# Misc

{% embed url="<https://twitter.com/ThisIsDK999/status/1361298477783805952?s=20>" %}

* <https://gccybermonks.com/posts/popups/>
* <https://www.mannulinux.org/2021/03/from-tikiwiki-to-domain-admin-journey.html>
* <https://blog.cryptohack.org/twitter-secrets>
* <https://bdgajera.medium.com/ssrf-if-the-application-renders-csv-bd56c4cbea6c>
* <https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/>
* <https://www.hahwul.com/2020/12/24/toctou-ssrf/>
* <https://github.com/minimaxir/big-list-of-naughty-strings>
* <https://mr-msa.notion.site/mr-msa/Write-ups-Tips-0b10fa38dc64499192dcf8df8ec56da9>

```
SSL Pinning - 
https://www.youtube.com/watch?v=is8lHjEkk7U


How http works ?

How SSL / TLS works ?


How DNS Works ?


How OAUTH works ?

https://twitter.com/s0md3v/status/1168846854689132544


https://twitter.com/hackerscrolls/status/1269266750467649538


https://blog.avuln.com/article/4


https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/


https://webstersprodigy.net/2013/05/09/common-oauth-issue-you-can-use-to-take-over-accounts/


https://research.nccgroup.com/2020/07/07/an-offensive-guide-to-the-authorization-code-grant/


https://www.youtube.com/watch?v=O762qjAjAyo&list=PLnICOE3KiEs9J65ndHOeOYDiyA7FhI1g9&index=6&t=0s


https://maxfieldchen.com/posts/2020-05-17-penetration-testers-guide-oauth-2.html


https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5


https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-code-faa9cc8d0d37


https://t.co/FYJdf7Z6nG?amp=1

Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues. What worked was... \udfff -> � -> ? Therefore... {"redirectUri":"https://attacker\udfff@[victim]/"} Equals... Location: https://attacker?@[victim]/ - 
https://twitter.com/samwcyo/status/1246997498981494784


https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/


Got my 1st HTTP Parameter Pollution (HPP) bug rewarded! Targeting an OAuth login: by providing url parameter "scope" twice, the page asked confirmation for the first, but ended up authorizing all others too:


/oauth?redirect=x&response_type=code&client_id=x&scope=name&scope=email


https://www.hackedu.com/blog/analysis-of-common-federated-identity-protocols-openid-connect-vs-oauth-2.0-vs-saml-2.0


https://twitter.com/apisecurityio/status/1283023445081509888?s=20



Certificate Transparency:

https://www.digicert.com/certificate-transparency/how-it-works.htm


http://www.certificate-transparency.org/how-ct-works


https://medium.com/babylon-engineering/android-security-certificate-transparency-601c18157c44




HTTP headers 



https://www.federacy.com/blog/security-headers-the-whys-and-hows/


https://zgheb.com/i?v=blog&pl=46#sh_acao


https://blog.initd.sh/others-attacks/web-application/http-security-headers-detailed-explanation/


https://www.youtube.com/watch?v=eDauBJUthRo


https://int64software.com/blog/2018/11/05/hardening-website-security-part-1-http-security-headers/


https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/


https://medium.com/@Johne_Jacob/7-security-response-headers-every-security-tester-should-know-77576ffdfc0f


https://www.scip.ch/en/?labs.20180809


```

CSP - <https://csper.io/blog/other-csp-security>

CSP - <https://www.youtube.com/watch?v=c3JjTRFl5D8&t=0s&list=PLv-PXy2JVvivzOKjt7_jA8NnIifCnRjOS&index=15>

JWT:

```
https://zonksec.com/blog/jwt-hacking-101/
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
https://www.slideshare.net/snyff/jwt-insecurity
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/january/jwt-attack-walk-through/
https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html
https://medium.com/@blackhood/simple-jwt-hacking-73870a976750
https://github.com/dwyl/learn-json-web-tokens
https://habr.com/en/post/450054/
https://gist.github.com/pranav1hivarekar/65e59cb95d56acf02ffdaf17b25f4039
https://www.youtube.com/watch?v=rCkDE2me_qk
https://gist.github.com/stefanocoding/8cdc8acf5253725992432dedb1c9c781
https://www.scip.ch/en/?labs.20190523
https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/
https://badshah.io/pentesting-jwt-tokens/
https://www.owasp.org/images/0/07/20190222--Nyffenegger-JWAT.pdf
https://www.youtube.com/watch?v=sGvF8wS76Dk
https://www.youtube.com/watch?v=aYz8yPymyvk
http://intx0x80.blogspot.com/2019/10/JWT.html
https://mazinahmed.net/blog/breaking-jwt/
https://research.securitum.com/jwt-json-web-token-security/
https://github.com/ticarpi/jwt_tool/wiki
https://www.youtube.com/watch?v=nM8kibRciJQ
https://www.youtube.com/watch?v=M3jA0bGDCso&feature=emb_logo
https://youtu.be/zWVRHK3ykfo
https://youtu.be/558MFgH1t9g
https://t.co/Su15R6Vpps?amp=1
https://github.com/dwyl/learn-json-web-tokens
https://blog.silentsignal.eu/2021/02/08/abusing-jwt-public-keys-without-the-public-key/
```

OAUTH / SAML -&#x20;

```
https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611

https://habr.com/en/post/449182/



How to Hunt Bugs in SAML; a Methodology - Part I
https://www.anitian.com/owning-saml/


The most common OAuth 2.0 Hacks - https://habr.com/en/post/449182/

http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html

https://twitter.com/fyoorer/status/1190304570506911744

https://medium.com/swlh/hacking-saml-bce30483d020

https://medium.com/@wdevon99/what-the-hell-is-oauth-6ba19f236612

https://twitter.com/s0md3v/status/1168846854689132544

https://twitter.com/fuxksniper/status/1297092959544856576
```

{% embed url="<https://carbon.now.sh/>" %}

SAML - <https://twitter.com/Alra3ees/status/1259969808969469954>

nmap - <https://twitter.com/JaneScott/status/1072291481728167936?ref_src=twsrc%5Etfw%7Ctwcamp%5Eembeddedtimeline%7Ctwterm%5Ecollection%3A1073939531731210240%7Ctwcon%5Etimelinechrome&ref_url=https%3A%2F%2Ftwitter.com%2Fpentesterland%2Ftimelines%2F1073939531731210240>

{% embed url="<https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf>" %}

I built a tool to turn[@nmap](https://twitter.com/nmap) scan data into a sortable table for easier consumption. ([https://github.com/jgamblin/nmaptable/…](https://t.co/2pehCY9hLk?amp=1)) Demo: [https://jgamblin.github.io/nmap.html](https://t.co/hxNN3MObR6?amp=1)

\---Nmap Trick Techniques [#BugBountry](https://twitter.com/hashtag/BugBountry?src=hashtag_click) [https://blog.urfix.com/10-cool-nmap-tricks-techniques/amp/#click=https://t.co/IzRXAg7CiQ](https://t.co/3hi67aqUiS?amp=1)

{% embed url="<https://twitter.com/cnotin/status/1088122067952828416?ref_src=twsrc%5Etfw%7Ctwcamp%5Eembeddedtimeline%7Ctwterm%5Ecollection%3A1088406074103865346%7Ctwcon%5Etimelinechrome&ref_url=https%3A%2F%2Ftwitter.com%2Fpentesterland%2Ftimelines%2F1088406074103865346>" %}

* How to defend your website with ZIP bombs : - <https://twitter.com/binitamshah/status/882977758380310529>
* A pretty old bug in Yahoo! [https://medium.com/@uranium238/co](https://t.co/43tnWhhwe3?amp=1)
* New blog post about bypassing payments using webhooks: [https://lightningsecurity.io/blog/bypassing-payments-using-webhooks/…](https://t.co/wpLyUFjzd6?amp=1) [#bugbounty](https://twitter.com/hashtag/bugbounty?src=hashtag_click)
* Some nice writeup you should read it. [http://blog.jr0ch17.com/tags/#smtp%20header%20injection…](https://t.co/7eBRaHJrlS?amp=1)356115
* Chaining - <https://web.archive.org/web/20190407101215/https://nahamsec.com/chaining-multiple-vulnerabilities-to-gain-admin-access/>
* <https://github.com/bb1nfosec/Information-Security-Tasks/tree/master/Web>
* <https://medium.com/@masonhck357/chains-on-chains-chaining-multiple-low-level-vulns-into-a-critical-8b88db29738e>

Host Header -&#x20;

* <https://hackerone.com/reports/317476>
* [https://hackerone.com/reports/123078](https://t.co/Ui9rqQZgUF?amp=1) [https://hackerone.com/reports/167631](https://t.co/LQsaWoQWzZ?amp=1) [https://hackerone.com/reports/226659](https://t.co/5ybE4y4X0i?amp=1) [https://hackerone.com/reports/229498](https://t.co/yGZlnhGpFr?amp=1) [https://hackerone.com/reports/244677](https://t.co/MCazG7foUT?amp=1) [https://hackerone.com/reports/281575](https://t.co/RJ5MctEwDO?amp=1) [https://hackerone.com/reports/317476](https://t.co/LuwkhrQn9s?amp=1) [https://hackerone.com/reports/698416](https://t.co/iSg4meA3Ur?amp=1) [https://hackerone.com/reports/791293](https://t.co/XRN7cUSL9D?amp=1)

Post Msg - <https://medium.com/bugbountywriteup/how-to-spot-and-exploit-postmessage-vulnerablities-329079d307cc>