ru
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Открыть в Telegram
7 497
Подписчики
+524 часа
+577 дней
+19730 день
Архив постов
🔎 cURL for OSINT. • cURL Tool usage (with Grep) for OSINT (Open-Source Intelligence). Link 🔗:- • https://github.com/C3n7ral051nt4g3ncy/cURL_for_OSINT @GitBook_s

👩‍💻 Bash-Oneliner. • A comprehensive selection of commands, from the obvious to some little things that make life easier. - Terminal Tricks; - Variable; - Math; - Grep; - Sed; - Awk; - Xargs; - Find; - Condition and Loop; - Time; - Download; - Random; - Xwindow; - System; - Hardware; - Networking; - Data Wrangling; - Others. ➡️ https://github.com/onceupon/Bash-Oneliner @GitBook_s

👩‍💻 Firefox. Plugins for pentester. • Before delving into the specifics of browser settings, it is important to understand its importance in this area. A browser is more than just a tool for browsing websites; it is a universal tool through which professionals interact with web applications, examine data, and identify vulnerabilities. • Keep a list of useful Firefox plugins. A description of each plugin can be found at the link below: • Wappalyzer; • Foxyproxy; • Hacktool; • Hackbar; • Tamper data; • User-agent Switcher; • Cookie editor; • Built with. ➡️ https://www.hackingarticles.in • P.S. And here there is a very voluminous mindmap, which contains many other plugins and their descriptions: https://github.com @GitBook_s

🐈‍⬛ NetCat command cheatsheet. • NetCat is a Unix utility that allows you to establish TCP and UDP connections, receive data from there and transmit it. The utility is a real Swiss army knife for pentesters and information security specialists, with which we can do the following: - Scan ports; - Forward ports; - Collect service banners; - Listen to the port (bind for reverse connection); - Download and upload files; - Output raw HTTP content; - Create a mini-chat. • In general, with the help of netcat you can replace some of the Unix utilities, so this tool can be considered a kind of combine for performing certain tasks. @GitBook_s

𝗞𝗨𝗕𝗘𝗡𝗢𝗠𝗜𝗖𝗢𝗡 Kubernetes Pentesting & Security from Offensive Perspective >Initial Access   •Using cloud credentials   •Compromised image In registry   •Kubeconfig file   •Application vulnerability   •Exposed sensitive interfaces   •SSH server running inside container >Execution   •Exec inside container   •New container   •Application exploit (RCE)   •Sidecar injection >Persistence   •Backdoor container   •Writable hostPath mount   •Kubernetes cronjob   •Malicious admission controller   •Container service account   •Static pods >Privilege Escalation   •Privileged container   •Cluster-admin binding   •hostPath mount   •Access cloud resources >Defense Evasion   •Clear container logs   •Delete events   •Pod name similarity   •Connect from proxy server >Credential access   •List K8S secrets   •Access node information   •Container service account   •Application credentials in configuration files   •Access managed identity credentials   •Malicious admission controller >Discovery   •Access Kubernetes API server   •Access Kubelet API   •Network mapping   •Exposed sensitive interfaces   •Instance Metadata API >Lateral Movement   •Access cloud resources   •Container service account   •Cluster internal networking   •Application credentials in configuration files   •Writable hostPath mount   •CoreDNS poisoning   •ARP poisoning and IP spoofing >Collection   •Images from a private registry   •Collecting data from pod >Impact   •Data destruction   •Resource hijacking   •Denial of service >Fundamentals   •Notes   •Services   •etcd   •RBAC   •Kubelet   •Namespaces   •Secrets   •Interesting Files Link 🔗:- https://kubenomicon.com @GitBook_s

bepractical channel Labs, Check them out: https://bepractical.tech/ @GitBook_s

FREE Labs To Test Your PenTesting/CTF Skills 1. TryHackMe - http://tryhackme.com 2. Vulnhub - http://vulnhub.com 3. RootMe - http://root-me.org 4. OverTheWire - http://overthewire.org 5. PicoCTF - http://picoctf.com 6. Pentestlab - http://pentesterslab.com 7. Google CTF - http://capturetheflag.withgoogle.com 8. CMD Challenge - http://cmdchallenge.com 9. HackTheBox - http://hackthebox.com 10. Hacker Security - http://capturetheflag.com.br 11. CTF Komodo Security - http://ctf.komodosec.com 12. Academy Hackaflag BR - http://hackaflag.com.br 13. Attack-Defense - http://attackdefense.com 14. Hacker101 - http://ctf.hacker101.com @GitBook_s

📦 Red Team Attack Lab. • Link to a repository, which is a virtual environment with various operating systems and vulnerabilities for Red Team practice. You can find it here: https://github.com/Marshall-Hallenbeck/red_team_attack_lab • A complete list of OS can be found here. The material will be very useful for Red Team, Blue Team, pentesters and information security specialists. @GitBook_s

Want to improve your xss skills? Check out this awesome lab: http://prompt.ml/0 @GitBook_s

𝗛𝗢𝗪 𝗧𝗢 𝗛𝗨𝗡𝗧 >Account Takeover Methodology >Application Level DoS Methods >AUTHENTICATION BYPASS •2FA Bypasses •OTP Bypass >BROKEN-LINK HIJACKING >BROKEN AUTH AND SESSION MANAGEMENT •Session Based Bugs >CMS •Wordpress •Moodle >CORS >CSRF >Finding CVEs >CHECKLIST >WEB PAGE SOURCE CODE REVIEW >EXIF GEO DATA NOT STRIPPED >EXIF Geo Data Not Stripped >FILE UPLOAD BYPASS >FIND ORIGIN IP >GRAPHQL >HTTP DESYNC ATTACK >HOST-HEADER ATTACK >HTML-INJECTION >IDOR >JWT ATTACK >MFA Bypass >MISCONFIGURATIONS >OAuth >OPEN REDIRECTION >PARAMETER POLLUTION >PASSWORD RESET FUNCTIONALITY >RATE LIMIT >RECON >SQLI >SSRF >SSTI >SIGN UP FUNCTIONALITY >SENSITIVE INFO LEAKS >STATUS CODE BYPASS >SUBDOMAIN TAKEOVER >TABNABBING >WAF BYPASSES >WEAK PASSWORD POLICY >XSS >XXE Link 🔗:- https://kathan19.gitbook.io/howtohunt @GitBook_s

𝗕𝗟𝗢𝗢𝗗𝗬𝗦𝗛𝗘𝗟𝗟 >Android Pentesting •Bypass SSL Pinning for flutter apps using reFlutter Framework •Easy way to bypass SSL Pinning using apk-mitm tool >HTB •Nunchucks •BountyHunter •Lame •Bashed •Netmon •Seal •Intelligence •Bastard >TryHackMe •Attacktive Directory >Offensive Lab •FunboxEasyEnum •BBSCute >Capture The Flag (CTF) •Binary Exploitation •Steganography •Cryptography •Forensics - HTB >Active Directory •HTB-Mantis (Hard) >Window Privilege Escalation >Linux Privilege Escalation >Buffer Overflow >Cloud Pentesting •Pentesting Azure Active Directory >Web Exploitation •Attacking JSON Web Token Link 🔗:- https://l33t-en0ugh.gitbook.io/infosec @GitBook_s

ZedSec WriteUps >PROJECTS Security Library >SECURITY OPERATIONS Cyber Kill Chain Interview Questions >TOOLS NMAP >WRITE-UPS Blue Team Labs Online HackTheBox LetsDefend TryHackMe Kusto Detective Agency Link 🔗:- https://zedsec.gitbook.io/writeups/ @GitBook_s

CSbyGB - Pentips >Networking, Protocols and Network Pentest >Ethical Hacking - General Methodology >External Pentest >Web Pentesting >Mobile App Pentest >Wireless Pentest >Cloud Pentest >Thick Client Pentest >Hardware Pentest >Secure Code review >Checklist >Tools >VM and Labs >Linux >Windows >Programing >Binary Exploitation >OSINT >Pentester Hardware Toolbox >Post Exploitation >Reporting >Redteam >WriteUps >Digital Skills How to Make a Gitbook >Projects >Talks >Resorces Link 🔗:- https://csbygb.gitbook.io/pentips/cs-by-gb-pentips/readme @GitBook_s

𝗛𝗼𝘂𝘀𝗲𝗛𝗼𝗹𝗱 𝗢𝗦𝗜𝗡𝗧 🎩 •Software Search •Search photos and images •Search engines by faces •Search music •Book Search •Search for audiobooks •File Search Tools •Search for cars and their owners •Search on the Web Link 🔗:- https://gitbook.osint-mindset.com/everyday-osint @GitBook_s

/dev/log for snowcrash Link 🔗:- https://hackmd.io/@nszl/HkBURYmWT @GitBook_s

This project is an introduction to computer security. Snow Crash will make you discover security in various sub-domains, with a developer-oriented approach. You will become familiar with several languages (ASM/perl/php…), develop a certain logic to understand unknown programs, and become aware of problems linked to simple programming errors. Link 🔗:- https://github.com/maxisimo/42-Snow-Crash @GitBook_s