Resources-for-Beginner-Bug-Bounty-Hunters

Talks 🤓

The Truth About Recon
The Bug Hunter's Methodology v4.0 - Recon Edition by @jhaddix #NahamCon2020! -It’s the Little Things - BSides Portland 2018 by @NahamSec
Who, What, Where, When, Wordlist by @TomNomNom #NahamCon2020
GitHub Recon and Sensitive Data Exposure
Creating Wordlists for Hacking, Pentesting & Bug Bounty Hunting Using Seclists, Bigquery, and More!
Hacking IIS (Recon) by infosec_au
Knock knock, Who's There? Identifying Assets in the Cloud

XSS on Google Search - Sanitizing HTML in The Client? - LiveOverflow
- The Fix
DEF CON 27 Conference - By NahamSec - Owning The Clout Through Server Side Request Forgery
Orange Tsai - Infiltrating Corporate Intranet Like NSA Preauth RCE - DEF CON 27 Conference
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
You've Got Pwned: Exploiting E-Mail Systems by @securinti #NahamCon2020!
Practical Attacks Using HTTP Request Smuggling by @defparam #NahamCon2020

Subdomain Takeovers, beyond the basics for Pentesters and Bug Bounty Hunters
albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference
Server-Side Template Injection: RCE For The Modern Web App
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
Finding DOMXSS with DevTools | Untrusted Types Chrome Extension
Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty) - STÖK & Fisher
AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle

Getting Started with Android App Testing with Genymotion
Exploiting Android deep links and exported components - Ekoparty Mobile Hacking Space Talk
Android Hacking #VirSecCon2020
Advanced Android Bug Bounty skills - Ben Actis
Android Application Exploitation - Red Team Village
Android App Reverse Engineering LIVE!
Android App Penetration Testing 101
Fun with Frida on Mobile