Bug bounty Bootcamp 📃🕸🔖

• Is an excellent guide looking to break into the world of bug hunting

The book covers :
Everything from the basics of web security to advanced techniques for finding vulnerabilities in complex systems.

Another important aspect of the book is the :

Emphasis on practical
Hands-on experience

This Book is an excellent resource for anyone interested in bug bounty hunting

https://bugbountyguide.org/top-best-books-for-bugbounty/#bug-bounty-bootcamp

How is it ?

💫 OSI model V/S TCP/IP model, take a look at the comparison.

New Flyer, check this out on site, if you want to read in HD : smpl.is/12dur

If you like this, feel free to provide your feedback with emoji!

#infosec #appsec #securityzines #cybersecurity

AWS Well-Architected Labs

https://dx1572sre29wk.cloudfront.net/security/

#bugbounty #infosec #hacking #pentesting

OS Command Injection 🕸🔖

Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application

leads to fully compromising the application and all its data.

Thread 🧵 : 👇

https://twitter.com/Aacle_/status/1629700693530640385?s=20

The 1st time I tried Bugcrowd! And found 1 P2 level vulnerability

Credit: bug_vs_me (Deepak)

Tip:- always try to check if the website is hosted on Netlify!

Then try:- for example the main domain name is Deepak

So I tried http://deepak-dev.netlify.app/admin
60% of people set Netlify CMS to public signup
#bugbountytips

My OS Command Injection { Notion's Notes }

https://aacle.notion.site/OS-Command-Injection-cc45796dbedc4919b0aca76b2e807c16

We Hacked GitHub for a Month : Here’s What We Found @MrRajputHacker 🤝@Th3Pr0xyB0y

blog.cyberxplore.com/we-hacked-gith…

#BugBounty #bugbountytips #infosec #cybersecurite

Price Manipulation Method

If the product price parameter cannot be changed, change the quantity of products.

items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €

#bugbountytips #bugbountytip #bugbounty #cybersecurity #ethicalhacking

Bypassing XSS Detection Mechanisms ☝️

Browser-Based application LFI
file:///etc/passwd blacklisted? Use "view-source:file:///etc/passwd"
"view-source" is often forgotten by developers in blacklists.

#BugBounty #BugBountyTip #BugBountyTips

I use this tools: subfinder, amass, puredns, dnsrecon, assetfinder, subscraper

After search, I filter results with this tool: filter-resolved

Because these tools bring a lot of invalid subdomains. Then I use this tool to get me only valid DNS

try this:
cat subdomainlist.txt | sort -u | filter-resolved > subdomainlist_resolved.txt

Bug Reports 🥬☘️ & Bug bounty Guide 🌿🎯🍀

1)Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users
https://hackerone.com/reports/1692788

2)The Story of Becoming a Super Admin
https://medium.com/@omerkepenek/the-story-of-becoming-a-super-admin-ab32db7dd1b3

3)How to Bypass XSS Filters: A Practical Example
https://securitylit.medium.com/how-to-bypass-xss-filters-a-practical-example-3189877fe2ce

4)XSS Vulnerability Types
https://medium.com/@rkarthik435/xss-vulnerability-types-272ae496d1a1

5)A Beginner’s Guide to Bug Hunting and Exploiting Common WordPress Vulnerabilities
https://medium.com/@cuncis/a-beginners-guide-to-bug-hunting-and-exploiting-common-wordpress-vulnerabilities-821fe0d79461

6)What Is Open Source Intelligence (OSINT) In the Context of Bug Bounty
https://securitylit.medium.com/what-is-open-source-intelligence-osint-in-the-context-of-bug-bounty-c792f8680e3c

7)Can you spot the vulnerability? #16022023 — Intigriti
https://infosecwriteups.com/can-you-spot-the-vulnerability-16022023-intigriti-a46068e557cc

8)Skipjack Encryption: Understanding Its Advantages and Limitations in Cyber Security | 2023
https://cyberw1ng.medium.com/skipjack-encryption-understanding-its-advantages-and-limitations-in-cyber-security-2023-b0dcfdf8cf6c

9)Earning cryptocurrency through bug bounties
https://medium.com/@apriltoken/earning-cryptocurrency-through-bug-bounties-718158b013dd

Bug Reports 🥬☘️ & Bug bounty Guide 🌿🎯🍀 ☝️☝️