ar
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

الذهاب إلى القناة على Telegram
7 436
المشتركون
-124 ساعات
+27 أيام
+16630 أيام
أرشيف المشاركات
Want to get better at Hack The Box? Join our Telegram channel for: HTB writeups (Easy, Medium, Hard) Tips, tricks & tools Weekly machine discussions Beginner-friendly guidance Level up your hacking skills – one box at a time! Join now: https://t.me/htbboxes

Do u want 2 do cross promotion?
Do u want 2 do cross promotion?

پیج خوبیه ، پیشنهاد میکنم، خودمم عضوشم

🔸 self XSS - when you are (usually) attacking only yourself. For example, when XSS is in your name and is triggered only in
🔸 self XSS - when you are (usually) attacking only yourself. For example, when XSS is in your name and is triggered only in your profile section #XSS @GitBook_s

برای حمایت از کانال پست آخر رو به اشتراک بزارید support the channel, by sharing the last post

I will send the rest tomorrow.

Hive >Recon Passive(OSINT) Active Web Recon Firewall Evasion >Web Attack Server Side Client Side >Network Attacks Network Ser
Hive >Recon Passive(OSINT) Active Web Recon Firewall Evasion >Web Attack Server Side Client Side >Network Attacks Network Services Network Devices MITM & Poisoning Wireless Attacks Sniffing Denial of Service >Red Team Windows Active Directory Linux Command & Control (C2) Shells & Payloads Payload Delivery Pivoiting Exfiltration/File Transfer Password Attacks Defense Evasion >Malvare Development Evasion Concepts primer Shellcode Placement Shellcode Encoding & Encryption Binary Properties & Code Signing Code Obfuscation >Blue Team Treat Modeling/Hunting/Intelligence Linux Hardening Security Architecture >Purple Teaming Adversary Emulation >Programing C Programing Assembly (NASM) >Miscellaneous GNU Screen/tmux SSH Tricks Cats Curl Cross-compilling Binaries Link 🔗:- https://7h3w4lk3r.gitbook.io/the-hive @GitBook_s

SecJournal >RESOURCES DUMP >WHAT IS SECURITY >PENTESTING METHODOLOGY Methodology >NETWORKS Networking Adresses OSI Model Packets Combined Knowledge >WEBSITE SECURITY Web SQL Injection Access Control Authentication Bypass Business Logic Information Disclosure Directory Traversal Command Injection File Upload Vulnerabilities Server-Side Request Forgery Cross-Origin Resource Sharing Cross-Site Request Forgery Cross-Site Scripting JSON Web Tokens API Testing WebSockets Deserialization Prototype Pullution Server-Side Template Injection XXE Injection Web Cach Poisoning HTTP Request Smuggling OAuth Authentication Bug Bounties >BUFFER OVERFLOWS Buffer Overflows OSCP BOF (OUTDATED) Ret2Libc ROP Chaining Canary Bypass ASLR Bypass >ACTIVE DIRECTORY Active Directory Tools Windows Authentication Kerberos ACLs and GPOs LDAP >WRITEUPS HTB Season 3 HTB Season 2 HTB Season 1 HTB Season Proving Grounds Practice >EVASION Evasion >ADVERSARY EMULATION Red Teaming Link 🔗:- https://rouvin.gitbook.io/ibreakstuff @GitBook_s

𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 & 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 >RED TEAMING •Cheat Sheet •Active Directory 101 •Fuzzing and Web •Initial Foothold •Privilege Escalation (Privesc) •Lateral Movement (Pivoting) •Persistence •Command and Control (C&C) •Data Exfiltration •CVE & Exploits / CTF >MALWARE ANALYSIS •Unpacking •Basic tips •Malware instrumentation with frida >MOBILE •Reverse iOS ipa •Reverse Android APKs •Basic tips >IOT / REVERSE / FIRMWARE •Basic tips •Reverse IoT devices Link 🔗:- https://gitbook.seguranca-informatica.pt/ @GitBook_s

𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 𝗡𝗼𝘁𝗲𝘀 >RED TEAM TECHNIQUES ~Initial Access •T1190: Exploit Public-Facing Applications •T1133: External Remote Services •T1566: Phishing •T1195: Supply Chain Compromise •T1078: Valid Accounts •T1199: Trusted Relationship ~Execution •T1047:Windows Management Instrumentation •T1204: User Execution •T1569: Service Execution •T1053: Scheduled Tasks/Job •T1106: Native API •T1559: Inter-Process Communication •T1203: Exploitation for Client Execution •T1059: Command and Scripting Interpreter ~Persistence •T1574: Hijack Execution Flow •T1133:External Remote Services •T1546:Event Triggered Execution •T1543:Create or Modify System Process •T1136: Create Account •T1554:Compromise Client Software Binary •T1547:Boot or Logon AutoStart Execution •T1197: BITS Jobs •T1053: Scheduled Tasks/Job •T1098: Account Manipulation.. >RED TEAM INFRASTRUCTURE ~Reconnaissance •Passive •Active ~Weaponization •Macros •HTA •ZIP •ISO ~Delivery •Gophish •EvilGinx •PwnDrop ~Situational Awareness •Covenant and C# •Empire and PowerShell ~Credential Dumping •Mimikatz •Lsass Dumping •SharpChromium ~Persistence •Userland Persistence •Elevated Persistence ~Defense Evasion •Disable or Modify Tools •Obfuscating Files ~Privilege Escalation •PowerUp •PrivescCheck ~Lateral Movement •RDP •PowerShell Remoting Link 🔗:- https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team @GitBook_s

𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀 >LEARNING RESOURCES •Web App Pentesting >RECONNAISANCE •OSINT •Vulnerability Scabbing >RESOURCE DEVELOPMENT •Password Crack Rig •Malware •C2 Infrastructure •Phishing Infrastructure >INITIAL ACCESS •Phishing •Password Spray •Malicious Outlook Rules >HOST TRIAGE •Situational Awareness >INTERNAL RECONNAISSANCE •Enumeration •Lateral Movement •Misc. >DEFENSE EVASION •Dynamic Analysis •Static Analysis •General •Windows Internals •Execution •.NET Post Exploitation •Powershell •AMSI >PRIVILEGE ESCALATION •Domain Privilege Escalation •Local Priv Esc - Windows •Local Priv Esc - Linux >LATERAL MOVEMENT •Tunnels & Port Forward >PERSISTENCE •Local Persistence •Domain Persistence >LINUX •Enumeration •Lateral Movement •Misc. •Exploitation Techniques •Exploit Dev >KALI LINUX FU •Kali Fu •File System >SCANNING & ENUMERATION •Redis •Port Scan •RPC •Kerberos •WinRM •Telnet •PBX •RDP •Finger •VNC •Mail Servers •SSH •SMB •Content Management Systems •FTP •Web Server •DNS •LDAP •Database Services •IKE VPN Service •SNMP •Sniffing >WEB APP VULNERABILITIES •Directory Traversal •Server-Side Template Injection •HTTP Parameter Pollution •Sensitive Data Exposure •Broken Access Control •Business Logic Testing •Broken Authentication •XXE •File Inclusion •SSRF •Injection •Insecure Deserialization •Cross-Site-Scripting (XSS) >API PENTESTING •Resources >PROGRAMMING •Bash >MAINTAINING ACCESS •C2 - Command & Control •Notes >CLOUD SECURITY PENTEST •Penetration Testing AWS Storage •Pentesting Azure •Pentesting Cloud Networks >BLUE TEAM •Home Lab •Reverse Engineering •Forensics >REVERSE ENGINEERING •Malware Analysis •Buffer Overflow •Learning Resources >HOME LAB PROJECT •Initial Configuration •Active Directory >EXFILTRATION •Attack Vectors >WIRELESS PENTESTING •Radius Link 🔗:- https://notes.offsec-journey.com/ @GitBook_s

𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀 >LEARNING RESOURCES •Web App Pentesting >RECONNAISANCE •OSINT •Vulnerability Scabbing >RESOURCE DEVELOPMENT •Password Crack Rig •Malware •C2 Infrastructure •Phishing Infrastructure >INITIAL ACCESS •Phishing •Password Spray •Malicious Outlook Rules >HOST TRIAGE •Situational Awareness >INTERNAL RECONNAISSANCE •Enumeration •Lateral Movement •Misc. >DEFENSE EVASION •Dynamic Analysis •Static Analysis •General •Windows Internals •Execution •.NET Post Exploitation •Powershell •AMSI >PRIVILEGE ESCALATION •Domain Privilege Escalation •Local Priv Esc - Windows •Local Priv Esc - Linux >LATERAL MOVEMENT •Tunnels & Port Forward >PERSISTENCE •Local Persistence •Domain Persistence >LINUX •Enumeration •Lateral Movement •Misc. •Exploitation Techniques •Exploit Dev >KALI LINUX FU •Kali Fu •File System >SCANNING & ENUMERATION •Redis •Port Scan •RPC •Kerberos •WinRM •Telnet •PBX •RDP •Finger •VNC •Mail Servers •SSH •SMB •Content Management Systems •FTP •Web Server •DNS •LDAP •Database Services •IKE VPN Service •SNMP •Sniffing >WEB APP VULNERABILITIES •Directory Traversal •Server-Side Template Injection •HTTP Parameter Pollution •Sensitive Data Exposure •Broken Access Control •Business Logic Testing •Broken Authentication •XXE •File Inclusion •SSRF •Injection •Insecure Deserialization •Cross-Site-Scripting (XSS) >API PENTESTING •Resources >PROGRAMMING •Bash >MAINTAINING ACCESS •C2 - Command & Control •Notes >CLOUD SECURITY PENTEST •Penetration Testing AWS Storage •Pentesting Azure •Pentesting Cloud Networks >BLUE TEAM •Home Lab •Reverse Engineering •Forensics >REVERSE ENGINEERING •Malware Analysis •Buffer Overflow •Learning Resources >HOME LAB PROJECT •Initial Configuration •Active Directory >EXFILTRATION •Attack Vectors >WIRELESS PENTESTING •Radius Link 🔗:- https://notes.offsec-journey.com/ @GitBook_s

𝗣𝗲𝗻𝘁𝗲𝘀𝘁 𝗕𝗼𝗼𝗸 𝗯𝘆 𝗻𝟯𝘁_𝗵𝘂𝗻𝘁𝟯𝗿 >Cloud Pentesting •AWS Security Testing •Azure Pentesting •GCP Pentesting >Web Application Pentesting •XSS <Cross Site Scripting> •XSS Filter Evasion and WAF Bypassing Tactics •SSRF <Server Side Request Forgery> •Open Redirect Vulnerability •Command Injection •File Upload •Rate Limit Bypass Techniques •IDOR •Web Cache Poisoning /Web Cache Deception •CSRF <Cross Site Request Forgery> •XPATH injection •LDAP Injection •JWT Vulnerabilities <Json Web Tokens> •CORS - Misconfigurations & Bypass •Reset/Forgotten Password Bypass •CRLF (%0D%0A) Injection •Clickjacking •Hostile Domain/Subdomain takeover •Server Side Inclusion/Edge Side Inclusion Injection •HTTP Request Smuggling / HTTP Desync Attack •SAML Attacks •OAuth to Account takeover •Cross-site WebSocket hijacking (CSWSH) •Uncovering CloudFlare •Email Header Injection •Unicode Normalization vulnerability •Registration Vulnerabilities •Race Condition Link 🔗:- https://n3t-hunt3r.gitbook.io/pentest-book/ @GitBook_s