Bug Bounty - GitBook
前往频道在 Telegram
7 506
订阅者
+924 小时
+517 天
+19930 天
帖子存档
7 506
kashz jewels
>OS-LINUX
>OS-WINDOWS
>SHELLCODES
>ACTIVE-DIRECTORY
>OSINT
>BUFFER OVERFLOW GUIDE
>HASH-N-CRACK
>TRICKS
>PROTOCOLS
>CHEATSHEET
>SERVICES
Link 🔗:-
https://kashz.gitbook.io/kashz-jewels
@GitBook_s
7 506
StaphySec
Resources
Tricks
Brute Force - CheatSeet
File Transfer
Hashcat
Cheatsheet
Curl
>Tools
Cracking
Information Gathering
XSS
Obfuscation
Credentials Theft/Win
Content Management System(CMS)
>Programing and Scripting
Virtualenv & Switching Versions
Python
>Shells
Shells(Linux,Windows,Msfvenom)
>Linux
Cheatsheet
EOP Linux Tools and Resources
Blogs
>Windows
Cheatsheet
EOP Windows Tools and Resources
Useful commands and Modules
>Blogs
Miscellaneous resources
>Pentesting
21 Pentesting FTP
22 Pentesting SSH
25,465,587 Pentesting SMTP
53 Pentesting DNS
110,995 Pentesting POP
135 Pentesting WMI
139,445 SMB Pentesting
143,993 Pentesting IMAP
161,162,10161,10162/udp Pentesting SNMP
623 /UDP/TCP - IPMI
1433 Pentesting mssql
2049 NFS Pentesting
3306 Pentesting Mysql
3389 Pentesting RDP
5985,5986 WinRm
>Pentesting Web
SQL Injections
Command injection
File Uploads
Abusing Intermediary Applications
HTTP Verb Tampering
IDOR
File Inclusion/Directory Traversal
XXE-XEE-XML External Entity
SSRF
SSI/ESI
SSTI
XSLT Server Side Injection(Extensible Stylesheet Language Transformations)
Link 🔗:-
https://staphysec.gitbook.io/staphysec
@GitBook_s
7 506
Zeyu's CTF Writeups
Home
Playground
OSCP
>My Challenges
SEETF 2023
The InfoSecurity Challenges 2022
SEETF 2022
Cyber Leage Major 1
Standcon CTF 2021
>2023
DEF CON CTF 2023 Qualifiers
Hxp CTF Qualifiers
>2022
niteCTF 2022
STACK the Flags 2022
LackeCTF Qualifiers
The InfoSecurity Challenges 2022
BalsnCTF 2022
BSidesTLV 2022 CTF
Grey CAt The Flag 2022
DEF CON CTF 2022 Qualifiers
Securinets CTF Finals 2022
NahamCon CTF 2022
Securinets CTF Quals 2022
CTF.SG CTF
YaCTF 2022
DiceCTF 2022
TetCTF 2022
>2021
hxp CTF 2021
HTX Investigator's Challenge 2021
Metasploit Community CTF
MetaCTF CyberGames
CyberSecurityRumble Ctf
The InfoSecurity Challenge (TISC) 2021
SPbCTF's Student CTF Quals
Asian Cyber Security Challenge (ACSC) 2021
CSAW CTF Qualification Round 2021
YauzaCTF 2021
InCTF 2021
UIUCTF 2021
Google CTF 2021
TyfoonCon CTF 2021
DSTA Brainhack CDDC21
BCACTF 2.0
Zh3ro CTF V2
Pwn2Win CTF 2021
NorzhCTF 2021
DawgCTF 2021
UMDCTF 2021
Midnight Sun CTF 2021
picoCTF 2021
DSO-NUS CTF 2021
Link 🔗:-
https://ctf.zeyu2001.com/
@GitBooks
7 506
infosecgirls
Introduction
Application Details
>INITIAL SETUP WITH OWASP ZAP
OWASP ZAP
Setup OWASP ZAP
Modes
Automated Scan
Report Generation
>INITIAL SETUP WITH BURP.
Start Burp Suite
Add FoxyProxy Addon
Add New Proxy In FoxyProxy
Configure Proxy Listener
Install Burp's CA Certificate In Firefox
Getting Rid of Unnecessary Browser Traffic
>QUICK BASICS
Disable Intercept Mode in Burp
Enable Intercept Mode in Burp
Send to Repeater
Send to Comparer
>WEB APPLICATION PENTESTING
A1 - Injection
A2 - Broken Authentication
A3 - Sensitive Data Exposure
A4- XML External Entities (XXE)
A5 - Broken Access Control
A6 - Security Misconfiguration
A7 - Cross-Site Scripting (XSS)
A8 - Insecure Deserialization
A9 - Using Components with Known Vulnerabilities
10 - Insufficient Logging & Monitoring
References
About Us
>ADDITIONAL CONTENT
Insecure Direct Object Reference
Security Misconfiguration
Password Guessing Attack
User Enumeration
Custom Iterator
Null Payload
Request in Browser:
Privilege Escalation Check
>BURP EXTENDERS
Target
Proxy
Intruder
Repeater
Sequencer
Decoder
Comparer
Extender
Link 🔗:-
https://infosecgirls.gitbook.io/infosecgirls-training/v/appsec/
@GitBook_s
7 506
H12006 - Write up
WriteUp
| - Passive Reconnaissance
ll - Active Reconnaissance
lll - Server Side Request Forgery
IV - Android Reverse Engineering
V - Know your staff
VI - You will pay for this !
Link 🔗:-
https://techbrunch.gitbook.io/h12006
@GitBook_s
7 506
HackTheBox - Windows
HackTheBox - Forest
HackTheBox - Bastion
HackTheBox - Access
HackTheBox - Optimum
HackTheBox - Bounty
HackTheBox - Granny
HackTheBox - Arctic
HackTheBox - Sniper
HackTheBox - Querier
HackTheBox - Heist
HackTheBox - Remote
HackTheBox - Sauna
HackTheBox - ServMon
Link 🔗:-
https://akshaydeepakshinde.gitbook.io/hackthebox-windows
@GitBook_s
7 506
HackTheBox - Linux
HackTheBox - Registry
HackTheBox - Scavenger
HackTheBox - Ellingson
HackTheBox - OneTwoSeven
HackTheBox - Player
HackTheBox - Zipper
HackTheBox - Dab
HackTheBox - Kotarak
HackTheBox - Ghoul
HackTheBox - Mango
HackTheBox - Feline
HackTheBox - Joker
HackTheBox - Unbalanced
HackTheBox - Obscurity
HackTheBox - Monitors
Link 🔗:-
https://akshaydeepakshinde.gitbook.io/hackthebox-linux
@GitBook_s
7 506
CTF Writeups
CTF Writeups
Tools and Payloads
>TRYHACKME
TryHackMe Overview
>HACKTHEBOX
HackTheBox Overview
>HACKTHEBOX ACADEMY
HTB Academy Overview
>PORTSWIGGER ACADEMY
PortSwigger Overview
>2021 CTFS
Gurugram Cyber Heist CTF 2021
ZH3RO CTF 2.0 2021
NahamCon 2021
>2020 CTFS
VulnCon2020 Overview
Link 🔗:-
https://dhilipsanjay.gitbook.io/ctfs
@GitBook_s
7 506
Engin Demirbilek
>Intro
[Pinned] Community
OSWE Review
>CODE PIECES
C++: Shellcode Launcher
C++: Dynamic DLL Usage
C++: Sendin HTTP GET Request
C++: Sandbox Detection via Registry
C++: Enumerating Environment
C++: DII Injection
VBA: HTTP File Dropper
Environment Enumeration
via Pshell & Cmd
>PROJECTS
Reverse Shell Exploit
chain With AV Bypass
Execute Shellcode
Launcher with DII Injection
Bypassing AVs with simple XOR
Bypassing Defender with Exclusion List
>VULNERABILITY RESEARCH
[TR] Centreon 19.10.8
Remote Code Execution
[TR] rConfig 3.94 Remote Code Execution
[TR] PANDORAFMS 7.0
REMOTE CODE EXECUTION x4
>PENTEST NOTES
An Uncommon OSINT way to Juicy Files
GraphQL Testing Tips
Server Side Request Forgery (SSRF)
Link 🔗:-
https://edemirbilek.gitbook.io/red-team-research
@GitBook_s
7 506
refabr1k's Pentest Notebook
Steganography
Kali USB with persistence memory
useful tools
Understanding ICACLS permissions
>INFO GATHERING
Port Knocking
22 tcp - SSH
25 top - SMTP
53 tcp/udp - DNS
88 tcp - Kerberos
161 udp - SNMP
1098,1099 tcp - Java RMI
8009 tcp - AJP
5901,5902 tcp - VNC
>WEB
XSS cookie stealing
PHP
Webdav
Wordpress
XML RPC
SQL Injection
SSRF
>EXPLOITATION
File Transfers
Buffer Overflow
Bruteforce
PHP rce
Compiling
msfvenom
Reverse shell
Using ENV to escape Bad Characters
shellshock
Ncat Persistent Backdoor
PRIVESC - LINUX
Basic checks
Upgrading Shells
SUID
>PRIVESC - WINDOWS
Basic checks/powershell
Privesc Openings
LonelyPotato - SelmpersonatePrivilege
Enable RDP @ Firewall
NTLM (Pass The Hash)
>WINDOWS
NTDS.dit
Responder / SMB Relay
Attacking AD
>METASPLOIT
Basic Usage
Meterpreter
>UNSORTED
other notes
>ELEARNSECURITY EJPT
eJPT notes
>OSWP
Getting started
WEP Attacks
WPA/WPA2 Attacks
>SCRIPTS
get port from nmap
Curl response
ping sweep
iptables-counter.sh
(DNS) zonetransfer_check.sh
(DNS) dns-rev-brute.sh
(DNS) dns-fwd-brute.sh
(SMB) vuln-scan.sh
(SMB) samba-checker.sh
(SMTP) vrfy.py
(SNMP) mib-check.sh
>ZERODAY VULNERABILITIES EXPLAINED
2020-12 Solarwind supply chain
Link 🔗:-
https://refabr1k.gitbook.io/oscp
@GitBook_s
7 506
HackTheBox
>linux Machines
Easy
Medium
Hard
>Challenges
Web
Pwn
Link 🔗:-
https://ir0nstone.gitbook.io/hackthebox/
@GitBook_s
7 506
Security Knowledge Framework
Introduction
Auth Bypass
Auth Bypass - 1
Auth Bypass - 2
Auth-bypass-3
Auth-bypass-Simple
Client Side Restriction Bypass
Client Side Restriction Bypass - Harder
Client Side Template Injection (CSTI)
Command Injection (CMD)
Command Injection 2 (CMD-2)
Command Injection 3 (CMD-3)
Command Injection 4 (CMD-4)
Command Injection Blind (CMD-Blind)
Content-Security-Policy (CSP)
CORS exploitation
Credentials Guessing
Credentials Guessing - 2
Cross Site Scripting (XSS)
Cross Site Scripting - Attribute (XSS-Attribute)
Cross Site Scripting - href (XSS-href)
Cross Site Scripting - DOM (XSS- DOM)
Cross Site Scripting - DOM-2 (XSS- DOM-2)
Cross Site Scripting - Stored (XSS- Stored)
CSRF
CSRF - Samesite
CSRF - Weak
CSS Injection (CSSI)
Deserialisation Java (DES-Java)
Deserialisation Yaml (DES-Yaml)
Deserialisation Pickle (DES-Pickle)
Deserialisation Pickle 2 (DES-Pickle-2)
DoS Regex
File upload
Formula Injection
GraphQL DOS
GraphQL IDOR
GraphQL Injections
GraphQL Introspection
GraphQL Mutations
Host Header Injection
(Authentication Bypass)
HttpOnly Session Hijacking XSS
Information Leakeage in Comments
Information Leakeage in Metadata
Insecure Direct Object References (IDOR)
JWT Null
JWT Secret
Ldap Injection
Ldap Injection - harder
Local File Inclusion 1 (LFI-1)
Local File Inclusion 2 (LFI-2)
Local File Inclusion 3 (LFI-3)
Parameter Binding
Prototype Pollution
Race Condition
Race Condition File-Write
Ratelimiting (Brute-force login)
Remote File Inclusion (RFI)
Right To Left Override (RTLO)
Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
Session Hijacking XSS
Session Puzzling
Session Management 1
SQLI (Union)
SQLI Login Bypass
SQLI (Like)
SQLI (Blind)
TLS Downgrade
Untrusted Sources (XSSI)
URL Redirection
URL Redirection - Harder
URL Redirection - Harder-2
WebSocket Message Manipulation
XML External Entity (XXE)
Exposed docker daemon
template item
Link 🔗:-
https://skf.gitbook.io/asvs-write-ups/
@GitBook_s
7 506
AppSec
Overview
Write Ups Compilations/Resources
main Resources
Labs
>Cross Site Request Forgery
> Missing Access Controls
>LFI
>XXE
>Injection
Command Injection
Server Side Template Injection
SQL Injection
>SSRF
>Unvalidated Redirects and Forwards
>Verbose Error messages and Stack Traces
Link 🔗:-
https://evanluke.gitbook.io/appsec
@GitBook_s
7 506
Leet Sheet
>Reconnaissance
Automated Reconnaissance
Domains
Scour the Web
Metadata
>Web App Hacking
Enumeration
User Attacks
Database Attacks
Server Attacks
DNS Attacks
Cloud Attacks
Interesting Outdated Attacks
>Network Hacking
General Enumeration
RPC
LDAP
SMB
SNMP
WMI
SSH
Kerberos
NTLM
Man-in-the-Middle
WinRM
>Post Exploitation
Windows
Linux
Docker Container
General
>Various
CVEs
SSH Agent Hijacking
Password Cracking
Cryptography
Non-Hacking
Malware
Forensics
>Binary Exploitation
Base Knowledge
Format Strings Exploits
Stack Smashing
Heap Exploits
Time-of-Check to Time-of-Use
Shellcode
Decompilation
Debugging
Exploit Mitigations and Protections
Exploit Protection Bypassing
Passing Input
Fuzzing
Automatic Exploitation
>phisical security
Mechanical Locks
Electronic Locks
Other Attacks
Destructive Entry
Elevator Attacks
>Social Engineering
Phishing
Link 🔗:-
https://heinosass.gitbook.io/leet-sheet
@GitBook_s
7 506
AWS CCP Notes by Karan Singh
>The Absolute Basics
>IAM
>EC2
>ELB & ASG
>S3
>Dtabase/Analytics
>Analytics
>Other Cumputing Services
>Development & Provisioning
>Content Delivery
>Communication and Step Function
>Monitoring
>VPC &Networking
>Shared Responsibility Model
>Security & Compliance
>Machine Learning
>Organizations
>Pricing
>Billing & Support
>Advanced Identity
>Architecting on the Cloud
Link 🔗:-
https://karansingh.gitbook.io/ccpnotes
@GitBook_s
7 506
wiki.hackerlab.cz
>Web Pentesting
HTTP Request Smuggling
SSTI
Insecure Deserialization
Brute Force
Shell Fu - onliners
CORS
Special Chars & NULL Bytes
XSS
XEE
SQL Injection
Blind SQL Injection
SQLmap
NoSQL Injection
CRLF Injection
Input Validation - Fuzz1
HTTP Headers - X-Forwarded
Log4j
Enumeration with Wordlists
Bug Bounty - Web Recon
HTTP Proxy Override
CSV Injection
Windows Forbiden File Name
Path Traversal
OS Command Injection
Open Redirect
JWT Token
Upload RCE
GUID and UUIDs
>Toolset
Git - Repo and Tools
Docker for Pentesters
>Infrastructure Pentesting
Windows Post Exploitation
Dump File Analysis
Active Directory
NFS Enumration
>Other Pentest Project
Security Projects
>Wifi Pentesting
Kali Linux - Alpha card AWUS 1900(VirtualBox)
Active Card & Monitor Mode
Aircrack-ng Suite
Certs
>Linux
Network Manager
>Books
The Hacker Playbook 3
Link 🔗:-
https://hackerlab.gitbook.io/wiki.hackerlab.cz/
@GitBook_s
7 506
Go Notebook
Syntax Helpers
Idioms
Design Patterns
Hello World
Tic Tac Toe
HTTP Server
Concurrency
WebSocket Server
User Authentication
Numerical Computing
Link 🔗:-
https://calvinfeng.gitbook.io/gonotebook
@GitBook_s
7 506
Hive
>Recon
Passive(OSINT)
Active
Web Recon
Firewall Evasion
>Web Attack
Server Side
Client Side
>Network Attacks
Network Services
Network Devices
MITM & Poisoning
Wireless Attacks
Sniffing
Denial of Service
>Red Team
Windows
Active Directory
Linux
Command & Control (C2)
Shells & Payloads
Payload Delivery
Pivoiting
Exfiltration/File Transfer
Password Attacks
Defense Evasion
>Malvare Development
Evasion Concepts primer
Shellcode Placement
Shellcode Encoding & Encryption
Binary Properties & Code Signing
Code Obfuscation
>Blue Team
Treat Modeling/Hunting/Intelligence
Linux Hardening
Security Architecture
>Purple Teaming
Adversary Emulation
>Programing
C Programing
Assembly (NASM)
>Miscellaneous
GNU Screen/tmux
SSH Tricks
Cats
Curl
Cross-compilling Binaries
Link 🔗:-
https://7h3w4lk3r.gitbook.io/the-hive
@GitBook_s
