Bug Bounty - GitBook
Открыть в Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Больше7 493
Подписчики
+524 часа
+577 дней
+19730 день
Архив постов
7 497
[+] Hacking Training
[+] Introducing private tools
[+] 0day exploits
[+] Kali linux
[+] Priv8 methods
Join the channel 🤠🤞 :
https://t.me/WebHackers
https://t.me/WebHackers
https://t.me/WebHackers
7 497
#NahamCon2024: Modern WAF Bypass Techniques on Large Attack Surfaces
https://www.youtube.com/watch?v=0OMmWtU2Y_g
7 497
theB10G
hacking-the-scammers
systematic-destruction-hacking-the-scammers-pt.-2l
sql-injection-in-security-cleared-job-site
xss-security-policy-bypass
misi-hack-the-building-2.0-hospital-edition
booked-v2.5.5-labarchives-scheduler-vulnerability
ctf-writeups
arcent-best-cyber-warrior-2023
bounty-hunter-writeup
previse-writeup
ejpt-certification-review
sauna-writeup
active-writeup
trick-writeup
graphql-query-authentication-bypass-vuln
ewpt-certification-review
2022-doe-cyberforce-competition
data-mining-cves-and-exploits
ecpptv2-certification-review
Link 🔗:-
https://blog.smithsecurity.biz/
@GitBook_s
7 497
Ethical Hacking Notes
>FOOTPRINTING & RECONNAISSANCE
>SCANNING
>ENUMERATION
>VULNERABILITY ANALYSIS
>SYSTEM HACKING
>SNIFFING
>DENIAL OF SERVICE
>SESSION HIJACKING
>WEB SERVER HACKING
>IOT HACKING
Link 🔗:-
https://tzero86.gitbook.io/tzero86
@GitBook_s
7 497
📦 Hack The Box. Let's learn hacking.
• A useful and large selection of HTB walkthroughs that will help improve your skills and gain new knowledge in various aspects of pentesting.
➡️ https://0xdf.gitlab.io
7 497
📝 HackerOne reports.
• Keep links to a very comprehensive and useful repository that includes top HackerOne reports. The repo is constantly kept up to date, which will help you learn a lot of new and useful things (options for exploiting various vulnerabilities, attack vectors, etc.).
https://github.com/reddelexc/hackerone-reports
Tops 100:
• Top 100 upvoted reports;
• Top 100 paid reports.
Tops by bug type:
• Top XSS reports;
• Top XXE reports;
• Top CSRF reports;
• Top IDOR reports;
• Top RCE reports;
• Top SQLi reports;
• Top SSRF reports;
• Top Race Condition reports;
• Top Subdomain Takeover reports;
• Top Open Redirect reports;
• Top Clickjacking reports;
• Top DoS reports;
• Top OAuth reports;
• Top Account Takeover reports;
• Top Business Logic reports;
• Top REST API reports;
• Top GraphQL reports;
• Top Information Disclosure reports;
• Top Web Cache reports;
• Top SSTI reports;
• Top Upload reports;
• Top HTTP Request Smuggling reports;
• Top OpenID reports;
• Top Mobile reports;
• Top File Reading reports;
• Top Authorization Bypass reports;
• Top Authentication Bypass reports;
• Top MFA reports.
Tops by program:
• Top Mail.ru reports;
• Top HackerOne reports;
• Top Shopify reports;
• Top Nextcloud reports;
• Top Twitter reports;
• Top X (formerly Twitter) reports;
• Top Uber reports;
• Top Node.js reports;
• Top shopify-scripts reports;
• Top Legal Robot reports;
• Top U.S. Dept of Defense reports;
• Top Gratipay reports;
• Top Weblate reports;
• Top VK.com reports;
• Top New Relic reports;
• Top LocalTapiola reports;
• Top Zomato reports;
• Top Slack reports;
• Top ownCloud reports;
• Top GitLab reports;
• Top Ubiquiti Inc. reports;
• Top Automattic reports;
• Top Coinbase reports;
• Top Verizon Media reports;
• Top Starbucks reports;
• Top Paragon Initiative Enterprises reports;
• Top PHP (IBB) reports;
• Top Brave Software reports;
• Top Vimeo reports;
• Top OLX reports;
• Top concrete5 reports;
• Top Phabricator reports;
• Top Localize reports;
• Top Qiwi reports;
• Top WordPress reports;
• Top The Internet reports;
• Top Open-Xchange reports;
@GitBook_s
7 497
And Some vulnerable site for xss
prompt.ml
alf.nu/alert1
xss-game.appspot.com
polyglot.innerht.ml
sudo.co.il/xss
root-me.org
chefsecure.com
wechall.net
xss-labs.abay.sh/xss/
@GitBook_s
7 497
Awesome Vulnerable Applications.
• A selection of pre-vulnerable applications, services, OS, etc. for your training or testing of various types of scanners:
- Online;
- Paid;
- Vulnerable VMs;
- Cloud Security;
- SSO - Single Sign On;
- Mobile Security;
+ OWASP Top 10;
- SQL Injection;
- XSS Injection;
- Server Side Request Forgery;
- CORS Misconfiguration;
- XXE Injection;
- Request Smuggling;
+ Technologies;
- WordPress;
- Node.js;
- Firmware;
- Uncategorized.
➡️ https://github.com/vavkamil/awesome-vulnerable-apps/
@GitBook_s
7 497
Methodology
Bullet Proof Strategy
>Enumeration
>Exploitation
>Privilege Escalation
Elevated Post Exploitation
>Active Directory
>Walkthroughs
Cert Pictures :)
>Python Lessons
Bash Lessons
>C# Programming
Link 🔗:-
https://lyethar.gitbook.io/methodology
@GitBook_s
7 497
OWASP MASTG
>OVERVIEW
>GENERAL MOBILE APP TESTING GUIDE
>ANDROID TESTING GUIDE
>IOS TESTING GUIDE
>APPENDIX
Link 🔗:-
https://mobile-security.gitbook.io/mobile-security-testing-guide
@GitBook_s
7 497
UBG Hacking Team
About UBG
>Site Contributors
>CTF Writeups
>Blog Posts
>Attacks
Detection
>MISC.
Link 🔗:-
notes.ubg-hacking.team
@GitBook_s
7 497
𝗣𝗘𝗡𝗧𝗘𝗦𝗧𝗜𝗡𝗚 𝗡𝗢𝗧𝗘𝗦 📚
>Active Directory
•Initial Access
•Internal Enumeration & Lateral Movement
•Privilege Escalation to Domain Admin using Known Exploits
•Domain Trusts
>Privilege Escalation
•Linux Privilege Escalation
•Windows Privilege Escalation
>Protocols and Services
•DNS/FTP/IMAP
•IPMI/MSSQL
•MySQL/NFS
•Oracle TNS
•POP3/RDP
•SMB
•SMTP/SNMP
>Fuzzing
>Information Gathering
>Utilities, Scripts and Payloads
•Shells and Payloads
•Metasploit Framework
•File Transfers
•Pivoting, Tunneling, Port Forwarding
•Password Attacks
>Web Applications Attacks
•File Uploads
•HTTP Verb Tampering
•Insecure Direct Object References (IDOR)
•Local File Inclusion (LFI)
•Remote File Inclusion (RFI)
•OS Command Injection
•Cross Site Scripting (XSS)
•SQL Injection
•XML External Entities (XXE)
>Web Application Technologies
•Drupal
•Gitlab
•CGI Applications
•Jenkins
•Joomla
•Microsoft IIS
•osTicket
•PRTG Network Monitor
•Splunk
•Tomcat
•WordPress
Link 🔗:-
https://sfoffo.gitbook.io/sfoffo-pentesting-notes
@GitBook_s
7 497
coffeetohack
Introduction
Methodology
>Cheatsheet
>Framework/Application
>Windows PrivEsc
>Linux PrivEsc
>Buffer Overflow
Initial Shell Exploits
Privesc Exploits
Cisco Packet Tracer
>Active Directory
OSINT
Link 🔗:-
https://coffeetohack.gitbook.io/coffeetohack
@GitBook_s
7 497
The Open League hackathon
▪️TON Foundation Launches The Open League Hackathon: A fast-track entry into the Open League with over $150 million in rewards and various incentives for users.
▪️Hackathon runs from April to June and its prize fund is 2 million dollars.
▪️Participants build new applications and use cases for the Web3 world, including GameFi and Web3 social networks, DeFi and e-commerce on TON and Telegram.
Why participate in this hackathon?
2 million dollar prize fund.
▪️Fast track to participate in The Open League with 50,000 Toncoin support to boost your token cash pool.
The best projects can receive financial assistance from the $500,000 fund provided by TON Ventures.
▪️An opportunity to meet TON Foundation members and TON Venture Fund Managers during Gateway in Dubai.
Projects participating in the Open League pilot season have seen triple-digit growth in the number of active users, token holders, market capitalization, and transaction volume on the TON decentralized exchange. This is while only 1 million Toncoins were allocated for the trial season. In the next season, the rewards will increase 30 times: 30 million Toncoin rewards for 3 months.
Can you and your team win the competition? It's time to build in TON!
Register now!
https://dorahacks.io/hackathon/the-open-league-hackathon/detail
7 497
🪙 Awesome Bug Bounty Tools.
• A large list of tools for Bug Bounty, which is divided into the following categories:
• Recon:
- Subdomain Enumeration;
- Port Scanning;
- Screenshots;
- Technologies;
- Content Discovery;
- Links;
- Parameters;
- Fuzzing.
• Exploitation:
- Command Injection;
- CORS Misconfiguration;
- CRLF Injection;
- CSRF Injection;
- Directory Traversal;
- File Inclusion;
- GraphQL Injection;
- Header Injection;
- Insecure Deserialization;
- Insecure Direct Object References;
- Open Redirect;
- Race Condition;
- Request Smuggling;
- Server Side Request Forgery;
- SQL Injection;
- XSS Injection;
- XXE Injection.
• Miscellaneous:
- Passwords;
- Secrets;
- Git;
- Buckets;
- CMS;
- JSON Web Token;
- postMessage;
- Subdomain Takeover;
- Uncategorized.
@GitBook_s
7 497
jesusgavancho - Writeups
The Great Escape
Lookback
Outlook NTLM Leak
Year of the Fox
PS Eclipse
Eavesdropper
Tony the Tiger
Intro to Offensive Security
MD2PDF
Content Security Policy
Agent T
Introduction to Flask
Atlas
Bugged
Sigma
Intro to Cloud Security
Holo
CCT2019
Opacity
Empline
Phishing Emails 5
BlueTeam
Tempest
hackerNote
Watcher
CMesS
HA Joker CTF
OWASP Top 10 2021
Metasploit
Oh My WebServer
Road
Anonymous
Ollie
Training for New Analyst
Tokyo Ghoul
Dependency Management
KoTH Food CTF
Android Malware Analysis
Intro To Pwntools
AD Certificate Templates
CVE 2022 26923
Basic Static Analysis
Introduction To Honeypots
Intro to Pipeline Automation
Intro to Containerisation
ARP Spoofing
Mindgames
Brute Force Heroes
SQLMAP
Insekube
TakeOver
Boiler CTF
GoldenEye
Splunk 3
Tempus Fugit Durius
Warzone 1
OWASP API Security Top 10 2
Temple
AllSignsPoint2Pwnage
OWASP API Security Top 10 1
Secret Recipe
NoNameCTF
Binex
Jack
Tactical Detection
Jurassic Park
DX1 Liberty Island
Brute
Biblioteca
Napping
Kubernetes for Everyone
Oday
Osiris
Set
NoSQL injection Basics
Warzone 2
Atlassian, CVE 2022 26134
Jason
VulnNet: Roasted
VulnNet Internal
VulnNet Node
Brooklyn Nine Nine
Thompson
The Cod Caper
Neighbour
ColddBox Easy
Library
All in One
Poster
Gallery
Cat Pictures
Boogeyman 1
Corridor
Team
Ra 2
Advent of Cyber 2022
Bookstore
Intro to Malware Analysis
TheHive Project
Velociraptor
KAPE
Lunizz CTF
Linux Forensics
DFIR An Introduction
Benign
Cyborg
Year of the rabbit
Blaster
Easy Peasy
Couch
Chocolate Factory
REmux The Tmux
Spring4Shell
Dirty Pipe
OverlayFS
Pwnkit
CTF collection Vol.2
Gotta Catch'em All!
Break Out The Cage
Bolt
Source
AttackerKB
Intro to Defensive Security
Careers in Cyber
OSI Model
Packets&Frames
Extending Your Network
How websites work
Putting it all together
Operating System Security
Network Security
Security Operations
Network Services
Network Services 2
Active Directory Basics
Attacking Kerberos
Subdomain Enumeration
Authentication Bypass
IDOR
File Inclusion
Masterminds
SSRF
Command Injection
Cross site Scripting
Burp Suite Extender
Burp Suite Intruder
Surfer
Willow
Conti
Unattended
Tardigrade
Link 🔗:-
https://jesusgavancho.gitbook.io/writeups/
@GitBook_s
