Bug Bounty - GitBook
Відкрити в Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Показати більше7 493
Підписники
+524 години
+577 днів
+19730 день
Архів дописів
7 496
👩💻 JavaScript Analysis for Pentesters.
This is probably the most comprehensive guide to JavaScript files for pentesters to date:
• Static Analysis:
- Gather JavaScript Code;
- Identify Endpoints;
- Detect Secrets;
- Locate Dangerous Functions;
- Discover Outdated Libraries.
• Dynamic analysis:
- Basic Tools;
- Example Application;
- Client-Side Filtering;
- Finding the Entry Point;
- The Debugger;
- General Advice.
• Obfuscation & Deobfuscation:
- Minification;
- Beautification;
- Source Maps;
- Minification and Analysis;
- Obfuscation;
- Deobfuscation;
- Obfuscation and Analysis.
• Hands-On: Analyze obfuscated code:
- Example Application;
- Finding the Entry Point;
- Locating the Value of Interest;
- The Unpacking Function;
- Reconstructing the Signing Call;
- Decoding the Key;
- Signing Manipulated JWTs.
• Local Overrides:
- Temporary Changes in Developer Tools;
- Persistent Changes in Developer Tools;
- Persistent Changes in Burp Suite.
• Bypass code protection:
- Setup;
- Self Defending;
- Debug protection;
- Disable console output;
- General advice.
• Wrapping Up:
- Some References.
@GitBook_s
7 496
𝗥𝗘𝗩𝗘𝗥𝗦𝗘 𝗘𝗡𝗚𝗜𝗡𝗘𝗘𝗥𝗜𝗡𝗚 𝗙𝗢𝗥 𝗘𝗩𝗘𝗥𝗬𝗢𝗡𝗘
>x86 Course
•x86 Basic Architecture
•Assmebly Intro
•Types of Malware
•Registers
•Stack
•Heap
•ASM Programming/Debugging/Hacking
>ARM-32 Course 1
•Program Counter
•Pointer
•Firmware
•ADDS/ADC/SUB
>ARM-32 Course 2
•Procedures
•Constants
•Variables
•Operators
>x64 Course
•Boolean Logics
•SHL/SHR/ROL/ROR Instructions
•Boot Sector
•x86 Assembly
•C++ Code/Debug/Hacking
>ARM-64 Course
•Debugging Basic I/O
•Hacking Basic I/O
•Character Primitive Datatype
•Float Primitive Datatype
•Double Primitive Datatype
>Pico Hacking Course
•Debugging/Hacking char
•Debugging/Hacking int float
•Debugging/Hacking double
Link 🔗:-
https://0xinfection.github.io/reversing/
@GitBook_s
7 496
Offsec Journey
>LEARNING RESOURCES
>RECONNAISANCE
>RESOURCE DEVELOPMENT
>INITIAL ACCESS
>HOST TRIAGE
>INTERNAL RECONNAISSANCE
>DEFENSE EVASION
>PRIVILEGE ESCALATION
>LATERAL MOVEMENT
>PERSISTENCE
>LINUX
>KALI LINUX FU
>SCANNING & ENUMERATION
>WEB APP VULNERABILITIES
>API PENTESTING
>PROGRAMMING
>MAINTAINING ACCESS
>CLOUD SECURITY PENTEST
>BLUE TEAM
>REVERSE ENGINEERING
>HOME LAB PROJECT
>EXFILTRATION
>WIRELESS PENTESTING
Link 🔗:-
https://notes.offsec-journey.com/maintaining-access/reference
@GitBook_s
7 496
Zeyu's Infosec Blog
CTF Writeups
Playground
OSCP
>2023
DEF CON 31 CTF && Midnight Sun CTF Finals 2023
From XS-Leaks to SS-Leaks Using object
Regular Expressions Are Hard
ReadiumJS Cloud Reader - Everybody Gets an XSS!
>2022
HTTP Request Smuggling in the Multiverse of Parsing Flaws
Hosting a CTF - SEETF 2022 Organizational and Infrastructure Review
Link 🔗:-
https://infosec.zeyu2001.com/
@GitBook_s
7 496
CyberSec Wikimandine
>TRYHACKME
>IN PROGRESS
>PORTS SCANNING & HOSTS DISCOVERY
>COMMON SERVICES
>PRIVILEGE ESCALATION
>BOF
>REVERSE SHELL
>ACTIVE DIRECTORY
>DICTIONARY ATTACK & SPRAYING
>WEB TECHNOLOGIES
>MISCELLANEOUS
>C2 FRAMEWORK
>WIRELESS
>API
>OSINT
>EXTERNAL
>WEB APPLICATION
>PHISHING
>RED TEAMING
>WIRESHARK
>CLOUD
>SCRIPTING & PROGRAMMING
>FRAMEWORKS
>INTERNAL
>AWS
Link 🔗:-
https://amandinegh.gitbook.io/cyberadventure/
@GitBook_s
7 496
👨💻 Linux for Hackers. File Transfers.
• Downloading Files from Attacker’s HTTP Server;
- Setting up the HTTP Server on the Attacker Machine;
- Downloading Files from Attacker’s HTTP Server: Curl, Wget, and Bash;
• Uploading Files to Attacker’s HTTP Server;
- Setting up the HTTP Server to Allow Uploads on the Attacker Machine;
- Uploading Files to Attacker’s HTTP Server: Curl and Wget;
- Uploading Files to Attacker’s HTTP Server: Browser (GUI);
• Downloading Files from Attacker’s FTP Server;
- Setting up the FTP Server on the Attacker Machine;
- Downloading Files from Attacker’s FTP Server;
• Uploading Files to Attacker’s FTP Server;
• Transferring Files from Attacker Using SSH;
- Transferring Files onto Victim: scp;
- Transferring Files onto Victim: sftp;
• Transferring Files onto Attacker Using SSH;
- Transferring Files onto Attacker: scp;
- Transferring Files onto Attacker: sftp;
• Transferring Files from Attacker Using Netcat;
- Transferring Files from Attacker: nc;
- Transferring Files from Attacker: bash;
• Transferring Files onto Attacker Using Netcat;
- Transferring Files onto Attacker: nc;
- Transferring Files onto Attacker: bash;
• Downloading and Uploading Files Using Meterpreter;
- Upgrading to a Meterpreter Shell: Web_Delivery Method;
- Downloading Files onto the Victim Using Meterpreter;
- Uploading Files from the Victim Using Meterpreter;
• Copy and Paste – cat;
- Copying a Script from Attacker and Pasting on Victim;
- Copying a File from Victim and Pasting on Attacker.
@GitBook_s
7 496
🌍 Top 10 web hacking techniques of 2023..
• Nomination - top 10 best web hacking methods in 2023. Each article deserves attention:
- Ransacking your password reset tokens;
- mTLS: When certificate authentication is done wrong;
- Smashing the state machine: the true potential of web race conditions;
- Bypass firewalls with of-CORs and typo-squatting;
- RCE via LDAP truncation on hg.mozilla.org;
- Cookie Bugs - Smuggling & Injection;
- OAuth 2.0 Redirect URI Validation Falls Short, Literally;
- Prototype Pollution in Python;
- Pretalx Vulnerabilities: How to get accepted at every conference;
- From Akamai to F5 to NTLM... with love;
- can I speak to your manager? hacking root EPP servers to take control of zones;
- Blind CSS Exfiltration: exfiltrate unknown web pages;
- Server-side prototype pollution: Black-box detection without the DoS;
- Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari;
- HTML Over the Wire;
- SMTP Smuggling - Spoofing E-Mails Worldwide;
- DOM-based race condition: racing in the browser for fun;
- You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities;
- CVE-2022-4908: SOP bypass in Chrome using Navigation API;
- SSO Gadgets: Escalate (Self-)XSS to ATO;
- Three New Attacks Against JSON Web Tokens;
- Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix;
- PHP filter chains: file read from error-based oracle;
- SSRF Cross Protocol Redirect Bypass;
- A New Vector For “Dirty” Arbitrary File Write to RCE;
- How I Hacked Microsoft Teams and got $150,000 in Pwn2Own;
- AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice;
- BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover;
- MyBB Admin Panel RCE CVE-2023-41362;
- Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity;
- Code Vulnerabilities Put Skiff Emails at Riskr;
- How to break SAML if I have paws?
- JMX Exploitation Revisited;
- Java Exploitation Restrictions in Modern JDK Times;
- Exploiting Hardened .NET Deserialization;
- Unserializable, but unreachable: Remote code execution on vBulletin;
- Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework;
- Hunting for Nginx Alias Traversals in the wild;
- DNS Analyzer - Finding DNS vulnerabilities with Burp Suite;
- Oh-Auth - Abusing OAuth to take over millions of accounts;
- nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover;
- One Scheme to Rule Them All: OAuth Account Takeover;
- Exploiting HTTP Parsers Inconsistencies;
- New ways of breaking app-integrated LLMs;
- State of DNS Rebinding in 2023;
- Fileless Remote Code Execution on Juniper Firewalls;
- Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure!
- Metamask Snaps: Playing in the Sand;
- Uncovering a crazy privilege escalation from Chrome extensions;
- Code Vulnerabilities Put Proton Mails at Risk;
- Hacking into gRPC-Web;
- Yelp ATO via XSS + Cookie Bridge;
- HTTP Request Splitting vulnerabilities exploitation;
- XSS in GMAIL Dynamic Email;
- Azure B2C Crypto Misuse and Account Compromise;
- Compromising F5 BIGIP with Request Smuggling;
- One Supply Chain Attack to Rule Them All;
- Cookie Crumbles: Breaking and Fixing Web Session Integrity;
- tRPC Security Research: Hunting for Vulnerabilities in Modern APIs;
- From an Innocent Client-Side Path Traversal to Account Takeover.
@GitBook_s
7 496
📘 Useful cheat sheets for pentesters and information security specialists.
• Cheat sheets are an excellent assistant when working with certain software or systems. With their help, you can improve your skills in a certain area and reduce the time it takes to complete tasks to get the desired result.
• MITM cheatsheet.
• Active Directory Attack.md
• Active Directory penetration testing cheatsheet.
• Cloud - AWS Pentest.md
• Cloud - Azure Pentest.md
• Cobalt Strike - Cheatsheet.md
• Linux - Persistence.md
• Linux - Privilege Escalation.md
• Metasploit - Cheatsheet.md
• Methodology and enumeration.md
• Network Pivoting Techniques.md
• Network Discovery.md
• Reverse Shell Cheatsheet.md
• Subdomains Enumeration.md
• Windows - Download and Execute.md
• Windows - Mimikatz.md
• Windows - Persistence.md
• Windows - Post Exploitation Koadic.md
• Windows - Privilege Escalation.md
• Windows - Using credentials.md
• Best of Python Pentest Cheatsheet.
• Msfvenom Cheatsheet: Windows Exploitation.
• Best of OSCP Cheatsheet.
• Red Teaming and Social-Engineering CheatSheet.
• OSI Model Cheatsheet.
• Best of Red Teaming and Blue Teaming Cheatsheet.
• Best of iOS Forensics Cheatsheet.
• Best of Android Forensics Cheatsheet.
• Best of Digital Forensics Cheatsheet.
• Port Forwarding & Tunnelling Cheatsheet.
@GitBook_s
7 496
🔎 cURL for OSINT.
• cURL Tool usage (with Grep) for OSINT (Open-Source Intelligence).
Link 🔗:-
• https://github.com/C3n7ral051nt4g3ncy/cURL_for_OSINT
@GitBook_s
7 496
Roadmap I followed to make 15,000+$ Bounties in my first 8 months of starting out and my journey
Link 🔗:-
https://shreyaschavhan.notion.site/Roadmap-I-followed-to-make-15-000-Bounties-in-my-first-8-months-of-starting-out-and-my-journey-98b1b9ff621645c0b97d1e774992f300
@GitBook_s
7 496
👩💻 Bash-Oneliner.
• A comprehensive selection of commands, from the obvious to some little things that make life easier.
- Terminal Tricks;
- Variable;
- Math;
- Grep;
- Sed;
- Awk;
- Xargs;
- Find;
- Condition and Loop;
- Time;
- Download;
- Random;
- Xwindow;
- System;
- Hardware;
- Networking;
- Data Wrangling;
- Others.
➡️ https://github.com/onceupon/Bash-Oneliner
@GitBook_s
7 496
👩💻 Firefox. Plugins for pentester.
• Before delving into the specifics of browser settings, it is important to understand its importance in this area. A browser is more than just a tool for browsing websites; it is a universal tool through which professionals interact with web applications, examine data, and identify vulnerabilities.
• Keep a list of useful Firefox plugins. A description of each plugin can be found at the link below:
• Wappalyzer;
• Foxyproxy;
• Hacktool;
• Hackbar;
• Tamper data;
• User-agent Switcher;
• Cookie editor;
• Built with.
➡️ https://www.hackingarticles.in
• P.S. And here there is a very voluminous mindmap, which contains many other plugins and their descriptions: https://github.com
@GitBook_s
7 496
🐈⬛ NetCat command cheatsheet.
• NetCat is a Unix utility that allows you to establish TCP and UDP connections, receive data from there and transmit it. The utility is a real Swiss army knife for pentesters and information security specialists, with which we can do the following:
- Scan ports;
- Forward ports;
- Collect service banners;
- Listen to the port (bind for reverse connection);
- Download and upload files;
- Output raw HTTP content;
- Create a mini-chat.
• In general, with the help of netcat you can replace some of the Unix utilities, so this tool can be considered a kind of combine for performing certain tasks.
@GitBook_s
7 496
𝗞𝗨𝗕𝗘𝗡𝗢𝗠𝗜𝗖𝗢𝗡
Kubernetes Pentesting & Security from Offensive Perspective
>Initial Access
•Using cloud credentials
•Compromised image In registry
•Kubeconfig file
•Application vulnerability
•Exposed sensitive interfaces
•SSH server running inside container
>Execution
•Exec inside container
•New container
•Application exploit (RCE)
•Sidecar injection
>Persistence
•Backdoor container
•Writable hostPath mount
•Kubernetes cronjob
•Malicious admission controller
•Container service account
•Static pods
>Privilege Escalation
•Privileged container
•Cluster-admin binding
•hostPath mount
•Access cloud resources
>Defense Evasion
•Clear container logs
•Delete events
•Pod name similarity
•Connect from proxy server
>Credential access
•List K8S secrets
•Access node information
•Container service account
•Application credentials in configuration files
•Access managed identity credentials
•Malicious admission controller
>Discovery
•Access Kubernetes API server
•Access Kubelet API
•Network mapping
•Exposed sensitive interfaces
•Instance Metadata API
>Lateral Movement
•Access cloud resources
•Container service account
•Cluster internal networking
•Application credentials in configuration files
•Writable hostPath mount
•CoreDNS poisoning
•ARP poisoning and IP spoofing
>Collection
•Images from a private registry
•Collecting data from pod
>Impact
•Data destruction
•Resource hijacking
•Denial of service
>Fundamentals
•Notes
•Services
•etcd
•RBAC
•Kubelet
•Namespaces
•Secrets
•Interesting Files
Link 🔗:-
https://kubenomicon.com
@GitBook_s
