SecList for CyberStudents
@SecListForCyberStudents
240 subscribers
603 photos
25 videos
211 files
918 links
Think outside the box
Download Telegram
About
Blog
Apps
Platform
Join
SecList for CyberStudents
240 subscribers
SecList for CyberStudents
https://medium.com/@imanmochi/nuclei101-for-bug-bounty-cheatsheet-3eaf3c35b39
Medium
NUCLEI101 FOR BUG BOUNTY CHEATSHEET
Hello, everyone! Welcome to my page @0ximan1337. Here, you’ll find a comprehensive cheatsheet on utilizing nuclei effectively. This invaluable resource is designed to assist beginners in grasping the…
78 views
SecList for CyberStudents
https://github.com/hackingyseguridad/curl
GitHub
GitHub - hackingyseguridad/curl: CURL en bash shell, web interface ( hackingyseguridad.com )
CURL en bash shell, web interface ( hackingyseguridad.com ) - hackingyseguridad/curl
80 views
SecList for CyberStudents
HackerOne disclosed on HackerOne: Server Side Request Forgery...

https://hackerone.com/reports/2262382
HackerOne
HackerOne disclosed on HackerOne: Server Side Request Forgery...
We recently received a critical server-side request forgery (SSRF) vulnerability report through our bug bounty program. The issue allowed attackers to make internal requests from our application...
67 views
SecList for CyberStudents
Reflected XSS bypassing hidden input tag and auto-submit script in a form

https://hackcommander.github.io/bug-bounty-8/
76 views
SecList for CyberStudents
https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
cheatsheetseries.owasp.org
XSS Filter Evasion - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
69 views
SecList for CyberStudents
📝Подборка обходов различных WAF

Автор собрал советы по обходу waf из Twitter'а и упаковал это в едином репозитории.

Ссылка на GitHub

#web #waf #bypass
94 views
SecList for CyberStudents
payloads.csv
37.2 KB
FUCK WAF
От Cloudflare до Imperva, Akamai, F5, Checkpoint, Fortinet

#waf #bypass #payload #regexp
79 views
SecList for CyberStudents
https://news.xcoode.com/automation-for-target-surface-information-gathering-xcoode-ai-prompting-for-bug-bounty-giants-a545dadc87dc
Medium
Automation for Target Surface Information Gathering — XCOODE + AI Prompting for Bug Bounty Giants
Hello Cyber Enthusiasts! Join us today as we delve into the exciting realm of bug bounty hunting. In this article, XCOODE will guide you…
65 views
SecList for CyberStudents
https://github.com/xnl-h4ck3r/GAP-Burp-Extension

#BurpSuite #Extension #BugHunting
GitHub
GitHub - xnl-h4ck3r/GAP-Burp-Extension: Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist - xnl-h4ck3r/GAP-Burp-Extension
70 views
SecList for CyberStudents
62 views
SecList for CyberStudents
The_Art_of_Linux_Persistence__1702487063.pdf
6.9 MB
75 views
SecList for CyberStudents
https://github.com/Marshall-Hallenbeck/red_team_attack_lab
GitHub
GitHub - Marshall-Hallenbeck/red_team_attack_lab: Red Team Attack Lab for TTP testing & research
Red Team Attack Lab for TTP testing & research. Contribute to Marshall-Hallenbeck/red_team_attack_lab development by creating an account on GitHub.
63 views
SecList for CyberStudents
https://null-byte.wonderhowto.com/how-to/discover-hidden-subdomains-any-website-with-subfinder-0341687/
WonderHowTo
Discover Hidden Subdomains on Any Website with Subfinder
When approaching a target, having a precise and detailed plan of attack is absolutely necessary. One of the main goals is to increase the attack surface since the more opportunities there are for e...
56 views
SecList for CyberStudents
https://github.com/Sn1r/Forbidden-Buster
GitHub
GitHub - Sn1r/Forbidden-Buster: A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes…
A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and...
63 views
SecList for CyberStudents
Forwarded from SHADOW:Group
🐔 XSS и CSRF в Twitter

Тут багхантер взял недавно слитую XSS , за которую не заплатили и докрутил ее до импакта, позволяющего выполнять различные действия в вашем аккаунте в Twitter, вплоть до его захвата. Однако ему за это тоже не заплатили и он так же решил слить уязвимость на всеобщее обозрение.

Ссылка на пост

#web #csrf
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Chaofan Shou (svm/acc) (@shoucccc) on X
😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability.

Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
64 views
SecList for CyberStudents
Хакинг на С++.pdf
17 MB
Хакинг на С++. 2023
Ярошенко А.А.
78 views
SecList for CyberStudents
https://github.com/dewcode91/Sample-reports

#Report #Example #BugHunter
GitHub
GitHub - dewcode91/Sample-reports: A small collection of sample reports.
A small collection of sample reports. Contribute to dewcode91/Sample-reports development by creating an account on GitHub.
73 views
SecList for CyberStudents
https://hackerone.com/reports/680415

#CVE-2019-10082
HackerOne
Internet Bug Bounty disclosed on HackerOne: mod_http2,...
Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. This is made possible by a race condition in which nghttp2...
66 views
SecList for CyberStudents
https://nvd.nist.gov/vuln/detail/CVE-2022-31813

#CVE-2022-31813
https://github.com/hackingyseguridad/curl
GitHub
GitHub - hackingyseguridad/curl: CURL en bash shell, web interface ( hackingyseguridad.com )
CURL en bash shell, web interface ( hackingyseguridad.com ) - hackingyseguridad/curl
76 views
SecList for CyberStudents
72 views
SecList for CyberStudents
WEB_APPLICATION_PENETRATION_TESTING_1702557648.pdf
16.1 MB
99 views