├── eWPTX Preparation by Joas.pdf
├── eWPTX Preparation by Joas.xmind
└── README.md


/eWPTX Preparation by Joas.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/eWPTX-Preparation/HEAD/eWPTX Preparation by Joas.pdf


--------------------------------------------------------------------------------
/eWPTX Preparation by Joas.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/eWPTX-Preparation/HEAD/eWPTX Preparation by Joas.xmind


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # eWPTX-Preparation
  2 | 
  3 | ## Review
  4 | 
  5 | ### https://www.doyler.net/security-not-included/ewptx-review
  6 | 
  7 | ### https://diesec.home.blog/2021/06/05/elearnsecurity-web-application-penetration-tester-extreme-ewptxv2/
  8 | 
  9 | ### https://thomfre.dev/elearnsecurity-web-application-pentester
 10 | 
 11 | ### https://infosecwriteups.com/ewptxv2-exam-review-2646dd145940
 12 | 
 13 | ### https://blog.elearnsecurity.com/focus-on-the-web-application-penetration-testing-extreme-training-course-waptx.html
 14 | 
 15 | ### https://medium.com/@klockw3rk/elearnsecurity-web-application-penetration-testing-course-wapt-ewpt-2f7480120b8e
 16 | 
 17 | ### https://www.linkedin.com/pulse/como-se-tornar-um-engenheiro-e-mestre-em-offensive-dos-santos/?originalSubdomain=pt
 18 | 
 19 | ### https://www.ethicalhacker.net/features/root/course-review-elearnsecurity-waptx-webapp-pentester-extreme/
 20 | 
 21 | ### https://www.youtube.com/watch?v=ZaHt8KU3TBM
 22 | 
 23 | ### https://stacktrac3.co/ewptx-review/
 24 | 
 25 | ### https://community.infosecinstitute.com/discussion/129064/elearningsecurity-advanced-web-application-penetration-tester-ewptx-review
 26 | 
 27 | ### https://osandamalith.com/2016/12/29/journey-into-ewptx/
 28 | 
 29 | ### https://www.reddit.com/r/netsecstudents/comments/73728a/experience_with_elearnsecurity_web_application/
 30 | 
 31 | ## My Social Networks e ebooks
 32 | 
 33 | ### https://twitter.com/C0d3Cr4zy
 34 | 
 35 | ### https://www.linkedin.com/in/joas-antonio-dos-santos
 36 | 
 37 | ### https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU
 38 | 
 39 | ## LDAP Injection
 40 | 
 41 | ### https://www.neuralegion.com/blog/ldap-injection/
 42 | 
 43 | ### https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/LDAP%20Injection%20and%20Blind%20LDAP%20Injection.pdf
 44 | 
 45 | ### https://www.researchgate.net/publication/220049933_Vulnerabilities_of_LDAP_As_An_Authentication_Service
 46 | 
 47 | ### https://www.scirp.org/html/846.html
 48 | 
 49 | ### http://www.redbooks.ibm.com/redbooks/pdfs/sg246193.pdf
 50 | 
 51 | ### https://owasp.org/www-community/attacks/LDAP_Injection
 52 | 
 53 | ### https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html
 54 | 
 55 | ### https://www.synopsys.com/glossary/what-is-ldap-injection.html
 56 | 
 57 | ### https://www.netsparker.com/blog/web-security/ldap-injection-how-to-prevent/
 58 | 
 59 | ### https://book.hacktricks.xyz/pentesting-web/ldap-injection
 60 | 
 61 | ### https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/LDAP%20Injection%20and%20Blind%20LDAP%20Injection.pdf
 62 | 
 63 | ### https://www.calcomsoftware.com/preventing-ldap-reconnaissance/
 64 | 
 65 | ### https://www.computerworld.com/article/3135727/attackers-abuse-exposed-ldap-servers-to-amplify-ddos-attacks.html
 66 | 
 67 | ### https://portswigger.net/kb/issues/00100500_ldap-injection
 68 | 
 69 | ## Attacking Authentication & SSO
 70 | 
 71 | ### https://www.youtube.com/watch?v=h7ViO5YUuFA
 72 | 
 73 | ### https://www.youtube.com/watch?v=j9ALEIO3BSo
 74 | 
 75 | ### https://portswigger.net/daily-swig/vulnerabilities-in-single-sign-on-services-could-be-abused-to-bypass-authentication-controls
 76 | 
 77 | ### https://www.netspi.com/blog/technical/web-application-penetration-testing/attacking-sso-common-saml-vulnerabilities-ways-find/
 78 | 
 79 | ### https://duo.com/resources/videos/identity-theft-attacks-on-sso-systems
 80 | 
 81 | ### https://techbeacon.com/security/single-sign-still-open-attack-inside-look
 82 | 
 83 | ### https://workos.com/blog/fun-with-saml-sso-vulnerabilities-and-footguns
 84 | 
 85 | ### https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html
 86 | 
 87 | ### https://www.isdecisions.com/single-sign-on-active-directory-security-issues/
 88 | 
 89 | ### https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
 90 | 
 91 | ### https://securityboulevard.com/2018/02/some-sso-systems-vulnerable-to-authentication-bypass/
 92 | 
 93 | ### https://dingelish.com/sso.pdf
 94 | 
 95 | ### https://yangliang.github.io/pdf/inscrypt15.pdf
 96 | 
 97 | ### https://www.researchgate.net/publication/257006846_An_authentication_flaw_in_browser-based_Single_Sign-On_protocols_Impact_and_remediations
 98 | 
 99 | ### https://www.okta.com/resources/whitepaper/5-identity-attacks-that-exploit-your-broken-authentication/
100 | 
101 | ### https://hdivsecurity.com/owasp-broken-authentication
102 | 
103 | ### https://github.com/dogangcr/vulnerable-sso
104 | 
105 | ### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md
106 | 
107 | ### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/SAML_Security_Cheat_Sheet.md
108 | 
109 | ### https://github.com/kelbyludwig/saml-attack-surface
110 | 
111 | ## Server Side Attacks
112 | 
113 | ### https://www.sciencedirect.com/topics/computer-science/server-side-attack#:~:text=Server%2Dside%20attacks%20(also%20called,client)%20to%20a%20listening%20service.&text=Patching%2C%20system%20hardening%2C%20firewalls%2C,depth%20mitigate%20server%2Dside%20attacks.
114 | 
115 | ### https://www.javatpoint.com/server-side-attacks
116 | 
117 | ### https://portswigger.net/web-security/ssrf
118 | 
119 | ### https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection
120 | 
121 | ### https://sidechannel.tempestsi.com/server-side-request-forgery-attack-and-defense-64474bac3b1e
122 | 
123 | ### https://beaglesecurity.com/blog/article/server-side-request-forgery-attack.html
124 | 
125 | ### https://security.stackexchange.com/questions/195496/attacks-on-server-side-web
126 | 
127 | - Subtopic 1
128 | 
129 | ### https://subscription.packtpub.com/book/networking_and_servers/9781785883149/6
130 | 
131 | ### https://blog.convisoappsec.com/en/explaning_remote_code_execution/
132 | 
133 | ### https://blog.sqreen.com/ssrf-explained/
134 | 
135 | ### https://www.neuralegion.com/blog/ssrf-server-side-request-forgery/
136 | 
137 | ### https://knowledge-base.secureflag.com/vulnerabilities/unvalidated_redirects_forwards/server_side_request_forgery_vulnerability.html
138 | 
139 | ### https://github.com/OWASP/www-community/blob/master/pages/attacks/Server-Side_Includes_(SSI)_Injection.md
140 | 
141 | ### https://github.com/esmog/nodexp
142 | 
143 | ### https://github.com/epinna/tplmap
144 | 
145 | ### https://github.com/payloadbox/ssti-payloads
146 | 
147 | ### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md
148 | 
149 | ### https://github.com/cujanovic/SSRF-Testing
150 | 
151 | ## Encoding and Filtering
152 | 
153 | ### https://owasp.org/www-community/attacks/Unicode_Encoding
154 | 
155 | ### https://owasp.org/www-community/Double_Encoding
156 | 
157 | ### https://www.cgisecurity.com/lib/URLEmbeddedAttacks.html
158 | 
159 | ### https://pt.slideshare.net/marco_morana/encoded-attacks-and-countermeasures-presentation
160 | 
161 | ### https://owasp-top-10-proactive-controls-2018.readthedocs.io/en/latest/c4-encode-escape-data.html
162 | 
163 | ### https://flylib.com/books/en/2.819.1.43/1/
164 | 
165 | ### https://github.com/OWASP/www-community/blob/master/pages/xss-filter-evasion-cheatsheet.md
166 | 
167 | ### https://github.com/OWASP/www-project-web-security-testing-guide/blob/master/latest/6-Appendix/D-Encoded_Injection.md
168 | 
169 | ### https://github.com/OWASP/www-community/blob/master/pages/Double_Encoding.md
170 | 
171 | ### https://github.com/OWASP/www-community/blob/master/pages/attacks/Unicode_Encoding.md
172 | 
173 | ### https://github.com/OWASP/wstg/blob/master/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md
174 | 
175 | ## XML Attacks
176 | 
177 | ### https://owasp.org/www-pdf-archive/XML_Based_Attacks_-_OWASP.pdf
178 | 
179 | ### https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
180 | 
181 | ### https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870
182 | 
183 | ### https://portswigger.net/web-security/xxe
184 | 
185 | ### https://www.netsparker.com/blog/web-security/xxe-xml-external-entity-attacks/
186 | 
187 | ### https://www.whitehatsec.com/glossary/content/xml-injection
188 | 
189 | ### https://hdivsecurity.com/owasp-xml-external-entities-xxe
190 | 
191 | ### https://www.acunetix.com/blog/articles/xml-external-entity-xxe-vulnerabilities/
192 | 
193 | ### https://www.jigsawacademy.com/blogs/cyber-security/xml-external-entity/
194 | 
195 | ### https://www.opswat.com/blog/depth-look-xml-document-attack-vectors
196 | 
197 | ### https://www.appsecmonkey.com/blog/xxe
198 | 
199 | ### https://www.hacksplaining.com/prevention/xml-external-entities
200 | 
201 | ### https://we45.com/blog/xxe-injection-attack-3-ways-hit-hard/
202 | 
203 | ### https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity
204 | 
205 | ### https://ismailtasdelen.medium.com/xml-external-entity-xxe-injection-payload-list-937d33e5e116
206 | 
207 | ### https://github.com/payloadbox/xxe-injection-payload-list
208 | 
209 | ### https://hdivsecurity.com/bornsecure/prevention-of-xml-external-entity-xxe-attacks/
210 | 
211 | ### https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html
212 | 
213 | ### https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0/
214 | 
215 | ### https://gosecure.github.io/xxe-workshop/#0
216 | 
217 | ### https://www.synack.com/blog/a-deep-dive-into-xxe-injection/
218 | 
219 | ### https://support.f5.com/csp/article/K50262217
220 | 
221 | ### https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/top-level-protections/xml-entity-attack-protection.html
222 | 
223 | ### https://resources.infosecinstitute.com/topic/guide-xml-file-structure-external-entity-xxe-attacks/
224 | 
225 | ## Evasion Basic
226 | 
227 | ### https://github.com/EQuiw/2020-evasion-competition
228 | 
229 | ### https://github.com/OWASP/www-community/blob/master/pages/xss-filter-evasion-cheatsheet.md
230 | 
231 | ### https://github.com/0xInfection/Awesome-WAF
232 | 
233 | ### https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF
234 | 
235 | ### https://blog.isec.pl/waf-evasion-techniques/
236 | 
237 | ### https://www.sciencedirect.com/topics/computer-science/evasion-technique
238 | 
239 | ### https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
240 | 
241 | ### https://owasp.org/www-pdf-archive/OWASP_Stammtisch_Frankfurt_WAF_Profiling_and_Evasion.pdf
242 | 
243 | ### https://blog.securelayer7.net/what-is-waf-how-web-application-firewall-evasion-techniques-work/
244 | 
245 | ### https://www.secjuice.com/web-application-firewall-waf-evasion/
246 | 
247 | ### https://www.exploit-db.com/docs/45366
248 | 
249 | ### https://www.infoq.com/presentations/waf-scripting-techniques-autonomous-attacks/
250 | 
251 | ### https://silo.tips/download/advanced-filter-evasion-and-web-application-firewall-bypassing
252 | 
253 | ### https://silo.tips/download/advanced-filter-evasion-and-web-application-firewall-bypassing
254 | 
255 | ### https://www.imperva.com/blog/score-sheet-testing-some-xss-evasion-techniques-against-our-waf/
256 | 
257 | ### https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/
258 | 
259 | ## Cross-Site Scripting and XSS Evasion
260 | 
261 | ### https://github.com/payloadbox/xss-payload-list
262 | 
263 | ### https://github.com/Learn-by-doing/xss
264 | 
265 | ### https://github.com/s0md3v/XSStrike
266 | 
267 | ### https://github.com/omurugur/XSS_Payload_List
268 | 
269 | ### https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
270 | 
271 | ### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
272 | 
273 | ### https://owasp.org/www-community/xss-filter-evasion-cheatsheet
274 | 
275 | ### https://owasp.org/www-community/attacks/xss/
276 | 
277 | ### https://www.veracode.com/security/xss
278 | 
279 | ### https://portswigger.net/web-security/cross-site-scripting
280 | 
281 | ### https://www.acunetix.com/websitesecurity/xss/
282 | 
283 | ### https://www.netsparker.com/blog/web-security/xss-filter-evasion/
284 | 
285 | ### https://www.youtube.com/watch?v=O9vmnASdwZs
286 | 
287 | ### https://www.youtube.com/watch?v=sq0jdhigKYM
288 | 
289 | ### https://www.acunetix.com/blog/web-security-zone/xss-filter-evasion-basics/
290 | 
291 | ### https://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
292 | 
293 | ### https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
294 | 
295 | ### https://www.f5.com/pdf/white-papers/xss-evasion-wp.pdf
296 | 
297 | ### https://null-byte.wonderhowto.com/how-to/advanced-techniques-bypass-defeat-xss-filters-part-1-0190257/
298 | 
299 | ## Cross-Site Request Forgery
300 | 
301 | ### https://owasp.org/www-community/attacks/csrf
302 | 
303 | ### https://portswigger.net/web-security/csrf
304 | 
305 | ### https://www.acunetix.com/websitesecurity/csrf-attacks/
306 | 
307 | ### https://www.synopsys.com/glossary/what-is-csrf.html
308 | 
309 | ### https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/
310 | 
311 | ### https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/
312 | 
313 | ### https://www.rapid7.com/fundamentals/cross-site-request-forgery/
314 | 
315 | ### https://goteleport.com/blog/csrf-attacks/
316 | 
317 | ### https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
318 | 
319 | ### https://medium.com/@onehackman/cross-site-request-forgery-techniques-19270174ea4
320 | 
321 | ### https://auth0.com/blog/cross-site-request-forgery-csrf/
322 | 
323 | ### https://www.veracode.com/security/cross-site-request-forgery-guide-learn-all-about-csrf-attacks-and-csrf-protection
324 | 
325 | ### https://www.neuralegion.com/blog/cross-site-request-forgery-csrf/
326 | 
327 | ### https://blog.sessionstack.com/how-javascript-works-csrf-attacks-7-mitigation-strategies-757dfb08e7a6
328 | 
329 | ### https://blog.qualys.com/vulnerabilities-threat-research/2015/01/14/do-your-anti-csrf-tokens-really-protect-your-applications-from-csrf-attack
330 | 
331 | ### https://www.geeksforgeeks.org/cross-site-request-forgery-csrf-protection-methods-and-bypasses/
332 | 
333 | ### https://www.barracuda.com/glossary/csrf
334 | 
335 | ### https://seclab.stanford.edu/websec/csrf/
336 | 
337 | ### https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery
338 | 
339 | ## SQL Injections / Advanced SQL Injection and Bypass
340 | 
341 | ### https://owasp.org/www-community/attacks/SQL_Injection
342 | 
343 | ### https://www.devmedia.com.br/sql-injection/6102
344 | 
345 | ### https://www.youtube.com/watch?v=ciNHn38EyRc
346 | 
347 | ### https://www.youtube.com/watch?v=3Axp3VDnf0I
348 | 
349 | ### https://portswigger.net/web-security/sql-injection
350 | 
351 | ### https://www.acunetix.com/websitesecurity/sql-injection/
352 | 
353 | ### https://www.imperva.com/learn/application-security/sql-injection-sqli/
354 | 
355 | ### https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
356 | 
357 | ### https://www.programmersought.com/article/16352206542/
358 | 
359 | ### https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF
360 | 
361 | ### https://www.secjuice.com/advanced-sqli-waf-bypass/
362 | 
363 | ### https://securityonline.info/sql-injection-9-ways-bypass-web-application-firewall/
364 | 
365 | ### https://incogbyte.github.io/hacking/2020/12/12/sqli-bypass-techs.html
366 | 
367 | ### https://www.ptsecurity.com/upload/corporate/ww-en/download/PT-devteev-CC-WAF-ENG.pdf
368 | 
369 | ### https://www.exploit-db.com/papers/17934
370 | 
371 | ### https://websec.files.wordpress.com/2010/11/sqli2.pdf
372 | 
373 | ### https://gist.github.com/cyberheartmi9/b4a4ff0f691be6b5c866450563258e86
374 | 
375 | ### https://isharaabeythissa.medium.com/sql-injection-waf-bypassing-b71cc373f6bf
376 | 
377 | ### https://pentestit.medium.com/bypassing-waf-4cfa1aad16bf
378 | 
379 | ### https://hydrasky.com/network-security/sql-injection-bypass-cheatsheet/
380 | 
381 | ### https://learncybersec.blogspot.com/2020/03/bypassing-web-application-firewall-part_20.html
382 | 
383 | ### https://securityreport.com/cloudflare-waf-xss-bypass-exploits-revealed/
384 | 
385 | ### https://titanwolf.org/Network/Articles/Article?AID=a3861efd-d7bd-4150-8ede-8d46df68bb8f#gsc.tab=0
386 | 
387 | ### http://spi.unob.cz/papers/2011/2011-11.pdf
388 | 
389 | ### https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
390 | 
391 | ### https://null-byte.wonderhowto.com/how-to/sql-injection-101-avoid-detection-bypass-defenses-0184918/
392 | 
393 | ### https://security.stackexchange.com/questions/241149/sqli-filter-bypass-with-banned-table-column-names
394 | 
395 | ### https://infosecwriteups.com/fun-sql-injection-mod-security-bypass-644b54b0c445
396 | 
397 | ### https://book.hacktricks.xyz/pentesting-web/sql-injection
398 | 
399 | ### https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/
400 | 
401 | ### https://www.youtube.com/watch?v=2Fn0WAyZV0E
402 | 
403 | ### https://www.udemy.com/course/advanced-sql-tutorial/
404 | 
405 | ## Attacking Serialization
406 | 
407 | 
408 | ### https://www.reblaze.com/blog/serialization-attacks-what-they-are-and-how-to-prevent-them/#:~:text=A%20serialization%20attack%20happens%20when,into%20an%20in%2Dmemory%20structure.
409 | 
410 | ### https://speakerdeck.com/pwntester/attacking-net-serialization
411 | 
412 | ### https://www.youtube.com/watch?v=eDfGpu3iE4Q
413 | 
414 | ### https://www.youtube.com/watch?v=qDoBlLwREYk
415 | 
416 | ### https://www.youtube.com/watch?v=NqHsaVhlxAQ
417 | 
418 | ### https://portswigger.net/web-security/deserialization
419 | 
420 | ### https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data
421 | 
422 | ### https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
423 | 
424 | ### https://hdivsecurity.com/bornsecure/insecure-deserialization-attack-examples-mitigation/
425 | 
426 | ### https://snyk.io/blog/serialization-and-deserialization-in-java/
427 | 
428 | ### https://medium.com/gdg-vit/deserialization-attacks-d312fbe58e7d
429 | 
430 | ### https://infosecwriteups.com/insecure-deserialization-5c64e9943f0e
431 | 
432 | ### https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
433 | 
434 | ### https://www.cyberbit.com/blog/endpoint-security/serialization-vulnerabilities-explained/
435 | 
436 | ### http://www.securitytube.net/video/1045
437 | 
438 | ### https://www.cisecurity.org/blog/data-deserialization/
439 | 
440 | ### https://blog.cobalt.io/the-anatomy-of-deserialization-attacks-b90b56328766
441 | 
442 | ### https://www.immuniweb.com/blog/OWASP-insecure-deserialization.html
443 | 
444 | ### https://securityboulevard.com/2018/06/deserialization-vulnerabilities-attacking-deserialization-in-js/
445 | 
446 | ### https://portswigger.net/web-security/deserialization#:~:text=Insecure%20deserialization%20is%20when%20user,data%20into%20the%20application%20code.&text=For%20this%20reason%2C%20insecure%20deserialization,an%20%22object%20injection%22%20vulnerability.
447 | 
448 | ### https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization
449 | 
450 | ### https://www.acunetix.com/blog/articles/what-is-insecure-deserialization/
451 | 
452 | ### https://www.youtube.com/watch?v=nkTBwbnfesQ
453 | 
454 | ### https://www.youtube.com/watch?v=jwzeJU_62IQ
455 | 
456 | ### https://www.youtube.com/watch?v=EEHslhNbjeY
457 | 
458 | ### https://thehackerish.com/insecure-deserialization-explained-with-examples/
459 | 
460 | ### https://cyber.ithome.com.tw/2021/en/session-page/137
461 | 
462 | ### https://s.itho.me/ccms_slides/2021/5/17/fdc541c0-5889-4f81-8f42-13fbb4ae5e60.pdf
463 | 
464 | ### https://www.alluresec.com/2021/03/30/ewptxv2-review/
465 | 
466 | ### https://www.alluresec.com/2021/02/03/polygot-phar-deserialization/
467 | 
468 | ## Attacking Crypto
469 | 
470 | ### https://www.hacker101.com/sessions/crypto_attacks.html
471 | 
472 | ### https://www.csoonline.com/article/3253572/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html
473 | 
474 | ### https://www.coindesk.com/crypto-attacks-bitcoin-ethereum-classic-open-source-value
475 | 
476 | ### https://github.com/jvdsn/crypto-attacks
477 | 
478 | ### https://www.coindesk.com/hackers-mined-crypto-on-githubs-servers-report
479 | 
480 | ### https://heimdalsecurity.com/blog/github-infrastructure-used-to-mine-cryptocurrency/
481 | 
482 | ### https://dev.to/thibaultduponchelle/the-github-action-mining-attack-through-pull-request-2lmc
483 | 
484 | ### https://owasp.org/www-pdf-archive//Emil-gurevitch-practical-crypto-attacks-part-1.pdf
485 | 
486 | ### https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
487 | 
488 | ### https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/
489 | 
490 | ### https://arstechnica.com/information-technology/2013/03/new-attacks-on-ssl-decrypt-authentication-cookies/
491 | 
492 | ### https://attack.mitre.org/techniques/T1140/
493 | 
494 | ### https://portswigger.net/bappstore/f923cbf91698420890354c1d8958fee6
495 | 
496 | ### https://hackernoon.com/a-guide-to-hashing-how-to-keep-your-database-safe-4n1fq31nz
497 | 
498 | ### https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/
499 | 
500 | ### https://auth0.com/blog/hashing-passwords-one-way-road-to-security/
501 | 
502 | ## API and Cloud Application Attacks
503 | 
504 | ### https://techbeacon.com/enterprise-it/pen-testing-cloud-based-apps-step-step-guide
505 | 
506 | ### https://kirkpatrickprice.com/blog/api-penetration-testing/
507 | 
508 | ### https://securetriad.io/the-what-why-and-how-of-api-penetration-testing/
509 | 
510 | ### https://secureideas.com/knowledge/what-is-the-difference-between-api-and-webapp-pentests
511 | 
512 | ### https://www.breachlock.com/penetration-testing-of-apis-and-microservices/
513 | 
514 | ### https://turingpoint.de/en/security-assessments/pentests/web-applications/
515 | 
516 | ### https://www.sans.org/webcasts/pen-testing-api-security-web-cloud-119180
517 | 
518 | ### https://thecyphere.com/services/web-application-penetration-testing/
519 | 
520 | ### https://www.iarminfo.com/api-penetration-testing/
521 | 
522 | ### https://www.securitycompassadvisory.com/blog/api-security-testing-best-practices-key-vulnerabilities/
523 | 
524 | ### https://outpost24.com/blog/what-is-api-security-and-how-to-protect-them
525 | 
526 | ### https://github.com/inonshk/31-days-of-API-Security-Tips
527 | 
528 | ### https://github.com/0xbigshaq/firepwn-tool
529 | 
530 | ### https://github.com/arainho/awesome-api-security
531 | 
532 | ### https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md
533 | 
534 | ### https://github.com/HSIS007/Useful_Websites_For_Pentester
535 | 
536 | ### https://book.hacktricks.xyz/pentesting/pentesting-web/web-api-pentesting
537 | 
538 | ### https://github.com/omkar-ukirde/api-pentesting
539 | 
540 | ### https://github.com/BBVA/apicheck
541 | 
542 | ### https://github.com/flipkart-incubator/Astra
543 | 
544 | ### https://github.com/dsopas/MindAPI
545 | 
546 | *XMind - Evaluation Version*
547 | 


--------------------------------------------------------------------------------