1.AZure RECON
https://securitycafe.ro/2022/04/29/pentesting-azure-recon-techniques/
2.hakluke的hakoriginfinder 项目
https://github.com/hakluke/hakoriginfinder
主要是用来绕过WAF的和代理的。方法就是用相似度。
3.dirhunt 不使用bf的目录发现工具
https://github.com/Nekmo/dirhunt
爬虫做得好啊
4.DNS Hi-Jacking Post Mortem & Compensation
https://medium.com/@MMFinance/dns-hi-jacking-post-mortem-compensation-3e2b5bb21183
漏洞分析:
- https://hackerone.com/reports/1416612 点击劫持删除开发者应用,这钱少了
- https://hackerone.com/reports/1437294 错误配置URL schema,可以刷关注,这个厉害,这钱也少了
- https://hackerone.com/reports/1500614 WebView劫持,一万刀
挖掘进度:
继续databricks
[…] Day124: 每日漏洞挖掘——5.4 […]
赞赞