Bug Bounty Tips

chenqiang

原文链接：Bug Bounty Tips

正文

现在只对常读和星标的公众号才展示大图推送，建议大家能把迪哥讲事(growing0101)“设为星标”，否则可能就看不到了啦！

?? ?????? ?? ??????? ?? WPScan https://jetamooz.com/wpscan/

My OSCP Exam Adventure https://link.medium.com/cW7XI9xL9xb

KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets https://thehackernews.com/2023/0 ... in-latest-dark.html

Confirm your seat @1st April Pune Meetup https://docs.google.com/forms/d/ ... wform?usp=send_form

OKX - Bug Bounty Program | HackerOne https://hackerone.com/okx

Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom https://thehackernews.com/2023/0 ... dozen-security.html

overview for GobySec_ https://www.reddit.com/user/GobySec_

GitHub - B3nac/Android-Reports-and-Resources: A big list of Android Hackerone disclosed reports and other resources. https://github.com/B3nac/Android-Reports-and-Resources

Georgia.gov https://georgia.gov/

GitHub - SirBugs/endext: EndExt is a .go tool for extracting all the possible endpoints from the JS files https://github.com/SirBugs/endext

Hacking the Docker Registry with Burp Suite https://medium.com/@H1Xploit/hac ... -suite-18112cbfb6dd

W3DNA Bug Bounty https://medium.com/@web3dna/w3dna-bug-bounty-d00d1c4c39aa

Preventing Broken Access Control Vulnerabilities: Best Practices for Developers https://securitylit.medium.com/p ... lopers-dbffb8e9d1fd

Bug Bounty Hunting 101: Mass FTP anonymous Login Hunt https://medium.com/@haythamkarou ... n-hunt-9c4b20782664

Amazon cognito misconfiguration https://medium.com/@minometidji/ ... ration-4e90d14377c7

How to Choose Your Pentest Partner https://akash-venky091.medium.co ... artner-b077f2034d9a

Cassava Carnival?—?1,000 USDT & 100,000 CB Coins & Surprise from Cassava partners https://remixteam.medium.com/cas ... rtners-be387e8d3314

Retro?—?Pentesting a WordPress website https://medium.com/@kawsaruddin2 ... ebsite-3506f4097d10

A Guide to Broken Access Control Testing and Remediation https://securitylit.medium.com/a ... iation-6d14c4bb6efb

All you want to know about ffuf https://medium.com/@anishji0306/ ... t-ffuf-8817218de2a6

Mastering Google Dorks: Top Search Queries Every Hacker Should Know https://medium.com/@SamitHota/ma ... d-know-e735efd12478

How I Leak Other’s Access Token by Exploiting Evil Deeplink Flaw https://infosecwriteups.com/how- ... k-flaw-a0a566677639

XXE with ChatGPT https://infosecwriteups.com/xxe-with-chatgpt-3e4aa7c4b9c9

It is always a good time to check if the domain itself integrates a compressed file, be it zip, rar or tar.gz among the best known.
https://redacted.com/www.redacted.com.tar.gz

Osmedeus-Premium-Workflow https://xmind.app/m/LkjG2R/

Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily https://thehackernews.com/2023/0 ... e-scale-use-of.html

The Best API Testing Tools In 2023 ?? Hack Reveal https://hackreveal.com/the-best-api-testing-tools-in-2023/

Wells Fargo - Vulnerability Disclosure Program | HackerOne https://hackerone.com/wellsfargo

CertVerify - A Scanner That Files With Compromised Or Untrusted Code Signing Certificates https://www.kitploit.com/2023/03 ... hat-files-with.html

small tip for bypassing XSSes, worked for me on a target its by changing the scheme > WAF > WAF not implemented Saw it somewhere on github, someone may benefit from it ! 1/2 https://www.target.com/param=XSS

GitHub - ndmalc/CVE-2021-20323 https://github.com/ndmalc/CVE-2021-20323

GitHub - Macmod/goblob: A fast enumeration tool for publicly exposed Azure Storage blobs. https://github.com/Macmod/goblob

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks https://thehackernews.com/2023/0 ... -based-malware.html

The Prolificacy of LockBit Ransomware https://thehackernews.com/2023/0 ... bit-ransomware.html

Using Metasploit to Find Vulnerable MSSQL Systems - Reading Bag library https://readingbag.xyz/using-met ... able-mssql-systems/

Akash H C (Indian) on LinkedIn: How to Find Blind XSS and Attack scenarios with payloads https://www.linkedin.com/feed/up ... 7041430870255169537

hamzaavvan - Intigriti https://app.intigriti.com/profile/hamzaavvan

r/Switzerland on Reddit: Is this an actual method of receiving payment or am I being scammed? https://www.reddit.com/r/Switzer ... ontent=share_button

dpl4hydra | Alonso Caballero / ReYDeS https://www.reydes.com/d/?q=dpl4hydra

☆ Rao ☆ on LinkedIn: #openforjobs #opentowork #cybersecurity #jobhelp https://www.linkedin.com/posts/% ... 43990193246208-p0Vt

A smart contract is https://www.academia.edu/s/0682d74803?source=twitter

Owned Inject from Hack The Box! https://www.hackthebox.com/achievement/machine/866400/533

Construisons ensemble une école engagée https://www.education.gouv.fr/

Looker Developer Portal https://developers.looker.com/

a smart contract is.docx https://www.slideshare.net/Secur ... art-contract-isdocx

Vulnerability Reward Program: 2022 Year in Review https://security.googleblog.com/ ... gram-2022-year.html

The Need for Screen-Recording Platforms https://unfoldlabs.com/infograph ... rding-software.html

LockBit — самая популярная вымогательская банда в мире https://www.securitylab.ru/news/536920.php

40 Methods For Privilege Escalation(RTC0001) https://redteamrecipe.com/40-Method-For-Privilege-Escalation/

Python Jail Escape and RCE on a Flask App - Basilic CTF Ep2 https://www.youtube.com/watch?v=kaZP-NuiQpk&feature=youtu.be

CX for Utilities 2023 https://www.softclouds.com/infographic/cx-utilities/

Directory Traversal Basics https://medium.com/@sreeragpb01/ ... basics-bd087a39a737

Blackboxing LayerZero Labs’ off-chain Relayer https://medium.com/@blockian/bla ... elayer-954aecab0f62

Broken Access Control?—?BAC https://mrnazu.medium.com/broken-access-control-bac-40dfa10a480a

(CVE-2023-1355): NULL Pointer Dereference in vim/vim. Disclosed by , fixed by vim maintainers... #CVE
https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9/