There is a lot of resources available about hacking and security, here are my favorites.

Some blogs I frequently visit from bounty hunters themself. They explain their findings, why it occurs, how they were able to exploit and sometimes how much they win. I visit them once a week and I also follow their writer on Twitter to not miss the bugs they don’t review.

In my opinion the best way to learn hacking and security is to read public disclosure. It’s a great resources of tips and tools to use to make your life easier. Some of my favorites issues, the ones I like to read again and again to understand the vulnerability and try to discern the state of mind of the hacker who found it. It’s also a good way to improve your report skill and see the way hackers communicates with security teams to keep good feelings.

Each Time I learn a new kind of issue, I try to reproduce it on on my local lab, then I try it on security programs I’m currently working on. Sometime it works, sometimes not but bug bounty is also about patience. Happy reading !


VulnHub is a training platform which provides “a catalogue of ‘stuff’ that is (legally) ‘breakable, hackable & exploitable’”, understand: a pool of vulnerable virtual machines. The downloads are essentially .iso, .vbox or .ova which can be opened with VirtualBox or VMware.

The machines are created and proposed by the community itself. Also different versions of the famous Damn Vulnerable Linux and the Exploit Exercises suite are in. You will have to deal with many many different kinds of vulnerabilities like file permissions, web application, shellcode, heap overflows, password cracking, privilege escalation and so on…

For instance, you can read the solution of one of those challenge on InfoSec Institute website: The Tr0ll Challenge


Reported by Sucuri, the HD FLV Player suffers of an Arbitrary File Download vulnerability which is of course considered critical.

The vulnerable code can be found in download.php:

$filename = $_GET['f'];
header('Content-disposition: attachment; filename='.basename($filename));

Since there is absolutly no check nor filter applied before using the f parameter passed in the url, this is the perfect backdoor to get almost any file you want on the machine (depending of the right of the user the server is running). No matter the plugin is enable or not, you simply need to run the install to be exposed.


DVWA is a PHP/MySQL web application that is intentionally vulnerable. The goal is to learn common web vulnerabilities and improve your security skills by training yourself on your own server. 3 levels are available (low, medium and high) to perform those following attacks :

  • Bruce Force
  • Command Execution
  • CSRF
  • Captcha
  • File Inclusion
  • SQL Injection (plus Blind)
  • File Upload
  • XSS

The lowest level is usually pretty easy to bypass but the high level as a best practice presents the right way to protect your application.


Below some tools you can use for scans and vulnerability assessment while performing a penetration test:

exploit-db: The Exploit Database

grabber: web application scanner

inguma: pentest toolkik which can perfom target auditing and information gathering

Metasploit: “world’s most used penetration testing software”

Nessus: vulnerability scanner

Nikto: an Open Source web server scanner

oscanner: oracle assessment framework

searchsploit: search in exloit-db database