Skip to content
  • Home
  • OWASP Top 10
  • Bug bounty hunting
  • About
  • Contact
  • How to support

Tag: security

Privilege escalation techniques you must know to get root on linux systems

Top 7 Privilege Escalation Tricks and How to Defend against them

July 2, 2023 by thehackerish

In this post, I will show you 7 ways you can use right now for privilege escalation to get Root on any Linux target! And you can replicate the exact steps in publicly accessible hands-on labs. This is also for defenders who want to learn how to prevent these attacks. Penetration testers typically have limited …

Continue Reading
best ethical hacking books for bug bounty hunters

The best hacking books for ethical hackers

December 29, 2021 by thehackerish

Hello Ethical Hackers! Today I share with you the best hacking books I enjoyed reading since the beginning of my career in Information Security! I will constantly update the list as I read more, but you already have enough hacking books to get you started in the information security industry. It also contains some advanced …

Continue Reading
CRTO honest review

CRTO (Certified red team operator) honest review

December 12, 2022 by thehackerish

Hello dear ethical hackers, welcome to this new blog post about red teaming. Today, I will give you my honest review of CRTO (certified red team operator certification) from Zeropoint Security. A brief context  In the middle of this year, I tackled the Rastalabs Pro lab on hackthebox.eu. Like the Offshore lab, my biggest complaint …

Continue Reading

Crack a password: techniques and hands-on exercise

November 22, 2021 by thehackerish

Sometimes during security engagements, ethical hackers need to crack passwords. However, not all of them have the skills and the resources required to achieve it. Therefore, they might miss interesting attack surface that could make the difference between success and failure in the engagement. In this article, we will explore many key concepts that revolve …

Continue Reading
Offshore: A Realistic Penetration testing lab

Penetration testing lab review: Hackthebox Offshore

April 22, 2021 by thehackerish

With the increase of Cloud Computing adoption, many penetration testing labs are emerging every day. From small challenges to enterprise-scale infrastructure, I am sure you will find the right penetration testing lab that suits your level of skills and your career path. Today, I will review the Offshore lab from HacktheBox based on my experience. …

Continue Reading
JavaScript Enumeration for bug bounty hunters

JavaScript Enumeration for bug bounty hunters

April 22, 2021 by thehackerish

JavaScript Enumeration is a critical skill to have if you want to level up your penetration testing or bug bounty hunting game. Yet, not everyone does it, partly because it is a boring exercise or it consumes most of your time, not to mention how intimidated you might feel reading someone else’s code. Today, we …

Continue Reading
Jira vulnerabilities and how they are exploited in the wild

Jira vulnerabilities and how they are exploited in the wild

April 22, 2021 by thehackerish

I’ve been asked a lot about Jira vulnerabilities. In this article, I compiled the publicly available Jira exploits I could find to help you when you are doing bug bounty hunting or penetration testing. However, I should mention that you need to have some basic understanding of how web applications work and how to exploit …

Continue Reading
Account takeover: From zero to System Admin

Account takeover: From zero to System Admin

April 22, 2021 by thehackerish

Hello ethical hackers! Today I share with you an account takeover I achieved during a recent penetration testing of a web application. For those who don’t know know what an account takeover is, there is a dedicated section for that. From there, I will explain how I enumerated all the endpoints. Then, I will walk …

Continue Reading

OSCP Certification: All you need to know

April 22, 2021 by thehackerish

Hello ethical hackers! In this episode, you will learn everything related to OSCP certification. What is OSCP? Why is it a strong certification? What sets it apart? What are the requirements? How to properly prepare for the exam? What to do the day of the exam? And what’s next once you earn your OSCP certification? …

Continue Reading

OWASP Top 10 vulnerabilities: Injection explained

April 22, 2021 by thehackerish

Hello and welcome to this OWASP Top 10 vulnerabilities course. Today’s blog post is about Injection.  By the end of this post, you will have understood the following points: What is OWASP Top 10 Injection?  Why Injection is on the top of the OWASP Top 10 vulnerabilities? What is the difference between error and blind-based …

Continue Reading

Posts navigation

  • 1
  • 2
  • 3
  • Next

Get you Free hacking lab VM.

free-hacking-lab-vm
Click on the image and get all you need to kickstart your journey in Web Hacking!

Overcome your struggles and become a successful bug bounty hunter!

Bug bounty hunting journey book
Click on the image and grab your own copy NOW!

Listen to the Hack for Fun and Profit Podcast

Support my work!

Categories

  • burp suite
  • Hacking
    • bug bounty
    • Penetration testing
    • red team
  • OWASP
    • OWASP juice shop
    • OWASP Top 10
      • OWASP Top 10 training
      • OWASP Top 10 vulnerabilities
    • OWASP WebGoat
    • OWASP ZAP
  • Secure coding
  • Uncategorized

Overcome your struggles and become a successful bug bounty hunter!

Get you Free hacking lab VM

free-hacking-lab-vm
free-hacking-lab-vm
© 2023 thehackerish | Built using WordPress and SuperbThemes