Cybersecurity

Cybersecurity - tbhm https://wiki.cyberdiary.net/ 2026-05-14T10:23:12+00:00 Cybersecurity https://wiki.cyberdiary.net/ https://wiki.cyberdiary.net/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2026-05-14T08:28:13+00:00 Anonymous (anonymous@undisclosed.example.com) 01_philosophy https://wiki.cyberdiary.net/doku.php?id=tbhm:01_philosophy&rev=1778747293&do=diff Philosophy Differences from standard testing Single-sourced: * looking mostly for common-ish vulns * not competing with others * incentivized for count * payment guaranteed and quality check based on approximation Crowdsourced: * looking for vulns that aren't as easy to find text/html 2026-05-14T09:11:30+00:00 Anonymous (anonymous@undisclosed.example.com) 02_discovery https://wiki.cyberdiary.net/doku.php?id=tbhm:02_discovery&rev=1778749890&do=diff Discovery Find the road less traveled This means find the application (or parts of an application) less tested. In wide scoped projects the flagship application will most liekly be heavily assessed. * ^.acme.com scope is your friend * Find domains via Google (and others!) text/html 2026-05-14T08:28:13+00:00 Anonymous (anonymous@undisclosed.example.com) 03_mapping https://wiki.cyberdiary.net/doku.php?id=tbhm:03_mapping&rev=1778747293&do=diff Mapping Mapping Tips: * Google Smart Directory Brute Forcing * RAFT lists (included in Seclists) * SVN Digger (included in Seclists) * Git Digger * Platform Identification: * Wapplyzer (Chrome) * Builtwith (Chrome) * retire.js (cmd-line or Burp) text/html 2026-05-14T08:59:17+00:00 Anonymous (anonymous@undisclosed.example.com) 04_authorization https://wiki.cyberdiary.net/doku.php?id=tbhm:04_authorization&rev=1778749157&do=diff Auth and Session Auth (better be quick) Auth Related (more in logic, priv, and transport sections) * User/pass discrepancy flaw * Registration page harvesting * Login page harvesting * Password reset page harvesting * No account lockout text/html 2026-05-14T09:42:21+00:00 Anonymous (anonymous@undisclosed.example.com) 05_xss https://wiki.cyberdiary.net/doku.php?id=tbhm:05_xss&rev=1778751741&do=diff Tactical Fuzzing - XSS XSS Core Idea: Does the page functionality display something to the users? For time sensitive testing the 80/20 rule applies. Many testers use Polyglot payloads. You probably have too! Multi-context, filter bypass based polyglot payload #1 (Rsnake XSS Cheat Sheet) text/html 2026-05-14T08:59:17+00:00 Anonymous (anonymous@undisclosed.example.com) 06_sqli https://wiki.cyberdiary.net/doku.php?id=tbhm:06_sqli&rev=1778749157&do=diff Tactical Fuzzing - SQLi SQL Injection Core Idea: Does the page look like it might need to call on stored data? There exist some SQLi polyglots, i.e (Mathias Karlsson): SLEEP(1) /*' or SLEEP(1) or '" or SLEEP(1) or "*/ Works in single quote context, works in double quote context, works in text/html 2026-05-14T08:28:14+00:00 Anonymous (anonymous@undisclosed.example.com) 07_file_upload https://wiki.cyberdiary.net/doku.php?id=tbhm:07_file_upload&rev=1778747294&do=diff Tactical Fuzzing - FI & Uploads Local file inclusion Core Idea: Does it (or can it) interact with the server file system? Liffy is new and cool here but you can also use Seclists. Malicious File Upload This is an important and common attack vector in this type of testing. A file upload functions need a lot of protections to be adequately secure. text/html 2026-05-14T09:50:28+00:00 Anonymous (anonymous@undisclosed.example.com) 08_csrf https://wiki.cyberdiary.net/doku.php?id=tbhm:08_csrf&rev=1778752228&do=diff CSRF Testing Testing CSRF On Application * CSRF Normal * Change Method To GET-Based * Change Value Of CSRF-Token To undefined * Delete CSRF Token Value Or Delete Token Parameter * Use The same CSRF Value In Different Accounts * Replace Value CSRF Token with Same Length Characters text/html 2026-05-14T08:28:14+00:00 Anonymous (anonymous@undisclosed.example.com) 09_privilege https://wiki.cyberdiary.net/doku.php?id=tbhm:09_privilege&rev=1778747294&do=diff Privilege, Transport, Logic Privilege Often logic, priv, auth bugs are blurred. Testing user priv: * admin has power * peon has none * peon can use function only meant for admin More Privilege * Find site functionality that is restricted to certain user types text/html 2026-05-14T08:28:14+00:00 Anonymous (anonymous@undisclosed.example.com) 10_mobile https://wiki.cyberdiary.net/doku.php?id=tbhm:10_mobile&rev=1778747294&do=diff Mobile Data Storage Its common to see mobile apps not applying encryption to the files that store PII. Common places to find PII unencrypted * Phone system logs (avail to all apps) * webkit cache (cache.db) * plists, dbs, etc * hardcoded in the binary text/html 2026-05-14T08:28:14+00:00 Anonymous (anonymous@undisclosed.example.com) 11_auxiliary https://wiki.cyberdiary.net/doku.php?id=tbhm:11_auxiliary&rev=1778747294&do=diff Auxiliary The vulns formerly known as "noise" * Content Spoofing or HTML injection * Referer leakage * security headers * path disclosure * clickjacking * ++ How to test a web app in n minutes How can you get maximum results within a given time window? text/html 2026-05-14T09:52:24+00:00 Anonymous (anonymous@undisclosed.example.com) 12_idor https://wiki.cyberdiary.net/doku.php?id=tbhm:12_idor&rev=1778752344&do=diff Insecure Direct Object References IDOR Overview To be continued... Zseano IDOR Additions * Try integers even when you see GUIDs -- server may accept both formats * Inject “id”:“1” into JSON POST bodies even when not normally present * text/html 2026-05-14T08:28:14+00:00 Anonymous (anonymous@undisclosed.example.com) fast_checklist https://wiki.cyberdiary.net/doku.php?id=tbhm:fast_checklist&rev=1778747294&do=diff # Fast Testing Checklist A combination of my own methodology and the Web Application Hacker's Handbook Task checklist. Contents - App Recon and analysis - Test handling of access - Test handling of input - Test application logic - Assess application hosting - Miscellaneous tests text/html 2026-05-14T08:18:49+00:00 Anonymous (anonymous@undisclosed.example.com) start https://wiki.cyberdiary.net/doku.php?id=tbhm:start&rev=1778746729&do=diff The Bug Hunter's Methodology (TBHM) A comprehensive methodology for web application bug bounty hunting, based on Jason Haddix's Bug Hunter's Methodology. Chapters * 01 - Philosophy - Mindset, differences from standard testing, report writing tips * 02 - Discovery - Finding the road less traveled, recon tools, port scanning text/html 2026-05-14T08:18:35+00:00 Anonymous (anonymous@undisclosed.example.com) test https://wiki.cyberdiary.net/doku.php?id=tbhm:test&rev=1778746715&do=diff test content text/html 2026-05-14T08:28:14+00:00 Anonymous (anonymous@undisclosed.example.com) v4 https://wiki.cyberdiary.net/doku.php?id=tbhm:v4&rev=1778747294&do=diff # TBHM v4 ## New Files from v4 Content from the v4 update of The Bug Hunter's Methodology. (Additional content to be added as v4 materials are released.)