/learn365

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Harsh Bothra. Huge thanks to Mehedi Hasan Remon, who originally created and maintained this repository.


S.NO Mind Map
1 2FA Bypass Techniques
2 Scope Based Recon
3 Cookie Based Authentication Vulnerabilities
4 Unauthenticated JIRA CVEs

Day Topic
1 2FA Bypass Techniques
2 Regular Expression Denial Of Service
3 SAML Vulnerabilities
4 Unauthenticated & Exploitable JIRA Vulnerabilities
5 Client-Side Template Injection(CSTI)
6 Cross-Site Leaks (XS-Leaks)
7 Cross-Site Script Includes (XSSI)
8 JSON Padding Attacks
9 JSON Attacks
10 Abusing Hop-by-Hop Headers
11 Cache Poisoned Denial of Service (CPDos)
12 Unicode Normalization
13 WebSocket Vulns (Part-1)
14 WebSocket Vulns (Part-2)
15 WebSocket Vulns (Part-3)
16 Web Cache Deception Attack
17 Session Puzzling Attack
18 Mass Assignment Attack
19 HTTP Parameter Pollution
20 GraphQL Series (Part-1)
21 GraphQL Vulnerabilities (Part-2)
22 GraphQL WrapUp (Part-3)
23 Password Reset Token Issues
24 My previous works
25 Salesforce Security Misconfiguration (Part-1)
26 Salesforce Security Misconfiguration (Part-2))
27 Salesforce Configuration Review (Wrap)
28 Common Business Logic Issues: Part-1
29 Common Business Logic Issues (Part-2)
30 Common Business Logic Issues (Wrap)
31 Captcha Bypass Techniques
32 Pentesting Kibana Service
33 Pentesting Docker Registry
34 HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1)
35 HTML Scriptless Attacks / Dangling Markup Attacks (Wrap)
36 Pentesting Rsync Service
37 CRLF Injection
38 Pentesting FTP Service
39 OpenID Connect Implementation Issues
40 Cookie Based Authentication Vulnerabilities
41 Cobalt Vulnerability Wiki - Resource
42 Race Conditions
43 SMTP Open Relay Attack
44 Pentesting BACNet
45 API Security Tips
46 Pentesting SSH - Talk
47 CORS Misconfiguration
48 Incomplete Trailing Escape Pattern Issue
49 Pivoting & Exploitation in Docker Environments - Talk
50 Detect Complex Code Patterns using Semantic grep - Talk
51 Student Roadmap to Become a Pentester - Talk
52 Hacking How-To Series - Playlist
53 JS Prototype Pollution
54 JSON Deserialization Attacks
55 Android App Dynamic Analysis using House
56 Testing IIS Servers
57 Secure Code Review - Talk
58 JSON Interoperability Vulnerabilities - Research Blog
59 HTTP Desync Attacks - Talk
60 XSLT Injection
61 Bypassing AWS Policies - Talk
62 Source Code Review Guidelines - Resource
63 All of the Threats: Intelligence, Modelling and Hunting - Talk
64 Hidden Property Abuse (HPA) attack in Node.js - Talk
65 HTTP Request Smuggling in 2020 - Talk
66 Dependecy Confusion Attack - Blog
67 Format String Vulnerabilities - Webinar
68 Mobile Application Dynamic Analysis - Webinar
69 Insecure Deserialization - Talk
70 Web Cache Entanglement - Talk + Blog
71 OWASP AMASS - Bootcamp
72 Offensive Javascript Techniques for Red Teamers
73 Basic CMD for Pentesters - Cheatsheet
74 Investigating and Defending Office 365 - Talk
75 WinjaCTF 2021 Solutions - Blog
76 Kubernetes Security: Attacking and Defending K8s Clusters - Talk
77 AWS Cloud Security - Resources
78 WAF Evasion Techniques - Blog
79 File Inclusion - All-in-One
80 DockerENT Insights - Tool Demo Talk
81 ImageMagick - Shell injection via PDF password : Research Blog
82 Offensive GraphQL API Pentesting - Talk
83 Bug Bounties with Bash - Talk
84 Chrome Extensions Code Review - Talk
85 Server-Side Template Injection - Talk
86 Exploiting GraphQL - Blog
87 Exploiting Email Systems - Talk
88 Hacking with DevTools - Tutorial
89 Common Android Application Vulnerabilities - Talk
90 SAML XML Injection - Research Blog
91 Finding Access Control & Authorization Issues with Burp - Blogs
92 OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk
93 JWT Attacks - Talk
94-102 Random Readings
103 Attacking Ruby on Rails Applications - Whitepaper