Mirrors/Resources-for-Beginner-Bug-Bounty-Hunters
2
0
Fork 0
mirror of https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters.git synced 2024-11-21 19:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

see changelog

Browse source
This commit is contained in:
AshF0x 2020-01-16 08:23:51 +01:00
parent de6033655d
commit 63380a4478
2 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
assets/blogposts.md
View file

@ -20,6 +20,7 @@ A collection of Blog Posts ordered by Vulnerability Types
- [IDOR](#IDOR)
- [GraphQL](#GraphQL)
- [RCE](#RCE)
- [Recon](#Recon)
- [Misc](#Misc)
---
## XSS
@ -103,8 +104,11 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
## RCE
- [My First RCE (Stressed Employee gets me 2x bounty)](https://medium.com/@abhishake100/my-first-rce-stressed-employee-gets-me-2x-bounty-c4879c277e37) - [Abhishek Yadav](https://medium.com/@abhishake100)
## Misc
## Recon
- [Subdomain Recon Using Certificate Search Technique](https://www.r00tpgp.com/2020/01/subdomain-recon-using-certificate.html?m=0)
- [Notes about Nahamsecs Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) - [maverickNerd](https://github.com/maverickNerd)
## Misc
- [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/)
- [Abusing autoresponders and email bounces](https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2) - securinti
- [Abusing HTTP hop-by-hop request headers](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) - [@nj_dav](https://twitter.com/nj_dav)

11
assets/changelog.md
View file

@ -11,8 +11,17 @@ Updates to this repo will be pushed monthly. You can read about the latest chang
- New [IDOR Blogspost](/assets/blogposts.md#IDOR): **Automating BURP to find IDORs**
- New [Misc Blogpost](/assets/blogposts.md#Misc): **How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN**
- New Blogspost Category: [RCE](/assets/blogposts.md#RCE)
- New RCE Blogpost :**My First RCE (Stressed Employee gets me 2x bounty)**
- New RCE Blogpost: **My First RCE (Stressed Employee gets me 2x bounty)**
- New Blogpost Cetegory: [Recon](/assets/blogposts.md#Recon)
- New Recon Blogpost/Guide: **Subdomain Recon Using Certificate Search Technique**
- New Vulnerabilities Post: **The 7 main XSS cases everyone should know**
- Added Jason Haddix to [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee))
## Changed
- Moved **Notes about Nahamsecs Recon Sessions** from [Misc](/assets/blogposts.md#Misc) to [Recon](/assets/blogposts.md#Recon)
### Fixed
- Typos in [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee))
## Update 2020.01
### Added