/learn250

Learn250

Join me on my journey of learning for 250 days! It'll be indeed a fun challenge and we'll learn various things together. Not only that, it will help me keep myself organized, motivated and focused ;)

Day Topic
1
  • HTTP Request Smuggling on business.apple.com and Others. - Writeup
2
  • A strategy to land your first pentest job. - Blog
  • Android Pentesting Setup On Macbook M1 - Blog
  • A Sneak Peek into Smart Contracts Reversing and Emulation - Blog
3
  • iOS Pentesting 101 - Blog
  • Watch out the links : Account takeover! - Writeup
  • Design Flaw : A Tale of Permanent DOS - Writeup
  • Understanding Android Basics - Blog
4
  • Log4shell in google - Writeup
  • The Bad Twin: a peculiar case of JWT exploitation scenario - Writeup
  • How I Hacked A Crypto Company And Could Steal 1 Million Dollars Worth of Bitcoin - Writeup
  • When Equal is Not, Another WebView Takeover Story - Writeup
  • Story about more than 3.5 million PII leakage in Yahoo!!! - Writeup
5
  • Android SSL Pinning Bypass for Bug Bounties & Penetration Testing - Video
  • Andriod Studio Emulator(AVD) Rooting with Magisk using rootAVD - Video
  • Andriod Pentesting lab Setup - Blog
  • SSL Pinning Bypass with Frida Framework - Blog
  • Bypassing SSL pinning on Andriod - Blog
6
  • Hacking Android Apps with Frida - Video
  • Android App Penetration Testing 101 - Video
  • ANDROID APP SECURITY BASICS - Video
  • Hacker101: Common Android Bugs Pt. 1 - Video
7
  • Hail Frida!! The Universal SSL pinning bypass for Android applications - Blog
8
  • Day 5 and Day 6
9
  • Hacking Android Deeplink Issues - Video
  • Exploiting Android deep links and exported components - Video
  • Andriod App Pentesting - Guide by hacktricks
  • How I made $10K in bug bounties from GitHub secret leaks - Writeup
10 List of intentionally Vulnerable Andriod apps to learn andriod pentesting:

  • Damn Vulnerable Hybrid Mobile Application
  • Android Digital Bank
  • Damn Insecure and Vulnerable Application
  • Andriod Insecure Bank v2
  • Insecure Shop
  • Damn Vulnerable Android Application
  • OWASP GoatDriod
  • Oversecured Vulnerable Andriod App
  • Andriod Security Checklist - Blog
11
  • Everything you need to know about FFUF - Blog
  • How to Master FFUF for Bug Bounties and Pen Testing - Video
12
  • Android security checklist: WebView - Blog
13
  • How To Hack API In 60 Minutes With Open Source Tools - Blog
14
  • How we spoofed ENS domains for $15k - Writeup
  • How I was able to see likes and dislikes count even though is hidden by victim - Writeup
15
  • Find new domains of a company using SSL Certificates - Bug Bounty Recon (Blog)
  • What VPS to choose? - Blog
16
  • Authentication bypass using root array - Writeup
17
  • Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace - Blog
18
  • Cache Key Normalization DoS - Blog
19 List of some recon suites

  • reconFTW
  • Osmedeus
  • reNgine
20
  • How Did I Leak 5.2k Customer Data From a Large Company? - Writeup
21
  • CVE-2022-21449: Psychic Signatures in Java
22
  • Exploiting Deep Links in Android - Part 1 (Article)
  • Android Pentest: Deep Link Exploitation - Blog
23
  • Bypass Apple Corp SSO on Apple Admin Panel - Writeup
24
  • Rest and some work