Forwarded from ppxv
Telegraph
SQL инъекции для новичков
Для того, чтобы понять данную статью, вам не особо понадобится знания SQL-языка, а хотя бы наличие хорошего терпения и немного мозгов — для запоминания. Я считаю, что одного прочтения статьи будет мало, т.к. нам нужны живые примеры — как известно практика…
Интересный курс "CND - защита от хакерских атак"
https://openssource.biz/eksklyuziv-cnd-zashhita-ot-xakerskix-atak.html
https://cloud.mail.ru/public/GDrF/VQaiaoedn/
https://openssource.biz/eksklyuziv-cnd-zashhita-ot-xakerskix-atak.html
https://cloud.mail.ru/public/GDrF/VQaiaoedn/
openssource.biz
[ЭКСКЛЮЗИВ] CND: Защита от хакерских атак | OPENSSOURCE — Халява, раздачи, обзоры, схемы заработка, скачать курсы, тренинги, книги…
Курс: "CND: Защита от хакерских атак". Нереально шикарный материал по информационной безопасности от специалистов! О курсе только шикарные отзывы (как и со стороны выпускников, так и со стороны складч...
Курс The Complete Ethical Hacking Course Beginner To Advanced от Udemy
https://archive.org/download/TheCompleteEthicalHackingCourseBeginnerToAdvanced
https://archive.org/download/TheCompleteEthicalHackingCourseBeginnerToAdvanced
Forwarded from HackerOne (xDD)
🗣
How to become a Bug Bounty Hunter 💪
https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter
How to become a Bug Bounty Hunter 💪
https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter
Давно здесь ничего не публиковал, даже канал свой потерял среди остальных. Нашел его случайно при поиске по теме bug hunting 😂
tips from https://youtu.be/CU9Iafc-Igs
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the tutorials and do the CTF on Hacker101 bit.ly/hacker101-stok
4. Sign up for Pentersterlab and try their stuff out! bit.ly/pentesterlab-stok
5. Watch everything on https://www.bugcrowd.com/university
6. Sign up for Hackerone (bit.ly/hackerone-stok) Bugcrowd or any other BB platform.
7. Get a Burp pro license, its way better than getting a “ethical hacker course” https://portswigger.net/
8. Find a program that you like and vibe with, its more fun to hack on a program or brand you like.
9. Don’t waste time on VDP’s
10. Don’t be discouraged that everyone else has automated everything, its just not true.
11. Always approach a target like you’re the first one there. Your view is unique.
12. Remember, Zero days can be new bugs in old code. Tavis has shown that over and over again.
13. Be proud of your work, you did this!
//STÖK..
ps,., stay epic..
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the tutorials and do the CTF on Hacker101 bit.ly/hacker101-stok
4. Sign up for Pentersterlab and try their stuff out! bit.ly/pentesterlab-stok
5. Watch everything on https://www.bugcrowd.com/university
6. Sign up for Hackerone (bit.ly/hackerone-stok) Bugcrowd or any other BB platform.
7. Get a Burp pro license, its way better than getting a “ethical hacker course” https://portswigger.net/
8. Find a program that you like and vibe with, its more fun to hack on a program or brand you like.
9. Don’t waste time on VDP’s
10. Don’t be discouraged that everyone else has automated everything, its just not true.
11. Always approach a target like you’re the first one there. Your view is unique.
12. Remember, Zero days can be new bugs in old code. Tavis has shown that over and over again.
13. Be proud of your work, you did this!
//STÖK..
ps,., stay epic..
YouTube
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS)
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the…
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the…
Описание интересной php ошибки в треде https://twitter.com/0dayWizard/status/1452066438479503366?t=FTP2y495dz_CT-NUfNBxcA&s=19
Twitter
MLT
There are some useful quirks in PHP's URL handling that can be abused for LFI. So most of u guys prob know that: /etc/passwd is the same as: /etc/passwd/ or even: /etc/passwd/// (as many trailing slashes as u want) Another quirk of PHP is paths > 4096 bytes…
Forwarded from S.E.Book
📓 Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities.
💬 Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.
💬 You’ll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you’ll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you’ll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You’ll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.
📌 Download.
#Bug_Bounty #Book
💬 Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.
💬 You’ll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you’ll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you’ll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You’ll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.
📌 Download.
#Bug_Bounty #Book
Forwarded from S.E.Book
📓 Ethical Hacking: A Hands-on Introduction to Breaking In.
💬 You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network.
Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
Capturing passwords in a corporate Windows network using Mimikatz
Scanning (almost) every device on the internet to find potential victims
Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads
📌 Download.
#Hack #Metasploit #Eng #book
💬 You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network.
Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
Capturing passwords in a corporate Windows network using Mimikatz
Scanning (almost) every device on the internet to find potential victims
Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads
📌 Download.
#Hack #Metasploit #Eng #book
Forwarded from TechBooks - книги для программистов
Ловушка для багов. Полевое руководство по веб-хакингу
Автор: Яворски Питер
Год издания: 2020
Скачать книгу
#hacking #русский
Автор: Яворски Питер
Год издания: 2020
Скачать книгу
#hacking #русский
https://vickieli.dev/
Сайт автора книги Bug Bounty Bootcamp
содержит интересные статьи по данной тематике
Сайт автора книги Bug Bounty Bootcamp
содержит интересные статьи по данной тематике
Vickie Li's Security Blog
Vickie Li’s Security Blog
Vickie Li’s Security Blog.
https://twitter.com/theXSSrat/status/1452374152300597251?s=20
Free Udemy Course от XSS Rat по купону
обычно подобные купоны действуют пару дней, так что лучше зарегистрироваться сейчас, пока купон дает на бесплатную покупку, а потом уже проходить, когда будет время
Free Udemy Course от XSS Rat по купону
обычно подобные купоны действуют пару дней, так что лучше зарегистрироваться сейчас, пока купон дает на бесплатную покупку, а потом уже проходить, когда будет время
Twitter
The XSS Rat - Voted #1 Hacker By His Mom
Giveaway time 🌈🌈🥸🥸udemy.com/course/uncle-r… udemy.com/course/the-owa…
Подписавшись на https://twitter.com/InfoSecTogether
и https://twitter.com/theXSSrat
разблокировав в твиттере сообещния от неизвестных людей и ответив в треде данного сообщения https://twitter.com/InfoSecTogether/status/1447600027153670145
можно получить купон для бесплатной покупки курса, https://thexssrat.podia.com/000-rat-pack-boot-camp
стоимость которого без купонов 400$
и https://twitter.com/theXSSrat
разблокировав в твиттере сообещния от неизвестных людей и ответив в треде данного сообщения https://twitter.com/InfoSecTogether/status/1447600027153670145
можно получить купон для бесплатной покупки курса, https://thexssrat.podia.com/000-rat-pack-boot-camp
стоимость которого без купонов 400$
Twitter
Information Security Collective (@InfoSecTogether) | Twitter
The latest Tweets from Information Security Collective (@InfoSecTogether). We are a 501(c)3 #InfoSec nonprofit whose mission is to give everyone regardless of experience a place to come together, share ideas, and advance the community. Oregon, USA
Платформы для обучения:
- https://tryhackme.com/
- https://www.hackthebox.eu/
- https://portswigger.net/web-security
- https://www.hacker101.com/
- https://tryhackme.com/
- https://www.hackthebox.eu/
- https://portswigger.net/web-security
- https://www.hacker101.com/
TryHackMe
TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!