Tracking my progress for 100 days learning something new daily....
Revisiting Computer Networks:
- Computer Networking Full Course - OSI Model Deep Dive with Real Life Examples
- OSI MODEL in easiest Way (best way to remember OSI layers and their role)
--
Read book till pg 20
- Read a good blog on BugBounty Methodology :
-
Subdomain Takeover: https://github.com/EdOverflow/can-i-take-over-xyz
-
Found a subdomain takeover in a private Bugbounty Program
-
Learing Google Cloud Platform from Youtube: https://www.youtube.com/playlist?list=PLBGx66SQNZ8YWRUw6yicKtD4AIpUl_YiJ
-
Tried exploiting subdomain takeover but google cloud not assigning the desired namesever shard while creating DNS Zone. Build script to create Zones recursively but it is randomly assigning only -a1 and -b1, But I need ns-cloud-d1.googledomains[.]com.
-
Did recon on a Private Bug Bounty Program.
-
Read on SSTI from Portswigger Labs
Solved all the server-side template injection (SSTI) labs from Portswigger Web-Security Labs.
-
Server-side template injection in an unknown language with a documented exploit
-
Server-side template injection with information disclosure via user-supplied objects
- Did recon on a private program.
- Read Book:
- Completed all the Access control vulnerabilities labs from Portswigger Web-Security Labs.
- Read Blog on SSTI: Handlebars template injection and RCE in a Shopify app
- Stared working on my BugBounty Recon Tool : Designed Basic Workflow Diagram
- Read writeup: Delete any Video or Reel on Facebook (11,250$)
- Watched the First Half playlist by technical guftgu on CCNA for revisiting networking concepts
- Solved Portswigger Labs:Authentication Bypass
- Read Blogs:
- Fastly Subdomain Takeover $2000
- Bypass IP Restrictions with Burp Suite
- OTP Leaking Through Cookie Leads to Account Takeover
- Determining your hacking targets with recon and automation
- Did recon on a bugbounty target.
- Read Blogs:
- Found critical IDOR revealing PII and OTP bypass on a domain
- Read blog:
Prepared Detailed Report of both the bugs (critical IDOR revealing PII & OTP-bypass) and submitted them.
Read Blog:
- Read: Guide to Bug Bounty Hunting
- Did recon on an domain.
- Found another IDOR on a domain.
- Read Blog: Swagger API
-
Solved CORS labs from Portswigger Web Security Academy
-
Read blogs
- Bypassing SSRF Protection
- Oauth misconfiguration == Pre-Account Takeover
- Authentication Bypass,File Upload,Arbitrary File Overwrite
- Did enumeration on a domain.
- Read about Business logic vulnerabilities: http://portswigger.net/web-security/logic-flaws
- Tried exploiting OTP bypass on a BugBounty program
- Solved some of the Business logic vulnerabilities from portswigger labs
Read Blogs:
- SSRF leading to AWS keys leakage
- Bypass Apple’s redirection process with the dot (“.”) character
- Cross site leaks
- What is Doxing?
- $500 in 5 minutes (broken link automation)
- Did recon on a domain
- Read blogs
- Using Nuclei template to find subdomain takeover
- Automated and Continuous Recon/Attack Surface Management — Amass Track and DB
- Solved labs of Bussiness logic flaws Portswigger.
- Read Blogs:
Read Race Conditon Blogs:
- What Is a Race Condition?
- RACE Condition vulnerability found in bug-bounty program
- Hacktricks.xyz Race Condition
- Working on the recon tool.
- Read blog:
- Working on the recon tool
- Read blogs:
- How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
- Subdomain takeover on GitHub Pages using Google Dorks
- Solved remaining bussiness logic vulnerability labs from Portswigger Web Security Academy.
- Read blog:
- Tested API on an edtech website exposing PII.
- Read Blog:
- Revisted notes.
- Read blogs:
- How I Earned $1000 From Business Logic Vulnerability
- Seven Common Ways To Bypass Login Page
- Password Stealing from HTTPS Login Page & CSRF Protection bypass via XSS
- Working on the recon tool.
- Read blog:
- Horizontal domain correlation
- How to pull off a successful NoSQL Injection attack
- OWASP NoSQL(Fun with Objects and Arrays)
-
Completed Udemy Course on "Cybersecurity Incident Handling and Response"
-
Read blog:
- Read blog:
- Working on Enum Tool.
- Read blog:
- How to spoof e-mails. (DMARC, SPF, and Phishing)
- How I could have read your confidential bug reports by simple mail?
- Destroying the Scammers Portal — SBI Scam
- Working on Enum Tool. (implemented keylogger and discord webhooks)
- Read blog:
- Working on the enum tool: (Implemented screenshot,system info gathering functionality)
- Read blog:
Read Blog:
- Read Guide: zseanos methodology (pg: 20-30)
- Read Blog:
- Revisited Notes of Enumerating Various Services in Pentesting
- Read Blog:
- Solved tryhackme room:
- Intro to Offensive Security
- Web Application Security
- Intro to Digital Forensics
- Read Blog:
- Read about SSRF.
- Read Blog:
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
- Dependency Confusion
- RCE via Dependency Confusion
- Read about SQLi
- Read Blogs:
- Read about FTP, SSH, SMTP DNS, and its pentesting.
- Wrote Blog:
- Read Blog:
- Revisted NFS,RDP,VNC, LDAP,WinRM,mssql,MySQL pentesting.
- Read Blog:
- Revisted Insecure File Uploads.
- Tested a webapp.
- Read blog:
- Revisted XSS and javascript.
- Read Blogs:
- Revisited SNMP, SMB, MSRPC pentesting.
- Reading Blog:
- Reading Notes:
- Solved DOM XSS Labs from Portswigger
- Read Blog:
- Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
- How i Hacked Scopely with “Sign in with Google”
- Watched networking tutorials (MAC,ARP)
- Read blogs:
- Did recon on a domain.
- Read blogs:
- Did recon on a domain and read about 403 bypass.
- Read blogs:
- HOW TO LAUNCH COMMAND PROMPT AND POWERSHELL FROM MS PAINT
- Story of a weird vulnerability I found on Facebook
- Did ssl pinning bypass on Android and learning static analysis.
- Read blogs:
- DOM-Based XSS for fun and profit $$$!
- API Misconfiguration - No Swag of SwaggerUI
- How I identified & reported vulnerabilities in Oracle & the rewards of responsible disclosure:From Backup Leak to Hall of Fame
- From Error_Log File(P4) To Company Account Takeover(P1) & Unauthorized Actions On API
- Revisited Linux Privilege Escalation from Notes
- Read blog:
- Read CORS from Portswigger http://portswigger.net/web-security/cors
- Read blog:
- How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website
- Web 3.0 : The Future of Web and CyberSecurity
- Solved CORS labs from Portswigger
- Read blog:
- How we made $120k bug bounty in a year with good automation
- Sensitive information disclosure through API
- Researched and preparing list of most common interview questions in cybersecurity.
- Read blog:
- Solved box MrRobot on TryHackMe
- Read blog:
- Account TakeOver using Resend OTP Functionality
- WHAT IS THREAT MODELING?
- Watch out the links : Account takeover
- Solved box Eavesdropper on http://tryhackme.com/room/eavesdropper
- Read blog:
- Facebook Information Disclosure Bug $X000
- How I got a $2000 bounty with RXSS
- Subdomain Enumeration Guide
- Read blog/video:
- Demystifying Cookies & Tokens!!
- SSRF That Allowed Us to Access Whole Infra Web Services and Many More
- HubSpot Full Account Takeover in Bug Bounty
- Revisited Windows Privilege Escalation from Notes.
- Read Blogs:
- Guide to Permutations Subdomain Enumeration
- Give me a browser, I’ll give you a Shell
- Reveal the Cloud with Google Dorks
- Revisited AD basics from notes and http://tryhackme.com
- Read Blogs:
- Watched some networking lectures on YouTube.
- Read Blogs:
Read Blogs:
- WAF Bypass + XSS on The MOST Popular Movie Ticket website
- Simplify Your Web Application Testing with These Python Snippets
- The Inside Story of Finding a Reverse Transaction Vulnerability in a Financial Application
- How I got $$$$ Bounty within 5 mins
- Learned some windows priv esc techniques.
- Read Blogs:
- Facebook bug: A Journey from Code Execution to S3 Data Leak
- LM, NTLM, Net-NTLMv2, oh my!
- Rotten Potato – Privilege Escalation from Service Accounts to SYSTEM
- Configured AD for testing purpose.
- Read Blogs:
- Found an URL in android application source code which lead to IDOR
- Hacking Apple:Two Successful Exploits and Positive Thoughts on their BB Program
- Read Blogs:
- Information Disclosure in Adobe Experience Manager
- [1500$ Worth — Slack] vulnerability, bypass invite accept process
- Read Blogs:
- Let’s build a Chrome Spy Extension that steals everything
- Cybersecurity Top 10 Predictions for 2023
- API 101: Securing the REST APIs
- Read about Zerologon vuln & Updated OSCP boxes sheet.
- Read Blogs:
- Solved Tryhackme room: Active Directory
https://tryhackme.com/room/winadbasics
- Read Blogs:
- How did I found RCE on SHAREit which rewarded $$$ bounty
- How do I take over another user subdomain name worth $$$$
- Did recon on Target, found a bug as .git exposed.
- Read Blogs:
- Little bug, Big impact. 25k bounty
- $10.000 bounty for exposed .git to RCE
- The Tale of a Command Injection by Changing the Logo
- Read Blogs:
- Exploiting Auto-save Functionality To Steal Login Credentials
- Account Takeover Worth $900
- Easy bounties and Hall of fame
- Read Blogs:
- If you think invite code or referral code is useless, then you should read this (Another critical bug in crypto exchange)
- Account Takeover worth of $5
- Hacker101- Javascipt For Hackers
- Found a Vulnerability on a domain, but they aren't running any VDP😑
- Read Blog:
- An Interesting Account Takeover!!
- How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?
- Revisited OWASP Top10. (this site has good graphical representation)
https://hacksplaining.com/owasp
- Read Blogs:
- Read Blogs:
- Read Blogs:
- Bypassing the Redirect filters with 7 ways
- Hunting on ASPX Application For P1's [Unauthenticated SOAP,RCE, Info Disclosure]
- 30-Minute Heist: How I Bagged a $1500 Bounty in Just few Minutes!
- Completed 2/13 modules of API Pentesting course from https://apisecuniversity.com
- Read Blogs:
- How I Used JS files inspection and Fuzzing to do admins/support stuff
- Bug Bounty Hunting 101:WAF Evasion
- Blind XSS fired on Admin panel worth $2000
- Solved SSRF labs from Portswigger Web Security
- Read Blogs:
- The story of becoming a Super Admin
- 500$ Bounty in just 5 minutes through Recon!!!! AWS bucket Takeover
- Can you spot the vulnerability? Intigriti challenge DOM XSS
- Completed 3/13 modules of API Pentesting course from http://apisecuniversity.com
- Read Blogs:
- Completed 4/13 modules of API Pentesting course from http://apisecuniversity.com
- Read Blogs:
- How to Use Autorize
- The story of how I was able to chain SSRF with Command Injection Vulnerability
- I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.
- Read Blogs:
- Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack
- Out-of-band application security testing (OAST)
- Solved CTF challenges
- Read Blogs:
- Hacker101 CTF: Android Challenge Writeups
- The Secret Parameter, LFR, and Potential RCE in NodeJS Apps
- Microsoft NTLM
- Read Blogs:
- Stripe’s Two-Factor Authentication (2FA) Bypass
- REST API FUZZING
- CSRF in Importing CSV files [app . taxjar . com]
- Solved CSRF labs from Portswigger Web Security. https://portswigger.net/web-security/csrf
- Read Blogs:
- Read Blogs:
- Shodan for Bug Bounty — and Why you shouldn’t use these 53 Dorks.
- Reconnaissance to Remote Code Execution:
- Read Blogs:
- Web Cache Deception Attack
- Stealing Users OAuth authorization code via redirect_uri
- Traveling with OAuth - Account Takeover on Booking .com
- Solved some CSRF labs from Portswigger Web Security.
- Read Blogs:
- Solved OAuth labs from Portswigger Web Security.
- Read Blog:
- Read Blogs:
- Using an Undocumented Amplify API to Leak AWS Account IDs
- My First Bug, Open redirect at Epic Games → $500 Bounty
- SameSite Cookie Attack
- The curl quirk that exposed Burp Suite & Google Chrome
- Developing a Enum Tool.
- Read Blogs
- Cool Recon techniques every hacker misses!
- Weak session management leads to Account Takeover
- A short tell of LFI from PDF link
- Solved box OWASP Top10 2021 https://tryhackme.com/room/owasptop10
- Read Blogs:
- Stealing Your Private YouTube Videos, One Frame at a Time
- What Is Endpoint Detection and Response (EDR)?
- Read Blogs:
- From P5 to P2, from nothing to 1000+$
- Reverse proxy misconfiguration leads to 1-click account takeover
- Waybackurls: A Powerful Tool for Cybersecurity Professionals to Enhance Reconnaissance and Identify Potential Vulnerabilities
- Read Blogs
- Account takeover in ChatGPT
- Blind XSS via SMS Support Chat — $1100 Bug Bounty!
- Broken Link Leads to hijacking of Twitter Account
- Read Blogs
- Disclosing users of any facebook app connected to business account
- Hacking Like Functionality of Twitter
- Evading SMS Security Feature of Prominent Mobile Antivirus
- Solved XXE labs from Portswigger Web Security.
- Read Blogs
- How to use Burp Suite Like a PRO?
- $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty
- Read Blogs
- 3CX Breach Was a Double Supply Chain Compromise
- Story of How I was able to Find and report 100+ Information Disclosures on Some Programs of HackerOne and Bugcrowd
- How I detected Open Redirect on a WhatsApp Message
- ICICI Bank Data Leak – Millions of Records with Sensitive Data Exposed
-
Wrote a blog on NTLM vs Kerberos: Understanding Authentication in Windows/Active Directory
-
Read Blog:
- Read Blog:
- 10 Google Dorks for Sensitive Data
- SSRF methodology by @iamaakashrathee
- Insecure Docker Registry API Leads To Pull All Private Docker Images
- Working on blog on Kerberoasting in AD.
- Read Blog:
- Email authentication: How SPF, DKIM and DMARC work together
- Email spoofing with lack SPF and/or DMARC records
- Read Blog:
- (Reverse) shell to your Azure VM as ‘Local System’ user or ‘root’ user
- XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websites
- Finding XSS in a million websites (cPanel CVE-2023-29489)
- Read Blog:
- Read Blog:
- Read Blogs:
- Simple Account Takeover Worth $9,999
- PHP Backdoor Obfuscation
- Code Injection via Python Sandbox Escape — how I got a shell inside a network
--END--