🤬
273 lines | UTF-8 | 12 KB

Resources-for-Beginner-Bug-Bounty-Hunters

Changelog 📬

This page is no longer maintained. If you are interested in the changelog please check out the commit.


Update 2020.08

Added

  • Tools:
    • threader3000 in the Scanner section
    • subfinder in the Recon, OSINT & Discovery Section
    • SUBway in the Recon, OSINT & Discovery Section
    • PenTest.ws in the Notetaking Section
  • Blogposts & Disclosed Reports:
    • Ability to know the presence of a person in a private event even if the guest list is hidden. - by Vivek PS
    • Another image removal vulnerability on Facebook - by Pouya
  • Cheat Sheets:
    • CloudPentestCheatsheets
    • HackTricks
    • Everything curl
    • GTFObins
    • Finding ENdpoints in JS Files
    • The Bug Hunter's Methodology v.4.01
  • Certifications:
    • hax
  • Setup:
    • Technical Project Ideas Towards Learning Cyber Security
    • Getting Starting With Tmux Isn't That Scary
  • Media:
    • The Linux Command Line
    • The Mayor in the Streamer Section
    • Added Nahamsec,Hacker101,TryHackMe,HTB,TCM,AshF0x,TheMayor,Sup3rhero1 6 Ceos3c to Discord Servers
    • Added @PhillipWylie on the Twitter-list
  • Health:
    • BSidesSF 2020 - Panel: Mental Health for Hackers (ChloĂ© M • Ryan L • Susan P)

Changes

Fixes

  • fixed Notion Link
  • fixed typo in Labs

Update 2020.06

Added

  • Blogposts & Disclosed Reports:
    • THEY SEE ME SCANNIN’, THEY HATIN’: A BEGINNER’S GUIDE TO NMAP - by Sophia
    • How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber - by Andrewaeva
    • Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss - by Harsh Bothra
    • How to Hack Database Links in SQL Server! - by Antti Rantasaari
    • The Secret sauce of bug bounty - by Mohamed Slamat
    • MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT - by nahamsec
    • MY BUG BOUNTY JOURNEY! - by Farah Hawa
    • Bypassing WAF to perform XSS - by Kleitonx00
  • Labs:
    • Will it CORS?
  • Coding:
    • Linux Beginner Boost
  • Media:
    • rwxrob as a streamer
    • ChaosComputerClub Germany Media Resources under Misc
    • @ZephrFish in Twitter List
    • @CalumBoal in Twitter List
    • @_superhero1 in Twitter List
    • CRE in Podcasts
    • Phrack in Misc
    • CCC Luxembourg Podcast in Podcasts
  • Tools:
    • KeyHacks in the Scanner section
    • Notion in the Notes section
    • Joplin in the Notes section
    • Xmind in the Notes section
    • SpiderFoot in the Recon section
    • Axiom in the Notes section
    • webhook in Misc
    • requestcatcher in Misc
    • canarytokens in Misc
    • Nmap command helper in Scanner
  • Mindset & Mental Health:
    • Happy Hacking
  • Basics
    • Computing Fundamentals

    • Exeter Q-Step Resources

    • Setup bugbounty hunting env on termux - by @hahwul

Changes

Fixes


Update 2020.05

Added

  • Media:
    • New curated Bug Bounty List (Twitter)
    • Curated List of YT Channels by TCM
  • Labs:
    • Kontra Application Security Training
    • Cyberseclabs
  • Coding:
    • Exercism
    • CodeCademy
    • Khan Academy
    • Learn Python the Hard Way
    • Udacity
    • Bug Bounty with Bash
  • Setup:
    • New Video by nahamsec: Creating Wordlists for Pentesting & Bug Bounty
  • Blogposts & Disclosed Reports:
    • Piercing the Veal by d0nut
    • Basic Bug Bounty FAQ by dawgyg
    • How to Set up Certificate-Based SSH for Bug Hunting by Mack Staples
    • Getting started in Cyber Security in 2019 – The Complete Guide by ceos3c
    • WTF is a Bug Bounty? by ceos3c
    • How to solve the INTIGRITI Easter XSS challenge using only Chrome Devtools by STĂ–K
    • URL link spoofing (Slack) by Akaki Tsunoda (akaki)
    • Subdomain Takeover to Authentication bypass by geekboy
    • Zseano’s notes on hacking & mentoring by Intigriti & Zseano
    • Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts by Sam Curry
  • Mobile:
    • Android App Reverse Engineering 101 by Maddie Stone
  • Tools:
    • Ghidra -> Mobile
    • jadx -> Mobile
    • nuclei -> Recon & OSINT
  • New Category: Certifications
    • Fot the moment one Cert: OSCP
  • New Category: Mindset & Mental Health

Changes

  • Changed the formating of the Changelog starting this month to make it cleaner
  • Removed the links for every new addition to its article.
    The headers for every category now links to their page instead.
  • Changed the formatting of the HTTP Section in the Basics Category
  • Changed Blogposts to -> Blogposts & Disclosed Reports
  • Changed some of the formatting in the XSS Blogposts, cleaner now

Fixes

  • Fixed some layout errors
  • Added missing Header in Basics Category
  • Fixed Typos

Update 2020.04

Added

  • New in Basics
    • Added Stanford CS 253 Web Security
  • New Category: Hardware & IoT
    • Added Exploitee.rs Wiki
  • New Category: Coding & Scripting
    • Added Bash Scripting Full Course 3 Hours
    • Added ShellCheck
    • Added Explainshell
    • Added Discovering the Terminal
    • Added Text Processing in the Shell
  • New Podcasts:
    • Darknet Diaries Episode 60 with dawgyg
    • The Bug Bounty Podscast Episode 3 with nahamsec
  • New in Tools:
  • New in Labs:
    • TryHackMe & Videos
  • New in Media:
    • @codingo_ now in Twitter-List
  • New Streamers:
  • New in BlogPosts:
    • New Category: API
    • Added 31 Days of API Security Tips- Misc
    • Added Blind SQL Injection on windows10.hi-tech.mail.ru - SQLInjection
    • Added DOM XSS on app.starbucks.com via ReturnUrl - DOMXSS
    • Added Email address of any user can be queried on Report Invitation GraphQL type when username is known - GraphQL
    • Added External XML Entity via File Upload (SVG) - File Upload
    • Added Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies - HTTP Desync
    • Added gitGraber: A tool to monitor GitHub in real-time to find sensitive data - by @adrien_jeanneau & @R_Marot
    • Added 2 Cases of Path Traversal by @leonishan_
    • Added Google Bug Bounty Writeup- XSS Vulnerability - by @itsmepethu
    • Added Top 10 web hacking techniques of 2019 by James Kettle
    • Added Recon: Create a methodology and start your subdomain enumeration - by FailedNuke
    • Added Understanding Search Syntax on Github - by Github
  • New in Mobile:
  • New in Vulnerabilities:
    • New Video: Cross-Site Scripting (XSS) Explained -by PwnFunction
  • New in Setup:
    • Added Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers

Changed

Fixed


Update 2020.03

Added

  • New: Smart Contracts (special thanks to @0xatul)
    • New White-/yellowpapers in Smart Contracts: Bitcoin whitepaper & Ethereum yellowpaper
    • New How to Audit a Smart Contract
  • New Smart Contracts Category under Blogposts and added two Writeups
  • New in Blogposts:
    • 10 Recon Tools for Bug Bounty
  • New in Setup:
    • Finding your First Bug and getting a Bounty with InsiderPhD
    • Introduction to Docker for CTFs
  • New in Vulnerabilities:
    • Finding your first Bug - CSRF
    • CSRF-Basics
  • New in Tools:
    • Knockpy
  • New in Labs:
    • 0l4bs for XSS
  • New in Mobile:
    • Q&A with Android Hacker bagipro
    • Introduction to Android Hacking
    • Mobile Hacking Cheat Sheet
    • Android Pentesting Github Repo by Riddhi Shree

Changed

  • Nothing

Fixed


Update 2020.02

Added

  • New XSS Lab: XSS Labs from PwnFunction
  • New Recon & OSINT Tool: Reconness
  • New IDOR Blogspost: Automating BURP to find IDORs
  • New Misc Blogpost: How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN
  • New Blogspost Category: RCE
    • New RCE Blogpost: My First RCE (Stressed Employee gets me 2x bounty)
  • New Blogpost Cetegory: Recon
    • New Recon Blogpost/Guide: Subdomain Recon Using Certificate Search Technique
  • New Vulnerabilities Post: The 7 main XSS cases everyone should know
  • Added Jason Haddix to Media (contributed by securibee)

Changed

  • Moved Notes about Nahamsecs Recon Sessions from Misc to Recon

Fixed


Update 2020.01

Added

  • New changelog page
  • New content in Blogposts
  • Designated section to get started with Burp Suite
  • Link from the Burp Tool section to the setup guide
  • Recon Pi to Tools

Changed


back to Intro Page

Please wait...
Page is in error, reload to recover