InfosecBookmarks

Organizando os bookmarks que acumulei no Chrome

• Bug Bounty
  • Methodology
  • WebHacking
  • Recon
  • Tools
  • Awesome Lists
• Bugs
  • Finding Subdomain Takeover
  • Finding Race Conditions
  • Finding Open Redirections
  • Finding XXE
  • Finding RCE
  • Finding SSRF
  • Finding XSS
  • Finding CSRF
  • Finding SQLi
  • Finding IDOR
• Mobile
  • Tools
  • CheatSheet
  • Mobile Writeups
• API Test
• Labs
• WriteUps
  • Subdomain Takeover Writeups
  • HTTP Request Smuggling Writeups
  • XSS Writeups
  • CSRF Writeups
  • SSRF Writeups
  • CRLF Writeups
  • XXE Writeups
  • SSTI Writeups
  • IDOR Writeups
  • RCE Writeups
  • LFI Writeups
  • Open Redirection Writeups
  • Misconfiguration Writeups
  • CTF Writeups
  • OTHERS Writeups
• Pentesting
• Forensics
• Reverse Engineering
• Certifications

Bug Bounty

• [ ] OWASP Web Security Testing Guide
• [ ] Bug Bounty Methodology
• [ ] Bug Hunting Methodology (part-1)Updated on 4-Jan-2020
• [ ] Bug Hunting Methodology(Part-2)
• [ ] GETTING STARTED – BUG BOUNTY HUNTER METHODOLOGY
• [ ] THE IMPORTANCE OF NOTES & SESSION TRACKING – BUG BOUNTY HUNTER METHODOLOGY
• [ ] Bug Bounty Methodology (Methodology, Toolkit, Tips & Tricks, Blogs) V 1.0 | By Sanyam Chawla
• [ ] Bug Bounty Methodology (TTP- Tactics,Techniques and Procedures) V 2.0 | By Sanyam Chawla
• [ ] Resources-for-Beginner-Bug-Bounty-Hunters
• [ ] The Bug Hunters Methodology
• [ ] Bug Bounty Hunter Methodology v3
• [ ] It's the Little Things II
• [ ] Web Application Security & Bug Bounty (Methodology, Reconnaissance, Vulnerabilities, Reporting)
• [ ] Guide 001 |Getting Started in Bug Bounty Hunting..
• [ ] Researcher Resources - How to become a Bug Bounty Hunter
• [ ] Bug Bounty Guide
• [ ] Bug Bounty Checklist for Web App
• [ ] Two easy ways to get a list of scopes from a hackerone
• [ ] ProTips: Bug Bounty Hunting with Random Robbie
• [ ] Book of Bug Bounty Tips
• [ ] Bug Bounty catches part -1
• [ ] Bug Bounty Hunting Tips #3 — Kicking S3 Buckets
• [ ] Bug Bounty Hunting Tips #1— Always Read the Source Code
• [ ] Guia de Referência para Pentesters por Renato Andalik
• [ ] Bug Bounty Cheat Sheet
• [ ] Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension
• [ ] Get out of the limited OWASP TOP-10/SANS TOP-25/Bug Bounty mindset
• [ ] The Bug Bounty Bucket List
• [ ] The best write-ups 2018 brought us
• [ ] Run other application on Burp suite
• [ ] BugBounty - RepoToStoreBugBountyInfo
• [ ] Bug Hunting Guide
• [ ] Bug Bounty Reference
• [ ] A beginners guide to bug bounties
• [ ] So You Want To Become a Bug Bounty Hunter?
• [ ] HOW TO BECOME A SUCCESSFUL BUG BOUNTY HUNTER
• [ ] BUGCROWD - Researcher Resources - Tutorials
• [ ] BUGCROWD - Researcher Resources - Tools
• [ ] BUGCROWD - Researcher Resources: Thick Client Focused
• [ ] BUGCROWD - Researcher Resources - Bounty Bug Write-ups
• [ ] BUGCROWD - Researcher Resources: Mobile Focused
• [ ] BUGCROWD - OWASP Bug Bounties: Getting Started & Discussion
• [ ] BUGCROWD - Common Assessment Tool Cheatsheets
• [ ] 5 Tips Bug Bounty Programs Want You to Know About
• [ ] Guide to Bug Bounty Hunting
• [ ] Bug Bounty - Beginner's guide

Methodology

• [ ] Bug Bounty Methodology (TTP- Tactics, Techniques, and Procedures) V 2.0

WebHacking

• [ ] Top 10 web hacking techniques of 2019
• [ ] Exposed Log and Configuration Files]
• [ ] CORS Misconfigurations Explained
• [ ] Exploiting CORS misconfigurations for Bitcoins and bounties
• [ ] A guide to HTTP security headers for better web browser security
• [ ] Web Application Penetration Testing
• [ ] Web Security: an introduction to HTTP
• [ ] OWASP TOP 10: Broken Authentication
• [ ] AUTHENTICATION BYPASS
• [ ] Content Security Policy (CSP) Bypasses
• [ ] DanielMiessler -
• [ ] Legion - open source network penetration testing tool
• [ ] HTTP headers
• [ ] HTTP/Headers/Referer
• [ ] The Web Application Hacker's Handbook
• [ ] Penetration Testing Methodology
• [ ] OWASP Top Ten
• [ ] OWASP Cheat Sheet Series
• [ ] OWASP Testing Guide v4 Table of Contents
• [ ] Cross-Origin Resource Sharing (CORS)
• [ ] Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension
• [ ] Piercing the Veal: Short Stories to Read with Friends
• [ ] API Hacking GraphQL
• [ ] GraphQL Batching Attack
• [ ] Making HTTP Requests
• [ ] DVWA - Main Login Page - Brute Force HTTP POST Form With CSRF Tokens

RECON

• [ ] Recon resources
• [ ] Subdomain Enumeration: 2019 Workflow
• [ ] [Tools] Visual Recon – A beginners guide
• [ ] AQUATONE: A tool for domain flyovers
• [ ] AQUATONE: Now in Go
• [ ] DISCOVERING SUBDOMAINS
• [ ] https://appsecco.com/books/subdomain-enumeration/
• [ ] HOW TO: RECON AND CONTENT DISCOVERY
• [ ] HTTPRecon (Server Fingerprint)
• [ ] GitHub Gist Recon
• [ ] GitHub tools collection
• [ ] A More Advanced Recon Automation #1 (Subdomains)
• [ ] Expanding your scope (Recon automation #2)
• [ ] Advanced Recon Automation (Subdomains) case 1
• [ ] Masscan Examples: From Installation to Everyday Use
• [ ] Open Source Intelligence Gathering 101
• [ ] Commonspeak: Content discovery wordlists built with BigQuery
• [ ] Commonspeak 2: Generating evolutionary wordlists
• [ ] Recon-ng Tutorial – Part 1 Install and Setup
• [ ] Recon-ng Tutorial – Part 2 Workspaces and Import
• [ ] Recon-ng Tutorial – Part 3 Usage and Reporting
• [ ] Wfuzz: The Web fuzzer
• [ ] WFUZZ BRUTEFORCING WEB APPLICATIONS
• [ ] 10 nmap Commands Every Sysadmin Should Know
• [ ] 5 Nmap Timing Templates – You should know
• [ ] Gobuster Cheatsheet
• [ ] Comprehensive Guide on Gobuster Tool
• [ ] Comprehensive Guide on Dirb Tool
• [ ] amass — Automated Attack Surface Mapping
• [ ] Auto Web Application Penetration Testing: Intelligence Gathering
• [ ] Subdomain enumeration
• [ ] How to Find Directories in Websites Using DirBuster
• [ ] Web Reconnaissance Framework: Recon-ng
• [ ] Subdomain Discovery - Bugcrwod Blog
• [ ] WAFW00F - The Web Application Firewall Fingerprinting Tool
• [ ] ASN Lookup Tools, Strategies and Techniques
• [ ] A penetration tester’s guide to subdomain enumeration
• [ ] rebootuser - Tag Archives: enumeration
• [ ] Subdomains Enumeration Cheat Sheet
• [ ] Asset Discovery: Doing Reconnaissance the Hard Way
• [ ] A Shodan Tutorial and Primer
• [ ] Compilation of recon workflows
• [ ] The Art of Subdomain Enumeration
• [ ] Automating your reconnaissance workflow with 'meg'
• [X] Find S3 bucket takeover , S3 Misconfiguration using pipelining(s3reverse/meg/gf/s3scanner)
• [ ] Recon with waybackmachine. For BugBounty!
• [ ] Hacking Articles - Web Penetration Testing
• [ ] Github Dorks
• [ ] Just another Recon Guide for Pentesters and Bug Bounty Hunters

Tools

My Box

• [ ] ASSETFINDER
• [ ] Aquatone
• [ ] Amass
• [ ] ASN Lookup
• [ ] FFUF
• [ ] Sublert
• [ ] Findomain
• [ ] Subfinder
• [ ] MassDNS
• [ ] AltDNS
• [ ] Masscan
• [ ] AltDNS
• [ ] NMap
• [ ] WhatWeb
• [ ] HTTPROBE
• [ ] Corsy
• [ ] CORScanner
• [ ] WAFW00F
• [ ] SubJack
• [ ] SubOVer
• [ ] DirSearch in Python
• [ ] DirSearch in GO
• [ ] GoBuster
• [ ] nmap-bootstrap-xsl
• [ ] GF
• [ ] Gf-Patterns
• [ ] waybackurls
• [ ] waybackrobots.py
• [ ] waybackurls.py
• [ ] getallurls (gau)
• [ ] cloud_enum
• [ ] DalFox(Finder Of XSS)
• [ ] Enumy
• [ ] GitDorker
• [ ] Github-Search
• [ ] FuzzDB
• [ ] Galer
• [ ] UrlHunter Others
• [ ] AutoRecon
• [ ] Sn1per
• [ ] Lazy Recon
• [ ] Rock-ON (A One-Shoot Killer)
• [ ] Final Recon
• [ ] TotalRecon
• [ ] recon.sh
• [ ] Recon My Way
• [ ] OneForAll
• [ ] 0x0p1n3r
• [ ] R3C0Nizer

• [ ] Knock
• [ ] Sudomy
• [ ] Sublist3r
• [ ] VHostScan
• [ ] WFuzz
• [ ] MEG
• [ ] GitRob
• [ ] GitGot
• [ ] GitLeaks
• [ ] Git Grabber
• [ ] ReconNG
• [ ] truffleHog
• [ ] Jaeles
• [ ] Notable
• [ ] Commonspeak2
• [ ] Commonspeak2-Wordlists
• [ ] WordList-Compendium
• [ ] Common Web Managers Fuzz Wordlists
• [ ] OpenRedireX
• [ ] ApkUrlGrep

WordLists & Payloads

• [ ] SecLists
• [ ] webHunt
• [ ] PayloadsAllTheThings

Awesome Lists

• Awesome Bug Bounty
• awesome-google-vrp-writeups
• AllAboutBugBounty

Bugs

Finding Subdomain Takeover

• [ ] Can I take over XYZ?
• [ ] A GUIDE TO SUBDOMAIN TAKEOVERS
• [ ] Subdomain takeover - Chapter one: Methodology
• [ ] Subdomain takeover - Chapter two: Azure Services
• [ ] Find Subdomain Takeover with Amass + SubJack
• [ ] 5 Subdomain Takeover #ProTips
• [ ] Subdomain Takeover
• [ ] Subdomain takeover via pantheon
• [ ] Subdomain takeover detection with AQUATONE
• [ ] Subdomain Takeover: Basics
• [ ] Subdomain Takeover: Finding Candidates
• [ ] Subdomain Takeover Explained with Practical
• [ ] Subdomain takeover - DNS expiration
• [ ] Introduction to Subdomain takeovers
• [ ] Part 2: Subdomain takeovers
• [ ] Heroku Custom Domain or Subdomain Takeover
• [ ] FastMail Custom Domain or Subdomain Takeover
• [ ] Subdomain Takeover Frontify
• [ ] Attempting EC2 Subdomain Takeover
• [ ] Hostile Subdomain Takeover using Heroku/Github/Desk + more

Finding Race Conditions

• [ ] Testing for Race Conditions (OWASP-AT-010)
• [ ] Race Condition in Web Applications tools
• [ ] Race The Web (RTW)

Finding Open Redirections

• [ ] Open Redirects - Everything That You Should Know
• [ ] Open Redirect Cheat Sheet
• [ ] The real impact of an Open Redirect vulnerability
• [ ] SSRF & Open Redirect Cheat Sheet
• [ ] Open Redirect Filters

Finding XXE

• [ ] OWASP - XML External Entity (XXE) Processing
• [ ] XXE - THINGS ARE GETTING OUT OF BAND
• [ ] OWASP TOP 10: XXE
• [ ] Out-of-band XML External Entity (OOB-XXE)
• [ ] What Are XML External Entity (XXE) Attacks
• [ ] Hunting for XXE in Uber using Acunetix AcuMonitor
• [ ] XXE - XML External Entity
• [ ] A Deep Dive into XXE Injection
• [ ] ADVICE FROM A RESEARCHER: HUNTING XXE FOR FUN AND PROFIT
• [ ] XML External Entity(XXE)
• [ ] SPILLING LOCAL FILES VIA XXE WHEN HTTP OOB FAILS
• [ ] Vilnerability 1: XXE in community.{site}.com
• [ ] xxe-that-can-bypass-waf-protection
• [ ] External XML Entity via File Upload (SVG)
• [ ] Burp Suite now reports blind XXE injection
• [ ] Exploiting The Entity: XXE (XML External Entity Injection)
• [ ] The road from sandboxed SSTI to SSRF and XXE tools
• [ ] XML External Entity (XXE) Injection Payload List
• [ ] xxe-recursive-download
• [ ] XML External Entity Injection
• [ ] PayloadsAllTheThings - XML External Entity
• [ ] Blind XXE Payload Generator

Finding RCE

• [ ] My first RCE: a tale of good ideas and good friends
• [ ] A Questionable Journey From XSS to RCE

Finding SSRF

• [ ] HOW TO: SERVER-SIDE REQUEST FORGERY (SSRF)
• [ ] Server Side Request Forgery SSRF Types And Ways To Exploit It (Part-1)
• [ ] SSRF – Server Side Request Forgery Types And Ways To Exploit It (Part-2)
• [ ] B-XSSRF
• [ ] From SSRF to Port Scanner
• [ ] What is Server Side Request Forgery (SSRF)?
• [ ] P4 to P2 - The story of one blind SSRF
• [ ] Server Side Request Forgery — SSRF
• [ ] https://github.com/cujanovic/SSRF-Testing tools
• [ ] SSRF Sheriff
• [ ] Blind SSRF exploitation
• [ ] Bypassing SSRFs like a King

Finding XSS

• [ ] One XSS cheatsheet to rule them all
• [ ] Actual XSS in 2020
• [ ] Finding and Fixing Cross-site Scripting (XSS)
• [ ] XSS on Cookie Pop-up
• [ ] 21 things you can do with XSS
• [ ] Bypass XSS filters using JavaScript global variables
• [ ] XSS in Limited Input Formats
• [ ] Location Based Payloads – Part III
• [ ] Extended XSS Searcher and Finder - scans for different types of XSS on a list of URLs.
• [ ] '>">123"

tools

Finding CSRF

• [ ] CROSS – SITE REQUEST FORGERY (CSRF)
• [ ] CORS CSRF
• [ ] ENTENDENDO A VULNERABILIDADE CSRF
• [ ] Exploiting JSON Cross Site Request Forgery (CSRF) using Flash
• [ ] Bug Bounty: Let’s Bypass an entire Web App’s CSRF protection

Finding CRLF

• [ ] CRLF Injection Define

Finding SQLi

• [ ] Sqlmap Tricks for Advanced SQL Injection
• [ ] addslashes() Versus mysql_real_escape_string()
• [ ] SQLI Injection
• [ ] Bypass Addslashes using Multibyte Character
• [ ] SQL Injection Via Stopping the redirection to a login page
• [ ] SQLMap Tamper Scripts (SQL Injection and WAF bypass)

Finding IDOR

• [ ] HOW-TO: FIND IDOR (INSECURE DIRECT OBJECT REFERENCE) VULNERABILITIES FOR LARGE BOUNTY REWARDS

Mobile

• [ ] HOW2HACK - GET STARTED HACKING MOBILE
• [ ] OWASP Mobile Security Testing Guide
• [ ] OWASP Mobile Security Testing Guide - GitBook
• [ ] BUG BOUNTY & ANDROID APPLICATIONS - PART 1
• [ ] Introducing Web Vulnerabilities into Native Apps
• [ ] Tips for Mobile Bug Bounty Hunting
• [ ] MOBILE APPLICATION PENETRATION TESTING METHODOLOGY
• [ ] Configuring Frida with BurpSuite and Genymotion to bypass Android SSL Pinning
• [ ] awesome-mobile-security
• [ ] Android App Reverse Engineering 101
• [ ] [ Tutorial ] Genymotion + Konfigurasi Burpsuite SSL certificate dengan ADB [ Indonesian ]
• [ ] Expanding the Attack Surface: React Native Android Applications
• [ ] #ANDROIDHACKINGMONTH: INTRODUCTION TO ANDROID HACKING BY @0XTEKNOGEEK
• [ ] How to test a Mobile App
• [ ] MOBILE TESTING: SETTING UP YOUR ANDROID DEVICE PT. 1
• [ ] Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)
• [ ] Zero to Hero - Mobile Application Testing - Android Platform
• [ ] awesome-mobile-security
• [ ] Pentesting Mobile Applications with Burpsuite
• [ ] Beginner's Guide to Mobile Applications Penetration Testing
• [ ] Android Application Penetration Testing / Bug Bounty Checklist
• [ ] From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
• [ ] How Facebook-Research app works
• [ ] Intercepting HTTP and HTTPS / SSL Mоbile traffic using Burp Suite.
• [ ] How to bypass Android certificate pinning and intercept SSL traffic

Mobile Tools

• FRIDA.RE
• Mobile Security Framework (MobSF)

Mobile CheatSheet

• Mobile Application Penetration Testing Cheat Sheet
• android-security-awesome

Mobile Writeups

• [ ] Hacking Razer Pay Ewallet App

API Test

• [ ] 31-days-of-API-Security-Tips
• [ ] A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)
• [ ] API Testing Tutorial: Learn in 10 minutes!
• [ ] API DOCS takeover on Readme.io
• [ ] API-Security-Checklist
• [ ] API Enumeration with RedTeam Security’s Tool: pURL

Labs

• Web Security Academy
• CTF Hacker 101
• PentesterLab
• OWASP Juice Shop
• Lesser Known Web Attack Lab
• XSS Game
• XSS Hunter
• How to setup Metasploitable 3 on Windows 10
• XVWA – Xtreme Vulnerable Web Application
• OWASP Vulnerable Web Applications Directory Project-VWAD

WriteUps

Subdomain Takeover Writeups

• [ ] Subdomain Takeover: Proof Creation for Bug Bounties
• [ ] Subdomain Takeover: Yet another Starbucks case
• [ ] URGENT – Subdomain Takeover in support.urbandictionary.com pointing to Zendesk
• [ ] Subdomain Takeover in Velostrata - Google Acquisition
• [ ] Subdomain Takeover using blog.greenhouse.io pointing to Hubspot
• [ ] Shipt Subdomain TakeOver Via HeroKu ( Test.Shipt.Com )
• [ ] How I Took Over 2 Subdomains with Azure CDN Profiles
• [ ] Subdomain takeover via Ngrok service​

HTTP Request Smuggling Writeups

• [ ] HTTP Request Smuggling + IDOR
• [ ] HTTP response splitting exploitations and mitigations
• [ ] HTTP Request Smuggling (CL.TE)
• [ ] Checking HTTP Smuggling issues in 2015 - Part1
• [ ] Hiding in plain sight: HTTP request smuggling
• [ ] Smuggling HTTP headers through reverse proxies

XSS Writeups

• [ ] Reflected XSS in graph.facebook.com leads to account takeover in IE/Edge
• [ ] Arbitary File Upload too Stored XSS - Bug Bounty
• [ ] XSS to Account Takeover - Bypassing CSRF Header Protection and HTTPOnly Cookie
• [ ] Exploiting Cookie Based XSS by Finding RCE
• [ ] AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2
• [ ] DOM XSS in Gmail with a little help from Chrome

CSRF Writeups

• [ ] Google Bug Bounty: CSRF in learndigital.withgoogle.com
• [ ] GoodSAM App – CSRF/Stored XSS Chain Full Disclosure
• [ ] Account Takeover via CSRF
• [ ] SITE WIDE CSRF ON GLASSDOOR

SSRF Writeups

• [ ] AWS takeover through SSRF in JavaScript
• [ ] BugBounty | A Simple SSRF
• [ ] My First SSRF Using DNS Rebinding
• [ ] SSRF – Server Side Request Forgery Interesting Links
• [ ] MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT

CRLF Writeups

• [ ] CRLF injection on Twitter or why blacklists fail

XXE Writeups

• [ ] XXE-scape through the front door: circumventing the firewall with HTTP request smuggling

SSTI Writeups

• [ ] Server-Side Template Injection in Netflix Conductor
• [ ] Knocking the door to Server-side Template Injection. Part 1

IDOR Writeups

• [ ] Facebook OAuth Framework Vulnerability
• [ ] IDOR vulnerability in Hackerone
• [ ] Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR)
• [ ] IDOR leads to account takeover
• [ ] IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks
• [ ] IDOR – HOW I WAS ABLE TO UNMUTE ANYONE IN ANY FACEBOOK GROUP
• [ ] InvisionApp IDOR [ Explained ]
• [ ] Blind IDOR in LinkedIn iOS application

RCE Writeups

• [ ] A Not-So-Blind RCE with SQL Injection
• [ ] Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE
• [ ] Turning Blind RCE into Good RCE via DNS Exfiltration using Collabfiltrator [Burp Plugin]
• [ ] CA20180614-01: Security Notice for CA Privileged Access Manager
• [ ] Shopify: Remote Code Execution
• [ ] Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
• [ ] Playing with Jenkins RCE Vulnerability
• [ ] awesome-jenkins-rce-2019
• [ ] Story of a Hundred Vulnerable Jenkins Plugins
• [ ] How we exploited a remote code execution vulnerability in math.js
• [ ] Confluence Unauthorized RCE Vulnerability (CVE-2019-3396) Analysis
• [ ] My first RCE: a tale of good ideas and good friends
• [ ] $36k Google App Engine RCE
• [ ] Advisory | Seagate Central Storage Remote Code Execution 0day
• [ ] Cacti v1.2.8 authenticated Remote Code Execution (CVE-2020-8813)
• [ ] HTML to PDF converter bug leads to RCE in Facebook server.
• [ ] #Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS

LFI Writeups

• [ ] LOCAL FILE READ VIA XSS IN DYNAMICALLY GENERATED PDF

Open Redirection Writeups

• [ ] Open URL Redirection
• [ ] Basic Open URL Redirection Vulnerability
• [ ] Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat

Misconfiguration Writeups

• [ ] S3 Bucket Misconfiguration: From Basics to Pawn

CTF Writeups

• [ ] H1-702 CTF ~ Write-Up
• [ ] Intigriti XSS Challenge - Solution and problem solving approach
• [ ] Intigriti XSS Challenge 2 and how I lost time to a bad assumption
• [ ] How our community hacked our own XSS challenge
• [ ] XSS Challenge - 10K Followers Intigriti
• [ ] Hack the Pentester Lab: from SQL injection to Shell II (Blind SQL Injection)
• [ ] Raven 2: Vulnhub Walkthrough

OTHERS Writeups

• [ ] CSS data exfiltration in Firefox via a single injection point
• [ ] How I earned $800 for Host Header Injection Vulnerability
• [ ] Exploiting Insecure Firebase Database!
• [ ] Broken Link Hijacking - s3 buckets
• [ ] User Account Takeover via Signup Feature | Bug Bounty POC
• [ ] Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover
• [ ] Misconfigured Django Apps Are Exposing Secret API Keys, Database Passwords
• [ ] SOP Bypass via browser-cache
• [ ] Winter Is Here. All Your Domains Are Belong to Me!!! By Stephen Kofi Asamoah
• [ ] Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]
• [ ] CVE-2020-10560 - OSSN Arbitrary File Read
• [ ] Cross-Origin Resource Sharing CORS Misconfiguration Impact
• [ ] United Airlines Mileage Plus/Points.com Information Disclosure

Pentesting

• [ ] Hacking
• [ ] METASPLOIT UNLEASHED
• [ ] Beginner’s Guide to Nexpose
• [ ] A useful list of free tools to scan your website for security vulnerabilities
• [ ] Python WiFi Scanner Coding [FREE COURSE CONTENT]
• [ ] Mass Exploitation, Hunting While Sleeping
• [ ] Getting an Entry Level Cyber Security Job the Right Way
• [ ] Talk is cheap. Show me the money!
• [ ] Python: Como injetar código num processo em execução
• [ ] WPA2 Attack Tutorial [FREE COURSE CONTENT]
• [ ] TrackMania - a Chrome plugin to stalk your friends on Tinder
• [ ] Leading Methodologies Used by a Penetration Tester by Claire Mackerras
• [ ] Running a .NET Assembly in Memory with Meterpreter
• [ ] Extract credentials from lsass remotely
• [ ] A practical guide to RFID badge copying
• [ ] Upgrading Simple Shells to Fully Interactive TTYs
• [ ] Metasploit commands
• [ ] Upgrading Netcat shells to Meterpreter sessions
• [ ] WiFi Hacker : Shell Script For Attacking Wireless Connections Using Built-In Kali Tools
• [ ] Gone in 30 seconds – a HID cable story tale

tools

• [ ] 🐚 Reverse shell 🐚
• [ ] THE SOCIAL-ENGINEER TOOLKIT (SET)
• [ ] PRIVACY HEROES

Forensics

• [ ] Searching public aviation records for OSINT [FREE COURSE CONTENT]
• [ ] The Curious Case of WebCrypto Diffie-Hellman on Firefox - Small Subgroups Key Recovery Attack on DH
• [ ] Análise forense – Obtendo URLs visitadas no pagefile.sys

Reverse Engineering

• [ ] malware-gems

Certifications

• [ ] CISSP vs CEH? Which IT Security Certifications are More Valuable?
• [ ] Try Harder! My Penetration Testing with Kali Linux OSCP Review and course/lab experience — My OSCP Review | by Jason Bernier
• [ ] MY OSCP GUIDE: A PHILOSOPHICAL APPROACH
• [ ] OSCP-Prep
• [ ] The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP
• [ ] oscp like stack buffer overflow
• [ ] OSCP-Survival-Guide
• [ ] OSCP Preparation – Stalking my Penetration Testing Passion
• [ ] Offensive Security Bookmarks
• [ ] Zero to OSCP Hero - PWK Course - Week 1
• [ ] offensive cheatsheet
• [ ] AWAE/OSWE
• [ ] OSCP Cheatsheet
• [ ] AWAE (OSWE) preparation

HackTheBox

• [ ] Forest - Hack The Box
• [ ] HTB: Forest