In this episode, I will give you my honest review of CRTO (certified red team operator certification) from Zeropoint Security. Download your FREE Web hacking LAB: https://thehackerish.com/owasp-top-10-lab-vm-free Read more on the blog: https://thehackerish.com Support this work: https://thehackerish.com/how-to-support Awesome collection of well-kno…

JavaScript Enumeration is a critical skill to have if you want to level up your penetration testing or bug bounty hunting game. Yet, not everyone does it, partly because it is a boring exercise or it consumes most of your time, not to mention how intimidated you might feel reading someone else’s code. Today, we will explore this topic and understan…

Hello ethical hackers! In this episode, you will learn everything related to OSCP certification. What is OSCP? Why is it a strong certification? What sets it apart? What are the requirements? How to properly prepare for the exam? What to do the day of the exam? And what's next once you earn your OSCP certification? Read more on the blog: https://th…

Hello ethical hackers and bug bounty hunters! Welcome to this bug bounty write-up where I show you how I found a Server-Side Request Forgery vulnerability (SSRF). Then, I will explain how I was able to escalate it to obtain a Remote Code Execution (RCE). Finally, you will see how it is possible to gain a full SSH shell on the vulnerable server. If …

Hello ethical hackers and bug bounty hunters! I’ve recently conducted a successful penetration testing against a web application built using Google Web Toolkit, and I want to share with you the process I followed and the bugs I found. Hopefully, this episode will inspire you to try harder during your own bug bounty hunting and penetration testing j…

Hello ethical hackers and welcome to the world of hacking and bug bounty hunting. Today, I will share the tools I use to gather open source intelligence and perform subdomain enumeration. Every craftsman has its toolbox and a bounty hunter is no different. However, it’s easy to get lost in the growing number of bug bounty tools which get published …

Hello dear ethical hackers and welcome to this new article about bug bounty hunting. In this episode, you will discover my report template and learn how you can write outstanding bug bounty reports which you will be proud of. If you’ve been following along from the beginning, you have hopefully found at least one bug by now. If it’s the case, then …

Welcome again to the Hack for Fun and Profit podcast, where we explore topics related to cyber security and bug bounty hunting. Last time, I showed you the best resources I use to stay up to date in bug bounty hunting. Today, I will share with you my bug bounty methodology when I approach a target for the first time. This is going to be divided int…

Hello ethical hackers, today we explore what causes burnout and suggest ways to heal from it and preserve your mental health while still doing what you’re passionate about: Hacking! As a side note, although burnout and depression share some symptoms, they are different. If you suffer from depression, you should visit a mental health professional. T…

Imagine a world where companies come to you and ask you to hack them. In return, they will pay you whenever you find a unique vulnerability. And the best part, you don’t have to leave your home! It sounds unrealistic right? Well, let me tell you that it’s now a real job, not a fantasy anymore with the rise of bug bounty hunting! In this episode, we…

This is an introduction of the Hack for Fun and Profit Podcast.