1 |
- CryptoZombies Lesson 1
- HTB Machine- Networked
- Blog - 2FA security Bypasses
|
2 |
- CryptoZombies Lesson 2
- HTB Machine- Optimum
- HTB Challenge- Chase
- Blog - Postmessage Vulnerabilities
|
3 |
- CryptoZombies Lesson 3(ch.1-5)
- HTB Machine- Backdoor
- Blog- Going beyond the surface-Vuln that pays well
|
4 |
- CryptoZombies Lesson 3(ch. 5-10)
- HTB Machine- Legacy
- Blog- WAF Bypass via Origin IP
|
5 |
- CryptoZombies Lesson 3(ch. 10-14)
- HTB Machine- Secret
- Blog- How to PoC your Bug Leads
|
6 |
- CryptoZombies Lesson 4(ch. 1-7)
- HTB Challenge- Gunship
- Blog- QRCDR ZeroDay Path Traversal Vulnerability
|
7 |
- CryptoZombies Lesson 4(ch. 7-13)
- HTB Machine- CAP
- Blog- Instagram 2FA Bypass
|
8 |
- CryptoZombies Lesson 5(ch. 1-7)
- Blog- Bypassing SSRF Protection to leak AWS Metadata
|
9 |
- CryptoZombies Lesson 5(ch. 8-15)
- Blog- Blog- SVG Based Stored-XSS
|
10 |
- CryptoZombies Lesson 6(ch. 1-5)
- HTB Machine- RouterSpace
- Blog- Mastering Ethereum Ch.1
|
11 |
- CryptoZombies Lesson 6(ch. 6-11)
- HTB Machine- Return
- Blog- How to Find Vulnerability in Smart Contracts — Unexpected Ether
|
12 |
- CryptoZombies ChainLink Path(ch.1-6)
- Blog- Hacking with sqlmap
|
13 |
- CryptoZombies ChainLink Path(ch.6-12)
- Blog- A Case Study on CVE 2021-22204 Exiftool RCE
|
14 |
- CryptoZombies Lesson 10(ch.1-11)
- Blog- Optimism Infinite Money Duplication Bugfix
|
15 |
|
16 |
- CryptoZombies Lesson 11(ch.1-7)
- HTB Machine- Meta
- Blog: Parameter Pollution - Zero Day
|
17 |
- CryptoZombies Lesson 11(ch.8-15)
- HTB Machine- Shibboleth
- Blog: BlockChain Oracle
|
18 |
- Ethernaut CTF(Lvl. 0-1)
- HTB Machine- Nunchucks
- Blog: Sql Injection at Spotify
|
19 |
- Ethernaut CTF(Lvl. 2)
- HTB Machine- Unicode
- Blog: Polygon Double-Spend Bugfix Review
|
20 |
- Ethernaut CTF(Lvl. 3)
- HTB Machine- BountyHunter
- Blog: ERC20 Smart Contract Breakdown
|
21 |
- Ethernaut CTF(Lvl. 4)
- HTB Machine- Validation
- Blog: How to get started Hacking Wordpress Plugins
|
22 |
- Ethernaut CTF(Lvl. 5,6)
- HTB Machine- Timing
- Blog: RocketPool and Lido Frontrunning Bug Fix Postmortem
|
23 |
- Ethernaut CTF(Lvl. 7)
- Blog: IDOR leads to 2fa Bypass
|
24 |
- Ethernaut CTF(Lvl. 8)
- HTB Machine- GoodGames
- Blog: Reconnaissance is the key to success !
|
25 |
- Ethernaut CTF(Lvl. 9)
- Blog: Redacted Cartel Custom Approval Logic Bugfix Review
|
26 |
- Blog: Some critical vulnerabilities found with passive analysis
|
27 |
- Blog: Google Dork for instant bounties
|
28 |
- Blog: Bypassing File Upload Restriction with Magic Numbers
|
29 |
|
30 |
- Ethernaut CTF(Lvl. 10)
- Blog: Hashing the Favicon.ico
|
31 |
- Ethernaut CTF(Lvl. 11)
- HTB Machine- Ransom
- Blog: Everything About Path Traversal Vulnerability
|
32 |
- Blog: Spring4Shell: Spring Remote Code Execution Vulnerability
|
33 |
- HTB Machine- Sniper
- Blog: A brief overview of JWT and its exploits
|
34 |
- Blog: Design Flaw - A Tale of Permanent DOS
|
35 |
- Book: Hacking APIs(Ch. 1)
- Blog:API authentication bypass on National Informatics Centre
|
36 |
- Book: Hacking APIs(Ch. 2)
- Blog:HTTP Request Smuggling on business.apple.com
|
37 |
- Book: Hacking APIs(Ch. 3)
- Blog:Pyramid Of Pain
|
38 |
- Book: Hacking APIs(Ch. 4)
- Blog:Exploiting XSS with Javascript/JPEG Polyglot
|
39 |
- Book: Hacking APIs(Ch. 5)
- Blog:Hacker Interview #1: elbee
|
40 |
- Book: Hacking APIs(Ch. 6 -Page no. 124-139)
- Blog:A Long Story of XXE Vulnerability!!
|
41 |
- HTB Machine- TimeLapse
- Blog: Cross-Contract Reentrancy Attack
|
42 |
- Book: Hacking APIs(Ch. 6 -Page no. 140-153)
- Blog:Hacking GraphQL — Part 1
|
43 |
|
44 |
- Book: Hacking APIs(Ch. 7)
- Blog:Hacking GraphQL — Part 2
|
45 |
- HTB Machine- Catch
- Blog: Port Scanning and Service Discovery in 2022
|
46 |
- Blog: Cloud SSRF Exploitation
|
47 |
- Book: Hacking APIs(Ch. 8)
- Blog:ReDoS (Regular Expression Denial of Service)
|
48 |
- Blog: Hacking GraphQL — Part 3
|
49 |
- Blog: How we spoofed ENS domains for $15k
|
50 |
|
51 |
- Book: Hacking APIs(Ch. 9)
- THM Room: Protocols and Servers
- Blog: WebSocket Pen Testing
|
52 |
- THM Room: Protocols and Servers 2
- Blog: CNAME Cloud Subdomain Takeover
|
53 |
- THM Room- Network Security
- HTB Machine- NodeBlog
- Blog: Super easy manipulation Led to full NFT control
|
54 |
- THM Room- Web Application Security
- Blog: Pentesting With FUFF
|
55 |
- THM Room- L2 MAC Flooding & ARP Spoofing
- Blog: Bypassing WAF for $2222
|
56 |
- THM Room- THM Room- Metasploit: Exploitation
- Blog: Blockchain Security — Blockchain Roadmap
|
57 |
|
58 |
- Blog: Aave V3’s Price Oracle Manipulation Vulnerability
|
59 |
- Book: Hacking APIs(Ch. 10)
- Blog: Mindset for hacking GraphQL Applications
|
60 |
- Blog: The Complete Hands-On Hardhat Tutorial
|
61 |
- Blog: Solidity Smart Contract Security By Example #01: Integer Underflow
|
62 |
- Blog: How to become a smart contract auditor
|
63 |
- THM Room- THM Room- Intro to Defensive Security
- Blog: Uniswap Smart Contract Breakdown
|
64 |
- Blog: Access Control Vulnerabilities in Smart Contracts
|
65 |
|
66 |
- Blog: Solidity Hacking: Integer Overflow and Underflow
|
67 |
- Blog: SVG SSRFs and saga of bypasses
|
68 |
- Nahamcon: The Bug Hunter’s Methodology: Application Analysis v1
- Blog: Exploring Google Dorks
|
69 |
- Blog: How Does a Website Interact With Smart Contracts?
|
70 |
- Blog: Insufficient Logging and Monitoring
|
71 |
- Youtube: Indroduction to GraphQL Part 1- Hacking Simplified
- Blog: Blockchain layers (L0, L1, L2, L3) in a Diagram
|
72 |
- Youtube: Indroduction to GraphQL Part 2- Hacking Simplified
- Blog: API Security Tutorial
|
73 |
- Youtube: Indroduction to GraphQL Part 3- Hacking Simplified
- Blog: Phantom Functions and the Billion-Dollar No-op
|
74 |
- Youtube: Hacking UPI with UPI-Recon-CLI
- Blog: Smart Contract Security 101
|
75 |
- Youtube: The Dark Forest EP0: $1B Multichain Vulnerability
- Blog: Bypassing WAF to Weaponize a Stored XSS
|
76 |
|
77 |
|
78 |
- Secureum Blog: Ethereum 101
|
79 |
- Secureum Blog: Solidity 101
|
80 |
- Secureum Blog: Solidity 201
|
81 |
- Blog: Hacking Web3: Introduction and How to Start
|
82 |
- Secureum Blog: Security Pitfalls & Best Practices 101(1-50)
|
83 |
- Secureum Blog: Security Pitfalls & Best Practices 101(51-101)
|
84 |
- Blog: About NFT Liquidity
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(0-1hr)
|
85 |
- Blog: xToken Double Initialize Bugfix Review
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(1-2hr)
|
86 |
- Blog: Risky UUPS Pattern
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(2-3hr)
|
87 |
- HTML Injection On Trio App
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(3-3:30hr)
|
88 |
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(3:30-4hr)
|
89 |
- How I found a GoldMine but got No Gold
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(4 - 4:30hr)
|
90 |
|
91 |
- Secureum Blog: Security Pitfalls & Best Practices 101(101-151)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(4:30 - 5hr)
|
92 |
- Secureum Blog: Security Pitfalls & Best Practices 101(151-201)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(5 - 6hr)
|
93 |
- Secureum Blog: Audit Tools and Techniques 101(1-51)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(6 - 7hr)
|
94 |
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(7 - 8hr)
|
95 |
- Secureum Blog: Audit Tools and Techniques 101(51-101)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(8 - 9hr)
|
96 |
- Secureum Blog: Audit Finding 101(1-51)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(9 - 10hr)
|
97 |
- Secureum Blog: Audit Finding 101(51-101)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(10 - 11hr)
|
98 |
- Secureum Blog: Audit Finding 201(101-151)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(11 - 12hr)
|
99 |
- Secureum Blog: Audit Finding 201(151-201)
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(12 - 13hr)
|
100 |
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(13 - 14hr)
|
101 |
- Blog: What I learned from reading 126* Information Disclosure Writeups
- Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(14 - 15hr)
|