writeups >>

Article >>

https://labs.detectify.com/category/writeups/
https://aacle.notion.site/Authentication-Bypass-69f83728f62842e197f406fed83b0d0b
https://book.hacktricks.xyz/welcome/readme
https://medium.com/@uttamgupta_/some-burp-suite-extension-to-automate-and-easy-your-work-9cb181443464
https://www.levelupinfosec.com/freestuff
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/
https://www.bugbountyhunting.com/
https://pentester.land/
https://github.com/dwisiswant0/awesome-oneliner-bugbounty
https://gowsundar.gitbook.io/book-of-bugbounty-tips/ssrf
https://www.infosecmatter.com/bug-bounty-tips-2-jun-30/#10-find-rocketmq-consoles-with-shodan
https://exploit-notes.hdks.org/exploit/web/framework/python/django-pentesting/

 
Information Disclosure >>

https://infosecwriteups.com/how-i-found-aws-api-keys-using-trufflehog-and-validated-them-using-enumerate-iam-tool-cd6ba7c86d09
https://infosecwriteups.com/22-6k-github-stars-note-taking-app-hit-by-critical-xss-vulnerability-842da56ae265
https://infosecwriteups.com/1000-bug-using-simple-graphql-introspection-query-b68da8260877
https://medium.com/@omarahmed_13016/graphql-path-traversal-lead-to-disclosure-of-pii-38597b8446d4


 
SSRF >>>> 

https://mike-n1.github.io/SSRF_P4toP2
https://rodoassis.medium.com/on-ssrf-server-side-request-forgery-or-simple-stuff-rodolfo-found-part-i-4edf7ee75389
https://github.com/request/request/issues/3442
https://medium.com/@theUnixe/exploiting-ssrf-vulnerability-to-gain-unauthorized-access-to-aws-data-619afef4e974
https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-3-b0f5997e3739



ATO >>>>

https://ar1fshaikh.medium.com/1st-ato-how-i-exploited-security-issue-to-take-over-admin-account-e0ae309dc356




Subdomain Takeover >>>>

https://0xpatrik.com/




Response Manupulation >>>>

https://elgllad.medium.com/response-manipulation-worth-2000-91f1104d934f



SQL > RCE >>>>

https://infosecwriteups.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398



CSRF >>>>

https://infosecwriteups.com/hacking-csrf-bypassing-of-csrf-token-f03b51c36d31




SQLi >>>>

https://jareddouville.medium.com/moveit-zero-day-attack-exposes-critical-sql-injection-vulnerability-and-data-theft-risks-c1430b8a5185
https://diegojoelcondoriquispe.medium.com/sql-blind-time-based-header-x-forwarded-for-adf70cc4d1ba
https://medium.com/@bug4y0u/how-i-got-4-sqli-vulnerabilities-at-one-target-manually-using-the-repeater-tab-ed4eb1f84147
https://melguerdawi.medium.com/javascript-analysis-to-sql-injection-ca763f9c4c4e




CTF >>>>

https://medium.com/@michal.ap8/ctflearn-gobustme-writeup-c7370ff04dc



Access Control >>>>

https://medium.com/@a13h1/webinar-pro-or-not-the-500-access-control-bug-5cf28cd80543



WAF Bypass >>>>

https://0xm5awy.medium.com/discovering-7-open-redirect-bypasses-and-3-xss-bypasses-within-a-single-program-using-same-8e87581e1a75
https://infosecwriteups.com/akamai-bypass-advanced-xss-68634f082859



403 Bypass >>>

https://infosecwriteups.com/hunting-for-hidden-treasures-unveiling-the-403-bypass-bug-bounty-adventure-%EF%B8%8F-%EF%B8%8F-c6d17a0282ac



Recon >>>>

https://hossamshady.medium.com/best-recon-methodology-b0e78c9dfd57



Admin Panel Bypass >>>>

https://medium.com/@medz20876/blog-post-bypassing-an-admin-panel-with-sql-injection-20b844442711


---------------------------------------------------------------------------

https://medium.com/@jay_rana/critical-bug-alert-how-i-hacked-into-a-companys-database-287fa27c8339
https://medium.com/@katmaca2014/pdf-upload-leading-to-stored-xss-f712326705ee
https://medium.com/@jeetpal2007/easiest-way-to-find-rce-package-dependency-25aa9cf47dcb
https://medium.com/@shari7a0x/how-i-hacked-nasa-and-get-8-bugs-e5cd397a6af9


-------------------------------------------------------------------------------


Methodology >>>>

https://github.com/Az0x7/vulnerability-Checklist/blob/main/Bussiness%20Logic/bussiness%20logic.md
https://gowthams.gitbook.io/bughunter-handbook/getting-started-in-bug-bounties
https://bug-hunting-pen-testing-adrianalvird.vercel.app/
https://gowsundar.gitbook.io/book-of-bugbounty-tips/
https://swisskyrepo.github.io/PayloadsAllTheThings/#documentation
https://blog.securitybreached.org/2023/08/18/bug-bounty-blueprint-a-beginners-guide/
https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987
https://ars0nsecurity.com/pages/methodology
https://github.com/trilokdhaked/Bug-Bounty-Methodology


---------------------------------------------------------------------------------

Reports >>>>

https://hackerone.com/hacktivity/overview
https://bugcrowd.com/crowdstream
https://bughunters.google.com/report/reports
https://github.com/linuxadi/40k-nuclei-templates
https://github.com/jaikishantulswani/bb-reports-templates