-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathyesterday_task_link.txt
210 lines (123 loc) · 12.4 KB
/
yesterday_task_link.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
https://community.acer.com/en/entry/signin?Target=%2F
https://account.acer.com/sso/confirm?link=oln12v.redirect&nav=page4.9
https://account.acer.com/sso/confirm?link=evil.com
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZW1iZXJfaWQiOiIwIiwidGtfdHlwZSI6ImVtYWlsLXZlcmlmaWNhdGlvbiIsImV4cCI6MTYxMDAyODYxOCwiaWF0IjoxNjA5OTQyMjE4fQ.hjcSGKRFfOBumbE5Z1sZXo-6XnPg_RMlh3s-x8Y5Kos
https://www.planet9.gg/GB/en/account-activation?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZW1iZXJfaWQiOiI3NTkxNyIsInRrX3R5cGUiOiJlbWFpbC12ZXJpZmljYXRpb24iLCJleHAiOjE2MTAwMjg2MTgsImlhdCI6MTYwOTk0MjIxOH0.P9MT9fBV5GFBh2oJcyjqej4XXiBMoBaZzLfvlAVjjs4
https://www.planet9.gg/GB/en/account-activation?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZW1iZXJfaWQiOiI3NTkxNiIsInRrX3R5cGUiOiJlbWFpbC12ZXJpZmljYXRpb24iLCJleHAiOjE2MTAwMjg2MTgsImlhdCI6MTYwOTk0MjIxOH0.QjkQrGXr_J6fhUw3k_TAJBx0tqH5Q8VArdDF4hrNiqE
https://community.acer.com/en/profile/discussions/Hello
DDOS Application Level
https://serverfault.com/questions/178040/how-to-find-out-where-email-is-being-hosted-for-a-website
https://www.tonyherman.com/how-to-figure-out-where-email-is-hosted/
http://mxlookup.online-domain-tools.com/
https://www.misk.com/kb/find-email-provider
Shopify invite
https://help.shopify.com/en/manual/online-store/os/domains/managing-domains/email-forwarding
https://help.shopify.com/en/manual/online-store/os/domains/managing-domains/email-forwarding
https://help.shopify.com/en/search?brand=help&f=manual&id=b6d5df36-2e07-4eee-a332-df884f218ab8#/?q=invite
https://help.shopify.com/en/manual/customers/customer-accounts
https://help.shopify.com/en/manual/customers/customer-accounts#individual-invites
https://help.shopify.com/en/manual/customers/customer-accounts#send-customer-account-invites-in-bulk
https://help.shopify.com/en/manual/customers/bulk-account-inviter
Todays Task N URL
https://mediatemple.net/community/products/dv/204643950/understanding-an-email-header
https://www.serversmtp.com/what-is-my-smtp/
https://www.google.com/search?q=email+server+identifier&sa=X&ved=2ahUKEwj1vcvoh47uAhV0zDgGHfGPAR8Q1QIoBnoECA4QBw
https://www.google.com/search?q=how+to+find+email+service+provider&ei=XTf5X7WbMPSY4-EP8Z-G-AE&start=10&sa=N&ved=2ahUKEwj1vcvoh47uAhV0zDgGHfGPAR8Q8NMDegQIDxBI&biw=1536&bih=760
https://medium.com/bugbountywriteup/an-unexpected-bounty-email-bounce-issues-b9f24a35eb68
https://kathan19.gitbook.io/howtohunt/application-level-dos/email_bounce_issues
https://blog.theinfosecguy.me/post/email-bounce-issues/
https://view.highspot.com/viewer/5ff259818117172b8573c960
https://www.google.com/search?q=blind+command+injection&oq=blind+command+injection&aqs=chrome..69i57j0l3j0i22i30l4.8817j1j7&sourceid=chrome&ie=UTF-8
https://rajeshranjan457.medium.com/how-i-was-able-to-regain-access-to-account-deleted-by-admin-leading-to-a2c29025f8cd
https://blog.theinfosecguy.me/post/email-bounce-issues/
https://cobalt.io/vulnerability-wiki/v12-files-resources
https://hackerone.com/o1-labs?type=team
https://github.com/MinaProtocol/mina/commit/cafc7c208ea2b8a1b716eb966ed17abdf2ea65c0
https://bhattsameer.github.io/2021/01/01/client-side-encryption-bypass-part-1.html
Videos Watch 1 per day
https://www.youtube.com/watch?v=La3iWKRX-tE
https://www.youtube.com/watch?v=s9w0KutMorE
https://www.youtube.com/watch?v=ePiAM4Vd3fg
https://filesupload.org/8adbadda5cdec325
https://www.youtube.com/watch?v=uKWu6yhnhbQ&t=5931s
https://www.youtube.com/watch?v=l0YsEk_59fQ
https://www.youtube.com/watch?v=UT7-ZVawdzA
https://www.youtube.com/watch?v=KEl_rSSqTtk
https://www.youtube.com/watch?v=BEaMhs9LmoY
https://www.youtube.com/watch?v=MIujSpuDtFY
https://www.youtube.com/watch?v=ijalD2NkRFg&ab_channel=Bugcrowd
https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit#slide=id.g71f4f9d057_1_102
https://www.youtube.com/watch?v=mLi3qxhLIA0&list=PLYn5_MxRvV-fxPL90I-uebXQzQBXfIaY0&index=10&ab_channel=null-TheOpenSecurityCommunity
https://www.linkedin.com/posts/activity-6758045136262959104-UbGb/
chrome
https://nmap.org/book/nse.html
https://twitter.com/harshbothra_/status/1354822724116389892
http://blog.assetnote.io/
https://portswigger.net/research/portable-data-exfiltration
https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
https://www.youtube.com/watch?v=mLi3qxhLIA0&list=PLYn5_MxRvV-fxPL90I-uebXQzQBXfIaY0&index=10&ab_channel=null-TheOpenSecurityCommunity
https://www.thesouledstore.com/product/black-panther-panther-symbol-boxer-shorts?gte=1
https://www.youtube.com/watch?v=1Kg0_53ZEq8
Closed Pages
https://stripe.com/docs/testing
https://www.google.com/search?q=Cybrotech&oq=cybr&aqs=chrome.0.69i59j0i433j69i57j0j69i60l4.2030j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=owasp+top+10&source=lmns&bih=760&biw=1536&hl=en-GB&sa=X&ved=2ahUKEwihnLH1zc_uAhWCeCsKHWvNAQIQ_AUoAHoECAEQAA
https://www.google.com/search?ei=wpMbYK7OLcam9QOcnKP4Bg&q=we+secure+app&oq=we+secure+app&gs_lcp=CgZwc3ktYWIQAzICCAAyAggAMgoILhDHARCvARBDMgYIABAWEB4yBggAEBYQHjoFCAAQsQM6BAguEEM6BQguELEDOggILhDHARCjAjoICAAQsQMQgwE6CggAELEDEIMBEEM6BAgAEEM6BwgAELEDEEM6BggAEAoQQzoICC4QsQMQkwI6AgguOggIABAWEAoQHlDgmRBY3LYQYLq4EGgCcAJ4AIABoAaIAeodkgEJMC41LjkuNi0xmAEAoAEBqgEHZ3dzLXdperABAMABAQ&sclient=psy-ab&ved=0ahUKEwiut5nbzM_uAhVGU30KHRzOCG8Q4dUDCA0&uact=5
https://www.youtube.com/watch?v=6-M_7O3A8AI
https://www.youtube.com/watch?v=aIFRDUX8Vrg
https://blog.intigriti.com/2021/02/03/bug-bytes-108-browser-to-automate-xss-finding-bug-bounty-collaborators-ending-the-samesite-confusion/?utm_source=newsletter&utm_medium=email&utm_campaign=bug_bytes_108_browser_to_automate_xss_finding_bug_bounty_collaborators_ending_the_samesite_confusion&utm_term=2021-02-03
https://github.com/S3cur3Th1sSh1t/Pentest-Tools
https://www.tessian.com/blog/download-how-to-hack-a-human-report/?utm_medium=social&utm_source=linkedin
https://github.com/harsh-bothra/learn365/blob/main/days/day34.md
we secure app Interview Questions {
https://www.google.com/search?ei=PhkdYMyaHKbaz7sPiNmhSA&q=ssrf&oq=ssrf&gs_lcp=CgZwc3ktYWIQAzIHCAAQsQMQQzIECAAQQzICCAAyBAgAEEMyAggAMgQIABBDMgIIADICCAAyAggAMgIIADoICAAQsQMQgwE6BQgAELEDOgUILhCxA1C8mghYpKAIYMilCGgBcAJ4AIABkAuIAbQRkgEJMC4zLjEuNy0xmAEAoAEBqgEHZ3dzLXdperABAMABAQ&sclient=psy-ab&ved=0ahUKEwjMscWTwNLuAhUm7XMBHYhsCAkQ4dUDCA0&uact=5
https://www.google.com/search?biw=1536&bih=760&ei=ERsdYPD9HKKL4-EPsuyxgAc&q=user+enumeration+mitigation&oq=user+enumeration+mi&gs_lcp=CgZwc3ktYWIQAxgAMgIIADICCAAyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjoHCAAQsAMQQzoHCAAQRxCwAzoECAAQQ1CkugVY3cIFYMWAB2gBcAJ4AIABjQSIAcsIkgEHMC4zLjUtMZgBAKABAaoBB2d3cy13aXrIAQrAAQE&sclient=psy-ab
https://www.google.com/search?q=cors&oq=cors&aqs=chrome.0.69i59j0i433l2j0i131i433j46i433j0i433j0i10j0i433.2140j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?ei=CxwdYJ-CFoaW4-EP9LqriA0&q=detect+sql+injection&oq=detect+sqi&gs_lcp=CgZwc3ktYWIQAxgAMgQIABANMgQIABANMgQIABANMgQIABANMgQIABANMgQIABANMgQIABANMgQIABANMgQIABANMgYIABANEB46BwgAELADEEM6DQguEMcBEKMCELADEEM6BwguELADEEM6BggAEAcQHjoCCAA6CAgAEAcQChAeOgQIABAKOgcIABCxAxAKOgcIABCxAxANOgcILhCxAxANUKXFA1iu2wNgq-wDaAJwAngAgAHpBIgB2A-SAQkwLjUuMi41LTGYAQCgAQGqAQdnd3Mtd2l6yAEKwAEB&sclient=psy-ab
https://www.google.com/search?q=blind+sql+injection&oq=blind+sql&aqs=chrome.0.0j69i59j69i57j0l4j69i61.4513j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=blind+sql+injection&oq=blind+sql&aqs=chrome.0.0j69i59j69i57j0l4j69i61.4513j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=blind+sql+injection&oq=blind+sql&aqs=chrome.0.0j69i59j69i57j0l4j69i61.4513j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?ei=Ph0dYKfhL5GH4-EP1KqsqAo&q=dtd+in+xxe&oq=dtd+in+xxe&gs_lcp=CgZwc3ktYWIQAzoFCAAQkQI6BAgAEEM6CAgAELEDEIMBOgIIADoICC4QxwEQowI6BQgAELEDOgQIABAKOggIABAWEAoQHlDvL1jmmwFgqLcBaANwAngAgAHjBIgBsheSAQkwLjYuNi41LTGYAQCgAQGqAQdnd3Mtd2l6sAEAwAEB&sclient=psy-ab&ved=0ahUKEwin-Pz7w9LuAhWRwzgGHVQVC6UQ4dUDCA0&uact=5
https://www.google.com/search?q=html+charset&oq=html+charset&aqs=chrome..69i57j0l6j69i60.10596j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?ei=xx4dYMXBG5HA3LUPyfm98Aw&q=csp+content+security+policy&oq=csp+conte&gs_lcp=CgZwc3ktYWIQAxgAMgIIADICCAAyAggAMgIIADICCAAyAggAMgIIADICCAAyAggAMgIIADoECAAQRzoECAAQQzoHCAAQsQMQQzoKCAAQsQMQgwEQQzoKCC4QxwEQrwEQQzoFCAAQyQM6BQgAEJECOggILhDHARCvAVDlD1ibKWDYPGgAcAN4AIAB3wiIAYcTkgELMC40LjEuMS43LTGYAQCgAQGqAQdnd3Mtd2l6yAEIwAEB&sclient=psy-ab
https://www.google.com/search?q=oath+framework&oq=oath+framework&aqs=chrome..69i57j0i13l3j0i13i30l4.6385j1j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=http+request+smuggling&oq=http+request+s&aqs=chrome.1.69i57j0l4j69i60l3.6136j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=ssti&oq=ssti&aqs=chrome..69i57j0j0i433j0j46i10i175i199j0l2j69i65.2331j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=race+condition&oq=race+c&aqs=chrome.1.69i57j0i433l2j0i131i433j0i433j0l2j0i433.2993j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=http+only+and+secure+flag&oq=http+only&aqs=chrome.1.69i57j0l2j0i10j0j69i65l3.4631j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=same+flag+in+reponse&oq=same+flag+in+reponse&aqs=chrome..69i57j33i10i160.29004j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=http+parameter+pollution&oq=http+parameter&aqs=chrome.0.0j69i57j0l4j69i65l2.5764j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=crlf+injection&oq=crlf&aqs=chrome.1.69i57j0l7.3497j1j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=tab+nabbing&oq=tab+nabbing&aqs=chrome..69i57j0i10l3j0j0i10j0i10i22i30l2.3850j0j7&sourceid=chrome&ie=UTF-8
https://securityreport.com/cloudflare-waf-xss-bypass-exploits-revealed/
}
3kclcon - tool ss pic
11/02/2021
https://blog.intigriti.com/2021/02/10/bug-bytes-109-hacking-big-tech-companies-with-dependency-confusion-using-crypto-to-forge-jwts-xss-that-works-in-2021/?utm_source=newsletter&utm_medium=email&utm_campaign=bug_bytes_109_hacking_big_tech_companies_with_dependency_confusion_using_crypto_to_forge_jwts_xss_that_works_in_2021&utm_term=2021-02-10
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://github.com/oxfemale/PENTESTING-BIBLE
https://github.com/davidtavarez/pwndb => pwndb.py is a python command-line tool for searching leaked credentials using the Onion service with the same name
https://github.com/evilsocket/ditto => Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack
https://hackerone.com/reports/314814 => token leak
cross-site script inclusion.
https://www.google.com/search?q=cross-site+script+inclusion&oq=cross-site+script+inclusion&aqs=chrome..69i57&sourceid=chrome&ie=UTF-8
https://www.youtube.com/watch?v=GeNJvOvzVSk&feature=youtu.be => nahamsec live recon
STOK REcommendations
https://rez0.blog/
https://www.google.com/search?q=NTHIM&oq=NTHIM&aqs=chrome..69i57j0l7.1423j0j7&sourceid=chrome&ie=UTF-8
https://www.google.com/search?ei=g-0kYNmDHaOMmgfC_4LQDw&q=rogueSMG&oq=rogueSMG&gs_lcp=CgZwc3ktYWIQAzIECAAQCjIECAAQCjIECAAQCjIECAAQCjIECAAQCjIECAAQCjIECAAQCjIECAAQCjIECAAQCjIECAAQCjoJCAAQsAMQCBAeOggIABCxAxCRAjoICC4QsQMQkQI6AggAOgUILhCxAzoCCC46CwguELEDEMcBEK8BOg0IABCxAxCDARBGEPkBOgcIABCxAxAKOgQILhAKOgoIABCxAxCDARAKUMClAVimtgFgz7gBaAFwAHgAgAGxA4gBoQ6SAQkwLjUuMi4wLjGYAQCgAQGqAQdnd3Mtd2l6yAEDwAEB&sclient=psy-ab&ved=0ahUKEwiZ0a3Jt-HuAhUjhuYKHcK_APoQ4dUDCA0&uact=5
15/02/2021
https://docs.google.com/presentation/d/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og/edit#slide=id.gae7bf0b4f7_0_1295
https://mathiasbynens.be/notes/javascript-unicode
https://dhiyaneshgeek.github.io/bug/bounty/2020/02/06/recon-with-me/
https://www.google.com/search?q=how+to+use+nuclei&oq=how+to+use+nuclei&aqs=chrome..69i57.8010j0j7&sourceid=chrome&ie=UTF-8
https://www.notion.so/Getting-Started-1219450bfe2a42598a65400eb939306a
https://github.com/Cyb3r-N3rd/BashRec
https://github.com/tomnomnom/waybackurls
https://github.com/michenriksen/aquatone
https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066
https://medium.com/bugbountywriteup/getting-started-with-xss-cross-site-scripting-attacks-822c82b7cd82
https://www.aon.com/cyber-solutions/aon_cyber_labs/finding-more-idors-tips-and-tricks/
https://sidxparab.medium.com/best-bugbounty-recon-toolebe635d3b363-ebe635d3b363
https://github.com/six2dez/reconftw#installation-instructions
https://github.com/six2dez/reconftw/wiki