harsh-bothra/learn365

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection


repo name	harsh-bothra/learn365
repo link	https://github.com/harsh-bothra/learn365
homepage
language
size (curr.)	3251 kB
stars (curr.)	590
created	2021-01-01
license

learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Harsh Bothra. Huge thanks to Mehedi Hasan Remon, who originally created and maintained this repository.

S.NO	Mind Map
1	2FA Bypass Techniques
2	Scope Based Recon
3	Cookie Based Authentication Vulnerabilities
4	Unauthenticated JIRA CVEs

Day	Topic
1	2FA Bypass Techniques
2	Regular Expression Denial Of Service
3	SAML Vulnerabilities
4	Unauthenticated & Exploitable JIRA Vulnerabilities
5	Client-Side Template Injection(CSTI)
6	Cross-Site Leaks (XS-Leaks)
7	Cross-Site Script Includes (XSSI)
8	JSON Padding Attacks
9	JSON Attacks
10	Abusing Hop-by-Hop Headers
11	Cache Poisoned Denial of Service (CPDos)
12	Unicode Normalization
13	WebSocket Vulns (Part-1)
14	WebSocket Vulns (Part-2)
15	WebSocket Vulns (Part-3)
16	Web Cache Deception Attack
17	Session Puzzling Attack
18	Mass Assignment Attack
19	HTTP Parameter Pollution
20	GraphQL Series (Part-1)
21	GraphQL Vulnerabilities (Part-2)
22	GraphQL WrapUp (Part-3)
23	Password Reset Token Issues
24	My previous works
25	Salesforce Security Misconfiguration (Part-1)
26	Salesforce Security Misconfiguration (Part-2))
27	Salesforce Configuration Review (Wrap)
28	Common Business Logic Issues: Part-1
29	Common Business Logic Issues (Part-2)
30	Common Business Logic Issues (Wrap)
31	Captcha Bypass Techniques
32	Pentesting Kibana Service
33	Pentesting Docker Registry
34	HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1)
35	HTML Scriptless Attacks / Dangling Markup Attacks (Wrap)
36	Pentesting Rsync Service
37	CRLF Injection
38	Pentesting FTP Service
39	OpenID Connect Implementation Issues
40	Cookie Based Authentication Vulnerabilities
41	Cobalt Vulnerability Wiki - Resource
42	Race Conditions
43	SMTP Open Relay Attack
44	Pentesting BACNet
45	API Security Tips
46	Pentesting SSH - Talk
47	CORS Misconfiguration
48	Incomplete Trailing Escape Pattern Issue
49	Pivoting & Exploitation in Docker Environments - Talk
50	Detect Complex Code Patterns using Semantic grep - Talk
51	Student Roadmap to Become a Pentester - Talk
52	Hacking How-To Series - Playlist
53	JS Prototype Pollution
54	JSON Deserialization Attacks
55	Android App Dynamic Analysis using House
56	Testing IIS Servers
57	Secure Code Review - Talk
58	JSON Interoperability Vulnerabilities - Research Blog
59	HTTP Desync Attacks - Talk
60	XSLT Injection
61	Bypassing AWS Policies - Talk
62	Source Code Review Guidelines - Resource
63	All of the Threats: Intelligence, Modelling and Hunting - Talk
64	Hidden Property Abuse (HPA) attack in Node.js - Talk
65	HTTP Request Smuggling in 2020 - Talk
66	Dependecy Confusion Attack - Blog
67	Format String Vulnerabilities - Webinar
68	Mobile Application Dynamic Analysis - Webinar
69	Insecure Deserialization - Talk
70	Web Cache Entanglement - Talk + Blog
71	OWASP AMASS - Bootcamp
72	Offensive Javascript Techniques for Red Teamers
73	Basic CMD for Pentesters - Cheatsheet
74	Investigating and Defending Office 365 - Talk
75	WinjaCTF 2021 Solutions - Blog
76	Kubernetes Security: Attacking and Defending K8s Clusters - Talk
77	AWS Cloud Security - Resources
78	WAF Evasion Techniques - Blog
79	File Inclusion - All-in-One
80	DockerENT Insights - Tool Demo Talk
81	ImageMagick - Shell injection via PDF password : Research Blog
82	Offensive GraphQL API Pentesting - Talk
83	Bug Bounties with Bash - Talk
84	Chrome Extensions Code Review - Talk
85	Server-Side Template Injection - Talk
86	Exploiting GraphQL - Blog
87	Exploiting Email Systems - Talk
88	Hacking with DevTools - Tutorial
89	Common Android Application Vulnerabilities - Talk
90	SAML XML Injection - Research Blog
91	Finding Access Control & Authorization Issues with Burp - Blogs
92	OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk