/learn365

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Harsh Bothra. Huge thanks to Mehedi Hasan Remon, who originally created and maintained this repository.


S.NO Mind Map
1 2FA Bypass Techniques
2 Scope Based Recon
3 Cookie Based Authentication Vulnerabilities
4 Unauthenticated JIRA CVEs
5 Android Application Penetration Testing Checklist

Day Topic
1 2FA Bypass Techniques
2 Regular Expression Denial Of Service
3 SAML Vulnerabilities
4 Unauthenticated & Exploitable JIRA Vulnerabilities
5 Client-Side Template Injection(CSTI)
6 Cross-Site Leaks (XS-Leaks)
7 Cross-Site Script Includes (XSSI)
8 JSON Padding Attacks
9 JSON Attacks
10 Abusing Hop-by-Hop Headers
11 Cache Poisoned Denial of Service (CPDos)
12 Unicode Normalization
13 WebSocket Vulns (Part-1)
14 WebSocket Vulns (Part-2)
15 WebSocket Vulns (Part-3)
16 Web Cache Deception Attack
17 Session Puzzling Attack
18 Mass Assignment Attack
19 HTTP Parameter Pollution
20 GraphQL Series (Part-1)
21 GraphQL Vulnerabilities (Part-2)
22 GraphQL WrapUp (Part-3)
23 Password Reset Token Issues
24 My previous works
25 Salesforce Security Misconfiguration (Part-1)
26 Salesforce Security Misconfiguration (Part-2))
27 Salesforce Configuration Review (Wrap)
28 Common Business Logic Issues: Part-1
29 Common Business Logic Issues (Part-2)
30 Common Business Logic Issues (Wrap)
31 Captcha Bypass Techniques
32 Pentesting Kibana Service
33 Pentesting Docker Registry
34 HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1)
35 HTML Scriptless Attacks / Dangling Markup Attacks (Wrap)
36 Pentesting Rsync Service
37 CRLF Injection
38 Pentesting FTP Service
39 OpenID Connect Implementation Issues
40 Cookie Based Authentication Vulnerabilities
41 Cobalt Vulnerability Wiki - Resource
42 Race Conditions
43 SMTP Open Relay Attack
44 Pentesting BACNet
45 API Security Tips
46 Pentesting SSH - Talk
47 CORS Misconfiguration
48 Incomplete Trailing Escape Pattern Issue
49 Pivoting & Exploitation in Docker Environments - Talk
50 Detect Complex Code Patterns using Semantic grep - Talk
51 Student Roadmap to Become a Pentester - Talk
52 Hacking How-To Series - Playlist
53 JS Prototype Pollution
54 JSON Deserialization Attacks
55 Android App Dynamic Analysis using House
56 Testing IIS Servers
57 Secure Code Review - Talk
58 JSON Interoperability Vulnerabilities - Research Blog
59 HTTP Desync Attacks - Talk
60 XSLT Injection
61 Bypassing AWS Policies - Talk
62 Source Code Review Guidelines - Resource
63 All of the Threats: Intelligence, Modelling and Hunting - Talk
64 Hidden Property Abuse (HPA) attack in Node.js - Talk
65 HTTP Request Smuggling in 2020 - Talk
66 Dependecy Confusion Attack - Blog
67 Format String Vulnerabilities - Webinar
68 Mobile Application Dynamic Analysis - Webinar
69 Insecure Deserialization - Talk
70 Web Cache Entanglement - Talk + Blog
71 OWASP AMASS - Bootcamp
72 Offensive Javascript Techniques for Red Teamers
73 Basic CMD for Pentesters - Cheatsheet
74 Investigating and Defending Office 365 - Talk
75 WinjaCTF 2021 Solutions - Blog
76 Kubernetes Security: Attacking and Defending K8s Clusters - Talk
77 AWS Cloud Security - Resources
78 WAF Evasion Techniques - Blog
79 File Inclusion - All-in-One
80 DockerENT Insights - Tool Demo Talk
81 ImageMagick - Shell injection via PDF password : Research Blog
82 Offensive GraphQL API Pentesting - Talk
83 Bug Bounties with Bash - Talk
84 Chrome Extensions Code Review - Talk
85 Server-Side Template Injection - Talk
86 Exploiting GraphQL - Blog
87 Exploiting Email Systems - Talk
88 Hacking with DevTools - Tutorial
89 Common Android Application Vulnerabilities - Talk
90 SAML XML Injection - Research Blog
91 Finding Access Control & Authorization Issues with Burp - Blogs
92 OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk
93 JWT Attacks - Talk
94-102 Random Readings
103 Attacking Ruby on Rails Applications - Whitepaper
104 Pentesting a Chrome Extension: Real Life Case Study - Blog
105 XXE Simplified - Blog
106 Web Hacking Pro Tips #9 with @zseano - Talk
107 JS Prototype Pollution - Blog
108 XSS via GraphQL Endpoint - Blog
109 WS-2016-7107: CSRF tokens in Spring and the BREACH attack - Blog
110 AWS SSRF Metadata Leakage - Blog
111 Burp Suite Extension Development - Blog
112-115 Random Readings
116 Hacking OAuth Apps Pt-1 - Tutorial
117 Portable Data exFiltration: XSS for PDFs - Blog
118 PoC code and a case study on Task Hijacking in Android explaining how and why it works. (aka StrandHogg) - Blog
119 OAuth - Flawed CSRF Protection - Tutorial
120 Hacking Electron Apps with Electronegativity - Talk
121 Awesome ElectronJS Hacking Resources
122 Pentesting Blockchain Solutions - Tutorial
123-124 Random Readings
125 Oversized XML Attack - Wiki
126 XML Complexity Attack in Soap Header - Wiki
127 Web Service Attacks [Remaining] - Wiki
128 Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability - Blog
129 Automating Recon with Axiom - Talk
130 Testing Extensions in Chromium Browsers - Blog
131 iOS Pentesting Series Pt. - 1 - Tutorial
132 DNS Based Out of Band Blind SQL injection in Oracle — Dumping data - Blog
133 GitDorker Talk - Talk
134 Mobisec 2020 Slides - Slides & Videos
135 Web App Pentesting in Angular Context - Blog
136 RCE in Homebrew - Blog
137 WordPress Plugin Security Testing Cheat Sheet - Wiki
138 JavaScript prototype pollution: practice of finding and exploitation - Blog
139 HowTo: intercept mutually-authenticated TLS communications of a Java thick client - Blog
140 UBERNETES NAMESPACES ISOLATION - WHAT IT IS, WHAT IT ISN'T, LIFE, UNIVERSE AND EVERYTHING - Blog
141 Frag Attacks - Wiki
142 Free Automated Recon Using GH Actions - Talk
143 DAY[0] Episode 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling - Talk
144 Bug hunter adventures - Talk
145 Static Analysis of Client-Side JS Code - Blog
146 Method Confusion In Go SSTIs Lead To File Read And RCE - Blog
147 Finding and Exploiting Unintended Functionality in Main Web App APIs - Blog
148 SecuriTEA & Crumpets - Episode 6 - Gareth Heyes - Hackvertor - Talk
149 GraphQL CSRF - Blog
150 Deep dive into ART(Android Runtime) for dynamic binary analysis - Talk
151 13 Nagios Vulnerabilities - Blog
152 Frida Scripting Guide - Blog
153 Android Exported Activities and how to exploit them - Talk
154 XXE-scape through the front door: circumventing the firewall with HTTP request smuggling - Blog
155 Turning Blind RCE into Good RCE via DNS Exfiltration using Collabfiltrator - Blog
156 XSS in AWS Console - Blog
157 Adventures into HTTP2 and HTTP3 - Blog
158 AppCache's forgotten tales - Blog
159 CVE-2021-33564 Argument Injection in Ruby Dragonfly - Blog
160 DevSecOps 100 - Introductory Couse [Free] - Course
161 Unexpected Execution: Wild Ways Code Execution can Occur in Python - Talk
162 Retrieving AWS security credentials from the AWS console - Blog
163 Object Injection to SQL Injection & NoSql Injection Cheatsheet - Blog
164 HTTP Parameter Pollution - Blog
165 XXE Workshop - Labs
166 How to Analyze Code for Vulnerabilities - Talk
167 Testing 2FA - Blog
168 Your E-Mail Validation Logic is Wrong - Blog
169 Active Scanning Techniques - Blog
170 Bypassing 2FA using OpenId Misconfiguration - Blog
171 Security Shorts - Talk
172 The JavaScript Bridge in Modern Desktop Applications - Blog
173 Advanced Web Application Penetration Testing JWT Security Issues - Blog
174 Quick Analysis for the SSID Format String Bug - Blog
175 Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public) - Talk
176 iOS App Testing Through Burp on Corellium - blog
177 Blind XSS: setup your self-hosted XSS Hunter with the PwnMachine - Blog
178 Attacking GraphQL's Autocorrect - Blog
179 Apex Security Whitepaper - Paper + Labs
180 Django SSTI - Blog
181 Pen-Testing Salesforce SAAS Application - Blog
182 How to solve an XSS challenge from Intigriti in under 60 minutes - Blog
183 How to get the max out of an IDOR? - Blog
184 Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Blog
185 Some ways to find more IDOR - Blog
186 A supply-chain breach: Taking over an Atlassian account - Blog
187 alert() is dead, long live print() - Blog
188 Hacker Heroes #3 - @TomNomNom (Interview) - Talk
189 SSRF in ColdFusion/CFML Tags and Functions - Blog
190 $25,000 Facebook postMessage account takeover vulnerability - Video
191 Pentester Diaries Ep6: The Importance of Report Writing - Talk
192 Introduction to Web Cache Poisoning - Blog
193 Intercepting Flutter iOS Application - Blog
194 Credential stuffing in Bug bounty hunting - Blog
195 What is a Browser Security Sandbox?! (Learn to Hack Firefox) - Video
196 WILSON Cloud Respwnder - Blog
197 $20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204 - Video
198 Padding Oracle Attacks - Video
199 Demystifying the state of kubernetes cluster security - Video
200 Two One-liners for Quick ColdFusion Static Analysis Security Testing - Blog
201 So many different techniques to learn here! [CTF walkthrough] - Video
202 UDP Technology IP Camera vulnerabilities - Blog
203 Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0 - Blog
204 Reflected XSS Through Insecure Dynamic Loading - Blog
205 Stored XSS via Mermaid Prototype Pollution vulnerability - Blog
206 Getting Partial AWS Account IDs for any Cloudfront Website - Blog
207 Remote code execution in cdnjs of Cloudflare - Blog
208 Docker Security Series - Series
209 REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review - Talk
210 How to Build a Phishing Engagement – Coding TTP’s - Webcast
211 Deep Link Exploitation: Introduction & Open/unvalidated Redirection - Blog
212 Exploiting Android WebView Vulnerabilities - Blog
213 WooCommerce Unauthenticated SQL Injection Vulnerability - Blog
214 Traversing My Way in the Internal Network - Talk
215 How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools - Blog
216 Pre-Auth RCE in ManageEngine OPManager - Blog
217 Guest Blog Post - Attacking the DevTools - Blog
218 Kubernetes Hardening Guide - Blog
219 Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation - Blog
220 Do Not use alert(1) in XSS - Blog
221 A Look Into zseano's Thoughts When Testing a Target - Video
222 Zimbra 8.8.15 - Webmail Compromise via Email - Blog
223 Security XML Implementation across the Web - Blog
224 Potential remote code execution in PyPi - Blog
225 XXE Case Studies - Blog
226 HackerTools - NoSQLMap - Blog
227 Learn with @sec_r0: Attacks and Defenses to Docker & Kubernetes - Talk
228 Source Zero Con Talks - Talks
229 DevOps for Hackers with Hands-On Labs w/ Ralph May - Talks
230 Advanced Recon Guide - Blog
231 Just Gopher It: Escalating a Blind SSRF to RCE for $15k - Blog
232 Stealing Bitcoin with Cross-Site Request Forgery (Ride the Lightning + Umbrel) - Blog
233 Modify in-flight data to payment provider Smart2Pay - Blog
234 Hacker Heroes #9 - RobinZekerNiet (Interview) - Talk
235 Learn with @HolyBugx: Demystifying Cookies and Tokens - Talk
236 Hacker Tools: ReNgine – Automatic recon - Blog
237 FROM PWN2OWN 2021: A NEW ATTACK SURFACE ON MICROSOFT EXCHANGE - Blog
238 How to Hack Apple ID - Blog
239 Insecure Features in PDFs - Blog
240 Burp Upload Scanner - Blog
241 Adobe Reader - PDF callback via XSLT stylesheet in XFA - Blog
242 A Curious Exploration of Malicious PDF Documents - Blog
243 Common mistakes when using permissions in Android - Blog
244 iOS Pentesting 101 - Blog
245 API Tokens: A Tedious Survey - Blog
246 Cross-Site Request Forgery (CSRF) Complete Guide - Video
247 HTTP Desync Attack Explained With Paper - Video
248 AWS ReadOnlyAccess: Not Even Once - Blog
249 Understanding Salesforce Flows and Common Security Risks - Blog
250 Python context free payloads in Mako templates - Blog
251 CVE-2021-26084 Remote Code Execution on Confluence Servers
252 Introduction to smart contract security and hacking in Ethereum
253 Automating Authorization Testing: AuthMatrix – Part 1
254 Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing
255 More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers
256 Smart Contract Security Verification Standard
257 Remote File Inclusion Zines by @sec_r0
258 GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink
259 Write-Up on Facebook Bug
260 Mass assignment and learning new things
261 A different way to attack certain reverse proxies
262 Introducing Process Hiving & RunPE
263 IAM Vulnerable - An AWS IAM Privilege Escalation Playground
264 Complete Jailbreak Chart
265 OWASP Top 10 2021
266 Powershell for Pentesters
267 How to search for XSS (with blacklisted HTML tags)
268 How to learn anything in Computer Science or Cybersecurity - Security Simplified
269 Reused VMWare exploits & Escaping Azure Container Instances [Bug Bounty Podcast]
270 Docker Hacking
271 Getting Started in Blockchain Security and Smart Contract Auditing - Beau Bullock
272 HacktivityCon
273 CrikeyCon 2021 - Shubham Shah - Hacking on Bug Bounties for Five Years
274 Beginners Guide to 0day/CVE AppSec Research
275 VULNERABILITY DIGGING WITH CODEQL
276 OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
277 Post Exploitation - Transferring Files To Windows Targets
278 SecuriTEA & Crumpets - Episode 12 - Ksenia Peguero
279 Talk: Absolute AppSec Ep. #147 - James Kettle (@albinowax), Security Research
280 A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bug Bounty Podcast]
281 NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation Podcast]
282 Unusual Applications of OpenAI in Cybersecurity + How to get into CTFs
283 SiegeCast "COBALT STRIKE BASICS" with Tim Medin and Joe Vest
284 An Attacker's Approach to Pentesting IBM Cloud - fwd:cloudsec 2021
285 echo "Shell Injection"
286 Exploiting Jinja SSTI with limited payload size.
287 Fuzzing WebSocket messages on Burpsuite
288 Thinking About Simple SQL Injections
289 Training XSS Muscles
290 "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild
291 Chasing a Dream:: Pre-authenticated Remote Code Execution in Dedecms
292 Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts
293 Ping'ing XMLSec
294 10 Types of Web Vulnerabilities that are Often Missed
295 CVE-2021–35215, SolarWinds Orion Deserialization to RCE.
296 Bachelor's thesis on HTTP Request Smuggling
297 Stored XSS in markdown via the DesignReferenceFilter
298 Building a POC for CVE-2021-40438
299 Turbo Intruder: Embracing the billion-request attack
300 How to conduct a basic security code review - Security Simplified
301 How to Analyze Code for Vulnerabilities using Joern
302 Azure Privilege Escalation via Service Principal Abuse
303 CREATING A MALICIOUS AZURE AD OAUTH2 APPLICATION
304 0-Day Hunting (Chaining Bugs/Methodology)
305 Discourse SNS webhook RCE
306 Android Exploits 101 Workshop
307 SHELLS AND SOAP: WEBSPHERE DESERIALIZATION TO RCE
308 PHP-FPM LOCAL ROOT VULNERABILITY
309 Support Board 3.3.4 Arbitrary File Deletion to Remote Code Execution
310 SuDump: Exploiting suid binaries through the kernel
311 Attacking and Securing CI/CD Pipeline
312 Exploiting Protobuf Webapps
313 CookieMonster
314 Get shells with JET, the Jolokia Exploitation Toolkit
315 Android security checklist: WebView
316 5 Ways to Exploit a Domain Takeover Vulnerability
317 Create a proxy DLL with artifact kit
318 How to search for XXE!
319 Defeating Android Certificate Pinning with Frida
320 What can I do with Open Redirect with OAuth?
321 Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
322 T-Reqs: HTTP Request Smuggling with Differential Fuzzing
323 ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
324 MULTIPLE CONCRETE CMS VULNERABILITIES ( PART1 – RCE )
325 Android App Hacking Workshop
326 Secondary Contexts Slides
327 HTTP/2 request smuggling (explained using beer)
328 Scanning for hardcoded secrets in source code - Security Simplified
329 Staying sane in bug bounties
330 How Your E-book Might Be Reading You: Exploiting EPUB Reading Systems
331 Attacking SAML implementations
332 Uniscan: An RFI, LFI, and RCE Vulnerability Scanner