Forwarded from HackerOne (xDD)
🗣
How to become a Bug Bounty Hunter 💪
https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter
How to become a Bug Bounty Hunter 💪
https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter
Давно здесь ничего не публиковал, даже канал свой потерял среди остальных. Нашел его случайно при поиске по теме bug hunting 😂
tips from https://youtu.be/CU9Iafc-Igs
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the tutorials and do the CTF on Hacker101 bit.ly/hacker101-stok
4. Sign up for Pentersterlab and try their stuff out! bit.ly/pentesterlab-stok
5. Watch everything on https://www.bugcrowd.com/university
6. Sign up for Hackerone (bit.ly/hackerone-stok) Bugcrowd or any other BB platform.
7. Get a Burp pro license, its way better than getting a “ethical hacker course” https://portswigger.net/
8. Find a program that you like and vibe with, its more fun to hack on a program or brand you like.
9. Don’t waste time on VDP’s
10. Don’t be discouraged that everyone else has automated everything, its just not true.
11. Always approach a target like you’re the first one there. Your view is unique.
12. Remember, Zero days can be new bugs in old code. Tavis has shown that over and over again.
13. Be proud of your work, you did this!
//STÖK..
ps,., stay epic..
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the tutorials and do the CTF on Hacker101 bit.ly/hacker101-stok
4. Sign up for Pentersterlab and try their stuff out! bit.ly/pentesterlab-stok
5. Watch everything on https://www.bugcrowd.com/university
6. Sign up for Hackerone (bit.ly/hackerone-stok) Bugcrowd or any other BB platform.
7. Get a Burp pro license, its way better than getting a “ethical hacker course” https://portswigger.net/
8. Find a program that you like and vibe with, its more fun to hack on a program or brand you like.
9. Don’t waste time on VDP’s
10. Don’t be discouraged that everyone else has automated everything, its just not true.
11. Always approach a target like you’re the first one there. Your view is unique.
12. Remember, Zero days can be new bugs in old code. Tavis has shown that over and over again.
13. Be proud of your work, you did this!
//STÖK..
ps,., stay epic..
YouTube
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS)
So here are the tips/pointers I give to anyone that’s new to Bug bounty / bounties and apptesting.
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the…
1. Sign up for Hackerone to get Petes book Webhacking 101 bit.ly/hackerone-stok
2. Watch anything you can from Jason Haddix just google it.
3. Watch all the…
Описание интересной php ошибки в треде https://twitter.com/0dayWizard/status/1452066438479503366?t=FTP2y495dz_CT-NUfNBxcA&s=19
Twitter
MLT
There are some useful quirks in PHP's URL handling that can be abused for LFI. So most of u guys prob know that: /etc/passwd is the same as: /etc/passwd/ or even: /etc/passwd/// (as many trailing slashes as u want) Another quirk of PHP is paths > 4096 bytes…
Forwarded from S.E.Book
📓 Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities.
💬 Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.
💬 You’ll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you’ll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you’ll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You’ll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.
📌 Download.
#Bug_Bounty #Book
💬 Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.
💬 You’ll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you’ll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you’ll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You’ll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.
📌 Download.
#Bug_Bounty #Book
Forwarded from S.E.Book
📓 Ethical Hacking: A Hands-on Introduction to Breaking In.
💬 You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network.
Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
Capturing passwords in a corporate Windows network using Mimikatz
Scanning (almost) every device on the internet to find potential victims
Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads
📌 Download.
#Hack #Metasploit #Eng #book
💬 You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network.
Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
Capturing passwords in a corporate Windows network using Mimikatz
Scanning (almost) every device on the internet to find potential victims
Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads
📌 Download.
#Hack #Metasploit #Eng #book
Forwarded from TechBooks - книги для программистов
Ловушка для багов. Полевое руководство по веб-хакингу
Автор: Яворски Питер
Год издания: 2020
Скачать книгу
#hacking #русский
Автор: Яворски Питер
Год издания: 2020
Скачать книгу
#hacking #русский
https://vickieli.dev/
Сайт автора книги Bug Bounty Bootcamp
содержит интересные статьи по данной тематике
Сайт автора книги Bug Bounty Bootcamp
содержит интересные статьи по данной тематике
Vickie Li's Security Blog
Vickie Li’s Security Blog
Vickie Li’s Security Blog.
https://twitter.com/theXSSrat/status/1452374152300597251?s=20
Free Udemy Course от XSS Rat по купону
обычно подобные купоны действуют пару дней, так что лучше зарегистрироваться сейчас, пока купон дает на бесплатную покупку, а потом уже проходить, когда будет время
Free Udemy Course от XSS Rat по купону
обычно подобные купоны действуют пару дней, так что лучше зарегистрироваться сейчас, пока купон дает на бесплатную покупку, а потом уже проходить, когда будет время
Twitter
The XSS Rat - Voted #1 Hacker By His Mom
Giveaway time 🌈🌈🥸🥸udemy.com/course/uncle-r… udemy.com/course/the-owa…
Подписавшись на https://twitter.com/InfoSecTogether
и https://twitter.com/theXSSrat
разблокировав в твиттере сообещния от неизвестных людей и ответив в треде данного сообщения https://twitter.com/InfoSecTogether/status/1447600027153670145
можно получить купон для бесплатной покупки курса, https://thexssrat.podia.com/000-rat-pack-boot-camp
стоимость которого без купонов 400$
и https://twitter.com/theXSSrat
разблокировав в твиттере сообещния от неизвестных людей и ответив в треде данного сообщения https://twitter.com/InfoSecTogether/status/1447600027153670145
можно получить купон для бесплатной покупки курса, https://thexssrat.podia.com/000-rat-pack-boot-camp
стоимость которого без купонов 400$
Twitter
Information Security Collective (@InfoSecTogether) | Twitter
The latest Tweets from Information Security Collective (@InfoSecTogether). We are a 501(c)3 #InfoSec nonprofit whose mission is to give everyone regardless of experience a place to come together, share ideas, and advance the community. Oregon, USA
Платформы для обучения:
- https://tryhackme.com/
- https://www.hackthebox.eu/
- https://portswigger.net/web-security
- https://www.hacker101.com/
- https://tryhackme.com/
- https://www.hackthebox.eu/
- https://portswigger.net/web-security
- https://www.hacker101.com/
TryHackMe
TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
Forwarded from Библиотека разработчика
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Dafydd Stuttard
Веб-приложения являются входной дверью для большинства организаций, подвергаясь атакам, они могут раскрыть личную информацию, выполнить мошеннические транзакции или скомпрометировать обычных пользователей. Эта практическая книга была полностью обновлена и переработана, чтобы обсудить новейшие пошаговые методы для атаки и защиты целого ряда постоянно развивающихся веб-приложений. Вы изучите различные новые технологии, применяемые в веб-приложениях, и рассмотрите новые методы атаки, разработанные, особенно в отношении клиентской части.
Язык: Английский 🇬🇧
💾 Скачать
#книга #web #pentest #eng
Dafydd Stuttard
Веб-приложения являются входной дверью для большинства организаций, подвергаясь атакам, они могут раскрыть личную информацию, выполнить мошеннические транзакции или скомпрометировать обычных пользователей. Эта практическая книга была полностью обновлена и переработана, чтобы обсудить новейшие пошаговые методы для атаки и защиты целого ряда постоянно развивающихся веб-приложений. Вы изучите различные новые технологии, применяемые в веб-приложениях, и рассмотрите новые методы атаки, разработанные, особенно в отношении клиентской части.
Язык: Английский 🇬🇧
💾 Скачать
[PDF]#книга #web #pentest #eng