Bug Bounty - GitBook
Открыть в Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Больше7 510
Подписчики
+424 часа
+507 дней
+19230 день
Архив постов
7 510
📝 HackerOne reports.
• Keep links to a very comprehensive and useful repository that includes top HackerOne reports. The repo is constantly kept up to date, which will help you learn a lot of new and useful things (options for exploiting various vulnerabilities, attack vectors, etc.).
https://github.com/reddelexc/hackerone-reports
Tops 100:
• Top 100 upvoted reports;
• Top 100 paid reports.
Tops by bug type:
• Top XSS reports;
• Top XXE reports;
• Top CSRF reports;
• Top IDOR reports;
• Top RCE reports;
• Top SQLi reports;
• Top SSRF reports;
• Top Race Condition reports;
• Top Subdomain Takeover reports;
• Top Open Redirect reports;
• Top Clickjacking reports;
• Top DoS reports;
• Top OAuth reports;
• Top Account Takeover reports;
• Top Business Logic reports;
• Top REST API reports;
• Top GraphQL reports;
• Top Information Disclosure reports;
• Top Web Cache reports;
• Top SSTI reports;
• Top Upload reports;
• Top HTTP Request Smuggling reports;
• Top OpenID reports;
• Top Mobile reports;
• Top File Reading reports;
• Top Authorization Bypass reports;
• Top Authentication Bypass reports;
• Top MFA reports.
Tops by program:
• Top Mail.ru reports;
• Top HackerOne reports;
• Top Shopify reports;
• Top Nextcloud reports;
• Top Twitter reports;
• Top X (formerly Twitter) reports;
• Top Uber reports;
• Top Node.js reports;
• Top shopify-scripts reports;
• Top Legal Robot reports;
• Top U.S. Dept of Defense reports;
• Top Gratipay reports;
• Top Weblate reports;
• Top VK.com reports;
• Top New Relic reports;
• Top LocalTapiola reports;
• Top Zomato reports;
• Top Slack reports;
• Top ownCloud reports;
• Top GitLab reports;
• Top Ubiquiti Inc. reports;
• Top Automattic reports;
• Top Coinbase reports;
• Top Verizon Media reports;
• Top Starbucks reports;
• Top Paragon Initiative Enterprises reports;
• Top PHP (IBB) reports;
• Top Brave Software reports;
• Top Vimeo reports;
• Top OLX reports;
• Top concrete5 reports;
• Top Phabricator reports;
• Top Localize reports;
• Top Qiwi reports;
• Top WordPress reports;
• Top The Internet reports;
• Top Open-Xchange reports;
@GitBook_s
7 510
And Some vulnerable site for xss
prompt.ml
alf.nu/alert1
xss-game.appspot.com
polyglot.innerht.ml
sudo.co.il/xss
root-me.org
chefsecure.com
wechall.net
xss-labs.abay.sh/xss/
@GitBook_s
7 510
Awesome Vulnerable Applications.
• A selection of pre-vulnerable applications, services, OS, etc. for your training or testing of various types of scanners:
- Online;
- Paid;
- Vulnerable VMs;
- Cloud Security;
- SSO - Single Sign On;
- Mobile Security;
+ OWASP Top 10;
- SQL Injection;
- XSS Injection;
- Server Side Request Forgery;
- CORS Misconfiguration;
- XXE Injection;
- Request Smuggling;
+ Technologies;
- WordPress;
- Node.js;
- Firmware;
- Uncategorized.
➡️ https://github.com/vavkamil/awesome-vulnerable-apps/
@GitBook_s
7 510
Methodology
Bullet Proof Strategy
>Enumeration
>Exploitation
>Privilege Escalation
Elevated Post Exploitation
>Active Directory
>Walkthroughs
Cert Pictures :)
>Python Lessons
Bash Lessons
>C# Programming
Link 🔗:-
https://lyethar.gitbook.io/methodology
@GitBook_s
7 510
OWASP MASTG
>OVERVIEW
>GENERAL MOBILE APP TESTING GUIDE
>ANDROID TESTING GUIDE
>IOS TESTING GUIDE
>APPENDIX
Link 🔗:-
https://mobile-security.gitbook.io/mobile-security-testing-guide
@GitBook_s
7 510
UBG Hacking Team
About UBG
>Site Contributors
>CTF Writeups
>Blog Posts
>Attacks
Detection
>MISC.
Link 🔗:-
notes.ubg-hacking.team
@GitBook_s
7 510
𝗣𝗘𝗡𝗧𝗘𝗦𝗧𝗜𝗡𝗚 𝗡𝗢𝗧𝗘𝗦 📚
>Active Directory
•Initial Access
•Internal Enumeration & Lateral Movement
•Privilege Escalation to Domain Admin using Known Exploits
•Domain Trusts
>Privilege Escalation
•Linux Privilege Escalation
•Windows Privilege Escalation
>Protocols and Services
•DNS/FTP/IMAP
•IPMI/MSSQL
•MySQL/NFS
•Oracle TNS
•POP3/RDP
•SMB
•SMTP/SNMP
>Fuzzing
>Information Gathering
>Utilities, Scripts and Payloads
•Shells and Payloads
•Metasploit Framework
•File Transfers
•Pivoting, Tunneling, Port Forwarding
•Password Attacks
>Web Applications Attacks
•File Uploads
•HTTP Verb Tampering
•Insecure Direct Object References (IDOR)
•Local File Inclusion (LFI)
•Remote File Inclusion (RFI)
•OS Command Injection
•Cross Site Scripting (XSS)
•SQL Injection
•XML External Entities (XXE)
>Web Application Technologies
•Drupal
•Gitlab
•CGI Applications
•Jenkins
•Joomla
•Microsoft IIS
•osTicket
•PRTG Network Monitor
•Splunk
•Tomcat
•WordPress
Link 🔗:-
https://sfoffo.gitbook.io/sfoffo-pentesting-notes
@GitBook_s
7 510
coffeetohack
Introduction
Methodology
>Cheatsheet
>Framework/Application
>Windows PrivEsc
>Linux PrivEsc
>Buffer Overflow
Initial Shell Exploits
Privesc Exploits
Cisco Packet Tracer
>Active Directory
OSINT
Link 🔗:-
https://coffeetohack.gitbook.io/coffeetohack
@GitBook_s
7 510
The Open League hackathon
▪️TON Foundation Launches The Open League Hackathon: A fast-track entry into the Open League with over $150 million in rewards and various incentives for users.
▪️Hackathon runs from April to June and its prize fund is 2 million dollars.
▪️Participants build new applications and use cases for the Web3 world, including GameFi and Web3 social networks, DeFi and e-commerce on TON and Telegram.
Why participate in this hackathon?
2 million dollar prize fund.
▪️Fast track to participate in The Open League with 50,000 Toncoin support to boost your token cash pool.
The best projects can receive financial assistance from the $500,000 fund provided by TON Ventures.
▪️An opportunity to meet TON Foundation members and TON Venture Fund Managers during Gateway in Dubai.
Projects participating in the Open League pilot season have seen triple-digit growth in the number of active users, token holders, market capitalization, and transaction volume on the TON decentralized exchange. This is while only 1 million Toncoins were allocated for the trial season. In the next season, the rewards will increase 30 times: 30 million Toncoin rewards for 3 months.
Can you and your team win the competition? It's time to build in TON!
Register now!
https://dorahacks.io/hackathon/the-open-league-hackathon/detail
7 510
🪙 Awesome Bug Bounty Tools.
• A large list of tools for Bug Bounty, which is divided into the following categories:
• Recon:
- Subdomain Enumeration;
- Port Scanning;
- Screenshots;
- Technologies;
- Content Discovery;
- Links;
- Parameters;
- Fuzzing.
• Exploitation:
- Command Injection;
- CORS Misconfiguration;
- CRLF Injection;
- CSRF Injection;
- Directory Traversal;
- File Inclusion;
- GraphQL Injection;
- Header Injection;
- Insecure Deserialization;
- Insecure Direct Object References;
- Open Redirect;
- Race Condition;
- Request Smuggling;
- Server Side Request Forgery;
- SQL Injection;
- XSS Injection;
- XXE Injection.
• Miscellaneous:
- Passwords;
- Secrets;
- Git;
- Buckets;
- CMS;
- JSON Web Token;
- postMessage;
- Subdomain Takeover;
- Uncategorized.
@GitBook_s
7 510
jesusgavancho - Writeups
The Great Escape
Lookback
Outlook NTLM Leak
Year of the Fox
PS Eclipse
Eavesdropper
Tony the Tiger
Intro to Offensive Security
MD2PDF
Content Security Policy
Agent T
Introduction to Flask
Atlas
Bugged
Sigma
Intro to Cloud Security
Holo
CCT2019
Opacity
Empline
Phishing Emails 5
BlueTeam
Tempest
hackerNote
Watcher
CMesS
HA Joker CTF
OWASP Top 10 2021
Metasploit
Oh My WebServer
Road
Anonymous
Ollie
Training for New Analyst
Tokyo Ghoul
Dependency Management
KoTH Food CTF
Android Malware Analysis
Intro To Pwntools
AD Certificate Templates
CVE 2022 26923
Basic Static Analysis
Introduction To Honeypots
Intro to Pipeline Automation
Intro to Containerisation
ARP Spoofing
Mindgames
Brute Force Heroes
SQLMAP
Insekube
TakeOver
Boiler CTF
GoldenEye
Splunk 3
Tempus Fugit Durius
Warzone 1
OWASP API Security Top 10 2
Temple
AllSignsPoint2Pwnage
OWASP API Security Top 10 1
Secret Recipe
NoNameCTF
Binex
Jack
Tactical Detection
Jurassic Park
DX1 Liberty Island
Brute
Biblioteca
Napping
Kubernetes for Everyone
Oday
Osiris
Set
NoSQL injection Basics
Warzone 2
Atlassian, CVE 2022 26134
Jason
VulnNet: Roasted
VulnNet Internal
VulnNet Node
Brooklyn Nine Nine
Thompson
The Cod Caper
Neighbour
ColddBox Easy
Library
All in One
Poster
Gallery
Cat Pictures
Boogeyman 1
Corridor
Team
Ra 2
Advent of Cyber 2022
Bookstore
Intro to Malware Analysis
TheHive Project
Velociraptor
KAPE
Lunizz CTF
Linux Forensics
DFIR An Introduction
Benign
Cyborg
Year of the rabbit
Blaster
Easy Peasy
Couch
Chocolate Factory
REmux The Tmux
Spring4Shell
Dirty Pipe
OverlayFS
Pwnkit
CTF collection Vol.2
Gotta Catch'em All!
Break Out The Cage
Bolt
Source
AttackerKB
Intro to Defensive Security
Careers in Cyber
OSI Model
Packets&Frames
Extending Your Network
How websites work
Putting it all together
Operating System Security
Network Security
Security Operations
Network Services
Network Services 2
Active Directory Basics
Attacking Kerberos
Subdomain Enumeration
Authentication Bypass
IDOR
File Inclusion
Masterminds
SSRF
Command Injection
Cross site Scripting
Burp Suite Extender
Burp Suite Intruder
Surfer
Willow
Conti
Unattended
Tardigrade
Link 🔗:-
https://jesusgavancho.gitbook.io/writeups/
@GitBook_s
7 510
👩💻 JavaScript Analysis for Pentesters.
This is probably the most comprehensive guide to JavaScript files for pentesters to date:
• Static Analysis:
- Gather JavaScript Code;
- Identify Endpoints;
- Detect Secrets;
- Locate Dangerous Functions;
- Discover Outdated Libraries.
• Dynamic analysis:
- Basic Tools;
- Example Application;
- Client-Side Filtering;
- Finding the Entry Point;
- The Debugger;
- General Advice.
• Obfuscation & Deobfuscation:
- Minification;
- Beautification;
- Source Maps;
- Minification and Analysis;
- Obfuscation;
- Deobfuscation;
- Obfuscation and Analysis.
• Hands-On: Analyze obfuscated code:
- Example Application;
- Finding the Entry Point;
- Locating the Value of Interest;
- The Unpacking Function;
- Reconstructing the Signing Call;
- Decoding the Key;
- Signing Manipulated JWTs.
• Local Overrides:
- Temporary Changes in Developer Tools;
- Persistent Changes in Developer Tools;
- Persistent Changes in Burp Suite.
• Bypass code protection:
- Setup;
- Self Defending;
- Debug protection;
- Disable console output;
- General advice.
• Wrapping Up:
- Some References.
@GitBook_s
7 510
𝗥𝗘𝗩𝗘𝗥𝗦𝗘 𝗘𝗡𝗚𝗜𝗡𝗘𝗘𝗥𝗜𝗡𝗚 𝗙𝗢𝗥 𝗘𝗩𝗘𝗥𝗬𝗢𝗡𝗘
>x86 Course
•x86 Basic Architecture
•Assmebly Intro
•Types of Malware
•Registers
•Stack
•Heap
•ASM Programming/Debugging/Hacking
>ARM-32 Course 1
•Program Counter
•Pointer
•Firmware
•ADDS/ADC/SUB
>ARM-32 Course 2
•Procedures
•Constants
•Variables
•Operators
>x64 Course
•Boolean Logics
•SHL/SHR/ROL/ROR Instructions
•Boot Sector
•x86 Assembly
•C++ Code/Debug/Hacking
>ARM-64 Course
•Debugging Basic I/O
•Hacking Basic I/O
•Character Primitive Datatype
•Float Primitive Datatype
•Double Primitive Datatype
>Pico Hacking Course
•Debugging/Hacking char
•Debugging/Hacking int float
•Debugging/Hacking double
Link 🔗:-
https://0xinfection.github.io/reversing/
@GitBook_s
7 510
Offsec Journey
>LEARNING RESOURCES
>RECONNAISANCE
>RESOURCE DEVELOPMENT
>INITIAL ACCESS
>HOST TRIAGE
>INTERNAL RECONNAISSANCE
>DEFENSE EVASION
>PRIVILEGE ESCALATION
>LATERAL MOVEMENT
>PERSISTENCE
>LINUX
>KALI LINUX FU
>SCANNING & ENUMERATION
>WEB APP VULNERABILITIES
>API PENTESTING
>PROGRAMMING
>MAINTAINING ACCESS
>CLOUD SECURITY PENTEST
>BLUE TEAM
>REVERSE ENGINEERING
>HOME LAB PROJECT
>EXFILTRATION
>WIRELESS PENTESTING
Link 🔗:-
https://notes.offsec-journey.com/maintaining-access/reference
@GitBook_s
7 510
Zeyu's Infosec Blog
CTF Writeups
Playground
OSCP
>2023
DEF CON 31 CTF && Midnight Sun CTF Finals 2023
From XS-Leaks to SS-Leaks Using object
Regular Expressions Are Hard
ReadiumJS Cloud Reader - Everybody Gets an XSS!
>2022
HTTP Request Smuggling in the Multiverse of Parsing Flaws
Hosting a CTF - SEETF 2022 Organizational and Infrastructure Review
Link 🔗:-
https://infosec.zeyu2001.com/
@GitBook_s
7 510
CyberSec Wikimandine
>TRYHACKME
>IN PROGRESS
>PORTS SCANNING & HOSTS DISCOVERY
>COMMON SERVICES
>PRIVILEGE ESCALATION
>BOF
>REVERSE SHELL
>ACTIVE DIRECTORY
>DICTIONARY ATTACK & SPRAYING
>WEB TECHNOLOGIES
>MISCELLANEOUS
>C2 FRAMEWORK
>WIRELESS
>API
>OSINT
>EXTERNAL
>WEB APPLICATION
>PHISHING
>RED TEAMING
>WIRESHARK
>CLOUD
>SCRIPTING & PROGRAMMING
>FRAMEWORKS
>INTERNAL
>AWS
Link 🔗:-
https://amandinegh.gitbook.io/cyberadventure/
@GitBook_s
