└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # really-good-cybersec
 2 | A really good cybersec reading materials.
 3 | 
 4 | ### Implementing a toy version of TLS 1.3
 5 | - https://jvns.ca/blog/2022/03/23/a-toy-version-of-tls/
 6 | ### tmpout.sh
 7 | - https://tmpout.sh/2/
 8 | ### Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
 9 | - https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/
10 | ### RWCTF 4th Desperate Cat Writeup
11 | - https://github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup
12 | ### CVE-2021-22555: Turning \x00\x00 into 10000$
13 | - https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
14 | ### SSTI Method Confusion in Go.
15 | - https://dev.to/pirateducky/ssti-method-confusion-in-go-517p
16 | ### A story of leaking uninitialized memory from Fastly
17 | - https://medium.com/@emil.lerner/leaking-uninitialized-memory-from-fastly-83327bcbee1f
18 | ### Deep-dive into Windows Active Directory for Penetesters!
19 | - https://tajdini.net/blog/forensics-and-security/pentest-windows-active-directory/
20 | ### Timing attack mitigation must exclude network
21 | - https://adam-p.ca/blog/2021/11/constant-time-network/
22 | ### Put an io_uring on it: Exploiting the Linux Kernel
23 | - https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
24 | ### Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
25 | - https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4
26 | ### Prototype pollution attack in NodeJS
27 | - https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf
28 | ### elFinder: The story of a repwning
29 | - https://www.synacktiv.com/en/publications/elfinder-the-story-of-a-repwning.html
30 | ### Insecure cipher used in forum software
31 | - https://0g.vc/posts/insecure-cipher-gnuboard5/
32 | ### CVE-2022-27666: Exploit esp6 modules in Linux kernel
33 | - https://etenal.me/archives/1825
34 | ### CVE-2021-4191: GitLab GraphQL API User Enumeration
35 | - https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/
36 | ### Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring
37 | - https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
38 | ### Reversing Common Obfuscation Techniques
39 | - https://ferib.dev/blog.php?l=post/Reversing_Common_Obfuscation_Techniques
40 | ### A BEAUTIFUL FACTORY FOR MALICIOUS PACKAGES
41 | - https://checkmarx.com/blog/a-beautiful-factory-for-malicious-packages/
42 | ### Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)
43 | - https://blog.assetnote.io/2022/04/27/vmware-workspace-one-uem-ssrf/
44 | ### What's Really Going On Inside Your node_modules Folder?
45 | - https://socket.dev/blog/inside-node-modules
46 | ### Bypassing CSP with dangling iframes
47 | - https://portswigger.net/research/bypassing-csp-with-dangling-iframes
48 | ### The State of CSRF Vulnerability in 2022
49 | - https://utkusen.medium.com/the-state-of-csrf-vulnerability-in-2022-3858e6d90ab9
50 | ### Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
51 | - https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
52 | ### How I Hacked my Car
53 | - https://programmingwithstyle.com/posts/howihackedmycar/
54 | 


--------------------------------------------------------------------------------