Bug Bounty - GitBook
Kanalga Telegram’da o‘tish
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Ko'proq ko'rsatish7 497
Obunachilar
+524 soatlar
+577 kunlar
+19730 kunlar
Postlar arxiv
7 497
Resources For Pentesting
Carlos PoLop Pentesting Project
About the author
Getting Started in Hacking
Pentesting Methodology
External Recon Methodology
Phishing Methodology
Exfiltration
Tunneling and Port Forwarding
Brute Force - CheatSheet
Search Exploits
>SHELLS
Shells (Linux, Windows, MSFVenom)
>LINUX/UNIX
Checklist - Linux Privilege Escalation
Linux Privilege Escalation
Useful Linux Commands
Linux Environment Variables
>WINDOWS
Checklist - Local Windows
Privilege Escalation
Windows Local Privilege Escalation
Active Directory Methodology
NTLM
Stealing Credentials
Authentication, Credentials, UAC and EFS
Basic CMD for Pentesters
Basic PowerShell for Pentesters
AV Bypass
>MOBILE APPS PENTESTING
Android APK Checklist
Android Applications Pentesting
iOS Pentesting Checklist
iOS Pentesting
>PENTESTING
Pentesting Network
Pentesting JDWP - Java Debug Wire Protocol
Pentesting Printers
Pentesting SAP
Pentesting Kubernetes
7/tcp/udp - Pentesting Echo
21 - Pentesting FTP
22 - Pentesting SSH/SFTP
23-Pentesting Telnet
25,465,587 - Pentesting SMTP/s
43 - Pentesting WHOIS
53 - Pentesting DNS
...
>PENTESTING WEB
2FA/OTP Bypass
Abusing hop-by-hop headers
Bypass Payment Process
Captcha Bypass
Cache Poisoning and Cache Deception
Clickjacking
Client Side Template Injection (CSTI)
Command Injection
Content Security Policy (CSP) Bypass
Cookies Hacking
CORS - Misconfigurations & Bypass
CRLF (%0D%0A) Injection
Cross-site WebSocket hijacking (CSWSH)
CSRF (Cross Site Request Forgery)
Dangling Markup - HTML scriptless injection
Deserialization
Domain/Subdomain takeover
Email Header Injection
File Inclusion/Path traversal
File Upload
Formula Injection
HTTP Request Smuggling / HTTP Desync Attack
H2C Smuggling
IDOR
JWT Vulnerabilities (Json Web Tokens)
NoSQL injection
LDAP Injection
OAuth to Account takeover
Open Redirect
Parameter Pollution
PostMessage Vulnerabilities
Race Condition
Rate Limit Bypass
Regular expression
Denial of Service - ReDoS
Reset/Forgotten Password Bypass
SQL Injection
SSRF (Server Side Request Forgery)
SSTI (Server Side Template Injection)
Reverse Tab Nabbing
Unicode Normalization vulnerability
Web Tool - WFuzz
XPATH injection
XSLT Server Side Injection (Extensible Stylesheet Language Transformations)
XSS (Cross Site Scripting)
XSSI (Cross-Site Script Inclusion)
XS-Search
>CLOUD SECURITY
Cloud security review
AWS Security
>FORENSICS
Basic Forensic Methodology
>PHYSICAL ATTACKS
Physical Attacks
Escaping from KIOSKS
>REVERSING
Common API used in Malware
Reversing Tools
Cryptographic/Compression Algorithms
Word Macros
>EXPLOITING
Linux Exploiting (Basic) (SPA)
Exploiting Tools
Windows Exploiting (Basic Guide - OSCP lvl)
>CRYPTO
Certificates
Electronic Code Book (ECB)
Cipher Block Chaining CBC-MAC
Padding Oracle
RC4 - Encrypt&Decrypt
Crypto CTFs Tricks
>BACKDOORS
Merlin
Empire
Salseo
ICMPsh
>STEGO
Stego Tricks
Esoteric languages
>MISC
Basic Python
Other Big References
>TODO
More Tools
MISC
Pentesting DNS
Burp Suite
Other Web Tricks
Interesting HTTP
Emails Vulnerabilities
Android Forensics
TR-069
6881/udp - Pentesting BitTorrent
CTF Write-ups
1911 - Pentesting fox
Online Platforms with API
Stealing Sensitive Information Disclosure from a Web
Link 🔗:-
https://chinnidiwakar.gitbook.io/githubimport/about-the-author
@GitBook_s
7 497
𝗢𝗦𝗘𝗗 𝗡𝗼𝘁𝗲𝘀:
(𝗢𝗳𝗳𝗲𝗻𝘀𝗶𝘃𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿)
•x86 Intel Assembly
•Portable Executable File Format
•WinDBG
•WinDbg Automation with Python
•IDA
•Stack Overflows
•SEH Overflows
•EggHunters
•Reverse Engineering For Bugs
•DEP Bypass
•ASLR Bypass
•Format Strings Vulnerabilities
•Practicing
Link 🔗:-
https://zeyadazima.com/notes/osednotes/
@GitBook_s
7 497
HexBuddy Notes
Wanna Be a Hacker?
Whoami ?
Lab Setup
>CYBERSECURITY TOOL
OSINT
Network
Web
Exploitation
Forensics
Analysis & Reversing
CTF
WordPress Enumeration Techniques
>BINARY EXPLOITATION
An Introduction To Binary Exploitation
Exploit Development Introduction
GDB: tutorial for Reverse Engineers
Windows Exploit Development
Linux Kernel Exploitation
>TROUBLESHOOTING
Introduction
Windows
WSL
Kali Linux
Raspberry Pi
My Psychological Experiences
>CHEAT SHEETS
Penetration Testing Tools Cheat Sheet
Active Directory Exploitation Cheat Sheet
Metasploit Cheat Sheet
Nmap Cheat Sheet
Red Team Cheat sheet
>AV / EDR BYPASS & DEFENSES
Bypass AV Software by Obfuscating Your Payloads
Link 🔗:-
https://hexinuni.gitbook.io/readme/whoami
@GitBook_s
7 497
Hassan Saad
Red Teaming
Penetration Testing
Technology Essentials
Bug Hunting
Tools
Extras
Link 🔗:-
https://hsaad.gitbook.io/x/
@GitBook_s
7 497
S8cN8tes
API-Sec
Web-AppSec
Bug Bounty
Network-Sec
Android-AppSec
Operating Systems
Programming
Link 🔗:-
https://sallam.gitbook.io/s8cn8tes/
@GitBook_s
7 497
Oauth Research - Snippets of OAuth facts
Architecture
Grant Types
Components
Extensions/Frameworks
Vulnerability Examples
Security Testing Checklist
Supporting Terminology
Resources
Link 🔗:-
https://mqt.gitbook.io/oauth-research/
@GitBook_s
7 497
Writeups
picoGym
ctf
Fword CTF 2020
X-MAS CTF 2020
HTB CyberSanta 2021
Link 🔗:-
https://ir0nstone.gitbook.io/writeups
@GitBook_s
7 497
Crypto
FUNDAMENTALS
Divisibility, Factors and Euclid's Algorithms
Modular Arithmetic
Rings, Fields and Euler's Totient Function
FURTHER MATHS
Continued Fractions
RSA
Overview
Public Exponent Attacks
Choice of Primes
Factorisation Methods
DIFFIE-HELLMAN KEY EXCHANGE
Overview
Solving the DLP
Link 🔗:-
https://ir0nstone.gitbook.io/crypto
@GitBook_s
7 497
CyberWolf-Security
>MISC
Misc Items
Frequency stuff
Random stuff - needs sorting
>SERVICES
Ports - Services
>PASSWORD CRACKING
Password attacks
Password Cracking
>TOOLS
Tools
>WIRELESS TESTING
Wireless
>WEB APPLICATION
Web App
>INTERNALS
Internals
>MOBILE APPLICATION
Mob App
>CLOUD
Microsoft Office
Microsoft Office 365 Security Review
Kubernetes & Docker Review
>PRIVILEGE ESCALATION
Windows
Service Execution
Linux
>STEGANOGRAPHY
Tools
>LABS / RESOURCES
Blue-Team
Red-Team
>TRAINING
Certifications
Terminology
>VULNERABILITIES
Vulnerabilities
>EXPLOITS
ImageMagick
CVE-2021-3560 (PolKit)
>BUG BOUNTY
Bug Bounty Programs
Sub Domain Finder
link dump
>FAQ
Install ALFA AWUS1900 on Kali
Update and upgrade Linux
>BUILD REVIEW
Workstation
Link 🔗:-
https://leonteale.gitbook.io/cyberwolf-security
@GitBook_s
7 497
smhuda
>PENETRATION TESTING
Application Security
Infrastructure Security
SSL/TLS Security
Secure Code Review
Cloud Security
Social Engineering
Tool Usage
Errors and Solutions
Scoping
OSINT
>PROGRAMMING
Automation
Python
>MISCELLANEOUS
Scripts
Favourite Reads/Links
Hacking Posters
Windows Developer VMs
Windows Workspaces
GitHub Pages
Interview Prep
CVSS Formula
Android Rooting
Presentation Slides
VULNERABILITY WIKI
APPLICATION LEVEL
INFRASTRUCTURE LEVEL
Link 🔗:-
https://wiki.smhuda.com/
@GitBook_s
7 497
CyberSpace Notebook
Reading and Repos
Media
Training
Interview Checklist
Entrepreneurship Roadmaps
>RESOURCES
Offensive-Cybersecurity
Defensive-Cybersecurity
General Cybersecurity
Coding/Programming
Reverse Engineering
Al and ML
>NOTES
Application Security
Security Research
SAST/SCA
DevSecOps
Coding/Programming
Network Security
Cloud Security Testing
Defensive Security
Noteworthy Technical Content
Governance, Risk, Compliance
Capture-the-Flag Training
Reverse Engineering
Reporting
PowerShell
SSH & SSL
Linux Basics
>DIGITAL PRIVACY AND HYGIENE
Fake Numbers for Privacy
Personal Information Removal Services
De-Googling Android
DNS Services
Privacy References
Opsec
>REDPLANET LABS
PyGOAT
Page
Link 🔗:-
https://book.martiandefense.llc/
@GitBook_s
7 497
Passion
>PRIVILEGE ESCALATION
Linux
Windows
>NETWORK SECURITY
Port Scanning
DNS Enumeration
FTP Enumeration
SSH Enumeration
SMB Enumeration
SMTP Enumeration
POP3 Enumeration
>CHECKLISTS
Active Directory Security
OS Command Injection
Buffer Overflow
Broken Access Control
Local File Inclusion
SSRF
XXE Attacks
SQL Injection
XSS
>WEBAPP SECURITY
Local File Inclusion
File Upload Attacks
Broken Access Control
OS Command Injection
SSTI
XXE Attacks
SQL Injection
Server Side Request Forgery
OAuth Attacks
XSS
>WEBAPP MITIGATIONS
SSTI
>DOCKER SECURITY
Configuration
Ngnix Deployment
Link 🔗:-
https://d0pt3x.gitbook.io/passion
@GitBook_s
7 497
Cyber Security / Ethical Hacking
>CTF/OSCP PREP
Fundamentals
Information Gathering
Enumeration
Exploitation
>BINARY EXPLOITATION/EXPLOIT DEVELOPMENT
Useful tools and techniques
for Binary Exploitation
Shellcoders Handbook
>TRYHACKME
Linux Fundamentals
Advent of Cyber
Web Application Security
Linux Privesc Playground
Intro to x86-64
Ninja Skills
CC: Radare2
Reversing ELF
Intro to Python
ToolsRus
>PROGRAMMING
Python
Golang
PROTOSTAR
Stack 0
Golang
>PROTOSTAR
Stack 0
Stack 1
Stack 2
>WEB APP PENTESTING
Recon
Authentication (Portswigger Academy)
Broken Acess Controls
>HACKTHEBOX
Active
Link 🔗:-
https://666isildur.gitbook.io/ethical-hacking/
@GitBook_s
7 497
anishkashukla - Networking
Networking and Topology
Firewall
MAC Adress
OSI Model
IP Adress
Subnetting
IP Adressing Methods
TCP/IP Protocol Suites
Ports
Networking Services
Routing Protocols
WAN Technologies
Network Types
Remote Access Protocols and Services
Authentication Protocols
Cloud Computing
Vlan,Internet and Extranet
Optimization and Fault Tolerance
Security Protocols
Soho Routers
Network Utilities
Networking Issues
Troubleshooting Strategy
Link 🔗:-
https://anishkashukla.gitbook.io/networking/
@GitBook_s
7 497
Try Harder Journey
Recon/Enumeration
Exploitation
Privilege Escalation
Linux/Unix
Reverse Shell CheatSheet
BOF
File upload vulnerabilities
Port Forwarding
File Transfer
Proof
Report
Python
AD Attack
Cloud
OSINT
HTB
Link 🔗:-
https://atryharder.gitbook.io/try-harder-journey
@GitBook_s
7 497
Shikata Ga Nai
>GAINING ACCESS
Nmap
Reverse Shell
Password Cracking
Other Services
Web
>LINUX FOOTHOLD
Linux Tricks
Privesc
>WINDOWS FOOTHOLD
Privesc
>BINARY
Calling Conventions
Debuggers
Examining Binaries
Shellcoding
Bypassing Exploit Mitigation Techniques [Linux]
>STEGO
Stego tools
Link 🔗:-
https://nickbhe.gitbook.io/shikata-ga-nai-1/
@GitBook_s
7 497
Basic Penetration Testing
About Knowledge
Server Enumeration
Web Application
Remote Code Execution
File Transfer
Hash Cracking
Privilege Escalation
Buffer Overflow
About LeeCyberSec
Link 🔗:-
https://leecybersec.gitbook.io/oscp
@GitBook_s
