| 1 |
2FA Bypass Techniques |
| 2 |
Regular Expression Denial Of Service |
| 3 |
SAML Vulnerabilities |
| 4 |
Unauthenticated & Exploitable JIRA Vulnerabilities |
| 5 |
Client-Side Template Injection(CSTI) |
| 6 |
Cross-Site Leaks (XS-Leaks) |
| 7 |
Cross-Site Script Includes (XSSI) |
| 8 |
JSON Padding Attacks |
| 9 |
JSON Attacks |
| 10 |
Abusing Hop-by-Hop Headers |
| 11 |
Cache Poisoned Denial of Service (CPDos) |
| 12 |
Unicode Normalization |
| 13 |
WebSocket Vulns (Part-1) |
| 14 |
WebSocket Vulns (Part-2) |
| 15 |
WebSocket Vulns (Part-3) |
| 16 |
Web Cache Deception Attack |
| 17 |
Session Puzzling Attack |
| 18 |
Mass Assignment Attack |
| 19 |
HTTP Parameter Pollution |
| 20 |
GraphQL Series (Part-1) |
| 21 |
GraphQL Vulnerabilities (Part-2) |
| 22 |
GraphQL WrapUp (Part-3) |
| 23 |
Password Reset Token Issues |
| 24 |
My previous works |
| 25 |
Salesforce Security Misconfiguration (Part-1) |
| 26 |
Salesforce Security Misconfiguration (Part-2)) |
| 27 |
Salesforce Configuration Review (Wrap) |
| 28 |
Common Business Logic Issues: Part-1 |
| 29 |
Common Business Logic Issues (Part-2) |
| 30 |
Common Business Logic Issues (Wrap) |
| 31 |
Captcha Bypass Techniques |
| 32 |
Pentesting Kibana Service |
| 33 |
Pentesting Docker Registry |
| 34 |
HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1) |
| 35 |
HTML Scriptless Attacks / Dangling Markup Attacks (Wrap) |
| 36 |
Pentesting Rsync Service |
| 37 |
CRLF Injection |
| 38 |
Pentesting FTP Service |
| 39 |
OpenID Connect Implementation Issues |
| 40 |
Cookie Based Authentication Vulnerabilities |
| 41 |
Cobalt Vulnerability Wiki - Resource |
| 42 |
Race Conditions |
| 43 |
SMTP Open Relay Attack |
| 44 |
Pentesting BACNet |
| 45 |
API Security Tips |
| 46 |
Pentesting SSH - Talk |
| 47 |
CORS Misconfiguration |
| 48 |
Incomplete Trailing Escape Pattern Issue |
| 49 |
Pivoting & Exploitation in Docker Environments - Talk |
| 50 |
Detect Complex Code Patterns using Semantic grep - Talk |
| 51 |
Student Roadmap to Become a Pentester - Talk |
| 52 |
Hacking How-To Series - Playlist |
| 53 |
JS Prototype Pollution |
| 54 |
JSON Deserialization Attacks |
| 55 |
Android App Dynamic Analysis using House |
| 56 |
Testing IIS Servers |
| 57 |
Secure Code Review - Talk |
| 58 |
JSON Interoperability Vulnerabilities - Research Blog |
| 59 |
HTTP Desync Attacks - Talk |
| 60 |
XSLT Injection |
| 61 |
Bypassing AWS Policies - Talk |
| 62 |
Source Code Review Guidelines - Resource |
| 63 |
All of the Threats: Intelligence, Modelling and Hunting - Talk |
| 64 |
Hidden Property Abuse (HPA) attack in Node.js - Talk |
| 65 |
HTTP Request Smuggling in 2020 - Talk |
| 66 |
Dependecy Confusion Attack - Blog |
| 67 |
Format String Vulnerabilities - Webinar |
| 68 |
Mobile Application Dynamic Analysis - Webinar |
| 69 |
Insecure Deserialization - Talk |
| 70 |
Web Cache Entanglement - Talk + Blog |
| 71 |
OWASP AMASS - Bootcamp |
| 72 |
Offensive Javascript Techniques for Red Teamers |
| 73 |
Basic CMD for Pentesters - Cheatsheet |
| 74 |
Investigating and Defending Office 365 - Talk |
| 75 |
WinjaCTF 2021 Solutions - Blog |
| 76 |
Kubernetes Security: Attacking and Defending K8s Clusters - Talk |
| 77 |
AWS Cloud Security - Resources |
| 78 |
WAF Evasion Techniques - Blog |
| 79 |
File Inclusion - All-in-One |
| 80 |
DockerENT Insights - Tool Demo Talk |
| 81 |
ImageMagick - Shell injection via PDF password : Research Blog |
| 82 |
Offensive GraphQL API Pentesting - Talk |
| 83 |
Bug Bounties with Bash - Talk |
| 84 |
Chrome Extensions Code Review - Talk |
| 85 |
Server-Side Template Injection - Talk |
| 86 |
Exploiting GraphQL - Blog |
| 87 |
Exploiting Email Systems - Talk |
| 88 |
Hacking with DevTools - Tutorial |
| 89 |
Common Android Application Vulnerabilities - Talk |
| 90 |
SAML XML Injection - Research Blog |
| 91 |
Finding Access Control & Authorization Issues with Burp - Blogs |
| 92 |
OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk |
| 93 |
JWT Attacks - Talk |
| 94-102 |
Random Readings |
| 103 |
Attacking Ruby on Rails Applications - Whitepaper |
| 104 |
Pentesting a Chrome Extension: Real Life Case Study - Blog |
| 105 |
XXE Simplified - Blog |
| 106 |
Web Hacking Pro Tips #9 with @zseano - Talk |
| 107 |
JS Prototype Pollution - Blog |
| 108 |
XSS via GraphQL Endpoint - Blog |
| 109 |
WS-2016-7107: CSRF tokens in Spring and the BREACH attack - Blog |
| 110 |
AWS SSRF Metadata Leakage - Blog |
| 111 |
Burp Suite Extension Development - Blog |
| 112-115 |
Random Readings |
| 116 |
Hacking OAuth Apps Pt-1 - Tutorial |
| 117 |
Portable Data exFiltration: XSS for PDFs - Blog |
| 118 |
PoC code and a case study on Task Hijacking in Android explaining how and why it works. (aka StrandHogg) - Blog |
| 119 |
OAuth - Flawed CSRF Protection - Tutorial |
| 120 |
Hacking Electron Apps with Electronegativity - Talk |
| 121 |
Awesome ElectronJS Hacking Resources |
| 122 |
Pentesting Blockchain Solutions - Tutorial |
| 123-124 |
Random Readings |
| 125 |
Oversized XML Attack - Wiki |
| 126 |
XML Complexity Attack in Soap Header - Wiki |