Resources-for-Beginner-Bug-Bounty-Hunters

Changelog 📬

Updates to this repo will be pushed monthly. You can read about the latest changes below.

Update 2020.04

Added

• New: Hardware & IoT
  • Added Exploitee.rs Wiki
• New Podcasts:
  • Darknet Diaries Episode 60 with dawgyg
  • The Bug Bounty Podscast Episode 3 with nahamsec
• New in Tools:
  • objection - A new Mobile tool
  • CyberChef
  • New Category: Notes & Organization
    • Reconness to Notes & Organization
    • Updog to Notes & Organization
  • New Category: Burp Extensions
    • Logger++ to Burp Extensions
    • AuthMatrix to Burp Extensions
    • Autorize to Burp Extensions
    • Auto Repeater to Burp Extensions
    • Progress Tracker to Burp Extensions
    • Flow to Burp Extensions
• New in Labs:
  • TryHackMe & Videos
• New Streamers:
  • sup3rhero1
  • STÖK
• New in BlogPosts:
  • New Category: API
  • Added "31 Days of API Security Tips" - Misc
  • Added "Blind SQL Injection on windows10.hi-tech.mail.ru" - SQLInjection
  • Added "DOM XSS on app.starbucks.com via ReturnUrl" - DOMXSS
  • Added "Email address of any user can be queried on Report Invitation GraphQL type when username is known" - GraphQL
  • Added "External XML Entity via File Upload (SVG)" - File Upload
  • Added "Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies" - HTTP Desync
• New in Mobile:
  • Android-Reports-and-Resources

Changed

Fixed

- Frida?

Update 2020.03

Added

• New: Smart Contracts (special thanks to @0xatul)
  • New White-/yellowpapers in Smart Contracts: Bitcoin whitepaper & Ethereum yellowpaper
  • New How to Audit a Smart Contract
• New Smart Contracts Category under Blogposts and added two Writeups
• New in Blogposts:
  • 10 Recon Tools for Bug Bounty
• New in Setup:
  • Finding your First Bug and getting a Bounty with InsiderPhD
  • Introduction to Docker for CTFs
• New in Vulnerabilities:
  • Finding your first Bug - CSRF
  • CSRF-Basics
• New in Tools:
  • Knockpy
• New in Labs:
  • 0l4bs for XSS
• New in Mobile:
  • Q&A with Android Hacker bagipro
  • Introduction to Android Hacking
  • Mobile Hacking Cheat Sheet
  • Android Pentesting Github Repo by Riddhi Shree

Changed

• Nothing

Fixed

• Format Issue in Changelog
• Changed Format in README

Update 2020.02

Added

• New XSS Lab: XSS Labs from PwnFunction
• New Recon & OSINT Tool: Reconness
• New IDOR Blogspost: Automating BURP to find IDORs
• New Misc Blogpost: How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN
• New Blogspost Category: RCE
  • New RCE Blogpost: My First RCE (Stressed Employee gets me 2x bounty)
• New Blogpost Cetegory: Recon
  • New Recon Blogpost/Guide: Subdomain Recon Using Certificate Search Technique
• New Vulnerabilities Post: The 7 main XSS cases everyone should know
• Added Jason Haddix to Media (contributed by securibee)

Changed

• Moved Notes about Nahamsecs Recon Sessions from Misc to Recon

Fixed

• Typos in Media (contributed by securibee)

Update 2020.01

Added

• New changelog page
• New content in Blogposts
• Designated section to get started with Burp Suite
• Link from the Burp Tool section to the setup guide
• Recon Pi to Tools

Changed

• Updated the Twitter Descriptions in media.md
• Cleaned up Setup Page
• Cleaned up Blogposts Page

back to Intro Page