Sam Hilliard

htb

  • Building a Recon Toolkit with Docker

    Building a Recon Toolkit with Docker

    With the rise in popularity of bug bounty hunting, there’s been a lot of great tools developed. ProjectDiscovery‘s suite of tools and contributions made by Tomnomnom certainly come to mind. With the amount of tools, however, comes the complexity of managing them: keeping them up to date, making sure dependencies are installed, keeping your bounty

    Read more →

  • Automating HackerOne Scope Parsing with qsv for Bug Bounty Recon

    Automating HackerOne Scope Parsing with qsv for Bug Bounty Recon

    Before you start bug hunting on a new program, you need to feed the right assets to the right tools for automated recon. Sorting through the scope and getting your environment setup is a tedious (and delicate) process. No one should want to do this manually. Especially since manual sorting can lead to mistakes. And

    Read more →

  • How to Refine Your Web Application Testing Methodology for Effective Attacks

    How to Refine Your Web Application Testing Methodology for Effective Attacks

    When I first started out bug hunting, I was decent at recon and had a sense for what targets I wanted to go after. But once I got to exploring the target, I didn’t have a set methodology. I just wandered around on the site until something caught my eye in Burp. Without a structured

    Read more →

  • Effective Network Scanning with Nmap: A Practical Workflow

    Effective Network Scanning with Nmap: A Practical Workflow

    There’s a ton of content about the network mapping tool, nmap, and rightfully so. It’s a powerful tool in the hands of a capable user. But most of the tutorials out there are just regurgitations of the man page or docs in various forms. Many only cover basic usage of the tool that can be

    Read more →

  • Reverse Engineering APIs with Burp2API

    Reverse Engineering APIs with Burp2API

    ,

    Postman is one of my favorite tools for testing the functionality and security of APIs. It allows you to organize API routes neatly and write/run automated tests across collections of requests. If you have access to the API spec of an application you are testing, you can easily import the mapped API directly into Postman

    Read more →

  • Exploiting crAPI with jwt_tool

    Exploiting crAPI with jwt_tool

    In this post, I’ll show you how to use jwt_tool to analyze and exploit JWT vulnerabilities in crAPI, an intentionally vulnerable API. We’re going to take a practical approach to learning how to use this tool. So, by the end of this, you’ll be able to use this tool in the real world. Let’s dive

    Read more →