How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
https://saajanbhujel.medium.com/how-i-got-10-000-from-github-for-bypassing-filtration-of-html-tags-db31173c8b37
Vaf is a cross-platform very advanced and fast web fuzzer written in nim(从start来看还是比较小众的)
https://github.com/d4rckh/vaf
Make you scans faster Ports Scan without CloudFlare
subfinder -silent -d HOST | filter-resolved | cf-check | sort -u | naabu -rate 40000 -silent -verify | httprobeH1报告
Password Reset Link not expiring after changing the email Leads To Account Takeover
https://hackerone.com/reports/685007
Kubernetes Security and Observability: A Holistic Approach to Securing Containers and Cloud Native Applications
https://rbebooks.site/wp-content/uploads/2022/10/Kubernetes_Security_and_Observability_by_Amit_Gupta_and_Brendan.pdf
Testing 2FA
API Security Testing Checklist
https://github.com/shieldfy/API-Security-Checklist
Today I have a successful cheat sheet suggestion that you can use within the scope of bug bounty
https://github.com/Neelakandan-A/BugBounty_CheatSheet
Where do you usually find IDOR bugs? This writeup by @_nynan sums it up pretty well
https://medium.com/@nynan/what-i-learnt-from-reading-220-idor-bug-reports-6efbea44db7
Don’t have a US phone number?
https://www.receivesms.co/us-phone-number/3635/
最近整理资料,发现一个问题,老外有的时候一条文章发个三四次,所以就有可能出现重复的情况,ememem,毕竟这是靠人工review的。
原文始发于微信公众号(Bug Bounty Tips):Bug Bounty Tips(2022-10-17)
