Giter VIP home page Giter VIP logo

hacking-repo-learn365's Introduction

Learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Anubhav Singh. Huge thanks to Harsh Bothra, from whoam I got motivated to start this Learn365 challenge.

Day Topic
1
  • Learn Javascript
  • The Tool Box karma v2 and 4-ZERO-3 - Talk
  • Finding and exploiting unintended functionality in main web app APIs - Writeup
  • Workflow for Javascript Recon
2
  • Learn Javascript
  • Read BugBounty BootCamp - Book
  • Learn Python
3
  • Learn Javascript
  • AWS Lambda Command Injection - Writeup
  • A tale of zero click account takeover - Writeup
4
  • Learn CSS
  • Learn Python
5
  • Learn Javascript [Revision]
6
  • Solved DOM based XSS Labs on Portswigger
7
  • Solved DOM based XSS Labs on Portswigger
  • Learn Python
8
  • A Cool Account Takeover Vulnerability due to lack of Client Side Validation - WriteUp
9
  • WebSockets not Bound by SOP and CORS? - WriteUp
10
  • Unauth Cache Purging - WriteUp
  • How I was able to change victim’s password using IDN Homograph Attack - WriteUp
11
  • Controlling the web message source - Lab
  • JavaScript for Hackers - Video
  • HACKING postMessage() - Video
  • Introduction postmessage vulnerabilities - Writeup
  • Postmessage vulnerability demo -Lab
12
  • A simple Data Exfiltration! Excel magic - Writeup
13
  • One Token to leak them all : The story of a $8000 NPM_TOKEN - Writeup
  • Introduction to GraphQL - GraphQL Exploitation Part1 - Video
14
  • Finding The Origin IP Behind CDNs - Writeup
15
  • Hunting postMessage Vulnerabilities - White Paper
16
  • 120 Days of High Frequency Hunting - WriteUp
  • Hunting postMessage Vulnerabilities - White Paper
17
  • How to find new/more domains of a company? - Recon Stuff - Writeup
18
  • Read BugBounty BootCamp - Book
19
  • The Tale of a Click leading to RCE - Writeup
20
  • PostMessage Vulnerabilities - WriteUp
21
  • DVGA - Damn Vulnerable GraphQL Application Part 2 - Video
22
  • Chrome DevTools Crash Course - Video
23
  • Crontab for Linux Admins - Video
24
  • Template Injection in Action: 2-hour workshop on Template Injection (SSTI)
  • Read BugBounty BootCamp - Book
25
  • Hacking REST APIs: A beginner's guide - Course
26
  • Read BugBounty BootCamp - Book
  • Read zseano's methodology - Book
27
  • Read zseano's methodology - Book
28
  • Read zseano's methodology - Book
  • Params — Discovering Hidden Treasure in WebApps - Writeup
29
  • WebSockets and Hacking - Writeup
30
  • Pentesting API Top 10 - Talk
31
  • Read BugBounty BootCamp - Book
  • Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite - Writeup
32
  • Android: Quick History on Smartphones - Video
  • Intro to App Development - Video
  • Top 25 Browser Extensions for Pentesters and Bugbounty Hunters (2022) - Writeup
33
  • Intro to Android Architecture and Security - Video
  • What is an Android Operating System & Its Features - Writeup
  • Android Internals 101: How Android OS Starts You Application - Writeup
  • Android Security Part 1- Understanding Android Basics - Writeup
34
  • Mobile Application Penetration Testing - TCM Course
35
  • Read BugBounty BootCamp - Book
36
  • Solved 1-10 Challenges of InjuredAndroid
  • Recon methodology of @GodfatherOrwa - Video
37
  • Read BugBounty BootCamp - Book
38
  • 1,2 Exercises: Android App Reverse Engineering 101
39
  • 3,4 Exercises: Android App Reverse Engineering 101
40
  • Android App Reverse Engineering LIVE! Part 1 - Workshop
41
  • Android Architecture + Static Analysis with apktool + gf + jadx
  • Insecure Logging & Storage + Setup Genymotion & pidcat
42
  • Troubleshooting connection between WSL and android emulator
43
  • Mobexler : A Mobile Application Penetration Testing Platform - Video
44
  • Android Pentesting Lab Setup - Writeup
45
  • Hacking Android Deeplink Issues and Insecure URL Validation - Video
46
  • SINGLE-SIGN-ON SECURITY ISSUES : BugBounty BootCamp - Book
47
  • Solved Flag 12 & 13 of Injured Android
48
  • Android SSL Pinning Bypass for Bug Bounties & Penetration Testing - Video
  • SSL Pinning in Android Part 1 - Writeup
  • SSL Pinning in Android Part 2 - Writeup
  • What is Android Rooting? - Writeup
  • Four Ways to Bypass Android SSL Verification and Certificate Pinning - Writeup
49
  • Bypassing OkHttp Certificate Pinning - Writeup
  • Disabling SSL Pinning in Android Apps using Frida / Objection - Writeup
  • How To Bypass Apps Root Detection In Android - Writeup
  • Bug Bounty on Android : setup your Genymotion environment for APK analysis - Writeup
50
  • The Ultimate Guide to Android SSL Pinning Bypass - Guide
51
  • OAuth terminologies and flows explained - Video
  • OAuth 2.0 Hacking Simplified — Part 1 — Understanding Basics - Writeup
  • OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation - Writeup
52
  • Bug Bounty — Bypassing Endpoints - Writeup
53
  • How I made 25000 USD in bug bounties with reverse proxy - Writeup
54
  • Intercepting Android Emulator SSL traffic with burp using magisk - Writeup
55
  • Subdomains Tools Review: a full and detailed comparison of subdomain enumeration tools - Writeup
56
  • Lab: Authentication bypass via OAuth implicit flow
57
  • Web Authentication and Authorization Zine - Zine
58
  • Forced OAuth profile linking - Lab
  • OAuth account hijacking via redirect_uri - Lab
  • Stealing OAuth access tokens via an open redirect - Lab
59
  • ANDROID APP SECURITY BASICS (Static analysis - Part 1) - Video
60
  • HACKING ANDROID WebViews (Static analysis - Part 2) - Video
  • Getting Started with Android Application Security - Writeup
  • Android Pentest: Automated Analysis using MobSF - Writeup
  • Static Analysis of Android Application & Tools Used - Writeup
  • Complete Android Pentesting Guide - Writeup
61
  • Android App Security & Testing - Writeup
  • Exploiting Android activity android:exported="true" - Writeup
  • Exploiting Activity in medium android app - Writeup
62
  • Android Penetration Testing: Drozer - Writeup
63
  • Android Pentest: Deep Link Exploitation - Writeup
64
  • Android Applications Pentesting (Static Analysis) - HackTricks
65
  • OAuth Sign Up AND Log In (1-6 Slides) - Slides
66
  • Authentication bypass due to weak verification of SAML Token - Writeup
67
  • Bypassing Google Authentication on Periscope's Administration Panel - Writeup
68
  • Burp Bounty v2 Documentation
  • Architect: Major Design Decisions - OAuth
  • Classic Web Application: Authorization Code Grant Flow - OAuth
69
  • Authorizationcode_tester - Tester: Exploit Mistakes
70
  • Pwning a Server using Markdown - Writeup
71
  • Critical XSS in chrome extension - Writeup
72
  • Penetrate the Protected Component in Android Part 1 - Writeup
73
  • Penetrate the Protected Component in Android Part 2 - Writeup
74
  • From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password - Writeup
75
  • How Tapjacking Made a Return with Android Marshmallow and Nobody Noticed - Writeup
76
  • How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? - Writeup
77
  • Android Development (1:45 Hrs) - Video
78
  • Android Development: Java Refresher - Video
79
  • Android Development: Activities & Layouts - Video
80
  • Android Development: MultiScreen Apps - Video
81
  • How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes - Writeup
82
  • From XSS to RCE (dompdf 0day) - Writeup
83
  • A Detailed Guide on httpx - Writeup
84
  • Chapter 24 API Hacking : BugBounty BootCamp - Book
85
  • Preparing for API Security Testing : Hacking APIs - Book
86
  • How web applications work : Hacking APIs - Book
87 - 90
  • The Anatomy of Web APIs : Hacking APIs - Book
91
  • DIVA Android App: Walkthrough - Writeup
92
  • The Anatomy of Web APIs : Hacking APIs - Book
93
  • Android Penetration Testing: Frida - Writeup
94
  • Diva apk analysis - Writeup
95
  • API Authentication: Hacking APIs - Book
96
  • Watch out the links : Account takeover! - Writeup
97
  • 10 things you must do when Pentesting Android Applications - Writeup
  • Dumping Android application memory with fridump - Writeup
  • Mobile Risks: M1 – Improper platform usage - Writeup
  • Mobile Risks: M2 – Insecure data storage - Writeup
  • Mobile Risks: M3 – Insecure communication - Writeup
  • Understanding the OWASP Mobile Top 10 Security Risks: Part Two (M4-M7) - Writeup
  • Understanding the OWASP Mobile Top 10 Security Risks: Part Three (M8-M10) - Writeup
98
  • Vulnerable Android Broadcast Receivers - Writeup
99
  • API Insecurities Hacking APIs - Book
100
  • How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty - Writeup
101
  • Open Android Security Assessment Methodology - Repo
102
  • API Insecurities Hacking APIs (page 72 - 81) - Book
103
  • API Insecurities Hacking APIs (page 84 - 96) - Book
104
  • How I made $10K in bug bounties from GitHub secret leaks - Writeup
105
  • Android: How to Bypass Root Check and Certificate Pinning - Writeup
  • Comparison of Different Android Root-Detection Bypass Tools - Writeup
106
  • Bypassing a WAF by Finding the Origin IP - Video
107
  • Inspecting Android Traffic using Proxyman + apk-mitm - Writeup
108
  • NoSQL Injection in Plain Sight - Writeup
109
  • Configuring an out-of-band callback listener and notification service in under 10 minutes using AWS Lambda function URLs and Discord webhooks - Writeup
110
  • Supplemental Tools : Hacking APIs - Book

hacking-repo-learn365's People

Contributors

dn0m1n8tor avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.