guxiaoguo
commented
5 years ago Up your bug bounty game with Catch Me If you Can by @infosec_au and @mgianarakis https://www.youtube.com/watch?v=C85ZOJgufuw 大佬的杰作来了 https://www.youtube.com/watch?v=gftIqECzOs4 Page Admin(Event Creator) Disclosure https://github.com/foryujian/ipintervalmerge https://github.com/Voorivex/pentest-guide https://youtu.be/BuQJuD2W6wg 手把手教你配置夜神模拟器测试Facebook安卓
挖洞技巧-业务监控之捡漏洞 https://mp.weixin.qq.com/s/47maiIRaI9ncSiEV0AW9aA 自学成才的黑客(安全研究员)是从哪学到那些知识的https://www.zhihu.com/question/23073812/answer/23563575?utm_source=wechat_session&utm_medium=social&utm_oi=1070684404627775488&from=groupmessage&isappinstalled=0 Bug Bounty:从SSRF到RCEhttps://xz.aliyun.com/t/4398?from=groupmessage&isappinstalled=0 https://xz.aliyun.com/t/4398?from=groupmessage&isappinstalled=0 Bug Bounty: 漏洞组合导致SSRF 5000$:https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652988997&idx=2&sn=c871cc45e242a243766933945c3e75e9&chksm=8c9ee912bbe960048a0dcb7fbf0abf692d8b075f62fea3d90d096b612898b0d4c113b91ce639&mpshare=1&scene=23&srcid=0318636ZaTVyOYVNx60wHT9C#rd 围观orange大佬在Amazon内部协作系统上实现RCE:https://www.anquanke.com/post/id/156078?from=groupmessage&isappinstalled=0 【BlackHat 2017 议题剖析】连接的力量:GitHub 企业版漏洞攻击链构造之旅:https://paper.seebug.org/363/?from=groupmessage&isappinstalled=0
https://hackerone.com/reports/446585?from=groupmessage&isappinstalled=0
绕过Facebook的CSRF防御——25000美金: https://nosec.org/home/detail/2258.html 一个有趣的xss绕过过程 https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652988373&idx=1&sn=981a8aba434c622115b55d51766c17f5&chksm=8c9eec82bbe9659427365a7431c91cd6fc09d4d3ddb88bd685ca31dc38c07089ab460bf46e98&mpshare=1&scene=23&srcid=0318AfMWc1695XROLl6aNWXf#rd Facebook CSRF protection bypass which leads to Account Takeover. https://ysamm.com/?p=185&from=groupmessage&isappinstalled=0 Scrutiny on the bug bounty https://xz.aliyun.com/t/3935?from=groupmessage&isappinstalled=0 基于python的自动化代码审计 https://mp.weixin.qq.com/s?__biz=MzUxOTYzMzU0NQ==&mid=2247483887&idx=1&sn=99ab12309de75381e37c058d53def1b6&chksm=f9f7ee09ce80671fc5887a9c25350fc610559cc1e095f9b689473873889581e4c5fbb0dec2cd&mpshare=1&scene=23&srcid=02139xseHgyvD1sO6yQUZXIQ#rd 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~ https://github.com/Ridter/Intranet_Penetration_Tips?from=groupmessage&isappinstalled=0 红尘xss https://mp.weixin.qq.com/s?__biz=MzI1MzY5MTY3MA==&mid=2247483743&idx=1&sn=b1ad64693e9b1440ecafbcbf1dd7501a&chksm=e9d1d326dea65a307eedebffb60bfd162ef2122fe2f5aa59dd07376d7d7f241eb86d29390ad5&mpshare=1&scene=23&srcid=0209QlZWU8oKwTp1OrDHNvTx#rd 挖洞经验 | 看我如何发现Facebook安卓APP的$8500美金Webview漏洞 https://www.freebuf.com/articles/terminal/184500.html?from=groupmessage&isappinstalled=0