I Started making this Repository almost a year ago for myself so that i can keep up all the stuff for reading at one place . But after such a long time i can realize that this repository can help beginners and intermediate too for finding and reading stuff during their bug hunting. So i am making this repo public so that more people can put into this and make this repo a big hub for learning.
If you like to thank me , just share it and follow me on twitter ShMalav
ALSO I REQUEST PEOPLE WHO GONNA SUBMIT BLOGS TO THIS REPO. PLEASE DO IT SECTION WISE ACCORDING TO BUG TYPE FOR MORE CONVINIENCE TO NEW PEOPLE IN LEARNING.
//MISCELLAENOUS WRITEUPS AND BLOGS FOR ALMOST EVERY TYPE OF BUG
https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0
https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles
https://hackerone.com/reports/474656
https://medium.com/@sn22shop/idor-in-tokopedia-on-attach-link-produk-in-chat-d1ca76b044b3
https://medium.com/@mikicaivosevic/google-mamuran-put-do-5000-dfa844ba774d
https://medium.com/@kanchansinghyadav/a-short-tale-of-session-fixation-a8ad5a25bfd9
https://medium.com/@ismailtasdelen/how-do-you-use-an-xss-as-a-keylogger-2af735462332
https://medium.com/@abaykan/clickjacking-on-google-cse-6636bba72d20
https://nirmaldahal.com.np/sxss-to-defacement-and-account-takeover/
https://medium.com/bugbountywriteup/bugbounty-aws-s3-added-to-my-bucket-list-f68dd7d0d1ce
https://medium.com/edureka/what-is-penetration-testing-f91668e2291a
https://medium.com/tsscyber/xss-in-dynamics-365-25c800aac473
https://medium.com/@kaushalagarwal_73962/hacking-penetration-testing-tools-collection-ce1b78cc0c85
https://medium.com/@hackison/red-teaming-technique-msfpc-2e9a306af8af
https://medium.com/@chennylmf/i-got-my-oscp-from-zero-to-hero-in-one-year-9ee5a4fa0180
https://blog.usejournal.com/web-application-penetration-testing-9fbf7533b361
https://blog.safehats.com/penetration-testing-android-application-checklist-b115ed7cddf6
https://medium.com/bugbountywriteup/5-tips-for-oscp-prep-76001cdf4f4f
https://medium.com/@muibraheem96/xxs-using-meta-tags-8237a7600ede
https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b
https://medium.com/bugbountywriteup/sqlmaps-os-shell-backdooring-website-with-weevely-8cb6dcf17fa4
https://medium.com/@kamransaifullah786/rfi-to-rce-challenge-by-zixem-writeup-d0c4c5bec2fe
https://medium.com/@satboy.fb/how-i-caught-multiple-vulnerabilities-in-udemy-com-14012a8a1421
https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884
https://medium.com/bugbountywriteup/bypassing-rate-limit-abusing-misconfiguration-rules-dcd38e4e1028
https://medium.com/@maxcarson096/new-subdomain-takeover-methods-46479b88b686
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://samcurry.net/reading-asp-secrets-for-17000/
https://github.com/jivoi/awesome-osint#-other-tools
https://mustafakemalcan.com/asus-rce-vulnerability-on-rma-asus-europe-eu/
https://www.we45.com/blog/server-side-template-injection-a-crash-course-
https://www.whitehatsec.com/blog/error-handling-in-java-web-xml/
https://software-security.sans.org/blog/2010/08/11/security-misconfigurations-java-webxml-files
https://blog.0patch.com/2019/02/no-source-code-for-14-year-old.html
https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2
https://medium.com/@futaacmcyber/stored-xss-on-edmodo-11a3fbc6b6d0
https://medium.com/@neerajn_53880/basic-penetration-testing-walk-through-for-beginners-131b0e9f0adf
https://www.secjuice.com/web-application-firewall-waf-evasion/
https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0
https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
https://medium.com/bugbountywriteup/guide-to-basic-recon-bug-bounties-recon-728c5242a115
https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f
https://medium.com/bugbountywriteup/bug-bounty-tips-tricks-js-javascript-files-bdde412ea49d
https://renaudmarti.net/posts/first-bug-bounty-submission/
https://www.inputzero.io/2019/02/fuzzing-webkit.html
https://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/
https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/
https://the-infosec.com/2017/05/12/from-shodan-to-rce-opendreambox-2-0-0-code-execution/
https://the-infosec.com/2018/01/18/from-shodan-to-rce-3-hacking-belkin-routers/
https://the-infosec.com/2017/06/22/from-shodan-to-remote-code-execution-1-hacking-jenkins/
https://the-infosec.com/2017/04/18/penetration-testing-sharepoint/
http://www.vulnerability-lab.com/resources/documents/531.txt
https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/
https://hausec.com/pentesting-cheatsheet/
https://medium.com/@addictrao20/fixed-brute-force-instagram-accounts-passwords-938471b6e9d4
https://hackersonlineclub.com/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-2/
https://hackersonlineclub.com/server-side-request-forgery-ssrf-types/
https://hackersonlineclub.com/mobile-security-penetration-testing/
https://github.com/secfigo/Awesome-Fuzzing
https://blog.cobalt.io/from-ssrf-to-port-scanner-3e8ef5921fbf
https://medium.com/@sajeeb.l/weaponising-staged-cross-site-scripting-xss-payloads-7b917f605800
https://medium.com/@hninja049/stored-xss-in-https-www-bitcoinget-com-30f43202f017
https://medium.com/@hninja049/zixem-xss-writeup-a684b04e5224
https://medium.com/@baibhavanandjha/bypassing-instagrams-stories-restriction-5936f8a4f079
https://medium.com/@__rishabh__/open-redirect-to-account-takeover-e939006a9f24
https://medium.com/@artemlogutov/hunting-for-insecure-docker-registries-d87d293e6779
https://medium.com/@hninja049/writeup-xss-practice-lab-18bd8cefeea2
https://medium.com/@arbazhussain/svg-xlink-ssrf-fingerprinting-libraries-version-450ebecc2f3c
https://zeropwn.github.io/2019-05-13-xss-to-rce/
https://www.netsparker.com/blog/web-security/content-type-status-code-leakage/
https://medium.com/@nuraalamdipu/xss-403-forbidden-bypass-write-up-e070de52bc06
https://0x00sec.org/t/fun-bypass-xss-detection-waf/12228
https://blog.zsec.uk/subdomainhijack/ //aws cloudfront takeover writeup
https://digi.ninja/blog/cloudfront_example.php //cloudfront domain takeover writeup
https://medium.com/@vysec.private/domain-fronting-via-cloudfront-alternate-domains-f28b0675e500
https://medium.com/iocscan/dom-based-cross-site-scripting-dom-xss-3396453364fd
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html
https://www.corben.io/jenkins-to-full-pwnage/
https://research.securitum.com/xss-in-amp4email-dom-clobbering/
https://about.gitlab.com/blog/2019/11/29/shopping-for-an-admin-account/
https://www.kitploit.com/2019/12/apk-mitm-cli-application-that-prepares.html?m=1
https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194
https://securitytrails.com/blog/subdomain-takeover-tips
https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
https://medium.com/@ricardoiramar/reusing-cookies-23ed4691122b
https://blog.zeddyu.info/2019/12/08/HTTP-Smuggling-en/
https://medium.com/@d0nut/attacks-on-applications-of-k-anonymity-for-the-rest-of-us-426d3b75145c
https://medium.com/@kaviru.mihisara/double-submit-cookie-pattern-820fc97e51f2
https://medium.com/better-programming/an-introduction-to-buffer-overflow-vulnerability-760f23c21ebb
https://medium.com/@pratyush1337/idor-bugs-are-pure-love-7k-250-54f3235ee943
https://medium.com/bugbountywriteup/time-based-blind-sql-injection-in-graphql-39a25a1dfb3c
https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417
https://medium.com/cyberverse/automating-burp-to-find-idors-2b3dbe9fa0b8
https://rezo.blog/hacking/2019/11/29/rce-via-imagetragick.html
https://hackerone.com/reports/736863
https://medium.com/@pflash0x0punk/ssrf-via-ffmpeg-hls-processing-a04e0288a8c5
https://medium.com/@navne3t/150-xss-at-error-page-of-respository-code-4fc628892742
https://evanricafort.blogspot.com/2019/12/html-injection-to-xss-bypass-in.html
https://hipotermia.pw/bb/http-desync-idor
https://medium.com/@anggaid/bug-idor-apps-misteraladin-10e8c71edabf
https://medium.com/@osama.alaa/egctf-2019-secure-document-portal-656e69a2d8c7
https://shells.systems/category/static-code-analysis/
https://medium.com/bugbountywriteup/stories-of-idor-part-2-29d313a39e55?
https://medium.com/@abidafahd/how-i-was-able-to-hunt-a-rare-bug-in-a-private-program-caec0ebaef7f
https://memn0ps.github.io/2019/11/02/HTTP-Request-Smuggling-CL-TE.html
https://geleta.eu/2019/my-first-ssrf-using-dns-rebinfing/
http://ghostlulz.com/exposed-log-and-configuration-files/
https://medium.com/bugbountywriteup/spoylleak-4ea0a8641561
https://medium.com/@Rising_Hunter/privilege-escalation-with-simple-recon-da4e50fea9e5?
http://marduc812.com/2018/12/19/find-subdomains-using-project-sonar-by-rapid7/
https://github.blog/2013-04-09-yummy-cookies-across-domains/
https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
https://ngailong.wordpress.com/author/ngalog/
https://thoughtbot.com/blog/is-your-site-leaking-password-reset-links
https://medium.com/bugbountywriteup/cross-site-scripting-on-a-big-banks-payment-gateway-a986a2ba5d7?
https://medium.com/@cc1h2e1/bug-bounty-check-list-by-c1-2beb7ae3c116
https://github.com/gwen001/github-search
https://medium.com/@vickieli/sitemap-xml-6ecc3b14b4f?
https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html
https://github.com/xdavidhu/awesome-google-vrp-writeups
https://blog.reconless.com/samesite-by-default/
https://www.bedefended.com/papers/cors-security-guide
https://medium.com/taptuit/exploiting-xss-via-markdown-72a61e774bf8
https://esoln.net/blog/2019/09/11/shodan-to-bug-bounty-unauthenticated-kibana-log-server/
https://community.turgensec.com/ssh-hacking-guide/
https://www.scip.ch/en/?labs.20160414
https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html
https://medium.com/cyberverse/bug-bounty-with-bash-438596ff72f5
https://blog.detectify.com/2020/01/07/guest-blog-streaak-my-recon-techniques-from-2019/
https://medium.com/@maverickNerd/recon-everything-48aafbb8987
https://medium.com/@know.0nix/hunting-good-bugs-with-only-html-d8fd40d17b38
**********************************************learning and downloading sites below ******************************************** http://lira.epac.to/DOCS-TECH/Hacking/
http://index-of.co.uk/Hacking/
http://books.archive.tjw.moe/computing/
https://repo.palkeo.com/repositories/mirror7.meh.or.id/ebooks/
https://the-infosec.com/2017/04/18/penetration-testing-sharepoint/
https://medium.com/@addictrao20/fixed-brute-force-instagram-accounts-passwords-938471b6e9d4
https://hackersonlineclub.com/server-side-request-forgery-ssrf-types/
https://hackersonlineclub.com/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-2/
https://hackersonlineclub.com/mobile-security-penetration-testing/
RED TEAM TOOLKIT***************************
https://www.peerlyst.com/posts/17-tips-for-a-successful-red-team-nasrumminallah-zeeshan
https://github.com/topics/redteam
https://techbeacon.com/security/modern-red-teaming-21-resources-your-security-team
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
https://github.com/infosecn1nja/Red-Teaming-Toolkit
CSRF TOOLS AND WRITEUPS************************ https://github.com/gilbitron/EasyCSRF
https://github.com/ahsansmir/pinata-csrf-tool
https://github.com/PaulSec/CSRFT
https://github.com/0xInfection/XSRFProbe
https://github.com/tgianko/deemon
https://github.com/AlecBlance/Csrf-Finder
https://medium.com/bugbountywriteup/tagged/csrf
https://www.hackeroyale.com/hacking-websites-using-csrf-attack/
CORS TOOLS GUIDE AND WRITEUPS***************** https://portswigger.net/kb/papers/exploitingcorsmisconfigurations.pdf
https://www.we45.com/blog/3-ways-to-exploit-misconfigured-cross-origin-resource-sharing-cors
https://brutelogic.com.br/blog/cors-enabled-xss/
https://www.corben.io/tricky-CORS/
https://medium.com/bugbountywriteup/stealing-user-details-by-exploiting-cors-c5ee86ebe7fb
https://dzone.com/articles/basics-of-cors
https://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin-resource-sharing/
https://github.com/chenjj/CORScanner
https://github.com/RUB-NDS/CORStest
YOUTUBE POCS************************* https://www.youtube.com/watch?v=FVeszzMJfpc
https://www.youtube.com/watch?v=ABLQADqaJuo
https://www.youtube.com/watch?v=FIWB3exRGV8
https://www.youtube.com/watch?v=FVeszzMJfpc
https://www.youtube.com/watch?v=YLMziP_e9k4
https://www.youtube.com/watch?v=Re4S96EbFBI
https://www.youtube.com/watch?v=E28qgULma_I
https://www.youtube.com/watch?v=WWxLuvysI4U
https://www.youtube.com/watch?v=6t8HbirL6TE
PRIVILEGE ESCALATION********** https://spyclub.tech/2019/02/26/horizontal-privilege-escalation-on-quora/
https://medium.com/bugbountywriteup/from-tomcat-to-nt-authority-system-a79fa09c4abb
https://kongwenbin.wordpress.com/tag/privilege-escalation/
https://gauravnarwani.com/priv-esc-highest-admin/
https://medium.com/@hritik.3hs/exploiting-two-endpoints-to-get-account-takeover-651813d0a33b
https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
https://medium.com/@vignesh4303/how-i-hacked-netflix-users-use-it-free-forever-9febb1427262
https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/
https://medium.com/@UpdateLap/privileged-escalation-in-facebook-messenger-rooms-e71cb7275101
https://ioactive.com/discovering-and-exploiting-a-vulnerability-in-androids-personal-dictionary/
https://www.ambionics.io/blog/prestashop-privilege-escalation
https://medium.com/@rojanrijal/luminate-internal-privilege-escalation-admin-to-owner-2ca28e575985
https://wesecureapp.com/2017/07/10/fabric-io-api-permission-apocalypse-privilege-escalations/
https://blog.it-securityguard.com/a-tale-of-7-vulnerabilities-paypal-bug-bounty/
https://josipfranjkovic.blogspot.com/2013/01/googlecom-cross-site-scripting-and.html
https://www.roguesecurity.in/2018/01/20/hack-the-box-calamity-privilege-escalation-writeup/
https://medium.com/@imranparray/privilege-escalation-on-private-program-a2a5548cde09
blog on privilege escalation*** https://blog.netwrix.com/2018/09/05/what-is-privilege-escalation/
http://www.valencynetworks.com/penetration-testing-services/privilege-escalation.html
https://bryanavery.co.uk/vertical-and-horizontal-privilege-escalation/
https://pentest.blog/how-to-test-horizontal-vertical-authorization-issues-in-web-application/
http://www.w4rri0r.com/vulnerabilities-attacker-surface/privilege-escalation.html
https://www.future-processing.pl/blog/privilege-escalation/
https://outpost24.com/blog/Vertical-privilege-escalation
https://authanvil.com/blog/the-concept-of-least-privilege
https://cse.sc.edu/~lluo/csce813/reading-papers/mace.pdf
https://rajeshmjmdr.blogspot.com/2016/02/flipkart-horizontal-privilege-escalation.html
https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
https://github.com/MarioBartolome/Jenkins-pRCE-exploit
https://tech.target.com/2019/03/15/SharePoint-Cross-Site-Scripting.html
https://omespino.com/write-up-1000-usd-in-5-minutes-xss-stored-in-outlook-com-ios-browsers/
https://pentestacademy.wordpress.com/2017/09/20/nfs/
https://github.com/NetSPI/PowerUpSQL/wiki/SQL-Server---UNC-Path-Injection-Cheat-Sheet
https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0
https://github.com/fr34k8/awesome-pentest
*WPA/WPA2 wordlist dictionaries
https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0
https://github.com/Screetsec/Wordlist-Dracos
https://github.com/kennyn510/wpa2-wordlists
https://www.openwall.com/wordlists/
https://github.com/berzerk0/Probable-Wordlists
https://github.com/xajkep/wordlists
https://wifi0wn.wordpress.com/wepwpawpa2-cracking-dictionary/
S3 BUCKETS TOOLS AND WRITEUPS**********************
https://medium.com/bugbountywriteup/4500-bounty-how-i-got-lucky-99d8bc933f75
https://blog.zsec.uk/subdomainhijack/
https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-3-kicking-s3-buckets-84c231939066
https://medium.com/bugbountywriteup/bugbounty-aws-s3-added-to-my-bucket-list-f68dd7d0d1ce
https://carltonbale.com/how-to-alias-a-domain-name-or-sub-domain-to-amazon-s3/
https://labs.detectify.com/tag/hostile-subdomain-takeover/
https://www.mohamedharon.com/2019/02/subdomain-aws-s3-buckets-reader.html
https://vulners.com/hackerone/H1:207576
https://xsses.rocks/finding-s3-buckets-by-accident/
https://tutorgeeks.blogspot.com/2017/12/aws-s3-bucket-subdomain-takeover.html
https://bugbountypoc.com/s3-bucket-misconfiguration-from-basics-to-pawn/
https://www.we45.com/blog/how-an-unclaimed-aws-s3-bucket-escalates-to-subdomain-takeover
https://bugbountypoc.com/bugcrowds-domain-takeover/
https://awsinsider.net/articles/2017/07/14/verizon-leak.aspx
https://blog.securitybreached.org/2018/09/24/subdomain-takeover-via-unsecured-s3-bucket/
https://medium.com/@syedabuthahir/how-i-takeover-subdomain-by-claim-unclaimed-s3-bucket-81a68823af74
https://www.thebuckhacker.com/
https://0xpatrik.com/takeover-proofs/
https://github.com/random-robbie/AWS-Scanner
https://buckets.grayhatwarfare.com/
https://github.com/ankane/s3tk
https://github.com/jordanpotti/AWSBucketDump
https://github.com/michenriksen/bucketlist
https://github.com/haccer/subjack
https://github.com/Den1al/PyLazyS3
APIs*****************
https://payatu.com/beginners-guide-restful-api-vapt-part-1/
https://payatu.com/beginners-guide-restful-api-vapt-part-2/
https://threat.tevora.com/stop-collaborate-and-listen/amp/
https://tint0.com/expanding-java-deserialization-struts/
https://somdev.me/mass-cracking-cybrary-accounts/
https://alamot.github.io/reverse_shells/
https://portswigger.net/web-security/sql-injection
https://www.templarbit.com/blog/2018/01/10/api-security-checklist/
https://www.soapui.org/rest-testing/getting-started.html
https://github.com/mingrammer/api-security-checklist
https://www.pentestgeek.com/burp-suite/playing-with-the-new-burp-suite-rest-api
https://www.youtube.com/watch?v=43G_nSTdxLk
https://www.peerlyst.com/posts/resource-a-list-of-api-security-guides-and-resources-karl-m-1
https://www.rarefied.co/api-penetration-testing.html
https://www.redteamsecure.com/api-enumeration-with-redteam-securitys-tool-purl/
https://blog.cobalt.io/pen-testing-in-the-era-of-apis-and-microservices-797bf8d8a7b7
https://blog.secureideas.com/2019/03/better-api-penetration-testing-with-postman-part-1.html
XSS blogs on detection and understanding**********************************
https://pentest-tools.com/blog/xss-attacks-practical-scenarios/
https://www.indusface.com/blog/vulnerable-cross-site-scripting-xss/
https://www.indusface.com/blog/xss-examples-prevent/
https://www.whitehatsec.com/blog/anatomy-of-an-xss-injection/
https://blog.sqreen.io/xss-in-vue-js/
https://blog.scottlogic.com/2016/02/29/Cross-site-scripting.html
http://www.securityidiots.com/Web-Pentest/XSS/different-contexts-for-xss-execution.html
https://opsecx.com/index.php/modules/different-contexts-in-xss/?course_id=117
https://blogs.sap.com/2015/12/17/xss-cross-site-scripting-overview-with-contexts/
http://blog.ironwasp.org/2014/07/contexts-and-cross-site-scripting-brief.html
https://brutelogic.com.br/blog/transcending-context-based-filters/
https://nvisium.com/blog/2015/07/30/mitigating-javascript-context-cross.html
https://www.tenable.com/plugins/was/98106
https://security.googleblog.com/2009/03/reducing-xss-by-way-of-automatic.html
http://www.thespanner.co.uk/2012/07/25/multi-context-xss-injection-contest/
https://www.e-sciencecentral.org/articles/SC000014852
https://arxiv.org/ftp/arxiv/papers/1804/1804.00755.pdf
https://2018.appsec.eu/presos/Hacker_The-Last-XSS_Jim-Manico_AppSecEU2018.pdf
https://enciphers.com/how-to-approach-for-xss-hunting-in-a-web-application/
https://www.hindawi.com/journals/jcnc/2018/8159548/
CSP bypass writeups links***************************************
https://blog.ibrahimdraidia.com/bypass-csp-framing-restriction-rule-olx/
https://medium.com/@efkan162/how-i-xssed-uber-and-bypassed-csp-9ae52404f4c5
https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html
https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5
https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5
https://developers.google.com/web/fundamentals/security/csp/
awesome github lists******************************************************************************************* https://github.com/0xInfection/Awesome-WAF
https://github.com/m4ll0k/Awesome-Hacking-Tools
*Miscellaeneous writeups and links *******************************************************************************
https://esc.sh/blog/proftp-vulnerability-could-allow-an-attacker-to-gain-a-shell-in-your-server/
https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed
https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html
https://thesecurityexperts.wordpress.com/2018/10/28/journey-through-google-referer-leakage-bugs/
https://hackademic.co.in/youtube-bug/
https://medium.com/@zseano/leaking-openid-tokens-with-the-bug-right-infront-of-you-95c1fb4a86e9
https://teamrot.fi/2019/05/23/self-hosted-burp-collaborator-with-custom-domain/
https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
https://medium.com/@frostnull1337/from-file-upload-to-email-pass-dc7141aa1ff6
https://labs.detectify.com/2019/05/24/how-to-tutorial-php-webshell-de-obfuscation/
https://medium.com/@fbotes2/enumerating-a-digital-footprint-2f2feeef4130
http://bugdisclose.blogspot.com/
https://gauravnarwani.com/a-tale-of-3-xss/
https://ngailong.wordpress.com/
https://nirmaldahal.com.np/r-xss-csrf-bypass-to-account-takeover/
https://ahussam.me/Medium-full-account-takeover/
https://0x00sec.org/t/intigriti-xss-challenge-solution/13896?u=hasp0t
https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
https://medium.com/@matarpan33r/stored-xss-on-edmodo-67b244824fa5
https://medium.com/@pussycat0x/bypassing-2fa-using-an-ancient-trick-bugbounty-30738461a9f4
https://medium.com/@valeriyshevchenko/ssrf-vulnerability-due-to-sentry-misconfiguration-5e758bdb4e44
https://www.coengoedegebure.com/how-i-got-access-to-local-aws-info-via-jira/
https://generaleg0x01.com/2019/03/10/escalating-ssrf-to-rce/
https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/
https://www.coengoedegebure.com/author/coen/
https://danielmiessler.com/study/infosec_interview_questions/
https://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html
https://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
https://medium.com/@vishnu0002/remote-code-execution-recon-wins-e9c1db79f3da
https://medium.com/@heinthantzin/how-does-my-recon-win-250-in-15-minutes-a1992508b911
https://medium.com/@appsecure/how-i-could-have-hacked-your-uber-account-e98e64ab51bb
https://medium.com/@aayushpokhrel/how-i-made-my-first-from-finding-a-bug-in-facebook-da3b11e550f0
https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/edit#slide=id.p
https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/edit#slide=id.p
https://medium.com/@shivsahni2/aws-ns-takeover-356d2a293bca
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
https://evanricafort.blogspot.com/2019/08/application-level-denial-of-service-dos.html
https://gh0st.cn/archives/2019-10-01/1
https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489
https://medium.com/@bilalmerokhel/recon-to-network-takeover-688309b17721
https://medium.com/@nahoragg/chaining-cache-poisoning-to-stored-xss-b910076bda4f
https://labs.nettitude.com/blog/cross-site-scripting-xss-payload-generator/
https://www.hahwul.com/2019/07/onpoint-xss-payload-for-bypass-xss-protection.html
https://please.dont-hack.me/books/hacking/
https://www.christian-schneider.net/CrossSiteWebSocketHijacking.html
https://www.utf8-chartable.de/unicode-utf8-table.pl?utf8=string-literal
https://rhys.io/post/rce-in-ruby-using-mustache-templates
https://www.xul.fr/javascript/parameters.php
https://www.sitepoint.com/vue-d3-data-visualization-intro/
http://blog.jr0ch17.com/#write-ups
https://pentester.io/commonspeak-bigquery-wordlists/
https://anchor.host/website-screenshots-with-gowitness/
https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884
https://soroush.secproject.com/blog/
https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/
https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-3-kicking-s3-buckets-84c231939066
https://sylarsec.com/2019/08/06/making-xss-more-discoverable-with-knoxss/
https://securityboulevard.com/2019/08/how-buffer-overflow-attacks-work/
https://3xpl01tc0d3r.blogspot.com/
https://medium.com/@pratiky054/graphql-bug-to-steal-anyones-address-fc34f0374417
http://michaeldaw.org/papers/hotlinks-persistent-csrf/
https://github.com/gquere/pwn_jenkins
https://medium.com/@GAYA3_R/some-useful-shodan-queries-5f31be3c486e
https://www.corben.io/jenkins-to-full-pwnage/
https://medium.com/@yassergersy/account-take-over-via-reset-password-f2e9d887bce1
https://anotherhackerblog.com/exploiting-file-uploads-pt-2/
https://anotherhackerblog.com/exploiting-file-uploads-pt1/
https://github.com/righettod/poc-graphql
https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
https://medium.com/@cc1h2e1/write-up-of-two-http-requests-smuggling-ff211656fe7d
https://blog.evilpacket.net/2019/leveraging-javascript-debuggers/
https://addictivehackers.blogspot.com/2017/08/account-takeover-via-password-reset.html
https://medium.com/@akshukatkar/rce-with-flask-jinja-template-injection-ea5d0201b870
https://gauravnarwani.com/two-factor-authentication-bypass/
https://gauravnarwani.com/android-acc-takeover/
https://www.we45.com/blog/2017/02/14/csv-injection-theres-devil-in-the-detail
http://10degres.net/subdomain-enumeration/
https://www.rahulr.in/2019/10/idor-to-rce.html?m=1
https://portswigger.net/research/xs-leak-leaking-ids-using-focus
http://10degres.net/swag-store/
https://ngailong.wordpress.com/2017/08/07/uber-login-csrf-open-redirect-account-takeover/
https://securityidiots.com/Web-Pentest/XXE/XXE-Cheat-Sheet-by-SecurityIdiots.html
https://blog.fadyothman.com/how-i-discovered-xss-that-affects-over-20-uber-subdomains/
https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/
https://medium.com/bugbountywriteup/bug-bounty-tips-tricks-js-javascript-files-bdde412ea49dz
https://medium.com/@mastomi/xss-to-account-takeover-d5beddc5c704
https://medium.com/@ronak_9889/privilege-escalation-using-api-endpoint-fce841caaff3
https://medium.com/@chawdamrunal/what-is-parameter-tampering-5b1beb12c5ba
https://medium.com/@kirankg/the-batchoverflow-bug-and-how-to-catch-all-bugs-243dcf4ea95c
https://medium.com/@terjanq/dom-clobbering-techniques-8443547ebe94
https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
https://www.allysonomalley.com/2018/12/03/ios-bug-hunting-web-view-xss/
https://www.hahwul.com/2019/11/upgrade-self-xss-to-exploitable-xss.html?m=1
https://medium.com/@frostnull/sql-injection-through-user-agent-44a1150f6888
https://sechow.com/bricks/docs/content-page-4.html
XXE************************************************************
https://resources.infosecinstitute.com/xxe-attacks/#gref
https://blog.zsec.uk/blind-xxe-learning/
https://www.sans.org/reading-room/whitepapers/application/paper/34397
https://www.we45.com/blog/3-ways-an-xxe-vulnerability-could-hit-you-hard
http://www.tizag.com/xmlTutorial/index.php
https://www.secpod.com/blog/xxe-xml-external-entity-attack/
http://riseandhack.blogspot.com/2015/02/xml-injection-soap-injection-notes.html
https://www.christian-schneider.net/GenericXxeDetection.html
https://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-injection
https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=ROBJ_method_soapaction
https://www.w3.org/TR/2000/NOTE-SOAP-20000508/
https://phonexicum.github.io/infosec/xxe.html
https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html
**************************cloudflare bypass ***********************************************
https://portswigger.net/blog/bypassing-csp-with-policy-injection
https://rhinosecuritylabs.com/application-security/nvidia-rce-cve-2019-5678/
https://medium.com/bugbountywriteup/bypassing-instagrams-stories-restriction-5936f8a4f079
https://medium.com/websec/woocommerce-replace-to-rce-again-3a3a34d3d45c
https://ravirajput.github.io/recon_by_armaanpathan12345/#/10
https://anotherhackerblog.com/exploiting-file-uploads-pt1/
https://blog.nyangawa.me/security/GitLab-Local-File-Read/
http://www.securityidiots.com/Web-Pentest/hacking-website-by-shell-uploading.html
https://appsecco.com/books/subdomain-enumeration/passive_techniques/public_datasets.html
https://dmsec.io/hacking-thousands-of-websites-via-third-party-javascript-libraries/
https://medium.com/@ghostlulzhacks/xml-external-entity-xxe-62bcd1555b7b?postPublishedType=initial
https://www.smeegesec.com/2017/10/detecting-ssrf-using-aws-services.html
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://h1.security.nathan.sx/
https://danielmiessler.com/study/
https://www.guru99.com/mobile-testing.html
http://51elliot.blogspot.com/2014/06/rest-api-best-practices-4-collections.html
http://51elliot.blogspot.com/2014/05/rest-api-best-practices-3-partial.html
http://51elliot.blogspot.com/2014/04/rest-api-best-practices-http-and-crud.html
http://51elliot.blogspot.com/2014/03/rest-api-best-practices-rest-cheat-sheet.html
https://2019.pass-the-salt.org/schedule/
https://2019.pass-the-salt.org/files/slides/
https://zwischenzugs.com/2018/06/08/anatomy-of-a-linux-dns-lookup-part-i/
https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw
https://github.com/securityidiots/CollabOzark
http://big-elephants.com/2014-01/handling-rails-4-sessions-with-go/
https://robertheaton.com/2013/07/22/how-to-hack-a-rails-app-using-its-secret-token/
https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
https://www.corben.io/atlassian-crowd-rce/
http://www.primalsecurity.net/tutorials/exploit-tutorials/
https://0xdarkvortex.dev/index.php/2019/07/17/red-team-ttps-part-1-amsi-evasion/
https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
https://medium.com/@iSecMax/%D1%81ookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564
https://ardern.io/2019/06/20/payload-bxss/
https://github.com/redhuntlabs/BurpSuite-Asset_Discover
https://medium.com/@sansyrox/hacking-tinders-premium-model-43f9f699d44
https://hackerone.com/reports/629087
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
https://medium.com/@bywalks/xss-on-twitter-worth-1120-914dcd28ee18
https://blog.parthmalhotra.com/pwning-child-company-to-get-access-to-parentcompanys-slack-team/
https://medium.com/@sabya90sachi/reflected-xss-on-dutch-government-f3eea567b72a
https://medium.com/@dimazarno/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17
https://github.com/twintproject/twint // great tool for twitter scrapping
https://github.com/JavierOlmedo/shodan-filters
https://web-in-security.blogspot.com/2019/07/testing-saml-endpoints-for-xml.html
https://danielmiessler.com/study/shodan/
DOM XSS BLOGS WRITEUPS AND INFO**
http://www.webappsec.org/projects/articles/071105.html
https://0x62626262.wordpress.com/2015/10/01/dom-based-xss-introduction-2/
https://www.mohamedharon.com/2019/09/dom-based-xss-in-private-program.html
https://appio.dev/vulns/clickjacking-xss-on-google-org/
https://mike-n1.github.io/Chain_XSS
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
https://blog.mindedsecurity.com/2018/04/dom-based-cross-site-scripting-in.html //important
https://medium.com/@abdelfattahibrahim/from-recon-to-dom-based-xss-f279602a14cf
https://blog.it-securityguard.com/bugbounty-paypal-dom-xss-main-domain/
https://gauravnarwani.com/a-tale-of-3-xss/
https://d-nb.info/1081246758/34
https://blog.compass-security.com/2013/01/dom-based-xss-unsafe-javascript-functions/
FUZZING******************************************************
https://www.fuzzingbook.org/html/WebFuzzer.html
https://www.guru99.com/fuzz-testing.html
https://www.blackhat.com/presentations/bh-dc-07/Sutton/Presentation/bh-dc-07-Sutton-up.pdf
**************TOOL
https://github.com/gwen001/pentest-tools
https://github.com/Shashank-In/TravisLeaks
https://securitytrails.com/blog/github-dorks
https://github.com/vavkamil/XFFenum/
https://haxf4rall.com/2019/09/02/finddomain/?utm_source=dlvr.it&utm_medium=twitter
https://github.com/jakejarvis/awesome-shodan-queries
https://github.com/dylanaraps/pure-bash-bible
https://github.com/bugbounty-site/calexe
https://0x00sec.org/t/knowledge-is-free/6270
https://github.com/allyomalley/LiveTargetsFinder/
https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/
https://github.com/ZeddYu/HTTP-Smuggling-Lab
https://github.com/secrary/Andromeda
https://github.com/random-robbie/bruteforce-lists
https://github.com/ameenmaali/wordlistgen
*************************SSRF BLOGS AND WRITEUPS
https://medium.com/swlh/intro-to-ssrf-beb35857771f
https://medium.com/@vickieli/exploiting-ssrfs-b3a29dd7437
https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b
****************************Javascript recon ************************************************
https://jlajara.gitlab.io/posts/2018/10/18/js-recon.html
https://medium.com/bugbountywriteup/bug-bounty-tips-tricks-js-javascript-files-bdde412ea49d
https://medium.com/@arbazhussain/xss-using-dynamically-generated-js-file-a7a10d05ff08
https://www.scip.ch/en/?labs.20160414
BUG BOUNTY REFERENCES******************
https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/
https://github.com/ngalongc/bug-bounty-reference
https://github.com/S3cur3Th1sSh1t/Pentest-Tools#Windows-Privilege-Escalation-/-Audit
https://github.com/gwen001/pentest-tools
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
ANDROID APK TESTING BLOGS
https://medium.com/@fs0c131y/how-i-found-the-database-of-the-donald-daters-app-af88b06e39ad
https://medium.com/@danangtriatmaja/firebase-database-takover-b7929bbb62e1
https://medium.com/@thomas_shone/reverse-engineering-apis-from-android-apps-part-1-ea3d07b2a6c
https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html
SHODAN QUERIES AND FILTERS*********
https://github.com/jakejarvis/awesome-shodan-queries
https://medium.com/@GAYA3_R/some-useful-shodan-queries-5f31be3c486e
https://danielmiessler.com/study/shodan/
https://github.com/JavierOlmedo/shodan-filters
DLL HIJACKING**************************************
https://medium.com/@AndrewRollins/discord-dll-hijack-cb77a6a288cf
https://secbytes.net/Arkham-Hack-The-Box-Writeup/
https://medium.com/bug-bounty-hunting/dll-injection-attacks-in-a-nutshell-71bc84ac59bd
https://medium.com/@threathuntingteam/notepad-and-unsigned-dlls-a5cdcfb86749
https://medium.com/@digital.entropy/dll-hijacking-when-computers-are-helpless-c02905df8f00
https://www.howtogeek.com/school/sysinternals-pro/lesson4/
https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1493862085.pdf
https://hackerone.com/reports/630903
https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a
https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992
https://hacknpentest.com/windows-privilege-escalation-dll-hijacking/
https://unit42.paloaltonetworks.com/plugx-uses-legitimate-samsung-application-for-dll-side-loading/
https://www.youtube.com/watch?v=5t5CX6hPhfU https://www.youtube.com/watch?v=GEfeF4crBiA&t=5s https://www.youtube.com/watch?v=3SBFyK9Asyg https://www.youtube.com/watch?v=duIJ4bA6JmE&list=PLhIdnSS1rFVmdaeSzRIWxnRoho2oIHW5M&index=3
http://websecurity247.blogspot.com/2016/07/dll-hijacking-attacks.html
https://pentestlab.blog/2017/03/27/dll-hijacking/
************************************REMOTE CODE EXECUTION ********************************************************
https://medium.com/@ashishrohra/remote-code-execution-explaination-writeups-and-tools-a8e4c3362259
https://medium.com/bugbountywriteup/rocet-remote-code-execution-tool-11efa54654d5
https://medium.com/@1ZRR4H/top-21-remote-code-execution-exploits-rce-inthewild-102bba9be362
https://prakharprasad.com/blog/shopify-remote-code-execution/
https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
https://itnext.io/how-i-exploited-a-remote-code-execution-vulnerability-in-fast-redact-9e69fa35572f
https://medium.com/@vishnu0002/remote-code-execution-recon-wins-e9c1db79f3da
https://capacitorset.github.io/mathjs/
https://medium.com/@karambasec/the-karamba-product-security-blog-remote-code-execution-59e12a8cef0a
https://medium.com/tenable-techblog/rooting-nagios-via-outdated-libraries-bb79427172
https://medium.com/@happyholic1203/phpmyadmin-4-8-0-4-8-1-remote-code-execution-257bcc146f8e
https://medium.com/@Zemnmez/%C3%BCbersicht-remote-code-execution-spotify-takeover-a5f6fd6809d0
https://medium.com/@valeriyshevchenko/two-easy-rce-in-atlassian-products-e8480eacdc7f
https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
https://rezo.blog/hacking/2019/11/29/rce-via-imagetragick.html
https://medium.com/magebit/magento-web-exploit-case-studies-bac57add8c0e
https://shells.systems/category/static-code-analysis/
OAUTH WRITEUPS AND LINKS ************************************************************************************************************************************************
https://ahussam.me/how-i-hacked-oculus-oauth-ebay-ibm/
https://blog.rakeshmane.com/2016/09/bug-bounty-account-takeover.html
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
https://medium.com/@arbazhussain/stealing-0auth-token-mitm-3eeab46e96cf
https://blog.intothesymmetry.com/2018/02/bug-bounty-left-over-and-rant-part-iii.html
https://www.safetydetectives.com/blog/microsoft-outlook/
https://shkspr.mobi/blog/2018/12/twitter-bug-bounty/
https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
https://medium.com/@nahoragg/chaining-tricky-oauth-exploitation-to-stored-xss-b67eaea4aabd
https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/
https://medium.com/@androgaming1912/story-about-facebook-oauth-account-takeover-6537ff32281b
https://medium.com/@madguyyy/bookmyshow-account-takeover-using-social-login-84178f116e42
https://medium.com/oad-earth/bug-or-feature-github-adventure-001-eae9bea48ae8
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
******RESET PASSWORD FLAW *************************************************************************************************************************************************************************
https://ninadmathpati.com/how-i-was-able-to-earn-1000-with-just-10-minutes-of-bug-bounty/
https://thezerohack.com/hack-instagram-again
https://medium.com/@0xankush/readme-com-account-takeover-bugbounty-fulldisclosure-a36ddbe915be
https://medium.com/@bilalmerokhel/pwn-them-all-bugbounty-4ee60e13c83
https://medium.com/@vbharad/account-takeover-through-password-reset-poisoning-72989a8bb8ea
https://medium.com/@shahjerry33/password-reset-token-leak-via-referrer-2e622500c2c1