今日重点：

1.How I Found The Facebook Messenger Leaking Access Token Of Million Users

https://medium.com/bugbountywriteup/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3

漏洞挖掘资源

1.The Pen Testing Tools We’re Thankful for in 2020

https://labs.bishopfox.com/industry-blog/pen-testing-tools-were-thankful-for-in-2020?utm_campaign=2020_Posts_Blog_Main_Corporate&utm_content=146788625&utm_medium=social&utm_source=twitter&hss_channel=tw-1376153113

2.Hacking SSO: SAML Signature Misconfigurations

3.What it takes to find bugs in bounties!

https://medium.com/bugbountywriteup/what-it-takes-to-find-bugs-in-bounties-273ad278f77e

4.A Drop of Jupyter: A Modular Approach to Penetration Testing

5.Using Burp to Test for Open Redirections

https://portswigger.net/support/using-burp-to-test-for-open-redirections

漏洞报告学习

1.

https://twitter.com/GodfatherOrwa/status/1330440633249619977

2.Open Redirect Protection Bypass

https://hackerone.com/reports/283460

3.#BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection

https://medium.com/bugbountywriteup/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941

4.Story of bypassing Referer Header to make open redirect

https://medium.com/@malcolmx0x/story-of-bypassing-referer-header-to-make-open-redirect-94f938b9d032

5.Bug Bytes #19 – The Real Impact of Open Redirect, Advanced CORS Exploitation Techniques & Common API Pitfalls

https://blog.intigriti.com/2019/05/21/bug-bytes-19-the-real-impact-of-open-redirect-advanced-cors-exploitation-techniques-common-api-pitfalls/

6.From Sub domain Takeover to Open-Redirect

https://medium.com/@aniltom/https-medium-com-aniltom-from-sub-domain-takeover-to-open-redirect-b5be4906e1a4

7.Account takeover through password reset

https://medium.com/@seaman00o/account-takeover-through-password-reset-82adc0c19248

8.iOS Facebook Messenger Leaking Users Access Token POC 2020