1 | | - | # Resources-for-Beginner-Bug-Bounty-Hunters |
2 | | - | |
3 | | - | ## Changelog 📬 |
4 | | - | |
5 | | - | This page is no longer maintained. If you are interested in the changelog please check out the commit. |
6 | | - | |
7 | | - | --- |
8 | | - | ## ___Update 2020.08___ |
9 | | - | ### Added |
10 | | - | - [Tools](/assets/tools.md): |
11 | | - | - **threader3000** in the Scanner section<br> |
12 | | - | - **subfinder** in the Recon, OSINT & Discovery Section<br> |
13 | | - | - **SUBway** in the Recon, OSINT & Discovery Section<br> |
14 | | - | - **PenTest.ws** in the Notetaking Section<br> |
15 | | - | - [Blogposts & Disclosed Reports](/assets/blogposts.md): |
16 | | - | - **Ability to know the presence of a person in a private event even if the guest list is hidden.** - by Vivek PS<br> |
17 | | - | - **Another image removal vulnerability on Facebook** - by Pouya<br> |
18 | | - | - [Cheat Sheets](/assets/cheat.md): |
19 | | - | - **CloudPentestCheatsheets** |
20 | | - | - **HackTricks** |
21 | | - | - **Everything curl** |
22 | | - | - **GTFObins** |
23 | | - | - **Finding ENdpoints in JS Files** |
24 | | - | - **The Bug Hunter's Methodology v.4.01** |
25 | | - | - [Certifications](/assets/certs.md): |
26 | | - | - **hax** |
27 | | - | - [Setup](/assets/setup.md): |
28 | | - | - **Technical Project Ideas Towards Learning Cyber Security** |
29 | | - | - **Getting Starting With Tmux Isn't That Scary** |
30 | | - | - [Media](/assets/media.md): |
31 | | - | - **The Linux Command Line** |
32 | | - | - **The Mayor** in the Streamer Section |
33 | | - | - Added **Nahamsec,Hacker101,TryHackMe,HTB,TCM,AshF0x,TheMayor,Sup3rhero1 6 Ceos3c** to Discord Servers |
34 | | - | - Added **@PhillipWylie** on the Twitter-list |
35 | | - | - [Health](/assets/health.md): |
36 | | - | - **BSidesSF 2020 - Panel: Mental Health for Hackers (Chloé M • Ryan L • Susan P)** |
37 | | - | ### Changes |
38 | | - | - Added a new section called [Cheat Sheets, Slides & More](/assets/cheat.md) |
39 | | - | - Added a new subcategory in [Setup](/assets/setup.md) for Tools |
40 | | - | - Added a sub category called [One Liners](/assets/cheat.md#One-Liners) |
41 | | - | - Added a sub category called [Slides](/assets/cheat.md#Slides) |
42 | | - | - Renamed "Media" to ["Media & Communities"](/assets/media.md) |
43 | | - | - Added a new section called [Discord Servers](/assets/media.md#Discord-Servers) in "Media & Communities" |
44 | | - | ### Fixes |
45 | | - | - fixed Notion Link |
46 | | - | - fixed typo in Labs |
47 | | - | |
48 | | - | --- |
49 | | - | ## ___Update 2020.06___ |
50 | | - | ### Added |
51 | | - | - [Blogposts & Disclosed Reports](/assets/blogposts.md): |
52 | | - | - **THEY SEE ME SCANNIN’, THEY HATIN’: A BEGINNER’S GUIDE TO NMAP** - by Sophia |
53 | | - | - **How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber** - by Andrewaeva |
54 | | - | - **Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss** - by Harsh Bothra |
55 | | - | - **How to Hack Database Links in SQL Server!** - by Antti Rantasaari |
56 | | - | - **The Secret sauce of bug bounty** - by Mohamed Slamat |
57 | | - | - **MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT** - by nahamsec |
58 | | - | - **MY BUG BOUNTY JOURNEY!** - by Farah Hawa |
59 | | - | - **Bypassing WAF to perform XSS** - by Kleitonx00 |
60 | | - | - [Labs](/assets/labs.md): |
61 | | - | - **Will it CORS?** |
62 | | - | - [Coding](/assets/coding.md): |
63 | | - | - **Linux Beginner Boost** |
64 | | - | - [Media](/assets/media.md): |
65 | | - | - **rwxrob** as a streamer |
66 | | - | - **ChaosComputerClub Germany Media Resources** under Misc |
67 | | - | - **@ZephrFish** in Twitter List |
68 | | - | - **@CalumBoal** in Twitter List |
69 | | - | - **@_superhero1** in Twitter List |
70 | | - | - **CRE** in Podcasts |
71 | | - | - **Phrack** in Misc |
72 | | - | - **CCC Luxembourg Podcast** in Podcasts |
73 | | - | - [Tools](/assets/tools.md): |
74 | | - | - **KeyHacks** in the Scanner section<br> |
75 | | - | - **Notion** in the Notes section<br> |
76 | | - | - **Joplin** in the Notes section<br> |
77 | | - | - **Xmind** in the Notes section<br> |
78 | | - | - **SpiderFoot** in the Recon section |
79 | | - | - **Axiom** in the Notes section |
80 | | - | - **webhook** in Misc |
81 | | - | - **requestcatcher** in Misc |
82 | | - | - **canarytokens** in Misc |
83 | | - | - **Nmap command helper** in Scanner |
84 | | - | - [Mindset & Mental Health](/assets/health.md): |
85 | | - | - **Happy Hacking** |
86 | | - | - [Basics](/assets/basics.md) |
87 | | - | - **Computing Fundamentals** |
88 | | - | - **Exeter Q-Step Resources** |
89 | | - | |
90 | | - | - **Setup bugbounty hunting env on termux** - by @hahwul |
91 | | - | ### Changes |
92 | | - | |
93 | | - | ### Fixes |
94 | | - | |
95 | | - | --- |
96 | | - | ## ___Update 2020.05___ |
97 | | - | ### Added |
98 | | - | - [Media](/assets/media.md): |
99 | | - | - New curated **Bug Bounty List** (Twitter) |
100 | | - | - **Curated List of YT Channels** by TCM |
101 | | - | - [Labs](/assets/labs.md): |
102 | | - | - **Kontra Application Security Training** |
103 | | - | - **Cyberseclabs** |
104 | | - | - [Coding](/assets/coding.md): |
105 | | - | - **Exercism** |
106 | | - | - **CodeCademy** |
107 | | - | - **Khan Academy** |
108 | | - | - **Learn Python the Hard Way** |
109 | | - | - **Udacity** |
110 | | - | - **Bug Bounty with Bash** |
111 | | - | - [Setup](/assets/setup.md): |
112 | | - | - New Video by nahamsec: **Creating Wordlists for Pentesting & Bug Bounty** |
113 | | - | - [Blogposts & Disclosed Reports](/assets/blogposts.md): |
114 | | - | - **Piercing the Veal** by d0nut |
115 | | - | - **Basic Bug Bounty FAQ** by dawgyg |
116 | | - | - **How to Set up Certificate-Based SSH for Bug Hunting** by Mack Staples |
117 | | - | - **Getting started in Cyber Security in 2019 – The Complete Guide** by ceos3c |
118 | | - | - **WTF is a Bug Bounty?** by ceos3c |
119 | | - | - **How to solve the INTIGRITI Easter XSS challenge using only Chrome Devtools** by STÖK |
120 | | - | - **URL link spoofing (Slack)** by Akaki Tsunoda (akaki) |
121 | | - | - **Subdomain Takeover to Authentication bypass** by geekboy |
122 | | - | - **Zseano’s notes on hacking & mentoring** by Intigriti & Zseano |
123 | | - | - **Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts** by Sam Curry |
124 | | - | - [Mobile](/assets/mobile): |
125 | | - | - **Android App Reverse Engineering 101** by Maddie Stone |
126 | | - | - [Tools](/assets/tools.md): |
127 | | - | - **Ghidra** -> Mobile |
128 | | - | - **jadx** -> Mobile |
129 | | - | - **nuclei** -> Recon & OSINT |
130 | | - | - New Category: [Certifications](/assets/certs.md) |
131 | | - | - Fot the moment one Cert: **OSCP** |
132 | | - | - New Category: [Mindset & Mental Health](/assets/health.md) |
133 | | - | ### Changes |
134 | | - | - Changed the formating of the Changelog starting this month to make it cleaner |
135 | | - | - Removed the links for every new addition to its article.<br> |
136 | | - | The headers for every category now links to their page instead. |
137 | | - | - Changed the formatting of the **HTTP** Section in the **Basics** Category |
138 | | - | - Changed **Blogposts** to -> **Blogposts & Disclosed Reports** |
139 | | - | - Changed some of the formatting in the XSS Blogposts, cleaner now |
140 | | - | ### Fixes |
141 | | - | - Fixed some layout errors |
142 | | - | - Added missing Header in **Basics** Category |
143 | | - | - Fixed Typos |
144 | | - | --- |
145 | | - | ## ___Update 2020.04___ |
146 | | - | ### Added |
147 | | - | - New in [Basics](/assets/basics.md) |
148 | | - | - Added **Stanford CS 253 Web Security** |
149 | | - | - New Category: [Hardware & IoT](/assets/hardware.md) |
150 | | - | - Added **Exploitee.rs Wiki** |
151 | | - | - New Category: [Coding & Scripting](/assets/coding.md) |
152 | | - | - Added **Bash Scripting Full Course 3 Hours** |
153 | | - | - Added **ShellCheck** |
154 | | - | - Added **Explainshell** |
155 | | - | - Added **Discovering the Terminal** |
156 | | - | - Added **Text Processing in the Shell** |
157 | | - | - New [Podcasts](/assets/media.md#Podcasts): |
158 | | - | - **Darknet Diaries Episode 60** with dawgyg |
159 | | - | - **The Bug Bounty Podscast Episode 3** with nahamsec |
160 | | - | - New in [Tools](/assets/tools.md): |
161 | | - | - **crithit** |
162 | | - | - **objection - A new Mobile tool** |
163 | | - | - **CyberChef** |
164 | | - | - **RMS - Runtime Mobile Security** |
165 | | - | - New Category: [Notes & Organization](/assets/tools.md#Notes-&-Organization) |
166 | | - | - **Reconness** to [Notes & Organization](/assets/tools.md#Notes-&-Organization) |
167 | | - | - **Updog** to [Notes & Organization](/assets/tools.md#Notes-&-Organization) |
168 | | - | - New Category: [Burp Extensions](/assets/tools.md#Burp-Extensions) |
169 | | - | - **Logger++** to [Burp Extensions](/assets/tools.md#Burp-Extensions) |
170 | | - | - **AuthMatrix** to [Burp Extensions](/assets/tools.md#Burp-Extensions) |
171 | | - | - **Autorize** to [Burp Extensions](/assets/tools.md#Burp-Extensions) |
172 | | - | - **Auto Repeater** to [Burp Extensions](/assets/tools.md#Burp-Extensions) |
173 | | - | - **Progress Tracker** to [Burp Extensions](/assets/tools.md#Burp-Extensions) |
174 | | - | - **Flow** to [Burp Extensions](/assets/tools.md#Burp-Extensions) |
175 | | - | - New in [Labs](/assets/labs.md): |
176 | | - | - **TryHackMe & Videos** |
177 | | - | - New in Media: |
178 | | - | - **@codingo_** now in Twitter-List |
179 | | - | - New [Streamers](/assets/media.md#Streamers): |
180 | | - | - [sup3rhero1](https://www.twitch.tv/sup3rhero1) |
181 | | - | - [STÖK](https://www.twitch.tv/stokfredrik) |
182 | | - | - New in [BlogPosts](/assets/blogposts.md): |
183 | | - | - New Category: [API](/assets/blogposts.md#API) |
184 | | - | - Added **31 Days of API Security Tips**- Misc |
185 | | - | - Added **Blind SQL Injection on windows10.hi-tech.mail.ru** - SQLInjection |
186 | | - | - Added **DOM XSS on app.starbucks.com via ReturnUrl** - DOMXSS |
187 | | - | - Added **Email address of any user can be queried on Report Invitation GraphQL type when username is known** - GraphQL |
188 | | - | - Added **External XML Entity via File Upload (SVG)** - File Upload |
189 | | - | - Added **Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies** - HTTP Desync |
190 | | - | - Added **gitGraber: A tool to monitor GitHub in real-time to find sensitive data** - by [@adrien_jeanneau](https://twitter.com/adrien_jeanneau) & [@R_Marot](https://twitter.com/R_marot) |
191 | | - | - Added **2 Cases of Path Traversal** by [@leonishan_](https://twitter.com/leonishan_) |
192 | | - | - Added **Google Bug Bounty Writeup- XSS Vulnerability** - by [@itsmepethu](https://twitter.com/itsmepethu) |
193 | | - | - Added **Top 10 web hacking techniques of 2019** by [James Kettle](https://twitter.com/albinowax) |
194 | | - | - Added **Recon: Create a methodology and start your subdomain enumeration** - by FailedNuke |
195 | | - | - Added **Understanding Search Syntax on Github** - by Github |
196 | | - | - New in [Mobile](/assets/mobile.md): |
197 | | - | - [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources) |
198 | | - | - New in [Vulnerabilities](/assets/vulns.md): |
199 | | - | - New Video: **Cross-Site Scripting (XSS) Explained** -by PwnFunction |
200 | | - | - New in [Setup](/assets/setup.md): |
201 | | - | - Added **Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers** |
202 | | - | ### Changed |
203 | | - | ### Fixed |
204 | | - | |
205 | | - | |
206 | | - | --- |
207 | | - | ## ___Update 2020.03___ |
208 | | - | ### Added |
209 | | - | - New: [Smart Contracts](/assets/smartcon.md) (special thanks to [@0xatul](https://twitter.com/0xatul)) |
210 | | - | - New White-/yellowpapers in [Smart Contracts](/assets/smartcon.md): |
211 | | - | **Bitcoin whitepaper & Ethereum yellowpaper** |
212 | | - | - New **How to Audit a Smart Contract** |
213 | | - | - New Smart Contracts Category under [Blogposts](/assets/blogposts.md#Smart-Contracts) and added two Writeups |
214 | | - | - New in [Blogposts](/assets/blogposts.md): |
215 | | - | - **10 Recon Tools for Bug Bounty** |
216 | | - | - New in [Setup](/assets/setup.md): |
217 | | - | - **Finding your First Bug and getting a Bounty with InsiderPhD** |
218 | | - | - **Introduction to Docker for CTFs** |
219 | | - | - New in [Vulnerabilities](/assets/vulns.md): |
220 | | - | - **Finding your first Bug - CSRF** |
221 | | - | - **CSRF-Basics** |
222 | | - | - New in [Tools](/assets/tools.md): |
223 | | - | - **Knockpy** |
224 | | - | - New in [Labs](/assets/labs.md): |
225 | | - | - **0l4bs for XSS** |
226 | | - | - New in [Mobile](/assets/mobile.md): |
227 | | - | - **Q&A with Android Hacker bagipro** |
228 | | - | - **Introduction to Android Hacking** |
229 | | - | - **Mobile Hacking Cheat Sheet** |
230 | | - | - **Android Pentesting Github Repo by [Riddhi Shree](https://github.com/riddhi-shree)** |
231 | | - | |
232 | | - | ### Changed |
233 | | - | - Nothing |
234 | | - | ### Fixed |
235 | | - | - Format Issue in [Changelog](/assets/changelog.md) |
236 | | - | - Changed Format in [README](/assets/README.md) |
237 | | - | |
238 | | - | --- |
239 | | - | ## ___Update 2020.02___ |
240 | | - | ### Added |
241 | | - | - New XSS Lab: **XSS Labs from PwnFunction** |
242 | | - | - New Recon & OSINT Tool: **Reconness** |
243 | | - | - New [IDOR Blogspost](/assets/blogposts.md#IDOR): **Automating BURP to find IDORs** |
244 | | - | - New [Misc Blogpost](/assets/blogposts.md#Misc): **How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN** |
245 | | - | - New Blogspost Category: [RCE](/assets/blogposts.md#RCE) |
246 | | - | - New RCE Blogpost: **My First RCE (Stressed Employee gets me 2x bounty)** |
247 | | - | - New Blogpost Cetegory: [Recon](/assets/blogposts.md#Recon) |
248 | | - | - New Recon Blogpost/Guide: **Subdomain Recon Using Certificate Search Technique** |
249 | | - | - New Vulnerabilities Post: **The 7 main XSS cases everyone should know** |
250 | | - | - Added Jason Haddix to [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee)) |
251 | | - | |
252 | | - | ### Changed |
253 | | - | - Moved **Notes about Nahamsecs Recon Sessions** from [Misc](/assets/blogposts.md#Misc) to [Recon](/assets/blogposts.md#Recon) |
254 | | - | |
255 | | - | ### Fixed |
256 | | - | - Typos in [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee)) |
257 | | - | --- |
258 | | - | |
259 | | - | ## ___Update 2020.01___ |
260 | | - | ### Added |
261 | | - | - New changelog page |
262 | | - | - New content in [Blogposts](/assets/blogposts.md) |
263 | | - | - Designated section to get started with [Burp Suite](/assets/setup.md#setup) |
264 | | - | - Link from the Burp Tool section to the setup guide |
265 | | - | - Recon Pi to [Tools](/assets/tools.md#others) |
266 | | - | |
267 | | - | ### Changed |
268 | | - | - Updated the Twitter Descriptions in [media.md](/assets/media.md) |
269 | | - | - Cleaned up [Setup Page](/assets/setup.md) |
270 | | - | - Cleaned up [Blogposts Page](/assets/blogposts.md) |
271 | | - | --- |
272 | | - | back to [Intro Page](/README.md) |
273 | | - | |