Bug Bounty - GitBook
Открыть в Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Больше7 497
Подписчики
+524 часа
+577 дней
+19730 день
Архив постов
7 503
🔎 cURL for OSINT.
• cURL Tool usage (with Grep) for OSINT (Open-Source Intelligence).
Link 🔗:-
• https://github.com/C3n7ral051nt4g3ncy/cURL_for_OSINT
@GitBook_s
7 503
Roadmap I followed to make 15,000+$ Bounties in my first 8 months of starting out and my journey
Link 🔗:-
https://shreyaschavhan.notion.site/Roadmap-I-followed-to-make-15-000-Bounties-in-my-first-8-months-of-starting-out-and-my-journey-98b1b9ff621645c0b97d1e774992f300
@GitBook_s
7 503
👩💻 Bash-Oneliner.
• A comprehensive selection of commands, from the obvious to some little things that make life easier.
- Terminal Tricks;
- Variable;
- Math;
- Grep;
- Sed;
- Awk;
- Xargs;
- Find;
- Condition and Loop;
- Time;
- Download;
- Random;
- Xwindow;
- System;
- Hardware;
- Networking;
- Data Wrangling;
- Others.
➡️ https://github.com/onceupon/Bash-Oneliner
@GitBook_s
7 503
👩💻 Firefox. Plugins for pentester.
• Before delving into the specifics of browser settings, it is important to understand its importance in this area. A browser is more than just a tool for browsing websites; it is a universal tool through which professionals interact with web applications, examine data, and identify vulnerabilities.
• Keep a list of useful Firefox plugins. A description of each plugin can be found at the link below:
• Wappalyzer;
• Foxyproxy;
• Hacktool;
• Hackbar;
• Tamper data;
• User-agent Switcher;
• Cookie editor;
• Built with.
➡️ https://www.hackingarticles.in
• P.S. And here there is a very voluminous mindmap, which contains many other plugins and their descriptions: https://github.com
@GitBook_s
7 503
🐈⬛ NetCat command cheatsheet.
• NetCat is a Unix utility that allows you to establish TCP and UDP connections, receive data from there and transmit it. The utility is a real Swiss army knife for pentesters and information security specialists, with which we can do the following:
- Scan ports;
- Forward ports;
- Collect service banners;
- Listen to the port (bind for reverse connection);
- Download and upload files;
- Output raw HTTP content;
- Create a mini-chat.
• In general, with the help of netcat you can replace some of the Unix utilities, so this tool can be considered a kind of combine for performing certain tasks.
@GitBook_s
7 503
𝗞𝗨𝗕𝗘𝗡𝗢𝗠𝗜𝗖𝗢𝗡
Kubernetes Pentesting & Security from Offensive Perspective
>Initial Access
•Using cloud credentials
•Compromised image In registry
•Kubeconfig file
•Application vulnerability
•Exposed sensitive interfaces
•SSH server running inside container
>Execution
•Exec inside container
•New container
•Application exploit (RCE)
•Sidecar injection
>Persistence
•Backdoor container
•Writable hostPath mount
•Kubernetes cronjob
•Malicious admission controller
•Container service account
•Static pods
>Privilege Escalation
•Privileged container
•Cluster-admin binding
•hostPath mount
•Access cloud resources
>Defense Evasion
•Clear container logs
•Delete events
•Pod name similarity
•Connect from proxy server
>Credential access
•List K8S secrets
•Access node information
•Container service account
•Application credentials in configuration files
•Access managed identity credentials
•Malicious admission controller
>Discovery
•Access Kubernetes API server
•Access Kubelet API
•Network mapping
•Exposed sensitive interfaces
•Instance Metadata API
>Lateral Movement
•Access cloud resources
•Container service account
•Cluster internal networking
•Application credentials in configuration files
•Writable hostPath mount
•CoreDNS poisoning
•ARP poisoning and IP spoofing
>Collection
•Images from a private registry
•Collecting data from pod
>Impact
•Data destruction
•Resource hijacking
•Denial of service
>Fundamentals
•Notes
•Services
•etcd
•RBAC
•Kubelet
•Namespaces
•Secrets
•Interesting Files
Link 🔗:-
https://kubenomicon.com
@GitBook_s
7 503
FREE Labs To Test Your PenTesting/CTF Skills
1. TryHackMe - http://tryhackme.com
2. Vulnhub - http://vulnhub.com
3. RootMe - http://root-me.org
4. OverTheWire - http://overthewire.org
5. PicoCTF - http://picoctf.com
6. Pentestlab - http://pentesterslab.com
7. Google CTF - http://capturetheflag.withgoogle.com
8. CMD Challenge - http://cmdchallenge.com
9. HackTheBox - http://hackthebox.com
10. Hacker Security - http://capturetheflag.com.br
11. CTF Komodo Security - http://ctf.komodosec.com
12. Academy Hackaflag BR - http://hackaflag.com.br
13. Attack-Defense - http://attackdefense.com
14. Hacker101 - http://ctf.hacker101.com
@GitBook_s
7 503
📦 Red Team Attack Lab.
• Link to a repository, which is a virtual environment with various operating systems and vulnerabilities for Red Team practice. You can find it here: https://github.com/Marshall-Hallenbeck/red_team_attack_lab
• A complete list of OS can be found here. The material will be very useful for Red Team, Blue Team, pentesters and information security specialists.
@GitBook_s
7 503
𝗛𝗢𝗪 𝗧𝗢 𝗛𝗨𝗡𝗧
>Account Takeover Methodology
>Application Level DoS Methods
>AUTHENTICATION BYPASS
•2FA Bypasses
•OTP Bypass
>BROKEN-LINK HIJACKING
>BROKEN AUTH AND SESSION MANAGEMENT
•Session Based Bugs
>CMS
•Wordpress
•Moodle
>CORS
>CSRF
>Finding CVEs
>CHECKLIST
>WEB PAGE SOURCE CODE REVIEW
>EXIF GEO DATA NOT STRIPPED
>EXIF Geo Data Not Stripped
>FILE UPLOAD BYPASS
>FIND ORIGIN IP
>GRAPHQL
>HTTP DESYNC ATTACK
>HOST-HEADER ATTACK
>HTML-INJECTION
>IDOR
>JWT ATTACK
>MFA Bypass
>MISCONFIGURATIONS
>OAuth
>OPEN REDIRECTION
>PARAMETER POLLUTION
>PASSWORD RESET FUNCTIONALITY
>RATE LIMIT
>RECON
>SQLI
>SSRF
>SSTI
>SIGN UP FUNCTIONALITY
>SENSITIVE INFO LEAKS
>STATUS CODE BYPASS
>SUBDOMAIN TAKEOVER
>TABNABBING
>WAF BYPASSES
>WEAK PASSWORD POLICY
>XSS
>XXE
Link 🔗:-
https://kathan19.gitbook.io/howtohunt
@GitBook_s
7 503
𝗕𝗟𝗢𝗢𝗗𝗬𝗦𝗛𝗘𝗟𝗟
>Android Pentesting
•Bypass SSL Pinning for flutter apps using reFlutter Framework
•Easy way to bypass SSL Pinning using apk-mitm tool
>HTB
•Nunchucks
•BountyHunter
•Lame
•Bashed
•Netmon
•Seal
•Intelligence
•Bastard
>TryHackMe
•Attacktive Directory
>Offensive Lab
•FunboxEasyEnum
•BBSCute
>Capture The Flag (CTF)
•Binary Exploitation
•Steganography
•Cryptography
•Forensics - HTB
>Active Directory
•HTB-Mantis (Hard)
>Window Privilege Escalation
>Linux Privilege Escalation
>Buffer Overflow
>Cloud Pentesting
•Pentesting Azure Active Directory
>Web Exploitation
•Attacking JSON Web Token
Link 🔗:-
https://l33t-en0ugh.gitbook.io/infosec
@GitBook_s
7 503
ZedSec WriteUps
>PROJECTS
Security Library
>SECURITY OPERATIONS
Cyber Kill Chain
Interview Questions
>TOOLS
NMAP
>WRITE-UPS
Blue Team Labs Online
HackTheBox
LetsDefend
TryHackMe
Kusto Detective Agency
Link 🔗:-
https://zedsec.gitbook.io/writeups/
@GitBook_s
7 503
CSbyGB - Pentips
>Networking, Protocols and Network Pentest
>Ethical Hacking - General Methodology
>External Pentest
>Web Pentesting
>Mobile App Pentest
>Wireless Pentest
>Cloud Pentest
>Thick Client Pentest
>Hardware Pentest
>Secure Code review
>Checklist
>Tools
>VM and Labs
>Linux
>Windows
>Programing
>Binary Exploitation
>OSINT
>Pentester Hardware Toolbox
>Post Exploitation
>Reporting
>Redteam
>WriteUps
>Digital Skills
How to Make a Gitbook
>Projects
>Talks
>Resorces
Link 🔗:-
https://csbygb.gitbook.io/pentips/cs-by-gb-pentips/readme
@GitBook_s
7 503
𝗛𝗼𝘂𝘀𝗲𝗛𝗼𝗹𝗱 𝗢𝗦𝗜𝗡𝗧 🎩
•Software Search
•Search photos and images
•Search engines by faces
•Search music
•Book Search
•Search for audiobooks
•File Search Tools
•Search for cars and their owners
•Search on the Web
Link 🔗:-
https://gitbook.osint-mindset.com/everyday-osint
@GitBook_s
7 503
This project is an introduction to computer security. Snow Crash will make you discover security in various sub-domains, with a developer-oriented approach. You will become familiar with several languages (ASM/perl/php…), develop a certain logic to understand unknown programs, and become aware of problems linked to simple programming errors.
Link 🔗:-
https://github.com/maxisimo/42-Snow-Crash
@GitBook_s
