uz
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Kanalga Telegram’da o‘tish
7 497
Obunachilar
+524 soatlar
+577 kunlar
+19730 kunlar
Postlar arxiv
Practice Web App Pentesting Legally Here, http://www.vulnweb.com/

Resources For Pentesting Carlos PoLop Pentesting Project About the author Getting Started in Hacking Pentesting Methodology External Recon Methodology Phishing Methodology Exfiltration Tunneling and Port Forwarding Brute Force - CheatSheet Search Exploits >SHELLS Shells (Linux, Windows, MSFVenom) >LINUX/UNIX Checklist - Linux Privilege Escalation Linux Privilege Escalation Useful Linux Commands Linux Environment Variables >WINDOWS Checklist - Local Windows Privilege Escalation Windows Local Privilege Escalation Active Directory Methodology NTLM Stealing Credentials Authentication, Credentials, UAC and EFS Basic CMD for Pentesters Basic PowerShell for Pentesters AV Bypass >MOBILE APPS PENTESTING Android APK Checklist Android Applications Pentesting iOS Pentesting Checklist iOS Pentesting >PENTESTING Pentesting Network Pentesting JDWP - Java Debug Wire Protocol Pentesting Printers Pentesting SAP Pentesting Kubernetes 7/tcp/udp - Pentesting Echo 21 - Pentesting FTP 22 - Pentesting SSH/SFTP 23-Pentesting Telnet 25,465,587 - Pentesting SMTP/s 43 - Pentesting WHOIS 53 - Pentesting DNS ... >PENTESTING WEB 2FA/OTP Bypass Abusing hop-by-hop headers Bypass Payment Process Captcha Bypass Cache Poisoning and Cache Deception Clickjacking Client Side Template Injection (CSTI) Command Injection Content Security Policy (CSP) Bypass Cookies Hacking CORS - Misconfigurations & Bypass CRLF (%0D%0A) Injection Cross-site WebSocket hijacking (CSWSH) CSRF (Cross Site Request Forgery) Dangling Markup - HTML scriptless injection Deserialization Domain/Subdomain takeover Email Header Injection File Inclusion/Path traversal File Upload Formula Injection HTTP Request Smuggling / HTTP Desync Attack H2C Smuggling IDOR JWT Vulnerabilities (Json Web Tokens) NoSQL injection LDAP Injection OAuth to Account takeover Open Redirect Parameter Pollution PostMessage Vulnerabilities Race Condition Rate Limit Bypass Regular expression Denial of Service - ReDoS Reset/Forgotten Password Bypass SQL Injection SSRF (Server Side Request Forgery) SSTI (Server Side Template Injection) Reverse Tab Nabbing Unicode Normalization vulnerability Web Tool - WFuzz XPATH injection XSLT Server Side Injection (Extensible Stylesheet Language Transformations) XSS (Cross Site Scripting) XSSI (Cross-Site Script Inclusion) XS-Search >CLOUD SECURITY Cloud security review AWS Security >FORENSICS Basic Forensic Methodology >PHYSICAL ATTACKS Physical Attacks Escaping from KIOSKS >REVERSING Common API used in Malware Reversing Tools Cryptographic/Compression Algorithms Word Macros >EXPLOITING Linux Exploiting (Basic) (SPA) Exploiting Tools Windows Exploiting (Basic Guide - OSCP lvl) >CRYPTO Certificates Electronic Code Book (ECB) Cipher Block Chaining CBC-MAC Padding Oracle RC4 - Encrypt&Decrypt Crypto CTFs Tricks >BACKDOORS Merlin Empire Salseo ICMPsh >STEGO Stego Tricks Esoteric languages >MISC Basic Python Other Big References >TODO More Tools MISC Pentesting DNS Burp Suite Other Web Tricks Interesting HTTP Emails Vulnerabilities Android Forensics TR-069 6881/udp - Pentesting BitTorrent CTF Write-ups 1911 - Pentesting fox Online Platforms with API Stealing Sensitive Information Disclosure from a Web Link 🔗:- https://chinnidiwakar.gitbook.io/githubimport/about-the-author @GitBook_s

𝗢𝗦𝗘𝗗 𝗡𝗼𝘁𝗲𝘀: (𝗢𝗳𝗳𝗲𝗻𝘀𝗶𝘃𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿) •x86 Intel Assembly •Portable Executable File Format •WinDBG •WinDbg Automation with Python •IDA •Stack Overflows •SEH Overflows •EggHunters •Reverse Engineering For Bugs •DEP Bypass •ASLR Bypass •Format Strings Vulnerabilities •Practicing Link 🔗:- https://zeyadazima.com/notes/osednotes/ @GitBook_s

HexBuddy Notes Wanna Be a Hacker? Whoami ? Lab Setup >CYBERSECURITY TOOL OSINT Network Web Exploitation Forensics Analysis & Reversing CTF WordPress Enumeration Techniques >BINARY EXPLOITATION An Introduction To Binary Exploitation Exploit Development Introduction GDB: tutorial for Reverse Engineers Windows Exploit Development Linux Kernel Exploitation >TROUBLESHOOTING Introduction Windows WSL Kali Linux Raspberry Pi My Psychological Experiences >CHEAT SHEETS Penetration Testing Tools Cheat Sheet Active Directory Exploitation Cheat Sheet Metasploit Cheat Sheet Nmap Cheat Sheet Red Team Cheat sheet >AV / EDR BYPASS & DEFENSES Bypass AV Software by Obfuscating Your Payloads Link 🔗:- https://hexinuni.gitbook.io/readme/whoami @GitBook_s

Hassan Saad Red Teaming Penetration Testing Technology Essentials Bug Hunting Tools Extras Link 🔗:- https://hsaad.gitbook.io/x/ @GitBook_s

S8cN8tes API-Sec Web-AppSec Bug Bounty Network-Sec Android-AppSec Operating Systems Programming Link 🔗:- https://sallam.gitbook.io/s8cn8tes/ @GitBook_s

Oauth Research - Snippets of OAuth facts Architecture Grant Types Components Extensions/Frameworks Vulnerability Examples Security Testing Checklist Supporting Terminology Resources Link 🔗:- https://mqt.gitbook.io/oauth-research/ @GitBook_s

Writeups picoGym ctf Fword CTF 2020 X-MAS CTF 2020 HTB CyberSanta 2021 Link 🔗:- https://ir0nstone.gitbook.io/writeups @GitBook_s

Crypto FUNDAMENTALS Divisibility, Factors and Euclid's Algorithms Modular Arithmetic Rings, Fields and Euler's Totient Function FURTHER MATHS Continued Fractions RSA Overview Public Exponent Attacks Choice of Primes Factorisation Methods DIFFIE-HELLMAN KEY EXCHANGE Overview Solving the DLP Link 🔗:- https://ir0nstone.gitbook.io/crypto @GitBook_s

CyberWolf-Security >MISC Misc Items Frequency stuff Random stuff - needs sorting >SERVICES Ports - Services >PASSWORD CRACKING Password attacks Password Cracking >TOOLS Tools >WIRELESS TESTING Wireless >WEB APPLICATION Web App >INTERNALS Internals >MOBILE APPLICATION Mob App >CLOUD Microsoft Office Microsoft Office 365 Security Review Kubernetes & Docker Review >PRIVILEGE ESCALATION Windows Service Execution Linux >STEGANOGRAPHY Tools >LABS / RESOURCES Blue-Team Red-Team >TRAINING Certifications Terminology >VULNERABILITIES Vulnerabilities >EXPLOITS ImageMagick CVE-2021-3560 (PolKit) >BUG BOUNTY Bug Bounty Programs Sub Domain Finder link dump >FAQ Install ALFA AWUS1900 on Kali Update and upgrade Linux >BUILD REVIEW Workstation Link 🔗:- https://leonteale.gitbook.io/cyberwolf-security @GitBook_s

smhuda >PENETRATION TESTING Application Security Infrastructure Security SSL/TLS Security Secure Code Review Cloud Security Social Engineering Tool Usage Errors and Solutions Scoping OSINT >PROGRAMMING Automation Python >MISCELLANEOUS Scripts Favourite Reads/Links Hacking Posters Windows Developer VMs Windows Workspaces GitHub Pages Interview Prep CVSS Formula Android Rooting Presentation Slides VULNERABILITY WIKI APPLICATION LEVEL INFRASTRUCTURE LEVEL Link 🔗:- https://wiki.smhuda.com/ @GitBook_s

CyberSpace Notebook Reading and Repos Media Training Interview Checklist Entrepreneurship Roadmaps >RESOURCES Offensive-Cybersecurity Defensive-Cybersecurity General Cybersecurity Coding/Programming Reverse Engineering Al and ML >NOTES Application Security Security Research SAST/SCA DevSecOps Coding/Programming Network Security Cloud Security Testing Defensive Security Noteworthy Technical Content Governance, Risk, Compliance Capture-the-Flag Training Reverse Engineering Reporting PowerShell SSH & SSL Linux Basics >DIGITAL PRIVACY AND HYGIENE Fake Numbers for Privacy Personal Information Removal Services De-Googling Android DNS Services Privacy References Opsec >REDPLANET LABS PyGOAT Page Link 🔗:- https://book.martiandefense.llc/ @GitBook_s

Passion >PRIVILEGE ESCALATION Linux Windows >NETWORK SECURITY Port Scanning DNS Enumeration FTP Enumeration SSH Enumeration SMB Enumeration SMTP Enumeration POP3 Enumeration >CHECKLISTS Active Directory Security OS Command Injection Buffer Overflow Broken Access Control Local File Inclusion SSRF XXE Attacks SQL Injection XSS >WEBAPP SECURITY Local File Inclusion File Upload Attacks Broken Access Control OS Command Injection SSTI XXE Attacks SQL Injection Server Side Request Forgery OAuth Attacks XSS >WEBAPP MITIGATIONS SSTI >DOCKER SECURITY Configuration Ngnix Deployment Link 🔗:- https://d0pt3x.gitbook.io/passion @GitBook_s

Cyber Security / Ethical Hacking >CTF/OSCP PREP Fundamentals Information Gathering Enumeration Exploitation >BINARY EXPLOITATION/EXPLOIT DEVELOPMENT Useful tools and techniques for Binary Exploitation Shellcoders Handbook >TRYHACKME Linux Fundamentals Advent of Cyber Web Application Security Linux Privesc Playground Intro to x86-64 Ninja Skills CC: Radare2 Reversing ELF Intro to Python ToolsRus >PROGRAMMING Python Golang PROTOSTAR Stack 0 Golang >PROTOSTAR Stack 0 Stack 1 Stack 2 >WEB APP PENTESTING Recon Authentication (Portswigger Academy) Broken Acess Controls >HACKTHEBOX Active Link 🔗:- https://666isildur.gitbook.io/ethical-hacking/ @GitBook_s

anishkashukla - Networking Networking and Topology Firewall MAC Adress OSI Model IP Adress Subnetting IP Adressing Methods TCP/IP Protocol Suites Ports Networking Services Routing Protocols WAN Technologies Network Types Remote Access Protocols and Services Authentication Protocols Cloud Computing Vlan,Internet and Extranet Optimization and Fault Tolerance Security Protocols Soho Routers Network Utilities Networking Issues Troubleshooting Strategy Link 🔗:- https://anishkashukla.gitbook.io/networking/ @GitBook_s

Try Harder Journey Recon/Enumeration Exploitation Privilege Escalation Linux/Unix Reverse Shell CheatSheet BOF File upload vulnerabilities Port Forwarding File Transfer Proof Report Python AD Attack Cloud OSINT HTB Link 🔗:- https://atryharder.gitbook.io/try-harder-journey @GitBook_s

Shikata Ga Nai >GAINING ACCESS Nmap Reverse Shell Password Cracking Other Services Web >LINUX FOOTHOLD Linux Tricks Privesc >WINDOWS FOOTHOLD Privesc >BINARY Calling Conventions Debuggers Examining Binaries Shellcoding Bypassing Exploit Mitigation Techniques [Linux] >STEGO Stego tools Link 🔗:- https://nickbhe.gitbook.io/shikata-ga-nai-1/ @GitBook_s

Basic Penetration Testing About Knowledge Server Enumeration Web Application Remote Code Execution File Transfer Hash Cracking Privilege Escalation Buffer Overflow About LeeCyberSec Link 🔗:- https://leecybersec.gitbook.io/oscp @GitBook_s