1 |
2FA Bypass Techniques |
2 |
Regular Expression Denial Of Service |
3 |
SAML Vulnerabilities |
4 |
Unauthenticated & Exploitable JIRA Vulnerabilities |
5 |
Client-Side Template Injection(CSTI) |
6 |
Cross-Site Leaks (XS-Leaks) |
7 |
Cross-Site Script Includes (XSSI) |
8 |
JSON Padding Attacks |
9 |
JSON Attacks |
10 |
Abusing Hop-by-Hop Headers |
11 |
Cache Poisoned Denial of Service (CPDos) |
12 |
Unicode Normalization |
13 |
WebSocket Vulns (Part-1) |
14 |
WebSocket Vulns (Part-2) |
15 |
WebSocket Vulns (Part-3) |
16 |
Web Cache Deception Attack |
17 |
Session Puzzling Attack |
18 |
Mass Assignment Attack |
19 |
HTTP Parameter Pollution |
20 |
GraphQL Series (Part-1) |
21 |
GraphQL Vulnerabilities (Part-2) |
22 |
GraphQL WrapUp (Part-3) |
23 |
Password Reset Token Issues |
24 |
My previous works |
25 |
Salesforce Security Misconfiguration (Part-1) |
26 |
Salesforce Security Misconfiguration (Part-2)) |
27 |
Salesforce Configuration Review (Wrap) |
28 |
Common Business Logic Issues: Part-1 |
29 |
Common Business Logic Issues (Part-2) |
30 |
Common Business Logic Issues (Wrap) |
31 |
Captcha Bypass Techniques |
32 |
Pentesting Kibana Service |
33 |
Pentesting Docker Registry |
34 |
HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1) |
35 |
HTML Scriptless Attacks / Dangling Markup Attacks (Wrap) |
36 |
Pentesting Rsync Service |
37 |
CRLF Injection |
38 |
Pentesting FTP Service |
39 |
OpenID Connect Implementation Issues |
40 |
Cookie Based Authentication Vulnerabilities |
41 |
Cobalt Vulnerability Wiki - Resource |
42 |
Race Conditions |
43 |
SMTP Open Relay Attack |
44 |
Pentesting BACNet |
45 |
API Security Tips |
46 |
Pentesting SSH - Talk |
47 |
CORS Misconfiguration |
48 |
Incomplete Trailing Escape Pattern Issue |
49 |
Pivoting & Exploitation in Docker Environments - Talk |
50 |
Detect Complex Code Patterns using Semantic grep - Talk |
51 |
Student Roadmap to Become a Pentester - Talk |
52 |
Hacking How-To Series - Playlist |
53 |
JS Prototype Pollution |
54 |
JSON Deserialization Attacks |
55 |
Android App Dynamic Analysis using House |
56 |
Testing IIS Servers |
57 |
Secure Code Review - Talk |
58 |
JSON Interoperability Vulnerabilities - Research Blog |
59 |
HTTP Desync Attacks - Talk |
60 |
XSLT Injection |
61 |
Bypassing AWS Policies - Talk |
62 |
Source Code Review Guidelines - Resource |
63 |
All of the Threats: Intelligence, Modelling and Hunting - Talk |
64 |
Hidden Property Abuse (HPA) attack in Node.js - Talk |
65 |
HTTP Request Smuggling in 2020 - Talk |
66 |
Dependecy Confusion Attack - Blog |
67 |
Format String Vulnerabilities - Webinar |
68 |
Mobile Application Dynamic Analysis - Webinar |
69 |
Insecure Deserialization - Talk |
70 |
Web Cache Entanglement - Talk + Blog |
71 |
OWASP AMASS - Bootcamp |
72 |
Offensive Javascript Techniques for Red Teamers |
73 |
Basic CMD for Pentesters - Cheatsheet |
74 |
Investigating and Defending Office 365 - Talk |
75 |
WinjaCTF 2021 Solutions - Blog |
76 |
Kubernetes Security: Attacking and Defending K8s Clusters - Talk |
77 |
AWS Cloud Security - Resources |
78 |
WAF Evasion Techniques - Blog |
79 |
File Inclusion - All-in-One |
80 |
DockerENT Insights - Tool Demo Talk |
81 |
ImageMagick - Shell injection via PDF password : Research Blog |
82 |
Offensive GraphQL API Pentesting - Talk |
83 |
Bug Bounties with Bash - Talk |
84 |
Chrome Extensions Code Review - Talk |
85 |
Server-Side Template Injection - Talk |
86 |
Exploiting GraphQL - Blog |
87 |
Exploiting Email Systems - Talk |
88 |
Hacking with DevTools - Tutorial |
89 |
Common Android Application Vulnerabilities - Talk |
90 |
SAML XML Injection - Research Blog |
91 |
Finding Access Control & Authorization Issues with Burp - Blogs |
92 |
OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk |
93 |
JWT Attacks - Talk |
94-102 |
Random Readings |
103 |
Attacking Ruby on Rails Applications - Whitepaper |
104 |
Pentesting a Chrome Extension: Real Life Case Study - Blog |
105 |
XXE Simplified - Blog |
106 |
Web Hacking Pro Tips #9 with @zseano - Talk |
107 |
JS Prototype Pollution - Blog |
108 |
XSS via GraphQL Endpoint - Blog |
109 |
WS-2016-7107: CSRF tokens in Spring and the BREACH attack - Blog |
110 |
AWS SSRF Metadata Leakage - Blog |
111 |
Burp Suite Extension Development - Blog |
112-115 |
Random Readings |
116 |
Hacking OAuth Apps Pt-1 - Tutorial |
117 |
Portable Data exFiltration: XSS for PDFs - Blog |
118 |
PoC code and a case study on Task Hijacking in Android explaining how and why it works. (aka StrandHogg) - Blog |
119 |
OAuth - Flawed CSRF Protection - Tutorial |
120 |
Hacking Electron Apps with Electronegativity - Talk |
121 |
Awesome ElectronJS Hacking Resources |
122 |
Pentesting Blockchain Solutions - Tutorial |
123-124 |
Random Readings |
125 |
Oversized XML Attack - Wiki |
126 |
XML Complexity Attack in Soap Header - Wiki |
127 |
Web Service Attacks [Remaining] - Wiki |
128 |
Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability - Blog |
129 |
Automating Recon with Axiom - Talk |
130 |
Testing Extensions in Chromium Browsers - Blog |
131 |
iOS Pentesting Series Pt. - 1 - Tutorial |
132 |
DNS Based Out of Band Blind SQL injection in Oracle — Dumping data - Blog |
133 |
GitDorker Talk - Talk |
134 |
Mobisec 2020 Slides - Slides & Videos |
135 |
Web App Pentesting in Angular Context - Blog |
136 |
RCE in Homebrew - Blog |
137 |
WordPress Plugin Security Testing Cheat Sheet - Wiki |
138 |
JavaScript prototype pollution: practice of finding and exploitation - Blog |
139 |
HowTo: intercept mutually-authenticated TLS communications of a Java thick client - Blog |
140 |
UBERNETES NAMESPACES ISOLATION - WHAT IT IS, WHAT IT ISN'T, LIFE, UNIVERSE AND EVERYTHING - Blog |
141 |
Frag Attacks - Wiki |
142 |
Free Automated Recon Using GH Actions - Talk |
143 |
DAY[0] Episode 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling - Talk |
144 |
Bug hunter adventures - Talk |
145 |
Static Analysis of Client-Side JS Code - Blog |
146 |
Method Confusion In Go SSTIs Lead To File Read And RCE - Blog |
147 |
Finding and Exploiting Unintended Functionality in Main Web App APIs - Blog |
148 |
SecuriTEA & Crumpets - Episode 6 - Gareth Heyes - Hackvertor - Talk |
149 |
GraphQL CSRF - Blog |
150 |
Deep dive into ART(Android Runtime) for dynamic binary analysis - Talk |
151 |
13 Nagios Vulnerabilities - Blog |
152 |
Frida Scripting Guide - Blog |
153 |
Android Exported Activities and how to exploit them - Talk |
154 |
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling - Blog |
155 |
Turning Blind RCE into Good RCE via DNS Exfiltration using Collabfiltrator - Blog |
156 |
XSS in AWS Console - Blog |
157 |
Adventures into HTTP2 and HTTP3 - Blog |
158 |
AppCache's forgotten tales - Blog |
159 |
CVE-2021-33564 Argument Injection in Ruby Dragonfly - Blog |
160 |
DevSecOps 100 - Introductory Couse [Free] - Course |
161 |
Unexpected Execution: Wild Ways Code Execution can Occur in Python - Talk |
162 |
Retrieving AWS security credentials from the AWS console - Blog |
163 |
Object Injection to SQL Injection & NoSql Injection Cheatsheet - Blog |
164 |
HTTP Parameter Pollution - Blog |
165 |
XXE Workshop - Labs |
166 |
How to Analyze Code for Vulnerabilities - Talk |
167 |
Testing 2FA - Blog |
168 |
Your E-Mail Validation Logic is Wrong - Blog |
169 |
Active Scanning Techniques - Blog |
170 |
Bypassing 2FA using OpenId Misconfiguration - Blog |
171 |
Security Shorts - Talk |
172 |
The JavaScript Bridge in Modern Desktop Applications - Blog |
173 |
Advanced Web Application Penetration Testing JWT Security Issues - Blog |
174 |
Quick Analysis for the SSID Format String Bug - Blog |
175 |
Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public) - Talk |
176 |
iOS App Testing Through Burp on Corellium - blog |
177 |
Blind XSS: setup your self-hosted XSS Hunter with the PwnMachine - Blog |
178 |
Attacking GraphQL's Autocorrect - Blog |
179 |
Apex Security Whitepaper - Paper + Labs |
180 |
Django SSTI - Blog |
181 |
Pen-Testing Salesforce SAAS Application - Blog |
182 |
How to solve an XSS challenge from Intigriti in under 60 minutes - Blog |
183 |
How to get the max out of an IDOR? - Blog |
184 |
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Blog |
185 |
Some ways to find more IDOR - Blog |
186 |
A supply-chain breach: Taking over an Atlassian account - Blog |
187 |
alert() is dead, long live print() - Blog |
188 |
Hacker Heroes #3 - @TomNomNom (Interview) - Talk |
189 |
SSRF in ColdFusion/CFML Tags and Functions - Blog |
190 |
$25,000 Facebook postMessage account takeover vulnerability - Video |
191 |
Pentester Diaries Ep6: The Importance of Report Writing - Talk |
192 |
Introduction to Web Cache Poisoning - Blog |
193 |
Intercepting Flutter iOS Application - Blog |
194 |
Credential stuffing in Bug bounty hunting - Blog |
195 |
What is a Browser Security Sandbox?! (Learn to Hack Firefox) - Video |
196 |
WILSON Cloud Respwnder - Blog |
197 |
$20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204 - Video |
198 |
Padding Oracle Attacks - Video |
199 |
Demystifying the state of kubernetes cluster security - Video |
200 |
Two One-liners for Quick ColdFusion Static Analysis Security Testing - Blog |
201 |
So many different techniques to learn here! [CTF walkthrough] - Video |
202 |
UDP Technology IP Camera vulnerabilities - Blog |
203 |
Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0 - Blog |
204 |
Reflected XSS Through Insecure Dynamic Loading - Blog |
205 |
Stored XSS via Mermaid Prototype Pollution vulnerability - Blog |
206 |
Getting Partial AWS Account IDs for any Cloudfront Website - Blog |
207 |
Remote code execution in cdnjs of Cloudflare - Blog |
208 |
Docker Security Series - Series |
209 |
REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review - Talk |
210 |
How to Build a Phishing Engagement – Coding TTP’s - Webcast |
211 |
Deep Link Exploitation: Introduction & Open/unvalidated Redirection - Blog |
212 |
Exploiting Android WebView Vulnerabilities - Blog |
213 |
WooCommerce Unauthenticated SQL Injection Vulnerability - Blog |
214 |
Traversing My Way in the Internal Network - Talk |
215 |
How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools - Blog |
216 |
Pre-Auth RCE in ManageEngine OPManager - Blog |
217 |
Guest Blog Post - Attacking the DevTools - Blog |
218 |
Kubernetes Hardening Guide - Blog |
219 |
Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation - Blog |
220 |
Do Not use alert(1) in XSS - Blog |
221 |
A Look Into zseano's Thoughts When Testing a Target - Video |
222 |
Zimbra 8.8.15 - Webmail Compromise via Email - Blog |
223 |
Security XML Implementation across the Web - Blog |
224 |
Potential remote code execution in PyPi - Blog |
225 |
XXE Case Studies - Blog |
226 |
HackerTools - NoSQLMap - Blog |
227 |
Learn with @sec_r0: Attacks and Defenses to Docker & Kubernetes - Talk |
228 |
Source Zero Con Talks - Talks |
229 |
DevOps for Hackers with Hands-On Labs w/ Ralph May - Talks |
230 |
Advanced Recon Guide - Blog |
231 |
Just Gopher It: Escalating a Blind SSRF to RCE for $15k - Blog |
232 |
Stealing Bitcoin with Cross-Site Request Forgery (Ride the Lightning + Umbrel) - Blog |
233 |
Modify in-flight data to payment provider Smart2Pay - Blog |
234 |
Hacker Heroes #9 - RobinZekerNiet (Interview) - Talk |
235 |
Learn with @HolyBugx: Demystifying Cookies and Tokens - Talk |
236 |
Hacker Tools: ReNgine – Automatic recon - Blog |
237 |
FROM PWN2OWN 2021: A NEW ATTACK SURFACE ON MICROSOFT EXCHANGE - Blog |
238 |
How to Hack Apple ID - Blog |
239 |
Insecure Features in PDFs - Blog |
240 |
Burp Upload Scanner - Blog |
241 |
Adobe Reader - PDF callback via XSLT stylesheet in XFA - Blog |
242 |
A Curious Exploration of Malicious PDF Documents - Blog |
243 |
Common mistakes when using permissions in Android - Blog |
244 |
iOS Pentesting 101 - Blog |
245 |
API Tokens: A Tedious Survey - Blog |
246 |
Cross-Site Request Forgery (CSRF) Complete Guide - Video |
247 |
HTTP Desync Attack Explained With Paper - Video |
248 |
AWS ReadOnlyAccess: Not Even Once - Blog |
249 |
Understanding Salesforce Flows and Common Security Risks - Blog |
250 |
Python context free payloads in Mako templates - Blog |
251 |
CVE-2021-26084 Remote Code Execution on Confluence Servers |
252 |
Introduction to smart contract security and hacking in Ethereum |
253 |
Automating Authorization Testing: AuthMatrix – Part 1 |
254 |
Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing |
255 |
More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers |
256 |
Smart Contract Security Verification Standard |
257 |
Remote File Inclusion Zines by @sec_r0 |
258 |
GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink |
259 |
Write-Up on Facebook Bug |
260 |
Mass assignment and learning new things |
261 |
A different way to attack certain reverse proxies |
262 |
Introducing Process Hiving & RunPE |
263 |
IAM Vulnerable - An AWS IAM Privilege Escalation Playground |
264 |
Complete Jailbreak Chart |
265 |
OWASP Top 10 2021 |
266 |
Powershell for Pentesters |
267 |
How to search for XSS (with blacklisted HTML tags) |
268 |
How to learn anything in Computer Science or Cybersecurity - Security Simplified |
269 |
Reused VMWare exploits & Escaping Azure Container Instances [Bug Bounty Podcast] |
270 |
Docker Hacking |
271 |
Getting Started in Blockchain Security and Smart Contract Auditing - Beau Bullock |
272 |
HacktivityCon |
273 |
CrikeyCon 2021 - Shubham Shah - Hacking on Bug Bounties for Five Years |
274 |
Beginners Guide to 0day/CVE AppSec Research |
275 |
VULNERABILITY DIGGING WITH CODEQL |
276 |
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers |
277 |
Post Exploitation - Transferring Files To Windows Targets |
278 |
SecuriTEA & Crumpets - Episode 12 - Ksenia Peguero |
279 |
Talk: Absolute AppSec Ep. #147 - James Kettle (@albinowax), Security Research |
280 |
A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bug Bounty Podcast] |
281 |
NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation Podcast] |
282 |
Unusual Applications of OpenAI in Cybersecurity + How to get into CTFs |
283 |
SiegeCast "COBALT STRIKE BASICS" with Tim Medin and Joe Vest |
284 |
An Attacker's Approach to Pentesting IBM Cloud - fwd:cloudsec 2021 |
285 |
echo "Shell Injection" |
286 |
Exploiting Jinja SSTI with limited payload size. |
287 |
Fuzzing WebSocket messages on Burpsuite |
288 |
Thinking About Simple SQL Injections |
289 |
Training XSS Muscles |
290 |
"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild |
291 |
Chasing a Dream:: Pre-authenticated Remote Code Execution in Dedecms |
292 |
Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts |
293 |
Ping'ing XMLSec |
294 |
10 Types of Web Vulnerabilities that are Often Missed |
295 |
CVE-2021–35215, SolarWinds Orion Deserialization to RCE. |
296 |
Bachelor's thesis on HTTP Request Smuggling |
297 |
Stored XSS in markdown via the DesignReferenceFilter |
298 |
Building a POC for CVE-2021-40438 |
299 |
Turbo Intruder: Embracing the billion-request attack |
300 |
How to conduct a basic security code review - Security Simplified |
301 |
How to Analyze Code for Vulnerabilities using Joern |
302 |
Azure Privilege Escalation via Service Principal Abuse |
303 |
CREATING A MALICIOUS AZURE AD OAUTH2 APPLICATION |
304 |
0-Day Hunting (Chaining Bugs/Methodology) |
305 |
Discourse SNS webhook RCE |
306 |
Android Exploits 101 Workshop |
307 |
SHELLS AND SOAP: WEBSPHERE DESERIALIZATION TO RCE |
308 |
PHP-FPM LOCAL ROOT VULNERABILITY |
309 |
Support Board 3.3.4 Arbitrary File Deletion to Remote Code Execution |
310 |
SuDump: Exploiting suid binaries through the kernel |
311 |
Attacking and Securing CI/CD Pipeline |
312 |
Exploiting Protobuf Webapps |
313 |
CookieMonster |
314 |
Get shells with JET, the Jolokia Exploitation Toolkit |
315 |
Android security checklist: WebView |
316 |
5 Ways to Exploit a Domain Takeover Vulnerability |
317 |
Create a proxy DLL with artifact kit |
318 |
How to search for XXE! |
319 |
Defeating Android Certificate Pinning with Frida |
320 |
What can I do with Open Redirect with OAuth? |
321 |
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond |
322 |
T-Reqs: HTTP Request Smuggling with Differential Fuzzing |
323 |
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough |
324 |
MULTIPLE CONCRETE CMS VULNERABILITIES ( PART1 – RCE ) |
325 |
Android App Hacking Workshop |
326 |
Secondary Contexts Slides |
327 |
HTTP/2 request smuggling (explained using beer) |
328 |
Scanning for hardcoded secrets in source code - Security Simplified |
329 |
Staying sane in bug bounties |
330 |
How Your E-book Might Be Reading You: Exploiting EPUB Reading Systems |
331 |
Attacking SAML implementations |
332 |
Uniscan: An RFI, LFI, and RCE Vulnerability Scanner |
333 |
JavaScript type confusion: Bypassed input validation (and how to remediate) |
334 |
Multiple Vulnerabilities in ResourceSpace |
335 |
Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog |
336 |
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064 |
337 |
Simple SSRF Allows Access To Internal Assets |
338 |
Multiple Resource by XVNPW Blog |
339 |
WordPress Plugin Confusion: How an update can get you pwned |
340 |
RCE with SSRF and File Write as an exploit chain on Apache Guacamole |
341 |
Grafana CVE-2021-43798 |
342 |
Data Exfiltration via CSS + SVG Font |
343 |
The Pen Testing Tools We’re Thankful for in 2021 |
344 |
HitCon CTF Challenges by Orange |
345-363 |
Random Readings |
364 |
Metasploit Basics for Hackers |
365 |
NCC Group’s Cryptopals Guided Tour! |