一、漏洞报告

1.k8s漏洞

https://hackerone.com/reports/774896

https://hackerone.com/reports/776017

https://hackerone.com/reports/863979

https://hackerone.com/reports/778803

2. Top25 XXE 报告

https://corneacristian.medium.com/top-25-xxe-bug-bounty-reports-ab4ca662afad

3. 一个IDOR漏洞详情

https://sushantdhopat1905.medium.com/all-about-my-finding-last-week-idor-insecure-direct-object-reference-2ff221c9a329

4.CSRF on launchpad.37signals.com OAuth2 authorization endpoint

https://hackerone.com/reports/850022

二、学习资料

1.在邮件钓鱼中的JS混淆

https://www.darkreading.com/threat-intelligence/javascript-obfuscation-moves-to-phishing-emails/d/d-id/1339332

2.分享：解密服务端

ppt： https://docs.google.com/presentation/d/1dYmdqZh-8JJ-FV20dtAz4VTLshDNBIhpGvfr4xv0OiA/edit#slide=id.g915c44e977_0_7

视频：https://www.youtube.com/watch?v=gluSEBZpplQ&ab_channel=ekopartysecurityconference

3. hackerone黑客MRTUXRACER访谈

https://www.hackerone.com/blog/hacker-spotlight-interview-mrtuxracer

4.识别和升级HTTP头攻击

https://medium.com/bugbountywriteup/identifying-escalating-http-host-header-injection-attacks-7586d0ff2c67

5.最好的开源情报工具

https://www.hackread.com/best-osint-tools-for-2020/

6.PPT分享：应用测试方法和范围侦查

https://speakerdeck.com/harshbothra/application-testing-methodology-and-scope-based-recon?slide=2

7.GraphQL Cheat Sheet

https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html

在 Medium.com 上查看

三、AD攻击

1.https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/

2.https://blog.stealthbits.com/local-admin-mapping-bloodhound

3.https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/

4.https://blog.stealthbits.com/passing-the-hash-with-mimikatz