今日重点：

1.微软开源了一个REST API fuzzer，名字叫RESTler(试用)

https://www.microsoft.com/en-us/research/blog/restler-finds-security-and-reliability-bugs-through-automated-fuzzing/?OCID=msr_blog_restler_tw

https://github.com/microsoft/restler-fuzzer

漏洞挖掘资源

1.无文件恶意软件攻击

https://guardiandigital.com/blog/fileless-malware-anatomy-of-an-attack

2.域名枚举工具

https://github.com/TypeError/domained

3.burp 结果复制输出

https://github.com/projectdiscovery/notify

4.Bug Bounty Tips

https://www.infosecmatter.com/bug-bounty-tips-9-nov-16/

5.2FA Bypass On Instagram Through A Vulnerable Endpoint

https://medium.com/@aryalsamipofficial59/2fa-bypass-on-instagram-through-a-vulnerable-endpoint-b092498af178

6.Finding 365 bugs in Microsoft Office 365

https://www.helpnetsecurity.com/2020/11/11/finding-365-bugs-in-microsoft-office-365/

7.Attacking JSON Web Tokens (JWTs)

https://medium.com/bugbountywriteup/attacking-json-web-tokens-jwts-d1d51a1e17cb

8.漏洞挖掘入门分类tips

https://github.com/KathanP19/HowToHunt

漏洞报告学习

1.chrome 漏洞学习

https://github.com/Escapingbug/awesome-browser-exploit

2.漏洞挖掘思维导图

3.Security@ email forwarding and Embedded Submission drafts can be used to obtain copy of deleted attachments from other HackerOne users

https://hackerone.com/reports/1034346

4.Stealing User’s PII info by visiting API endpoint directly

https://medium.com/@kunal94/stealing-users-pii-info-by-visiting-api-endpoint-directly-5062e0147f67

每日漏洞挖掘统计

平台	漏洞记录	漏洞赏金
hackerone	0	0
bugcrowd	0	0