Bug Bounty - GitBook
رفتن به کانال در Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
نمایش بیشتر7 428
مشترکین
+324 ساعت
+37 روز
+16730 روز
آرشیو پست ها
7 433
Companies & developers tend to put more resources (including security) into the main APIs. Always look for the most niche features that nobody uses to find interesting vulnerabilities. POST /api/profile/upload_christmas_voice_greeting
#api
@GitBook_s
7 433
Mobile Certificate Pinning? Before you start reverse engineering & patching the client app, check for both iOS & Android clients and older versions of them. There's a decent chance that the pinning isn't enabled in one of them. Save time.
#api
@GitBook_s
7 433
Even if you use another web proxy, always use Burp in the background. The guys at @PortSwigger are doing a really good job at helping you manage your pentest. Use the “tree view” (free version) feature to see all API endpoints you’ve accessed.
#api
@GitBook_s
7 433
Static resource==photo,video,.. Web Servers(IIS, Apache) treat static resources differently when it comes to authorization. Even if developers implemented decent authorization, there's a good chance you can access static resources of other users.
#api
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
Hackers Rest
Hacker's Rest
>Tools & Cheatsheets
Hacking Methodology
Hands-on Practice
>LINUX
Linux Basics
Hardening & Setup
Red Team Notes
Vim
>WINDOWS
Windows Basics
PowerShell
Hardening & Setup
Red Team Notes
>MACOS
MacOS Basics
Hardening & Configuration
Red Team Notes
>WEB
Burp Suite
DNS
Web Notes
>MOBILE
iOS
Android
>OS AGNOSTIC
Basic Enumeration
Cryptography & Encryption
Network Hardware
OS Agnostic
OSINT
Password Cracking
Pivoting
Reverse Engineering & Binary Exploitation
Scripting
SQL
SSH & SCP
Steganography
Wireless
Unsorted
Link 🔗:-
https://zweilosec.gitbook.io/hackers-rest
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
Software Security
>PREREQUISITES
Prerequisites
>INTRODUCTION
Cyber security principles
Basic web concepts
Basic browser security concepts
Basic security concepts
>ACCESS CONTROL: BASICS
Authentication
Authorization
Session Management
CSRF
SSRF
>ACCESS CONTROL: ADVANCED
Authentication
>INJECTION ATTACKS
Injection attacks
SQL Injection
Command Injection
Cross-site scripting
Subresource integrity
Sandboxing
>HTTPS
HTTPS
Introduction to cryptography
PKI
Setting up HTTPS
References
>HTTP HEADERS FOR SECURITY
HTTP Headers
>THREAT MODELING
Threat modeling introduction
Threat modeling basics
Inspiration for threats
>BRINGING IT ALL TOGETHER
Acomperhensive overview of controls
Link 🔗:-
https://apwt.gitbook.io/software-security
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
StaphySec
Resources
Tricks
Brute Force - CheatSeet
File Transfer
Hashcat
Cheatsheet
Curl
>Tools
Cracking
Information Gathering
XSS
Obfuscation
Credentials Theft/Win
Content Management System(CMS)
>Programing and Scripting
Virtualenv & Switching Versions
Python
>Shells
Shells(Linux,Windows,Msfvenom)
>Linux
Cheatsheet
EOP Linux Tools and Resources
Blogs
>Windows
Cheatsheet
EOP Windows Tools and Resources
Useful commands and Modules
>Blogs
Miscellaneous resources
>Pentesting
21 Pentesting FTP
22 Pentesting SSH
25,465,587 Pentesting SMTP
53 Pentesting DNS
110,995 Pentesting POP
135 Pentesting WMI
139,445 SMB Pentesting
143,993 Pentesting IMAP
161,162,10161,10162/udp Pentesting SNMP
623 /UDP/TCP - IPMI
1433 Pentesting mssql
2049 NFS Pentesting
3306 Pentesting Mysql
3389 Pentesting RDP
5985,5986 WinRm
>Pentesting Web
SQL Injections
Command injection
File Uploads
Abusing Intermediary Applications
HTTP Verb Tampering
IDOR
File Inclusion/Directory Traversal
XXE-XEE-XML External Entity
SSRF
SSI/ESI
SSTI
XSLT Server Side Injection(Extensible Stylesheet Language Transformations)
Link 🔗:-
https://staphysec.gitbook.io/staphysec
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
infosecgirls
Introduction
Application Details
>INITIAL SETUP WITH OWASP ZAP
OWASP ZAP
Setup OWASP ZAP
Modes
Automated Scan
Report Generation
>INITIAL SETUP WITH BURP.
Start Burp Suite
Add FoxyProxy Addon
Add New Proxy In FoxyProxy
Configure Proxy Listener
Install Burp's CA Certificate In Firefox
Getting Rid of Unnecessary Browser Traffic
>QUICK BASICS
Disable Intercept Mode in Burp
Enable Intercept Mode in Burp
Send to Repeater
Send to Comparer
>WEB APPLICATION PENTESTING
A1 - Injection
A2 - Broken Authentication
A3 - Sensitive Data Exposure
A4- XML External Entities (XXE)
A5 - Broken Access Control
A6 - Security Misconfiguration
A7 - Cross-Site Scripting (XSS)
A8 - Insecure Deserialization
A9 - Using Components with Known Vulnerabilities
10 - Insufficient Logging & Monitoring
References
About Us
>ADDITIONAL CONTENT
Insecure Direct Object Reference
Security Misconfiguration
Password Guessing Attack
User Enumeration
Custom Iterator
Null Payload
Request in Browser:
Privilege Escalation Check
>BURP EXTENDERS
Target
Proxy
Intruder
Repeater
Sequencer
Decoder
Comparer
Extender
Link 🔗:-
https://infosecgirls.gitbook.io/infosecgirls-training/v/appsec/
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
H12006 - Write up
WriteUp
| - Passive Reconnaissance
ll - Active Reconnaissance
lll - Server Side Request Forgery
IV - Android Reverse Engineering
V - Know your staff
VI - You will pay for this !
Link 🔗:-
https://techbrunch.gitbook.io/h12006
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
refabr1k's Pentest Notebook
Steganography
Kali USB with persistence memory
useful tools
Understanding ICACLS permissions
>INFO GATHERING
Port Knocking
22 tcp - SSH
25 top - SMTP
53 tcp/udp - DNS
88 tcp - Kerberos
161 udp - SNMP
1098,1099 tcp - Java RMI
8009 tcp - AJP
5901,5902 tcp - VNC
>WEB
XSS cookie stealing
PHP
Webdav
Wordpress
XML RPC
SQL Injection
SSRF
>EXPLOITATION
File Transfers
Buffer Overflow
Bruteforce
PHP rce
Compiling
msfvenom
Reverse shell
Using ENV to escape Bad Characters
shellshock
Ncat Persistent Backdoor
PRIVESC - LINUX
Basic checks
Upgrading Shells
SUID
>PRIVESC - WINDOWS
Basic checks/powershell
Privesc Openings
LonelyPotato - SelmpersonatePrivilege
Enable RDP @ Firewall
NTLM (Pass The Hash)
>WINDOWS
NTDS.dit
Responder / SMB Relay
Attacking AD
>METASPLOIT
Basic Usage
Meterpreter
>UNSORTED
other notes
>ELEARNSECURITY EJPT
eJPT notes
>OSWP
Getting started
WEP Attacks
WPA/WPA2 Attacks
>SCRIPTS
get port from nmap
Curl response
ping sweep
iptables-counter.sh
(DNS) zonetransfer_check.sh
(DNS) dns-rev-brute.sh
(DNS) dns-fwd-brute.sh
(SMB) vuln-scan.sh
(SMB) samba-checker.sh
(SMTP) vrfy.py
(SNMP) mib-check.sh
>ZERODAY VULNERABILITIES EXPLAINED
2020-12 Solarwind supply chain
Link 🔗:-
https://refabr1k.gitbook.io/oscp
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
Security Knowledge Framework
Introduction
Auth Bypass
Auth Bypass - 1
Auth Bypass - 2
Auth-bypass-3
Auth-bypass-Simple
Client Side Restriction Bypass
Client Side Restriction Bypass - Harder
Client Side Template Injection (CSTI)
Command Injection (CMD)
Command Injection 2 (CMD-2)
Command Injection 3 (CMD-3)
Command Injection 4 (CMD-4)
Command Injection Blind (CMD-Blind)
Content-Security-Policy (CSP)
CORS exploitation
Credentials Guessing
Credentials Guessing - 2
Cross Site Scripting (XSS)
Cross Site Scripting - Attribute (XSS-Attribute)
Cross Site Scripting - href (XSS-href)
Cross Site Scripting - DOM (XSS- DOM)
Cross Site Scripting - DOM-2 (XSS- DOM-2)
Cross Site Scripting - Stored (XSS- Stored)
CSRF
CSRF - Samesite
CSRF - Weak
CSS Injection (CSSI)
Deserialisation Java (DES-Java)
Deserialisation Yaml (DES-Yaml)
Deserialisation Pickle (DES-Pickle)
Deserialisation Pickle 2 (DES-Pickle-2)
DoS Regex
File upload
Formula Injection
GraphQL DOS
GraphQL IDOR
GraphQL Injections
GraphQL Introspection
GraphQL Mutations
Host Header Injection
(Authentication Bypass)
HttpOnly Session Hijacking XSS
Information Leakeage in Comments
Information Leakeage in Metadata
Insecure Direct Object References (IDOR)
JWT Null
JWT Secret
Ldap Injection
Ldap Injection - harder
Local File Inclusion 1 (LFI-1)
Local File Inclusion 2 (LFI-2)
Local File Inclusion 3 (LFI-3)
Parameter Binding
Prototype Pollution
Race Condition
Race Condition File-Write
Ratelimiting (Brute-force login)
Remote File Inclusion (RFI)
Right To Left Override (RTLO)
Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
Session Hijacking XSS
Session Puzzling
Session Management 1
SQLI (Union)
SQLI Login Bypass
SQLI (Like)
SQLI (Blind)
TLS Downgrade
Untrusted Sources (XSSI)
URL Redirection
URL Redirection - Harder
URL Redirection - Harder-2
WebSocket Message Manipulation
XML External Entity (XXE)
Exposed docker daemon
template item
Link 🔗:-
https://skf.gitbook.io/asvs-write-ups/
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
AppSec
Overview
Write Ups Compilations/Resources
main Resources
Labs
>Cross Site Request Forgery
> Missing Access Controls
>LFI
>XXE
>Injection
Command Injection
Server Side Template Injection
SQL Injection
>SSRF
>Unvalidated Redirects and Forwards
>Verbose Error messages and Stack Traces
Link 🔗:-
https://evanluke.gitbook.io/appsec
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
Leet Sheet
>Reconnaissance
Automated Reconnaissance
Domains
Scour the Web
Metadata
>Web App Hacking
Enumeration
User Attacks
Database Attacks
Server Attacks
DNS Attacks
Cloud Attacks
Interesting Outdated Attacks
>Network Hacking
General Enumeration
RPC
LDAP
SMB
SNMP
WMI
SSH
Kerberos
NTLM
Man-in-the-Middle
WinRM
>Post Exploitation
Windows
Linux
Docker Container
General
>Various
CVEs
SSH Agent Hijacking
Password Cracking
Cryptography
Non-Hacking
Malware
Forensics
>Binary Exploitation
Base Knowledge
Format Strings Exploits
Stack Smashing
Heap Exploits
Time-of-Check to Time-of-Use
Shellcode
Decompilation
Debugging
Exploit Mitigations and Protections
Exploit Protection Bypassing
Passing Input
Fuzzing
Automatic Exploitation
>phisical security
Mechanical Locks
Electronic Locks
Other Attacks
Destructive Entry
Elevator Attacks
>Social Engineering
Phishing
Link 🔗:-
https://heinosass.gitbook.io/leet-sheet
@GitBook_s
7 433
Repost from Bug Bounty - GitBook
wiki.hackerlab.cz
>Web Pentesting
HTTP Request Smuggling
SSTI
Insecure Deserialization
Brute Force
Shell Fu - onliners
CORS
Special Chars & NULL Bytes
XSS
XEE
SQL Injection
Blind SQL Injection
SQLmap
NoSQL Injection
CRLF Injection
Input Validation - Fuzz1
HTTP Headers - X-Forwarded
Log4j
Enumeration with Wordlists
Bug Bounty - Web Recon
HTTP Proxy Override
CSV Injection
Windows Forbiden File Name
Path Traversal
OS Command Injection
Open Redirect
JWT Token
Upload RCE
GUID and UUIDs
>Toolset
Git - Repo and Tools
Docker for Pentesters
>Infrastructure Pentesting
Windows Post Exploitation
Dump File Analysis
Active Directory
NFS Enumration
>Other Pentest Project
Security Projects
>Wifi Pentesting
Kali Linux - Alpha card AWUS 1900(VirtualBox)
Active Card & Monitor Mode
Aircrack-ng Suite
Certs
>Linux
Network Manager
>Books
The Hacker Playbook 3
Link 🔗:-
https://hackerlab.gitbook.io/wiki.hackerlab.cz/
@GitBook_s
7 433
wiki.hackerlab.cz
>Web Pentesting
HTTP Request Smuggling
SSTI
Insecure Deserialization
Brute Force
Shell Fu - onliners
CORS
Special Chars & NULL Bytes
XSS
XEE
SQL Injection
Blind SQL Injection
SQLmap
NoSQL Injection
CRLF Injection
Input Validation - Fuzz1
HTTP Headers - X-Forwarded
Log4j
Enumeration with Wordlists
Bug Bounty - Web Recon
HTTP Proxy Override
CSV Injection
Windows Forbiden File Name
Path Traversal
OS Command Injection
Open Redirect
JWT Token
Upload RCE
GUID and UUIDs
>Toolset
Git - Repo and Tools
Docker for Pentesters
>Infrastructure Pentesting
Windows Post Exploitation
Dump File Analysis
Active Directory
NFS Enumration
>Other Pentest Project
Security Projects
>Wifi Pentesting
Kali Linux - Alpha card AWUS 1900(VirtualBox)
Active Card & Monitor Mode
Aircrack-ng Suite
Certs
>Linux
Network Manager
>Books
The Hacker Playbook 3
Link 🔗:-
https://hackerlab.gitbook.io/wiki.hackerlab.cz/
@GitBook_s
7 433
Got stuck during an API pentest? Expand your attack surface! Find sub/sibling domains using http://Virustotal.com & http://Censys.io. Some of these domains might expose the same APIs with different configurations/versions.
#api
@GitBook_s
7 433
Use Mass Assignment to bypass security mechanisms. E.g., "enter password" mechanism:
POST /api/reset_pass requires old password.
PUT /api/update_user is vulnerable to MA == can be used to update pass without sending the old one (For CSRF)
#api
@GitBook_s
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
