Based on Learning about Vulnerabilities

“Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort. The effort takes motivation.”

Now let’s start with the basic learning about InfoSec the first and really most important step would be to choose a proper initial path that you are going to start learning. Choosing the right path to start in Bug Bounty is very important. It totally depends upon your interest, like some people choose Web Application path first coz it’s easy to learn and go through than mobile and others… (Some of the resources are moved here from my old blog that’s I’m going to remove but these are updated and properly arranged by my experience) I’ll focus on Web, & Mobile Here coz this is what my interest is.

Before I add anything else I’ll suggest You to actually go through Hacker101 By HackerOne https://www.hacker101.com/ And Bugcrowd University https://www.bugcrowd.com/hackers/bugcrowd-university/ Both of these contain a Huge list of resources and lectures that can help you in even a better way than many of us can’t but as you guys are following this as well so I decided to add them here also.

Web App Security:

Before I Suggest you what to Learn first if you follow my suggested path l’ll like to tell you some ways you can practice your skills..

CTF(Capture The Flag): Now to practice for Bug Bounties you can participate in CTF challenges. Just like the name suggests “Capture The Flag” there are several challenges for you to solve which deals with real-world vulnerabilities. The more you practice on these challenges the more you will learn about the different technologies required to break into an application or a system.

For Web App, I’ll suggest you guys read the following books & guides first >https://www.packtpub.com/networking-and-servers/mastering-modern-web-penetration-testing >https://www.amazon.com/Hackers-Underground-Handbook-secure-systems/dp/1451550189 >https://leanpub.com/web-hacking-101 >https://www.amazon.com/gp/product/1593275641/ >https://www.amazon.com/gp/product/1512214566/ >https://www.amazon.com/Tangled-Web-Securing-Modern-Applications-ebook/dp/B006FZ3UNI/

Reading these books you will get good knowledge about Web App Penetration testing & Security testing in general and in-depth. In addition to these books, I’ll suggest you guys should really give good time reading and understanding OWASP Testing Guide & OWASP Top 10 Vulnerabilities from 2010-2017 OWASP Testing project: >https://www.owasp.org/index.php/OWASP_Testing_Project

OWASP Top 10 Project: >https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2010 >https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2013 >https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

Adding a Few basic Pdfs for you guys to go through and save locally to you can keep it revised and keep learning from them. I’ll say they gonna help you almost a hundred percent of the time. So do give these a good time > Kali Linux Revealed https://docs.kali.org/pdf/kali-book-en.pdf > Nmap Cheat Sheet https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf > Metasploit Cheat Sheet: https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

Now by this point, I’ll say You have done Good enough research and given good time to practice and learn that you can jump into a Bug Bounty Program to test in real-life environment outside CTF, or test environments. So you can happily jump to the pages at https://bugcrowd.com/programs https://hackerone.com/directory

PentesterLab There’s only one way to properly learn web penetration testing: by getting your hands dirty. PentesterLab teaches how to manually find and exploit vulnerabilities and is a good resource to learn and practice all at once.

Pentester Academy

Another Great resource to practice using online labs and learn, they also provide certifications.

And Select a Program But I’ll suggest you read till the end.

Following all of them books, testing guides you might have an idea of vulnerabilities so i’ll name a few common ones and try to give good reference to learn them easily.

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. References to read: >https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/?utm_campaign=Incapsula-moved >https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) >https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/ Some POCs:

• CSRF Account Takeover famebit by Hassan Khan

• Hacking PayPal Accounts with one click (Patched) by Yasser Ali

• Add tweet to collection CSRF by vijay kumar

• Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun by phwd

• How i Hacked your Beats account ? Apple Bug Bounty by @aaditya_purani

• Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) by Florian Courtial

• CSRF Account Takeover by Vulnerables

• Uber CSRF Account Takeover by Ron Chan

• Messenger.com CSRF that show you the steps when you check for CSRF by Jack Whitton

Cross-Site Scripting (XSS)

XSS enables attackers to inject client-side scripts into web pages viewed by other users.

References to read: >https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) >https://portswigger.net/web-security/cross-site-scripting >https://excess-xss.com/ Some POCs:

• AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2 by geekboy

• Uber Self XSS to Global XSS

• How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) by Marin MoulinierFollow

• Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities by Brett

• XSSI, Client Side Brute Force

• postMessage XSS Bypass

• XSS in Uber via Cookie by zhchbin

• Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP by frans

• XSS due to improper regex in third party js Uber 7k XSS

• XSS in TinyMCE 2.4.0 by Jelmer de Hen

• Pass uncoded URL in IE11 to cause XSS

• Twitter XSS by stopping redirection and javascript scheme by Sergey Bobrov

• Microsoft XSS and Twitter XSS

• Google Japan Book XSS

• Flash XSS mega nz – by frans

• Flash XSS in multiple libraries – by Olivier Beg

• xss in google IE, Host Header Reflection

• Years ago Google xss

• xss in google by IE weird behavior

• xss in Yahoo Fantasy Sport

• xss in Yahoo Mail Again, worth $10000 by Klikki Oy

• Sleeping XSS in Google by securityguard

• Decoding a .htpasswd to earn a payload of money by securityguard

• Google Account Takeover

• Sleeping stored Google XSS Awakens a $5000 Bounty by Patrik Fehrenbach

• RPO that lead to information leakage in Google by filedescriptor

• God-like XSS, Log-in, Log-out, Log-in in Uber by Jack Whitton

• Three Stored XSS in Facebook by Nirgoldshlager

• Using a Braun Shaver to Bypass XSS Audit and WAF by Frans Rosen

• An XSS on Facebook via PNGs & Wonky Content Types by Jack Whitton

  • he is able to make stored XSS from a irrelevant domain to main facebook domain

• Stored XSS in *.ebay.com by Jack Whitton

• Complicated, Best Report of Google XSS by Ramzes

• Tricky Html Injection and Possible XSS in sms-be-vip.twitter.com by secgeek

• Command Injection in Google Console by Venkat S

• Facebook’s Moves – OAuth XSS by PAULOS YIBELO

• Stored XSS in Google Docs (Bug Bounty) by Harry M Gertos

• Stored XSS on developer.uber.com via admin account compromise in Uber by James Kettle (albinowax)

• Yahoo Mail stored XSS by Klikki Oy

• Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212) by Masato Kinugawa

• Youtube XSS by fransrosen

• Best Google XSS again – by Krzysztof Kotowicz

• IE & Edge URL parsin Problem – by detectify

• Google XSS subdomain Clickjacking

SQL Injection

SQL injection, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.

References to read: >https://www.owasp.org/index.php/SQL_Injection >https://portswigger.net/web-security/sql-injection >https://www.imperva.com/learn/application-security/sql-injection-sqli/ >https://www.w3schools.com/sql/sql_injection.asp

Some POCs:

• SQL Injection Vulnerability nutanix by Muhammad Khizer Javed

• Yahoo – Root Access SQL Injection – tw.yahoo.com by Brett Buerhaus

• Multiple vulnerabilities in a WordPress plugin at drive.uber.com by Abood Nour (syndr0me)

• GitHub Enterprise SQL Injection by Orange

• SQL injection in WordPress Plugin Huge IT Video Gallery in Uber by glc

• SQL Injection on sctrack.email.uber.com.cn by Orange Tsai

Remote Code Execution (RCE)

In RCE an attacker’s able to execute arbitrary commands or code on a target machine or in a target Machine.

References to read: >https://www.netsparker.com/blog/web-security/remote-code-evaluation-execution/ >https://en.wikipedia.org/wiki/Arbitrary_code_execution

Some POCs:

• How we broke PHP, hacked Pornhub and earned $20,000 by Ruslan Habalov

  • Alert, God-like Write-up, make sure you know what is ROP before clicking, which I don’t =(

• RCE deal to tricky file upload by secgeek

• WordPress SOME bug in plupload.flash.swf leading to RCE in Automatic by Cure53 (cure53)

• Read-Only user can execute arbitraty shell commands on AirOS by 93c08539 (93c08539)

• Remote Code Execution by impage upload! by Raz0r (ru_raz0r)

• Popping a shell on the Oculus developer portal by Bitquark

• Crazy! PornHub RCE AGAIN!!! How I hacked Pornhub for fun and profit – 10,000$ by 5haked

• PayPal Node.js code injection (RCE) by Michael Stepankin

• eBay PHP Parameter Injection lead to RCE

• Yahoo Acqusition RCE

• Command Injection Vulnerability in Hostinger by @alberto__segura

• RCE in Airbnb by Ruby Injection by buerRCE

• RCE in Imgur by Command Line

• RCE in git.imgur.com by abusing out dated software by Orange Tsai

• RCE in Disclosure

• Remote Code Execution by struct2 Yahoo Server

• Command Injection in Yahoo Acquisition

• Paypal RCE

• $50k RCE in JetBrains IDE

• $20k RCE in Jenkin Instance by @nahamsec

• JDWP Remote Code Execution in PayPal by Milan A Solanki

• XXE in OpenID: one bug to rule them all, or how I found a Remote Code Execution flaw affecting Facebook’s servers by Reginaldo Silva

• How I Hacked Facebook, and Found Someone’s Backdoor Script by Orange Tsai

• How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! by Orange Tsai

• uber.com may RCE by Flask Jinja2 Template Injection by Orange Tsai

• Yahoo Bug Bounty – *.login.yahoo.com Remote Code Execution by Orange Tsai (in Chinese)

• Google App Engine RCE by Ezequiel Pereira

• Exploiting ImageMagick to get RCE on Polyvore (Yahoo Acquisition) by NaHamSec

• Exploting ImageMagick to get RCE on HackerOne by c666a323be94d57

• Trello bug bounty: Access server’s files using ImageTragick by Florian Courtial

• 40k fb rce

• Yahoo Bleed 1

• Yahoo Bleed 2

• Microsoft Apache Solr RCE Velocity Template By Muhammad Khizer Javed

Insecure Direct Object Reference (IDOR)

In IDOR an application provides direct access to objects based on the user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly.

References to read: >https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/ >https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004) >https://www.secjuice.com/idor-insecure-direct-object-reference-definition/

Some POCs:

• DOB disclosed using “Facebook Graph API Reverse Engineering” by Raja Sekar Durairaj

• Change the description of a video without publish_actions permission in Facebook by phwd

• Response To Request Injection (RTRI) by ?, be honest, thanks to this article, I have found quite a few bugs because of using his method, respect to the author!

• Leak of all project names and all user names , even across applications on Harvest by Edgar Boda-Majer (eboda)

• Changing paymentProfileUuid when booking a trip allows free rides at Uber by Matthew Temmy (temmyscript)

• View private tweet

• Uber Enum UUID

• Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User by Stephen Sclafani

• Hacking Facebook’s Legacy API, Part 2: Stealing User Sessions by Stephen Sclafani

• Delete FB Video

• Delete FB Video

• Facebook Page Takeover by Manipulating the Parameter by arunsureshkumar

• Viewing private Airbnb Messages

• IDOR tweet as any user by kedrisec

• Classic IDOR endpoints in Twitter

• Mass Assignment, Response to Request Injection, Admin Escalation by sean

• Trello bug bounty: The websocket receives data when a public company creates a team visible board by Florian Courtial

• Trello bug bounty: Payments informations are sent to the webhook when a team changes its visibility by Florian Courtial

• Change any user’s password in Uber by mongo

• Vulnerability in Youtube allowed moving comments from any video to another by secgeek

  • It’s Google Vulnerability, so it’s worth reading, as generally it is more difficult to find Google vulnerability

• Twitter Vulnerability Could Credit Cards from Any Twitter Account by secgeek

• One Vulnerability allowed deleting comments of any user in all Yahoo sites by secgeek

• Microsoft-careers.com Remote Password Reset by Yaaser Ali

• How I could change your eBay password by Yaaser Ali

• Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication by Duo Labs

• Hacking Facebook.com/thanks Posting on behalf of your friends! by Anand Prakash

• How I got access to millions of [redacted] accounts

• All Vimeo Private videos disclosure via Authorization Bypass with Excellent Technical Description by Enguerran Gillier (opnsec)

• Urgent: attacker can access every data source on Bime by Jobert Abma (jobert)

• Downloading password protected / restricted videos on Vimeo by Gazza (gazza)

• Get organization info base on uuid in Uber by Severus (severus)

• How I Exposed your Primary Facebook Email Address (Bug worth $4500) by Roy Castillo

Unrestricted File Upload

As in name unrestricted file upload allows user to upload malicious file to a system to further exploit to for Code execution

References to read: >https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/unrestricted-file-upload/ >https://www.owasp.org/index.php/Unrestricted_File_Upload >https://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation/

Some POCs:

• File Upload XSS in image uploading of App in mopub by vijay kumar

• RCE deal to tricky file upload by secgeek

• File Upload XSS in image uploading of App in mopub in Twitter by vijay kumar (vijay_kumar1110)

• Unrestricted File Upload to RCE by Muhammad Khizer Javed

XML External Entity Attack (XXE)

XXE is an attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

References to read: >https://portswigger.net/web-security/xxe >https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet >https://phonexicum.github.io/infosec/xxe.html

Some POCs:

• XXE through SAML

• XXE in Uber to read local files

• XXE by SVG in community.lithium.com

• How we got read access on Google’s production servers by detectify

• Blind OOB XXE At UBER 26+ Domains Hacked by Raghav Bisht

Local File Inclusion (LFI)

The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.

References to read: >https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion >https://www.netsparker.com/blog/web-security/local-file-inclusion-vulnerability/ >https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601

Some POCs:

• SSRF to LFI

• Disclosure Local File Inclusion by Symlink

• Facebook Symlink Local File Inclusion

• Gitlab Symlink Local File Inclusion

• Gitlab Symlink Local File Inclusion Part II

• Multiple Company LFI

• LFI by video conversion, excited about this trick!

Subdomain Takeover

A process of registering a non-existing domain name to gain control over another domain.

References to read: >https://blog.securitybreached.org/2017/10/11/what-is-subdomain-takeover-vulnerability/ >https://0xpatrik.com/subdomain-takeover-basics/ >https://github.com/EdOverflow/can-i-take-over-xyz

Some POCs:

• Hijacking tons of Instapage expired users Domains & Subdomains by geekboy

• Reading Emails in Uber Subdomains

• Slack Bug Journey – by David Vieira-Kurz

• Subdomain takeover and chain it to perform authentication bypass by Arne Swinnen

• UBER Wildcard Subdomain Takeover by Muhammad Khizer Javed

• Lamborghini Subdomain Takeover Through Expired Cloudfront Distribution by Muhammad Khizer Javed

• Subdomain Takeover via Unsecured S3 Bucket Connected to the Website by Muhammad khizer Javed

Server Side Request Forgery (SSRF)

by SSRF the attacker can abuse functionality on the server to read or update internal resources.

References to read: >https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978 >https://www.owasp.org/index.php/Server_Side_Request_Forgery >https://www.netsparker.com/blog/web-security/server-side-request-forgery-vulnerability-ssrf/ >https://blog.detectify.com/2019/01/10/what-is-server-side-request-forgery-ssrf/

Some POCs:

• ESEA Server-Side Request Forgery and Querying AWS Meta Data by Brett Buerhaus

• SSRF to pivot internal network

• SSRF to LFI

• SSRF to query google internal server

• SSRF by using third party Open redirect by Brett BUERHAUS

• SSRF tips from BugBountyHQ of Images

• SSRF to RCE

• XXE at Twitter

• Blog post: Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface

Some Other Interesting POCs: A huge collection at https://github.com/djadmin/awesome-bug-bounty

Deserialization

• Java Deserialization in manager.paypal.com by Michael Stepankin

• Instagram’s Million Dollar Bug by Wesley Wineberg

• (Ruby Cookie Deserialization RCE on facebooksearch.algolia.com by Michiel Prins (michiel)

• Java deserialization by meals

Race Condition

• Race conditions on Facebook, DigitalOcean and others (fixed) by Josip Franjković

• Race Conditions in Popular reports feature in HackerOne by Fábio Pires (shmoo)

Business Logic Flaw

• Facebook simple technical hack to see the timeline by Ashish Padelkar

• How I Could Steal Money from Instagram, Google and Microsoft by Arne Swinnen

• How I could have removed all your Facebook notes

• Facebook – bypass ads account’s roles vulnerability 2015 by POUYA DARABI

• Uber Ride for Free by anand praka

• Uber Eat for Free by

Authentication Bypass

• OneLogin authentication bypass on WordPress sites via XMLRPC in Uber by Jouko Pynnönen (jouko)

• 2FA PayPal Bypass by henryhoggard

• SAML Bug in Github worth 15000

• Authentication bypass on Airbnb via OAuth tokens theft

• Uber Login CSRF + Open Redirect -> Account Takeover at Uber

• [http://c0rni3sm.blogspot.hk/2017/08/accidentally-typo-to-bypass.html?m=1](Administrative Panel Access) by c0rni3sm

• Uber Bug Bounty: Gaining Access To An Internal Chat System by mishre

• User Account Takeover via Signup by Muhammad Khizer Javed

HTTP Header Injection

• Twitter Overflow Trilogy in Twitter by filedescriptor

• Twitter CRLF by filedescriptor

• Adblock Plus and (a little) more in Google

• $10k host header by Ezequiel Pereira

Email Related

• This domain is my domain – G Suite A record vulnerability

• I got emails – G Suite Vulnerability

• How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]

• Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]

• Slack Yammer Takeover by using TicketTrick by Inti De Ceukelaire

• How I could have mass uploaded from every Flickr account!

Money Stealing

• Round error issue -> produce money for free in Bitcoin Site by 4lemon

Others

• Payment Flaw in Yahoo

• Bypassing Google Email Domain Check to Deliver Spam Email on Google’s Behalf

• When Server Side Request Forgery combine with Cross Site Scripting

• SAML Pen Test Good Paper

• A list of FB writeup collected by phwd by phwd

• NoSQL Injection by websecurify

• CORS in action

• CORS in Fb messenger

• Web App Methodologies

• XXE Cheatsheet

• The road to hell is paved with SAML Assertions, Microsoft Vulnerability

• Study this if you like to learn Mongo SQL Injection by cirw

• Mongo DB Injection again by websecrify

• w3af speech about modern vulnerability by w3af

• Web cache attack that lead to account takeover

• A talk to teach you how to use SAML Raider

• XSS Checklist when you have no idea how to exploit the bug

• CTF write up, Great for Bug Bounty

• It turns out every site uses jquery mobile with Open Redirect is vulnerable to XSS by sirdarckcat

• Bypass CSP by using google-analytics

• Payment Issue with Paypal

• Browser Exploitation in Chinese

• XSS bypass filter

• Markup Impropose Sanitization

• Breaking XSS mitigations via Script Gadget

• X41 Browser Security White Paper

• Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat By Muhammad Khizer Javed

• Exploiting Insecure Firebase Database! By Muhammad Khizer Javed

• Using Inspect Element to Bypass Security restrictions By Muhammad Khizer Javed

Information Disclosure

• Hacking SMS API Service Provider of a Company |Android App Static Security Analysis By Muhammad Khizer Javed

• Vine User Private information disclosure

• The feature works as intended, but what’s in the source? By zseano

• How Our Co-Founder Earned $10.6K in just 10 Hours By Tensecure Systems

So these were some common issues that one should get a grip on and learn more and more about Following is a list of some Attacks Topics that You Should do some research and read the Blogs/reports on them.

• SQL Injection Attack

• Hibernate Query Language Injection

• Direct OS Code Injection

• XML Entity Injection

• Broken Authentication and Session Management

• Cross-Site Scripting (XSS)

• Insecure Direct Object References

• Missing Function Level Access Control

• Cross-Site Request Forgery (CSRF)

• Using Components with Known Vulnerabilities

• Unvalidated Redirects and Forwards

• ClickJacking Attacks

• DNS Cache Poisoning

• Symlinking

• Remote Code Execution Attacks

• Remote File inclusion

• Local file inclusion

• Denial oF Service Attack

• PHPwn

• NAT Pinning

• XSHM

• HTTP Parameter Pollution

• Tabnabbing

• LDAP injection

• Log Injection

• Path Traversal

• Reflected DOM Injection

• Repudiation Attack

• Resource Injection

• Server-Side Includes (SSI) Injection

• Session fixation

• Session hijacking attack

• Session Prediction

• Setting Manipulation

• Special Element Injection

• SMTP injection

• Traffic flood

• XPATH Injection You’ll find a lot more write-ups at https://pentester.land/list-of-bug-bounty-writeups.html

BLOGS! You should read.

Lets get towards Blogs! There are plenty of blogs Shared by Hackers on daily basis that you can read to learn more and more…

• https://blog.it-securityguard.com/

• https://blog.innerht.ml/

• http://brutelogic.com.br/blog/

• https://klikki.fi/

• http://philippeharewood.com/

• https://seanmelia.wordpress.com/

• https://respectxss.blogspot.com/

• https://www.gracefulsecurity.com/

• https://whitton.io/

• https://tisiphone.net/

• http://archive.nahamsec.com/

• https://www.hackerscreed.org/

• http://danlec.com/blog

• https://wehackpeople.tumblr.com/

• https://bitquark.co.uk/blog/

• https://www.arneswinnen.net/

• http://bugbountypoc.com/

• https://medium.com/@arbazhussain/

• http://www.shawarkhan.com/

• https://blog.detectify.com/

• http://www.rafayhackingarticles.net/…

• https://forum.bugcrowd.com/

• https://securitywall.co/

• https://www.hackerone.com/blog

• http://www.securitytube.net/

• https://hackasia.org/

• http://www.gangte.net/

• https://mukarramkhalid.com/

• https://securitytraning.com/

• https://jubaeralnaziwhitehat.wordpress.com/…

• http://hackaday.com/

• http://www.securityfocus.com/

• https://packetstormsecurity.com/

• http://www.blackhat.com/

• https://www.metasploit.com/

• http://sectools.org/

• https://labs.detectify.com/

• https://blog.rubidus.com/

• http://www.securityidiots.com/

• https://hackernoon.com/

• https://sqli-basic.blogspot.com/

• https://bugbaba.blogspot.in/

• https://vulnerability-lab.com/

• https://medium.com/@know.0nix/

• https://medium.com/@codingkarma/

These are some Of the Websites That I like to Visit regularly to b updated and Read Their Articles………. There are Plenty of Other Blogs, Websites That are Missing from This List so be sure to add them In comments.

YouTube Channels! You should follow.

Now Lets get Towards YouTube Channel Links… These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks … https://www.youtube.com/channel/UCP… https://www.youtube.com/channel/UCJ… https://www.youtube.com/channel/UCR… https://www.youtube.com/channel/UCY… https://www.youtube.com/channel/UCw… https://www.youtube.com/channel/UCa… https://www.youtube.com/channel/UCt… https://www.youtube.com/channel/UC5… https://www.youtube.com/channel/UCM… https://www.youtube.com/channel/UC_… https://www.youtube.com/channel/UCq… https://www.youtube.com/channel/UCV… https://www.youtube.com/channel/UCs… https://www.youtube.com/channel/UCa… https://www.youtube.com/channel/UCP… https://www.youtube.com/channel/UCX… https://www.youtube.com/channel/UC4… https://www.youtube.com/channel/UCs… https://www.youtube.com/channel/UCo… https://www.youtube.com/channel/UCy… https://www.youtube.com/channel/UCS… https://www.youtube.com/channel/UCO… https://www.youtube.com/channel/UCh… https://www.youtube.com/channel/UCo… https://www.youtube.com/channel/UC9… https://www.youtube.com/channel/UCe… https://www.youtube.com/channel/UC2… https://www.youtube.com/channel/UCP… https://www.youtube.com/channel/UCz…

https://www.youtube.com/channel/UCq9IyPMXiwD8yBFHkxmN8zg Any Channel Link Missing? Kindly add it in Comments

Another advice…… Regularly follow http://h1.nobbd.de/ to b updated with HackerOne Public Bug reports You can learn alot from them

Alternatively, You can Join Slack Community for Hackers https://bugbounty-world.slack.com/ https://bugbountyforum.com/

Tools! You should try out.

dnscan https://github.com/rbsec/dnscan Knockpy https://github.com/guelfoweb/knock Sublist3r https://github.com/aboul3la/Sublist3r massdns https://github.com/blechschmidt/massdns nmap https://nmap.org masscan https://github.com/robertdavidgraham/masscan EyeWitness https://github.com/ChrisTruncer/EyeWitness DirBuster https://sourceforge.net/projects/dirbuster/ dirsearch https://github.com/maurosoria/dirsearch Gitrob https://github.com/michenriksen/gitrob git-secrets https://github.com/awslabs/git-secrets sandcastle https://github.com/yasinS/sandcastle bucket_finder https://digi.ninja/projects/bucket_finder.php GoogD0rker https://github.com/ZephrFish/GoogD0rker/ Wayback Machine https://web.archive.org waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/ XRay https://github.com/evilsocket/xray wfuzz https://github.com/xmendez/wfuzz/ patator https://github.com/lanjelot/patator datasploit https://github.com/DataSploit/datasploit hydra https://github.com/vanhauser-thc/thc-hydra changeme https://github.com/ztgrace/changeme MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/ Apktool https://github.com/iBotPeaches/Apktool dex2jar https://sourceforge.net/projects/dex2jar/ sqlmap http://sqlmap.org/ oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ XXE Injector https://github.com/enjoiz/XXEinjector The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool

Playing with JSON Web Tokens for Fun and Profit ground-control https://github.com/jobertabma/ground-control ssrfDetector https://github.com/JacobReynolds/ssrfDetector LFISuit https://github.com/D35m0nd142/LFISuite GitTools https://github.com/internetwache/GitTools dvcs-ripper https://github.com/kost/dvcs-ripper tko-subs https://github.com/anshumanbh/tko-subs HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web ysoserial https://github.com/GoSecure/ysoserial PHPGGC https://github.com/ambionics/phpggc CORStest https://github.com/RUB-NDS/CORStest retire-js https://github.com/RetireJS/retire.js getsploit https://github.com/vulnersCom/getsploit Findsploit https://github.com/1N3/Findsploit bfac https://github.com/mazen160/bfac WPScan https://wpscan.org/ CMSMap https://github.com/Dionach/CMSmap Amass https://github.com/OWASP/Amass Any Import Tool Missing Add in comments…

This was as much as I can think about sharing with you guys related to Web app Security in tools and vulns i have added a few things about mobile apps but the following sections contain some references you should definitely go through if you gonna join the mobile app security gang as well.

Mobile Application Security.

So hello to Mobile App Security section now let me clear this first i’m a complete noob at this section so it won’t be as detailed as the web app one.

Now The best and the very first thing I would suggest is to actually learn about the development phase of an app mainly my focus is Android APPs ( doesn’t necessarily mean that you should go for learning to develop an android but at least get to know. For this, You can go through the following Android App development tools. (My suggestion is you should actually give basic time to these) Android SDK ~ The Android software development kit (SDK) includes a comprehensive set of development tools. These include a debugger, libraries, a handset emulator based on QEMU, documentation, sample code, and tutorials ADT Bundle ~ The Android Developer Tools(ADT) bundle is a single download that contains everything for developers to start creating Android Application Root Tools ~ RootTools provides rooted developers with a standardized set of tools for use in the development of rooted applications.

Now if you have gone through them let’s get towards Mobile app security vulnerabilities For this I’ll suggest you first go towards OWASP Mobile Top 10 Giving them a good overview will definitely worth it. I’ll also Highly suggest these two Books specifically for Android & IOS app testing The Mobile Application Hacker’s Handbook iOS Application Security: The Definitive Guide for Hackers and Developers

For Mobile Applications, I’ll share Two of the Best places I’m currently following to learn and I would highly recommend you guys to have a look at them and giving them a proper read will definitely help you

Application Security Wiki:

Application Security Wiki is an initiative to provide all Application security-related resources to Security Researchers and developers in one place. https://appsecwiki.com/#/

Learn IOS Security:

IOS Security Guide to learn and test by Prateek http://damnvulnerableiosapp.com/#learn

owasp-workshop-android-pentest:

Learning Penetration Testing of Android Applications

Mobile Application Penetration Testing Cheat Sheets

The Mobile App Pentest cheat sheet

Mobile penetration testing android command cheatsheet

Getting Started in Android Apps Pen-testing

Summing up Phase #02 of this blog I think by following these resources at and giving them good time one can get pretty good at Bug Hunting. Here are some Websites or Places where you can play CTF Challenges and practice the skills that you have learned.

• Hacker 101 https://ctf.hacker101.com/

• Hack the box https://www.hackthebox.eu/

• OvertheWire wargames http://overthewire.org/wargames/

• Pwnable.tw https://pwnable.tw/

• Vulnhub https://www.vulnhub.com/

• Troy Hunt “Hack Yourself First” https://hack-yourself-first.com/

• Hack.Me https://hack.me/

• Hacksplaining https://www.hacksplaining.com/lessons

• Penetration Testing Practice Labs https://www.amanhardikar.com/mindmaps/Practice.html

• Bug Bounty Hunter https://www.bugbountyhunter.com/

Other Resources:

I saw a few friends of mine shared some really interesting and important tools, & resources so I decided to add them here as well because I’m giving some good time to them nowadays.

Tools used for Penetration testing / Red Teaming.

List-pentest-tools: A curated list of network penetration testing tools.

Password lists for use in penetration testing situations, broken up by TLD.

Penetration tests cases, resources and guidelines.

Penetration Testing notes, resources and scripts

A collection of hacking / penetration testing resources to make you better!

RedTeam-Pentest-Cheatsheets

Collection of OSCP study material && tools.

Kali Linux Offensive Security Certified Professional Survival Exam Guide

Penetration Testing / OSCP Biggest Reference Bank / Cheatsheet

An archive of everything related to OSCP

GitBook: OSCP RoadMap

OSCP Cheatsheets, Pentesting / Red Teaming Tools and Techniques

How to prepare for OSCP complete guide

OSCP All Tools are Here …!! Courses at https://academy.tcm-sec.com/