https://security.lauritz-holtmann.de/advisories/flickr-account-takeover/
Интересный баг, связанный с неправильной имплементацией механизма аутентификации через AWS Cognito, позволяющий залогиниться в любой аккаунт.

Name: Bug Bounty Hunting for Web Security
Author: Sanjib Sinha
Year: 2019

Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab.

You will then discover how request forgery injection works on web pages
and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site noscripting works and find out about effective ways to exploit it.
Скачать.

Name: Bug Bounty Automation With Python: The secrets of bug hunting.
Author: Syed Abuthahir

This book demonstrates the hands-on
automation using python for each topic mentioned in the table of contents.
This book gives you a basic idea of how to automate something to reduce the
repetitive tasks and perform automated ways of OSINT and
Reconnaissance.This book also gives you the overview of the python
programming in the python crash course section. This book is the first part of
bug bounty automation with python series.

Скачать.

📖 Ethical Hacking: A Complete Guide With Tips and Tricks.

• Дата выхода: 25 Декабря 2021 года.
• Рейтинг: ⭐️⭐️⭐️⭐️(4 out of 5)

• Подробное описание книги.

• VT.

• This book contains numerous examples of various attacks and some exercises that you can use when performing these attacks for the first time. It is critical to remember that ethical hacking is quickly becoming one of the most in-demand professions because every organization is looking for a way to protect their data.

🧩 Софт для чтения.

#Eng #Hack

🕵️‍♂️ Тестирование безопасности веб-приложений своими cилами

В связи с ростом числа всевозможных кибератак разумно инвестировать свое время в создание мер по безопасности веб-приложений.

Поэтому не менее важно вкладывать средства в тестирование безопасности веб-приложений, поскольку агентства, организации и компании все больше осознают постоянно присутствующие угрозы безопасности веб-приложений.

Читать

How I found (and fixed) a vulnerability in Python
https://tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/

https://youst.in/posts/cache-poisoning-at-scale/

Cache Poisoning at Scale

Identifying and Exploiting over 70 Cache Poisoning vulnerabilities

The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
https://www.reddit.com/r/netsec/comments/rxpcjk/the_jndi_strikes_back_unauthenticated_rce_in_h2/?utm_medium=android_app&utm_source=share

📮Vulnerable Web Applications for Practice📮


BadStore http://www.badstore.net/
BodgeIt Store http://code.google.com/p/bodgeit/
Butterfly Security Project http://thebutterflytmp.sourceforge.net/
bWAPP http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
Commix https://github.com/stasinopoulos/commix-testbed
CryptOMG https://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA) https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOver http://sourceforge.net/projects/null-gameover/
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazon https://github.com/rapid7/hackazon
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
Moth http://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
OWASP BWA http://code.google.com/p/owaspbwa/
OWASP Hackademic http://hackademic1.teilar.gr/
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLab https://pentesterlab.com/
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBench http://suif.stanford.edu/~livshits/securibench/
SentinelTestbed https://github.com/dobin/SentinelTestbed
SocketToMe http://digi.ninja/projects/sockettome.php
sqli-labs https://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow) https://github.com/SpiderLabs/MCIR
sqlilabs https://github.com/himadriganguly/sqlilabs
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMall http://code.google.com/p/puzzlemall/
WackoPicko https://github.com/adamdoupe/WackoPicko
WAED http://www.waed.info
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
XVWA https://github.com/s4n7h0/xvwa
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip


●▬۩❁ @geeekgirls ❁۩▬●

🔰 Best websites to test your hacking skills 🔰


https://pwnable.kr/
https://hack.me/
https://ctflearn.com/
https://google-gruyere.appspot.com/
https://www.root-me.org/en/
https://www.hackthebox.eu/
https://www.hacking-lab.com/
http://www.gameofhacks.com/
https://overthewire.org/
https://microcorruption.com/
https://xss-game.appspot.com/
https://www.hackthissite.org/pages/index/index.php
https://crackmes.one/
https://pentest.training/
https://www.hellboundhackers.org/
http://hax.tor.hu/
https://thisislegal.com/
https://tryhackme.com/

●▬۩❁ @geeekgirls ❁۩▬●