This will contain notes , techniques and tools used for pentesting , bug bounty and general hacking stuffs that i am trying to learn
-
Android SSL pinning bypass
- https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
- https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/
- https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
- https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/
-
Deep link writeups
-
Bug Bounty resource
-
Android Native library reversing
-
Amazon cognito authorization issues
- DEF CON 26 - Wesley McGrew - An Attacker Looks at Docker Approaching Multi Container Applications
- How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass & more
- Vulnerability Exploitation In Docker Container Environments
- GCP
- AWS
- Apple iCloud
- Kubernetes
- Generic Cloud
- https://research.nccgroup.com/2020/02/10/interfaces-d-to-rce/
- https://github.com/scriptingxss/IoTGoat
- Introduction
- Best Practices
- Common Attacks
- Examples
- https://hackerone.com/reports/202781
- hackerone.com/reports/314814
- hackerone.com/reports/110293
- https://hackerone.com/reports/210779