en
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Open in Telegram
7 503
Subscribers
+924 hours
+517 days
+19930 days
Posts Archive
š—œš—”š—¦š—œš——š—˜ š—Ÿš—œš—”š—Øš—« š—žš—˜š—„š—”š—˜š—Ÿ >Booting •From bootloader to kernel •First steps in the kernel setup code •Video mode initialization and transition to protected mode •Transition to 64-bit mode •Kernel decompression •Kernel load address randomization >Initialization •First steps in the kernel •Early interrupts handler •Last preparations before the kernel entry point •Continue architecture-specific boot-time initializations •Architecture-specific initializations, again... •End of the architecture-specific initializations, almost... •Scheduler initialization •RCU initialization •End of initialization >Interrupts •Start to dive into interrupts •Interrupt handlers •Initialization of non-early interrupt gates •Implementation of some exception handlers •Handling Non-Maskable interrupts •Dive into external hardware interrupts •Initialization of external hardware interrupts structures •Softirq, Tasklets and Workqueues >System calls •How the Linux kernel handles a system call •vsyscall and vDSO •Limits on resources in Linux >Timers and time management •Clocksource framework •The tick broadcast framework and dyntick •Introduction to timers •Clockevents framework •x86 related clock sources •Time related system calls >Synchronization primitives •Introduction to spinlocks •Queued spinlocks •Semaphores •Mutex •SeqLock •Reader/Writer semaphores •RCU •Lockdep >Memory management •Memblock •Fixmaps and ioremap •kmemcheck >Cgroups >SMP •Per-CPU variables •Cpumasks •The initcall mechanism •Notification Chains >Data Structures in the Linux Kernel •Doubly linked list •Radix tree •Bit arrays >Theory •Paging • Elf64 •Inline assembly •CPUID •MSR >Initial ram disk •initrd >Misc •Linux kernel development •How the kernel is compiled •Linkers •Program startup process in userspace •Write and Submit your first Linux kernel Patch •Data types in the kernel >KernelStructures •IDT Link šŸ”—:- https://0xax.gitbooks.io/linux-insides/content/ @GitBook_s

š—Ÿš—£š—œš—–-šŸÆ šŸÆšŸ¬šŸÆ š—–š—²š—æš˜š—¶š—³š—¶š—°š—®š˜š—¶š—¼š—» š—¦š˜š˜‚š—±š˜† š—šš˜‚š—¶š—±š—² •331.1 X.509 Certificates and Public Key Infrastructures •331.2 X.509 Certificates for Encryption, Signing and Authentication •331.3 Encrypted File Systems •331.4 DNS and Cryptography •332.1 Host Hardening •332.2 Host Intrusion Detection •332.3 Resource Control •333.1 Discretionary Access Control •333.2 Mandatory Access Control •334.1 Network Hardening •334.2 Network Intrusion Detection •334.3 Packet Filtering •334.4 Virtual Private Networks •335.1 Common Security Vulnerabilities and Threats •335.2 Penetration Testing Link šŸ”—:- https://borosan.gitbook.io/lpic3-exam-guide/ @GitBook_s

š——š—¼š—°š—øš—²š—æ š—›š—®š—»š—±š—Æš—¼š—¼š—ø •Basic Concepts •Containerization History •Docker Containers •Docker Images •Docker Storage and volumes •Docker Networking •Docker Security •Docker Compose •Docker cheat sheet •Docker Compose cheat sheet Link šŸ”—:- https://borosan.gitbook.io/docker-handbook @GitBook_s

š—žš˜‚š—Æš—²š—æš—»š—²š˜š—²š˜€ š—–š—µš—²š—®š˜ š—¦š—µš—²š—²š˜ •Cluster Management •ConfigMaps •Daemonsets •Deployments •Events •Ingress •Labels •Logs •Manifest Files •Namespaces •Notes •Pods •Persistent Volume •Replication Controllers •StatefulSet •Secrets & Services Link šŸ”—:- https://borosan.gitbook.io/kubernetes-cheat-sheet @GitBook_s

š—•š—¶š—»š—®š—æš˜† š—˜š˜…š—½š—¹š—¼š—¶š˜š—®š˜š—¶š—¼š—» š—”š—¼š˜š—²š˜€ >Stack •ret2win •De Bruijn Sequences •Shellcode •NOPs •32- vs 64-bit •No eXecute •Return-Oriented Programming •Format String Bug •Stack Canaries >Heap •Chunks •Malloc State •Heap Overflow •Use-After-Free •Double-Free •Unlink Exploit >Kernel •Writing a Char Module •An Interactive Char Driver •Interactivity with IOCTL >Browser Exploitation •CTF 2019 - oob-v8 •picoCTF 2021 - Kit Engine •picoCTF 2021 - Download Horsepower Link šŸ”—:- https://ir0nstone.gitbook.io/notes/ @GitBook_s

š—” š—”š—¼š—¼š—Æ'š˜€ š—šš˜‚š—¶š—±š—² š—§š—¼ š—”š—„š—  š—˜š˜…š—½š—¹š—¼š—¶š˜š—®š˜š—¶š—¼š—» •Lab setup •Introduction to ARM •Introduction to stack buffer overflows •Introduction to ROP Chains •Invoking mprotect() using ROP Chains on ARM •Integer Overflows on ARM •Introduction to Heap Exploitation •Arming the Use-After-Free() •Double free() attacks on ARM •Introduction to ARM64 •Stack-based buffer overflows on ARM64 •ROP chains on ARM64 Link šŸ”—:- https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation/ @GitBook_s

š—Ÿš—²š—®š—æš—» š—šš—¢ š—Ÿš—®š—»š—“ š˜„š—¶š˜š—µ š—§š—²š˜€š˜š˜€ •Go Fundamentals •Installation •Hello, World •Integers •Iteration •Arrays and slices •Structs, methods & interfaces •Pointers & errors •Maps •Dependency Injection •Mocking •Concurrency •Testing Fundamentals •Building a application Link šŸ”—:- https://quii.gitbook.io/learn-go-with-tests/testing-fundamentals/working-without-mocks @GitBook_s

š—Ŗš—µš—¼š—”š—ŗš—œ š—Ŗš—æš—¶š˜š—²š˜‚š—½ •Web Cache Poisoning •Came looking for SSRF and found XSS •Phishing Attack using Machine Learning model •JWT Attacks •OAuth - Mechanism and Attacks •Upgrade plan from Free to Paid via Response Manipulation •XSS IN SOQL Console •Journey from Automated Discovery to Manual Exploitation Link šŸ”—:- https://ibraradi.gitbook.io/write-up/ @GitBook_s

š—œš—»š—³š—¼š˜€š—²š—° š—•š—¹š—¼š—“ •Bug Hunting Findings •Recon automation, tips and tricks •Hack The Box Machines •CTF Challenges •Red Teaming Tips & Tricks Link šŸ”—:- https://eslam3kl.gitbook.io/blog/ @GitBook_s

š—•š˜‚š—“ š—›š˜‚š—»š˜š—²š—æ š—›š—®š—»š—±š—Æš—¼š—¼š—ø •Getting Started in InfoSec and Bug Bounties •Presentations •Checklists / Guides •Useful Twitter Threads •List of Vulnerabilities •API Security •Mobile Security •Fuzzing / Wordlists •BugBounty Short Write-ups •Burp Suite Tips and Tricks •HackerOne Reports •Response Manipulation •Client Vs Server Side Vulnerabilities •AWS •Chaining of Bugs •Bug Bounty Automation •Mindmaps •Oneliner Collections •Red Teaming •Blue Teamining •Recon One Liners •Containers •Wordpress •Fuzzing / FuFF •OWASP ZAP •Bug List •Setting up burp collaborator •Admin Panel PwN •Credential Stuffing / Dump / •HaveibeenPwned? •Tools Required •Nuclei Template Link šŸ”—:- gowthams.gitbook.io/bughunter-handbook @GitBook_s

š—˜š˜š—µš—¶š—°š—®š—¹ š—›š—®š—°š—øš—¶š—»š—“ š—§š—¼š—¼š—¹š˜€ •Kali linux most used subdomain finder •Tools for pentesting Wappalyzer •the Harvester •Parsing Wappalyzer in python Link šŸ”—:- https://ethicaltools.gitbook.io/subdomainfinder/ @GitBook_s

š—¢š—µš—¦š—›š—œš—”š—§ •Introduction to OSINT Web Resources •Search Engines •Social Media Intelligence [SOCMINT] •Mapping and Geospatial Intelligence [GEOINT] •Imagery Intelligence [IMINT] •Orbital Intelligence [ORBINT] •Business Research and Trade Intelligence [TRADINT] •Financial Intelligence [FININT] •Vehicle and Transportation Intelligence [VATINT] •Digital Network Intelligence [DNINT] •Signals Intelligence [SIGINT] •Deep Webs and Darknets •People Investigations •Email Addresses •Phone Numbers •Usernames •Gaming •Real Estate •Data Sets •Organized Crime and Illicit Trade •Stolen Property •War, Crisis and Conflicts •Weapons and Equipment •Identification •Government Information •Dictionaries, Translation and •Decoding Link šŸ”—:- https://ohshint.gitbook.io/oh-shint-its-a-blog @GitBook_s

š— š—®š—¹š˜„š—®š—æš—² š——š—²š˜ƒš—²š—¹š—¼š—½š—ŗš—²š—»š˜ š—šš˜‚š—¶š—±š—² •Fork Bombs •Logical Bombs •Zip Bombs •Keyloggers •Wipers •ScreenJackers •Prependers and Postpenders •Browser Extensions •Worms •RATs •Botnets w/ C2 Servers •Rootkits and Bootkits •Polymorphic Malware •Pivoting •Elementary Concepts and Stuff •Being Stealthy •Backdoors •Windows Process Injection •SIM Swapping •Quishing •RunPE •Malware Packers Link šŸ”—:- https://arachn3.gitbook.io/malware-development-guide/ @GitBook_s

š— š—®š—°š—¢š—¦ š— š—®š—¹š˜„š—®š—æš—² š——š—²š˜ƒš—²š—¹š—¼š—½š—ŗš—²š—»š˜ We’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system. Link šŸ”—:- https://0xf00sec.github.io/2024/03/09/MacOs-X.html @GitBook_s

š——š—²š—²š—½ š——š—¶š˜ƒš—² š—œš—»š˜š—¼ š—˜š˜…š—½š—¹š—¼š—¶š˜š—¶š—»š—“ š—Ŗš—¶š—»š—±š—¼š˜„š˜€ š—§š—µš—æš—²š—®š—± š—£š—¼š—¼š—¹š˜€ •Attacking Worker Factories •Attacking I/O Ports •Attacking Timer Queues •Abusing TLS Callbacks For Payload Execution •Payload Execution Link šŸ”—:- https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools @GitBook_s

š—Ŗš—²š—Æ š—”š—½š—½ š—›š—®š—°š—øš—¶š—»š—“ š—„š—²š˜€š—¼š˜‚š—æš—°š—²š˜€ •Cyber Intelligence •Red - Offensive Operations •Blue - DFIR: Digital Forensics and Incident Response •Yellow - NetEng/SysAdmin •Yellow - Logging and Security Architecture •Yellow - Cloud •Yellow - Containers •Yellow - Code and CLI •Yellow - AI, Machine Learning, and FOSS •Grey - Privacy/TOR/OPSEC •Training and Resources Link šŸ”—:- https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide @GitBook_s

š—Øš—»š—°š—¼š˜ƒš—²š—æ š—§š—µš—² š—§š—æš˜‚š—² š—œš—£ š—”š—±š—±š—æš—²š˜€š˜€ š—¢š—³ š—Ŗš—²š—Æš˜€š—¶š˜š—²š˜€ š—¦š—®š—³š—²š—“š˜‚š—®š—æš—±š—²š—± š—•š˜† š—–š—¹š—¼š˜‚š—±š—³š—¹š—®š—æš—² CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service Link šŸ”—:- https://www.kitploit.com/2023/12/cloakquest3r-uncover-true-ip-address-of.html?m=1#google_vignette @GitBook_s

https://n3t-hunt3r.gitbook.io/ + Pentest Book Cloud Pentesting Web App Pentesting

http://six2dez.gitbook.io Recon Enumeration Exploitation Post Exploitation Mobile

https://scriptingxss.gitbook.io OWASP IOT Top 10 2018 Mapping Project