Misc
SSL Pinning -
https://www.youtube.com/watch?v=is8lHjEkk7U
How http works ?
How SSL / TLS works ?
How DNS Works ?
How OAUTH works ?
https://twitter.com/s0md3v/status/1168846854689132544
https://twitter.com/hackerscrolls/status/1269266750467649538
https://blog.avuln.com/article/4
https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/
https://webstersprodigy.net/2013/05/09/common-oauth-issue-you-can-use-to-take-over-accounts/
https://research.nccgroup.com/2020/07/07/an-offensive-guide-to-the-authorization-code-grant/
https://www.youtube.com/watch?v=O762qjAjAyo&list=PLnICOE3KiEs9J65ndHOeOYDiyA7FhI1g9&index=6&t=0s
https://maxfieldchen.com/posts/2020-05-17-penetration-testers-guide-oauth-2.html
https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-code-faa9cc8d0d37
https://t.co/FYJdf7Z6nG?amp=1
Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues. What worked was... \udfff -> � -> ? Therefore... {"redirectUri":"https://attacker\udfff@[victim]/"} Equals... Location: https://attacker?@[victim]/ -
https://twitter.com/samwcyo/status/1246997498981494784
https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/
Got my 1st HTTP Parameter Pollution (HPP) bug rewarded! Targeting an OAuth login: by providing url parameter "scope" twice, the page asked confirmation for the first, but ended up authorizing all others too:
/oauth?redirect=x&response_type=code&client_id=x&scope=name&scope=email
https://www.hackedu.com/blog/analysis-of-common-federated-identity-protocols-openid-connect-vs-oauth-2.0-vs-saml-2.0
https://twitter.com/apisecurityio/status/1283023445081509888?s=20
Certificate Transparency:
https://www.digicert.com/certificate-transparency/how-it-works.htm
http://www.certificate-transparency.org/how-ct-works
https://medium.com/babylon-engineering/android-security-certificate-transparency-601c18157c44
HTTP headers
https://www.federacy.com/blog/security-headers-the-whys-and-hows/
https://zgheb.com/i?v=blog&pl=46#sh_acao
https://blog.initd.sh/others-attacks/web-application/http-security-headers-detailed-explanation/
https://www.youtube.com/watch?v=eDauBJUthRo
https://int64software.com/blog/2018/11/05/hardening-website-security-part-1-http-security-headers/
https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/
https://medium.com/@Johne_Jacob/7-security-response-headers-every-security-tester-should-know-77576ffdfc0f
https://www.scip.ch/en/?labs.20180809
CSP - https://csper.io/blog/other-csp-security
CSP - https://www.youtube.com/watch?v=c3JjTRFl5D8&t=0s&list=PLv-PXy2JVvivzOKjt7_jA8NnIifCnRjOS&index=15
JWT:
https://zonksec.com/blog/jwt-hacking-101/
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
https://www.slideshare.net/snyff/jwt-insecurity
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/january/jwt-attack-walk-through/
https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html
https://medium.com/@blackhood/simple-jwt-hacking-73870a976750
https://github.com/dwyl/learn-json-web-tokens
https://habr.com/en/post/450054/
https://gist.github.com/pranav1hivarekar/65e59cb95d56acf02ffdaf17b25f4039
https://www.youtube.com/watch?v=rCkDE2me_qk
https://gist.github.com/stefanocoding/8cdc8acf5253725992432dedb1c9c781
https://www.scip.ch/en/?labs.20190523
https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/
https://badshah.io/pentesting-jwt-tokens/
https://www.owasp.org/images/0/07/20190222--Nyffenegger-JWAT.pdf
https://www.youtube.com/watch?v=sGvF8wS76Dk
https://www.youtube.com/watch?v=aYz8yPymyvk
http://intx0x80.blogspot.com/2019/10/JWT.html
https://mazinahmed.net/blog/breaking-jwt/
https://research.securitum.com/jwt-json-web-token-security/
https://github.com/ticarpi/jwt_tool/wiki
https://www.youtube.com/watch?v=nM8kibRciJQ
https://www.youtube.com/watch?v=M3jA0bGDCso&feature=emb_logo
https://youtu.be/zWVRHK3ykfo
https://youtu.be/558MFgH1t9g
https://t.co/Su15R6Vpps?amp=1
https://github.com/dwyl/learn-json-web-tokens
https://blog.silentsignal.eu/2021/02/08/abusing-jwt-public-keys-without-the-public-key/
OAUTH / SAML -
https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611
https://habr.com/en/post/449182/
How to Hunt Bugs in SAML; a Methodology - Part I
https://www.anitian.com/owning-saml/
The most common OAuth 2.0 Hacks - https://habr.com/en/post/449182/
http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html
https://twitter.com/fyoorer/status/1190304570506911744
https://medium.com/swlh/hacking-saml-bce30483d020
https://medium.com/@wdevon99/what-the-hell-is-oauth-6ba19f236612
https://twitter.com/s0md3v/status/1168846854689132544
https://twitter.com/fuxksniper/status/1297092959544856576
SAML - https://twitter.com/Alra3ees/status/1259969808969469954
I built a tool to turn@nmap scan data into a sortable table for easier consumption. (https://github.com/jgamblin/nmaptable/…) Demo: https://jgamblin.github.io/nmap.html
---Nmap Trick Techniques #BugBountry https://blog.urfix.com/10-cool-nmap-tricks-techniques/amp/#click=https://t.co/IzRXAg7CiQ
How to defend your website with ZIP bombs : - https://twitter.com/binitamshah/status/882977758380310529
A pretty old bug in Yahoo! https://medium.com/@uranium238/co
New blog post about bypassing payments using webhooks: https://lightningsecurity.io/blog/bypassing-payments-using-webhooks/… #bugbounty
Some nice writeup you should read it. http://blog.jr0ch17.com/tags/#smtp%20header%20injection…356115
Host Header -
https://hackerone.com/reports/123078 https://hackerone.com/reports/167631 https://hackerone.com/reports/226659 https://hackerone.com/reports/229498 https://hackerone.com/reports/244677 https://hackerone.com/reports/281575 https://hackerone.com/reports/317476 https://hackerone.com/reports/698416 https://hackerone.com/reports/791293
Post Msg - https://medium.com/bugbountywriteup/how-to-spot-and-exploit-postmessage-vulnerablities-329079d307cc
Last updated
Was this helpful?