Giters

llllIIIllll / learn365

This repository is about @AnubhavSingh_'s 365 days of Learning Tweets collection.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Anubhav Singh. Huge thanks to Harsh Bothra, from whoam I got motivated to start this Learn365 challenge.

Day Topic
1
  • Learn Javascript
  • The Tool Box karma v2 and 4-ZERO-3 - Talk
  • Finding and exploiting unintended functionality in main web app APIs - Writeup
  • Workflow for Javascript Recon
2
  • Learn Javascript
  • Read BugBounty BootCamp - Book
  • Learn Python
3
  • Learn Javascript
  • AWS Lambda Command Injection - Writeup
  • A tale of zero click account takeover - Writeup
4
  • Learn CSS
  • Learn Python
5
  • Learn Javascript [Revision]
6
  • Solved DOM based XSS Labs on Portswigger
7
  • Solved DOM based XSS Labs on Portswigger
  • Learn Python
8
  • A Cool Account Takeover Vulnerability due to lack of Client Side Validation - WriteUp
9
  • WebSockets not Bound by SOP and CORS? - WriteUp
10
  • Unauth Cache Purging - WriteUp
  • How I was able to change victim’s password using IDN Homograph Attack - WriteUp
11
  • Controlling the web message source - Lab
  • JavaScript for Hackers - Video
  • HACKING postMessage() - Video
  • Introduction postmessage vulnerabilities - Writeup
  • Postmessage vulnerability demo -Lab
12
  • A simple Data Exfiltration! Excel magic - Writeup
13
  • One Token to leak them all : The story of a $8000 NPM_TOKEN - Writeup
  • Introduction to GraphQL - GraphQL Exploitation Part1 - Video
14
  • Finding The Origin IP Behind CDNs - Writeup
15
  • Hunting postMessage Vulnerabilities - White Paper
16
  • 120 Days of High Frequency Hunting - WriteUp
  • Hunting postMessage Vulnerabilities - White Paper
17
  • How to find new/more domains of a company? - Recon Stuff - Writeup
18
  • Read BugBounty BootCamp - Book
19
  • The Tale of a Click leading to RCE - Writeup
20
  • PostMessage Vulnerabilities - WriteUp
21
  • DVGA - Damn Vulnerable GraphQL Application Part 2 - Video
22
  • Chrome DevTools Crash Course - Video
23
  • Crontab for Linux Admins - Video
24
  • Template Injection in Action: 2-hour workshop on Template Injection (SSTI)
  • Read BugBounty BootCamp - Book
25
  • Hacking REST APIs: A beginner's guide - Course
26
  • Read BugBounty BootCamp - Book
  • Read zseano's methodology - Book
27
  • Read zseano's methodology - Book
28
  • Read zseano's methodology - Book
  • Params — Discovering Hidden Treasure in WebApps - Writeup
29
  • WebSockets and Hacking - Writeup
30
  • Pentesting API Top 10 - Talk
31
  • Read BugBounty BootCamp - Book
  • Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite - Writeup
32
  • Android: Quick History on Smartphones - Video
  • Intro to App Development - Video
  • Top 25 Browser Extensions for Pentesters and Bugbounty Hunters (2022) - Writeup
33
  • Intro to Android Architecture and Security - Video
  • What is an Android Operating System & Its Features - Writeup
  • Android Internals 101: How Android OS Starts You Application - Writeup
  • Android Security Part 1- Understanding Android Basics - Writeup
34
  • Mobile Application Penetration Testing - TCM Course
35
  • Read BugBounty BootCamp - Book
36
  • Solved 1-10 Challenges of InjuredAndroid
  • Recon methodology of @GodfatherOrwa - Video
37
  • Read BugBounty BootCamp - Book
38
  • 1,2 Exercises: Android App Reverse Engineering 101
39
  • 3,4 Exercises: Android App Reverse Engineering 101
40
  • Android App Reverse Engineering LIVE! Part 1 - Workshop
41
  • Android Architecture + Static Analysis with apktool + gf + jadx
  • Insecure Logging & Storage + Setup Genymotion & pidcat
42
  • Troubleshooting connection between WSL and android emulator
43
  • Mobexler : A Mobile Application Penetration Testing Platform - Video
44
  • Android Pentesting Lab Setup - Writeup
45
  • Hacking Android Deeplink Issues and Insecure URL Validation - Video
46
  • SINGLE-SIGN-ON SECURITY ISSUES : BugBounty BootCamp - Book
47
  • Solved Flag 12 & 13 of Injured Android
48
  • Android SSL Pinning Bypass for Bug Bounties & Penetration Testing - Video
  • SSL Pinning in Android Part 1 - Writeup
  • SSL Pinning in Android Part 2 - Writeup
  • What is Android Rooting? - Writeup
  • Four Ways to Bypass Android SSL Verification and Certificate Pinning - Writeup
49
  • Bypassing OkHttp Certificate Pinning - Writeup
  • Disabling SSL Pinning in Android Apps using Frida / Objection - Writeup
  • How To Bypass Apps Root Detection In Android - Writeup
  • Bug Bounty on Android : setup your Genymotion environment for APK analysis - Writeup
50
  • The Ultimate Guide to Android SSL Pinning Bypass - Guide
51
  • OAuth terminologies and flows explained - Video
  • OAuth 2.0 Hacking Simplified — Part 1 — Understanding Basics - Writeup
  • OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation - Writeup
52
  • Bug Bounty — Bypassing Endpoints - Writeup
53
  • How I made 25000 USD in bug bounties with reverse proxy - Writeup
54
  • Intercepting Android Emulator SSL traffic with burp using magisk - Writeup
55
  • Subdomains Tools Review: a full and detailed comparison of subdomain enumeration tools - Writeup
56
  • Lab: Authentication bypass via OAuth implicit flow
57
  • Web Authentication and Authorization Zine - Zine
58
  • Forced OAuth profile linking - Lab
  • OAuth account hijacking via redirect_uri - Lab
  • Stealing OAuth access tokens via an open redirect - Lab
59
  • ANDROID APP SECURITY BASICS (Static analysis - Part 1) - Video
60
  • HACKING ANDROID WebViews (Static analysis - Part 2) - Video
  • Getting Started with Android Application Security - Writeup
  • Android Pentest: Automated Analysis using MobSF - Writeup
  • Static Analysis of Android Application & Tools Used - Writeup
  • Complete Android Pentesting Guide - Writeup
61
  • Android App Security & Testing - Writeup
  • Exploiting Android activity android:exported="true" - Writeup
  • Exploiting Activity in medium android app - Writeup
62
  • Android Penetration Testing: Drozer - Writeup
63
  • Android Pentest: Deep Link Exploitation - Writeup
64
  • Android Applications Pentesting (Static Analysis) - HackTricks
65
  • OAuth Sign Up AND Log In (1-6 Slides) - Slides
66
  • Authentication bypass due to weak verification of SAML Token - Writeup
67
  • Bypassing Google Authentication on Periscope's Administration Panel - Writeup
68
  • Burp Bounty v2 Documentation
  • Architect: Major Design Decisions - OAuth
  • Classic Web Application: Authorization Code Grant Flow - OAuth
69
  • Authorizationcode_tester - Tester: Exploit Mistakes
70
  • Pwning a Server using Markdown - Writeup
71
  • Critical XSS in chrome extension - Writeup
72
  • Penetrate the Protected Component in Android Part 1 - Writeup
73
  • Penetrate the Protected Component in Android Part 2 - Writeup
74
  • From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password - Writeup
75
  • How Tapjacking Made a Return with Android Marshmallow and Nobody Noticed - Writeup
76
  • How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? - Writeup
77
  • Android Development (1:45 Hrs) - Video
78
  • Android Development: Java Refresher - Video
79
  • Android Development: Activities & Layouts - Video
80
  • Android Development: MultiScreen Apps - Video
81
  • How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes - Writeup
82
  • From XSS to RCE (dompdf 0day) - Writeup
83
  • A Detailed Guide on httpx - Writeup
84
  • Chapter 24 API Hacking : BugBounty BootCamp - Book
85
  • Preparing for API Security Testing : Hacking APIs - Book
86
  • How web applications work : Hacking APIs - Book

About

This repository is about @AnubhavSingh_'s 365 days of Learning Tweets collection.