This project is shifted Here on GitBook but this repository still continue. please check out my GitBook aswell.
These are my Cyber Security notes that I have gathered from various sources,
you can contribute to this repository too!
-
- My Methodology (shitty & outdated)
- Bug-Bounty Tools
- Customized Tools by me
- Vulnerability Report format
- Bug-Bounty Platforms
- People To Follow On Social Media
- Most used browser extension while Bug-Bounty
- Hackers to Follow on Social Media
- Best Writeups website for Security Researchers
-
Some more important topics for Cyber Security
- Learn Linux
- Learn Programming Languages
- Languages Required in Cyber Security
- Top Platforms to Learn Any Programming Language
- Intentionally Vulnerable Applications to Practice or CTF Websites
- CS Certifications
- Topics Related to Cyber Security
- Learn BurpSuite
- Common CyberSec Tools
-
Comptia Exam's Topic
-
Basic Linux & Windows Commands
-
Learn programming & Scripting Languages for CyberSec
-
Basic of CyberSec
-
University Syllabus
1.1 Enable these two features in Windows Feature app.
• Windows Subsystem for Linux
• Virtual Machine Platform
1.2. Open CMD as adminstrator and type wsl --install.
1.3. Restart your pc
1.4. Go to Microsoft Store & install these two apps
• Windows Subsystem for Linux
• Your favourite Linux Distribution (Ubuntu, kali Linux, debian, oracle, arch etc)
1.5. open the Linux app and install the linux distribuation.
1.6. Restart your pc
1.7. Installation Complete.
2.1 wsl --update : To update the wsl version.
2.2 wsl --version, -v : To get all the info about wsl, wslg, kernel version.
2.3 wsl --list, -l : To get list of all distribution installed.
2.3.1 wsl --all : List all distributions, including distributions that are currently being installed or uninstalled.
2.3.2 wsl --running : List only distributions that are currently running.
2.3.3 wsl --quiet, -q : Only show distribution names.
2.3.4 wsl --verbose, -v : Show detailed information about all distributions.
2.3.5 wsl --online, -o : Displays a list of available distributions for install with 'wsl.exe --install'.
2.4 wsl --set-default, -s <Distro> : to set default distro.
3.1 Open linux distribuaton & update & upgrade your distro.
3.2 Sudo apt install kali-win-kex
3.3 After installing win-kex fill required information
3.4 To start gui type Kex in terminal.
Mode:
[none] : Window Mode (default)
--esm : Enhanced Session Mode - Launch Win-KeX desktop in a dedicated window using Windows native RDP
--sl : SeamLess mode - Seamlessly integrate Win-KeX into the Windows desktop
--win : WINdow mode - Launch Win-KeX desktop in a dedicated window
Command:
[none] : Start Win-KeX server and launch Win-KeX client
--start : Start Win-KeX server
--start-client : Start Win-KeX client
--wtstart : Start Win-KeX server and launch Win-KeX client in Windows Terminal session
--stop : Stop Win-KeX server
--status : Show Win-KeX server status
--kill : Stop Win-KeX server and kill all related processes
--passwd : Set Win-KeX server password
--start-sound : Start Windows sound server
--stop-sound : Stop Windows sound server
--wslg-restore : Restore WSLg unix socket
--wslg-remove : Remove WSLg unix socket
--wslg-status : Display status of WSLg unix socket
--version : Display Win-KeX version
--help : Display this help
(Optional) Parameters:
--ip -i : Use container IP address instead of "localhost"
--multiscreen -m : Optimized for multiscreen
--sound -s : Sound support
--nowgl -n : Disable Windows OpenGL
--norc -r : Disable Win-KeX client reconnecting - once is enough!
--wait -w : Wait longer for desktop to start when in SL mode
--verbose : Verbose output
Examples:
kex -s : Start Win-KeX server in window mode and launch Win-KeX client with sound support
kex --sl -s : Start Win-KeX in seamless mode and launch Win-KeX client with sound support
kex --esm -i -s : Start Win-KeX in Enhanced Session Mode with ARM workaround and launch Win-KeX client with sound support
sudo kex : Start Win-KeX server as root in window mode and launch Win-KeX client
Index | Book Name | Book Link | Interesting |
---|---|---|---|
1 | Cyberjutsu | Cyberjutsu | no |
2 | Black-Hat-Go | Black-Hat-Go | Yes |
3 | Violent Python | Violent Python | Yes |
4 | Black-Hat-Bash | Black-Hat-Bash | Yes |
5 | BlackHat GraphQL | BlackHat GraphQL | Yes |
6 | Bash Cheat Sheet | Bash Cheat Sheet | Yes |
7 | Rust-Programming | Rust-Programming | Yes |
8 | Make Python Talk | Make Python Talk | Yes |
9 | Zseanos Methodology | Zseanos Methodology | Yes |
10 | Bug Bounty Bootcamp | Bug Bounty Bootcamp | Yes |
11 | A Bug Hunter's Diary | A Bug Hunter's Diary | no |
12 | JavaScript Security | JavaScript Security | No |
13 | Build an HTML5 Game | Build an HTML5 Game | Yes |
14 | Red Team Field Manual | Red Team Field Manual | Yes |
15 | Blue Team Field Manual | Blue Team Field Manual | Yes |
16 | The-Linux-Command-Line | The-Linux-Command-Line | Yes |
17 | Linux Basics for Hackers | Linux Basics for Hackers | Yes |
18 | Attacking Network Protocols | Attacking Network Protocols | No |
19 | Hacking APIs - Early Access | Hacking APIs - Early Access | Yes |
20 | Web Security For Developers | Web Security For Developers | No |
21 | Pentesting Azure Applications | Pentesting Azure Applications | Yes |
22 | Black Hat Python, 2nd Edition | Black Hat Python, 2nd Edition | Yes |
23 | How Cybersecurity Really Works | How Cybersecurity Really Works | no |
24 | Beyond-the-Basic-Stuff-with-Python | Beyond-the-Basic-Stuff-with-Python | Yes |
25 | Learn Windows PowerShell in a Month of Lunches | Learn Windows PowerShell in a Month of Lunches | Yes |
26 | Real-World Bug Hunting - A Field Guide to Web Hacking | Real-World Bug Hunting - A Field Guide to Web Hacking | Yes |
27 | Penetration Testing - A hands-on introduction to Hacking | Penetration Testing - A hands-on introduction to Hacking | Yes |
28 | The Hacker Playbook 3 - Practical Guide To Penetration Testing | The Hacker Playbook 3 - Practical Guide To Penetration Testing | no |
29 | Enumerating Esoteric Attack Surfaces by Jann Moon | Enumerating Esoteric Attack Surfaces by Jann Moon | no |
30 | Practical Packet Analysis | Practical Packet Analysis | Yes |
31 | Wicked Cool Shell Scripts.pdf | Wicked Cool Shell Scripts.pdf | Yes |
32 | Wicked Cool Perl Scripts | Wicked Cool Perl Scripts | Yes |
33 | wicked-cool-ruby-scripts | wicked-cool-ruby-scripts | Yes |
34 | perl-one-liners | perl-one-liners | Yes |
35 | the-book-of-ruby | the-book-of-ruby | Yes |
36 | Ruby by Example | Ruby by Example | no |
37 | PowerShell_for_Sysadmins | PowerShell_for_Sysadmins | Yes |
38 | Webbots, Spiders, and Screen Scrapers | Webbots, Spiders, and Screen Scrapers | - |
39 | mining-social-media | mining-social-media | Yes |
40 | How-Linux-Works | How-Linux-Works | Yes |
41 | Mastering Modern Web Penetration Testing | Mastering Modern Web Penetration Testing | no |
42 | The tangled Web a guide to securing modern Web applications | The tangled Web a guide to securing modern Web applications | no |
Index | Book Name | Book Link |
---|---|---|
1 | 12-Rules-for-Life | 12-Rules-for-Life |
2 | Atomic Habits | Atomic Habits |
3 | Build_Dont_Talk | Build_Dont_Talk |
4 | DoEpicShit | DoEpicShit |
5 | Dont Believe Everything You Think | Dont Believe Everything You Think |
6 | How to win in friends | How to win in friends |
7 | Ikigai | Ikigai |
8 | Marcus-Aurelius-Meditations | Marcus-Aurelius-Meditations |
9 | Think_Straight | Think_Straight |
10 | cant hurt me | cant hurt me |
11 | do it today | do it today |
12 | eat the frog | eat the frog |
• Always try to chain vulnerability one to another to increase the severity
• finding vulnerability is half the war and then selling that vulnerability is half war
• Use a proxy and check all the resources that are being called when you visit a site or application
• find paramter/enpoints/input fields
• try different payloads according to the waf
• image and javascript: payload are most common
• Allow's an attacker to perform an action they don't intend to perform
• delete a/c, change email, change password, if old password not req,
add new role if role system exist, change normal information, last/first name,
change profile picture/delete it post xss to csrf
• CSRF Bypasses: Delete token and send request with blank parameter
Delete token parameter
Change request from POST to GET
Change Body encoding
Replace token with random value
Delete referee or use this line in CSRF file | <meta name="referrer" content="no-referrer">
Use another user token
Changing one character in token, Content length bypass
• Attacker exploit this vulnerability to access unauthorize data by manupilating parameters in request
• Always required two accounts for ID paramters
• check for id which seems in order, in victim account copy to attacker account and id response is 200 idor is successfull
• id types:-
Decimal shorter than 8 digits
decimal 8 or more digits
Name/email
uuid
other - non-bruteforceable
Hexadecimal 8 more digits
other - bruteforceable
hash
• It's a vulnerability that allows an attacker to cause the server-side application to make request to unintended location
• Mostly leverage this vulnerability while loging/logout page may redirected to another page.
• Observe the url in burpsuite
• check out github file for eg: /~https://github.com/Raunaksplanet/My-CS-Store/blob/main/Bug%20Bounty/Open-Redirect-Example.txt
• most vulnerable functionality is password reset
• Ways of ACT
1. Oauth
2. JWT verification
3. No rate limit on OTP verification on password reset
5. OTP Bypass Through Response Manipulation
6. idor
• offten times happen due to IDOR or unsecured endpoint
• check the response and source code values that can be hardcoded
• Mostly found in support chat file upload
• upload normal and file and intercept the request, file data can be changed to malicious content using burpsuite
• Some times using developer tool to change the file type from img to text can lead to xss due to less checking at backend.
• https://twitter.com/i/u?iid=F6542&uid=1134885524&nid=22+26&sig=647192e86e28fb6691db2502c5ef6cf3xxx
• Notice the parameter UID. This UID happens to be the user ID of the currently signed-in Twitter account.
After noticing the UID, Tasci did what most hackers would do—he tried changing the UID to that of
another user, but nothing happened. Twitter just returned an error. Tasci tried adding a second UID parameter
so the URL looked like this Success! He managed to unsubscribe another user from their email notifications
Tool Name | Repository Link |
---|---|
Sub-domain Enumeration | Sub-domain-enumeration |
Parameter Enumeration | parameter-enumeration |
CRTsh | CRTsh |
wappalyzer-CLI | wappalyzer-CLI |
Report Title | Report Link |
---|---|
No Rate Limit Vulnerability Report | View Report |
No. | Platform | Website |
---|---|---|
1. | HackerOne | HackerOne |
2. | BugCrowd | BugCrowd |
3. | Open Bug Bounty | Open Bug Bounty |
4. | Intigriti | Intigriti |
5. | Detectify | Detectify |
6. | Synack | Synack |
7. | Cobalt | Cobalt |
8. | Zerocopter | Zerocopter |
9. | YesWeHack | YesWeHack |
10. | KackenProof | KackenProof |
11. | Vulnerability Lab | Vulnerability Lab |
12. | AntiHack | AntiHack |
13. | FireBounty | FireBounty |
14. | BugBounty.jp | BugBounty.jp |
15. | CyberArmy ID | CyberArmy ID |
16. | Safe Hats | Safe Hats |
17. | Red Storm | Red Storm |
18. | Yogosha | Yogosha |
19. | bugbase | bugbase |
All the resources, Roadmap, CTF, programming knowledge, YT channels related to Cyber Security
are documented here.
-
Learn Linux Command Line:
-
Learn Linux File System:
-
Linux Learning/Helping Resources:
-
C++:
-
Java:
-
Python:
-
HTML, CSS:
1. HTML
2. CSS
3. JavaScript (JS)
4. PHP
5. MySQL
6. TypeScript
1. C
2. C++
3. Java
4. Python
5. Rust
6. Go
7. C#
1. Bash
2. PowerShell
3. Ruby
4. Perl
5. Lua
6. Python
7. VBScript
1. YAML
2. JSON
3. XML
4. Markdown
5. TOML
- Metasploitable (Linux)
- HBH.sh
- PicoCTF
- Pwned Labs
- TryHackMe
- HackingHub
- Hacking Hub
- HTB Labs
- PentesterLab
- HTB Academy
- Exploit Education
- VulnHub (OS Related)
- RootMe
- PortSwigger (Web Related)
- OverTheWire (Linux)
- CompTIA Security+ Labs
- Trailhead
- awesome-vulnerable-apps
- THM All Free Labs List
- awesome-hacker-search-engines
- API Security
1. Comptia: A+, Security+, Network+, Linux+, Pentest+, CySa+, casp+, ITF+
2. EC-COUNCIL: CEH
3. Ine-Security: eJPT, eWPTX
- Reverse & bind shell
- Cyber Security Roadmap by TCM 2023
- TCE (The Cyber Expert):
- Reverse Engineering
- Binary Exploitation
- MYSQL & SQL
- Bitten Tech
- Ethical Sharmaji
- hackbin
- David Bombal
- PortSwigger1
- PortSwigger2
- Cyber World Hindi
- Cyberwings Security
- Technical MotaBhai
1. maltego, BurpSuite, Metasploit, Air-crack-ng, JohnTheRipper
2. SQLMap, netcat, hashcat, kismet, wifite
3. dirbuster, nikto, sublister, nmap, FFUF
4. Katana, BinWalk, Masscan, Hydra, Hashid
5. Crunch, snort, ltrace, subfinder, Rust Scan
6. HTTTPX, Zap, FeroxBuster, Steghide, Which
7. Wheris, find, locate