11 episodes

Hack for Fun and Profit is a weekly podcast for anyone who is interested in ethical hacking. The topics include bug bounty hunting, penetration testing, red teaming and many more. Sit back and enjoy stories, tips and tricks that will inspire you.

For subscription-only episodes, enroll using this link: https://anchor.fm/thehackerish/subscribe

Hack for Fun and Profit thehackerish

    • Education
    • 5.0 • 1 Rating

Hack for Fun and Profit is a weekly podcast for anyone who is interested in ethical hacking. The topics include bug bounty hunting, penetration testing, red teaming and many more. Sit back and enjoy stories, tips and tricks that will inspire you.

For subscription-only episodes, enroll using this link: https://anchor.fm/thehackerish/subscribe

    Certified Red Team Operator Review

    Certified Red Team Operator Review

    In this episode, I will give you my honest review of CRTO (certified red team operator certification) from Zeropoint Security.



    Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free

    Read more on the blog: https://thehackerish.com

    Support this work: https://thehackerish.com/how-to-support

    Awesome collection of well-known Active Directory attacks: https://attack.stealthbits.com

    The bible of Active Directory hacking: https://adsecurity.org

    Pentester Academy Lab with walk-through: https://www.pentesteracademy.com/activedirectorylab

    Facebook Page: https://www.facebook.com/thehackerish

    Follow us on Twitter: https://twitter.com/thehackerish

    • 11 min
    JavaScript Enumeration for bug bounty hunters

    JavaScript Enumeration for bug bounty hunters

    JavaScript Enumeration is a critical skill to have if you want to level  up your penetration testing or bug bounty hunting game. Yet, not  everyone does it, partly because it is a boring exercise or it consumes  most of your time, not to mention how intimidated you might feel reading  someone else’s code. Today, we will explore this topic and understand  why it matters, and how you can perform it.   

    Further reads mentioned in the video: 

    https://thehackerish.com/cross-site-scripting-xss-explained/ 

    https://portswigger.net/web-security/cross-site-scripting/dom-based 

    https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/ 

    https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9   



    Download your FREE Web hacking LAB:  https://thehackerish.com/owasp-top-10-lab-vm-free 

    Read more on the blog: https://thehackerish.com 

    Facebook Page: https://www.facebook.com/thehackerish 

    Follow us on Twitter: https://twitter.com/thehackerish

    • 10 min
    OSCP Certification: All you need to know

    OSCP Certification: All you need to know

    Hello ethical hackers! In this episode, you will learn everything  related to OSCP certification. What is OSCP? Why is it a strong  certification? What sets it apart? What are the requirements? How to  properly prepare for the exam? What to do the day of the exam? And  what's next once you earn your OSCP certification?



    Read more on the blog: https://thehackerish.com/oscp-certification-all-you-need-to-know/ 

    https://thehackerish.com/best-hacking-websites-for-ethical-hackers/ 

    Hacking websites to sharpen your skills: https://youtu.be/iZLo8WiooIY 

    Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free 

    Facebook Page: https://www.facebook.com/thehackerish 

    Follow us on Twitter: https://twitter.com/thehackerish

    • 14 min
    From a lame SSRF to a full $4000 RCE

    From a lame SSRF to a full $4000 RCE

    Hello ethical hackers and bug bounty hunters! Welcome to this bug  bounty write-up where I show you how I found a Server-Side Request  Forgery vulnerability (SSRF). Then, I will explain how I was able to  escalate it to obtain a Remote Code Execution (RCE). Finally, you will  see how it is possible to gain a full SSH shell on the vulnerable  server.

    If all this seems intimidating for you, let me tell you that  shouldn’t be; just make sure you stick with me until the end. I promise  you are going to learn many things today!



    Read more on https://thehackerish.com/bug-bounty-write-up-from-ssrf-to-4000/

    Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free 

    Facebook Page: https://www.facebook.com/thehackerish  

    Follow us on Twitter: https://twitter.com/thehackerish

    • 9 min
    Hacking a new web application from start to finish

    Hacking a new web application from start to finish

    Hello ethical hackers and bug bounty hunters! I’ve recently conducted  a successful penetration testing against a web application built using  Google Web Toolkit, and I want to share with you the process I followed  and the bugs I found. Hopefully, this episode will inspire you to try  harder during your own bug bounty hunting and penetration testing  journey.

    I will briefly explain what Google Web Toolkit is and what research  has already been made around it. Then, I will explain why and how I  built a Burp extension to help me during the penetration testing  process. Finally, I will share with you some vulnerabilities I found,  especially a cool one which required further effort. So stay with me as  we smash this web application into pieces!



    Read more details on https://thehackerish.com/hacking-a-google-web-toolkit-application/

    Watch the Broken Access Control approach on https://youtu.be/TJQpOrtet8E

    Read about IDOR on https://thehackerish.com/idor-explained-owasp-top-10-vulnerabilities/

    • 15 min
    Bug bounty tools you should start using!

    Bug bounty tools you should start using!

    Hello ethical hackers and welcome to the world of hacking and bug bounty hunting. Today, I will share the tools I use to gather open source intelligence and perform subdomain enumeration. Every craftsman has its toolbox and a bounty hunter is no different. However, it’s easy to get lost in the growing number of bug bounty tools which get published by the community everyday. That’s why one of the goals of this article is to provide you with the minimal tools which provide the maximum returns.

    Links to all the tools are available on the blog post on: https://thehackerish.com/bug-bounty-tools-from-enumeration-to-reporting/

    • 13 min

Customer Reviews

5.0 out of 5
1 Rating

1 Rating

Top Podcasts In Education

Dr. Jordan B. Peterson
Jordan Harbinger
Rich Roll
Charles Côté - Drôlement Inspirant
TED
Dear Media

You Might Also Like

Offensive Security, Inc.
Cybereason
Jack Rhysider
Sticks & Stones