ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 506
订阅者
+924 小时
+517
+19930
帖子存档
kashz jewels >OS-LINUX >OS-WINDOWS >SHELLCODES >ACTIVE-DIRECTORY >OSINT >BUFFER OVERFLOW GUIDE >HASH-N-CRACK >TRICKS >PROTOCOLS >CHEATSHEET >SERVICES Link 🔗:- https://kashz.gitbook.io/kashz-jewels @GitBook_s

StaphySec Resources Tricks Brute Force - CheatSeet File Transfer Hashcat Cheatsheet Curl >Tools Cracking Information Gathering XSS Obfuscation Credentials Theft/Win Content Management System(CMS) >Programing and Scripting Virtualenv & Switching Versions Python >Shells Shells(Linux,Windows,Msfvenom) >Linux Cheatsheet EOP Linux Tools and Resources Blogs >Windows Cheatsheet EOP Windows Tools and Resources Useful commands and Modules >Blogs Miscellaneous resources >Pentesting 21 Pentesting FTP 22 Pentesting SSH 25,465,587 Pentesting SMTP 53 Pentesting DNS 110,995 Pentesting POP 135 Pentesting WMI 139,445 SMB Pentesting 143,993 Pentesting IMAP 161,162,10161,10162/udp Pentesting SNMP 623 /UDP/TCP - IPMI 1433 Pentesting mssql 2049 NFS Pentesting 3306 Pentesting Mysql 3389 Pentesting RDP 5985,5986 WinRm >Pentesting Web SQL Injections Command injection File Uploads Abusing Intermediary Applications HTTP Verb Tampering IDOR File Inclusion/Directory Traversal XXE-XEE-XML External Entity SSRF SSI/ESI SSTI XSLT Server Side Injection(Extensible Stylesheet Language Transformations) Link 🔗:- https://staphysec.gitbook.io/staphysec @GitBook_s

Zeyu's CTF Writeups Home Playground OSCP >My Challenges SEETF 2023 The InfoSecurity Challenges 2022 SEETF 2022 Cyber Leage Major 1 Standcon CTF 2021 >2023 DEF CON CTF 2023 Qualifiers Hxp CTF Qualifiers >2022 niteCTF 2022 STACK the Flags 2022 LackeCTF Qualifiers The InfoSecurity Challenges 2022 BalsnCTF 2022 BSidesTLV 2022 CTF Grey CAt The Flag 2022 DEF CON CTF 2022 Qualifiers Securinets CTF Finals 2022 NahamCon CTF 2022 Securinets CTF Quals 2022 CTF.SG CTF YaCTF 2022 DiceCTF 2022 TetCTF 2022 >2021 hxp CTF 2021 HTX Investigator's Challenge 2021 Metasploit Community CTF MetaCTF CyberGames CyberSecurityRumble Ctf The InfoSecurity Challenge (TISC) 2021 SPbCTF's Student CTF Quals Asian Cyber Security Challenge (ACSC) 2021 CSAW CTF Qualification Round 2021 YauzaCTF 2021 InCTF 2021 UIUCTF 2021 Google CTF 2021 TyfoonCon CTF 2021 DSTA Brainhack CDDC21 BCACTF 2.0 Zh3ro CTF V2 Pwn2Win CTF 2021 NorzhCTF 2021 DawgCTF 2021 UMDCTF 2021 Midnight Sun CTF 2021 picoCTF 2021 DSO-NUS CTF 2021 Link 🔗:- https://ctf.zeyu2001.com/ @GitBooks

infosecgirls Introduction Application Details >INITIAL SETUP WITH OWASP ZAP OWASP ZAP Setup OWASP ZAP Modes Automated Scan Report Generation >INITIAL SETUP WITH BURP. Start Burp Suite Add FoxyProxy Addon Add New Proxy In FoxyProxy Configure Proxy Listener Install Burp's CA Certificate In Firefox Getting Rid of Unnecessary Browser Traffic >QUICK BASICS Disable Intercept Mode in Burp Enable Intercept Mode in Burp Send to Repeater Send to Comparer >WEB APPLICATION PENTESTING A1 - Injection A2 - Broken Authentication A3 - Sensitive Data Exposure A4- XML External Entities (XXE) A5 - Broken Access Control A6 - Security Misconfiguration A7 - Cross-Site Scripting (XSS) A8 - Insecure Deserialization A9 - Using Components with Known Vulnerabilities 10 - Insufficient Logging & Monitoring References About Us >ADDITIONAL CONTENT Insecure Direct Object Reference Security Misconfiguration Password Guessing Attack User Enumeration Custom Iterator Null Payload Request in Browser: Privilege Escalation Check >BURP EXTENDERS Target Proxy Intruder Repeater Sequencer Decoder Comparer Extender Link 🔗:- https://infosecgirls.gitbook.io/infosecgirls-training/v/appsec/ @GitBook_s

H12006 - Write up WriteUp | - Passive Reconnaissance ll - Active Reconnaissance lll - Server Side Request Forgery IV - Android Reverse Engineering V - Know your staff VI - You will pay for this ! Link 🔗:- https://techbrunch.gitbook.io/h12006 @GitBook_s

HackTheBox - Windows HackTheBox - Forest HackTheBox - Bastion HackTheBox - Access HackTheBox - Optimum HackTheBox - Bounty HackTheBox - Granny HackTheBox - Arctic HackTheBox - Sniper HackTheBox - Querier HackTheBox - Heist HackTheBox - Remote HackTheBox - Sauna HackTheBox - ServMon Link 🔗:- https://akshaydeepakshinde.gitbook.io/hackthebox-windows @GitBook_s

HackTheBox - Linux HackTheBox - Registry HackTheBox - Scavenger HackTheBox - Ellingson HackTheBox - OneTwoSeven HackTheBox - Player HackTheBox - Zipper HackTheBox - Dab HackTheBox - Kotarak HackTheBox - Ghoul HackTheBox - Mango HackTheBox - Feline HackTheBox - Joker HackTheBox - Unbalanced HackTheBox - Obscurity HackTheBox - Monitors Link 🔗:- https://akshaydeepakshinde.gitbook.io/hackthebox-linux @GitBook_s

CTF Writeups CTF Writeups Tools and Payloads >TRYHACKME TryHackMe Overview >HACKTHEBOX HackTheBox Overview >HACKTHEBOX ACADEMY HTB Academy Overview >PORTSWIGGER ACADEMY PortSwigger Overview >2021 CTFS Gurugram Cyber Heist CTF 2021 ZH3RO CTF 2.0 2021 NahamCon 2021 >2020 CTFS VulnCon2020 Overview Link 🔗:- https://dhilipsanjay.gitbook.io/ctfs @GitBook_s

Engin Demirbilek >Intro [Pinned] Community OSWE Review >CODE PIECES C++: Shellcode Launcher C++: Dynamic DLL Usage C++: Sendin HTTP GET Request C++: Sandbox Detection via Registry C++: Enumerating Environment C++: DII Injection VBA: HTTP File Dropper Environment Enumeration via Pshell & Cmd >PROJECTS Reverse Shell Exploit chain With AV Bypass Execute Shellcode Launcher with DII Injection Bypassing AVs with simple XOR Bypassing Defender with Exclusion List >VULNERABILITY RESEARCH [TR] Centreon 19.10.8 Remote Code Execution [TR] rConfig 3.94 Remote Code Execution [TR] PANDORAFMS 7.0 REMOTE CODE EXECUTION x4 >PENTEST NOTES An Uncommon OSINT way to Juicy Files GraphQL Testing Tips Server Side Request Forgery (SSRF) Link 🔗:- https://edemirbilek.gitbook.io/red-team-research @GitBook_s

refabr1k's Pentest Notebook Steganography Kali USB with persistence memory useful tools Understanding ICACLS permissions >INFO GATHERING Port Knocking 22 tcp - SSH 25 top - SMTP 53 tcp/udp - DNS 88 tcp - Kerberos 161 udp - SNMP 1098,1099 tcp - Java RMI 8009 tcp - AJP 5901,5902 tcp - VNC >WEB XSS cookie stealing PHP Webdav Wordpress XML RPC SQL Injection SSRF >EXPLOITATION File Transfers Buffer Overflow Bruteforce PHP rce Compiling msfvenom Reverse shell Using ENV to escape Bad Characters shellshock Ncat Persistent Backdoor PRIVESC - LINUX Basic checks Upgrading Shells SUID >PRIVESC - WINDOWS Basic checks/powershell Privesc Openings LonelyPotato - SelmpersonatePrivilege Enable RDP @ Firewall NTLM (Pass The Hash) >WINDOWS NTDS.dit Responder / SMB Relay Attacking AD >METASPLOIT Basic Usage Meterpreter >UNSORTED other notes >ELEARNSECURITY EJPT eJPT notes >OSWP Getting started WEP Attacks WPA/WPA2 Attacks >SCRIPTS get port from nmap Curl response ping sweep iptables-counter.sh (DNS) zonetransfer_check.sh (DNS) dns-rev-brute.sh (DNS) dns-fwd-brute.sh (SMB) vuln-scan.sh (SMB) samba-checker.sh (SMTP) vrfy.py (SNMP) mib-check.sh >ZERODAY VULNERABILITIES EXPLAINED 2020-12 Solarwind supply chain Link 🔗:- https://refabr1k.gitbook.io/oscp @GitBook_s

HackTheBox >linux Machines Easy Medium Hard >Challenges Web Pwn Link 🔗:- https://ir0nstone.gitbook.io/hackthebox/ @GitBook_s

Security Knowledge Framework Introduction Auth Bypass Auth Bypass - 1 Auth Bypass - 2 Auth-bypass-3 Auth-bypass-Simple Client Side Restriction Bypass Client Side Restriction Bypass - Harder Client Side Template Injection (CSTI) Command Injection (CMD) Command Injection 2 (CMD-2) Command Injection 3 (CMD-3) Command Injection 4 (CMD-4) Command Injection Blind (CMD-Blind) Content-Security-Policy (CSP) CORS exploitation Credentials Guessing Credentials Guessing - 2 Cross Site Scripting (XSS) Cross Site Scripting - Attribute (XSS-Attribute) Cross Site Scripting - href (XSS-href) Cross Site Scripting - DOM (XSS- DOM) Cross Site Scripting - DOM-2 (XSS- DOM-2) Cross Site Scripting - Stored (XSS- Stored) CSRF CSRF - Samesite CSRF - Weak CSS Injection (CSSI) Deserialisation Java (DES-Java) Deserialisation Yaml (DES-Yaml) Deserialisation Pickle (DES-Pickle) Deserialisation Pickle 2 (DES-Pickle-2) DoS Regex File upload Formula Injection GraphQL DOS GraphQL IDOR GraphQL Injections GraphQL Introspection GraphQL Mutations Host Header Injection (Authentication Bypass) HttpOnly Session Hijacking XSS Information Leakeage in Comments Information Leakeage in Metadata Insecure Direct Object References (IDOR) JWT Null JWT Secret Ldap Injection Ldap Injection - harder Local File Inclusion 1 (LFI-1) Local File Inclusion 2 (LFI-2) Local File Inclusion 3 (LFI-3) Parameter Binding Prototype Pollution Race Condition Race Condition File-Write Ratelimiting (Brute-force login) Remote File Inclusion (RFI) Right To Left Override (RTLO) Server Side Request Forgery (SSRF) Server Side Template Injection (SSTI) Session Hijacking XSS Session Puzzling Session Management 1 SQLI (Union) SQLI Login Bypass SQLI (Like) SQLI (Blind) TLS Downgrade Untrusted Sources (XSSI) URL Redirection URL Redirection - Harder URL Redirection - Harder-2 WebSocket Message Manipulation XML External Entity (XXE) Exposed docker daemon template item Link 🔗:- https://skf.gitbook.io/asvs-write-ups/ @GitBook_s

AppSec Overview Write Ups Compilations/Resources main Resources Labs >Cross Site Request Forgery > Missing Access Controls >LFI >XXE >Injection Command Injection Server Side Template Injection SQL Injection >SSRF >Unvalidated Redirects and Forwards >Verbose Error messages and Stack Traces Link 🔗:- https://evanluke.gitbook.io/appsec @GitBook_s

Leet Sheet >Reconnaissance Automated Reconnaissance Domains Scour the Web Metadata >Web App Hacking Enumeration User Attacks Database Attacks Server Attacks DNS Attacks Cloud Attacks Interesting Outdated Attacks >Network Hacking General Enumeration RPC LDAP SMB SNMP WMI SSH Kerberos NTLM Man-in-the-Middle WinRM >Post Exploitation Windows Linux Docker Container General >Various CVEs SSH Agent Hijacking Password Cracking Cryptography Non-Hacking Malware Forensics >Binary Exploitation Base Knowledge Format Strings Exploits Stack Smashing Heap Exploits Time-of-Check to Time-of-Use Shellcode Decompilation Debugging Exploit Mitigations and Protections Exploit Protection Bypassing Passing Input Fuzzing Automatic Exploitation >phisical security Mechanical Locks Electronic Locks Other Attacks Destructive Entry Elevator Attacks >Social Engineering Phishing Link 🔗:- https://heinosass.gitbook.io/leet-sheet @GitBook_s

AWS CCP Notes by Karan Singh >The Absolute Basics >IAM >EC2 >ELB & ASG >S3 >Dtabase/Analytics >Analytics >Other Cumputing Services >Development & Provisioning >Content Delivery >Communication and Step Function >Monitoring >VPC &Networking >Shared Responsibility Model >Security & Compliance >Machine Learning >Organizations >Pricing >Billing & Support >Advanced Identity >Architecting on the Cloud Link 🔗:- https://karansingh.gitbook.io/ccpnotes @GitBook_s

wiki.hackerlab.cz >Web Pentesting HTTP Request Smuggling SSTI Insecure Deserialization Brute Force Shell Fu - onliners CORS Special Chars & NULL Bytes XSS XEE SQL Injection Blind SQL Injection SQLmap NoSQL Injection CRLF Injection Input Validation - Fuzz1 HTTP Headers - X-Forwarded Log4j Enumeration with Wordlists Bug Bounty - Web Recon HTTP Proxy Override CSV Injection Windows Forbiden File Name Path Traversal OS Command Injection Open Redirect JWT Token Upload RCE GUID and UUIDs >Toolset Git - Repo and Tools Docker for Pentesters >Infrastructure Pentesting Windows Post Exploitation Dump File Analysis Active Directory NFS Enumration >Other Pentest Project Security Projects >Wifi Pentesting Kali Linux - Alpha card AWUS 1900(VirtualBox) Active Card & Monitor Mode Aircrack-ng Suite Certs >Linux Network Manager >Books The Hacker Playbook 3 Link 🔗:- https://hackerlab.gitbook.io/wiki.hackerlab.cz/ @GitBook_s

Go Notebook Syntax Helpers Idioms Design Patterns Hello World Tic Tac Toe HTTP Server Concurrency WebSocket Server User Authentication Numerical Computing Link 🔗:- https://calvinfeng.gitbook.io/gonotebook @GitBook_s

Hive >Recon Passive(OSINT) Active Web Recon Firewall Evasion >Web Attack Server Side Client Side >Network Attacks Network Ser
Hive >Recon Passive(OSINT) Active Web Recon Firewall Evasion >Web Attack Server Side Client Side >Network Attacks Network Services Network Devices MITM & Poisoning Wireless Attacks Sniffing Denial of Service >Red Team Windows Active Directory Linux Command & Control (C2) Shells & Payloads Payload Delivery Pivoiting Exfiltration/File Transfer Password Attacks Defense Evasion >Malvare Development Evasion Concepts primer Shellcode Placement Shellcode Encoding & Encryption Binary Properties & Code Signing Code Obfuscation >Blue Team Treat Modeling/Hunting/Intelligence Linux Hardening Security Architecture >Purple Teaming Adversary Emulation >Programing C Programing Assembly (NASM) >Miscellaneous GNU Screen/tmux SSH Tricks Cats Curl Cross-compilling Binaries Link 🔗:- https://7h3w4lk3r.gitbook.io/the-hive @GitBook_s