Bug Bounty - GitBook
الذهاب إلى القناة على Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
إظهار المزيد7 451
المشتركون
+524 ساعات
+107 أيام
+17130 أيام
أرشيف المشاركات
7 451
Repost from Bug Bounty - GitBook
Total OSCP Guide
The Basics
Recon and Information Gathering Phase
Vulnerability analysis
Exploiting
Post Exploitation
Password Cracking
Pivoting - Port forwarding - Tunneling
Network traffic analysis
Wifi
Link 🔗:-
Https://sushant747.gitbooks.io/total-oscp-guide
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
Cybersec
>Binary Exploitation
>Reverse Engineering
>Blockchain
>Writeups
>Miscellaneous
Link 🔗:-
https://ir0nstone.gitbook.io
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
Red Teaming's Dojo
>Windows Internals
>C++
>Shellcoding
>Binary Exploitation
>Misc
>Practical Malware Analysis Lab Write-Up
Link 🔗:-
https://mohamed-fakroud.gitbook.io/red-teamings-dojo/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
Cheat Sheet
Windows
AD
Red Teaming
Linux
Mainframes
Cloud
Web App
Mobile
Exploit-Dev
WiFi
Link 🔗:-
https://cheats.philkeeble.com/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
https://cheats.philkeeble.com/
Cheat Sheet:
Windows
AD
Red Teaming
Linux
Mainframes
Cloud
Web App
Mobile
Exploit-Dev
WiFi
7 451
Repost from Bug Bounty - GitBook
🪐 Hackerium Wiki
•Web Pentest Checklist
LLM Security
•OWASP
•Web Attack
AI Security
•Tutorials
•Methodology
•Asset Discovery
•Writeups
•Red Team
•Burp Suite
•Blue Team
Link 🔗:-
https://wiki.hackerium.io/
@GitBook_s
7 451
🪐 Hackerium Wiki
•Web Pentest Checklist
LLM Security
•OWASP
•Web Attack
AI Security
•Tutorials
•Methodology
•Asset Discovery
•Writeups
•Red Team
•Burp Suite
•Blue Team
Link 🔗:-
https://wiki.hackerium.io/
@GitBook_s
7 451
Hey amazing people! ✨
Just dropping a quick tip here (someone asked about this today) —
Suppose the scope of your target looks something like:
api-*.target.comor
*-test.*.target.comNow the big question is: How do we properly recon this kind of wildcard setup? 🤔 --- Answer: Besides the usual method — searching certificates (via tools like crt.sh, censys.io, or certspotter) 🧾 — there’s an even simpler and very powerful method: ✅ DNS Bruteforce! Here's what you can do: 1. Take a wordlist (or build one yourself if you wanna be fancy) 📄 2. Replace the wildcard parts (*) with words from your list using awk, sed, or any scripting method you like ⚙️ Example: If your wildcard is like api-*.target.com , you can generate:
api-dev.target.com api-stage.target.com api-prod.target.comAnd etc. 3. Resolve all these generated subdomains via a DNS tool (like massdns, dnsx, amass, etc.) 🔎 This way, you'll catch live subdomains that the cert search might miss! --- BUT WAIT! ⚡️ Before you start bruteforcing randomly, pay attention to the pattern: Try to understand how their subdomains are usually structured Look for common words they use (like dev, test, staging, v1, beta, etc.) You can gather hints from their certs, public code, old leaks, or archived DNS data! Smarter bruteforce > Blind bruteforce. 🎯 --- Extra Power Moves: Join the Horizon Bug Hunters Group! Seriously, some crazy good recon and hacking tricks are shared there all the time: https://t.me/+JvbhnuMIQMA0Zjg0 🚀 And save their channel too! Telegram’s algorithm sometimes hides good stuff after a while... better safe than sorry: @hor1zon_one 📌
7 451
رفقا، اگه قابل بدونید، قدمتون رو چشم ماست.
یه گروه و کانال جمعوجور زدیم با محوریت بحث هانت و اشتراکگذاری در مورد اوسپ و باقی مسائل امنیتی.
هدفمون بیشتر تیمشدنه، نه فقط عضویت!
اگه دوست داری بیاین، منتظرتیم.
کانال:
https://t.me/hor1zon_one
اگه خواستی یه سر به جمعمون بزنی و گپ بزنیم، اینجا پیدامون میکنی:
https://t.me/+JvbhnuMIQMA0Zjg0
منتظرتیم رفیق
متاح الآن! بحث تيليغرام 2025 — أهم رؤى العام 
