Day038

今日重点:

1.31-days-of-API-Security-Tips

https://github.com/inonshk/31-days-of-API-Security-Tips

漏洞挖掘资源:

1.蓝队资源

https://github.com/fabacab/awesome-cybersecurity-blueteam

2. 一个黑客的挖掘资源

https://github.com/domssilva/vulnsearch

3.Bounty Hunters | Leandro Pintos: Bug Bounty Automation from noob to beginner [Kick Start]

4.How do people find bugs?

https://cryptologie.net/article/511/how-do-people-find-bugs/

5.Nuclei – Fuzz all the things

https://blog.projectdiscovery.io/post/nuclei-fuzz-all-the-things/

6.Bug Bounties With Bash

7.Reconnaissance using SSL certificate Alt Names and Organization

https://github.com/melbadry9/SSLEnum

8.Tutorial: Getting Started With Cloud Native Security

漏洞报告学习

1.WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS IN “SPRINGBOARD.GOOGLE.COM” – $13,337 USD

https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/

2.#BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection

https://medium.com/bugbountywriteup/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941

3.Story of bypassing Referer Header to make open redirect

https://medium.com/@malcolmx0x/story-of-bypassing-referer-header-to-make-open-redirect-94f938b9d032

4.Open Redirect Protection Bypass

https://hackerone.com/reports/283460

5.Cross-site Scripting via WHOIS and DNS Records

https://medium.com/tenable-techblog/cross-site-scripting-via-whois-and-dns-records-a25c33667fff

6.Access User Tickets via IDOR in [widget.support.my.games]

https://hackerone.com/reports/1005315

AI安全

1.LidarPhone Attack Transforms Smart Vacuum Cleaners Into Spying Tools

https://latesthackingnews.com/2020/11/23/lidarphone-attack-transforms-smart-vacuum-cleaners-into-spying-tools/

2.Hackers said they could steal a Tesla Model X in minutes. Tesla pushed out a fix.

https://www.washingtonpost.com/technology/2020/11/23/tesla-modelx-hack/

3.Alexa, Disarm the Victim’s Home Security System

https://www.darkreading.com/risk/alexa-disarm-the-victims-home-security-system-/d/d-id/1339532

4.Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues

https://threatpost.com/smart-doorbells-on-amazon-ebay-harbor-serious-security-issues/161510/

5.Tesla Hacked and Stolen Again Using Key Fob

https://threatpost.com/tesla-hacked-stolen-key-fob/161530/

Day037

今日重点:

1.又一家做侦查的产品,试用一下

https://detectify.com/

2.Blackrota, a heavily obfuscated backdoor written in Go 360出品

https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go-en/

漏洞挖掘资料

1.How Can Someone Can Hack Your Phone Without Touching It? 
https://latesthackingnews.com/2020/11/23/how-can-someone-can-hack-your-phone-without-touching-it/

2.Xerror – Fully Automated Pentesting Tool

https://www.kitploit.com/2020/11/xerror-fully-automated-pentesting-tool.html?utm_source=dlvr.it&utm_medium=twitter

3.param-miner: burp插件

https://github.com/PortSwigger/param-miner

4.Finding DOMXSS with DevTools | Untrusted Types

5.Rampant CNAME misconfiguration leaves thousands of organizations open to subdomain takeover attacks – research

https://portswigger.net/daily-swig/rampant-cname-misconfiguration-leaves-thousands-of-organizations-open-to-subdomain-takeover-attacks-nbsp-research

Day036

今日重点:

1.Cross-site scripting (XSS) cheat sheet

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#top

漏洞挖掘资源

1.ImageMagick – Shell injection via PDF password

https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html

2.bypass 403 工具

https://github.com/lobuhi/byp4xx/

3.Tired of Duplicates in Bug Bounty 怎么处理漏洞重复

https://safaras.medium.com/tired-of-duplicates-in-bug-bounty-b34d786fe6a4

4.使用AutomationML实现安全风险

https://www.kitploit.com/2020/11/amlsec-automated-security-risk.html

5.Active-Directory-Exploitation-Cheat-Sheet

https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet

6.Hunting Usernames and Accounts (OSINT)

7.Exposed — Doxers Leaking Their Own Personal Information

漏洞报告学习

1.Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile

https://hackerone.com/reports/865652

2.一个密码泄露

3.Stealing your Github code with malicious YAML file – Bug Bounty Reports Explained

4.Stored XSS on https://app.crowdsignal.com/surveys/%5BSurvey-Id%5D/question – Bypass

https://hackerone.com/reports/974271

5.IDOR leads to Edit Anyone’s Blogs / Websites

https://hackerone.com/reports/974222

6.Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media

https://hackerone.com/reports/920005

7.一个有趣的漏洞

https://medium.com/@vedanttekale20/story-of-an-interesting-bug-de07fbef4017

Day035

今日重点:

1.How I Found The Facebook Messenger Leaking Access Token Of Million Users

https://medium.com/bugbountywriteup/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3

漏洞挖掘资源

1.The Pen Testing Tools We’re Thankful for in 2020

https://labs.bishopfox.com/industry-blog/pen-testing-tools-were-thankful-for-in-2020?utm_campaign=2020_Posts_Blog_Main_Corporate&utm_content=146788625&utm_medium=social&utm_source=twitter&hss_channel=tw-1376153113

2.Hacking SSO: SAML Signature Misconfigurations

3.What it takes to find bugs in bounties!

https://medium.com/bugbountywriteup/what-it-takes-to-find-bugs-in-bounties-273ad278f77e

4.A Drop of Jupyter: A Modular Approach to Penetration Testing

5.Using Burp to Test for Open Redirections

https://portswigger.net/support/using-burp-to-test-for-open-redirections

漏洞报告学习

1.

https://twitter.com/GodfatherOrwa/status/1330440633249619977

2.Open Redirect Protection Bypass

https://hackerone.com/reports/283460

3.#BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection

https://medium.com/bugbountywriteup/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941

4.Story of bypassing Referer Header to make open redirect

https://medium.com/@malcolmx0x/story-of-bypassing-referer-header-to-make-open-redirect-94f938b9d032

5.Bug Bytes #19 – The Real Impact of Open Redirect, Advanced CORS Exploitation Techniques & Common API Pitfalls

https://blog.intigriti.com/2019/05/21/bug-bytes-19-the-real-impact-of-open-redirect-advanced-cors-exploitation-techniques-common-api-pitfalls/

6.From Sub domain Takeover to Open-Redirect

https://medium.com/@aniltom/https-medium-com-aniltom-from-sub-domain-takeover-to-open-redirect-b5be4906e1a4

7.Account takeover through password reset

https://medium.com/@seaman00o/account-takeover-through-password-reset-82adc0c19248

8.iOS Facebook Messenger Leaking Users Access Token POC 2020

Day034

今日重点:

1.HITBCyberWeek 2020 会议的议题 PPT

https://cyberweek.ae/materials/2020/

漏洞挖掘资源

1.Fuzzilli – A JavaScript Engine Fuzzer

https://www.kitploit.com/2020/11/fuzzilli-javascript-engine-fuzzer.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

2.null Ahmedabad Meet 22 November, 2020 Monthly Meet

3.Exploiting OAuth 2.0 — Authorization Code Grants

https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893

4.RPCScan

https://github.com/HACKE-RC/RPCSCAN

5.Tale of 3 vulnerabilities to account takeover!

https://medium.com/@logicbomb_1/tale-of-3-vulnerabilities-to-account-takeover-44ba631a0304

6.BurpSuite_403Bypasser

https://github.com/sting8k/BurpSuite_403Bypasser

7.探索先进自动化漏洞挖掘技术中的不足

https://paper.seebug.org/1404/

8.基于 GraphQL 的安全测试工具 InQL Scanner 发布新版本

https://blog.doyensec.com//2020/11/19/inql-scanner-v3.html

Day033

HackerOne报告学习:

1.Top Subdomain Takeover reports from HackerOne

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md

2.Top Clickjacking reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPCLICKJACKING.md

3.Top CSRF reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPCSRF.md

4.Top DoS reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPDOS.md

5.Top IDOR reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPIDOR.md

6.Top OAuth reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPOAUTH.md

7.Top Open Redirect reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPOPENREDIRECT.md

8.Top Race Condition reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPRACECONDITION.md

9.Top RCE reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPRCE.md

10.Top SQLI reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSQLI.md

11.Top SSRF reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSSRF.md

12.Top Subdomain Takeover reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md

13.Top XSS reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPXSS.md

14.Top XXE reports from HackerOne:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPXXE.md

Day032

今日重点:

1.刷SRC的一些技巧总结

https://github.com/taielab/Taie-Bugbounty-killer/blob/master/%E6%B3%B0%E9%98%BF%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E8%87%AA%E5%8A%A8%E5%8C%96%E8%B5%8F%E9%87%91%E6%8A%80%E5%B7%A7%E6%89%8B%E5%86%8C(%E6%B3%B0%E9%98%BF%E5%AE%89%E5%85%A8%E5%AE%9E%E9%AA%8C%E5%AE%A4%E5%87%BA%E5%93%81).pdf

2.在Pypi上查找恶意包 Hunting for Malicious Packages on PyPI

https://jordan-wright.com/blog/post/2020-11-12-hunting-for-malicious-packages-on-pypi/

漏洞挖掘资源

1.基于浏览器的内网扫描

http://samy.pl/webscan/

https://github.com/samyk/webscan

2.google出的本地Python fuzzer

https://github.com/google/atheris

3.Abhiram V: my successful journey with huntr

https://www.huntr.dev/blog/abhiram-v-my-successful-journey-with-huntr

4.Bypassing the Redirect filters with 7 ways

https://elmahdi.tistory.com/m/4

漏洞报告学习

1.Exploiting Drupal8’s REST RCE (SA-CORE-2019-003, CVE-2019-6340)

https://www.ambionics.io/blog/drupal8-rce

每日漏洞挖掘统计

平台漏洞记录漏洞赏金
hackerone00
bugcrowd00

Day031

今日重点:

1.Project Resonance Wave 1: Internet-Wide Analysis of Subdomain Takeover

https://redhuntlabs.com/blog/project-resonance-wave-1.html

https://github.com/redhuntlabs/Project-Resonance/tree/master/Wave%201%20-%20Subdomain%20Takeovers

漏洞挖掘资源

1.Working with Hackers – Ioana Piroska – Visma SecCon 2020

https://redhuntlabs.com/blog/project-resonance-wave-1.html

漏洞报告学习

1.IDOR when moving contents at CrowdSignal

https://hackerone.com/reports/915127

2.No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal

https://hackerone.com/reports/915110

3.IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal

https://hackerone.com/reports/915114

4.No Rate Limit when accessing “Password protection” enabled surveys leads to bypassing passwords via “pd-pass_surveyid” cookie

https://hackerone.com/reports/905816

5.Site-wide CSRF at Atavist

https://hackerone.com/reports/951292

6.IDOR leads to Edit Anyone’s Blogs / Websites

https://hackerone.com/reports/974222

7.Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media

https://hackerone.com/reports/920005

8.Stored XSS on https://app.crowdsignal.com/surveys/%5BSurvey-Id%5D/question – Bypass

https://hackerone.com/reports/974271

挖掘工具

DNS tools:

  • -viewdns.info
  • -dnslytics.com
  • -dnsspy.io
  • -leafdns.com
  • -dnsdumpster.com
  • -intodns.com
  • -www.zonecut.net/dns
  • -xip.io
  • -nip.io
  • -ptrarchive.com
  • -www.whatsmydns.net
  • -ceipam.eu/en/dnslookup.php
  • -spyse.com/tools/dns-lookup
  • -www.buddyns.com/delegation-lab

Search engines for Hackers:

  • -censys.io
  • -shodan.io
  • -viz.greynoise.io
  • -zoomeye.org
  • -onyphe.io
  • -wigle.net
  • -intelx.io
  • fofa.so
  • -hunter.io
  • -zorexeye.com
  • -pulsedive.com
  • -netograph.io
  • -vigilante.pw
  • -pipl.com
  • -abuse.ch
  • -maltiverse.com/search
  • -insecam.org

每日漏洞挖掘统计

平台漏洞记录漏洞赏金
hackerone00
bugcrowd00

Day030

今日重点:

1.微软开源了一个REST API fuzzer,名字叫RESTler(试用)

https://www.microsoft.com/en-us/research/blog/restler-finds-security-and-reliability-bugs-through-automated-fuzzing/?OCID=msr_blog_restler_tw

https://github.com/microsoft/restler-fuzzer

漏洞挖掘资源

1.无文件恶意软件攻击

https://guardiandigital.com/blog/fileless-malware-anatomy-of-an-attack

2.域名枚举工具

https://github.com/TypeError/domained

3.burp 结果复制输出

https://github.com/projectdiscovery/notify

4.Bug Bounty Tips

https://www.infosecmatter.com/bug-bounty-tips-9-nov-16/

5.2FA Bypass On Instagram Through A Vulnerable Endpoint

https://medium.com/@aryalsamipofficial59/2fa-bypass-on-instagram-through-a-vulnerable-endpoint-b092498af178

6.Finding 365 bugs in Microsoft Office 365

https://www.helpnetsecurity.com/2020/11/11/finding-365-bugs-in-microsoft-office-365/

7.Attacking JSON Web Tokens (JWTs)

https://medium.com/bugbountywriteup/attacking-json-web-tokens-jwts-d1d51a1e17cb

8.漏洞挖掘入门分类tips

https://github.com/KathanP19/HowToHunt

漏洞报告学习

1.chrome 漏洞学习

https://github.com/Escapingbug/awesome-browser-exploit

2.漏洞挖掘思维导图

3.Security@ email forwarding and Embedded Submission drafts can be used to obtain copy of deleted attachments from other HackerOne users

https://hackerone.com/reports/1034346

4.Stealing User’s PII info by visiting API endpoint directly

https://medium.com/@kunal94/stealing-users-pii-info-by-visiting-api-endpoint-directly-5062e0147f67

每日漏洞挖掘统计

平台漏洞记录漏洞赏金
hackerone00
bugcrowd00

Day029

今日重点:

1.SRC混子的漏洞挖掘之道

https://xz.aliyun.com/t/8501

2.hackerone新厂商

https://hackerone.com/jimdo?type=team

漏洞挖掘学习

1.恶意软件分析

https://github.com/sully90h/practical-malware-analysis

2.自动XSS

https://medium.com/@keshavaarav22/automating-xss-using-dalfox-gf-and-waybackurls-bc6de16a5c75

2.自动的侦查工具 Findomain+: Advanced, automated and modern recon

https://findomain.app/findomain-advanced-automated-and-modern-recon/

3.Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters

https://www.kitploit.com/2020/11/garud-automation-tool-that-scans-sub.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

4.Finding And Exploiting S3 Amazon Buckets For Bug Bounties

https://medium.com/bugbountywriteup/finding-and-exploiting-s3-amazon-buckets-4ce2d501b0d4

5.Stealing your data using XSS

https://medium.com/bugbountywriteup/stealing-your-data-using-xss-bf7e4a31e6ee

6.CLICKJACKING TO OBTAIN LOGIN CREDENTIALS

https://medium.com/bugbountywriteup/clickjacking-to-obtain-login-credentials-abee3ae9825e

7.chrome 插件 – 扫描不信任的类型

https://github.com/filedescriptor/untrusted-types

漏洞报告学习

1.服务器模板注入RCE via Server-Side Template Injection

https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae

2.Stealing User’s PII info by visiting API endpoint directly

https://medium.com/@kunal94/stealing-users-pii-info-by-visiting-api-endpoint-directly-5062e0147f67