fa
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

رفتن به کانال در Telegram
7 470
مشترکین
+1024 ساعت
+417 روز
+18130 روز
آرشیو پست ها
■■■■□ A Big company Admin Panel takeover $4500. Exploit (uses just a semi-colon):
example.com/;/admin
https://medium.com/@nanwinata/a-big-company-admin-panel-takeover-4500-9520a6c83430

■■■■■ CSRF Bypass Using Domain Confusion Leads To ATO. https://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722

■■■■□ New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes. https://cybersecuritynews.com/encoding-technique-jailbreaks-chatgpt-4o/

■■■■□ Comprehensive Bug Bounty Hunting Methodology (2024 Edition). https://xalgord.medium.com/comprehensive-bug-bounty-hunting-checklist-2024-edition-4abb3a9cbe66

■■■■□ HTTP Security Headers : A complete guide to HTTP headers. https://www.darkrelay.com/post/http-security-headers

■■■□□ CSRF + POST Body Param Reflection = POST-Based XSS. https://blog.bhuwanbhetwal.com.np/csrf-post-body-param-reflection-post-based-xss-a-brainfuck

■■■■□ From HTTP to RCE - How to leave backdoor in IIS. https://cicada-8.medium.com/from-http-to-rce-how-to-leave-backdoor-in-iis-cbef8249eba9

■■■■■ Hackers now use ZIP file concatenation to evade detection. https://www.bleepingcomputer.com/news/security/hackers-now-use-zip-file-concatenation-to-evade-detection/

■□□□□ Exploiting OS Command Injection — A Real-World Scenario. https://medium.com/@m_kasim2/exploiting-os-command-injection-a-real-world-scenario-4a2db1733137

■■■□□ A Firefox Web Extension to improve the discovery of DOM XSS. https://github.com/swoops/eval_villain

■■■■□ The Indonesian🇮🇩 hacker group "INDOHAXSEC TEAM" has created a web-based version of WannaCry ransomware called "WannaC
■■■■□ The Indonesian🇮🇩 hacker group "INDOHAXSEC TEAM" has created a web-based version of WannaCry ransomware called "WannaCry 2.0," imitating North Korea's Lazarus group. They have hacked multiple websites, encrypting them and demanding Bitcoin as ransom.

From book: I have had the opportunity to work with what I believe to be some of the best pene‐ tration testers and bug bounty hunters in the world. Through my conversations with them and my analysis of how they do their work, I’ve come to realize this topic is much more important than many other books make it out to be. For many of the top bug bounty hunters in the world, expert-level reconnaissance ability is what differen‐ tiates “great” hackers from “good” hackers. In other words, it’s one thing to have a fast car (in this case, perhaps knowing how to build exploits), but without knowing the most efficient route to the finish line, you may not win the race. A slower car could make it to the finish line in less time than a fast one if a more efficient path is taken.

The difference between a good hacker and a great hacker is in Recon #web application security @GitBook_s

OSI Model - With attacks at each layer and Mitigations 😀

🧑‍💻 آموزش مفاهیم تست نفوذ را با ما تجربه کنید : [+] تست نفوذ شبکه و وب را بصورت تخصصی یاد بگیر . [+] زبان ++C برای هکرها و
🧑‍💻 آموزش مفاهیم تست نفوذ را با ما تجربه کنید : [+] تست نفوذ شبکه و وب را بصورت تخصصی یاد بگیر . [+] زبان ++C برای هکرها و فراتر ! [+]ابزار نویسی و اکسپلویت نویسی با پایتون را صفر تا صد پیاده سازی کنید. [+]مفاهیم پایه امنیت را با ما یاد بگیر . [+]نکات و ابزار ها و کار با ابزارهای امنیتی و مقاله های امنیت را در کانال ما دنبال کنید . [+]پیش نیازهای ورود به دنیای تست نفوذ را با ما تجربه کنید و مشاوره بگیرید. [+]چگونه و از کجا هک را شروع کنیم ؟قبلاً فیلم هکرهایی را تماشا کرده اید؟ [+] اندروید هکینگ [+] اصول اولیه PowerShell و جاوا اسکریپت رو برای تست نفوذ یاد بگیرید. [+] مقدمه ای بر امنیت سایبری و کلی مباحث و مفاهیم دیگر را با ما تجربه کنید . به دنیای آموزش رایگان تست نفوذ خوش اومدید . @hakfateam