/SecurityExplained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Security Explained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under #SecurityExplained series:

  1. Tweets explaining interesting security stuff
  2. Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks
  3. Security Discussion Spaces/Meets
  4. Monthly Mindmap/Mindmap based explainers for different attacks/techniques
  5. My Pentesting Methodology Breakdown
  6. Giveaways and Community Engagement
  7. GitHub Repository to Maintain "SecurityExplained"
  8. Public & Free to Access
  9. Newsletter

Follow me on Twitter for Regular Updates: Harsh Bothra.

Note: Please note that this series will run on irregular scehdules and it is not necessary to produce & share content on a regular or daily basis.

Content by Harsh


S.No. Topic
1 My Penetration Testing Methodology [Web]
2 FeroxBuster Explained
3 Creating Custom Wordlist for Content Discovery
4 Escalating HTML Injection to Cloud Metadata SSRF
5 Bypassing Privileges & Other Restrictions with Mass Assignment Attacks
6 Bypassing Biometrics in iOS with Objection
7 My Methodology to Test Premium Features
8 Bypassing Filters(and more) with Visual Spoofing
9 Path Traversal via File Upload
10 Attacking Zip Upload Functionality with ZipSlip Attack
11 RustScan - The Modern Port Scanner
12 Vulnerable Code Snippet - 1
13 Vulnerable Code Snippet - 2
14 Exploiting XXE in JSON Endpoints
15 Vulnerable Code Snippet - 3
16 Vulnerable Code Snippet - 4
17 Vulnerable Code Snippet - 5
18 Vulnerable Code Snippet - 6
19 Vulnerable Code Snippet - 7
20 Vulnerable Code Snippet - 8
21 Vulnerable Code Snippet - 9
22 Vulnerable Code Snippet - 10
23 Vulnerable Code Snippet - 11
24 Vulnerable Code Snippet - 12
25 Vulnerable Code Snippet - 13
26 Vulnerable Code Snippet - 14
27 Vulnerable Code Snippet - 15
28 Vulnerable Code Snippet - 16
29 Vulnerable Code Snippet - 17
30 Vulnerable Code Snippet - 18
31 Vulnerable Code Snippet - 19
32 Account Takeover Methodology
33 Vulnerable Code Snippet - 20
34 Vulnerable Code Snippet - 21
35 Vulnerable Code Snippet - 22
36 Vulnerable Code Snippet - 23
37 Vulnerable Code Snippet - 24
38 Vulnerable Code Snippet - 25
39 Vulnerable Code Snippet - 26
40 Vulnerable Code Snippet - 27
41 Vulnerable Code Snippet - 28
42 Vulnerable Code Snippet - 29
43 Vulnerable Code Snippet - 30
44 Vulnerable Code Snippet - 31
45 Vulnerable Code Snippet - 32
46 Vulnerable Code Snippet - 33
47 Vulnerable Code Snippet - 34
48 Vulnerable Code Snippet - 35
49 Vulnerable Code Snippet - 36
50 Vulnerable Code Snippet - 37
51 Vulnerable Code Snippet - 38
52 Vulnerable Code Snippet - 39
53 Vulnerable Code Snippet - 40
54 Vulnerable Code Snippet - 41
55 Vulnerable Code Snippet - 42
56 Vulnerable Code Snippet - 43
57 Vulnerable Code Snippet - 44
58 Vulnerable Code Snippet - 45
59 Ruby ERB SSTI
60 Introduction to CWE
61 CWE-787: Out-of-bounds Write
62 Vulnerable Code Snippet - 46
63 CWE-20: Improper Input Validation
64 Vulnerabilities in Cookie Based Authentication
65 How do I get Started in Cyber Security? — My Perspective & Learning Path!
66 Scope Based Recon Methodology: Exploring Tactics for Smart Recon
67 MFA Bypass Techniques
68 Vulnerable Code Snippet - 47
69 Vulnerable Code Snippet - 48
70 Vulnerable Code Snippet - 49
71 Vulnerable Code Snippet - 50
72 Vulnerable Code Snippet - 51
73 Vulnerable Code Snippet - 52
74 Vulnerable Code Snippet - 53
75 Vulnerable Code Snippet - 54
76 Vulnerable Code Snippet - 55
77 Vulnerable Code Snippet - 56
78 Vulnerable Code Snippet - 57
79 Vulnerable Code Snippet - 58
80 Vulnerable Code Snippet - 59
81 Vulnerable Code Snippet - 60
82 Vulnerable Code Snippet - 61
83 Vulnerable Code Snippet - 62
84 Vulnerable Code Snippet - 63
85 Vulnerable Code Snippet - 64
86 Vulnerable Code Snippet - 65
87 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
88 CWE-732: Incorrect Permission Assignment for Critical Resource
89 CWE-522: Insufficiently Protected Credentials
90 CWE-918: Server-Side Request Forgery (SSRF)
91 CWE-611: Improper Restriction of XML External Entity Reference
92 CWE-476: NULL Pointer Dereference
93 CWE-276: Incorrect Default Permissions
94 CWE-862: Missing Authorization
95 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
96 CWE-798: Use of Hard-coded Credentials
97 CWE-287: Improper Authentication

SecurityExplained NewsLetter


S.No. Topic
1 Issue-1
2 Issue-2
3 Issue-3
4 Issue-4
5 Issue-5
6 Issue-6
7 Issue-7
8 Issue-8
9 Issue-9
10 Issue-10
11 Issue-11
12 Issue-12
13 Issue-13
14 Issue-14

AskMeAnything


S.No. Topic
1 AMA-1: AMA with Harsh Bothra
2 AMA-2: AMA with Six2dez
3 AMA-3: AMA with Brumens

Threads


S.No. Topic
1 7 Hacking Books you must read
2 4 Subdomain Enumeration Tools you must have in your Arsenal 💻
3 6 Burp Extensions to Check for Access Control & Privilege Escalation Issues
4 5 Powerful Web Fuzzing & Content Discovery Tools You Must Know
5 17 Search Engines every Security Professional Must Know
6 7 Cyber Security Conferences Channel You Must Follow
7 9 Free Practice Labs to Master Cross-Site Scripting
8 11 MindMaps I have created that you may find useful!
9 14 Payload Repositories to find all the required Payloads & Attack Vectors

MindMaps

S.No. Topic
1 Account Takeover Techniques
2 CWE TOP 10 (2021)