this post, I’m going to walk through a demo that makes use of my favorite Burpsuite extension: Autorize. Autorize is a plugin that makes testing
-
How to visualize the networks around you
Hello! In this post we’re going to shift gear onto a new topic: Wireless Hacking! When I was younger, I loved learning about networks. I was fascinated by all of the wireless traffic floating around through the air. This lead me down the rabbit hole of wireless hacking and among the very first wireless testing
-
Harnessing the power of wfuzz for web hacking
In today’s post, I’ll introduce you to a tool that should be a part of every bug hunter’s toolkit, wfuzz! I use wfuzz in every bug bounty program I participate in. If you don’t know what wfuzz is, it’s a web application fuzzer. And if you haven’t heard of a web application fuzzer, they’re a
-
Unveiling my Methodology for Exciting Bug Discoveries and Optimal Results
When I first started getting into bug hunting, I tried to create the perfect methodology by mimicking what the greats were doing. I wanted to do recon and automation like Jason Haddix and become a command line guru like Tom Hudson. It was fun learning how to use tons of tools but I quickly became
-
How To Reverse Engineer API’s To Boost Your Bug Bounty Workflow
Recently, I’ve been working on APIsec University’s API Penetration Testing Course, where I’ve learned some invaluable methods of API hacking. One of the coolest things I’ve learned is how to effectively map out an API. So, in this post, I’m going to pass on what I’ve learned to you. Why waste time mapping an API?