Bug Bounty Cheat Sheet
Reference 🔎 Vulnerabilities Bug Bounty Platforms XSS Books SQLi Special Tools SSRF Recon CRLF Injection Practice Platforms CSV Injection Bug Bounty Tips LFI XXE RCE Open Redirect Crypto Template Injection Content Injection XSLT Injection Contributing We welcome contributions from the public. Using the issue tracker 💡 The issue tracker is the preferred channel for bug reports and features requests. Issues and labels 🏷 Our bug tracker utilizes several labels to help organize and identify issues. Guidelines for bug reports 🐛 Use the GitHub issue search — check if the issue has already been reported. Style Guide We like to keep our Markdown files as uniform as possible. So if you submit a PR, make sure to follow this style guide (we will not be angry if you do not). Cheat sheet titles should start with ##. Subheadings should be made bold. (**Subheading**) Add newlines after subheadings and code blocks. Code blocks should use three backticks. (```) Make sure to use syntax highlighting whenever possible. Contributors EdOverflow GerbenJavado jon_bottarini sp1d3r yasinS neutrinoguy kuromatae And many more ...
FEATURES
ALTERNATIVES
A collection of lab scripts and files for learning about containers and container internals.
Collection of recent infosec/hacking videos from conferences.
Comprehensive documentation for ThreatConnect's REST API and SDKs.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
Teaching Security provides educational resources and lessons for teaching cybersecurity concepts to high school students.
An article in Phrack Magazine discussing the creation of shellcode for StrongARM/Linux architecture.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.