ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 497
订阅者
+524 小时
+577
+19730
帖子存档
Methodology Bullet Proof Strategy >Enumeration >Exploitation >Privilege Escalation Elevated Post Exploitation >Active Directory >Walkthroughs Cert Pictures :) >Python Lessons Bash Lessons >C# Programming Link 🔗:- https://lyethar.gitbook.io/methodology @GitBook_s

OWASP MASTG >OVERVIEW >GENERAL MOBILE APP TESTING GUIDE >ANDROID TESTING GUIDE >IOS TESTING GUIDE >APPENDIX Link 🔗:- https://mobile-security.gitbook.io/mobile-security-testing-guide @GitBook_s

UBG Hacking Team About UBG >Site Contributors >CTF Writeups >Blog Posts >Attacks Detection >MISC. Link 🔗:- notes.ubg-hacking.team @GitBook_s

𝗣𝗘𝗡𝗧𝗘𝗦𝗧𝗜𝗡𝗚 𝗡𝗢𝗧𝗘𝗦 📚 >Active Directory   •Initial Access   •Internal Enumeration & Lateral Movement   •Privilege Escalation to Domain Admin using Known Exploits   •Domain Trusts >Privilege Escalation   •Linux Privilege Escalation   •Windows Privilege Escalation >Protocols and Services   •DNS/FTP/IMAP   •IPMI/MSSQL   •MySQL/NFS   •Oracle TNS   •POP3/RDP   •SMB   •SMTP/SNMP >Fuzzing >Information Gathering >Utilities, Scripts and Payloads   •Shells and Payloads   •Metasploit Framework   •File Transfers   •Pivoting, Tunneling, Port Forwarding   •Password Attacks >Web Applications Attacks   •File Uploads   •HTTP Verb Tampering   •Insecure Direct Object References (IDOR)   •Local File Inclusion (LFI)   •Remote File Inclusion (RFI)   •OS Command Injection   •Cross Site Scripting (XSS)   •SQL Injection   •XML External Entities (XXE) >Web Application Technologies   •Drupal   •Gitlab   •CGI Applications   •Jenkins   •Joomla   •Microsoft IIS   •osTicket   •PRTG Network Monitor   •Splunk   •Tomcat   •WordPress Link 🔗:- https://sfoffo.gitbook.io/sfoffo-pentesting-notes @GitBook_s

coffeetohack Introduction Methodology >Cheatsheet >Framework/Application >Windows PrivEsc >Linux PrivEsc >Buffer Overflow Initial Shell Exploits Privesc Exploits Cisco Packet Tracer >Active Directory OSINT Link 🔗:- https://coffeetohack.gitbook.io/coffeetohack @GitBook_s

The Open League hackathon ▪️TON Foundation Launches The Open League Hackathon: A fast-track entry into the Open League with over $150 million in rewards and various incentives for users. ▪️Hackathon runs from April to June and its prize fund is 2 million dollars. ▪️Participants build new applications and use cases for the Web3 world, including GameFi and Web3 social networks, DeFi and e-commerce on TON and Telegram. Why participate in this hackathon? 2 million dollar prize fund. ▪️Fast track to participate in The Open League with 50,000 Toncoin support to boost your token cash pool. The best projects can receive financial assistance from the $500,000 fund provided by TON Ventures. ▪️An opportunity to meet TON Foundation members and TON Venture Fund Managers during Gateway in Dubai. Projects participating in the Open League pilot season have seen triple-digit growth in the number of active users, token holders, market capitalization, and transaction volume on the TON decentralized exchange. This is while only 1 million Toncoins were allocated for the trial season. In the next season, the rewards will increase 30 times: 30 million Toncoin rewards for 3 months. Can you and your team win the competition? It's time to build in TON! Register now! https://dorahacks.io/hackathon/the-open-league-hackathon/detail

jesusgavancho - Writeups The Great Escape Lookback Outlook NTLM Leak Year of the Fox PS Eclipse Eavesdropper Tony the Tiger Intro to Offensive Security MD2PDF Content Security Policy Agent T Introduction to Flask Atlas Bugged Sigma Intro to Cloud Security Holo CCT2019 Opacity Empline Phishing Emails 5 BlueTeam Tempest hackerNote Watcher CMesS HA Joker CTF OWASP Top 10 2021 Metasploit Oh My WebServer Road Anonymous Ollie Training for New Analyst Tokyo Ghoul Dependency Management KoTH Food CTF Android Malware Analysis Intro To Pwntools AD Certificate Templates CVE 2022 26923 Basic Static Analysis Introduction To Honeypots Intro to Pipeline Automation Intro to Containerisation ARP Spoofing Mindgames Brute Force Heroes SQLMAP Insekube TakeOver Boiler CTF GoldenEye Splunk 3 Tempus Fugit Durius Warzone 1 OWASP API Security Top 10 2 Temple AllSignsPoint2Pwnage OWASP API Security Top 10 1 Secret Recipe NoNameCTF Binex Jack Tactical Detection Jurassic Park DX1 Liberty Island Brute Biblioteca Napping Kubernetes for Everyone Oday Osiris Set NoSQL injection Basics Warzone 2 Atlassian, CVE 2022 26134 Jason VulnNet: Roasted VulnNet Internal VulnNet Node Brooklyn Nine Nine Thompson The Cod Caper Neighbour ColddBox Easy Library All in One Poster Gallery Cat Pictures Boogeyman 1 Corridor Team Ra 2 Advent of Cyber 2022 Bookstore Intro to Malware Analysis TheHive Project Velociraptor KAPE Lunizz CTF Linux Forensics DFIR An Introduction Benign Cyborg Year of the rabbit Blaster Easy Peasy Couch Chocolate Factory REmux The Tmux Spring4Shell Dirty Pipe OverlayFS Pwnkit CTF collection Vol.2 Gotta Catch'em All! Break Out The Cage Bolt Source AttackerKB Intro to Defensive Security Careers in Cyber OSI Model Packets&Frames Extending Your Network How websites work Putting it all together Operating System Security Network Security Security Operations Network Services Network Services 2 Active Directory Basics Attacking Kerberos Subdomain Enumeration Authentication Bypass IDOR File Inclusion Masterminds SSRF Command Injection Cross site Scripting Burp Suite Extender Burp Suite Intruder Surfer Willow Conti Unattended Tardigrade Link 🔗:- https://jesusgavancho.gitbook.io/writeups/ @GitBook_s

𝗥𝗘𝗩𝗘𝗥𝗦𝗘 𝗘𝗡𝗚𝗜𝗡𝗘𝗘𝗥𝗜𝗡𝗚 𝗙𝗢𝗥 𝗘𝗩𝗘𝗥𝗬𝗢𝗡𝗘 >x86 Course •x86 Basic Architecture •Assmebly Intro •Types of Malware •Registers •Stack •Heap •ASM Programming/Debugging/Hacking >ARM-32 Course 1 •Program Counter •Pointer •Firmware •ADDS/ADC/SUB >ARM-32 Course 2 •Procedures •Constants •Variables •Operators >x64 Course •Boolean Logics •SHL/SHR/ROL/ROR Instructions •Boot Sector •x86 Assembly •C++ Code/Debug/Hacking >ARM-64 Course •Debugging Basic I/O •Hacking Basic I/O •Character Primitive Datatype •Float Primitive Datatype •Double Primitive Datatype >Pico Hacking Course •Debugging/Hacking char •Debugging/Hacking int float •Debugging/Hacking double Link 🔗:- https://0xinfection.github.io/reversing/ @GitBook_s

Offsec Journey >LEARNING RESOURCES >RECONNAISANCE >RESOURCE DEVELOPMENT >INITIAL ACCESS >HOST TRIAGE >INTERNAL RECONNAISSANCE >DEFENSE EVASION >PRIVILEGE ESCALATION >LATERAL MOVEMENT >PERSISTENCE >LINUX >KALI LINUX FU >SCANNING & ENUMERATION >WEB APP VULNERABILITIES >API PENTESTING >PROGRAMMING >MAINTAINING ACCESS >CLOUD SECURITY PENTEST >BLUE TEAM >REVERSE ENGINEERING >HOME LAB PROJECT >EXFILTRATION >WIRELESS PENTESTING Link 🔗:- https://notes.offsec-journey.com/maintaining-access/reference @GitBook_s

Zeyu's Infosec Blog CTF Writeups Playground OSCP >2023 DEF CON 31 CTF && Midnight Sun CTF Finals 2023 From XS-Leaks to SS-Leaks Using object Regular Expressions Are Hard ReadiumJS Cloud Reader - Everybody Gets an XSS! >2022 HTTP Request Smuggling in the Multiverse of Parsing Flaws Hosting a CTF - SEETF 2022 Organizational and Infrastructure Review Link 🔗:- https://infosec.zeyu2001.com/ @GitBook_s

CyberSec Wikimandine >TRYHACKME >IN PROGRESS >PORTS SCANNING & HOSTS DISCOVERY >COMMON SERVICES >PRIVILEGE ESCALATION >BOF >REVERSE SHELL >ACTIVE DIRECTORY >DICTIONARY ATTACK & SPRAYING >WEB TECHNOLOGIES >MISCELLANEOUS >C2 FRAMEWORK >WIRELESS >API >OSINT >EXTERNAL >WEB APPLICATION >PHISHING >RED TEAMING >WIRESHARK >CLOUD >SCRIPTING & PROGRAMMING >FRAMEWORKS >INTERNAL >AWS Link 🔗:- https://amandinegh.gitbook.io/cyberadventure/ @GitBook_s

👨‍💻 Linux for Hackers. File Transfers. Downloading Files from Attacker’s HTTP Server; - Setting up the HTTP Server on the Attacker Machine; - Downloading Files from Attacker’s HTTP Server: Curl, Wget, and Bash; Uploading Files to Attacker’s HTTP Server; - Setting up the HTTP Server to Allow Uploads on the Attacker Machine; - Uploading Files to Attacker’s HTTP Server: Curl and Wget; - Uploading Files to Attacker’s HTTP Server: Browser (GUI); Downloading Files from Attacker’s FTP Server; - Setting up the FTP Server on the Attacker Machine; - Downloading Files from Attacker’s FTP Server; Uploading Files to Attacker’s FTP Server; Transferring Files from Attacker Using SSH; - Transferring Files onto Victim: scp; - Transferring Files onto Victim: sftp; Transferring Files onto Attacker Using SSH; - Transferring Files onto Attacker: scp; - Transferring Files onto Attacker: sftp; Transferring Files from Attacker Using Netcat; - Transferring Files from Attacker: nc; - Transferring Files from Attacker: bash; Transferring Files onto Attacker Using Netcat; - Transferring Files onto Attacker: nc; - Transferring Files onto Attacker: bash; Downloading and Uploading Files Using Meterpreter; - Upgrading to a Meterpreter Shell: Web_Delivery Method; - Downloading Files onto the Victim Using Meterpreter; - Uploading Files from the Victim Using Meterpreter; Copy and Paste – cat; - Copying a Script from Attacker and Pasting on Victim; - Copying a File from Victim and Pasting on Attacker. @GitBook_s

🌍 Top 10 web hacking techniques of 2023.. • Nomination - top 10 best web hacking methods in 2023. Each article deserves attention: - Ransacking your password reset tokens; - mTLS: When certificate authentication is done wrong; - Smashing the state machine: the true potential of web race conditions; - Bypass firewalls with of-CORs and typo-squatting; - RCE via LDAP truncation on hg.mozilla.org; - Cookie Bugs - Smuggling & Injection; - OAuth 2.0 Redirect URI Validation Falls Short, Literally; - Prototype Pollution in Python; - Pretalx Vulnerabilities: How to get accepted at every conference; - From Akamai to F5 to NTLM... with love; - can I speak to your manager? hacking root EPP servers to take control of zones; - Blind CSS Exfiltration: exfiltrate unknown web pages; - Server-side prototype pollution: Black-box detection without the DoS; - Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari; - HTML Over the Wire; - SMTP Smuggling - Spoofing E-Mails Worldwide; - DOM-based race condition: racing in the browser for fun; - You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities; - CVE-2022-4908: SOP bypass in Chrome using Navigation API; - SSO Gadgets: Escalate (Self-)XSS to ATO; - Three New Attacks Against JSON Web Tokens; - Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix; - PHP filter chains: file read from error-based oracle; - SSRF Cross Protocol Redirect Bypass; - A New Vector For “Dirty” Arbitrary File Write to RCE; - How I Hacked Microsoft Teams and got $150,000 in Pwn2Own; - AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice; - BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover; - MyBB Admin Panel RCE CVE-2023-41362; - Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity; - Code Vulnerabilities Put Skiff Emails at Riskr; - How to break SAML if I have paws? - JMX Exploitation Revisited; - Java Exploitation Restrictions in Modern JDK Times; - Exploiting Hardened .NET Deserialization; - Unserializable, but unreachable: Remote code execution on vBulletin; - Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework; - Hunting for Nginx Alias Traversals in the wild; - DNS Analyzer - Finding DNS vulnerabilities with Burp Suite; - Oh-Auth - Abusing OAuth to take over millions of accounts; - nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover; - One Scheme to Rule Them All: OAuth Account Takeover; - Exploiting HTTP Parsers Inconsistencies; - New ways of breaking app-integrated LLMs; - State of DNS Rebinding in 2023; - Fileless Remote Code Execution on Juniper Firewalls; - Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure! - Metamask Snaps: Playing in the Sand; - Uncovering a crazy privilege escalation from Chrome extensions; - Code Vulnerabilities Put Proton Mails at Risk; - Hacking into gRPC-Web; - Yelp ATO via XSS + Cookie Bridge; - HTTP Request Splitting vulnerabilities exploitation; - XSS in GMAIL Dynamic Email; - Azure B2C Crypto Misuse and Account Compromise; - Compromising F5 BIGIP with Request Smuggling; - One Supply Chain Attack to Rule Them All; - Cookie Crumbles: Breaking and Fixing Web Session Integrity; - tRPC Security Research: Hunting for Vulnerabilities in Modern APIs; - From an Innocent Client-Side Path Traversal to Account Takeover. @GitBook_s

Best of Python Pentest Cheatsheet @GitBook_s
Best of Python Pentest Cheatsheet @GitBook_s