Bug Culture Wiki

Tools and Techniques

• Active Recon
• Web LLM Attacks
• Fuzzing
• Attacking APIs
• Response Manipulation
• Smart Card Linking
• Privilege Escalation
• OSINT
• Password Cracking
• AV Evasion
• Nuclei
• Attacking Active Directory
• S3 Buckets
• Printers & MFPs

Application Testing

• Common Findings and Examples
• File Uploads
• Predictable Tokens
• Race Conditions
• Cross-origin Resource Sharing (CORS)
• Local File Inclusion
• Command Injection
• NoSQL Injection
• Cross-site Scripting (XSS)
• Cross-site Request Forgery (CSRF)
• Server-side Template Injection
• Broken Authentication
• Broken Access Controls
• XML External Entities (XXE)
• Server-Side Includes (SSI)
• Session Security
• Web Caches
• Clickjacking (UI redressing)

Infrastructure

• API Proxy with Cloudflare Workers
• Proxies and Redirectors

Resources

• Graphql
• Burp Extensions
• SQL Injection