├── README.md └── _config.yml /README.md: -------------------------------------------------------------------------------- 1 | # 漏洞挖掘365天挑战 2 | 3 | 时间: 2022.1.1——2023.1.1 4 | 5 | 6 | 欢迎关注我的小报童:[P小二的每日思考](https://xiaobot.net/p/pxiaoer) 每日更新 7 | 8 | 9 | 还可以加我的微信交流: pxiaoer2025 10 | 11 | ## 目录 12 | 13 | [博客目录](https://pxiaoer.blog/2022/01/01/hacking-2022/) 14 | 15 | - Day001:谈谈目标选择 16 | - Day002:OWASP Top 10 2021 17 | - Day003:最重要的第一步侦察 18 | - Day004:CVE是什么? 19 | - Day005:DVWA练习 20 | - Day006:学习安全与挖洞 21 | - Day007: Github扫描 22 | - Day008: 漏洞挖掘网站检查表 23 | - Day009: 安全的本质 24 | - Day010: 解决安全问题 25 | - Day011: 漏洞挖掘的前期准备 26 | - Day012: 身份认证 27 | - Day013:Recon之回到从前 28 | - Day014:Recon之子域名发现 29 | - Day015:Recon之从IP地址集开始 30 | - Day016:Recon之从JS文件入手 31 | - Day017:Recon之AWS Hacking 32 | - Day018:Recon之Github扫描 33 | - Day019:Recon之内容发现 34 | - Day020:Recon之基于范围的自动化(1) 35 | - Day021:Recon之基于范围的自动化(2) 36 | - Day022:Recon之基于范围的自动化(3) 37 | - Day023:漏洞学习之开放式重定向 38 | - Day024:漏洞挖掘的另一种思路 39 | - Day025:如何4年内从漏赏金中挣到100万刀 40 | - Day026:新手bug bounty hunters的误区 41 | - Day027:Anessha的第一个Bounty 42 | - Day028:怎么三年内在Bug Bounty上挣58.8万美元 43 | - Day029:YouTube Recon 44 | - Day030:10种不同的技术发现和绕过Web应用中的重定向漏洞 45 | - Day031:漏洞报告学习之Open Redirect Scanner with Uber.com 46 | - Day032:漏洞报告学习之Full Response SSRF via Google Drive 47 | - Day033:漏洞报告学习之 $100 For Twenty Minutes of Work 48 | - Day034:漏洞报告学习之Host Header Injection On Password Reset Functionality 49 | - Day035:漏洞报告学习之Multiple vulnerability leading to account takeover in TikTok SMB subdomain. 50 | - Day036:漏洞报告学习之 My First Pre-Auth Account Takeover in 20 secs 51 | - Day037:漏洞报告学习之A business logic error bug worth 600$ 52 | - Day038:漏洞报告学习之Credential stuffing in Bug bounty hunting 53 | - Day039:漏洞挖掘,你需要先成为程序员吗? 54 | - Day040:skavans的全职挖洞时间表 55 | - Day041:skavans的第一个五位数漏洞奖励 56 | - Day042:漏洞报告学习之Full account takeover through referral code 57 | - Day043:漏洞报告学习之How I got $200 in 30 Seconds 58 | - Day044:漏洞报告学习之 400$ Bounty again using Google Dorks 59 | - Day045:漏洞报告学习之 Password Reset to Admin Access 60 | - Day046:最好的5个bugbountytips 61 | - Day047:漏洞报告学习之How I was able to bypass the admin panel without the credentials. 62 | - Day048:漏洞报告学习之 CSRF in Instagram 63 | - Day049:漏洞报告学习之 Authentication Bypass Easy P1 in 10 minutes 64 | - Day050:漏洞报告学习之$5000 Google IDOR Vulnerability Writeup 65 | - Day051:漏洞报告学习之How I accessed the Sensitive document which I had already deleted 66 | - Day052:blackhat议题之AIModel-Mutator: Finding Vulnerabilities in TensorFlow 67 | - Day053:blackhat议题之Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond 68 | - Day054:blackhat议题之The Bad Guys Win – Analysis of 10,000 Magecart Vulnerabilities 69 | - Day055:blackhat议题之They Hacked Thousands of Cloud Accounts Then Sent Us Weird GIFs 70 | - Day056:blackhat议题之Zen and the Art of Adversarial Machine Learning 71 | - Day057:漏洞挖掘实践之开放式重定向 72 | - Day058:漏洞挖掘工具化之开放式重定向 73 | - Day059:2月总结 74 | - Day060:漏洞学习之CSRF 75 | - Day061:漏洞报告学习之Reflected xss and open redirect on larksuite.com using /?back_uri= parameter 76 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-architect --------------------------------------------------------------------------------