Updates to this repo will be pushed monthly. You can read about the latest changes below.
- Blogposts & Disclosed Reports:
- THEY SEE ME SCANNIN’, THEY HATIN’: A BEGINNER’S GUIDE TO NMAP - by Sophia
- How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber - by Andrewaeva
- Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss - by Harsh Bothra
- How to Hack Database Links in SQL Server! - by Antti Rantasaari
- The Secret sauce of bug bounty - by Mohamed Slamat
- MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT - by nahamsec
- MY BUG BOUNTY JOURNEY! - by Farah Hawa
- Bypassing WAF to perform XSS - by Kleitonx00
- Labs:
- Will it CORS?
- Coding:
- Linux Beginner Boost
- Media:
- rwxrob as a streamer
- ChaosComputerClub Germany Media Resources under Misc
- @ZephrFish in Twitter List
- @CalumBoal in Twitter List
- @_superhero1 in Twitter List
- CRE in Podcasts
- Phrack in Misc
- CCC Luxembourg Podcast in Podcasts
- Tools:
- KeyHacks in the Scanner section
- Notion in the Notes section
- Joplin in the Notes section
- Xmind in the Notes section
- SpiderFoot in the Recon section
- Axiom in the Notes section
- webhook in Misc
- requestcatcher in Misc
- canarytokens in Misc
- Nmap command helper in Scanner
- KeyHacks in the Scanner section
- Mindset & Mental Health:
- Happy Hacking
- Basics
-
Computing Fundamentals
-
Exeter Q-Step Resources
-
Setup bugbounty hunting env on termux - by @hahwul
-
- Media:
- New curated Bug Bounty List (Twitter)
- Curated List of YT Channels by TCM
- Labs:
- Kontra Application Security Training
- Cyberseclabs
- Coding:
- Exercism
- CodeCademy
- Khan Academy
- Learn Python the Hard Way
- Udacity
- Bug Bounty with Bash
- Setup:
- New Video by nahamsec: Creating Wordlists for Pentesting & Bug Bounty
- Blogposts & Disclosed Reports:
- Piercing the Veal by d0nut
- Basic Bug Bounty FAQ by dawgyg
- How to Set up Certificate-Based SSH for Bug Hunting by Mack Staples
- Getting started in Cyber Security in 2019 – The Complete Guide by ceos3c
- WTF is a Bug Bounty? by ceos3c
- How to solve the INTIGRITI Easter XSS challenge using only Chrome Devtools by STÖK
- URL link spoofing (Slack) by Akaki Tsunoda (akaki)
- Subdomain Takeover to Authentication bypass by geekboy
- Zseano’s notes on hacking & mentoring by Intigriti & Zseano
- Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts by Sam Curry
- Mobile:
- Android App Reverse Engineering 101 by Maddie Stone
- Tools:
- Ghidra -> Mobile
- jadx -> Mobile
- nuclei -> Recon & OSINT
- New Category: Certifications
- Fot the moment one Cert: OSCP
- New Category: Mindset & Mental Health
- Changed the formating of the Changelog starting this month to make it cleaner
- Removed the links for every new addition to its article.
The headers for every category now links to their page instead. - Changed the formatting of the HTTP Section in the Basics Category
- Changed Blogposts to -> Blogposts & Disclosed Reports
- Changed some of the formatting in the XSS Blogposts, cleaner now
- Fixed some layout errors
- Added missing Header in Basics Category
- Fixed Typos
- New in Basics
- Added Stanford CS 253 Web Security
- New Category: Hardware & IoT
- Added Exploitee.rs Wiki
- New Category: Coding & Scripting
- Added Bash Scripting Full Course 3 Hours
- Added ShellCheck
- Added Explainshell
- Added Discovering the Terminal
- Added Text Processing in the Shell
- New Podcasts:
- Darknet Diaries Episode 60 with dawgyg
- The Bug Bounty Podscast Episode 3 with nahamsec
- New in Tools:
- crithit
- objection - A new Mobile tool
- CyberChef
- RMS - Runtime Mobile Security
- New Category: Notes & Organization
- Reconness to Notes & Organization
- Updog to Notes & Organization
- New Category: Burp Extensions
- Logger++ to Burp Extensions
- AuthMatrix to Burp Extensions
- Autorize to Burp Extensions
- Auto Repeater to Burp Extensions
- Progress Tracker to Burp Extensions
- Flow to Burp Extensions
- New in Labs:
- TryHackMe & Videos
- New in Media:
- @codingo_ now in Twitter-List
- New Streamers:
- New in BlogPosts:
- New Category: API
- Added 31 Days of API Security Tips- Misc
- Added Blind SQL Injection on windows10.hi-tech.mail.ru - SQLInjection
- Added DOM XSS on app.starbucks.com via ReturnUrl - DOMXSS
- Added Email address of any user can be queried on Report Invitation GraphQL type when username is known - GraphQL
- Added External XML Entity via File Upload (SVG) - File Upload
- Added Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies - HTTP Desync
- Added gitGraber: A tool to monitor GitHub in real-time to find sensitive data - by @adrien_jeanneau & @R_Marot
- Added 2 Cases of Path Traversal by @leonishan_
- Added Google Bug Bounty Writeup- XSS Vulnerability - by @itsmepethu
- Added Top 10 web hacking techniques of 2019 by James Kettle
- Added Recon: Create a methodology and start your subdomain enumeration - by FailedNuke
- Added Understanding Search Syntax on Github - by Github
- New in Mobile:
- New in Vulnerabilities:
- New Video: Cross-Site Scripting (XSS) Explained -by PwnFunction
- New in Setup:
- Added Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers
- New: Smart Contracts (special thanks to @0xatul)
- New White-/yellowpapers in Smart Contracts: Bitcoin whitepaper & Ethereum yellowpaper
- New How to Audit a Smart Contract
- New Smart Contracts Category under Blogposts and added two Writeups
- New in Blogposts:
- 10 Recon Tools for Bug Bounty
- New in Setup:
- Finding your First Bug and getting a Bounty with InsiderPhD
- Introduction to Docker for CTFs
- New in Vulnerabilities:
- Finding your first Bug - CSRF
- CSRF-Basics
- New in Tools:
- Knockpy
- New in Labs:
- 0l4bs for XSS
- New in Mobile:
- Q&A with Android Hacker bagipro
- Introduction to Android Hacking
- Mobile Hacking Cheat Sheet
- Android Pentesting Github Repo by Riddhi Shree
- Nothing
- New XSS Lab: XSS Labs from PwnFunction
- New Recon & OSINT Tool: Reconness
- New IDOR Blogspost: Automating BURP to find IDORs
- New Misc Blogpost: How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN
- New Blogspost Category: RCE
- New RCE Blogpost: My First RCE (Stressed Employee gets me 2x bounty)
- New Blogpost Cetegory: Recon
- New Recon Blogpost/Guide: Subdomain Recon Using Certificate Search Technique
- New Vulnerabilities Post: The 7 main XSS cases everyone should know
- Added Jason Haddix to Media (contributed by securibee)
- New changelog page
- New content in Blogposts
- Designated section to get started with Burp Suite
- Link from the Burp Tool section to the setup guide
- Recon Pi to Tools
- Updated the Twitter Descriptions in media.md
- Cleaned up Setup Page
- Cleaned up Blogposts Page
back to Intro Page