Bug Bounty - GitBook
رفتن به کانال در Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
نمایش بیشتر7 436
مشترکین
-124 ساعت
+27 روز
+16630 روز
آرشیو پست ها
7 436
Want to get better at Hack The Box?
Join our Telegram channel for:
HTB writeups (Easy, Medium, Hard)
Tips, tricks & tools
Weekly machine discussions
Beginner-friendly guidance
Level up your hacking skills – one box at a time!
Join now: https://t.me/htbboxes
7 436
🔸 self XSS - when you are (usually) attacking only yourself. For example, when XSS is in your name and is triggered only in your profile section
#XSS
@GitBook_s
7 436
Repost from Bug Bounty - GitBook
برای حمایت از کانال پست آخر رو به اشتراک بزارید
support the channel, by sharing the last post
7 436
Repost from Bug Bounty - GitBook
Hive
>Recon
Passive(OSINT)
Active
Web Recon
Firewall Evasion
>Web Attack
Server Side
Client Side
>Network Attacks
Network Services
Network Devices
MITM & Poisoning
Wireless Attacks
Sniffing
Denial of Service
>Red Team
Windows
Active Directory
Linux
Command & Control (C2)
Shells & Payloads
Payload Delivery
Pivoiting
Exfiltration/File Transfer
Password Attacks
Defense Evasion
>Malvare Development
Evasion Concepts primer
Shellcode Placement
Shellcode Encoding & Encryption
Binary Properties & Code Signing
Code Obfuscation
>Blue Team
Treat Modeling/Hunting/Intelligence
Linux Hardening
Security Architecture
>Purple Teaming
Adversary Emulation
>Programing
C Programing
Assembly (NASM)
>Miscellaneous
GNU Screen/tmux
SSH Tricks
Cats
Curl
Cross-compilling Binaries
Link 🔗:-
https://7h3w4lk3r.gitbook.io/the-hive
@GitBook_s
7 436
Repost from Bug Bounty - GitBook
SecJournal
>RESOURCES DUMP
>WHAT IS SECURITY
>PENTESTING METHODOLOGY
Methodology
>NETWORKS
Networking
Adresses
OSI Model
Packets
Combined Knowledge
>WEBSITE SECURITY
Web
SQL Injection
Access Control
Authentication Bypass
Business Logic
Information Disclosure
Directory Traversal
Command Injection
File Upload Vulnerabilities
Server-Side Request Forgery
Cross-Origin Resource Sharing
Cross-Site Request Forgery
Cross-Site Scripting
JSON Web Tokens
API Testing
WebSockets
Deserialization
Prototype Pullution
Server-Side Template Injection
XXE Injection
Web Cach Poisoning
HTTP Request Smuggling
OAuth Authentication
Bug Bounties
>BUFFER OVERFLOWS
Buffer Overflows
OSCP BOF (OUTDATED)
Ret2Libc
ROP Chaining
Canary Bypass
ASLR Bypass
>ACTIVE DIRECTORY
Active Directory
Tools
Windows Authentication
Kerberos
ACLs and GPOs
LDAP
>WRITEUPS
HTB Season 3
HTB Season 2
HTB Season 1
HTB Season
Proving Grounds Practice
>EVASION
Evasion
>ADVERSARY EMULATION
Red Teaming
Link 🔗:-
https://rouvin.gitbook.io/ibreakstuff
@GitBook_s
7 436
Repost from Bug Bounty - GitBook
𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 & 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀
>RED TEAMING
•Cheat Sheet
•Active Directory 101
•Fuzzing and Web
•Initial Foothold
•Privilege Escalation (Privesc)
•Lateral Movement (Pivoting)
•Persistence
•Command and Control (C&C)
•Data Exfiltration
•CVE & Exploits / CTF
>MALWARE ANALYSIS
•Unpacking
•Basic tips
•Malware instrumentation with frida
>MOBILE
•Reverse iOS ipa
•Reverse Android APKs
•Basic tips
>IOT / REVERSE / FIRMWARE
•Basic tips
•Reverse IoT devices
Link 🔗:-
https://gitbook.seguranca-informatica.pt/
@GitBook_s
7 436
Repost from Bug Bounty - GitBook
𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 𝗡𝗼𝘁𝗲𝘀
>RED TEAM TECHNIQUES
~Initial Access
•T1190: Exploit Public-Facing Applications
•T1133: External Remote Services
•T1566: Phishing
•T1195: Supply Chain Compromise
•T1078: Valid Accounts
•T1199: Trusted Relationship
~Execution
•T1047:Windows Management Instrumentation
•T1204: User Execution
•T1569: Service Execution
•T1053: Scheduled Tasks/Job
•T1106: Native API
•T1559: Inter-Process Communication
•T1203: Exploitation for Client Execution
•T1059: Command and Scripting Interpreter
~Persistence
•T1574: Hijack Execution Flow
•T1133:External Remote Services
•T1546:Event Triggered Execution
•T1543:Create or Modify System Process
•T1136: Create Account
•T1554:Compromise Client Software Binary
•T1547:Boot or Logon AutoStart Execution
•T1197: BITS Jobs
•T1053: Scheduled Tasks/Job
•T1098: Account Manipulation..
>RED TEAM INFRASTRUCTURE
~Reconnaissance
•Passive
•Active
~Weaponization
•Macros
•HTA
•ZIP
•ISO
~Delivery
•Gophish
•EvilGinx
•PwnDrop
~Situational Awareness
•Covenant and C#
•Empire and PowerShell
~Credential Dumping
•Mimikatz
•Lsass Dumping
•SharpChromium
~Persistence
•Userland Persistence
•Elevated Persistence
~Defense Evasion
•Disable or Modify Tools
•Obfuscating Files
~Privilege Escalation
•PowerUp
•PrivescCheck
~Lateral Movement
•RDP
•PowerShell Remoting
Link 🔗:-
https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team
@GitBook_s
7 436
Repost from Bug Bounty - GitBook
𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀
>LEARNING RESOURCES
•Web App Pentesting
>RECONNAISANCE
•OSINT
•Vulnerability Scabbing
>RESOURCE DEVELOPMENT
•Password Crack Rig
•Malware
•C2 Infrastructure
•Phishing Infrastructure
>INITIAL ACCESS
•Phishing
•Password Spray
•Malicious Outlook Rules
>HOST TRIAGE
•Situational Awareness
>INTERNAL RECONNAISSANCE
•Enumeration
•Lateral Movement
•Misc.
>DEFENSE EVASION
•Dynamic Analysis
•Static Analysis
•General
•Windows Internals
•Execution
•.NET Post Exploitation
•Powershell
•AMSI
>PRIVILEGE ESCALATION
•Domain Privilege Escalation
•Local Priv Esc - Windows
•Local Priv Esc - Linux
>LATERAL MOVEMENT
•Tunnels & Port Forward
>PERSISTENCE
•Local Persistence
•Domain Persistence
>LINUX
•Enumeration
•Lateral Movement
•Misc.
•Exploitation Techniques
•Exploit Dev
>KALI LINUX FU
•Kali Fu
•File System
>SCANNING & ENUMERATION
•Redis
•Port Scan
•RPC
•Kerberos
•WinRM
•Telnet
•PBX
•RDP
•Finger
•VNC
•Mail Servers
•SSH
•SMB
•Content Management Systems
•FTP
•Web Server
•DNS
•LDAP
•Database Services
•IKE VPN Service
•SNMP
•Sniffing
>WEB APP VULNERABILITIES
•Directory Traversal
•Server-Side Template Injection
•HTTP Parameter Pollution
•Sensitive Data Exposure
•Broken Access Control
•Business Logic Testing
•Broken Authentication
•XXE
•File Inclusion
•SSRF
•Injection
•Insecure Deserialization
•Cross-Site-Scripting (XSS)
>API PENTESTING
•Resources
>PROGRAMMING
•Bash
>MAINTAINING ACCESS
•C2 - Command & Control
•Notes
>CLOUD SECURITY PENTEST
•Penetration Testing AWS Storage
•Pentesting Azure
•Pentesting Cloud Networks
>BLUE TEAM
•Home Lab
•Reverse Engineering
•Forensics
>REVERSE ENGINEERING
•Malware Analysis
•Buffer Overflow
•Learning Resources
>HOME LAB PROJECT
•Initial Configuration
•Active Directory
>EXFILTRATION
•Attack Vectors
>WIRELESS PENTESTING
•Radius
Link 🔗:-
https://notes.offsec-journey.com/
@GitBook_s
7 436
Repost from Bug Bounty - GitBook
𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀
>LEARNING RESOURCES
•Web App Pentesting
>RECONNAISANCE
•OSINT
•Vulnerability Scabbing
>RESOURCE DEVELOPMENT
•Password Crack Rig
•Malware
•C2 Infrastructure
•Phishing Infrastructure
>INITIAL ACCESS
•Phishing
•Password Spray
•Malicious Outlook Rules
>HOST TRIAGE
•Situational Awareness
>INTERNAL RECONNAISSANCE
•Enumeration
•Lateral Movement
•Misc.
>DEFENSE EVASION
•Dynamic Analysis
•Static Analysis
•General
•Windows Internals
•Execution
•.NET Post Exploitation
•Powershell
•AMSI
>PRIVILEGE ESCALATION
•Domain Privilege Escalation
•Local Priv Esc - Windows
•Local Priv Esc - Linux
>LATERAL MOVEMENT
•Tunnels & Port Forward
>PERSISTENCE
•Local Persistence
•Domain Persistence
>LINUX
•Enumeration
•Lateral Movement
•Misc.
•Exploitation Techniques
•Exploit Dev
>KALI LINUX FU
•Kali Fu
•File System
>SCANNING & ENUMERATION
•Redis
•Port Scan
•RPC
•Kerberos
•WinRM
•Telnet
•PBX
•RDP
•Finger
•VNC
•Mail Servers
•SSH
•SMB
•Content Management Systems
•FTP
•Web Server
•DNS
•LDAP
•Database Services
•IKE VPN Service
•SNMP
•Sniffing
>WEB APP VULNERABILITIES
•Directory Traversal
•Server-Side Template Injection
•HTTP Parameter Pollution
•Sensitive Data Exposure
•Broken Access Control
•Business Logic Testing
•Broken Authentication
•XXE
•File Inclusion
•SSRF
•Injection
•Insecure Deserialization
•Cross-Site-Scripting (XSS)
>API PENTESTING
•Resources
>PROGRAMMING
•Bash
>MAINTAINING ACCESS
•C2 - Command & Control
•Notes
>CLOUD SECURITY PENTEST
•Penetration Testing AWS Storage
•Pentesting Azure
•Pentesting Cloud Networks
>BLUE TEAM
•Home Lab
•Reverse Engineering
•Forensics
>REVERSE ENGINEERING
•Malware Analysis
•Buffer Overflow
•Learning Resources
>HOME LAB PROJECT
•Initial Configuration
•Active Directory
>EXFILTRATION
•Attack Vectors
>WIRELESS PENTESTING
•Radius
Link 🔗:-
https://notes.offsec-journey.com/
@GitBook_s
7 436
Repost from Bug Bounty - GitBook
𝗣𝗲𝗻𝘁𝗲𝘀𝘁 𝗕𝗼𝗼𝗸 𝗯𝘆 𝗻𝟯𝘁_𝗵𝘂𝗻𝘁𝟯𝗿
>Cloud Pentesting
•AWS Security Testing
•Azure Pentesting
•GCP Pentesting
>Web Application Pentesting
•XSS <Cross Site Scripting>
•XSS Filter Evasion and WAF Bypassing Tactics
•SSRF <Server Side Request Forgery>
•Open Redirect Vulnerability
•Command Injection
•File Upload
•Rate Limit Bypass Techniques
•IDOR
•Web Cache Poisoning /Web Cache Deception
•CSRF <Cross Site Request Forgery>
•XPATH injection
•LDAP Injection
•JWT Vulnerabilities <Json Web Tokens>
•CORS - Misconfigurations & Bypass
•Reset/Forgotten Password Bypass
•CRLF (%0D%0A) Injection
•Clickjacking
•Hostile Domain/Subdomain takeover
•Server Side Inclusion/Edge Side Inclusion Injection
•HTTP Request Smuggling / HTTP Desync Attack
•SAML Attacks
•OAuth to Account takeover
•Cross-site WebSocket hijacking (CSWSH)
•Uncovering CloudFlare
•Email Header Injection
•Unicode Normalization vulnerability
•Registration Vulnerabilities
•Race Condition
Link 🔗:-
https://n3t-hunt3r.gitbook.io/pentest-book/
@GitBook_s
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
