Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities by Vickie Li, 2021

You'll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you'll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you'll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You'll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.

Finally, the book touches on advanced techniques rarely covered in introductory hacking books but that are crucial to understand to hack web applications. You'll learn how to hack mobile apps, review an application's source code for security issues, find vulnerabilities in APIs, and automate your hacking process.

#book

Баг Баунти PlayBook, перевод Timcore, 2022

Источник
https://timcore.ru/tag/bag-baunti/

Хабр
https://habr.com/ru/company/otus/blog/480822/

#book

RTFM: Red Team Field Manual v2 ( July 11, 2022) by Ben Clark, Nick Downer

Over 8 years ago, the Red Team Field Manual (RTFM) was born out of operator field notes inspired by years of Red Team missions. While tools and techniques change, operators still constantly find themselves in common operating environments, with time running out. The RTFM has provided a quick reference when there is no time to scour the Internet for that perfect command.

RTFM version 2 has been completely overhauled, with the addition of over 290 new commands and techniques. It has also been thoroughly updated and tested to ensure it works against modern operating systems. Version 2 includes a new Mac OS section and a section outlining tradecraft considerations.

Предыдущий пост
https://news.1rj.ru/str/w2hack/1642

#book