changes

2025-02-16 12:28:29 +00:00 · 2020-03-22 17:09:49 +01:00 · 2020-03-22 17:09:49 +01:00 · 69be0a0b49
commit 69be0a0b49
parent 612e1b8e6e
8 changed files with 97 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -20,5 +20,6 @@ We understand that there are more resources other than the ones we have listed a
 - [Vulnerability Types](/assets/vulns.md)
 - [Mobile Hacking](/assets/mobile.md)
 - [Smart Contracts](/assets/smartcon.md)
+- [Hardware & IoT](/assets/hardware.md)
 - [Blog posts & Talks](/assets/blogposts.md)
 - [Media Resources](/assets/media.md)
--- a/assets/blogposts.md
+++ b/assets/blogposts.md
@ -22,6 +22,7 @@ A collection of Blog Posts ordered by Vulnerability Types
 - [RCE](#RCE)
 - [Recon](#Recon)
 - [Smart Contracts](#Smart-Contracts)
+- [API](#API)
 - [Misc](#Misc)
 ---
 ## XSS
@ -32,11 +33,15 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program](https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/) - [Sam Curry](https://twitter.com/samwcyo)
 - [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
 - [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - [@Qab](https://twitter.com/qab)
+- [Reflected XSS in https://blocked.myndr.net](https://hackerone.com/reports/824433) - Thilakesh
+
+
 ### DOM XSS
 - [Persistent DOM-based XSS in https://help.twitter.com via localStorage](https://hackerone.com/reports/297968) - harisec
 - [DOM based XSS in search functionality](https://hackerone.com/reports/168165) - sameoldstory
 - [A Tale Of A DOM Based XSS In Paypal](https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html) - Rafay Baloch
 - [H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing](https://hackerone.com/reports/422043) - filedescriptor
+- [DOM XSS on app.starbucks.com via ReturnUrl](https://hackerone.com/reports/526265) - Gamer7112
 ### Stored XSS
 - [Another XSS in Google Colaboratory](https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html) - Michał Bentkowski
 - [Google adwords 3133.7$ Stored XSS](https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27) - Emad Shanab
@ -67,6 +72,7 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database](https://hackerone.com/reports/531051) - spaceraccoon
 - [Finding SQL injections fast with white-box analysis — a recent bug example](https://medium.com/@frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76?) - [@frycos](https://twitter.com/frycos)
 - [How we hacked one of the worlds largest Cryptocurrency Website](https://strynx.org/insecure-crypto-code-execution/) - [strynx](https://strynx.org/)
+- [Blind SQL Injection on windows10.hi-tech.mail.ru](https://hackerone.com/reports/786044) - Просто душка (api_0)

 ## Mobile
 ### iOS
@ -77,11 +83,14 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 ## HTTP Desync
 - [HTTP Desync Attacks: Request Smuggling Reborn](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) in combination with this [report](https://hackerone.com/reports/510152) - [James Kettle](https://twitter.com/albinowax)
 - [HTTP Request Smuggling on vpn.lob.com](https://hackerone.com/reports/694604) - 0X0 (painreigns)
+- [Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies](https://hackerone.com/reports/737140) - Evan Custodio

 ## File Upload
 - [Webshell via File Upload on ecjobs.starbucks.com.cn](https://hackerone.com/reports/506646) - johnstone
 - [Facebook Messenger server random memory exposure through corrupted GIF image ](https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html) - [@xdzmitry](https://twitter.com/xdzmitry)
 - [A Tale of Exploitation in Spreadsheet File Conversions](https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/) - [@bbuerhaus](https://twitter.com/bbuerhaus)//[@daeken](https://twitter.com/daeken)//[@erbbysam](https://twitter.com/erbbysam)//[@smiegles](https://twitter.com/smiegles)
+- [External XML Entity via File Upload (SVG)](https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/) - by 0xatul
+

 ## Automation
 - [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a) - Mohd Shibli
@ -101,6 +110,7 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 ## GraphQL
 - [Private System Note Disclosure using GraphQL](https://hackerone.com/reports/633001) - Ron Chan
 - [Graphql Abuse to Steal Anyone’s Address](https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417) - pratik yadav
+ - [Email address of any user can be queried on Report Invitation GraphQL type when username is known](https://hackerone.com/reports/792927) - msdian7

 ## RCE
 - [My First RCE (Stressed Employee gets me 2x bounty)](https://medium.com/@abhishake100/my-first-rce-stressed-employee-gets-me-2x-bounty-c4879c277e37) - [Abhishek Yadav](https://medium.com/@abhishake100)
@ -114,6 +124,9 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Steal collateral during `end` process, by earning DSR interest after `flow](https://hackerone.com/reports/672664)(Listed as Business Logic Error)
 - [Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`](https://hackerone.com/reports/684152)(Listed as Improper Input Validation)

+## API
+- [31 Days of API Security Tips](https://github.com/smodnix/31-days-of-API-Security-Tips) - [smodnix](https://github.com/smodnix)
+
 ## Misc
 - [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/)
 - [Abusing autoresponders and email bounces](https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2) - securinti
@ -122,5 +135,6 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Abusing ImageMagick to obtain RCE](https://strynx.org/imagemagick-rce/) - [strynx](https://strynx.org/)
 - [How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN](https://blog.detectify.com/2019/09/19/alyssa-herrera-pulse-corporate-networks-ssl-vpn/) - [Alyssa Herrera](https://twitter.com/Alyssa_Herrera_)

+
 ---
 back to [Intro Page](/README.md)
--- a/assets/changelog.md
+++ b/assets/changelog.md
@ -5,7 +5,48 @@
 Updates to this repo will be pushed monthly. You can read about the latest changes below.

 ---
+## Update 2020.04
+### Added
+- New: [Hardware & IoT](/assets/hardware.md)
+    - Added Exploitee.rs Wiki
+- New [Podcasts](/assets/media.md#Podcasts):
+    - Darknet Diaries Episode 60 with dawgyg
+    - The Bug Bounty Podscast Episode 3 with nahamsec
+- New in [Tools](/assets/tools.md):
+    - objection - A new Mobile tool
+    - CyberChef
+    - New Category: [Notes & Organization](/assets/tools.md#Notes-&-Organization)
+        - Reconness to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
+        - Updog to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
+    - New Category: [Burp Extensions](/assets/tools.md#Burp-Extensions)
+        - Logger++ to [Burp Extensions](/assets/tools.md#Burp-Extensions)
+        - AuthMatrix to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
+        - Autorize to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
+        - Auto Repeater to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
+        - Progress Tracker to [Burp Extensions](/assets/tools.md#Burp-Extensions)
+        - Flow to [Burp Extensions](/assets/tools.md#Burp-Extensions)
+- New in [Labs](/assets/labs.md):
+    - TryHackMe & Videos
+- New [Streamers](/assets/media.md#Streamers):
+    - [sup3rhero1](https://www.twitch.tv/sup3rhero1)
+    - [STÖK](https://www.twitch.tv/stokfredrik)
+- New in [BlogPosts](/assets/blogposts.md):
+    - New Category: [API](/assets/blogposts.md#API)
+    - Added "31 Days of API Security Tips" - Misc
+    - Added "Blind SQL Injection on windows10.hi-tech.mail.ru" - SQLInjection
+    - Added "DOM XSS on app.starbucks.com via ReturnUrl" - DOMXSS
+    - Added "Email address of any user can be queried on Report Invitation GraphQL type when username is known" - GraphQL
+    - Added "External XML Entity via File Upload (SVG)" - File Upload
+    - Added "Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies" - HTTP Desync
+- New in [Mobile](/assets/mobile.md):
+    - [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources)
+### Changed
+### Fixed
+    - Frida?

+
+
+---
 ## Update 2020.03
 ### Added
 - New: [Smart Contracts](/assets/smartcon.md) (special thanks to [@0xatul](https://twitter.com/0xatul))
--- a/assets/hardware.md
+++ b/assets/hardware.md
@ -0,0 +1,8 @@
+# Resources-for-Beginner-Bug-Bounty-Hunters
+
+## Hardware & IoT ⚙️ <-- CHANGE ME!
+
+### Resources
+- [Exploitee.rs Wiki](https://www.exploitee.rs/index.php/Main_Page) - IoT Wiki Page with a bunch of Info when getting into Hardware 
+---
+back to [Intro Page](/README.md)
--- a/assets/labs.md
+++ b/assets/labs.md
@ -13,6 +13,8 @@
 - [Web Security Academy by PortSwigger](https://portswigger.net/web-security)
 - [XSS Labs from PwnFunction](https://xss.pwnfunction.com/) Great Labs in a beautiful layout
 - [0l4bs - Cross-site scripting labs for web application security enthusiasts](https://github.com/tegal1337/0l4bs) - by tegal1337
+- [TryHackMe](https://tryhackme.com) | Cool Hacking & Pentesting Labs with Web Challenges
+    - Videos: [TryHackMe! Basic Penetration Testing](https://www.youtube.com/watch?v=xl2Xx5YOKcI) // [TryHackMe! EternalBlue/MS17-010 in Metasploit](https://www.youtube.com/watch?v=s6rwS7UuMt8) // [TryHackMe! OhSINT - METADATA & Research](https://www.youtube.com/watch?v=oF0TQQmFu4w)

 ---
 back to [Intro Page](/README.md)
--- a/assets/media.md
+++ b/assets/media.md
@ -27,11 +27,15 @@ Here you find listings to useful media creations that can help beginners in diff
 - [The Cyber Mentor](https://twitch.tv/thecybermentor) on Twitch
 - [The Blind Hacker](https://twitch.tv/theblindhacker) on Twitch
 - [Jason Haddix](https://www.twitch.tv/js0n_x/) on Twitch
+- [sup3rhero1](https://www.twitch.tv/sup3rhero1) on Twitch
+- [STÖK](https://www.twitch.tv/stokfredrik) on Twitch


 ## Podcasts
 - [Darknet Diaries](https://darknetdiaries.com/) by [Jack Rhysider](https://twitter.com/jackrhysider)
+    - [Episode 60 with dawgyg](https://darknetdiaries.com/episode/60/)
 - [The Bug Bounty Podcast](https://open.spotify.com/show/3yTTlfXH1avrI3FsXZyCpv) by Fisher
+    - [Episode 3 with nahamsec](https://anchor.fm/bugbountypodcast/episodes/Episode-3-ft--NahamSec-ebl392)
 - [Bug Hunter Podcast](https://anchor.fm/bughunter)

 ## Books
--- a/assets/mobile.md
+++ b/assets/mobile.md
@ -16,6 +16,7 @@ Tools specific for mobile hacking can be found [here](/assets/tools.md#mobile-ha

 ## Misc
 - [Q&A With Android Hacker bagipro](https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro)
+- [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources) - [Kyle Benac](https://github.com/B3nac)

 ---
 back to [Intro Page](/README.md)
--- a/assets/tools.md
+++ b/assets/tools.md
@ -6,11 +6,13 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.

 ## Table of Contents
 1. [Proxy & Network Sniffer](#Proxy-&-Network-Sniffer)
-2. [Recon, OSINT & Discovery](#Recon,-OSINT-&-Discovery)
-3. [Exploitation](#Exploitation)
-4. [Scanners](#Scanners)
-5. [Mobile Hacking](#Mobile-Hacking)
-6. [Others](#Others)
+2. [Burp Extensions](#Burp-Extensions)
+3. [Recon, OSINT & Discovery](#Recon,-OSINT-&-Discovery)
+4. [Exploitation](#Exploitation)
+5. [Scanners](#Scanners)
+6. [Mobile Hacking](#Mobile-Hacking)
+7. [Notes & Organization](#Notes-&-Organization)
+8. [Others](#Others)

 ### Proxy & Network Sniffer
 | Name 	| Description 	| Written in   | Created by   |
@ -19,6 +21,16 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
 |[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP|
 |[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.|C, C++|The Wireshark team|

+### Burp Extension
+| Name 	| Description 	| Written in   |
+|------	|-------------	|------------  |
+|[Logger++](https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81)|"This extension can be used to log the requests and responses made by all Burp tools, and display them in a sortable table. It can also save the logged data in CSV format."|Java|
+|[Flow](https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d)|"This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools."|Java|
+|[AuthMatrix](https://portswigger.net/bappstore/30d8ee9f40c041b0bfec67441aad158e)|"AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are displayed through the UI in a similar format to that of an access control matrix commonly built in various threat modeling methodologies."|Python (Needs Jython version 2.7.0 or later)|
+|[Autorize](https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f)|"Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities..."|Python (Needs Jython)|
+|[Auto Repeater](https://portswigger.net/bappstore/f89f2837c22c4ab4b772f31522647ed8)|"This extension automatically repeats requests, with replacement rules and response diffing. It provides a general-purpose solution for streamlining authorization testing within web applications."|Java|
+|[Progress Tracker](https://portswigger.net/bappstore/17544cadcec64dcf8ed68df8518592e4)|"Burp Suite extension to track vulnerability assessment progress"|Python|
+
 ### Recon, OSINT & Discovery
 | Name 	| Description 	    | Written in    | Created by   |
 |------	|-------------    	| ------------  |------------- |
@ -76,12 +88,21 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
 |[dex2jar](https://github.com/pxb1988/dex2jar)|Useful to convert dex files into jar to decompile the application.|Java, Smali|Bob Pan|
 |[andriller](https://github.com/den4uk/andriller)|Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. [andriller.com](https://www.andriller.com/)|Python|[Denis Sazonov](https://github.com/den4uk)|
 |[Mobile Security Framework (MobSF)](https://github.com/MobSF/Mobile-Security-Framework-MobSF/)|Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.|Python|MobSF Team|
+|[objection](https://github.com/sensepost/objection)|"objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak."|Python & TypeScript|[sensepost](https://github.com/sensepost)|
+
+### Notes & Organization
+| Name 	| Description 	    | Written in    | Created by   |
+|------	|-------------    	| ------------  |------------- |
+|[Reconness](https://github.com/reconness/reconness)|"ReconNess helps you to run and keep all your #recon in the same place allowing you to focus only on the potentially vulnerable targets without distraction and without required a lot of bash skill or programing skill in general."|C#|[Reconness](https://github.com/reconness)|
+|[Updog](https://github.com/sc0tfree/updog)|"Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use HTTP basic auth."|Python|[sc0tfree](https://github.com/sc0tfree)|
+

 ### Others
 | Name 	| Description 	    | Written in    | Created by   |
 |------	|-------------    	| ------------  |------------- |
 |[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.||Daniel Miessler|
 |[Recon Pi](https://github.com/x1mdev/ReconPi)|A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.||[@x1m_martijn](https://twitter.com/x1m_martijn)|
+|[CyberChef](https://gchq.github.io/CyberChef/)|Awesome Tool for de-/encoding stuff. Try it out!|JavaScript|[gchq](https://github.com/gchq)|

 ---
 back to [Intro Page](/README.md)