Merge pull request #173 from Hacker0x01/djwy-design-revamp

@tomdev and I reviewed all the changes. We rebased the master into this, and by closing this PR, we can close all the open pull requests for this repository. Thanks to everyone for their contributions 🥳
Hacker0x01 · Apr 22, 2024 · 7256093 · 7256093
2 parents d21c4e7 + 3fc85f8
commit 7256093
Show file tree

Hide file tree

Showing 10 changed files with 97 additions and 59 deletions.
diff --git a/_includes/header.html b/_includes/header.html
@@ -13,11 +13,6 @@
       </button>
       <div class="collapse navbar-collapse" id="navbarSupportedContent">
         <ul class="navbar-nav mr-auto">
-          <li class="nav-item">
-            <a href="{{ "/announcements" | relative_url }}" class="nav-link text-light">
-              Announcements
-            </a>
-          </li>
           <li class="nav-item">
             <a href="{{ "/start-here" | relative_url }}" class="nav-link text-light">
               Getting Started

diff --git a/_sass/bootstrap/_variables.scss b/_sass/bootstrap/_variables.scss
@@ -286,7 +286,7 @@ $font-size-sm:                $font-size-base * .875 !default;
 $font-weight-lighter:         lighter !default;
 $font-weight-light:           300 !default;
 $font-weight-normal:          400 !default;
-$font-weight-bold:            700 !default;
+$font-weight-bold:            600 !default;
 $font-weight-bolder:          bolder !default;
 
 $font-weight-base:            $font-weight-normal !default;

diff --git a/_sass/bootstrap/utilities/_background.scss b/_sass/bootstrap/utilities/_background.scss
@@ -10,10 +10,6 @@
   }
 }
 
-.bg-white {
-  background-color: $white !important;
-}
-
 .bg-transparent {
   background-color: transparent !important;
 }
diff --git a/assets/ron-chan.jpg b/assets/ron-chan.jpg
diff --git a/conferences/hacktivitycon/0tomvh.md b/conferences/hacktivitycon/0tomvh.md
@@ -0,0 +1,13 @@
+---
+layout: page
+title: How I got from 0 to MVH
+video_src: https://www.youtube-nocookie.com/embed/M48hOtExUII
+---
+
+Speaker 
+-----------------
+STÖK is a hacker, content creator, and creative with 25 years as a professional in Information Technology. STÖK is not only dedicated to bring excellent content and share new techniques to the red-team and bounty community but also strives to inspire the next generation of hackers to enter the infosec space.
+
+Abstract
+-----------------
+STÖK gets asked "How do I get started in bug bounties?" every day, and it's been like that since the first day he began his own bounty journey about 2 years ago. In 2020, there are so many different paths to choose, and it can be really overwhelming for someone that wants to break into the hacking space. Should you focus on VDPs? Should you do CTFs? Should you spend your time doing recon? Should you automate stuff? Or should you go app deep? There is no right or wrong way to do it, but the most important thing is to simply take action, and simply just start hacking.
diff --git a/conferences/hacktivitycon/grafanassrf.md b/conferences/hacktivitycon/grafanassrf.md
@@ -0,0 +1,19 @@
+---
+layout: page
+title:  Graphing Out Internal Networks with CVE-2020-13379 (Unauthed Grafana SSRF)
+video_src: https://www.youtube-nocookie.com/embed/NWHOmYbLrZ0
+---
+
+Speaker 
+-----------------
+Justin Gardner is a full-time bug bounty hunter based near Tokyo, Japan. His focus in the security space is on web vulnerabilities and automated reconnaissance as pertains to bug bounty hunting. Before bug bounty hunting full-time, Justin was held various roles in IT ranging from software developer to IT architect, as well as consulting as a penetration tester with SynerComm for 2 years. Outside of security, Justin loves Jesus, spending time with his wife Mariah, volleyball, learning languages, and Brazilian jiu-jitsu.
+
+Abstract
+-----------------
+This talk outlines the experience of discovering a full-read unauthed SSRF vulnerability in a product used by thousands of companies in their DMZs. There will be 3 main sections of this talk: the discovery, the exploitation, and the results. 
+
+Starting with the discovery of this bug, we'll discuss some methodology of looking at open-source software for security vulnerabilities and how this led to the discovery of CVE-2020-13379. Included in this section will be defining your goals for what kind of impact you wish to achieve, identifying areas of interest, and perseverance (also known as going down the rabbit hole). 
+
+From there, we'll dive into a demo of the bug. This will include a working PoC for CVE-2020-13379, an exploitation kit that will assist in full exploitation, and a summary of some useful escalation techniques. We will also discuss what it looks like to use this bug against companies who host Grafana instances in the DMZ or in the internal network. 
+
+To bring it all around, we'll talk about the experience of reporting this bug to different vendors and mass-exploitation across bug bounty programs. This will include some lessons learned from mass-exploitation, some awesome collaboration with very skilled hackers, and some great interactions with programs.
diff --git a/index.md b/index.md
@@ -53,3 +53,31 @@ title: Home
     </div>
   </div>
 </div>
+<div class="container">
+  <div class="row">
+    <div class="col-md-6 py-4">
+      <img src="/assets/ron-chan.jpg" alt="Hacker: Ron Chan" class="img-fluid rounded-lg" height="400" />
+    </div>
+    <div class="col-md-6 py-4 align-self-center">
+      <h2>
+        MEET HACKER: RON CHAN
+      </h2>
+      <span class="h5">
+        From Hong Kong
+      </span>
+      <p class="lead my-3">
+        He just got $30K in a week for hacking on Airbnb&#8217;s public
+        <a href="https://hackerone.com/airbnb">#bugbounty program</a>!
+      </p>
+      <blockquote class="blockquote text-success my-3">
+        <span class="position-absolute" style="left: 7px">&#8220;</span>
+        I learned everything about hacking from Hacker101. It is so
+        resourceful. I started with knowing nothing. Now I&#8217;m a hacker
+        full-time!&#8221;
+      </blockquote>
+      <a href="/start-here" class="btn btn-outline-secondary">
+        Learn like Ron!
+      </a>
+    </div>
+  </div>
+</div>
diff --git a/playlists/hacktivitycon.md b/playlists/hacktivitycon.md
@@ -5,37 +5,35 @@ title: H@cktivitycon
 
 h@cktivitycon is a HackerOne hosted hacker conference built by the community for the community. h@cktivitycon is a place for hackers to learn, share, and meet friends. Hear talks and panelists exploring offensive hacking techniques, recon skills, target selection and more.
 
+Talks
+---
+
+### H@cktivitycon 2021
+
+- [Keynote: Launching an InfoSec Career](/conferences/hacktivitycon2021/keynote)
+- [Breaking Down OffSec Certifications](/conferences/hacktivitycon2021/offsec_panel)
+- [All Your (Data)base Are Belong To Us](/conferences/hacktivitycon2021/vulnerability_research)
+- [Developing CTFs: Writing and Hosting Intentionally Vulnerable Applications](/conferences/hacktivitycon2021/ctfdev)
+- [InfoSec: A broken industry that keeps it insecure and risky](/conferences/hacktivitycon2021/infosec_insecure_risky)
+- [TruffleHog Chrome Extension](/conferences/hacktivitycon2021/trufflehog)
+- [Introducing Networking and Security Through TikTok](/conferences/hacktivitycon2021/networking_security_tiktok)
+- [Haptyc: A Library for Building Microfuzzers in Turbo Intruder](/conferences/hacktivitycon2021/haptyc)
+- [Hacking on Bug Bounties for Five Years](/conferences/hacktivitycon2021/bugbountyfor5years)
+
+### H@cktivitycon 2020
 
-<div class="row">
-  <div class="col-md-10">
-    <h2>H@cktivitycon 2021</h2>
-    <ul>
-		<li><a href="../conferences/hacktivitycon2021/keynote">Keynote: Launching an InfoSec Career<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/offsec_panel">Breaking Down OffSec Certifications<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/vulnerability_research">All Your (Data)base Are Belong To Us<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/ctfdev">Developing CTFs: Writing and Hosting Intentionally Vulnerable Applications<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/infosec_insecure_risky">InfoSec: A broken industry that keeps it insecure and risky<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/trufflehog">TruffleHog Chrome Extension<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/networking_security_tiktok">Introducing Networking and Security Through TikTok<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/haptyc">Haptyc: A Library for Building Microfuzzers in Turbo Intruder<span class="badge badge-pill badge-secondary">New!</span></a></li>
-		<li><a href="../conferences/hacktivitycon2021/bugbountyfor5years">Hacking on Bug Bounties for Five Years<span class="badge badge-pill badge-secondary">New!</span></a></li>
-	</ul></div>
-	  <div class="col-md-10">
-	  <h2>H@cktivitycon 2020</h2>
-	  <ul>
-    	<li><a href="../conferences/hacktivitycon2020/keynote">Keynote by Georgia Weidman</a></li>
-		<li><a href="../conferences/hacktivitycon2020/0tomvh">How I got from 0 to MVH</a></li>
-		<li><a href="../conferences/hacktivitycon2020/pentester_blueprint">The Pentester Blueprint: A Guide to Becoming a Pentester</a></li>
-		<li><a href="../conferences/hacktivitycon2020/tbhm">The Bug Hunter's Methodology v4: Recon Edition</a></li>
-		<li><a href="../conferences/hacktivitycon2020/burnouts">Dealing with Burnouts</a></li>
-		<li><a href="../conferences/hacktivitycon2020/grafanassrf">Graphing Out Internal Networks with CVE-2020-13379 (Unauthed Grafana SSRF)</a></li>
-		<li><a href="../conferences/hacktivitycon2020/carivi">From an 'IVI in a box' to a 'CAR in a box'</a></li>
-		<li><a href="../conferences/hacktivitycon2020/waf">WAF Bypass In Depth</a></li>
-		<li><a href="../conferences/hacktivitycon2020/penteststories">Pentest Story Time: My Favorite Hacks From the Past Year</a></li>
-		<li><a href="../conferences/hacktivitycon2020/beyondscope">Beyond the Borders of Scope</a></li>
-		<li><a href="../conferences/hacktivitycon2020/parse">The problem with Parse: A low-code server that endangers over 64,000,000 users</a></li>
-		<li><a href="../conferences/hacktivitycon2020/web_cache_deception">Cached and Confused: Web Cache Deception in the Wild</a></li>
-		<li><a href="../conferences/hacktivitycon2020/exploiting_email_systems">You've got pwned: exploiting e-mail systems</a></li>
-		<li><a href="../conferences/hacktivitycon2020/gitlab">The journey of finding and exploiting a bug in GitLab</a></li>
-		<li><a href="../conferences/hacktivitycon2020/codeql">Discover vulnerabilities with CodeQL</a></li>
-	</ul></div></div>
+- [Keynote by Georgia Weidman](/conferences/hacktivitycon2020/keynote)
+- [How I got from 0 to MVH](/conferences/hacktivitycon2020/0tomvh)
+- [The Pentester Blueprint: A Guide to Becoming a Pentester](/conferences/hacktivitycon2020/pentester_blueprint)
+- [The Bug Hunter's Methodology v4: Recon Edition](/conferences/hacktivitycon2020/tbhm)
+- [Dealing with Burnouts](/conferences/hacktivitycon2020/burnouts)
+- [Graphing Out Internal Networks with CVE-2020-13379 (Unauthed Grafana SSRF)](/conferences/hacktivitycon2020/grafanassrf)
+- [From an 'IVI in a box' to a 'CAR in a box'](/conferences/hacktivitycon2020/carivi)
+- [WAF Bypass In Depth](/conferences/hacktivitycon2020/waf)
+- [Pentest Story Time: My Favorite Hacks From the Past Year](/conferences/hacktivitycon2020/penteststories)
+- [Beyond the Borders of Scope](/conferences/hacktivitycon2020/beyondscope)
+- [The problem with Parse: A low-code server that endangers over 64,000,000 users](/conferences/hacktivitycon2020/parse)
+- [Cached and Confused: Web Cache Deception in the Wild](/conferences/hacktivitycon2020/web_cache_deception)
+- [You've got pwned: exploiting e-mail systems](/conferences/hacktivitycon2020/exploiting_email_systems)
+- [The journey of finding and exploiting a bug in GitLab](/conferences/hacktivitycon2020/gitlab)
+- [Discover vulnerabilities with CodeQL](/conferences/hacktivitycon2020/codeql)
diff --git a/resources.md b/resources.md
@@ -1,16 +1,9 @@
 ---
 layout: page
 title: Resources
----
-
-<ul>
-  {% for resource in site.resources %}
-    <li>
-      <a href="/resources#{{ resource.title | url_encode }}">{{ resource.title }}</a>
-    </li>
-  {% endfor %}
-</ul>
-
+sidebar:
+  - title: Jump to
+    resources: true
 ---
 
 {% for resource in site.resources %}

diff --git a/videos.md b/videos.md
@@ -1,6 +1,7 @@
 ---
 layout: page
 title: Video Lessons
+video_src: https://www.youtube-nocookie.com/embed/FTeE3OrTNoA
 sidebar:
   - title: "Learning Tracks"
     links:
@@ -12,11 +13,9 @@ sidebar:
         url: /playlists/pentesting_series
       - text: "Web Hacking"
         url: /playlists/web_hacking
-      - text: "Mentorship Mondays"
-        url: /playlists/mentorshipmondays
-        updated: true
       - text: "Mobile Hacking"
         url: /playlists/mobile_hacking
+        updated: true
       - text: "H@cktivitycon"
         url: /playlists/hacktivitycon
       - text: "Cryptography"
@@ -31,8 +30,6 @@ sidebar:
         url: /sessions/ssrf
       - text: "Mobile Hacking Crash Course"
         url: /sessions/mobile_crash_course
-      - text: Introduction to Docker Hacking 
-        url: /sessions/docker_hacking
 ---
 
 These videos will help you learn a diverse set of topics. If you want to see specifics of what a session covers, simply click its title.
@@ -43,4 +40,3 @@ These videos will help you learn a diverse set of topics. If you want to see spe
 
 ## Featured Lesson
 Check out [JavaScript for Hackers by STÖK](/sessions/javascript_for_hackers)!
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/FTeE3OrTNoA" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>