Bug Bounty Hunting for Server-Side Request Forgery - Who, What, When, Where, How, and Why?
HTML-код
- Опубликовано: 11 сен 2024
- As requested by @abdonito8254!
Notes and example code: github.com/R-s...
Questions:
WHY are you executing the attack?
WHO is the victim?
WHAT Technology are you exploiting?
WHEN will you execute the attack?
WHERE can I execute the attack?
HOW will you deliver the payload?
Follow along with my methodology here: ars0nsecurity....
Hire Me! - ars0nsecurity.com
Watch Live! - / rs0n_live
Free Tools! - github.com/R-s0n
Connect! - / harrison-richardson-ci...
really enjoying this series, glad to see you uploading again.
I'm so glad it's helpful! I had to get some ducks in a row with the methodology and framework, but there shouldn't be any major gaps in the future!
Aced it again brother no one explains it like you excellent thank you
Awesome
Sir you are just one of the most awesome hackers out there ❤
Haha, thank you so much for the kind words but I promise that is not true. I actually run a Blue Team and I'm a very "Middle of the road" penetration tester, especially outside of web-based vulns.
But, what I do have is a good wealth of knowledge in both Red Teaming and Blue Teaming, as well as a *very* strong foundational knowledge of the technology itself. I really think that is the key, you can't have one without the other, and you need to start with a strong understanding of the technology.
Ofcourse Sir , you can't have one without the other@@rs0n_live
Damnn 🎉 thank you so much for accept my request ❤
No problem! I do these with my team, all the time, so they are easy to make. Hope it helps!!
Authentication Vulnerabilities
Can you please teach us every aspect of broken authentication and session management? 😄
I'll do my best, haha! Obviously anything under creative testing becomes very contextual to the application and specific use-case, but there are certainly a ton of general rules we can go over!
I see you have some source code linked too; would you have any tips tricks or even resources on how to get better at that?
Do you mean for finding vulnerabilities in source code, similar to the OSWE methodology or doing CVE research?
@@rs0n_live finding vulnerabilities in source code is something I’m trying to get better at so if you have any insight on that would be appreciated. I don’t have much of a developer background I primarily do black box testing
Sql Vulnerability please
I've gotten that request a few times. That will be my next Questions Exercise question I do!
please make it on SQLI in details please +
Sure, that one should be easy. I think I could do one for all database injections since the should have the same answers...
It's on the list! (and I'll include a practical example 😉)
Thanks waiting for your video @@rs0n_live
try to give it in a practical example too
Sure, I can definitely do that! Thank you for the feedback 🙏
looking forward for your video cheers!!@@rs0n_live
do you have discord ???
Not an official one yet. I'm playing around with the idea. Moderating would be tough, I'm already stretched so thin.
@@rs0n_live and Next Twitch or youtube stream on ?