🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 5 lines
    6 6   
    7 7  We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!<br>
    8 8   
    9  -## Current Version: 2020.02
     9 +## Current Version: 2020.03
    10 10   
    11 11  [Changelog: See what's new!](/assets/changelog.md) 📣
    12 12   
    13 13  ---
    14 14  ## Table of Contents
    15 15   
    16  -1. [Basics](/assets/basics.md)
    17  -2. [Setup](/assets/setup.md)
    18  -3. [Tools](/assets/tools.md)
    19  -4. [Labs & Testing Environments](/assets/labs.md)
    20  -5. [Vulnerability Types](/assets/vulns.md)
    21  -6. [Mobile Hacking](/assets/mobile.md)
    22  -6. [Blog posts & Talks](/assets/blogposts.md)
    23  -7. [Media Resources](/assets/media.md)
     16 +- [Basics](/assets/basics.md)
     17 +- [Setup](/assets/setup.md)
     18 +- [Tools](/assets/tools.md)
     19 +- [Labs & Testing Environments](/assets/labs.md)
     20 +- [Vulnerability Types](/assets/vulns.md)
     21 +- [Mobile Hacking](/assets/mobile.md)
     22 +- [Smart Contracts](/assets/smartcon.md)
     23 +- [Blog posts & Talks](/assets/blogposts.md)
     24 +- [Media Resources](/assets/media.md)
    24 25   
  • ■ ■ ■ ■ ■
    assets/blogposts.md
    skipped 20 lines
    21 21  - [GraphQL](#GraphQL)
    22 22  - [RCE](#RCE)
    23 23  - [Recon](#Recon)
     24 +- [Smart Contracts](#Smart-Contracts)
    24 25  - [Misc](#Misc)
    25 26  ---
    26 27  ## XSS
    skipped 43 lines
    70 71  ## Mobile
    71 72  ### iOS
    72 73  - [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - spaceraccoon
    73  -## Android
     74 +### Android
    74 75  - [A deep dive into reversing Android pre-Installed apps](https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf) and the [BlackHat Talk](https://www.youtube.com/watch?v=U6qTcpCfuFc) - Maddie Stone
    75 76   
    76 77  ## HTTP Desync
    skipped 30 lines
    107 108  ## Recon
    108 109  - [Subdomain Recon Using Certificate Search Technique](https://www.r00tpgp.com/2020/01/subdomain-recon-using-certificate.html?m=0)
    109 110  - [Notes about Nahamsecs Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) - [maverickNerd](https://github.com/maverickNerd)
     111 +- [10 Recon Tools For Bug Bounty](https://medium.com/@hackbotone/10-recon-tools-for-bug-bounty-bafa8a5961bd) - Anshuman Pattnaik
     112 + 
     113 +## Smart Contracts
     114 +- [Steal collateral during `end` process, by earning DSR interest after `flow](https://hackerone.com/reports/672664)(Listed as Business Logic Error)
     115 +- [Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`](https://hackerone.com/reports/684152)(Listed as Improper Input Validation)
    110 116   
    111 117  ## Misc
    112 118  - [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/)
    skipped 8 lines
  • ■ ■ ■ ■ ■ ■
    assets/changelog.md
    skipped 5 lines
    6 6   
    7 7  ---
    8 8   
     9 +## Update 2020.03
     10 +### Added
     11 +- New: [Smart Contracts](/assets/smartcon.md) (special thanks to [@0xatul](https://twitter.com/0xatul))
     12 + - New White-/yellowpapers in [Smart Contracts](/assets/smartcon.md):
     13 + **Bitcoin whitepaper & Ethereum yellowpaper**
     14 + - New **How to Audit a Smart Contract**
     15 +- New Smart Contracts Category under [Blogposts](/assets/blogposts.md#Smart-Contracts) and added two Writeups
     16 +- New in [Blogposts](/assets/blogposts.md):
     17 + - **10 Recon Tools for Bug Bounty**
     18 +- New in [Setup](/assets/setup.md):
     19 + - **Finding your First Bug and getting a Bounty with InsiderPhD**
     20 + - **Introduction to Docker for CTFs**
     21 +- New in [Vulnerabilities](/assets/vulns.md):
     22 + - **Finding your first Bug - CSRF**
     23 + - **CSRF-Basics**
     24 +- New in [Tools](/assets/tools.md):
     25 + - **Knockpy**
     26 +- New in [Labs](/assets/labs.md):
     27 + - **0l4bs for XSS**
     28 +- New in [Mobile](/assets/mobile.md):
     29 + - **Q&A with Android Hacker bagipro**
     30 + - **Introduction to Android Hacking**
     31 + - **Mobile Hacking Cheat Sheet**
     32 + - **Android Pentesting Github Repo by [Riddhi Shree](https://github.com/riddhi-shree)**
     33 + 
     34 +### Changed
     35 +- Nothing
     36 +### Fixed
     37 +- Format Issue in [Changelog](/assets/changelog.md)
     38 + 
     39 + 
     40 +---
    9 41  ## Update 2020.02
    10 42  ### Added
    11 43  - New XSS Lab: **XSS Labs from PwnFunction**
    skipped 7 lines
    19 51  - New Vulnerabilities Post: **The 7 main XSS cases everyone should know**
    20 52  - Added Jason Haddix to [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee))
    21 53   
    22  -## Changed
     54 +### Changed
    23 55  - Moved **Notes about Nahamsecs Recon Sessions** from [Misc](/assets/blogposts.md#Misc) to [Recon](/assets/blogposts.md#Recon)
    24 56   
    25 57  ### Fixed
    skipped 18 lines
  • ■ ■ ■ ■ ■
    assets/labs.md
    skipped 11 lines
    12 12  - [Google Gruyere](https://google-gruyere.appspot.com/)
    13 13  - [Web Security Academy by PortSwigger](https://portswigger.net/web-security)
    14 14  - [XSS Labs from PwnFunction](https://xss.pwnfunction.com/) Great Labs in a beautiful layout
     15 +- [0l4bs - Cross-site scripting labs for web application security enthusiasts](https://github.com/tegal1337/0l4bs) - by tegal1337
    15 16   
    16 17  ---
    17 18  back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/mobile.md
    skipped 6 lines
    7 7  - [The Mobile Application Hacker’s Handbook](http://amzn.to/2cVOIrE)
    8 8  - [iOS Application Security](http://amzn.to/2d9yo7m)
    9 9  - [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - by spaceraccoon
     10 +- [The Mobile Hacking CheatSheet](https://github.com/randorisec/MobileHackingCheatSheet) - Randorisec
     11 +- [Introduction to Android Hacking ](https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking) - [@0xteknogeek](https://twitter.com/0xteknogeek)
     12 +- [Android Pentesting](https://github.com/riddhi-shree/nullCommunity/tree/master/Android) (Github repo containing hands-on training content for conducting Android app pentesting using some of the common Android pentesting tools)
    10 13   
    11 14  ## Tools
    12 15  Tools specific for mobile hacking can be found [here](/assets/tools.md#mobile-hacking).
     16 + 
     17 +## Misc
     18 +- [Q&A With Android Hacker bagipro](https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro)
    13 19   
    14 20  ---
    15 21  back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/setup.md
    skipped 7 lines
    8 8  - [Docker For Pentesting And Bug Bounty Hunting](https://www.youtube.com/watch?v=5G6tA8Q9AuQ)
    9 9  - [Basics of UNIX](https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything)
    10 10  - [Previously Disclosed Vulnerabilities / HackerOne Hacktivity](https://hackerone.com/hacktivity)
     11 +- [Finding your First Bug and Getting a Bounty - Personal Story by @InsiderPhD](https://www.youtube.com/watch?v=iEDoIEBD7gM) - YouTube Discussion
     12 +- [Introduction to Docker for CTFs](https://www.youtube.com/watch?v=cPGZMt4cJ0I) (Works for Bug Bounty too) - by LiveOverflow
    11 13   
    12 14  ## Burp Suite
    13 15  This section should help you get familiar with BurpSuite.
    skipped 6 lines
  • ■ ■ ■ ■ ■ ■
    assets/smartcon.md
     1 +# Resources-for-Beginner-Bug-Bounty-Hunters
     2 + 
     3 +## Smart Contracts 📜
     4 + 
     5 +### Bitcoin whitepaper & Ethereum yellowpaper - cruicial to undestand how those work:
     6 +- [Bitcoin whitepaper](https://bitcoin.org/bitcoin.pdf)
     7 +- [Ethereum yellowpaper](https://ethereum.github.io/yellowpaper/paper.pdf)
     8 +- [How to Audit a Smart Contract](https://blockgeeks.com/guides/audit-smart-contract/) - Blockgeeks
     9 +---
     10 +back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/tools.md
    skipped 33 lines
    34 34  |[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning|Python|[j3ssie](https://github.com/j3ssie)|
    35 35  |[hakrawler](https://github.com/hakluke/hakrawler)|hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover Forms, Endpoints, Subdomains, Related documents and JS Files|Go|[@hakluke](https://twitter.com/hakluke)|
    36 36  |[Reconness](https://github.com/reconness)|A Web App Tool to Run and Keep all your #recon in the same place.|C#|[@reconness](https://twitter.com/reconness)|
     37 +|[Kockpy](https://github.com/guelfoweb/knock)|A python tool designed to enumerate subdomains on a target domain through a wordlist|Python|[@guelforweb](http://twitter.com/guelfoweb)|
     38 + 
    37 39   
    38 40  #### OSINT Webpages
    39 41  | Name | Description | Created by |
    skipped 46 lines
  • ■ ■ ■ ■ ■ ■
    assets/vulns.md
    skipped 19 lines
    20 20   
    21 21  ## Cross-Site Request Forgery (CSRF)
    22 22  - [Cross-Site Request Forgery Attack](https://www.youtube.com/watch?v=eWEgUcHPle0) - by PwnFunction
     23 +- [CSRF-Basics](https://princetechhavenz.wordpress.com/2019/12/11/csrf-basics/) - by Princethilak
     24 +- [Finding Your First Bug: Cross-Site Request Forgery](https://www.youtube.com/watch?v=ULvf6N8AL2A) - by Insider PhD
    23 25   
    24 26  ## XML External Entities (XXE)
    25 27  - [XML External Entities ft. JohnHammond](https://www.youtube.com/watch?v=gjm6VHZa_8s) - by PwnFunction
    skipped 14 lines
Please wait...
Page is in error, reload to recover