Scribd
Upload
439 views178 pages

BB - BugBounty Hunting

Uploaded by

ks344212
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
439 views178 pages

BB - BugBounty Hunting

Uploaded by

ks344212
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 178

Bug

Bounty Hunting

Mahmoud M. Awali
@0xAwali
Prerequisites
● English Language
● How to Study
Marty Lobdell - Study Less Study Smart
https://www.youtube.com/watch?v=IlU-zDU6aQ0

● Your Mind
Methodology
Bug Bounty Hunting Web Apps Pen Testing

Target Pre-engagement
Reconnaissance
Reconnaissance Scanning
Scanning Exploitation
Post Exploitation
Exploitation Covering Tracks
Reporting Reporting
More Information !
● Web Apps Pen Testing
Course eLearnSecurity Web Application Pen Testing Module 1
https://www.elearnsecurity.com/certification/ewpt/

● Bug Bounty Hunting


DEF CON 22 - Nir Valtman - Bug Bounty Programs Evolution
https://www.youtube.com/watch?v=l1GHeebvqPw
Infrastructure
● CCNA Routing and Switching
CCNA Routing and Switching OR N+ ?
Do Not Study Both

Course INE CCNA Routing and Switching


https://my.ine.com/course/ccna-routing-switching-tech
nologies/8536ecd3-4010-11e4-a79f-22000b3582a3
Infrastructure
● Domain Name Server Protocol

Managing Mission - Critical Domains and DNS:


Demystifying nameservers, DNS, and domain names
https://www.amazon.com/Managing-Mission-Critical-De
mystifying-nameservers/dp/1789135079
Infrastructure
● HyperText Transfer Protocol

HTTP: The Definitive Guide


https://www.amazon.com/HTTP-Definitive-Guide-Guide
s/dp/1565925092
Operating System
● Your Main Distribution
Kali Linux with XFCE Desktop Environment
Why Kali Linux ?

Kali Linux Revealed: Mastering the Penetration Testing


Distribution
https://www.amazon.com/Kali-Linux-Revealed-Penetration
-Distribution/dp/0997615605
Operating System
● Commands

Linux® Notes for Professionals book


https://goalkicker.com/LinuxBook/
Operating System
● Tmux Terminal
Tmux OR Terminator

Getting Started with tmux


https://www.packtpub.com/hardware-and-creative/getting-
started-tmux
Operating System
● HTTP Command Line
Curl AND HTTPie

Everything curl - the book


https://curl.haxx.se/book.html

HTTPie: a CLI, cURL-like tool for humans


https://httpie.io/static/docs/httpie-0.9.8.pdf
Operating System
● Regular Expression
Why Regular Expression ?

Mastering Regular Expressions


https://www.amazon.com/Mastering-Regular-Expressions-
Jeffrey-Friedl/dp/0596528124
Operating System
● Bash Scripting

Bash Notes for Professionals book


https://goalkicker.com/BashBook/
Operating System
● Sed And Awk

sed & awk: UNIX Power Tools


https://www.amazon.com/sed-awk-Power-Nutshell-Handb
ooks-ebook/dp/B004D4Y302
Web Server
● Nginx Web Server

Nginx Fundamentals
High Performance Servers from Scratch
https://www.udemy.com/course/nginx-fundamentals/
Web Server
● HTTP Secure
How to Configure ?

SSL Complete Guide: HTTP to HTTPS


https://www.udemy.com/course/ssl-complete-guide/
Web Server

Reference
You Want To Learn Nginx AND Apache
Servers for Hackers
https://leanpub.com/serversforhackers
Web Apps Pen Testing

Prerequisite
CS50
Web Apps Pen Testing
CS50 Lectures 2018
https://www.youtube.com/playlist?list=PLhQjrBD2T382eX9-
tF75Wa4lmlC7sxNDH

CS50's Web Programming with Python and JavaScript


https://www.youtube.com/playlist?list=PLhQjrBD2T382hIW
-IsOVuXP1uMzEvmcE5
Web Apps Pen Testing
● Web App Hacker's Handbook

The Web Application Hacker's Handbook


https://www.amazon.com/Web-Application-Hackers-Ha
ndbook-Exploiting/dp/1118026470
Web Apps Pen Testing
● Web Security Testing Guide

Web Security Testing Guide v4.2


https://github.com/OWASP/wstg/releases/download/v4.
2/wstg-v4.2.pdf
Reconnaissance
● Bugcrowd University
Sajeeb Lohani OR Jason Haddix

Recon & Discovery


https://www.youtube.com/watch?v=La3iWKRX-tE
Bug Bounty Hunter Methodology v3
https://www.youtube.com/watch?v=Qw1nNPiH_Go
Reconnaissance
● Nahamsec

Ben Sadeghipour - It’s the Little Things - BSides Portland


2018
https://www.youtube.com/watch?v=YT5Zl2jW3wg&t=1s
Reconnaissance

Nahamsec Live Bug Bounty Recon


Live
https://www.twitch.tv/nahamsec/
Youtube Channel
https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4x
ODLBw
Reconnaissance
● NahamCon2020-2021
The Bug Hunter's Methodology v4.0
https://www.youtube.com/watch?v=p4JgIu1mceI
How to Use Amass Efficiently
https://www.youtube.com/watch?v=H1wdBgY1rtg
Amassive Leap in Host Discovery
https://www.youtube.com/watch?v=yCZqgg-GNx8
Distributed Recon Automation Using Axiom
https://www.youtube.com/watch?v=tWml8Dy5RyM
Reconnaissance
● Dirty Coder

Recon Like A Boss


https://bugbountytuts.files.wordpress.com/2019/01/dirt
y-recon-1.pdf
Reconnaissance
● Prateek Tiwari

BUG BOUNTY FUNSHOP


https://docs.google.com/presentation/d/1cpcxEBEb0dy
XwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.
p
Reconnaissance
● Sam Erb

Hunting Certificates And Servers


https://github.com/erbbysam/Hunting-Certificates-And-
Servers/blob/master/Hunting%20Certificates%20%26%
20Servers.pdf
Reconnaissance
● Sergey Bobrov

BUG BOUNTY AUTOMATION


https://2018.zeronights.ru/wp-content/uploads/material
s/4%20ZN2018%20WV%20-%20BugBounty%20automati
on.pdf
Reconnaissance
● Google Search

Google Hacking for Penetration Testers


https://www.amazon.com/Google-Hacking-Penetration-
Testers-Johnny/dp/0128029641
Reconnaissance
● Alexey Morozov

Misconfiguration in development infrastructure


https://2018.zeronights.ru/wp-content/uploads/material
s/6%20ZN2018%20WV%20-%20Misconfiguration%20in
%20development%20infrastructure.pdf
Reconnaissance
● Bugcrowd University
Majd Aldeen Atiyat

GitHub Recon and Sensitive Data Exposure


https://www.youtube.com/watch?v=l0YsEk_59fQ&t=3s
Reconnaissance

Twitter Hashtag
#OSINT
#Recon
Services Scanning
● NMAP
Nmap OR Masscan

Nmap Network Scanning


https://www.amazon.com/Nmap-Network-Scanning-Offi
cial-Discovery/dp/0979958717
Services Scanning
CVE
https://cve.mitre.org/

Exploit-DB
https://www.exploit-db.com/

Github
https://github.com/
Subdomains Takeover
DNS Hijacking
https://www.youtube.com/watch?v=FXCzdWm2qDg

Can I Takeover XYZ ?


https://github.com/EdOverflow/can-i-take-over-xyz

Patrik Hudak
https://0xpatrik.com/
DNS Takeover

Can I Takeover DNS ?


https://github.com/indianajson/can-i-take-over-dns

Patrik Hudak
https://0xpatrik.com/subdomain-takeover-ns/
Content Discovery
● Assetnote
https://www.youtube.com/watch?v=DEW5C9r3rc0

https://blog.assetnote.io/2021/04/05/contextual-content-
discovery/

https://www.youtube.com/watch?v=hNs8fpWfcyU
Content Discovery
● Turbo Intruder

Abusing HTTP Misfeatures To Accelerate Attacks


https://www.youtube.com/watch?v=vCpIAsxESFY

https://portswigger.net/research/turbo-intruder-embrac
ing-the-billion-request-attack
Content Discovery
● FFUF

How to Master FFUF


For Bug Bounties
https://www.youtube.com/watch?v=iLFkxAmwXF0&t=1s
Content Discovery
● Wordlist

Who , What , Where , When , Wordlist


https://www.youtube.com/watch?v=W4_QCSIujQ4

Creating Wordlists For Hacking


https://www.youtube.com/watch?v=QGbTaxtEQlg
PROXY
ZAP BURP SUITE

0$ 400$
PROXY
Burp Suite Cookbook
https://www.amazon.com/Burp-Suite-Cookbook-Practical-p
enetration/dp/178953173X

Mastering Burp Suite


https://hakin9.org/course/mastering-burp-suite-professiona
l/
PROXY
Getting Started with ZAP
https://www.pluralsight.com/courses/owasp-zap-web-app-p
entesting-getting-started

ZAP Deep Dive


https://www.youtube.com/playlist?list=PLz_NN8o2uh8AQ7
VyUEN1GCCnpzl5_FaJA
Broken Link Hijacking
Broken Link Hijacking
https://edoverflow.com/2017/broken-link-hijacking/

More Than Subdomain Takeover


https://sec.okta.com/articles/2020/12/more-subdomain-takeover-ways-takeover-
hijack-and-impersonate-your

Takeover Company’s LinkedIn Page


https://medium.com/@bathinivijaysimhareddy/how-i-takeover-the-companys-lin
kedin-page-790c9ed2b04d
HTTP Methods
GET , POST , OPTIONS ,
PUT , DELETE , CONNECT ,
HEAD , TRACE , FAKE
Host Header Injection

Cracking The Lens


https://www.youtube.com/watch?v=zP4b3pw94s0

Practical Host Header Attacks


https://www.skeletonscribe.net/2013/05/practical-http-host-h
eader-attacks.html
Host Header Injection

Multiple Host Ambiguities in


HTTP Implementations
https://www.youtube.com/watch?v=V8f6gqrCbZU
Host Header Injection

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Web Cache Attacks
● Web Cache Deception

Web Cache Deception Attack


https://www.youtube.com/watch?v=mroq9eHFOIU

Cached and Confused


https://www.youtube.com/watch?v=czDfMWBsIKw
Web Cache Attacks
● Web Cache Poisoning
Practical Web Cache Poisoning: Redefining
'Unexploitable'
https://www.youtube.com/watch?v=j2RrmNxJZ5c

Web Cache Entanglement


https://www.youtube.com/watch?v=bDxYWGxuVqE
Web Cache Attacks
● Web Cache Poisoning DOS

CPDoS: Cache Poisoned Denial of Service


https://cpdos.org/

Responsible denial of service with web cache poisoning


https://portswigger.net/research/responsible-denial-of-ser
vice-with-web-cache-poisoning
Web Cache Attacks
● Edge Side Include Injection

DEF CON 26 Edge Side Include Injection Abusing Caching


Servers into SSRF
https://www.youtube.com/watch?v=VUZGZnpSg8I
Web Cache Attacks

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Path Normalization
Breaking Parser Logic
https://www.youtube.com/watch?v=28xWcRegncw&t=2s

Reverse Proxies
https://2018.zeronights.ru/wp-content/uploads/materials/20-
Reverse-proxies-Inconsistency.pdf

https://speakerdeck.com/greendog/2-and-a-bit-of-magic
Open Redirection

PwnFunction
https://www.youtube.com/watch?v=4Jk_I-cw4WE&t=2s

Cheat Sheet
https://pentester.land/cheatsheets/2018/11/02/open-redirect-c
heatsheet.html
CRLF
CRLF and Open Redirection
https://2017.zeronights.org/wp-content/uploads/materials/ZN
17_Karbutov_CRLF_PDF.pdf

CRLF Reports
site:hackerone.com CRLF
Client Side Technologies

Front-End Roadmap
https://github.com/kamranahmedse/developer-ro
admap#frontend-roadmap
Client Side Technologies

HTML5 Notes for Professionals


https://goalkicker.com/HTML5Book/
Client Side Technologies

CSS Notes for Professionals


https://goalkicker.com/CSSBook/
Client Side Technologies
Javascript Notes for Professionals
https://goalkicker.com/JavaScriptBook/
The Modern JavaScript Bootcamp
https://www.udemy.com/course/modern-javascript/
The Complete JavaScript Course
https://www.udemy.com/course/the-complete-javascript-cour
se/
Client Side Technologies

jQuery Notes for Professionals


https://goalkicker.com/jQueryBook/
Client Side Technologies

How Browsers Work


https://www.html5rocks.com/en/tutorials
/internals/howbrowserswork/
Client Side Technologies

Third-Party JavaScript
https://www.amazon.com/Third-Party-JavaScript-Ben-Vinegar
/dp/1617290548
Client Side Technologies

Complete JSON AJAX API


https://www.udemy.com/course/complete-json-ajax-course/
Cross site Scripting

Reflected
Persistent
DOM-based
Blind
Cross site Scripting
XSS Attacks
https://www.amazon.com/XSS-Attacks-Scripting-Exploits-D
efense/dp/1597491543

XSS Magic Tricks


https://www.slideshare.net/GarethHeyes/xss-magic-tricks
Cross site Scripting

BLIND XSS
https://2018.zeronights.ru/wp-content/uploads/materials/2%
20ZN2018%20WV%20-%20Blind%20Xss%20%28femida%20p
lugin%29.pdf
Cross site Scripting

XSS Cheat Sheet


https://portswigger.net/web-security/cross-site-scripting/ch
eat-sheet
Cross site Scripting
XSS Reports
site:hackerone.com xss

Twitter Hashtag
#Bugbountytip xss
#bugbounty blind xss
#xss
#bxss
Content Security Policy
CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Bypassing CSP
https://www.youtube.com/watch?v=eewyLp9QLEs
https://www.youtube.com/watch?v=YBBqtrJmMRc
https://www.youtube.com/watch?v=RR_EqKsYb9o
https://www.youtube.com/watch?v=_L06HetskC4
Cross site Scripting

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Cross site Scripting

Get Invitation

HackerOne CTF

https://ctf.hacker101.com/
CSRF
Cross-Site Request Forgery
https://www.pluralsight.com/courses/cross-site-forgery-req
uest-web-app

CSRF-protection Bypassing
https://www.slideshare.net/0ang3el/neat-tricks-to-bypass-c
srfprotection
CSRF
CSRF Reports
site:hackerone.com csrf

Twitter Hashtag
#Bugbountytip csrf
#bugbounty csrf
#csrf
CSRF

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
CORS Misconfiguration

CORS in Action
https://www.amazon.com/CORS-Action-Creating-consumin
g-cross-origin/dp/161729182X

Exploiting CORS
https://www.youtube.com/watch?v=wgkj4ZgxI4c
CORS Misconfiguration

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
WebSocket Hijacking
Guide to HTML5 WebSocket
https://www.amazon.com/Definitive-Guide-HTML5-WebSoc
ket/dp/1430247401
Security Testing of WebSockets
https://www.theseus.fi/bitstream/handle/10024/113390/Harri
+Kuosmanen+-+Masters+thesis+-+Security+Testing+of+We
bSockets+-+Final.pdf?sequence=1
WebSocket Hijacking

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
postMessage

Hunting postMessage Vulnerabilities


https://www.sec-1.com/blog/wp-content/uploads/2016/08/H
unting-postMessage-Vulnerabilities.pdf
postMessage Reports
site:hackerone.com postmessage
Clickjacking

All about Clickjacking


https://cure53.de/xfo-clickjacking.pdf

clickjacking Reports
site:hackerone.com clickjacking
Clickjacking

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
More Client-side Bugs

Learning and Reports


T o o l s - P a y l o a d s
https://appsecwiki.com/#/fron
tend
Client-side Books
The Tangled Web
https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593
273886

The Browser Hacker's Handbook


https://www.amazon.com/Browser-Hackers-Handbook-Wade-Alcorn/dp/111866
2091

Browser security whitepaper


https://github.com/cure53/browser-sec-whitepaper/blob/master/browser-securit
y-whitepaper.pdf
Server Side Technologies

Back-End Roadmap
https://github.com/kamranahmedse/developer-ro
admap#back-end-roadmap
Server Side Technologies

Great Course
Node.js , SQL , NOSQL , REST API , GraphQL and More

NodeJS - The Complete Guide


https://www.udemy.com/course/nodejs-the-complete-guide/
E-mail Injection
Exploiting E-Mail Systems
https://www.youtube.com/watch?v=cThFNXrBYQ
U&feature=emb_logo
SMTP Injection Via Recipient Email
Addresses
https://www.mbsd.jp/Whitepaper/smtpi.pdf
SQL Injection
ERROR-Based
UNION-Based
BOOLEAN-Based
TIME-Based
SQL Injection
SQL Notes for Professionals
https://books.goalkicker.com/SQLBook/
SQL Injection Strategies
https://www.packtpub.com/product/sql-injection-strategies/
9781839215643
SQL Injection Attacks and Defense
https://www.amazon.com/Injection-Attacks-Defense-Justin-
Clarke/dp/1597499633
SQL Injection

SQLi Reports
site:hackerone.com sqli

Twitter Hashtag
#Bugbountytip sqli
#bugbounty sqli
SQL Injection

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
NOSQL Injection
MongoDB Notes for Professionals
https://books.goalkicker.com/MongoDBBook/
Investigation and Validation of NoSQL Injection
https://patrick-spiegel.de/MasterThesis.pdf
NOSQL INJECTION
https://www.owasp.org/images/e/ed/GOD16-NOSQL.pdf
NOSQL Injection

NOSQL Reports
Use Google
Twitter Hashtag
#Bugbounty nosql
Local File Inclusion

Local file inclusion


https://appsecwiki.com/#/serversidesec
urity?id=local-file-inclusion
Local File Inclusion

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Remote Code Execution

Remote Code Execution


https://appsecwiki.com/#/serversidesecu
rity?id=remote-code-execution
Remote Code Execution

Commix
https://www.youtube.com/watch?v=8U88
YvLMYQo
Remote Code Execution

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Template Injection

Server-side Template Injection


https://www.youtube.com/watch?v=3cT0uE7Y87s&t=4s

Client-side Template Injection


https://www.youtube.com/watch?v=VDAAGm_HUQU
Template Injection

SPEL INJECTION
https://2018.zeronights.ru/wp-content/uploads/materials/10
%20ZN2018%20WV%20-%20Spel%20injection%20.pdf
Template Injection

SSTI Reports
site:hackerone.com ssti
Template Injection

Client-Side Template Injection


https://2017.zeronights.org/wp-content/uploads/materials/Z
N17_Karbutov_CSTI_PDF.pdf
Template Injection

AngularJS Security
https://www.youtube.com/watch?v=67Yc8_Bszlk&list=PLhix
gUqwRTjwJTIkNopKuGLk3Pm9Ri1sF
Template Injection

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Broken Authentication

Advanced REST API Course


F l a s k a n d P y t h o n
E-mail Confirmation , Image upload , OAuth 2.0 and Payment
https://www.udemy.com/course/advanced-rest-apis-flask-pyt
hon/
Broken Authentication
● Login Page
Hacking Authentication
https://www.pluralsight.com/courses/hacking-authe
ntication-web-app
Cookie Attacks
https://www.pluralsight.com/courses/cookie-attacks
-web-app-hacking
Broken Authentication
● OAuth 2.0
OAuth 2 in Action
https://www.amazon.com/OAuth-2-Action-Justin-Ric
her/dp/161729327X
Oauth security
https://appsecwiki.com/#/serversidesecurity?id=oau
th-security
Broken Authentication
● OAuth 2.0

Hacking OAuth 2.0


For Fun And Profit
https://www.youtube.com/watch?v=X0mV9HXbKHY
Broken Authentication
● Password Reset
Hacking Password Reset Functionality
https://www.pluralsight.com/courses/web-app-hacki
ng-password-reset-functionality
D o y o u R e m e m b e r
Host Header Injection
Broken Authentication

Hack Your API First


https://www.pluralsight.com/courses/hack-your-api-first

API Security: Offence and Defence


https://hakin9.org/course/api-security-offence-and-defence/
Broken Authentication
● Bugcrowd LevelUP 0x03
Bad API , hAPI Hackers
https://www.youtube.com/watch?v=UT7-ZVawdzA
API Security 101
https://appsecwiki.com/#/serversidesecurity?id=oau
th-security
Broken Authentication
● Attacking JSON WEB TOKENS
JSON WEB TOKENS
https://appsecwiki.com/#/serversidesecurity?id=jso
n-web-tokenjwt
JWT Parkour
https://2019.pass-the-salt.org/files/slides/09-JWAT.p
df
Broken Authentication
Security Assertion Markup Language
https://appsecwiki.com/#/serversidesecurity?id=saml
SSO Wars
https://www.youtube.com/watch?v=ObxxXU8GRMI
Identity Theft: Attacks on SSO Systems
https://www.youtube.com/watch?v=Zjrty05REoc
Broken Authentication

Insecure Direct Object Reference


https://www.youtube.com/watch?v=rloqMGcPMkI

IDOR Vulnerability Automation


https://www.youtube.com/watch?v=3K1-a7dnA60
Broken Authentication
Advanced API Security
https://www.amazon.com/Advanced-API-Security-Securing-
Connect/dp/1430268182

OWASP API Security TOP 10


https://www.owasp.org/index.php/OWASP_API_Security_Pr
oject
Broken Authentication

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Cryptography
Crypto 101
https://www.crypto101.io/Crypto101.pdf

Hash Crack
https://www.amazon.com/Hash-Crack-Password-Cracking-M
anual-ebook/dp/B075QWTYPM
Cryptography

Get Invitation

HackerOne CTF

https://ctf.hacker101.com/
GraphQL
The Modern GraphQL
https://www.udemy.com/course/graphql-bootcamp/

Abusing GraphQL to Attack


https://www.youtube.com/watch?v=NPDp7GHmMa0&feature
=emb_logo
GraphQL

GraphQL Apps Security


Testing Automation
https://zeronights.ru/wp-content/themes/zeronights-2019/pu
blic/materials/2_ZN2019_sorokinpf_graphql.pdf
GraphQL

Get Invitation

HackerOne CTF

https://ctf.hacker101.com/
DevOps Technologies

DevOps Roadmap
https://github.com/kamranahmedse/developer-ro
admap#devops-roadmap
Amazon Web Services
AWS Certified Solutions Architect
https://www.udemy.com/course/aws-certified-solutions-arch
itect-associate/

AWS Serverless APIs


https://www.udemy.com/course/aws-serverless-a-complete-i
ntroduction/
Amazon Web Services
Hands-On AWS Penetration Testing
https://www.amazon.com/Hands-Penetration-Testing-Kali-Li
nux/dp/1789136725

Deep dive into AWS S3


https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s
3-access-controls-taking-full-control-over-your-assets/?utm
_source=blog&utm_campaign=s3_buckets
SSRF

Server Side Request Forgery


https://www.youtube.com/watch?v=4kLcblAuQlw

Server side browsing


https://www.youtube.com/watch?v=oxpbmUYCS4g
SSRF
BLIND SSRF Morozov Alexey
https://zeronights.ru/wp-content/themes/zeronights-2019/pu
blic/materials/4_ZN2019_Morozov_SSRF.pdf

A Glossary of Blind SSRF Chains


https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/
SSRF

New Era of SSRF Exploiting


https://www.youtube.com/watch?v=ds4Gp4xoaeA

SSRF AND PDF GENERATOR


https://www.youtube.com/watch?v=o-tL9ULF0KI
SSRF

SSRF bible. Cheatsheet


https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYX
BcdLUedXGb9njTNIJXa3u9akHM/edit
SSRF

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
Microservices

Microservices Web App


React AND Django AND Flask
https://www.youtube.com/watch?v=0iB5IPoTDts&t=1117s
Microservices

Attacking Secondary Contexts


https://www.youtube.com/watch?v=hWmXEAi9z5w

Traversing My Way In The Internal Network


https://www.youtube.com/watch?v=f5IEe5r9to8
Microservices
Middleware , Middleware Everywhere
https://labs.detectify.com/2021/02/18/middleware-middleware-
everywhere-and-lots-of-misconfigurations-to-fix/

Methodology Using Fuzzing AND Info Disclosure


https://www.slideshare.net/bsidesahmedabad/frans-rosn-key
note-at-bsides-ahmedabad
XML Schema

XML Schema and XSLT


https://www.udemy.com/course/xml-nov
ice-to-ninja/
XML External Entity
XML External Entity Injection
https://www.youtube.com/watch?v=9ZokuRHo-eY

XXE: How to become a Jedi


https://www.slideshare.net/ssuserf09cba/xxe-how-to-becom
e-a-jedi
XML External Entity
Attacking xml processing
https://www.youtube.com/watch?v=2ufnBHXx3cU&t=2465s

XML Out-Of-Band Exploitation


http://www.nosuchcon.org/talks/2013/D3_03_Alex&Timur_X
ML_Out_Of_Band.pdf
XML External Entity

DTD Attacks
Against a XML Parsers
https://www.nds.ruhr-uni-bochum.de/media/nds/
arbeiten/2015/11/04/spaeth-dtd_attacks.pdf
XML External Entity

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
HTTP Parameter Pollution
PwnFunction
https://www.youtube.com/watch?v=QVZBl8yxVX
0
Marco Balduzzi
https://www.blackhat.com/docs/webcast/bhweb
cast28-balduzzi.pdf
File Uploading

File Uploading Vulnerabilities


https://www.sans.org/reading-room/whitepapers/testing/web
-application-file-upload-vulnerabilities-36487
File Uploading
FFmpeg Video Converters
https://www.youtube.com/watch?v=tZil9j7TTps

Attacks on Video Converters


https://docs.google.com/presentation/d/1yqWy_aE3dQNXAh
W8kxMxRqtP7qMHaIfMzUDpEqFneos/edit#slide=id.p
File Uploading
FFmpeg and Imagemagick
https://2017.zeronights.org/wp-content/uploads/materials/Z
N17_yngwie_ffmpeg.pdf

PostScript and ghostScript


https://ruxcon.org.au/assets/2017/slides/hong-ps-and-gs-rux
con2017.pdf
File Uploading

Killing with Filedescriptor


https://speakerdeck.com/filedescriptor/killing-with
HTTP Smuggling

Hiding Wookiees in HTTP


https://www.youtube.com/watch?v=dVU9i5PsMPY

HTTP Desync Attacks


https://www.youtube.com/watch?v=w-eJM2Pc0KI
HTTP Smuggling
Practical Attacks Using HTTP Request Smuggling
https://www.youtube.com/watch?v=3tpnuzFLU8g

HTTP Request Smuggling in 2020


https://i.blackhat.com/USA-20/Wednesday/us-20-Klein-HTTP-Request-Smuggling
-In-2020-New-Variants-New-Defenses-And-New-Challenges.pdf

Response Smuggling: Pwning HTTP 1 1 Connections


https://www.youtube.com/watch?v=suxDcYViwao&list=PL9fPq3eQfaaBUD1zVxJ
WJmX86A6d0isBI&index=48
HTTP Smuggling

What’s Wrong With WebSocket APIs

Smuggling Through Websocket


https://www.youtube.com/watch?v=gANzRo7UHt8
HTTP Smuggling
HTTP Request Smuggling
Via Higher HTTP Versions
https://standoff365.com/phdays10/schedule/tech/http-reque
st-smuggling-via-higher-http-versions/

HTTP2: The Sequel is Always Worse


https://www.youtube.com/watch?v=rHxVVeM9R-M
HTTP Smuggling

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
DNS Rebinding

There’s no place like 127.0.0.1


https://www.youtube.com/watch?v=Q0JG_eKLcws

State of DNS Rebinding


https://www.youtube.com/watch?v=y9-0lICNjOQ&t=1116s
More Server-side Bugs

Learning and Reports


T o o l s - P a y l o a d s
https://appsecwiki.com/#/serv
ersidesecurity
More Server-side Bugs

WebSecurity

Academy Materials

https://portswigger.net/web-security/all-materials
More Server-side Bugs
● HOP BY HOP Request Header

Hop-by-Hop Request Headers


https://nathandavison.com/blog/abusing-http-hop-b
y-hop-request-headers
More Server-side Bugs
● Shellshock Vulnerability

Shellshock Vulnerability
https://owasp.org/www-pdf-archive/Shellshock_-_Tu
dor_Enache.pdf
More Server-side Bugs
● Sensitive Files

Small Files And Big Bounties,


Exploiting Sensitive Files
https://www.youtube.com/watch?v=pzH-gytUWWI
More Server-side Bugs

WebSecurity

Academy Labs

https://portswigger.net/web-security/all-labs
More Server-side Bugs

Get Invitation

HackerOne CTF

https://ctf.hacker101.com/
Source Code Review

OWASP Code Review


https://www.owasp.org/images/5/53/OWASP_Code_Review_
Guide_v2.pdf
Source Code Review
● Reading Javascript Files

Let’s be a Dork and Read


javascript files with zseano
https://www.youtube.com/watch?v=0jM8dDVifaI
Web App Firewall
Web Application Defender
https://www.amazon.com/Web-Application-Defenders-Cook
book-Protecting/dp/1118362187

Web Application Obfuscation


https://www.amazon.com/Web-Application-Obfuscation-Eva
sion-Filters/dp/1597496049
Automation

Write Your Tools


Language is Up To You
Awesome Talks
● Asynchronous Vulnerabilities

Hunting Asynchronous
Vulnerabilities
https://www.youtube.com/watch?v=ha6LD1-RiJU
Awesome Talks
● AEM Hacking

Approaching Adobe Experience Manager


Webapps by Mikhail Egorov
https://www.youtube.com/watch?v=EQNBQCQMouk
Awesome Talks
● Hacking Jenkins

Hacking Jenkins - Orange Tsai


https://www.youtube.com/watch?v=_x8BsBnQPmU
Awesome Talks
● Infiltrating Corporate Internet

Orange Tsai - Infiltrating Corporate


Intranet Like NSA Preauth RCE
https://www.youtube.com/watch?v=1IoythC_pIY
Awesome Talks
● Apache Solr Injection

Apache Solr Injection


https://www.youtube.com/watch?v=xf2E64o4hWc
Awesome Talks
● Hunting For Top Bounties

Nicolas Grégoire
Hunting For Top Bounties
https://www.youtube.com/watch?v=mQjTgDuLsp4
Awesome Talks
● Demystifying The Server Side

SSRF - XXE - RCE


Reverse Proxy
https://www.youtube.com/watch?v=gluSEBZpplQ
Awesome Talks
● Backslash Powered Scanning

Backslash Powered Scanning: Hunting


Unknown Vulnerability Classes
https://www.youtube.com/watch?v=apOLZ67TZd0
Awesome Talks
● NahamCon2021

Hacking IIS
https://www.youtube.com/watch?v=cqM-MdPkaWo
Awesome Talks
● Red Team Village

Knock knock , Who's There?


Identifying Assets in the Cloud
https://www.youtube.com/watch?v=cqM-MdPkaWo
Awesome Talks
● Zseano's Thoughts
A Look Into Zseano's Thoughts
When Testing a Target
https://www.youtube.com/watch?v=T6BROEozJOk

https://www.youtube.com/watch?v=8Sqp_kryB4E
Bug Bounty Hunting Books

Bug Bounty Playbook v1


https://payhip.com/b/wAoh

Bug Bounty Playbook v2


https://payhip.com/b/nRia
Bug Bounty Hunting Books

Web Hacking 101


https://leanpub.com/web-hacking-101

Real-World Bug Hunting


https://nostarch.com/bughunting
Certifications
Web Hacking
https://notsosecure.com/hacking-training/web-hacking/

Advanced Web Hacking


https://notsosecure.com/hacking-training/advanced-web-ha
cking/
Certifications

Advanced Web
Attacks and Exploitation
https://www.offensive-security.com/awae-oswe/
Keep Learning
Twitter
Following List is Up To You

Blogs
Security Researchers !

Conferences
ZeroNights - Defconf - Blackhat - etc
Keep Learning

Google
Depending On Yourself , It Will Be Better

Google Search I’m Feeling Lucky


Thank
You
Mahmoud M. Awali
@0xAwali

You might also like