Day038

今日重点:

1.31-days-of-API-Security-Tips

https://github.com/inonshk/31-days-of-API-Security-Tips

漏洞挖掘资源:

1.蓝队资源

https://github.com/fabacab/awesome-cybersecurity-blueteam

2. 一个黑客的挖掘资源

https://github.com/domssilva/vulnsearch

3.Bounty Hunters | Leandro Pintos: Bug Bounty Automation from noob to beginner [Kick Start]

4.How do people find bugs?

https://cryptologie.net/article/511/how-do-people-find-bugs/

5.Nuclei – Fuzz all the things

https://blog.projectdiscovery.io/post/nuclei-fuzz-all-the-things/

6.Bug Bounties With Bash

7.Reconnaissance using SSL certificate Alt Names and Organization

https://github.com/melbadry9/SSLEnum

8.Tutorial: Getting Started With Cloud Native Security

漏洞报告学习

1.WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS IN “SPRINGBOARD.GOOGLE.COM” – $13,337 USD

https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/

2.#BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection

https://medium.com/bugbountywriteup/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941

3.Story of bypassing Referer Header to make open redirect

https://medium.com/@malcolmx0x/story-of-bypassing-referer-header-to-make-open-redirect-94f938b9d032

4.Open Redirect Protection Bypass

https://hackerone.com/reports/283460

5.Cross-site Scripting via WHOIS and DNS Records

https://medium.com/tenable-techblog/cross-site-scripting-via-whois-and-dns-records-a25c33667fff

6.Access User Tickets via IDOR in [widget.support.my.games]

https://hackerone.com/reports/1005315

AI安全

1.LidarPhone Attack Transforms Smart Vacuum Cleaners Into Spying Tools

https://latesthackingnews.com/2020/11/23/lidarphone-attack-transforms-smart-vacuum-cleaners-into-spying-tools/

2.Hackers said they could steal a Tesla Model X in minutes. Tesla pushed out a fix.

https://www.washingtonpost.com/technology/2020/11/23/tesla-modelx-hack/

3.Alexa, Disarm the Victim’s Home Security System

https://www.darkreading.com/risk/alexa-disarm-the-victims-home-security-system-/d/d-id/1339532

4.Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues

https://threatpost.com/smart-doorbells-on-amazon-ebay-harbor-serious-security-issues/161510/

5.Tesla Hacked and Stolen Again Using Key Fob

https://threatpost.com/tesla-hacked-stolen-key-fob/161530/

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 登出 /  更改 )

Google photo

您正在使用您的 Google 账号评论。 登出 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 登出 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 登出 /  更改 )

Connecting to %s