ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 493
订阅者
+524 小时
+577
+19730
帖子存档
👩‍💻 Attacking Android. 🟢ContentProvider Management in Android Applications; 🟢Protecting Exported Services with Strong Permissions in Android; 🟢Protecting Against Directory Traversal Vulnerabilities in Android; 🟢Preventing Unauthorized Access to Sensitive Activities in Android; 🟢Avoid Storing Sensitive Information on External Storage (SD Card) Without Encryption; 🟢Logging Sensitive Information in Android; 🟢Securing Sensitive Data in Android; 🟢Cache; 🟢Do not use world readable or writeable to share files between apps; 🟢Do not broadcast sensitive information using an implicit intent; 🟢Do not allow WebView to access sensitive local resource through file scheme 🟢WebView Security Concerns; 🟢Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)Noncompliant Code Example; 🟢Enable serialization compatibility during class evolution; 🟢Do not deviate from the proper signatures of serialization methods; 🟢Exclude unsanitized user input from format strings; 🟢Sanitize untrusted data included in a regular expression; 🟢Define wrappers around native methods; 🟢Do not allow exceptions to expose sensitive information; 🟢Do not encode noncharacter data as a string; 🟢Do not release apps that are debuggable; 🟢Consider privacy concerns when using Geolocation API; 🟢Properly verify server certificate on SSL/TLS; 🟢Specify permissions when creating files via the NDK.

👨‍💻 Instant Workstation. • One of the many services for launching the OS directly in the browser. Linux, BSD, Haiku, Redox, TempleOS and Quantix are available for use. ➡️ https://instantworkstation.com/virtual-machines

𝗧𝗛𝗘 𝗕𝗘𝗦𝗧 𝗖𝗛𝗥𝗢𝗠𝗘 𝗘𝗫𝗧𝗘𝗡𝗦𝗜𝗢𝗡𝗦 𝗙𝗢𝗥 𝗢𝗦𝗜𝗡𝗧 𝗣𝗥𝗢𝗙𝗘𝗦𝗦𝗜𝗢𝗡𝗔𝗟𝗦, 𝗥𝗘𝗦𝗘𝗔𝗥𝗖𝗛𝗘𝗥𝗦 Below, you will find an updated list of extensions that OSINT professionals, researchers and journalists can use to enhance their ability to find, organise and use open source information. While we have checked and validated every extension in the list, remember to exercise caution when adding extensions to your browser. Link 🔗:- https://osinttelegraph.com/best-chrome-extensions-for-osint/ @GitBook_s

The Art of Data Exfiltration

usefull osint bots 1. @phonenumberinformation_bot 2. @Quick_osintik_bot 3. @UniversalSearchRobot 4. @search_himera_bot 5. @Solaris_Search_Bot 6. @Zernerda_bot 7. @t_sys_bot 8. @OSINTInfoRobot 9. @LBSE_bot 10. @SovaAppBot 11. @poiskorcombot 12. @SEARCHUA_bot 13. @helper_inform_bot 14. @infobazaa_bot 15. @declassified_bot 16. @GHack_search_bot 17. @osint_databot 18. @Informator_BelBot 19. @HowToFindRU_Robot 20. @SEARCH2UA_bot 21. @UsersSearchBot 22. @BITCOlN_BOT 23. @ce_poshuk_bot 24. @BlackatSearchBot 25. @dataisbot 26. @n3fm4xw2rwbot 27. @cybersecdata_bot 28. @safe_search_bot 29. @getcontact_real_bot 30. @PhoneLeaks_bot 31. @useridinfobot 32. @mailcat_s_bot 33. @last4mailbot 34. @holehe_s_bot 35. @bmi_np_bot 36. @clerkinfobot 37. @kolibri_osint_bot 38. @getcontact_premium_bot 39. @phone_avito_bot 40. @pyth1a_0racle_bot 41. @olx_phone_bot 42. @ap_pars_bot 43. @SPOwnerBot 44. @regdatebot 45. @ibhldr_bot 46. @TgAnalyst_bot 47. @cryptoscanning_bot 48. @LinkCreatorBot 49. @telesint_bot 50. @Checknumb_bot 51. @TelpoiskBot_bot 52. @TgDeanonymizer_bot 53. @protestchat_bot 54. @locatortlrm_bot 55. @GetCont_bot 56. @usinfobot 57. @SangMataInfo_bot 58. @creationdatebot 59. @tgscanrobot 60. @InfoVkUser_bot 61. @getfb_bot 62. @GetOK2bot 63. @VKHistoryRobot 64. @detectiva_robot 65. @FindNameVk_bot 66. @vk2017robot 67. @AgentFNS_bot 68. @OpenDataUABot 69. @egrul_bot 70. @Bumz639bot 71. @ogrn_bot 72. @ShtrafKZBot 73. @egrnrobot 74. @VipiskaEGRNbot 75. @Search_firm_bot 76. @geomacbot 77. @pwIPbot 78. @ipscorebot 79. @ip_score_checker_bot 80. @FakeSMI_bot 81. @ipinfo_check_bot 82. @Search_IPbot 83. @WhoisDomBot 84. @vimebasebot 85. @maigret_osint_bot 86. @PasswordSearchBot 87. @ddg_stresser_bot 88. @BotAvinfo_bot 89. @reverseSearch2Bot 90. @pimeyesbot 91. @findfacerobot 92. @CarPlatesUkraineBot 93. @nomerogrambot 94. @ShtrafyPDRbot 95. @cerbersearch_bot 96. @EraOfHacking

pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. In martial arts terms, it is designed to take a “white belt” in cybersecurity through the journey to becoming a “blue belt”, able to approach (simple) cybersecurity competitions (CTFs) and wargames. Our philosophy is “practice makes perfect”. pwn.college

https://t.me/cexio_tap_bot?start=1717502230280560 CEXP tokens farming major upgrade! Two is better than one! Join my squad, and let's double the fun (and earnings 🤑)! CEX.IO Power Tap! 🚀

What's mean this. From morning happened
What's mean this. From morning happened

👨‍💻 OSCP Cheat Sheet. • Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP). - Basics; - Information Gathering; - Vulnerability Analysis; - Web Application Analysis; - Database Assessment; - Password Attacks; - Exploitation Tools; - Post Exploitation; - Exploit Databases; - CVEs; - Payloads; - Wordlists; - Social Media Resources; - Commands.

Python for AWAE (Advanced Web Attacks and Exploitation) Quick notes about: - os module - urllib/urlib2 - requests - lxml - Be
Python for AWAE (Advanced Web Attacks and Exploitation) Quick notes about: - os module - urllib/urlib2 - requests - lxml - BeautifulSoup and other #python packages. https://github.com/shreyaschavhan/python-for-awae Contributor twitter.com/shreyas_chavhan