100daysofcyber

Tracking my progress for 100 days learning something new daily....

Day 1

Revisiting Computer Networks:

1. Computer Networking Full Course - OSI Model Deep Dive with Real Life Examples
2. OSI MODEL in easiest Way (best way to remember OSI layers and their role)

--

Read book till pg 20

zseanos methodology

Day 2

1. Read a good blog on BugBounty Methodology :

• BUG HUNTING METHODOLOGY FOR BEGINNERS

2. Subdomain Takeover: https://github.com/EdOverflow/can-i-take-over-xyz

3. How to take over a subdomain in Google Cloud DNS

4. Found a subdomain takeover in a private Bugbounty Program

Day 3

1. Learing Google Cloud Platform from Youtube: https://www.youtube.com/playlist?list=PLBGx66SQNZ8YWRUw6yicKtD4AIpUl_YiJ

2. Tried exploiting subdomain takeover but google cloud not assigning the desired namesever shard while creating DNS Zone. Build script to create Zones recursively but it is randomly assigning only -a1 and -b1, But I need ns-cloud-d1.googledomains[.]com.

Day 4

1. Did recon on a Private Bug Bounty Program.

2. Read on SSTI from Portswigger Labs

3. Solved Basic server-side template injection

Day 5

Solved all the server-side template injection (SSTI) labs from Portswigger Web-Security Labs.

• Basic server-side template injection (code context)

• Server-side template injection using documentation

• Server-side template injection in an unknown language with a documented exploit

• Server-side template injection with information disclosure via user-supplied objects

• Server-side template injection in a sandboxed environment

• Server-side template injection with a custom exploit

Day 6

1. Did recon on a private program.
2. Read Book:

• Protection of National Critical Information Infrastructure

Day 7

1. Completed all the Access control vulnerabilities labs from Portswigger Web-Security Labs.
2. Read Blog on SSTI: Handlebars template injection and RCE in a Shopify app
3. Stared working on my BugBounty Recon Tool : Designed Basic Workflow Diagram

Day 8

1. Read writeup: Delete any Video or Reel on Facebook (11,250$)
2. Watched the First Half playlist by technical guftgu on CCNA for revisiting networking concepts

Day 9

1. Solved Portswigger Labs:Authentication Bypass
2. Read Blogs:

• Fastly Subdomain Takeover $2000
• Bypass IP Restrictions with Burp Suite
• OTP Leaking Through Cookie Leads to Account Takeover
• Determining your hacking targets with recon and automation

Day 10

1. Did recon on a bugbounty target.
2. Read Blogs:

• OTP Bypassing and Vulnerabilities from E-Mail fields
• $350 XSS in 15 minutes

Day 11

1. Found critical IDOR revealing PII and OTP bypass on a domain
2. Read blog:

• Params — Discovering Hidden Treasure in WebApps

Day 12

Prepared Detailed Report of both the bugs (critical IDOR revealing PII & OTP-bypass) and submitted them.

Read Blog:

• What I learnt from reading 220* IDOR bug reports

Day 13

1. Read: Guide to Bug Bounty Hunting
2. Did recon on an domain.

Day 14

1. Found another IDOR on a domain.
2. Read Blog: Swagger API

Day 15

1. Solved CORS labs from Portswigger Web Security Academy

2. Read blogs

• Bypassing SSRF Protection
• Oauth misconfiguration == Pre-Account Takeover
• Authentication Bypass,File Upload,Arbitrary File Overwrite

Day 16

1. Did enumeration on a domain.
2. Read about Business logic vulnerabilities: http://portswigger.net/web-security/logic-flaws

Day 17

1. Tried exploiting OTP bypass on a BugBounty program
2. Solved some of the Business logic vulnerabilities from portswigger labs

Day 18

Read Blogs:

1. SSRF leading to AWS keys leakage
2. Bypass Apple’s redirection process with the dot (“.”) character
3. Cross site leaks
4. What is Doxing?
5. $500 in 5 minutes (broken link automation)

Day 19

1. Did recon on a domain
2. Read blogs

• Using Nuclei template to find subdomain takeover
• Automated and Continuous Recon/Attack Surface Management — Amass Track and DB

Day 20

1. Solved labs of Bussiness logic flaws Portswigger.
2. Read Blogs:

• Blind XSS in Email Field; 1000$ bounty
• Web-Cache Poisoning $$$? Worth it?

Day 21

Read Race Conditon Blogs:

• What Is a Race Condition?
• RACE Condition vulnerability found in bug-bounty program
• Hacktricks.xyz Race Condition

Day22

1. Working on the recon tool.
2. Read blog:

• Broken Authentication and Session Management Tips

Day23

1. Working on the recon tool
2. Read blogs:

• How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
• Subdomain takeover on GitHub Pages using Google Dorks

Day24

1. Solved remaining bussiness logic vulnerability labs from Portswigger Web Security Academy.
2. Read blog:

• How I fuzz and hack APIs?

Day25

1. Tested API on an edtech website exposing PII.
2. Read Blog:

• Everything about Cookie and Its Security

Day26

1. Revisted notes.
2. Read blogs:

• How I Earned $1000 From Business Logic Vulnerability
• Seven Common Ways To Bypass Login Page
• Password Stealing from HTTPS Login Page & CSRF Protection bypass via XSS

Day27

1. Working on the recon tool.
2. Read blog:

• Horizontal domain correlation
• How to pull off a successful NoSQL Injection attack
• OWASP NoSQL(Fun with Objects and Arrays)

Day28

1. Completed Udemy Course on "Cybersecurity Incident Handling and Response"

2. Read blog:

• A Story of a $750 Broken Access Control

• XSS via Chat bot — Cloudflare Bypassed

Day29

1. Read blog:

• She hacked a billionaire, a bank and you could be next
• Flipper Zero:
  • http://youtube.com/watch?v=VF3xlAm_tdo
  • http://youtube.com/watch?v=yKTzek8EZ4E
• Grey Areas of Bugbounty World

Day30

1. Working on Enum Tool.
2. Read blog:

• How to spoof e-mails. (DMARC, SPF, and Phishing)
• How I could have read your confidential bug reports by simple mail?
• Destroying the Scammers Portal — SBI Scam

Day31

1. Working on Enum Tool. (implemented keylogger and discord webhooks)
2. Read blog:

• Tips for BAC and IDOR Vulnerabilities
• Kerala Police YouTube Takeover Incident Analysis

Day32

1. Working on the enum tool: (Implemented screenshot,system info gathering functionality)
2. Read blog:

• SSH key injection in Google Cloud Compute Engine

Day33

Read Blog:

• Finding and Exploiting Unintended Functionality in Main Web App APIs

Day34

1. Read Guide: zseanos methodology (pg: 20-30)
2. Read Blog:

• Full Company Building Takeover
• PHP Type Juggling Vulnerabilities

Day35

1. Revisited Notes of Enumerating Various Services in Pentesting
2. Read Blog:

• Bypassing Captcha Like a Boss
• Git security audit reveals critical overflow bugs

Day36

1. Solved tryhackme room:

• Intro to Offensive Security
• Web Application Security
• Intro to Digital Forensics

2. Read Blog:

• 3 Step IDOR in HackerResume
• Hacking Government-Millions of Death-Certificate

Day37

1. Read about SSRF.
2. Read Blog:

• Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
• Dependency Confusion
• RCE via Dependency Confusion

Day38

1. Read about SQLi
2. Read Blogs:

• Burp Suite Extensions for Web Hunting
• From Zero to Adversary: APTs

Day39

1. Read about FTP, SSH, SMTP DNS, and its pentesting.
2. Wrote Blog:

• Uncovering Vulnerabilities: Overview of Web Application Penetration Testing

3. Read Blog:

• Pentest - Everything SMTP

Day40

1. Revisted NFS,RDP,VNC, LDAP,WinRM,mssql,MySQL pentesting.
2. Read Blog:

• A logic flaw in npm

Day 41

1. Revisted Insecure File Uploads.
2. Tested a webapp.
3. Read blog:

• Intro to the Content Security Policy (CSP)
• What is the Same-Origin Policy?

Day 42

1. Revisted XSS and javascript.
2. Read Blogs:

• Top 25 XSS Bug Bounty Reports
• Uncle Rat's Ultimate XSS Beginner Guide

Day 43

1. Revisited SNMP, SMB, MSRPC pentesting.
2. Reading Blog:

• Top 25 XSS Bug Bounty Reports

Day 44

1. Reading Notes:

• XSS (Cross Site Scripting)

Day 45

1. Solved DOM XSS Labs from Portswigger
2. Read Blog:

• Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
• How i Hacked Scopely with “Sign in with Google”

Day 46

1. Watched networking tutorials (MAC,ARP)
2. Read blogs:

• XSS, Flash Cross-Domain Policy, and CSRF Discovered on a Single Website

Day 47

1. Did recon on a domain.
2. Read blogs:

• Research | How can Local File Inclusion lead to RCE?
• Two Factor Authentication Bypass On Facebook

Day 48

1. Did recon on a domain and read about 403 bypass.
2. Read blogs:

• HOW TO LAUNCH COMMAND PROMPT AND POWERSHELL FROM MS PAINT
• Story of a weird vulnerability I found on Facebook

Day 49

1. Did ssl pinning bypass on Android and learning static analysis.
2. Read blogs:

• DOM-Based XSS for fun and profit $$$!
• API Misconfiguration - No Swag of SwaggerUI
• How I identified & reported vulnerabilities in Oracle & the rewards of responsible disclosure:From Backup Leak to Hall of Fame
• From Error_Log File(P4) To Company Account Takeover(P1) & Unauthorized Actions On API

Day 50

1. Revisited Linux Privilege Escalation from Notes
2. Read blog:

• AWS S3 CTF Challenges

Day 51

1. Read CORS from Portswigger http://portswigger.net/web-security/cors
2. Read blog:

• How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website
• Web 3.0 : The Future of Web and CyberSecurity

Day 52

1. Solved CORS labs from Portswigger
2. Read blog:

• How we made $120k bug bounty in a year with good automation
• Sensitive information disclosure through API

Day 53

1. Researched and preparing list of most common interview questions in cybersecurity.
2. Read blog:

• How I was able to bypass OTP code requirement in Razer
• Bug Bounty Hunting 101, Js files Diving

Day 54

1. Solved box MrRobot on TryHackMe
2. Read blog:

• Account TakeOver using Resend OTP Functionality
• WHAT IS THREAT MODELING?
• Watch out the links : Account takeover

Day 55

1. Solved box Eavesdropper on http://tryhackme.com/room/eavesdropper
2. Read blog:

• Facebook Information Disclosure Bug $X000
• How I got a $2000 bounty with RXSS
• Subdomain Enumeration Guide

Day 56

1. Read blog/video:

• Demystifying Cookies & Tokens!!
• SSRF That Allowed Us to Access Whole Infra Web Services and Many More
• HubSpot Full Account Takeover in Bug Bounty

Day 57

1. Revisited Windows Privilege Escalation from Notes.
2. Read Blogs:

• Guide to Permutations Subdomain Enumeration
• Give me a browser, I’ll give you a Shell
• Reveal the Cloud with Google Dorks

Day 58

1. Revisited AD basics from notes and http://tryhackme.com
2. Read Blogs:

• We Hacked GitHub for a Month : Here’s What We Found

Day 59

1. Watched some networking lectures on YouTube.
2. Read Blogs:

• The Science of Learning for Hackers
• Why are you getting indexed by crawlers
• I Cracked OSWE at 18

Day 60

Read Blogs:

• WAF Bypass + XSS on The MOST Popular Movie Ticket website
• Simplify Your Web Application Testing with These Python Snippets
• The Inside Story of Finding a Reverse Transaction Vulnerability in a Financial Application
• How I got $$$$ Bounty within 5 mins

Day 61

1. Learned some windows priv esc techniques.
2. Read Blogs:

• Facebook bug: A Journey from Code Execution to S3 Data Leak
• LM, NTLM, Net-NTLMv2, oh my!
• Rotten Potato – Privilege Escalation from Service Accounts to SYSTEM

Day 62

1. Configured AD for testing purpose.
2. Read Blogs:

• Found an URL in android application source code which lead to IDOR
• Hacking Apple:Two Successful Exploits and Positive Thoughts on their BB Program

Day 63

1. Read Blogs:

• Information Disclosure in Adobe Experience Manager
• [1500$ Worth — Slack] vulnerability, bypass invite accept process

Day 64

1. Read Blogs:

• Let’s build a Chrome Spy Extension that steals everything
• Cybersecurity Top 10 Predictions for 2023
• API 101: Securing the REST APIs

Day 65

1. Read about Zerologon vuln & Updated OSCP boxes sheet.
2. Read Blogs:

• Zerologon?? Easy Way To Take Over Active Directory
• CVE Hunting Tips #004

Day 66

1. Solved Tryhackme room: Active Directory

https://tryhackme.com/room/winadbasics

2. Read Blogs:

• How did I found RCE on SHAREit which rewarded $$$ bounty
• How do I take over another user subdomain name worth $$$$

Day 67

1. Did recon on Target, found a bug as .git exposed.
2. Read Blogs:

• Little bug, Big impact. 25k bounty
• $10.000 bounty for exposed .git to RCE
• The Tale of a Command Injection by Changing the Logo

Day 68

1. Read Blogs:

• Exploiting Auto-save Functionality To Steal Login Credentials
• Account Takeover Worth $900
• Easy bounties and Hall of fame

Day 69

1. Read Blogs:

• If you think invite code or referral code is useless, then you should read this (Another critical bug in crypto exchange)
• Account Takeover worth of $5
• Hacker101- Javascipt For Hackers

Day 70

1. Found a Vulnerability on a domain, but they aren't running any VDP😑
2. Read Blog:

• An Interesting Account Takeover!!
• How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?

Day 71

1. Revisited OWASP Top10. (this site has good graphical representation)

https://hacksplaining.com/owasp

2. Read Blogs:

• Unauthenticated GraphQL Introspection and API calls

Day 72

1. Read Blogs:

• OTP Verification Bypass
• 5 ChatGPT Prompts for Bug Bounty
• Create Your Own XSS Lab with ChatGPT

Day 73

1. Read Blogs:

• Bypassing the Redirect filters with 7 ways
• Hunting on ASPX Application For P1's [Unauthenticated SOAP,RCE, Info Disclosure]
• 30-Minute Heist: How I Bagged a $1500 Bounty in Just few Minutes!

Day 74

1. Completed 2/13 modules of API Pentesting course from https://apisecuniversity.com
2. Read Blogs:

• How I Used JS files inspection and Fuzzing to do admins/support stuff
• Bug Bounty Hunting 101:WAF Evasion
• Blind XSS fired on Admin panel worth $2000

Day 75

1. Solved SSRF labs from Portswigger Web Security
2. Read Blogs:

• The story of becoming a Super Admin
• 500$ Bounty in just 5 minutes through Recon!!!! AWS bucket Takeover
• Can you spot the vulnerability? Intigriti challenge DOM XSS

Day 76

1. Completed 3/13 modules of API Pentesting course from http://apisecuniversity.com
2. Read Blogs:

• STRIPE Live Key Exposed:: Bounty: $1000
• Bug Bounty Writeup $$$ || Parameter Tampering

Day 77

1. Completed 4/13 modules of API Pentesting course from http://apisecuniversity.com
2. Read Blogs:

• How to Use Autorize
• The story of how I was able to chain SSRF with Command Injection Vulnerability
• I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.

Day 78

1. Read Blogs:

• Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack
• Out-of-band application security testing (OAST)

Day 79

1. Solved CTF challenges
2. Read Blogs:

• Hacker101 CTF: Android Challenge Writeups
• The Secret Parameter, LFR, and Potential RCE in NodeJS Apps
• Microsoft NTLM

Day 80

1. Read Blogs:

• Stripe’s Two-Factor Authentication (2FA) Bypass
• REST API FUZZING
• CSRF in Importing CSV files [app . taxjar . com]

Day 81

1. Solved CSRF labs from Portswigger Web Security. https://portswigger.net/web-security/csrf
2. Read Blogs:

• OAuth 2.0 Authentication Misconfiguration
• How I Automate BugBounty Using Chatgpt

Day 82

1. Read Blogs:

• Shodan for Bug Bounty — and Why you shouldn’t use these 53 Dorks.
• Reconnaissance to Remote Code Execution:

Day 83

1. Read Blogs:

• Web Cache Deception Attack
• Stealing Users OAuth authorization code via redirect_uri
• Traveling with OAuth - Account Takeover on Booking .com

Day 84

1. Solved some CSRF labs from Portswigger Web Security.
2. Read Blogs:

• Single Sign-On: OAuth vs OIDC vs SAML— Part 1
• Story of a Beautiful Account Takeover.

Day 85

1. Solved OAuth labs from Portswigger Web Security.
2. Read Blog:

• CSRF Takedown: Defeating Web Exploits with Code
• CyberApocalypse CTF 2023 — HackTheBox

Day 86

1. Read Blogs:

• Using an Undocumented Amplify API to Leak AWS Account IDs
• My First Bug, Open redirect at Epic Games → $500 Bounty
• SameSite Cookie Attack
• The curl quirk that exposed Burp Suite & Google Chrome

Day 87

1. Developing a Enum Tool.
2. Read Blogs

• Cool Recon techniques every hacker misses!
• Weak session management leads to Account Takeover
• A short tell of LFI from PDF link

Day 88

1. Solved box OWASP Top10 2021 https://tryhackme.com/room/owasptop10
2. Read Blogs:

• Stealing Your Private YouTube Videos, One Frame at a Time
• What Is Endpoint Detection and Response (EDR)?

Day 89

1. Read Blogs:

• From P5 to P2, from nothing to 1000+$
• Reverse proxy misconfiguration leads to 1-click account takeover
• Waybackurls: A Powerful Tool for Cybersecurity Professionals to Enhance Reconnaissance and Identify Potential Vulnerabilities

Day 90

1. Read Blogs

• Account takeover in ChatGPT
• Blind XSS via SMS Support Chat — $1100 Bug Bounty!
• Broken Link Leads to hijacking of Twitter Account

Day 91

1. Read Blogs

• Disclosing users of any facebook app connected to business account
• Hacking Like Functionality of Twitter
• Evading SMS Security Feature of Prominent Mobile Antivirus

Day 92

1. Solved XXE labs from Portswigger Web Security.
2. Read Blogs

• How to use Burp Suite Like a PRO?
• $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty

Day 93

1. Read Blogs

• 3CX Breach Was a Double Supply Chain Compromise
• Story of How I was able to Find and report 100+ Information Disclosures on Some Programs of HackerOne and Bugcrowd
• How I detected Open Redirect on a WhatsApp Message
• ICICI Bank Data Leak – Millions of Records with Sensitive Data Exposed

Day 94

1. Wrote a blog on NTLM vs Kerberos: Understanding Authentication in Windows/Active Directory

2. Read Blog:

• How I Leveraged Open Redirect to Account Takeover

Day 95

1. Read Blog:

• 10 Google Dorks for Sensitive Data
• SSRF methodology by @iamaakashrathee
• Insecure Docker Registry API Leads To Pull All Private Docker Images

Day 96

1. Working on blog on Kerberoasting in AD.
2. Read Blog:

• Email authentication: How SPF, DKIM and DMARC work together
• Email spoofing with lack SPF and/or DMARC records

Day 97

1. Read Blog:

• (Reverse) shell to your Azure VM as ‘Local System’ user or ‘root’ user
• XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websites
• Finding XSS in a million websites (cPanel CVE-2023-29489)

Day 98

1. Read Blog:

• Unique Rate limit bypass worth 1800$
• Insecure deserialization
• HTTP response splitting attack

Day 99

1. Read Blog:

• Information disclosure by sending a GIF on LinkedIn
• CIDR IN HACKING

Day 100

1. Read Blogs:

• Simple Account Takeover Worth $9,999
• PHP Backdoor Obfuscation
• Code Injection via Python Sandbox Escape — how I got a shell inside a network

--END--