ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 497
订阅者
+524 小时
+577
+19730
帖子存档
FREE Labs To Test Your PenTesting/CTF Skills 1. TryHackMe - http://tryhackme.com 2. Vulnhub - http://vulnhub.com 3. RootMe - http://root-me.org 4. OverTheWire - http://overthewire.org 5. PicoCTF - http://picoctf.com 6. Pentestlab - http://pentesterslab.com 7. Google CTF - http://capturetheflag.withgoogle.com 8. CMD Challenge - http://cmdchallenge.com 9. HackTheBox - http://hackthebox.com 10. Hacker Security - http://capturetheflag.com.br 11. CTF Komodo Security - http://ctf.komodosec.com 12. Academy Hackaflag BR - http://hackaflag.com.br 13. Attack-Defense - http://attackdefense.com 14. Hacker101 - http://ctf.hacker101.com @GitBook_s

📦 Red Team Attack Lab. • Link to a repository, which is a virtual environment with various operating systems and vulnerabilities for Red Team practice. You can find it here: https://github.com/Marshall-Hallenbeck/red_team_attack_lab • A complete list of OS can be found here. The material will be very useful for Red Team, Blue Team, pentesters and information security specialists. @GitBook_s

Want to improve your xss skills? Check out this awesome lab: http://prompt.ml/0 @GitBook_s

𝗛𝗢𝗪 𝗧𝗢 𝗛𝗨𝗡𝗧 >Account Takeover Methodology >Application Level DoS Methods >AUTHENTICATION BYPASS •2FA Bypasses •OTP Bypass >BROKEN-LINK HIJACKING >BROKEN AUTH AND SESSION MANAGEMENT •Session Based Bugs >CMS •Wordpress •Moodle >CORS >CSRF >Finding CVEs >CHECKLIST >WEB PAGE SOURCE CODE REVIEW >EXIF GEO DATA NOT STRIPPED >EXIF Geo Data Not Stripped >FILE UPLOAD BYPASS >FIND ORIGIN IP >GRAPHQL >HTTP DESYNC ATTACK >HOST-HEADER ATTACK >HTML-INJECTION >IDOR >JWT ATTACK >MFA Bypass >MISCONFIGURATIONS >OAuth >OPEN REDIRECTION >PARAMETER POLLUTION >PASSWORD RESET FUNCTIONALITY >RATE LIMIT >RECON >SQLI >SSRF >SSTI >SIGN UP FUNCTIONALITY >SENSITIVE INFO LEAKS >STATUS CODE BYPASS >SUBDOMAIN TAKEOVER >TABNABBING >WAF BYPASSES >WEAK PASSWORD POLICY >XSS >XXE Link 🔗:- https://kathan19.gitbook.io/howtohunt @GitBook_s

𝗕𝗟𝗢𝗢𝗗𝗬𝗦𝗛𝗘𝗟𝗟 >Android Pentesting •Bypass SSL Pinning for flutter apps using reFlutter Framework •Easy way to bypass SSL Pinning using apk-mitm tool >HTB •Nunchucks •BountyHunter •Lame •Bashed •Netmon •Seal •Intelligence •Bastard >TryHackMe •Attacktive Directory >Offensive Lab •FunboxEasyEnum •BBSCute >Capture The Flag (CTF) •Binary Exploitation •Steganography •Cryptography •Forensics - HTB >Active Directory •HTB-Mantis (Hard) >Window Privilege Escalation >Linux Privilege Escalation >Buffer Overflow >Cloud Pentesting •Pentesting Azure Active Directory >Web Exploitation •Attacking JSON Web Token Link 🔗:- https://l33t-en0ugh.gitbook.io/infosec @GitBook_s

ZedSec WriteUps >PROJECTS Security Library >SECURITY OPERATIONS Cyber Kill Chain Interview Questions >TOOLS NMAP >WRITE-UPS Blue Team Labs Online HackTheBox LetsDefend TryHackMe Kusto Detective Agency Link 🔗:- https://zedsec.gitbook.io/writeups/ @GitBook_s

CSbyGB - Pentips >Networking, Protocols and Network Pentest >Ethical Hacking - General Methodology >External Pentest >Web Pentesting >Mobile App Pentest >Wireless Pentest >Cloud Pentest >Thick Client Pentest >Hardware Pentest >Secure Code review >Checklist >Tools >VM and Labs >Linux >Windows >Programing >Binary Exploitation >OSINT >Pentester Hardware Toolbox >Post Exploitation >Reporting >Redteam >WriteUps >Digital Skills How to Make a Gitbook >Projects >Talks >Resorces Link 🔗:- https://csbygb.gitbook.io/pentips/cs-by-gb-pentips/readme @GitBook_s

𝗛𝗼𝘂𝘀𝗲𝗛𝗼𝗹𝗱 𝗢𝗦𝗜𝗡𝗧 🎩 •Software Search •Search photos and images •Search engines by faces •Search music •Book Search •Search for audiobooks •File Search Tools •Search for cars and their owners •Search on the Web Link 🔗:- https://gitbook.osint-mindset.com/everyday-osint @GitBook_s

/dev/log for snowcrash Link 🔗:- https://hackmd.io/@nszl/HkBURYmWT @GitBook_s

This project is an introduction to computer security. Snow Crash will make you discover security in various sub-domains, with a developer-oriented approach. You will become familiar with several languages (ASM/perl/php…), develop a certain logic to understand unknown programs, and become aware of problems linked to simple programming errors. Link 🔗:- https://github.com/maxisimo/42-Snow-Crash @GitBook_s

Snow-Crash a security related CTF Link 🔗:- https://suddin.gitbook.io/snow-crash @GitBook_s

𝗠𝗧-𝗦𝗲𝗰 >PROJECTS •DevSecOps •AI >HACKING LABS & GOATS •Node Goat •Port Swigger Web Security Academy •OWASP Juiceshop •HTB •Kubernetes Goat >APPSEC NOTES •Application Security Foundations Level 1 •Secure Coding •Application Security Foundations Level 2 >INFOSEC TALKS Link 🔗:- https://bemycatalyst.notion.site/MT_Sec-9aa23c69ca2a4ebb880961d39f669948 @GitBook_s

𝗚𝗛𝗢𝗦𝗧𝗣𝗔𝗖𝗞 GhostPack is a collection of security-related tools written in C#. •Rubeus •Seatbelt •SharpDPAPI •SharpWMI •KeeThief •Lockless •SharpUp •SafetyKatz •SharpDump •SharpRoast Link 🔗:- https://specterops.gitbook.io/ghostpack @GitBook_s

OSCP 2022 Materials GENERAL Whoami Resources Frequently Asked Questions Shared Resource ENUMERATION Foreword FTP SMTP DNS Finger HTTP/HTTPS Kerberos POP3 SMB IMAP SNMP IRC RSync MSSQL NFS REDIS Port Forwarding >LINUX POST EXPLOITATION Post Exploit Checks Pivoting (ProxyChains) >WINDOWS POST EXPLOITATION Post Exploit Checks Active Directory (Recon → PE) Notes >BUFFER OVERFLOW Hackthebox TryHackMe >MOBILE PENTESTING Android Pentesting >MISC Useful Web Linux Application Specific Programming Notes for Offensive Security Forensics Inspection Troubleshooting Link 🔗:- https://dhaneshsivasamy07.gitbook.io/oscp-2022/general/whoami @GitBook_s

Practice Web App Pentesting Legally Here, http://www.vulnweb.com/

Resources For Pentesting Carlos PoLop Pentesting Project About the author Getting Started in Hacking Pentesting Methodology External Recon Methodology Phishing Methodology Exfiltration Tunneling and Port Forwarding Brute Force - CheatSheet Search Exploits >SHELLS Shells (Linux, Windows, MSFVenom) >LINUX/UNIX Checklist - Linux Privilege Escalation Linux Privilege Escalation Useful Linux Commands Linux Environment Variables >WINDOWS Checklist - Local Windows Privilege Escalation Windows Local Privilege Escalation Active Directory Methodology NTLM Stealing Credentials Authentication, Credentials, UAC and EFS Basic CMD for Pentesters Basic PowerShell for Pentesters AV Bypass >MOBILE APPS PENTESTING Android APK Checklist Android Applications Pentesting iOS Pentesting Checklist iOS Pentesting >PENTESTING Pentesting Network Pentesting JDWP - Java Debug Wire Protocol Pentesting Printers Pentesting SAP Pentesting Kubernetes 7/tcp/udp - Pentesting Echo 21 - Pentesting FTP 22 - Pentesting SSH/SFTP 23-Pentesting Telnet 25,465,587 - Pentesting SMTP/s 43 - Pentesting WHOIS 53 - Pentesting DNS ... >PENTESTING WEB 2FA/OTP Bypass Abusing hop-by-hop headers Bypass Payment Process Captcha Bypass Cache Poisoning and Cache Deception Clickjacking Client Side Template Injection (CSTI) Command Injection Content Security Policy (CSP) Bypass Cookies Hacking CORS - Misconfigurations & Bypass CRLF (%0D%0A) Injection Cross-site WebSocket hijacking (CSWSH) CSRF (Cross Site Request Forgery) Dangling Markup - HTML scriptless injection Deserialization Domain/Subdomain takeover Email Header Injection File Inclusion/Path traversal File Upload Formula Injection HTTP Request Smuggling / HTTP Desync Attack H2C Smuggling IDOR JWT Vulnerabilities (Json Web Tokens) NoSQL injection LDAP Injection OAuth to Account takeover Open Redirect Parameter Pollution PostMessage Vulnerabilities Race Condition Rate Limit Bypass Regular expression Denial of Service - ReDoS Reset/Forgotten Password Bypass SQL Injection SSRF (Server Side Request Forgery) SSTI (Server Side Template Injection) Reverse Tab Nabbing Unicode Normalization vulnerability Web Tool - WFuzz XPATH injection XSLT Server Side Injection (Extensible Stylesheet Language Transformations) XSS (Cross Site Scripting) XSSI (Cross-Site Script Inclusion) XS-Search >CLOUD SECURITY Cloud security review AWS Security >FORENSICS Basic Forensic Methodology >PHYSICAL ATTACKS Physical Attacks Escaping from KIOSKS >REVERSING Common API used in Malware Reversing Tools Cryptographic/Compression Algorithms Word Macros >EXPLOITING Linux Exploiting (Basic) (SPA) Exploiting Tools Windows Exploiting (Basic Guide - OSCP lvl) >CRYPTO Certificates Electronic Code Book (ECB) Cipher Block Chaining CBC-MAC Padding Oracle RC4 - Encrypt&Decrypt Crypto CTFs Tricks >BACKDOORS Merlin Empire Salseo ICMPsh >STEGO Stego Tricks Esoteric languages >MISC Basic Python Other Big References >TODO More Tools MISC Pentesting DNS Burp Suite Other Web Tricks Interesting HTTP Emails Vulnerabilities Android Forensics TR-069 6881/udp - Pentesting BitTorrent CTF Write-ups 1911 - Pentesting fox Online Platforms with API Stealing Sensitive Information Disclosure from a Web Link 🔗:- https://chinnidiwakar.gitbook.io/githubimport/about-the-author @GitBook_s