Day024

今日重点:

1.Book of BugBounty Tips

https://gowsundar.gitbook.io/book-of-bugbounty-tips/

2.Passive Recon Cheat Sheet

https://cheatography.com/fred/cheat-sheets/passive-recon/

漏洞挖掘学习

1.从官方文档到0day挖掘思路

https://www.freebuf.com/articles/web/253938.html

2.一次有趣的挖掘验证码漏洞经历

https://www.freebuf.com/vuls/253833.html

3.Documenting the impossible: Unexploitable XSS labs

https://portswigger.net/research/documenting-the-impossible-unexploitable-xss-labs

4.JS监控
JSMon – JavaScript Change Monitor for BugBounty

https://www.kitploit.com/2020/11/jsmon-javascript-change-monitor-for.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

5.Open Directory Search Tool

https://strixx.now.sh/

6.How I became a Hacker | My Cybersecurity Journey + OSCP exam

7.Ask a hacker: rpadovani

https://about.gitlab.com/blog/2020/11/10/rpadovani-ask-a-hacker/

8.Decrypting OpenSSH sessions for fun and profit

https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/

漏洞挖掘报告

1.Possibility to freeze/crash the host system of all Slack Desktop users easily

https://hackerone.com/reports/392728

2.Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication

https://hackerone.com/reports/238260

3.Access to some Slack workspace metadata and settings available to unauthorized parties

https://hackerone.com/reports/130133

4.Firefox Vulnerability Research

https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/

https://blog.exodusintel.com/2020/11/10/firefox-vulnerability-research-part-2/

5.Unlimited Balance in an Online Transportation Application Account

https://medium.com/bugbountywriteup/unlimited-balance-in-an-online-transportation-application-account-1dd042f678a9

6.WRITE UP – [GOOGLE VRP PRIZE UPDATE] GOOGLE BUG BOUNTY: XSS TO CLOUD SHELL INSTANCE TAKEOVER (RCE AS ROOT) – $5,000 USD

https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/

每日漏洞挖掘统计

平台漏洞记录漏洞赏金
hackerone00
bugcrowd00

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 登出 /  更改 )

Google photo

您正在使用您的 Google 账号评论。 登出 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 登出 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 登出 /  更改 )

Connecting to %s