| 1 |
2FA Bypass Techniques |
| 2 |
Regular Expression Denial Of Service |
| 3 |
SAML Vulnerabilities |
| 4 |
Unauthenticated & Exploitable JIRA Vulnerabilities |
| 5 |
Client-Side Template Injection(CSTI) |
| 6 |
Cross-Site Leaks (XS-Leaks) |
| 7 |
Cross-Site Script Includes (XSSI) |
| 8 |
JSON Padding Attacks |
| 9 |
JSON Attacks |
| 10 |
Abusing Hop-by-Hop Headers |
| 11 |
Cache Poisoned Denial of Service (CPDos) |
| 12 |
Unicode Normalization |
| 13 |
WebSocket Vulns (Part-1) |
| 14 |
WebSocket Vulns (Part-2) |
| 15 |
WebSocket Vulns (Part-3) |
| 16 |
Web Cache Deception Attack |
| 17 |
Session Puzzling Attack |
| 18 |
Mass Assignment Attack |
| 19 |
HTTP Parameter Pollution |
| 20 |
GraphQL Series (Part-1) |
| 21 |
GraphQL Vulnerabilities (Part-2) |
| 22 |
GraphQL WrapUp (Part-3) |
| 23 |
Password Reset Token Issues |
| 24 |
My previous works |
| 25 |
Salesforce Security Misconfiguration (Part-1) |
| 26 |
Salesforce Security Misconfiguration (Part-2)) |
| 27 |
Salesforce Configuration Review (Wrap) |
| 28 |
Common Business Logic Issues: Part-1 |
| 29 |
Common Business Logic Issues (Part-2) |
| 30 |
Common Business Logic Issues (Wrap) |
| 31 |
Captcha Bypass Techniques |
| 32 |
Pentesting Kibana Service |
| 33 |
Pentesting Docker Registry |
| 34 |
HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1) |
| 35 |
HTML Scriptless Attacks / Dangling Markup Attacks (Wrap) |
| 36 |
Pentesting Rsync Service |
| 37 |
CRLF Injection |
| 38 |
Pentesting FTP Service |
| 39 |
OpenID Connect Implementation Issues |
| 40 |
Cookie Based Authentication Vulnerabilities |
| 41 |
Cobalt Vulnerability Wiki - Resource |
| 42 |
Race Conditions |
| 43 |
SMTP Open Relay Attack |
| 44 |
Pentesting BACNet |
| 45 |
API Security Tips |
| 46 |
Pentesting SSH - Talk |
| 47 |
CORS Misconfiguration |
| 48 |
Incomplete Trailing Escape Pattern Issue |
| 49 |
Pivoting & Exploitation in Docker Environments - Talk |
| 50 |
Detect Complex Code Patterns using Semantic grep - Talk |
| 51 |
Student Roadmap to Become a Pentester - Talk |
| 52 |
Hacking How-To Series - Playlist |
| 53 |
JS Prototype Pollution |
| 54 |
JSON Deserialization Attacks |
| 55 |
Android App Dynamic Analysis using House |
| 56 |
Testing IIS Servers |
| 57 |
Secure Code Review - Talk |
| 58 |
JSON Interoperability Vulnerabilities - Research Blog |
| 59 |
HTTP Desync Attacks - Talk |
| 60 |
XSLT Injection |
| 61 |
Bypassing AWS Policies - Talk |
| 62 |
Source Code Review Guidelines - Resource |
| 63 |
All of the Threats: Intelligence, Modelling and Hunting - Talk |
| 64 |
Hidden Property Abuse (HPA) attack in Node.js - Talk |
| 65 |
HTTP Request Smuggling in 2020 - Talk |
| 66 |
Dependecy Confusion Attack - Blog |
| 67 |
Format String Vulnerabilities - Webinar |
| 68 |
Mobile Application Dynamic Analysis - Webinar |
| 69 |
Insecure Deserialization - Talk |
| 70 |
Web Cache Entanglement - Talk + Blog |
| 71 |
OWASP AMASS - Bootcamp |
| 72 |
Offensive Javascript Techniques for Red Teamers |
| 73 |
Basic CMD for Pentesters - Cheatsheet |
| 74 |
Investigating and Defending Office 365 - Talk |
| 75 |
WinjaCTF 2021 Solutions - Blog |
| 76 |
Kubernetes Security: Attacking and Defending K8s Clusters - Talk |
| 77 |
AWS Cloud Security - Resources |
| 78 |
WAF Evasion Techniques - Blog |
| 79 |
File Inclusion - All-in-One |
| 80 |
DockerENT Insights - Tool Demo Talk |
| 81 |
ImageMagick - Shell injection via PDF password : Research Blog |
| 82 |
Offensive GraphQL API Pentesting - Talk |
| 83 |
Bug Bounties with Bash - Talk |
| 84 |
Chrome Extensions Code Review - Talk |
| 85 |
Server-Side Template Injection - Talk |
| 86 |
Exploiting GraphQL - Blog |
| 87 |
Exploiting Email Systems - Talk |
| 88 |
Hacking with DevTools - Tutorial |
| 89 |
Common Android Application Vulnerabilities - Talk |
| 90 |
SAML XML Injection - Research Blog |
| 91 |
Finding Access Control & Authorization Issues with Burp - Blogs |
| 92 |
OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk |
| 93 |
JWT Attacks - Talk |
| 94-102 |
Random Readings |
| 103 |
Attacking Ruby on Rails Applications - Whitepaper |
| 104 |
Pentesting a Chrome Extension: Real Life Case Study - Blog |
| 105 |
XXE Simplified - Blog |
| 106 |
Web Hacking Pro Tips #9 with @zseano - Talk |
| 107 |
JS Prototype Pollution - Blog |
| 108 |
XSS via GraphQL Endpoint - Blog |
| 109 |
WS-2016-7107: CSRF tokens in Spring and the BREACH attack - Blog |
| 110 |
AWS SSRF Metadata Leakage - Blog |
| 111 |
Burp Suite Extension Development - Blog |
| 112-115 |
Random Readings |
| 116 |
Hacking OAuth Apps Pt-1 - Tutorial |
| 117 |
Portable Data exFiltration: XSS for PDFs - Blog |
| 118 |
PoC code and a case study on Task Hijacking in Android explaining how and why it works. (aka StrandHogg) - Blog |
| 119 |
OAuth - Flawed CSRF Protection - Tutorial |
| 120 |
Hacking Electron Apps with Electronegativity - Talk |
| 121 |
Awesome ElectronJS Hacking Resources |
| 122 |
Pentesting Blockchain Solutions - Tutorial |
| 123-124 |
Random Readings |
| 125 |
Oversized XML Attack - Wiki |
| 126 |
XML Complexity Attack in Soap Header - Wiki |
| 127 |
Web Service Attacks [Remaining] - Wiki |
| 128 |
Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability - Blog |
| 129 |
Automating Recon with Axiom - Talk |
| 130 |
Testing Extensions in Chromium Browsers - Blog |
| 131 |
iOS Pentesting Series Pt. - 1 - Tutorial |
| 132 |
DNS Based Out of Band Blind SQL injection in Oracle — Dumping data - Blog |
| 133 |
GitDorker Talk - Talk |
| 134 |
Mobisec 2020 Slides - Slides & Videos |
| 135 |
Web App Pentesting in Angular Context - Blog |
| 136 |
RCE in Homebrew - Blog |
| 137 |
WordPress Plugin Security Testing Cheat Sheet - Wiki |
| 138 |
JavaScript prototype pollution: practice of finding and exploitation - Blog |
| 139 |
HowTo: intercept mutually-authenticated TLS communications of a Java thick client - Blog |
| 140 |
UBERNETES NAMESPACES ISOLATION - WHAT IT IS, WHAT IT ISN'T, LIFE, UNIVERSE AND EVERYTHING - Blog |
| 141 |
Frag Attacks - Wiki |
| 142 |
Free Automated Recon Using GH Actions - Talk |
| 143 |
DAY[0] Episode 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling - Talk |
| 144 |
Bug hunter adventures - Talk |
| 145 |
Static Analysis of Client-Side JS Code - Blog |
| 146 |
Method Confusion In Go SSTIs Lead To File Read And RCE - Blog |
| 147 |
Finding and Exploiting Unintended Functionality in Main Web App APIs - Blog |
| 148 |
SecuriTEA & Crumpets - Episode 6 - Gareth Heyes - Hackvertor - Talk |
| 149 |
GraphQL CSRF - Blog |
| 150 |
Deep dive into ART(Android Runtime) for dynamic binary analysis - Talk |
| 151 |
13 Nagios Vulnerabilities - Blog |
| 152 |
Frida Scripting Guide - Blog |
| 153 |
Android Exported Activities and how to exploit them - Talk |
| 154 |
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling - Blog |
| 155 |
Turning Blind RCE into Good RCE via DNS Exfiltration using Collabfiltrator - Blog |
| 156 |
XSS in AWS Console - Blog |
| 157 |
Adventures into HTTP2 and HTTP3 - Blog |
| 158 |
AppCache's forgotten tales - Blog |
| 159 |
CVE-2021-33564 Argument Injection in Ruby Dragonfly - Blog |
| 160 |
DevSecOps 100 - Introductory Couse [Free] - Course |
| 161 |
Unexpected Execution: Wild Ways Code Execution can Occur in Python - Talk |
| 162 |
Retrieving AWS security credentials from the AWS console - Blog |
| 163 |
Object Injection to SQL Injection & NoSql Injection Cheatsheet - Blog |
| 164 |
HTTP Parameter Pollution - Blog |
| 165 |
XXE Workshop - Labs |
| 166 |
How to Analyze Code for Vulnerabilities - Talk |
| 167 |
Testing 2FA - Blog |
| 168 |
Your E-Mail Validation Logic is Wrong - Blog |
| 169 |
Active Scanning Techniques - Blog |
| 170 |
Bypassing 2FA using OpenId Misconfiguration - Blog |
| 171 |
Security Shorts - Talk |
| 172 |
The JavaScript Bridge in Modern Desktop Applications - Blog |
| 173 |
Advanced Web Application Penetration Testing JWT Security Issues - Blog |
| 174 |
Quick Analysis for the SSID Format String Bug - Blog |
| 175 |
Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public) - Talk |
| 176 |
iOS App Testing Through Burp on Corellium - blog |
| 177 |
Blind XSS: setup your self-hosted XSS Hunter with the PwnMachine - Blog |
| 178 |
Attacking GraphQL's Autocorrect - Blog |
| 179 |
Apex Security Whitepaper - Paper + Labs |
| 180 |
Django SSTI - Blog |
| 181 |
Pen-Testing Salesforce SAAS Application - Blog |
| 182 |
How to solve an XSS challenge from Intigriti in under 60 minutes - Blog |
| 183 |
How to get the max out of an IDOR? - Blog |
| 184 |
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Blog |
| 185 |
Some ways to find more IDOR - Blog |
| 186 |
A supply-chain breach: Taking over an Atlassian account - Blog |
| 187 |
alert() is dead, long live print() - Blog |
| 188 |
Hacker Heroes #3 - @TomNomNom (Interview) - Talk |
| 189 |
SSRF in ColdFusion/CFML Tags and Functions - Blog |
| 190 |
$25,000 Facebook postMessage account takeover vulnerability - Video |
| 191 |
Pentester Diaries Ep6: The Importance of Report Writing - Talk |
| 192 |
Introduction to Web Cache Poisoning - Blog |
| 193 |
Intercepting Flutter iOS Application - Blog |
| 194 |
Credential stuffing in Bug bounty hunting - Blog |
| 195 |
What is a Browser Security Sandbox?! (Learn to Hack Firefox) - Video |
| 196 |
WILSON Cloud Respwnder - Blog |
| 197 |
$20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204 - Video |
| 198 |
Padding Oracle Attacks - Video |
| 199 |
Demystifying the state of kubernetes cluster security - Video |
| 200 |
Two One-liners for Quick ColdFusion Static Analysis Security Testing - Blog |
| 201 |
So many different techniques to learn here! [CTF walkthrough] - Video |
| 202 |
UDP Technology IP Camera vulnerabilities - Blog |
| 203 |
Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0 - Blog |
| 204 |
Reflected XSS Through Insecure Dynamic Loading - Blog |
| 205 |
Stored XSS via Mermaid Prototype Pollution vulnerability - Blog |
| 206 |
Getting Partial AWS Account IDs for any Cloudfront Website - Blog |
| 207 |
Remote code execution in cdnjs of Cloudflare - Blog |
| 208 |
Docker Security Series - Series |
| 209 |
REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review - Talk |
| 210 |
How to Build a Phishing Engagement – Coding TTP’s - Webcast |
| 211 |
Deep Link Exploitation: Introduction & Open/unvalidated Redirection - Blog |
| 212 |
Exploiting Android WebView Vulnerabilities - Blog |
| 213 |
WooCommerce Unauthenticated SQL Injection Vulnerability - Blog |
| 214 |
Traversing My Way in the Internal Network - Talk |
| 215 |
How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools - Blog |
| 216 |
Pre-Auth RCE in ManageEngine OPManager - Blog |
| 217 |
Guest Blog Post - Attacking the DevTools - Blog |
| 218 |
Kubernetes Hardening Guide - Blog |
| 219 |
Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation - Blog |
| 220 |
Do Not use alert(1) in XSS - Blog |
| 221 |
A Look Into zseano's Thoughts When Testing a Target - Video |
| 222 |
Zimbra 8.8.15 - Webmail Compromise via Email - Blog |
| 223 |
Security XML Implementation across the Web - Blog |
| 224 |
Potential remote code execution in PyPi - Blog |
| 225 |
XXE Case Studies - Blog |
| 226 |
HackerTools - NoSQLMap - Blog |
| 227 |
Learn with @sec_r0: Attacks and Defenses to Docker & Kubernetes - Talk |
| 228 |
Source Zero Con Talks - Talks |
| 229 |
DevOps for Hackers with Hands-On Labs w/ Ralph May - Talks |
| 230 |
Advanced Recon Guide - Blog |
| 231 |
Just Gopher It: Escalating a Blind SSRF to RCE for $15k - Blog |
| 232 |
Stealing Bitcoin with Cross-Site Request Forgery (Ride the Lightning + Umbrel) - Blog |
| 233 |
Modify in-flight data to payment provider Smart2Pay - Blog |
| 234 |
Hacker Heroes #9 - RobinZekerNiet (Interview) - Talk |
| 235 |
Learn with @HolyBugx: Demystifying Cookies and Tokens - Talk |
| 236 |
Hacker Tools: ReNgine – Automatic recon - Blog |
| 237 |
FROM PWN2OWN 2021: A NEW ATTACK SURFACE ON MICROSOFT EXCHANGE - Blog |
| 238 |
How to Hack Apple ID - Blog |
| 239 |
Insecure Features in PDFs - Blog |
| 240 |
Burp Upload Scanner - Blog |
| 241 |
Adobe Reader - PDF callback via XSLT stylesheet in XFA - Blog |
| 242 |
A Curious Exploration of Malicious PDF Documents - Blog |
| 243 |
Common mistakes when using permissions in Android - Blog |
| 244 |
iOS Pentesting 101 - Blog |
| 245 |
API Tokens: A Tedious Survey - Blog |
| 246 |
Cross-Site Request Forgery (CSRF) Complete Guide - Video |
| 247 |
HTTP Desync Attack Explained With Paper - Video |
| 248 |
AWS ReadOnlyAccess: Not Even Once - Blog |
| 249 |
Understanding Salesforce Flows and Common Security Risks - Blog |
| 250 |
Python context free payloads in Mako templates - Blog |
| 251 |
CVE-2021-26084 Remote Code Execution on Confluence Servers |
| 252 |
Introduction to smart contract security and hacking in Ethereum |
| 253 |
Automating Authorization Testing: AuthMatrix – Part 1 |
| 254 |
Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing |
| 255 |
More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers |
| 256 |
Smart Contract Security Verification Standard |
| 257 |
Remote File Inclusion Zines by @sec_r0 |
| 258 |
GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink |
| 259 |
Write-Up on Facebook Bug |
| 260 |
Mass assignment and learning new things |
| 261 |
A different way to attack certain reverse proxies |
| 262 |
Introducing Process Hiving & RunPE |
| 263 |
IAM Vulnerable - An AWS IAM Privilege Escalation Playground |
| 264 |
Complete Jailbreak Chart |
| 265 |
OWASP Top 10 2021 |
| 266 |
Powershell for Pentesters |
| 267 |
How to search for XSS (with blacklisted HTML tags) |
| 268 |
How to learn anything in Computer Science or Cybersecurity - Security Simplified |
| 269 |
Reused VMWare exploits & Escaping Azure Container Instances [Bug Bounty Podcast] |
| 270 |
Docker Hacking |
| 271 |
Getting Started in Blockchain Security and Smart Contract Auditing - Beau Bullock |
| 272 |
HacktivityCon |
| 273 |
CrikeyCon 2021 - Shubham Shah - Hacking on Bug Bounties for Five Years |
| 274 |
Beginners Guide to 0day/CVE AppSec Research |
| 275 |
VULNERABILITY DIGGING WITH CODEQL |
| 276 |
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers |
| 277 |
Post Exploitation - Transferring Files To Windows Targets |
| 278 |
SecuriTEA & Crumpets - Episode 12 - Ksenia Peguero |
| 279 |
Talk: Absolute AppSec Ep. #147 - James Kettle (@albinowax), Security Research |
| 280 |
A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bug Bounty Podcast] |
| 281 |
NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation Podcast] |
| 282 |
Unusual Applications of OpenAI in Cybersecurity + How to get into CTFs |
| 283 |
SiegeCast "COBALT STRIKE BASICS" with Tim Medin and Joe Vest |
| 284 |
An Attacker's Approach to Pentesting IBM Cloud - fwd:cloudsec 2021 |
| 285 |
echo "Shell Injection" |
| 286 |
Exploiting Jinja SSTI with limited payload size. |
| 287 |
Fuzzing WebSocket messages on Burpsuite |
| 288 |
Thinking About Simple SQL Injections |
| 289 |
Training XSS Muscles |
| 290 |
"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild |
| 291 |
Chasing a Dream:: Pre-authenticated Remote Code Execution in Dedecms |
| 292 |
Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts |
| 293 |
Ping'ing XMLSec |
| 294 |
10 Types of Web Vulnerabilities that are Often Missed |
| 295 |
CVE-2021–35215, SolarWinds Orion Deserialization to RCE. |
| 296 |
Bachelor's thesis on HTTP Request Smuggling |
| 297 |
Stored XSS in markdown via the DesignReferenceFilter |
| 298 |
Building a POC for CVE-2021-40438 |
| 299 |
Turbo Intruder: Embracing the billion-request attack |
| 300 |
How to conduct a basic security code review - Security Simplified |
| 301 |
How to Analyze Code for Vulnerabilities using Joern |
| 302 |
Azure Privilege Escalation via Service Principal Abuse |
| 303 |
CREATING A MALICIOUS AZURE AD OAUTH2 APPLICATION |
| 304 |
0-Day Hunting (Chaining Bugs/Methodology) |
| 305 |
Discourse SNS webhook RCE |
| 306 |
Android Exploits 101 Workshop |
| 307 |
SHELLS AND SOAP: WEBSPHERE DESERIALIZATION TO RCE |
| 308 |
PHP-FPM LOCAL ROOT VULNERABILITY |
| 309 |
Support Board 3.3.4 Arbitrary File Deletion to Remote Code Execution |
| 310 |
SuDump: Exploiting suid binaries through the kernel |
| 311 |
Attacking and Securing CI/CD Pipeline |
| 312 |
Exploiting Protobuf Webapps |
| 313 |
CookieMonster |
| 314 |
Get shells with JET, the Jolokia Exploitation Toolkit |
| 315 |
Android security checklist: WebView |
| 316 |
5 Ways to Exploit a Domain Takeover Vulnerability |
| 317 |
Create a proxy DLL with artifact kit |
| 318 |
How to search for XXE! |
| 319 |
Defeating Android Certificate Pinning with Frida |
| 320 |
What can I do with Open Redirect with OAuth? |
| 321 |
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond |
| 322 |
T-Reqs: HTTP Request Smuggling with Differential Fuzzing |
| 323 |
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough |
| 324 |
MULTIPLE CONCRETE CMS VULNERABILITIES ( PART1 – RCE ) |
| 325 |
Android App Hacking Workshop |
| 326 |
Secondary Contexts Slides |
| 327 |
HTTP/2 request smuggling (explained using beer) |
| 328 |
Scanning for hardcoded secrets in source code - Security Simplified |
| 329 |
Staying sane in bug bounties |
| 330 |
How Your E-book Might Be Reading You: Exploiting EPUB Reading Systems |
| 331 |
Attacking SAML implementations |
| 332 |
Uniscan: An RFI, LFI, and RCE Vulnerability Scanner |
| 333 |
JavaScript type confusion: Bypassed input validation (and how to remediate) |
| 334 |
Multiple Vulnerabilities in ResourceSpace |
| 335 |
Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog |
| 336 |
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064 |
| 337 |
Simple SSRF Allows Access To Internal Assets |
| 338 |
Multiple Resource by XVNPW Blog |
| 339 |
WordPress Plugin Confusion: How an update can get you pwned |
| 340 |
RCE with SSRF and File Write as an exploit chain on Apache Guacamole |
| 341 |
Grafana CVE-2021-43798 |
| 342 |
Data Exfiltration via CSS + SVG Font |
| 343 |
The Pen Testing Tools We’re Thankful for in 2021 |
| 344 |
HitCon CTF Challenges by Orange |
| 345-363 |
Random Readings |
| 364 |
Metasploit Basics for Hackers |
| 365 |
NCC Group’s Cryptopals Guided Tour! |
