Misc

SSL Pinning - 
https://www.youtube.com/watch?v=is8lHjEkk7U


How http works ?

How SSL / TLS works ?


How DNS Works ?


How OAUTH works ?

https://twitter.com/s0md3v/status/1168846854689132544


https://twitter.com/hackerscrolls/status/1269266750467649538


https://blog.avuln.com/article/4


https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/


https://webstersprodigy.net/2013/05/09/common-oauth-issue-you-can-use-to-take-over-accounts/


https://research.nccgroup.com/2020/07/07/an-offensive-guide-to-the-authorization-code-grant/


https://www.youtube.com/watch?v=O762qjAjAyo&list=PLnICOE3KiEs9J65ndHOeOYDiyA7FhI1g9&index=6&t=0s


https://maxfieldchen.com/posts/2020-05-17-penetration-testers-guide-oauth-2.html


https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5


https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-code-faa9cc8d0d37


https://t.co/FYJdf7Z6nG?amp=1

Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues. What worked was... \udfff -> � -> ? Therefore... {"redirectUri":"https://attacker\udfff@[victim]/"} Equals... Location: https://attacker?@[victim]/ - 
https://twitter.com/samwcyo/status/1246997498981494784


https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/


Got my 1st HTTP Parameter Pollution (HPP) bug rewarded! Targeting an OAuth login: by providing url parameter "scope" twice, the page asked confirmation for the first, but ended up authorizing all others too:


/oauth?redirect=x&response_type=code&client_id=x&scope=name&scope=email


https://www.hackedu.com/blog/analysis-of-common-federated-identity-protocols-openid-connect-vs-oauth-2.0-vs-saml-2.0


https://twitter.com/apisecurityio/status/1283023445081509888?s=20



Certificate Transparency:

https://www.digicert.com/certificate-transparency/how-it-works.htm


http://www.certificate-transparency.org/how-ct-works


https://medium.com/babylon-engineering/android-security-certificate-transparency-601c18157c44




HTTP headers 



https://www.federacy.com/blog/security-headers-the-whys-and-hows/


https://zgheb.com/i?v=blog&pl=46#sh_acao


https://blog.initd.sh/others-attacks/web-application/http-security-headers-detailed-explanation/


https://www.youtube.com/watch?v=eDauBJUthRo


https://int64software.com/blog/2018/11/05/hardening-website-security-part-1-http-security-headers/


https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/


https://medium.com/@Johne_Jacob/7-security-response-headers-every-security-tester-should-know-77576ffdfc0f


https://www.scip.ch/en/?labs.20180809

CSP - https://csper.io/blog/other-csp-security

CSP - https://www.youtube.com/watch?v=c3JjTRFl5D8&t=0s&list=PLv-PXy2JVvivzOKjt7_jA8NnIifCnRjOS&index=15

JWT:

https://zonksec.com/blog/jwt-hacking-101/
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
https://www.slideshare.net/snyff/jwt-insecurity
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/january/jwt-attack-walk-through/
https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html
https://medium.com/@blackhood/simple-jwt-hacking-73870a976750
https://github.com/dwyl/learn-json-web-tokens
https://habr.com/en/post/450054/
https://gist.github.com/pranav1hivarekar/65e59cb95d56acf02ffdaf17b25f4039
https://www.youtube.com/watch?v=rCkDE2me_qk
https://gist.github.com/stefanocoding/8cdc8acf5253725992432dedb1c9c781
https://www.scip.ch/en/?labs.20190523
https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/
https://badshah.io/pentesting-jwt-tokens/
https://www.owasp.org/images/0/07/20190222--Nyffenegger-JWAT.pdf
https://www.youtube.com/watch?v=sGvF8wS76Dk
https://www.youtube.com/watch?v=aYz8yPymyvk
http://intx0x80.blogspot.com/2019/10/JWT.html
https://mazinahmed.net/blog/breaking-jwt/
https://research.securitum.com/jwt-json-web-token-security/
https://github.com/ticarpi/jwt_tool/wiki
https://www.youtube.com/watch?v=nM8kibRciJQ
https://www.youtube.com/watch?v=M3jA0bGDCso&feature=emb_logo
https://youtu.be/zWVRHK3ykfo
https://youtu.be/558MFgH1t9g
https://t.co/Su15R6Vpps?amp=1
https://github.com/dwyl/learn-json-web-tokens
https://blog.silentsignal.eu/2021/02/08/abusing-jwt-public-keys-without-the-public-key/

OAUTH / SAML -

https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611

https://habr.com/en/post/449182/



How to Hunt Bugs in SAML; a Methodology - Part I
https://www.anitian.com/owning-saml/


The most common OAuth 2.0 Hacks - https://habr.com/en/post/449182/

http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html

https://twitter.com/fyoorer/status/1190304570506911744

https://medium.com/swlh/hacking-saml-bce30483d020

https://medium.com/@wdevon99/what-the-hell-is-oauth-6ba19f236612

https://twitter.com/s0md3v/status/1168846854689132544

https://twitter.com/fuxksniper/status/1297092959544856576

SAML - https://twitter.com/Alra3ees/status/1259969808969469954

nmap - https://twitter.com/JaneScott/status/1072291481728167936?ref_src=twsrc%5Etfw%7Ctwcamp%5Eembeddedtimeline%7Ctwterm%5Ecollection%3A1073939531731210240%7Ctwcon%5Etimelinechrome&ref_url=https%3A%2F%2Ftwitter.com%2Fpentesterland%2Ftimelines%2F1073939531731210240

I built a tool to turn@nmap scan data into a sortable table for easier consumption. (https://github.com/jgamblin/nmaptable/…) Demo: https://jgamblin.github.io/nmap.html

---Nmap Trick Techniques #BugBountry https://blog.urfix.com/10-cool-nmap-tricks-techniques/amp/#click=https://t.co/IzRXAg7CiQ

Host Header -

Post Msg - https://medium.com/bugbountywriteup/how-to-spot-and-exploit-postmessage-vulnerablities-329079d307cc

Last updated

Was this helpful?