Bug Bounty - GitBook
Open in Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Show more7 503
Subscribers
+924 hours
+517 days
+19930 days
Posts Archive
7 503
šš”š¦ššš ššš”šØš« ššš„š”šš
>Booting
ā¢From bootloader to kernel
ā¢First steps in the kernel setup code
ā¢Video mode initialization and transition to protected mode
ā¢Transition to 64-bit mode
ā¢Kernel decompression
ā¢Kernel load address randomization
>Initialization
ā¢First steps in the kernel
ā¢Early interrupts handler
ā¢Last preparations before the kernel entry point
ā¢Continue architecture-specific boot-time initializations
ā¢Architecture-specific initializations, again...
ā¢End of the architecture-specific initializations, almost...
ā¢Scheduler initialization
ā¢RCU initialization
ā¢End of initialization
>Interrupts
ā¢Start to dive into interrupts
ā¢Interrupt handlers
ā¢Initialization of non-early interrupt gates
ā¢Implementation of some exception handlers
ā¢Handling Non-Maskable interrupts
ā¢Dive into external hardware interrupts
ā¢Initialization of external hardware interrupts structures
ā¢Softirq, Tasklets and Workqueues
>System calls
ā¢How the Linux kernel handles a system call
ā¢vsyscall and vDSO
ā¢Limits on resources in Linux
>Timers and time management
ā¢Clocksource framework
ā¢The tick broadcast framework and dyntick
ā¢Introduction to timers
ā¢Clockevents framework
ā¢x86 related clock sources
ā¢Time related system calls
>Synchronization primitives
ā¢Introduction to spinlocks
ā¢Queued spinlocks
ā¢Semaphores
ā¢Mutex
ā¢SeqLock
ā¢Reader/Writer semaphores
ā¢RCU
ā¢Lockdep
>Memory management
ā¢Memblock
ā¢Fixmaps and ioremap
ā¢kmemcheck
>Cgroups
>SMP
ā¢Per-CPU variables
ā¢Cpumasks
ā¢The initcall mechanism
ā¢Notification Chains
>Data Structures in the Linux Kernel
ā¢Doubly linked list
ā¢Radix tree
ā¢Bit arrays
>Theory
ā¢Paging
⢠Elf64
ā¢Inline assembly
ā¢CPUID
ā¢MSR
>Initial ram disk
ā¢initrd
>Misc
ā¢Linux kernel development
ā¢How the kernel is compiled
ā¢Linkers
ā¢Program startup process in userspace
ā¢Write and Submit your first Linux kernel Patch
ā¢Data types in the kernel
>KernelStructures
ā¢IDT
Link š:-
https://0xax.gitbooks.io/linux-insides/content/
@GitBook_s
7 503
šš£šš-šÆ šÆš¬šÆ šš²šæšš¶š³š¶š°š®šš¶š¼š» š¦ššš±š ššš¶š±š²
ā¢331.1 X.509 Certificates and Public Key Infrastructures
ā¢331.2 X.509 Certificates for Encryption, Signing and Authentication
ā¢331.3 Encrypted File Systems
ā¢331.4 DNS and Cryptography
ā¢332.1 Host Hardening
ā¢332.2 Host Intrusion Detection
ā¢332.3 Resource Control
ā¢333.1 Discretionary Access Control
ā¢333.2 Mandatory Access Control
ā¢334.1 Network Hardening
ā¢334.2 Network Intrusion Detection
ā¢334.3 Packet Filtering
ā¢334.4 Virtual Private Networks
ā¢335.1 Common Security Vulnerabilities and Threats
ā¢335.2 Penetration Testing
Link š:-
https://borosan.gitbook.io/lpic3-exam-guide/
@GitBook_s
7 503
šš¼š°šøš²šæ šš®š»š±šÆš¼š¼šø
ā¢Basic Concepts
ā¢Containerization History
ā¢Docker Containers
ā¢Docker Images
ā¢Docker Storage and volumes
ā¢Docker Networking
ā¢Docker Security
ā¢Docker Compose
ā¢Docker cheat sheet
ā¢Docker Compose cheat sheet
Link š:-
https://borosan.gitbook.io/docker-handbook
@GitBook_s
7 503
šššÆš²šæš»š²šš²š ššµš²š®š š¦šµš²š²š
ā¢Cluster Management
ā¢ConfigMaps
ā¢Daemonsets
ā¢Deployments
ā¢Events
ā¢Ingress
ā¢Labels
ā¢Logs
ā¢Manifest Files
ā¢Namespaces
ā¢Notes
ā¢Pods
ā¢Persistent Volume
ā¢Replication Controllers
ā¢StatefulSet
ā¢Secrets & Services
Link š:-
https://borosan.gitbook.io/kubernetes-cheat-sheet
@GitBook_s
7 503
šš¶š»š®šæš šš
š½š¹š¼š¶šš®šš¶š¼š» š”š¼šš²š
>Stack
ā¢ret2win
ā¢De Bruijn Sequences
ā¢Shellcode
ā¢NOPs
ā¢32- vs 64-bit
ā¢No eXecute
ā¢Return-Oriented Programming
ā¢Format String Bug
ā¢Stack Canaries
>Heap
ā¢Chunks
ā¢Malloc State
ā¢Heap Overflow
ā¢Use-After-Free
ā¢Double-Free
ā¢Unlink Exploit
>Kernel
ā¢Writing a Char Module
ā¢An Interactive Char Driver
ā¢Interactivity with IOCTL
>Browser Exploitation
ā¢CTF 2019 - oob-v8
ā¢picoCTF 2021 - Kit Engine
ā¢picoCTF 2021 - Download Horsepower
Link š:-
https://ir0nstone.gitbook.io/notes/
@GitBook_s
7 503
š š”š¼š¼šÆ'š ššš¶š±š² š§š¼ šš„š šš
š½š¹š¼š¶šš®šš¶š¼š»
ā¢Lab setup
ā¢Introduction to ARM
ā¢Introduction to stack buffer overflows
ā¢Introduction to ROP Chains
ā¢Invoking mprotect() using ROP Chains on ARM
ā¢Integer Overflows on ARM
ā¢Introduction to Heap Exploitation
ā¢Arming the Use-After-Free()
ā¢Double free() attacks on ARM
ā¢Introduction to ARM64
ā¢Stack-based buffer overflows on ARM64
ā¢ROP chains on ARM64
Link š:-
https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation/
@GitBook_s
7 503
šš²š®šæš» šš¢ šš®š»š“ šš¶ššµ š§š²ššš
ā¢Go Fundamentals
ā¢Installation
ā¢Hello, World
ā¢Integers
ā¢Iteration
ā¢Arrays and slices
ā¢Structs, methods & interfaces
ā¢Pointers & errors
ā¢Maps
ā¢Dependency Injection
ā¢Mocking
ā¢Concurrency
ā¢Testing Fundamentals
ā¢Building a application
Link š:-
https://quii.gitbook.io/learn-go-with-tests/testing-fundamentals/working-without-mocks
@GitBook_s
7 503
šŖšµš¼ššŗš šŖšæš¶šš²šš½
ā¢Web Cache Poisoning
ā¢Came looking for SSRF and found XSS
ā¢Phishing Attack using Machine Learning model
ā¢JWT Attacks
ā¢OAuth - Mechanism and Attacks
ā¢Upgrade plan from Free to Paid via Response Manipulation
ā¢XSS IN SOQL Console
ā¢Journey from Automated Discovery to Manual Exploitation
Link š:-
https://ibraradi.gitbook.io/write-up/
@GitBook_s
7 503
šš»š³š¼šš²š° šš¹š¼š“
ā¢Bug Hunting Findings
ā¢Recon automation, tips and tricks
ā¢Hack The Box Machines
ā¢CTF Challenges
ā¢Red Teaming Tips & Tricks
Link š:-
https://eslam3kl.gitbook.io/blog/
@GitBook_s
7 503
ššš“ ššš»šš²šæ šš®š»š±šÆš¼š¼šø
ā¢Getting Started in InfoSec and Bug Bounties
ā¢Presentations
ā¢Checklists / Guides
ā¢Useful Twitter Threads
ā¢List of Vulnerabilities
ā¢API Security
ā¢Mobile Security
ā¢Fuzzing / Wordlists
ā¢BugBounty Short Write-ups
ā¢Burp Suite Tips and Tricks
ā¢HackerOne Reports
ā¢Response Manipulation
ā¢Client Vs Server Side Vulnerabilities
ā¢AWS
ā¢Chaining of Bugs
ā¢Bug Bounty Automation
ā¢Mindmaps
ā¢Oneliner Collections
ā¢Red Teaming
ā¢Blue Teamining
ā¢Recon One Liners
ā¢Containers
ā¢Wordpress
ā¢Fuzzing / FuFF
ā¢OWASP ZAP
ā¢Bug List
ā¢Setting up burp collaborator
ā¢Admin Panel PwN
ā¢Credential Stuffing / Dump / ā¢HaveibeenPwned?
ā¢Tools Required
ā¢Nuclei Template
Link š:-
gowthams.gitbook.io/bughunter-handbook
@GitBook_s
7 503
šššµš¶š°š®š¹ šš®š°šøš¶š»š“ š§š¼š¼š¹š
ā¢Kali linux most used subdomain finder
ā¢Tools for pentesting
Wappalyzer
ā¢the Harvester
ā¢Parsing Wappalyzer in python
Link š:-
https://ethicaltools.gitbook.io/subdomainfinder/
@GitBook_s
7 503
š¢šµš¦ššš”š§
ā¢Introduction to OSINT Web Resources
ā¢Search Engines
ā¢Social Media Intelligence [SOCMINT]
ā¢Mapping and Geospatial Intelligence [GEOINT]
ā¢Imagery Intelligence [IMINT]
ā¢Orbital Intelligence [ORBINT]
ā¢Business Research and Trade Intelligence [TRADINT]
ā¢Financial Intelligence [FININT]
ā¢Vehicle and Transportation Intelligence [VATINT]
ā¢Digital Network Intelligence [DNINT]
ā¢Signals Intelligence [SIGINT]
ā¢Deep Webs and Darknets
ā¢People Investigations
ā¢Email Addresses
ā¢Phone Numbers
ā¢Usernames
ā¢Gaming
ā¢Real Estate
ā¢Data Sets
ā¢Organized Crime and Illicit Trade
ā¢Stolen Property
ā¢War, Crisis and Conflicts
ā¢Weapons and Equipment ā¢Identification
ā¢Government Information
ā¢Dictionaries, Translation and ā¢Decoding
Link š:-
https://ohshint.gitbook.io/oh-shint-its-a-blog
@GitBook_s
7 503
š š®š¹šš®šæš² šš²šš²š¹š¼š½šŗš²š»š ššš¶š±š²
ā¢Fork Bombs
ā¢Logical Bombs
ā¢Zip Bombs
ā¢Keyloggers
ā¢Wipers
ā¢ScreenJackers
ā¢Prependers and Postpenders
ā¢Browser Extensions
ā¢Worms
ā¢RATs
ā¢Botnets w/ C2 Servers
ā¢Rootkits and Bootkits
ā¢Polymorphic Malware
ā¢Pivoting
ā¢Elementary Concepts and Stuff
ā¢Being Stealthy
ā¢Backdoors
ā¢Windows Process Injection
ā¢SIM Swapping
ā¢Quishing
ā¢RunPE
ā¢Malware Packers
Link š:-
https://arachn3.gitbook.io/malware-development-guide/
@GitBook_s
7 503
š š®š°š¢š¦ š š®š¹šš®šæš² šš²šš²š¹š¼š½šŗš²š»š
Weāll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system.
Link š:-
https://0xf00sec.github.io/2024/03/09/MacOs-X.html
@GitBook_s
7 503
šš²š²š½ šš¶šš² šš»šš¼ šš
š½š¹š¼š¶šš¶š»š“ šŖš¶š»š±š¼šš š§šµšæš²š®š± š£š¼š¼š¹š
ā¢Attacking Worker Factories
ā¢Attacking I/O Ports
ā¢Attacking Timer Queues
ā¢Abusing TLS Callbacks For Payload Execution
ā¢Payload Execution
Link š:-
https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools
@GitBook_s
7 503
šŖš²šÆ šš½š½ šš®š°šøš¶š»š“ š„š²šš¼ššæš°š²š
ā¢Cyber Intelligence
ā¢Red - Offensive Operations
ā¢Blue - DFIR: Digital Forensics and Incident Response
ā¢Yellow - NetEng/SysAdmin
ā¢Yellow - Logging and Security Architecture
ā¢Yellow - Cloud
ā¢Yellow - Containers
ā¢Yellow - Code and CLI
ā¢Yellow - AI, Machine Learning, and FOSS
ā¢Grey - Privacy/TOR/OPSEC
ā¢Training and Resources
Link š:-
https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide
@GitBook_s
7 503
šØš»š°š¼šš²šæ š§šµš² š§šæšš² šš£ šš±š±šæš²šš š¢š³ šŖš²šÆšš¶šš²š š¦š®š³š²š“šš®šæš±š²š± šš šš¹š¼šš±š³š¹š®šæš²
CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service
Link š:-
https://www.kitploit.com/2023/12/cloakquest3r-uncover-true-ip-address-of.html?m=1#google_vignette
@GitBook_s
