今日重点:
https://gowsundar.gitbook.io/book-of-bugbounty-tips/
2.Passive Recon Cheat Sheet
https://cheatography.com/fred/cheat-sheets/passive-recon/
漏洞挖掘学习
1.从官方文档到0day挖掘思路
https://www.freebuf.com/articles/web/253938.html
2.一次有趣的挖掘验证码漏洞经历
https://www.freebuf.com/vuls/253833.html
3.Documenting the impossible: Unexploitable XSS labs
https://portswigger.net/research/documenting-the-impossible-unexploitable-xss-labs
4.JS监控
JSMon – JavaScript Change Monitor for BugBounty
5.Open Directory Search Tool
6.How I became a Hacker | My Cybersecurity Journey + OSCP exam
7.Ask a hacker: rpadovani
https://about.gitlab.com/blog/2020/11/10/rpadovani-ask-a-hacker/
8.Decrypting OpenSSH sessions for fun and profit
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
漏洞挖掘报告
1.Possibility to freeze/crash the host system of all Slack Desktop users easily
https://hackerone.com/reports/392728
2.Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication
https://hackerone.com/reports/238260
3.Access to some Slack workspace metadata and settings available to unauthorized parties
https://hackerone.com/reports/130133
4.Firefox Vulnerability Research
https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/
https://blog.exodusintel.com/2020/11/10/firefox-vulnerability-research-part-2/
5.Unlimited Balance in an Online Transportation Application Account
6.WRITE UP – [GOOGLE VRP PRIZE UPDATE] GOOGLE BUG BOUNTY: XSS TO CLOUD SHELL INSTANCE TAKEOVER (RCE AS ROOT) – $5,000 USD
每日漏洞挖掘统计
| 平台 | 漏洞记录 | 漏洞赏金 |
| hackerone | 0 | 0 |
| bugcrowd | 0 | 0 |
Pxiaoer's Blog 