BB - BugBounty Hunting
BB - BugBounty Hunting
BB - BugBounty Hunting
Bounty Hunting
Mahmoud M. Awali
@0xAwali
Prerequisites
● English Language
● How to Study
Marty Lobdell - Study Less Study Smart
https://www.youtube.com/watch?v=IlU-zDU6aQ0
● Your Mind
Methodology
Bug Bounty Hunting Web Apps Pen Testing
Target Pre-engagement
Reconnaissance
Reconnaissance Scanning
Scanning Exploitation
Post Exploitation
Exploitation Covering Tracks
Reporting Reporting
More Information !
● Web Apps Pen Testing
Course eLearnSecurity Web Application Pen Testing Module 1
https://www.elearnsecurity.com/certification/ewpt/
Nginx Fundamentals
High Performance Servers from Scratch
https://www.udemy.com/course/nginx-fundamentals/
Web Server
● HTTP Secure
How to Configure ?
Reference
You Want To Learn Nginx AND Apache
Servers for Hackers
https://leanpub.com/serversforhackers
Web Apps Pen Testing
Prerequisite
CS50
Web Apps Pen Testing
CS50 Lectures 2018
https://www.youtube.com/playlist?list=PLhQjrBD2T382eX9-
tF75Wa4lmlC7sxNDH
Twitter Hashtag
#OSINT
#Recon
Services Scanning
● NMAP
Nmap OR Masscan
Exploit-DB
https://www.exploit-db.com/
Github
https://github.com/
Subdomains Takeover
DNS Hijacking
https://www.youtube.com/watch?v=FXCzdWm2qDg
Patrik Hudak
https://0xpatrik.com/
DNS Takeover
Patrik Hudak
https://0xpatrik.com/subdomain-takeover-ns/
Content Discovery
● Assetnote
https://www.youtube.com/watch?v=DEW5C9r3rc0
https://blog.assetnote.io/2021/04/05/contextual-content-
discovery/
https://www.youtube.com/watch?v=hNs8fpWfcyU
Content Discovery
● Turbo Intruder
https://portswigger.net/research/turbo-intruder-embrac
ing-the-billion-request-attack
Content Discovery
● FFUF
0$ 400$
PROXY
Burp Suite Cookbook
https://www.amazon.com/Burp-Suite-Cookbook-Practical-p
enetration/dp/178953173X
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Web Cache Attacks
● Web Cache Deception
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Path Normalization
Breaking Parser Logic
https://www.youtube.com/watch?v=28xWcRegncw&t=2s
Reverse Proxies
https://2018.zeronights.ru/wp-content/uploads/materials/20-
Reverse-proxies-Inconsistency.pdf
https://speakerdeck.com/greendog/2-and-a-bit-of-magic
Open Redirection
PwnFunction
https://www.youtube.com/watch?v=4Jk_I-cw4WE&t=2s
Cheat Sheet
https://pentester.land/cheatsheets/2018/11/02/open-redirect-c
heatsheet.html
CRLF
CRLF and Open Redirection
https://2017.zeronights.org/wp-content/uploads/materials/ZN
17_Karbutov_CRLF_PDF.pdf
CRLF Reports
site:hackerone.com CRLF
Client Side Technologies
Front-End Roadmap
https://github.com/kamranahmedse/developer-ro
admap#frontend-roadmap
Client Side Technologies
Third-Party JavaScript
https://www.amazon.com/Third-Party-JavaScript-Ben-Vinegar
/dp/1617290548
Client Side Technologies
Reflected
Persistent
DOM-based
Blind
Cross site Scripting
XSS Attacks
https://www.amazon.com/XSS-Attacks-Scripting-Exploits-D
efense/dp/1597491543
BLIND XSS
https://2018.zeronights.ru/wp-content/uploads/materials/2%
20ZN2018%20WV%20-%20Blind%20Xss%20%28femida%20p
lugin%29.pdf
Cross site Scripting
Twitter Hashtag
#Bugbountytip xss
#bugbounty blind xss
#xss
#bxss
Content Security Policy
CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Bypassing CSP
https://www.youtube.com/watch?v=eewyLp9QLEs
https://www.youtube.com/watch?v=YBBqtrJmMRc
https://www.youtube.com/watch?v=RR_EqKsYb9o
https://www.youtube.com/watch?v=_L06HetskC4
Cross site Scripting
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Cross site Scripting
Get Invitation
HackerOne CTF
https://ctf.hacker101.com/
CSRF
Cross-Site Request Forgery
https://www.pluralsight.com/courses/cross-site-forgery-req
uest-web-app
CSRF-protection Bypassing
https://www.slideshare.net/0ang3el/neat-tricks-to-bypass-c
srfprotection
CSRF
CSRF Reports
site:hackerone.com csrf
Twitter Hashtag
#Bugbountytip csrf
#bugbounty csrf
#csrf
CSRF
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
CORS Misconfiguration
CORS in Action
https://www.amazon.com/CORS-Action-Creating-consumin
g-cross-origin/dp/161729182X
Exploiting CORS
https://www.youtube.com/watch?v=wgkj4ZgxI4c
CORS Misconfiguration
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
WebSocket Hijacking
Guide to HTML5 WebSocket
https://www.amazon.com/Definitive-Guide-HTML5-WebSoc
ket/dp/1430247401
Security Testing of WebSockets
https://www.theseus.fi/bitstream/handle/10024/113390/Harri
+Kuosmanen+-+Masters+thesis+-+Security+Testing+of+We
bSockets+-+Final.pdf?sequence=1
WebSocket Hijacking
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
postMessage
clickjacking Reports
site:hackerone.com clickjacking
Clickjacking
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
More Client-side Bugs
Back-End Roadmap
https://github.com/kamranahmedse/developer-ro
admap#back-end-roadmap
Server Side Technologies
Great Course
Node.js , SQL , NOSQL , REST API , GraphQL and More
SQLi Reports
site:hackerone.com sqli
Twitter Hashtag
#Bugbountytip sqli
#bugbounty sqli
SQL Injection
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
NOSQL Injection
MongoDB Notes for Professionals
https://books.goalkicker.com/MongoDBBook/
Investigation and Validation of NoSQL Injection
https://patrick-spiegel.de/MasterThesis.pdf
NOSQL INJECTION
https://www.owasp.org/images/e/ed/GOD16-NOSQL.pdf
NOSQL Injection
NOSQL Reports
Use Google
Twitter Hashtag
#Bugbounty nosql
Local File Inclusion
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Remote Code Execution
Commix
https://www.youtube.com/watch?v=8U88
YvLMYQo
Remote Code Execution
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Template Injection
SPEL INJECTION
https://2018.zeronights.ru/wp-content/uploads/materials/10
%20ZN2018%20WV%20-%20Spel%20injection%20.pdf
Template Injection
SSTI Reports
site:hackerone.com ssti
Template Injection
AngularJS Security
https://www.youtube.com/watch?v=67Yc8_Bszlk&list=PLhix
gUqwRTjwJTIkNopKuGLk3Pm9Ri1sF
Template Injection
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Broken Authentication
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Cryptography
Crypto 101
https://www.crypto101.io/Crypto101.pdf
Hash Crack
https://www.amazon.com/Hash-Crack-Password-Cracking-M
anual-ebook/dp/B075QWTYPM
Cryptography
Get Invitation
HackerOne CTF
https://ctf.hacker101.com/
GraphQL
The Modern GraphQL
https://www.udemy.com/course/graphql-bootcamp/
Get Invitation
HackerOne CTF
https://ctf.hacker101.com/
DevOps Technologies
DevOps Roadmap
https://github.com/kamranahmedse/developer-ro
admap#devops-roadmap
Amazon Web Services
AWS Certified Solutions Architect
https://www.udemy.com/course/aws-certified-solutions-arch
itect-associate/
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
Microservices
DTD Attacks
Against a XML Parsers
https://www.nds.ruhr-uni-bochum.de/media/nds/
arbeiten/2015/11/04/spaeth-dtd_attacks.pdf
XML External Entity
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
HTTP Parameter Pollution
PwnFunction
https://www.youtube.com/watch?v=QVZBl8yxVX
0
Marco Balduzzi
https://www.blackhat.com/docs/webcast/bhweb
cast28-balduzzi.pdf
File Uploading
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
DNS Rebinding
WebSecurity
Academy Materials
https://portswigger.net/web-security/all-materials
More Server-side Bugs
● HOP BY HOP Request Header
Shellshock Vulnerability
https://owasp.org/www-pdf-archive/Shellshock_-_Tu
dor_Enache.pdf
More Server-side Bugs
● Sensitive Files
WebSecurity
Academy Labs
https://portswigger.net/web-security/all-labs
More Server-side Bugs
Get Invitation
HackerOne CTF
https://ctf.hacker101.com/
Source Code Review
Hunting Asynchronous
Vulnerabilities
https://www.youtube.com/watch?v=ha6LD1-RiJU
Awesome Talks
● AEM Hacking
Nicolas Grégoire
Hunting For Top Bounties
https://www.youtube.com/watch?v=mQjTgDuLsp4
Awesome Talks
● Demystifying The Server Side
Hacking IIS
https://www.youtube.com/watch?v=cqM-MdPkaWo
Awesome Talks
● Red Team Village
https://www.youtube.com/watch?v=8Sqp_kryB4E
Bug Bounty Hunting Books
Advanced Web
Attacks and Exploitation
https://www.offensive-security.com/awae-oswe/
Keep Learning
Twitter
Following List is Up To You
Blogs
Security Researchers !
Conferences
ZeroNights - Defconf - Blackhat - etc
Keep Learning
Google
Depending On Yourself , It Will Be Better