Ethical Hacking Tutorials

2021-06-11 19:47:09 Join for Cyber Sec materials/Discussions/ Tips and more Hacking https://t.me/Black_Box_Hacking Open / Comment

2021-06-11 19:30:59 @EthicalHackxCom - a group for hackers and security guys, talk anything about money and get blocked immediately. Any nonsense is not entertained ( be it facebook instagram...BTC mining. Selling courses,.... U will be blocked with 0 warnings.

Only join and talk if serious about hacking/security Open / Comment

2021-06-11 18:51:04 More tips at @EthicalHackxCom Open / Comment

2021-06-11 06:57:19 BUG BOUNTY TIPS

Tip #1

Use GIT as a recon tool. Find the target's GIT repositories, clone them, and then check the logs for information on the team not necessarily in the source code. Say the target is Reddit and I want to see which developers work on certain projects.

Link : https://gist.github.com/EdOverflow/a9aad69a690d97a8da20cd4194ca6596

Tip #2

Look for GitLab instances on targets or belonging to the target. When you stumble across the GitLab login panel, navigate to /explore. Misconfigured instances do not require authentication to view the internal projects. Once you get in, use the search function to find passwords, keys, etc. This is a pretty big attack vector and I am finally revealing it today, because I am sure it will help a lot of you get some critical issues.

Tip #3

Bug bounty tip: test applications of a company that costs money or requires manual setup. Chances are only few to none would have tested it leaving it vulnerable.

Tip #4

If you’ve found an IDOR where you’re able to change data of others then don’t jump out of your seat to report it > modify it to XSS payload & if inputs are not sanitized & variables are echo’d without getting escaped then IDOR>XSS>ATO.

Tip #5

Look for hackathon-related assets. What I mean by this is sometimes companies run hackathons and give attendees special access to certain API endpoints and/or temporary credentials. I have found GIT instances that were set up for Hackathons full of information that allowed me to find more issues in the target several times.

Tip #6

Keep all your directory brute force results so when a CVE like Drupalgeddon2 comes out, you can look for previously found instances (cat dirsearch/reports// | grep INSTALL.mysql.txt | grep 200 | less)/

Tip #7

When you have a form, always try to change the request method from POST to GET in order to improve the CVSS score. For example, demonstrating a CSRF can be exploited simply by using [img] tag is better than having to send a link to the victim.

Share ! #bugbounty Open / Comment

2021-06-10 18:22:15 A BUG HUNTER'S MINI GUIDE
(@ethicalhackx - @infoseczone)

What Is Bug Bounty ?

A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs.

How to get started / what to study ?

https://medium.com/swlh/mastering-the-skills-of-bug-bounty-2201eb6a9f4

Resources To Learn :

Course : Bug Hunting By Zaid Sabih (Udemy)
Course : Bug Hunting with Burpsuite (Udemy)
Course : Web Bug Bounty by NahamSec (Udemy)
Course : Bug Bounty Course by Rohit Gautam v1
Course : Bug Bounty Course By Rohit Gautam v2


Ebook : Web Application Hacker's Handbook
Ebook : The Bug Bounty Bootcamp
Ebook : A Bug Hunter's Guide
Ebook : Bug Hunting For web security
Ebook : Real World Bug Hunting

YouTube Channels :
1. Live Overflow
2. Hackersploit
3. Hackerone
4. Hak5
5. NahamSec
6. PratikDabhi
7. Bitten Tech (Hindi)

Platforms providing Bug Bounty Programs

1. hackerone.com
2. bugcrowd.com
3. Synack.com
4. yogosha.com
5. yeswehack.com
6. Intigriti.com

At Last, Learn to write better Vulnerability reports
https://medium.com/swlh/how-to-write-a-better-vulnerability-report-20163ab913fb

This list don't claim to be complete , suggestions are welcomed in comments.

@infoseczone • @ethicalhackx Open / Comment

2021-06-10 17:19:32 Where do Russian Hackers store their exploits?

/ussr/bin/

@ethicalhackxcom for more Open / Comment

2021-06-10 06:37:18 UPLOAD VULNERABILITIES - TRYHACKME writeup - In Deep @hacklido

https://hacklido.com/blog/163-upload-vulnerabilities-tryhackme-writeup

By @illucist Open / Comment

2021-06-09 06:46:55 Roadmap : Getting into Cyber Security

Confused where to start and what to learn ? Well no more. Use this as a roadmap and learn to get into Cyber Security
#roadmap #CyberSecurityRoadmap Open / Comment

2021-06-08 13:24:35

Open / Comment