时间: 2022.1.1——2023.1.1
每天两小时,每日更新
此挑战的主页: 漏洞挖掘365天挑战
欢迎关注我的小报童:P小二的每日思考
有人加我,那就建个群吧。如果过期了,加我微信pxiaoer2025。
漏洞挖掘365天挑战微信交流群
目录:
1月
第一周
- Day001:谈谈目标选择
- Day002:OWASP Top 10 2021
- Day003:最重要的第一步侦察
- Day004:CVE是什么?
- Day005:DVWA练习
- Day006:学习安全与挖洞
- Day007: Github扫描
- Day008: 漏洞挖掘网站检查表
- Day009: 安全的本质
第二周
- Day010: 解决安全问题
- Day011: 漏洞挖掘的前期准备
- Day012: 身份认证
- Day013:Recon之回到从前
- Day014:Recon之子域名发现
- Day015:Recon之从IP地址集开始
- Day016:Recon之从JS文件入手
第三周
- Day017:Recon之AWS Hacking
- Day018:Recon之Github扫描
- Day019:Recon之内容发现
- Day020:Recon之基于范围的自动化(1)
- Day021:Recon之基于范围的自动化(2)
- Day022:Recon之基于范围的自动化(3)
- Day023:漏洞学习之开放式重定向
第四周
- Day024:漏洞挖掘的另一种思路
- Day025:如何4年内从漏赏金中挣到100万刀
- Day026:新手bug bounty hunters的误区
- Day027:Anessha的第一个Bounty
- Day028:怎么三年内在Bug Bounty上挣58.8万美元
- Day029:YouTube Recon
- Day030:10种不同的技术发现和绕过Web应用中的重定向漏洞
- Day031:漏洞报告学习之Open Redirect Scanner with Uber.com
2月
第一周
- Day032:漏洞报告学习之Full Response SSRF via Google Drive
- Day033:漏洞报告学习之 $100 For Twenty Minutes of Work
- Day034:漏洞报告学习之Host Header Injection On Password Reset Functionality
- Day035:漏洞报告学习之Multiple vulnerability leading to account takeover in TikTok SMB subdomain.
- Day036:漏洞报告学习之 My First Pre-Auth Account Takeover in 20 secs
- Day037:漏洞报告学习之A business logic error bug worth 600$
第二周
- Day038:漏洞报告学习之Credential stuffing in Bug bounty hunting
- Day039:漏洞挖掘,你需要先成为程序员吗?
- Day040:skavans的全职挖洞时间表
- Day041:skavans的第一个五位数漏洞奖励
- Day042:漏洞报告学习之Full account takeover through referral code
- Day043:漏洞报告学习之How I got $200 in 30 Seconds
- Day044:漏洞报告学习之 400$ Bounty again using Google Dorks
第三周
- Day045:漏洞报告学习之 Password Reset to Admin Access
- Day046:最好的5个bugbountytips
- Day047:漏洞报告学习之How I was able to bypass the admin panel without the credentials.
- Day048:漏洞报告学习之 CSRF in Instagram
- Day049:漏洞报告学习之 Authentication Bypass | Easy P1 in 10 minutes
- Day050:漏洞报告学习之$5000 Google IDOR Vulnerability Writeup
- Day051:漏洞报告学习之How I accessed the Sensitive document which I had already deleted
第四周
- Day052:blackhat议题之AIModel-Mutator: Finding Vulnerabilities in TensorFlow
- [todo]Day053:blackhat议题之Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
- [todo]Day054:blackhat议题之The Bad Guys Win – Analysis of 10,000 Magecart Vulnerabilities
- [todo]Day055:blackhat议题之They Hacked Thousands of Cloud Accounts Then Sent Us Weird GIFs
- Day056:blackhat议题之Zen and the Art of Adversarial Machine Learning
- [todo]Day057:漏洞挖掘实践之开放式重定向
- [todo]Day058:漏洞挖掘工具化之开放式重定向
- [todo]Day059:2月总结
3月
第一周
- [todo]Day060:漏洞学习之CSRF
- Day061:漏洞报告学习之Reflected xss and open redirect on larksuite.com using /?back_uri= parameter
- Day062:漏洞报告学习之[AWC-Pune] – User can download files deleted by Admin using shortcuts
- Day063:漏洞报告学习之How I found $1000 worth XSS in 15 minutes.
- Day064:漏洞报告学习之 How I earned $9000 with Privilege escalations
- Day065:漏洞报告学习之 4300$ Instagram IDOR Bug (2022)
第二周
- Day066:漏洞报告学习之 What I learnt from reading 220* IDOR bug reports.
- Day067:漏洞报告学习之XSS via Mod Log Removed Posts
- Day068:漏洞报告学习之Race condition in endpoint POST
- Day069:漏洞报告学习之High memory usage for generating preview of broken image
- Day070:漏洞报告学习之The story of an old report
- Day071:漏洞报告学习之Some critical vulnerabilities found with passive analysis on bug bounty programs explained
- Day072:漏洞报告分析之Found Sensitive Data On JS Files
第三周
- Day073: Chromium GSoC 2022 Project Proposal Mojo IPC Fuzzing
- Day074:漏洞报告学习之A tale of 0-Click Account Takeover and 2FA Bypass.
- Day075:漏洞报告学习之How I could’ve bypassed the 2FA security of Instagram once again?
- Day076:漏洞报告学习之 How I accidentally hacked many companies using N/A vulnerability in Atlassian Cloud
- Day077:漏洞报告学习之How I Escalated a Time-Based SQL Injection
- Day078:漏洞报告学习之My write-up in hacking IBM’s administration panel and getting SQLi on it
- Day079:漏洞报告学习之Finding XSS on .apple.com and building a proof of concept to leak your PII information
第四周
- Day080:漏洞报告分析之Hunting for Bugs in Shopping/Billing Feature.
- Day081:漏洞报告分析之What is GIT Source Code Exposure Vulnerability and Why Should You Care?
- Day082:漏洞报告学习之How I found my first Subdomain Takeover vulnerability
- Day083:漏洞报告学习之Simple HTML Injection to $250
- Day084:漏洞报告学习之HOW I EARNED $400 IN 8min ON PRIVATE H1 PROGRAM
- Day085:漏洞报告学习之HOW I DISCOVERED A P1 VULNERABILITY IN ACCENTURE JUST A SIMPLE RECON YOUR DREAMS COME TRUE
- Day086:漏洞报告学习之My first bounty via shodan search engine.
第五周
- Day087:漏洞报告学习之Microsoft Vancouver leaking website credentials via overlooked DS_STORE file
- Day088: 3.29
- Day089: 3.30
- Day090: 3.31
4月
第一周
- Day091: 4.1
- Day092:4.2
- Day093:4.3
第二周
- Day094:4.4
- Day095:4.5
- Day096:4.6
- Day097:4.7
- Day098:4.8
- Day099:4.9
- Day100:4.10
第三周
- Day101:4.11
- Day102:4.12
- Day103:4.13
- Day104:4.14
- Day105:4.15
- Day106:4.16
- Day107:4.17
第四周
- Day108:4.18
- Day109:4.19
- Day110:4.20
- Day111:4.21
- Day112:4.22
- Day113:4.23
- Day114:4.24
第五周
- Day115:4.25
- Day116:4.26
- Day117:4.27
- Day118:4.28
- Day119:4.29
- Day120:4.30
5月-开始漏洞挖掘
第一周
- Day121: 每日漏洞挖掘——5.1
- Day122: 每日漏洞挖掘——5.2
- Day123: 每日漏洞挖掘——5.3
- Day124: 每日漏洞挖掘——5.4
- Day125: 每日漏洞挖掘——5.5
- Day126: 每日漏洞挖掘——5.6
- Day127: 每日漏洞挖掘——5.7
- Day128: 每日漏洞挖掘——5.8
- Day129: 每日漏洞挖掘——5.9
- Day130: 每日漏洞挖掘——5.10
- Day131: 每日漏洞挖掘——5.11
- Day132: 每日漏洞挖掘——5.12
- Day133: 每日漏洞挖掘——5.13
- Day134: 每日漏洞挖掘——5.14
- Day135: 每日漏洞挖掘——5.15
- Day136: 每日漏洞挖掘——5.16
成果:
| 月份 | 第一周 | 第二周 | 第三周 | 第四周 |
| 1月 | NULL | NULL | NULL | NULL |
| 2月 | NULL | NULL | NULL | NULL |
| 3月 | NULL | NULL | NULL | NULL |
| 4月 | NULL | NULL | NULL | NULL |
| 5月 | ||||
| 6月 | ||||
| 7月 | ||||
| 8月 | ||||
| 9月 | ||||
| 10月 | ||||
| 11月 | ||||
| 12月 | ||||
| 总计 |
Pxiaoer's Blog 