fa
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

رفتن به کانال در Telegram
7 497
مشترکین
+524 ساعت
+577 روز
+19730 روز
آرشیو پست ها
𝗜𝗡𝗦𝗜𝗗𝗘 𝗟𝗜𝗡𝗨𝗫 𝗞𝗘𝗥𝗡𝗘𝗟 >Booting •From bootloader to kernel •First steps in the kernel setup code •Video mode initialization and transition to protected mode •Transition to 64-bit mode •Kernel decompression •Kernel load address randomization >Initialization •First steps in the kernel •Early interrupts handler •Last preparations before the kernel entry point •Continue architecture-specific boot-time initializations •Architecture-specific initializations, again... •End of the architecture-specific initializations, almost... •Scheduler initialization •RCU initialization •End of initialization >Interrupts •Start to dive into interrupts •Interrupt handlers •Initialization of non-early interrupt gates •Implementation of some exception handlers •Handling Non-Maskable interrupts •Dive into external hardware interrupts •Initialization of external hardware interrupts structures •Softirq, Tasklets and Workqueues >System calls •How the Linux kernel handles a system call •vsyscall and vDSO •Limits on resources in Linux >Timers and time management •Clocksource framework •The tick broadcast framework and dyntick •Introduction to timers •Clockevents framework •x86 related clock sources •Time related system calls >Synchronization primitives •Introduction to spinlocks •Queued spinlocks •Semaphores •Mutex •SeqLock •Reader/Writer semaphores •RCU •Lockdep >Memory management •Memblock •Fixmaps and ioremap •kmemcheck >Cgroups >SMP •Per-CPU variables •Cpumasks •The initcall mechanism •Notification Chains >Data Structures in the Linux Kernel •Doubly linked list •Radix tree •Bit arrays >Theory •Paging • Elf64 •Inline assembly •CPUID •MSR >Initial ram disk •initrd >Misc •Linux kernel development •How the kernel is compiled •Linkers •Program startup process in userspace •Write and Submit your first Linux kernel Patch •Data types in the kernel >KernelStructures •IDT Link 🔗:- https://0xax.gitbooks.io/linux-insides/content/ @GitBook_s

𝗟𝗣𝗜𝗖-𝟯 𝟯𝟬𝟯 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗦𝘁𝘂𝗱𝘆 𝗚𝘂𝗶𝗱𝗲 •331.1 X.509 Certificates and Public Key Infrastructures •331.2 X.509 Certificates for Encryption, Signing and Authentication •331.3 Encrypted File Systems •331.4 DNS and Cryptography •332.1 Host Hardening •332.2 Host Intrusion Detection •332.3 Resource Control •333.1 Discretionary Access Control •333.2 Mandatory Access Control •334.1 Network Hardening •334.2 Network Intrusion Detection •334.3 Packet Filtering •334.4 Virtual Private Networks •335.1 Common Security Vulnerabilities and Threats •335.2 Penetration Testing Link 🔗:- https://borosan.gitbook.io/lpic3-exam-guide/ @GitBook_s

𝗗𝗼𝗰𝗸𝗲𝗿 𝗛𝗮𝗻𝗱𝗯𝗼𝗼𝗸 •Basic Concepts •Containerization History •Docker Containers •Docker Images •Docker Storage and volumes •Docker Networking •Docker Security •Docker Compose •Docker cheat sheet •Docker Compose cheat sheet Link 🔗:- https://borosan.gitbook.io/docker-handbook @GitBook_s

𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗖𝗵𝗲𝗮𝘁 𝗦𝗵𝗲𝗲𝘁 •Cluster Management •ConfigMaps •Daemonsets •Deployments •Events •Ingress •Labels •Logs •Manifest Files •Namespaces •Notes •Pods •Persistent Volume •Replication Controllers •StatefulSet •Secrets & Services Link 🔗:- https://borosan.gitbook.io/kubernetes-cheat-sheet @GitBook_s

𝗕𝗶𝗻𝗮𝗿𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 𝗡𝗼𝘁𝗲𝘀 >Stack •ret2win •De Bruijn Sequences •Shellcode •NOPs •32- vs 64-bit •No eXecute •Return-Oriented Programming •Format String Bug •Stack Canaries >Heap •Chunks •Malloc State •Heap Overflow •Use-After-Free •Double-Free •Unlink Exploit >Kernel •Writing a Char Module •An Interactive Char Driver •Interactivity with IOCTL >Browser Exploitation •CTF 2019 - oob-v8 •picoCTF 2021 - Kit Engine •picoCTF 2021 - Download Horsepower Link 🔗:- https://ir0nstone.gitbook.io/notes/ @GitBook_s

𝗔 𝗡𝗼𝗼𝗯'𝘀 𝗚𝘂𝗶𝗱𝗲 𝗧𝗼 𝗔𝗥𝗠 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 •Lab setup •Introduction to ARM •Introduction to stack buffer overflows •Introduction to ROP Chains •Invoking mprotect() using ROP Chains on ARM •Integer Overflows on ARM •Introduction to Heap Exploitation •Arming the Use-After-Free() •Double free() attacks on ARM •Introduction to ARM64 •Stack-based buffer overflows on ARM64 •ROP chains on ARM64 Link 🔗:- https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation/ @GitBook_s

𝗟𝗲𝗮𝗿𝗻 𝗚𝗢 𝗟𝗮𝗻𝗴 𝘄𝗶𝘁𝗵 𝗧𝗲𝘀𝘁𝘀 •Go Fundamentals •Installation •Hello, World •Integers •Iteration •Arrays and slices •Structs, methods & interfaces •Pointers & errors •Maps •Dependency Injection •Mocking •Concurrency •Testing Fundamentals •Building a application Link 🔗:- https://quii.gitbook.io/learn-go-with-tests/testing-fundamentals/working-without-mocks @GitBook_s

𝗪𝗵𝗼𝗔𝗺𝗜 𝗪𝗿𝗶𝘁𝗲𝘂𝗽 •Web Cache Poisoning •Came looking for SSRF and found XSS •Phishing Attack using Machine Learning model •JWT Attacks •OAuth - Mechanism and Attacks •Upgrade plan from Free to Paid via Response Manipulation •XSS IN SOQL Console •Journey from Automated Discovery to Manual Exploitation Link 🔗:- https://ibraradi.gitbook.io/write-up/ @GitBook_s

𝗜𝗻𝗳𝗼𝘀𝗲𝗰 𝗕𝗹𝗼𝗴 •Bug Hunting Findings •Recon automation, tips and tricks •Hack The Box Machines •CTF Challenges •Red Teaming Tips & Tricks Link 🔗:- https://eslam3kl.gitbook.io/blog/ @GitBook_s

𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿 𝗛𝗮𝗻𝗱𝗯𝗼𝗼𝗸 •Getting Started in InfoSec and Bug Bounties •Presentations •Checklists / Guides •Useful Twitter Threads •List of Vulnerabilities •API Security •Mobile Security •Fuzzing / Wordlists •BugBounty Short Write-ups •Burp Suite Tips and Tricks •HackerOne Reports •Response Manipulation •Client Vs Server Side Vulnerabilities •AWS •Chaining of Bugs •Bug Bounty Automation •Mindmaps •Oneliner Collections •Red Teaming •Blue Teamining •Recon One Liners •Containers •Wordpress •Fuzzing / FuFF •OWASP ZAP •Bug List •Setting up burp collaborator •Admin Panel PwN •Credential Stuffing / Dump / •HaveibeenPwned? •Tools Required •Nuclei Template Link 🔗:- gowthams.gitbook.io/bughunter-handbook @GitBook_s

𝗘𝘁𝗵𝗶𝗰𝗮𝗹 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗧𝗼𝗼𝗹𝘀 •Kali linux most used subdomain finder •Tools for pentesting Wappalyzer •the Harvester •Parsing Wappalyzer in python Link 🔗:- https://ethicaltools.gitbook.io/subdomainfinder/ @GitBook_s

𝗢𝗵𝗦𝗛𝗜𝗡𝗧 •Introduction to OSINT Web Resources •Search Engines •Social Media Intelligence [SOCMINT] •Mapping and Geospatial Intelligence [GEOINT] •Imagery Intelligence [IMINT] •Orbital Intelligence [ORBINT] •Business Research and Trade Intelligence [TRADINT] •Financial Intelligence [FININT] •Vehicle and Transportation Intelligence [VATINT] •Digital Network Intelligence [DNINT] •Signals Intelligence [SIGINT] •Deep Webs and Darknets •People Investigations •Email Addresses •Phone Numbers •Usernames •Gaming •Real Estate •Data Sets •Organized Crime and Illicit Trade •Stolen Property •War, Crisis and Conflicts •Weapons and Equipment •Identification •Government Information •Dictionaries, Translation and •Decoding Link 🔗:- https://ohshint.gitbook.io/oh-shint-its-a-blog @GitBook_s

𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 𝗚𝘂𝗶𝗱𝗲 •Fork Bombs •Logical Bombs •Zip Bombs •Keyloggers •Wipers •ScreenJackers •Prependers and Postpenders •Browser Extensions •Worms •RATs •Botnets w/ C2 Servers •Rootkits and Bootkits •Polymorphic Malware •Pivoting •Elementary Concepts and Stuff •Being Stealthy •Backdoors •Windows Process Injection •SIM Swapping •Quishing •RunPE •Malware Packers Link 🔗:- https://arachn3.gitbook.io/malware-development-guide/ @GitBook_s

𝗠𝗮𝗰𝗢𝗦 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 We’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system. Link 🔗:- https://0xf00sec.github.io/2024/03/09/MacOs-X.html @GitBook_s

𝗗𝗲𝗲𝗽 𝗗𝗶𝘃𝗲 𝗜𝗻𝘁𝗼 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗶𝗻𝗴 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗧𝗵𝗿𝗲𝗮𝗱 𝗣𝗼𝗼𝗹𝘀 •Attacking Worker Factories •Attacking I/O Ports •Attacking Timer Queues •Abusing TLS Callbacks For Payload Execution •Payload Execution Link 🔗:- https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools @GitBook_s

𝗪𝗲𝗯 𝗔𝗽𝗽 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 •Cyber Intelligence •Red - Offensive Operations •Blue - DFIR: Digital Forensics and Incident Response •Yellow - NetEng/SysAdmin •Yellow - Logging and Security Architecture •Yellow - Cloud •Yellow - Containers •Yellow - Code and CLI •Yellow - AI, Machine Learning, and FOSS •Grey - Privacy/TOR/OPSEC •Training and Resources Link 🔗:- https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide @GitBook_s

𝗨𝗻𝗰𝗼𝘃𝗲𝗿 𝗧𝗵𝗲 𝗧𝗿𝘂𝗲 𝗜𝗣 𝗔𝗱𝗱𝗿𝗲𝘀𝘀 𝗢𝗳 𝗪𝗲𝗯𝘀𝗶𝘁𝗲𝘀 𝗦𝗮𝗳𝗲𝗴𝘂𝗮𝗿𝗱𝗲𝗱 𝗕𝘆 𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲 CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service Link 🔗:- https://www.kitploit.com/2023/12/cloakquest3r-uncover-true-ip-address-of.html?m=1#google_vignette @GitBook_s

https://n3t-hunt3r.gitbook.io/ + Pentest Book Cloud Pentesting Web App Pentesting

http://six2dez.gitbook.io Recon Enumeration Exploitation Post Exploitation Mobile

https://scriptingxss.gitbook.io OWASP IOT Top 10 2018 Mapping Project