SecurityExplained
SecurityExplained copied to clipboard
harsh-bothra
SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the...
Security Explained
SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under #SecurityExplained series:
- Tweets explaining interesting security stuff
- Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks
- Security Discussion Spaces/Meets
- Monthly Mindmap/Mindmap based explainers for different attacks/techniques
- My Pentesting Methodology Breakdown
- Giveaways and Community Engagement
- GitHub Repository to Maintain "SecurityExplained"
- Public & Free to Access
- Newsletter
Follow me on Twitter for Regular Updates: Harsh Bothra.
Note: Please note that this series will run on irregular scehdules and it is not necessary to produce & share content on a regular or daily basis.
Content by Harsh
| S.No. | Topic |
|---|---|
| 1 | My Penetration Testing Methodology [Web] |
| 2 | FeroxBuster Explained |
| 3 | Creating Custom Wordlist for Content Discovery |
| 4 | Escalating HTML Injection to Cloud Metadata SSRF |
| 5 | Bypassing Privileges & Other Restrictions with Mass Assignment Attacks |
| 6 | Bypassing Biometrics in iOS with Objection |
| 7 | My Methodology to Test Premium Features |
| 8 | Bypassing Filters(and more) with Visual Spoofing |
| 9 | Path Traversal via File Upload |
| 10 | Attacking Zip Upload Functionality with ZipSlip Attack |
| 11 | RustScan - The Modern Port Scanner |
| 12 | Vulnerable Code Snippet - 1 |
| 13 | Vulnerable Code Snippet - 2 |
| 14 | Exploiting XXE in JSON Endpoints |
| 15 | Vulnerable Code Snippet - 3 |
| 16 | Vulnerable Code Snippet - 4 |
| 17 | Vulnerable Code Snippet - 5 |
| 18 | Vulnerable Code Snippet - 6 |
| 19 | Vulnerable Code Snippet - 7 |
| 20 | Vulnerable Code Snippet - 8 |
| 21 | Vulnerable Code Snippet - 9 |
| 22 | Vulnerable Code Snippet - 10 |
| 23 | Vulnerable Code Snippet - 11 |
| 24 | Vulnerable Code Snippet - 12 |
| 25 | Vulnerable Code Snippet - 13 |
| 26 | Vulnerable Code Snippet - 14 |
| 27 | Vulnerable Code Snippet - 15 |
| 28 | Vulnerable Code Snippet - 16 |
| 29 | Vulnerable Code Snippet - 17 |
| 30 | Vulnerable Code Snippet - 18 |
| 31 | Vulnerable Code Snippet - 19 |
| 32 | Account Takeover Methodology |
| 33 | Vulnerable Code Snippet - 20 |
| 34 | Vulnerable Code Snippet - 21 |
| 35 | Vulnerable Code Snippet - 22 |
| 36 | Vulnerable Code Snippet - 23 |
| 37 | Vulnerable Code Snippet - 24 |
| 38 | Vulnerable Code Snippet - 25 |
| 39 | Vulnerable Code Snippet - 26 |
| 40 | Vulnerable Code Snippet - 27 |
| 41 | Vulnerable Code Snippet - 28 |
| 42 | Vulnerable Code Snippet - 29 |
| 43 | Vulnerable Code Snippet - 30 |
| 44 | Vulnerable Code Snippet - 31 |
| 45 | Vulnerable Code Snippet - 32 |
| 46 | Vulnerable Code Snippet - 33 |
| 47 | Vulnerable Code Snippet - 34 |
| 48 | Vulnerable Code Snippet - 35 |
| 49 | Vulnerable Code Snippet - 36 |
| 50 | Vulnerable Code Snippet - 37 |
| 51 | Vulnerable Code Snippet - 38 |
| 52 | Vulnerable Code Snippet - 39 |
| 53 | Vulnerable Code Snippet - 40 |
| 54 | Vulnerable Code Snippet - 41 |
| 55 | Vulnerable Code Snippet - 42 |
| 56 | Vulnerable Code Snippet - 43 |
| 57 | Vulnerable Code Snippet - 44 |
| 58 | Vulnerable Code Snippet - 45 |
| 59 | Ruby ERB SSTI |
| 60 | Introduction to CWE |
| 61 | CWE-787: Out-of-bounds Write |
| 62 | Vulnerable Code Snippet - 46 |
| 63 | CWE-20: Improper Input Validation |
| 64 | Vulnerabilities in Cookie Based Authentication |
| 65 | How do I get Started in Cyber Security? — My Perspective & Learning Path! |
| 66 | Scope Based Recon Methodology: Exploring Tactics for Smart Recon |
| 67 | MFA Bypass Techniques |
| 68 | Vulnerable Code Snippet - 47 |
| 69 | Vulnerable Code Snippet - 48 |
| 70 | Vulnerable Code Snippet - 49 |
| 71 | Vulnerable Code Snippet - 50 |
| 72 | Vulnerable Code Snippet - 51 |
| 73 | Vulnerable Code Snippet - 52 |
| 74 | Vulnerable Code Snippet - 53 |
| 75 | Vulnerable Code Snippet - 54 |
| 76 | Vulnerable Code Snippet - 55 |
| 77 | Vulnerable Code Snippet - 56 |
| 78 | Vulnerable Code Snippet - 57 |
| 79 | Vulnerable Code Snippet - 58 |
| 80 | Vulnerable Code Snippet - 59 |
| 81 | Vulnerable Code Snippet - 60 |
| 82 | Vulnerable Code Snippet - 61 |
| 83 | Vulnerable Code Snippet - 62 |
| 84 | Vulnerable Code Snippet - 63 |
| 85 | Vulnerable Code Snippet - 64 |
| 86 | Vulnerable Code Snippet - 65 |
| 87 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| 88 | CWE-732: Incorrect Permission Assignment for Critical Resource |
| 89 | CWE-522: Insufficiently Protected Credentials |
| 90 | CWE-918: Server-Side Request Forgery (SSRF) |
| 91 | CWE-611: Improper Restriction of XML External Entity Reference |
| 92 | CWE-476: NULL Pointer Dereference |
| 93 | CWE-276: Incorrect Default Permissions |
| 94 | CWE-862: Missing Authorization |
| 95 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
| 96 | CWE-798: Use of Hard-coded Credentials |
| 97 | CWE-287: Improper Authentication |
SecurityExplained NewsLetter
| S.No. | Topic |
|---|---|
| 1 | Issue-1 |
| 2 | Issue-2 |
| 3 | Issue-3 |
| 4 | Issue-4 |
| 5 | Issue-5 |
| 6 | Issue-6 |
| 7 | Issue-7 |
| 8 | Issue-8 |
| 9 | Issue-9 |
| 10 | Issue-10 |
| 11 | Issue-11 |
| 12 | Issue-12 |
| 13 | Issue-13 |
| 14 | Issue-14 |
AskMeAnything
| S.No. | Topic |
|---|---|
| 1 | AMA-1: AMA with Harsh Bothra |
| 2 | AMA-2: AMA with Six2dez |
| 3 | AMA-3: AMA with Brumens |
Threads
MindMaps
| S.No. | Topic |
|---|---|
| 1 | Account Takeover Techniques |
| 2 | CWE TOP 10 (2021) |
Metadata
517
Stars
97
Forks
Watchers
Owner
harsh-bothra
Metadata
SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the...