Bug Bounty - GitBook
رفتن به کانال در Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
نمایش بیشتر7 493
مشترکین
+524 ساعت
+577 روز
+19730 روز
آرشیو پست ها
7 493
C|EH - Practical
>Nmap tool
>Hydra Tool
>WireShark
>SQLMAP
>Cryptography
>Metasploit
>Enum4linux
>ADB - android
>RAT Tool
>WPSCAN
>Stegnography
Link 🔗:-
https://immpetus.gitbook.io/ceh-practical
@GitBook_s
7 493
CCNA Cheatsheet
Cybersecurity (EJPT)
eJPT CheatSheet
CEH Practical Cheat Sheet
Linux Privilege Escalation
Link 🔗:-
https://pjdeepakkumar.gitbook.io/homepage
@GitBook_s
7 493
🧩 A huge number of cheat sheets that will help you during the pentest.
🧷 https://ired.team/offensive-security-experiments/offensive-security-cheetsheets
7 493
𝗧𝗲𝗰𝗵𝗻𝗶𝗾𝘂𝗲𝘀 𝗳𝗼𝗿 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻 𝗼𝗻 𝗪𝗶𝗻𝗱𝗼𝘄𝘀
Breaking Barriers and Assumptions
🔗 Part 1 :-
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
🔗 Part 2 :-
https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
🔗 Part 3 :-
https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
@GitBook_s
#privilege #escalation #technique #guide #blog #windowshacking
7 493
𝗢𝗪𝗔𝗦𝗣 𝗧𝗢𝗣 𝟭𝟬 - 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗹𝗲 𝗟𝗟𝗠 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀
The OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security.
Link 🔗:-
https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki/Vulnerable-LLM-Applications
@GitBook_s
#web3 #prompt #owasp #llmsecurity #injection #promptsecurity #security
7 493
7 493
𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁, 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗮𝗻𝗱 𝗗𝗙𝗜𝗥 𝗦𝗲𝗿𝗶𝗲𝘀 👾
🔗 Part 1 :-
https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20I/
🔗 Part 2 :-
https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20II/
🔗 Part 3 :-
https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20III/
🔗 Part 4 :-
https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20IV/
@GitBook_s #maldev #malware #development #analysis #dfir #digitalforensic #incidentresponse
7 493
𝗔𝗱𝘃𝗮𝗻𝗰𝗲𝗱 𝗦𝗤𝗟 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗧𝗲𝗰𝗵𝗻𝗶𝗾𝘂𝗲𝘀 🔒
•Part 1 : Techniques to Force Errors from Databases for SQL
•Part 2 : Techniques to Force Errors from Databases for SQL Injection
•Part 3 : Advanced Methods to Forcefully Generate Errors on Various DBMS
•Extracting Database Name and Hostname Using Forced Errors
•Adding Custom Payloads Directly in SQLMap Syntax
Link 🔗:-
https://nav1n0x.gitbook.io/advanced-sql-injection-techniques
@GitBook_s #sql #injection #webhack #websec #appsec
7 493
📚 Everything curl.
• A very voluminous guide to working with curl, which has been updated since the beginning of 2015 to this day. The book is free, and dozens of authors contributed to its development: https://curl.haxx.se/book.html
➡️ Repository: https://github.com/curl/everything-curl
7 493
🏳 CTF chall write-ups, files & scripts.
• CTF is one of the best methods to acquire the necessary skills in hacking various systems or gain unique knowledge in various aspects of information security.
• At the link below you can find a very useful repo, which contains current tools, scripts, platforms and video material on completing CTF. Save to favorites and use:
➡️ https://github.com/Crypto-Cat/CTF
#CTF
7 493
𝗛𝗮𝗿𝗱 𝗗𝗶𝘀𝗸 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗠𝗲𝘁𝗵𝗼𝗱𝗼𝗹𝗼𝗴𝘆 🤖
Link 🔗:-
https://zach-wong.gitbook.io/easy-reads/forensics-ctf-methodology/hard-disk-analysis-methodology
7 493
👁 Nmap Cheat Sheet 2024: All the Commands & Flags.
https://www.stationx.net/nmap-cheat-sheet/
• Host Discovery;
• Output Format Scan;
• Understanding Nmap Packet Trace;
• Nmap Scan with Timing Parameters;
• Nmap Scans using Hex Value of Flags;
• Forensic Investigation of Nmap Scan using Wireshark;
• Understanding Guide for Nmap Timing Scan (Firewall Bypass);
• Understanding Guide for Nmap Ping Scan (Firewall Bypass);
• Comprehensive Guide on Nmap Port Status;
• How to Detect NMAP Scan Using Snort;
• Understanding Guide to Nmap Firewall Scan (Part 2);
• Understanding Guide to Nmap Firewall Scan (Part 1);
• Understanding Nmap Scan with Wireshark;
• Password Cracking using Nmap;
• Vulnerability Scan;
• Network Scanning using NMAP (Beginner Guide);
• MSSQL Penetration Testing using Nmap;
• MySQL Penetration Testing with Nmap.
7 493
https://github.com/gracenolan/Notes
Я инженер по безопасности в Google, и это заметки, сделанные во время подготовки к собеседованиям. Это моя первая работа в сфере безопасности, и многие спрашивали меня, как я учился. Мои заметки состоят в основном из списка терминов и технологий, которые нужно изучить, а также небольших кусочков информации, которые помогли мне запомнить некоторые детали. Я включил советы по собеседованию и стратегии обучения, которые так же важны, как и знание тем, которые следует изучать.— Learning Tips — Interviewing Tips — Networking — Web Application — Infrastructure (Prod / Cloud) Virtualisation — OS Implementation and Systems — Mitigations — Cryptography, Authentication, Identity — Malware & Reversing — Exploits — Attack Structure — Threat Modeling — Detection — Digital Forensics — Incident Management — Coding & Algorithms — Security Themed Coding Challenges
7 493
👩💻 Attacking Docker.
- Privileged Container;
- Exposed Container APIs;
- Container Escape;
- Container Image Tampering;
- Insecure Container Configuration;
- Denial-of-Service (DoS);
- Kernel Vulnerabilities;
- Shared Kernel Exploitation;
- Insecure Container Orchestration;
- Insecure Container Images;
- References.
7 493
🌩 Attacking AWS.
• Insufficient Security Configuration;
• Insecure Data storage;
• Insecure Deployment and Configuration Management;
• Backdoor Lambda Function Through Resource-Based Policy;
• Overwrite Lambda Function Code;
• Create an IAM Roles Anywhere trust anchor;
• Exfiltrate RDS Snapshot by Sharing;
• Backdoor an S3 Bucket via its Bucket Policy;
• Exfiltrate an AMI by Sharing It;
• Exfiltrate EBS Snapshot by Sharing It;
• Execute Discovery Commands on an EC2 Instance;
• Download EC2 Instance User Data;
• Execute Commands on EC2 Instance via User Data;
• Noncompliant Code;
• Compliant Code;
• Retrieve EC2 Password Data;
• Noncompliant Code;
• Compliant Code;
• Insecure Deployment and Configuration Management;
• Local Filesystem;
• AWS Security Token;
• AWS Security Token Permission enumeration;
• ec2:CreateSnapshot and ec2:DescribeVolumes;
• Amazon Cognito;
• References.
7 493
7 493
👩💻 Docker Security.
• Prerequisites;
• Secure configuration;
• Docker Host;
- Working Environment;
- Configuration audit;
- Lynis;
- Docker Bench for Security;
• Docker Daemon;
- Access control to Docker Daemon;
- Securing docker.sock;
- Granting and revoking permissions;
- Avoiding privileged mode;
- Access to devices;
- Blocking the ability to “granting” (acquiring) permissions;
- Privilege escalation and Linux namespaces;
- Rootless mode;
- Container communication (container isolation);
- Read-only mode;
- Resource utilization control;
- Connecting to a remote Docker Daemon;
- Event logging;
• Containers Security;
- Selecting the Right Image;
- Docker Content Trust (DCT);
- Using your own images;
- Docker build and URL;
- “latest” tag;
- USER command;
- Force UID;
- .dockerignore;
• Automatic images scanning;
- Trivy;
- Docker Scout;
• AppArmor;
• Seccomp;
• SELinux;
• The final piece of the puzzle – application security;
• Docker Desktop Security;
• Updating Software;
• Additional sources of knowledge – where to find information about; vulnerabilities;
• History of Changes.
