| 1 |
2FA Bypass Techniques |
| 2 |
Regular Expression Denial Of Service |
| 3 |
SAML Vulnerabilities |
| 4 |
Unauthenticated & Exploitable JIRA Vulnerabilities |
| 5 |
Client-Side Template Injection(CSTI) |
| 6 |
Cross-Site Leaks (XS-Leaks) |
| 7 |
Cross-Site Script Includes (XSSI) |
| 8 |
JSON Padding Attacks |
| 9 |
JSON Attacks |
| 10 |
Abusing Hop-by-Hop Headers |
| 11 |
Cache Poisoned Denial of Service (CPDos) |
| 12 |
Unicode Normalization |
| 13 |
WebSocket Vulns (Part-1) |
| 14 |
WebSocket Vulns (Part-2) |
| 15 |
WebSocket Vulns (Part-3) |
| 16 |
Web Cache Deception Attack |
| 17 |
Session Puzzling Attack |
| 18 |
Mass Assignment Attack |
| 19 |
HTTP Parameter Pollution |
| 20 |
GraphQL Series (Part-1) |
| 21 |
GraphQL Vulnerabilities (Part-2) |
| 22 |
GraphQL WrapUp (Part-3) |
| 23 |
Password Reset Token Issues |
| 24 |
My previous works |
| 25 |
Salesforce Security Misconfiguration (Part-1) |
| 26 |
Salesforce Security Misconfiguration (Part-2)) |
| 27 |
Salesforce Configuration Review (Wrap) |
| 28 |
Common Business Logic Issues: Part-1 |
| 29 |
Common Business Logic Issues (Part-2) |
| 30 |
Common Business Logic Issues (Wrap) |
| 31 |
Captcha Bypass Techniques |
| 32 |
Pentesting Kibana Service |
| 33 |
Pentesting Docker Registry |
| 34 |
HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1) |
| 35 |
HTML Scriptless Attacks / Dangling Markup Attacks (Wrap) |
| 36 |
Pentesting Rsync Service |
| 37 |
CRLF Injection |
| 38 |
Pentesting FTP Service |
| 39 |
OpenID Connect Implementation Issues |
| 40 |
Cookie Based Authentication Vulnerabilities |
| 41 |
Cobalt Vulnerability Wiki - Resource |
| 42 |
Race Conditions |
| 43 |
SMTP Open Relay Attack |
| 44 |
Pentesting BACNet |
| 45 |
API Security Tips |
| 46 |
Pentesting SSH - Talk |
| 47 |
CORS Misconfiguration |
| 48 |
Incomplete Trailing Escape Pattern Issue |
| 49 |
Pivoting & Exploitation in Docker Environments - Talk |
| 50 |
Detect Complex Code Patterns using Semantic grep - Talk |
| 51 |
Student Roadmap to Become a Pentester - Talk |
| 52 |
Hacking How-To Series - Playlist |
| 53 |
JS Prototype Pollution |
| 54 |
JSON Deserialization Attacks |
| 55 |
Android App Dynamic Analysis using House |
| 56 |
Testing IIS Servers |
| 57 |
Secure Code Review - Talk |
| 58 |
JSON Interoperability Vulnerabilities - Research Blog |
| 59 |
HTTP Desync Attacks - Talk |
| 60 |
XSLT Injection |
| 61 |
Bypassing AWS Policies - Talk |
| 62 |
Source Code Review Guidelines - Resource |
| 63 |
All of the Threats: Intelligence, Modelling and Hunting - Talk |
| 64 |
Hidden Property Abuse (HPA) attack in Node.js - Talk |
| 65 |
HTTP Request Smuggling in 2020 - Talk |
| 66 |
Dependecy Confusion Attack - Blog |
| 67 |
Format String Vulnerabilities - Webinar |
| 68 |
Mobile Application Dynamic Analysis - Webinar |
| 69 |
Insecure Deserialization - Talk |
| 70 |
Web Cache Entanglement - Talk + Blog |
| 71 |
OWASP AMASS - Bootcamp |
| 72 |
Offensive Javascript Techniques for Red Teamers |
| 73 |
Basic CMD for Pentesters - Cheatsheet |
| 74 |
Investigating and Defending Office 365 - Talk |
| 75 |
WinjaCTF 2021 Solutions - Blog |
| 76 |
Kubernetes Security: Attacking and Defending K8s Clusters - Talk |
| 77 |
AWS Cloud Security - Resources |
| 78 |
WAF Evasion Techniques - Blog |
| 79 |
File Inclusion - All-in-One |
| 80 |
DockerENT Insights - Tool Demo Talk |
| 81 |
ImageMagick - Shell injection via PDF password : Research Blog |
| 82 |
Offensive GraphQL API Pentesting - Talk |
| 83 |
Bug Bounties with Bash - Talk |
| 84 |
Chrome Extensions Code Review - Talk |
| 85 |
Server-Side Template Injection - Talk |
| 86 |
Exploiting GraphQL - Blog |
| 87 |
Exploiting Email Systems - Talk |
| 88 |
Hacking with DevTools - Tutorial |
| 89 |
Common Android Application Vulnerabilities - Talk |
| 90 |
SAML XML Injection - Research Blog |
| 91 |
Finding Access Control & Authorization Issues with Burp - Blogs |
| 92 |
OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk |
| 93 |
JWT Attacks - Talk |
| 94-102 |
Random Readings |
| 103 |
Attacking Ruby on Rails Applications - Whitepaper |
| 104 |
Pentesting a Chrome Extension: Real Life Case Study - Blog |
| 105 |
XXE Simplified - Blog |
| 106 |
Web Hacking Pro Tips #9 with @zseano - Talk |
| 107 |
JS Prototype Pollution - Blog |
| 108 |
XSS via GraphQL Endpoint - Blog |
| 109 |
WS-2016-7107: CSRF tokens in Spring and the BREACH attack - Blog |
| 110 |
AWS SSRF Metadata Leakage - Blog |
| 111 |
Burp Suite Extension Development - Blog |
| 112-115 |
Random Readings |
| 116 |
Hacking OAuth Apps Pt-1 - Tutorial |
| 117 |
Portable Data exFiltration: XSS for PDFs - Blog |
| 118 |
PoC code and a case study on Task Hijacking in Android explaining how and why it works. (aka StrandHogg) - Blog |
| 119 |
OAuth - Flawed CSRF Protection - Tutorial |
| 120 |
Hacking Electron Apps with Electronegativity - Talk |
| 121 |
Awesome ElectronJS Hacking Resources |
| 122 |
Pentesting Blockchain Solutions - Tutorial |
| 123-124 |
Random Readings |
| 125 |
Oversized XML Attack - Wiki |
| 126 |
XML Complexity Attack in Soap Header - Wiki |
| 127 |
Web Service Attacks [Remaining] - Wiki |
| 128 |
Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability - Blog |
| 129 |
Automating Recon with Axiom - Talk |
| 130 |
Testing Extensions in Chromium Browsers - Blog |
| 131 |
iOS Pentesting Series Pt. - 1 - Tutorial |
| 132 |
DNS Based Out of Band Blind SQL injection in Oracle — Dumping data - Blog |
| 133 |
GitDorker Talk - Talk |
| 134 |
Mobisec 2020 Slides - Slides & Videos |
| 135 |
Web App Pentesting in Angular Context - Blog |
| 136 |
RCE in Homebrew - Blog |
| 137 |
WordPress Plugin Security Testing Cheat Sheet - Wiki |
| 138 |
JavaScript prototype pollution: practice of finding and exploitation - Blog |
| 139 |
HowTo: intercept mutually-authenticated TLS communications of a Java thick client - Blog |
| 140 |
UBERNETES NAMESPACES ISOLATION - WHAT IT IS, WHAT IT ISN'T, LIFE, UNIVERSE AND EVERYTHING - Blog |
| 141 |
Frag Attacks - Wiki |
| 142 |
Free Automated Recon Using GH Actions - Talk |
| 143 |
DAY[0] Episode 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling - Talk |
| 144 |
Bug hunter adventures - Talk |
| 145 |
Static Analysis of Client-Side JS Code - Blog |
| 146 |
Method Confusion In Go SSTIs Lead To File Read And RCE - Blog |
| 147 |
Finding and Exploiting Unintended Functionality in Main Web App APIs - Blog |
| 148 |
SecuriTEA & Crumpets - Episode 6 - Gareth Heyes - Hackvertor - Talk |
| 149 |
GraphQL CSRF - Blog |
| 150 |
Deep dive into ART(Android Runtime) for dynamic binary analysis - Talk |
| 151 |
13 Nagios Vulnerabilities - Blog |
| 152 |
Frida Scripting Guide - Blog |
| 153 |
Android Exported Activities and how to exploit them - Talk |
| 154 |
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling - Blog |
| 155 |
Turning Blind RCE into Good RCE via DNS Exfiltration using Collabfiltrator - Blog |
| 156 |
XSS in AWS Console - Blog |
| 157 |
Adventures into HTTP2 and HTTP3 - Blog |
| 158 |
AppCache's forgotten tales - Blog |
| 159 |
CVE-2021-33564 Argument Injection in Ruby Dragonfly - Blog |
| 160 |
DevSecOps 100 - Introductory Couse [Free] - Course |
| 161 |
Unexpected Execution: Wild Ways Code Execution can Occur in Python - Talk |
| 162 |
Retrieving AWS security credentials from the AWS console - Blog |
| 163 |
Object Injection to SQL Injection & NoSql Injection Cheatsheet - Blog |
| 164 |
HTTP Parameter Pollution - Blog |
| 165 |
XXE Workshop - Labs |
| 166 |
How to Analyze Code for Vulnerabilities - Talk |
| 167 |
Testing 2FA - Blog |
| 168 |
Your E-Mail Validation Logic is Wrong - Blog |
| 169 |
Active Scanning Techniques - Blog |
| 170 |
Bypassing 2FA using OpenId Misconfiguration - Blog |
| 171 |
Security Shorts - Talk |
| 172 |
The JavaScript Bridge in Modern Desktop Applications - Blog |
| 173 |
Advanced Web Application Penetration Testing JWT Security Issues - Blog |
| 174 |
Quick Analysis for the SSID Format String Bug - Blog |
| 175 |
Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public) - Talk |
| 176 |
iOS App Testing Through Burp on Corellium - blog |
| 177 |
Blind XSS: setup your self-hosted XSS Hunter with the PwnMachine - Blog |
| 178 |
Attacking GraphQL's Autocorrect - Blog |
| 179 |
Apex Security Whitepaper - Paper + Labs |
| 180 |
Django SSTI - Blog |
| 181 |
Pen-Testing Salesforce SAAS Application - Blog |
| 182 |
How to solve an XSS challenge from Intigriti in under 60 minutes - Blog |
| 183 |
How to get the max out of an IDOR? - Blog |
| 184 |
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Blog |
| 185 |
Some ways to find more IDOR - Blog |
| 186 |
A supply-chain breach: Taking over an Atlassian account - Blog |
| 187 |
alert() is dead, long live print() - Blog |
| 188 |
Hacker Heroes #3 - @TomNomNom (Interview) - Talk |
| 189 |
SSRF in ColdFusion/CFML Tags and Functions - Blog |
| 190 |
$25,000 Facebook postMessage account takeover vulnerability - Video |
| 191 |
Pentester Diaries Ep6: The Importance of Report Writing - Talk |
| 192 |
Introduction to Web Cache Poisoning - Blog |
| 193 |
Intercepting Flutter iOS Application - Blog |
| 194 |
Credential stuffing in Bug bounty hunting - Blog |
| 195 |
What is a Browser Security Sandbox?! (Learn to Hack Firefox) - Video |
| 196 |
WILSON Cloud Respwnder - Blog |
| 197 |
$20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204 - Video |
| 198 |
Padding Oracle Attacks - Video |
| 199 |
Demystifying the state of kubernetes cluster security - Video |
| 200 |
Two One-liners for Quick ColdFusion Static Analysis Security Testing - Blog |
| 201 |
So many different techniques to learn here! [CTF walkthrough] - Video |
| 202 |
UDP Technology IP Camera vulnerabilities - Blog |
| 203 |
Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0 - Blog |
| 204 |
Reflected XSS Through Insecure Dynamic Loading - Blog |
| 205 |
Stored XSS via Mermaid Prototype Pollution vulnerability - Blog |
| 206 |
Getting Partial AWS Account IDs for any Cloudfront Website - Blog |
| 207 |
Remote code execution in cdnjs of Cloudflare - Blog |
| 208 |
Docker Security Series - Series |
| 209 |
REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review - Talk |
| 210 |
How to Build a Phishing Engagement – Coding TTP’s - Webcast |
| 211 |
Deep Link Exploitation: Introduction & Open/unvalidated Redirection - Blog |
| 212 |
Exploiting Android WebView Vulnerabilities - Blog |
| 213 |
WooCommerce Unauthenticated SQL Injection Vulnerability - Blog |
| 214 |
Traversing My Way in the Internal Network - Talk |
| 215 |
How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools - Blog |
| 216 |
Pre-Auth RCE in ManageEngine OPManager - Blog |
| 217 |
Guest Blog Post - Attacking the DevTools - Blog |
| 218 |
Kubernetes Hardening Guide - Blog |
| 219 |
Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation - Blog |
| 220 |
Do Not use alert(1) in XSS - Blog |
| 221 |
A Look Into zseano's Thoughts When Testing a Target - Video |
| 222 |
Zimbra 8.8.15 - Webmail Compromise via Email - Blog |
| 223 |
Security XML Implementation across the Web - Blog |
| 224 |
Potential remote code execution in PyPi - Blog |
| 225 |
XXE Case Studies - Blog |
| 226 |
HackerTools - NoSQLMap - Blog |
| 227 |
Learn with @sec_r0: Attacks and Defenses to Docker & Kubernetes - Talk |
| 228 |
Source Zero Con Talks - Talks |
| 229 |
DevOps for Hackers with Hands-On Labs w/ Ralph May - Talks |
| 230 |
Advanced Recon Guide - Blog |
| 231 |
Just Gopher It: Escalating a Blind SSRF to RCE for $15k - Blog |
| 232 |
Stealing Bitcoin with Cross-Site Request Forgery (Ride the Lightning + Umbrel) - Blog |
| 233 |
Modify in-flight data to payment provider Smart2Pay - Blog |
| 234 |
Hacker Heroes #9 - RobinZekerNiet (Interview) - Talk |
| 235 |
Learn with @HolyBugx: Demystifying Cookies and Tokens - Talk |
| 236 |
Hacker Tools: ReNgine – Automatic recon - Blog |
| 237 |
FROM PWN2OWN 2021: A NEW ATTACK SURFACE ON MICROSOFT EXCHANGE - Blog |
| 238 |
How to Hack Apple ID - Blog |
| 239 |
Insecure Features in PDFs - Blog |
| 240 |
Burp Upload Scanner - Blog |
| 241 |
Adobe Reader - PDF callback via XSLT stylesheet in XFA - Blog |
| 242 |
A Curious Exploration of Malicious PDF Documents - Blog |
| 243 |
Common mistakes when using permissions in Android - Blog |
| 244 |
iOS Pentesting 101 - Blog |
| 245 |
API Tokens: A Tedious Survey - Blog |
| 246 |
Cross-Site Request Forgery (CSRF) Complete Guide - Video |
| 247 |
HTTP Desync Attack Explained With Paper - Video |
| 248 |
AWS ReadOnlyAccess: Not Even Once - Blog |
| 249 |
Understanding Salesforce Flows and Common Security Risks - Blog |
| 250 |
Python context free payloads in Mako templates - Blog |