/learn101

Learn 101 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for 101 days.

learn101

This repository contains all the information shared during my Learn 101 Challenge. Learn 101 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for 101 Days, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: @Sm4rty_. Huge thanks to Harsh Bothra and IWCON from Where I got motivated to start this Learn101 challenge.


Day Topic
1
  • CryptoZombies Lesson 1
  • HTB Machine- Networked
  • Blog - 2FA security Bypasses
2
  • CryptoZombies Lesson 2
  • HTB Machine- Optimum
  • HTB Challenge- Chase
  • Blog - Postmessage Vulnerabilities
3
  • CryptoZombies Lesson 3(ch.1-5)
  • HTB Machine- Backdoor
  • Blog- Going beyond the surface-Vuln that pays well
4
  • CryptoZombies Lesson 3(ch. 5-10)
  • HTB Machine- Legacy
  • Blog- WAF Bypass via Origin IP
5
  • CryptoZombies Lesson 3(ch. 10-14)
  • HTB Machine- Secret
  • Blog- How to PoC your Bug Leads
6
  • CryptoZombies Lesson 4(ch. 1-7)
  • HTB Challenge- Gunship
  • Blog- QRCDR ZeroDay Path Traversal Vulnerability
7
  • CryptoZombies Lesson 4(ch. 7-13)
  • HTB Machine- CAP
  • Blog- Instagram 2FA Bypass
8
  • CryptoZombies Lesson 5(ch. 1-7)
  • Blog- Bypassing SSRF Protection to leak AWS Metadata
9
  • CryptoZombies Lesson 5(ch. 8-15)
  • Blog- Blog- SVG Based Stored-XSS
10
  • CryptoZombies Lesson 6(ch. 1-5)
  • HTB Machine- RouterSpace
  • Blog- Mastering Ethereum Ch.1
11
  • CryptoZombies Lesson 6(ch. 6-11)
  • HTB Machine- Return
  • Blog- How to Find Vulnerability in Smart Contracts — Unexpected Ether
12
  • CryptoZombies ChainLink Path(ch.1-6)
  • Blog- Hacking with sqlmap
13
  • CryptoZombies ChainLink Path(ch.6-12)
  • Blog- A Case Study on CVE 2021-22204 Exiftool RCE
14
  • CryptoZombies Lesson 10(ch.1-11)
  • Blog- Optimism Infinite Money Duplication Bugfix
15
  • Rest Day
16
  • CryptoZombies Lesson 11(ch.1-7)
  • HTB Machine- Meta
  • Blog: Parameter Pollution - Zero Day
17
  • CryptoZombies Lesson 11(ch.8-15)
  • HTB Machine- Shibboleth
  • Blog: BlockChain Oracle
18
  • Ethernaut CTF(Lvl. 0-1)
  • HTB Machine- Nunchucks
  • Blog: Sql Injection at Spotify
19
  • Ethernaut CTF(Lvl. 2)
  • HTB Machine- Unicode
  • Blog: Polygon Double-Spend Bugfix Review
20
  • Ethernaut CTF(Lvl. 3)
  • HTB Machine- BountyHunter
  • Blog: ERC20 Smart Contract Breakdown
21
  • Ethernaut CTF(Lvl. 4)
  • HTB Machine- Validation
  • Blog: How to get started Hacking Wordpress Plugins
22
  • Ethernaut CTF(Lvl. 5,6)
  • HTB Machine- Timing
  • Blog: RocketPool and Lido Frontrunning Bug Fix Postmortem
23
  • Ethernaut CTF(Lvl. 7)
  • Blog: IDOR leads to 2fa Bypass
24
  • Ethernaut CTF(Lvl. 8)
  • HTB Machine- GoodGames
  • Blog: Reconnaissance is the key to success !
25
  • Ethernaut CTF(Lvl. 9)
  • Blog: Redacted Cartel Custom Approval Logic Bugfix Review
26
  • Blog: Some critical vulnerabilities found with passive analysis
27
  • Blog: Google Dork for instant bounties
28
  • Blog: Bypassing File Upload Restriction with Magic Numbers
29
  • Rest Day
30
  • Ethernaut CTF(Lvl. 10)
  • Blog: Hashing the Favicon.ico
31
  • Ethernaut CTF(Lvl. 11)
  • HTB Machine- Ransom
  • Blog: Everything About Path Traversal Vulnerability
32
  • Blog: Spring4Shell: Spring Remote Code Execution Vulnerability
33
  • HTB Machine- Sniper
  • Blog: A brief overview of JWT and its exploits
34
  • Blog: Design Flaw - A Tale of Permanent DOS
35
  • Book: Hacking APIs(Ch. 1)
  • Blog:API authentication bypass on National Informatics Centre
36
  • Book: Hacking APIs(Ch. 2)
  • Blog:HTTP Request Smuggling on business.apple.com
37
  • Book: Hacking APIs(Ch. 3)
  • Blog:Pyramid Of Pain
38
  • Book: Hacking APIs(Ch. 4)
  • Blog:Exploiting XSS with Javascript/JPEG Polyglot
39
  • Book: Hacking APIs(Ch. 5)
  • Blog:Hacker Interview #1: elbee
40
  • Book: Hacking APIs(Ch. 6 -Page no. 124-139)
  • Blog:A Long Story of XXE Vulnerability!!
41
  • HTB Machine- TimeLapse
  • Blog: Cross-Contract Reentrancy Attack
42
  • Book: Hacking APIs(Ch. 6 -Page no. 140-153)
  • Blog:Hacking GraphQL — Part 1
43
  • Rest Day
44
  • Book: Hacking APIs(Ch. 7)
  • Blog:Hacking GraphQL — Part 2
45
  • HTB Machine- Catch
  • Blog: Port Scanning and Service Discovery in 2022
46
  • Blog: Cloud SSRF Exploitation
47
  • Book: Hacking APIs(Ch. 8)
  • Blog:ReDoS (Regular Expression Denial of Service)
48
  • Blog: Hacking GraphQL — Part 3
49
  • Blog: How we spoofed ENS domains for $15k
50
  • Rest Day
51
  • Book: Hacking APIs(Ch. 9)
  • THM Room: Protocols and Servers
  • Blog: WebSocket Pen Testing
52
  • THM Room: Protocols and Servers 2
  • Blog: CNAME Cloud Subdomain Takeover
53
  • THM Room- Network Security
  • HTB Machine- NodeBlog
  • Blog: Super easy manipulation Led to full NFT control
54
  • THM Room- Web Application Security
  • Blog: Pentesting With FUFF
55
  • THM Room- L2 MAC Flooding & ARP Spoofing
  • Blog: Bypassing WAF for $2222
56
  • THM Room- THM Room- Metasploit: Exploitation
  • Blog: Blockchain Security — Blockchain Roadmap
57
  • Rest Day
58
  • Blog: Aave V3’s Price Oracle Manipulation Vulnerability
59
  • Book: Hacking APIs(Ch. 10)
  • Blog: Mindset for hacking GraphQL Applications
60
  • Blog: The Complete Hands-On Hardhat Tutorial
61
  • Blog: Solidity Smart Contract Security By Example #01: Integer Underflow
62
  • Blog: How to become a smart contract auditor
63
  • THM Room- THM Room- Intro to Defensive Security
  • Blog: Uniswap Smart Contract Breakdown
64
  • Blog: Access Control Vulnerabilities in Smart Contracts
65
  • Rest Day
66
  • Blog: Solidity Hacking: Integer Overflow and Underflow
67
  • Blog: SVG SSRFs and saga of bypasses
68
  • Nahamcon: The Bug Hunter’s Methodology: Application Analysis v1
  • Blog: Exploring Google Dorks
69
  • Blog: How Does a Website Interact With Smart Contracts?
70
  • Blog: Insufficient Logging and Monitoring
71
  • Youtube: Indroduction to GraphQL Part 1- Hacking Simplified
  • Blog: Blockchain layers (L0, L1, L2, L3) in a Diagram
72
  • Youtube: Indroduction to GraphQL Part 2- Hacking Simplified
  • Blog: API Security Tutorial
73
  • Youtube: Indroduction to GraphQL Part 3- Hacking Simplified
  • Blog: Phantom Functions and the Billion-Dollar No-op
74
  • Youtube: Hacking UPI with UPI-Recon-CLI
  • Blog: Smart Contract Security 101
75
  • Youtube: The Dark Forest EP0: $1B Multichain Vulnerability
  • Blog: Bypassing WAF to Weaponize a Stored XSS
76
  • Rest Day
77
  • Rest Day
78
  • Secureum Blog: Ethereum 101
79
  • Secureum Blog: Solidity 101
80
  • Secureum Blog: Solidity 201
81
  • Blog: Hacking Web3: Introduction and How to Start
82
  • Secureum Blog: Security Pitfalls & Best Practices 101(1-50)
83
  • Secureum Blog: Security Pitfalls & Best Practices 101(51-101)
84
  • Blog: About NFT Liquidity
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(0-1hr)
85
  • Blog: xToken Double Initialize Bugfix Review
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(1-2hr)
86
  • Blog: Risky UUPS Pattern
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(2-3hr)
87
  • HTML Injection On Trio App
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(3-3:30hr)
88
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(3:30-4hr)
89
  • How I found a GoldMine but got No Gold
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(4 - 4:30hr)
90
  • Rest Day
91
  • Secureum Blog: Security Pitfalls & Best Practices 101(101-151)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(4:30 - 5hr)
92
  • Secureum Blog: Security Pitfalls & Best Practices 101(151-201)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(5 - 6hr)
93
  • Secureum Blog: Audit Tools and Techniques 101(1-51)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(6 - 7hr)
94
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(7 - 8hr)
95
  • Secureum Blog: Audit Tools and Techniques 101(51-101)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(8 - 9hr)
96
  • Secureum Blog: Audit Finding 101(1-51)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(9 - 10hr)
97
  • Secureum Blog: Audit Finding 101(51-101)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(10 - 11hr)
98
  • Secureum Blog: Audit Finding 201(101-151)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(11 - 12hr)
99
  • Secureum Blog: Audit Finding 201(151-201)
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(12 - 13hr)
100
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(13 - 14hr)
101
  • Blog: What I learned from reading 126* Information Disclosure Writeups
  • Youtube: Blockchain, Solidity, and Full Stack Web3 Development with JavaScript(14 - 15hr)