├── Day037_Pentesting_FTP_Service.md ├── Day038_OpenID_Connect_Implementation_Issues.md ├── Day039_Cookie_Based_Auth_Vulns.md ├── Day040_Cobalti_Vuln_Dictionary.md ├── Day041_Race_Conditions.md ├── Day042_SMTP_Open_RELAY_attack.md ├── Day043_with_BAC_NET_Pentesting.md ├── Day044_with_API_Pentesting.md ├── Day045_with_SSH_Pentesting.md ├── Day046_with_CORS_misconfig.md ├── Day047_with_Incomplete_trailing_escape_pattern_issue.md ├── Day048_with_Pivoting_and_exploitation_in_Docker_Env.md ├── Day049_with_Detecting_Complex_Code_patterns_with_semantic_grep.md ├── Day050_A_student_Roadmap_to_penetration_Testing.md ├── Day051_a_playlist_on_Hacking_by_Cobalt.md ├── Day052_JS_prototype_pollution.md ├── Day053_JSON_Deserialization_Attacks.md ├── Day054_Android_app_Dynamic_analysis_with_House.md ├── Day055_Hacking_IIS_Servers.md ├── Day056_Secure_Code_Review.md ├── Day057_JSON_interoperability_Vulns.md ├── Day058_HTTP_Desync_Attacks.md ├── Day059_XSLT_Injection.md ├── Day060_Bypassing_AWS_policies.md ├── Day061_Source_COde_Review_Guidelines.md ├── Day062_All_of_the_threats_Talk.md ├── Day063_Hidden_Properties_Attack_in_NodeJs.md ├── Day064_HTTP_Request_Smuggling_2020_Talk.md ├── Day065_Dependency_Confusion_Attack.md ├── Day066_String_Format_Vulns.md ├── Day067_Dynamic_Mobile_Analysis.md ├── Day068_Insecure_Deserialization_Talk.md ├── Day069_Web_Cache_Entanglement.md ├── Day070_OWASP_AMASS_Bootcamp.md ├── Day071_Offensive_JS_techniques.md ├── Day072_Basic_CMD_For_Pentesters.md ├── Day073_Investigating_and_Defending_Office_365.md ├── Day074_Winja_CTF_2021_Solutions.md ├── Day075_Kubernetes_Security_attacking_and_Defending_K8_Clusters.md ├── Day076_Hacking_AWS_Cloud.md ├── Day077_WAF_Evasion_Technique.md ├── Day078_File_Inclusion.md ├── Day079_DockerENT_Insights.md ├── Day080_ImageMagick_Shell_Injection_Via_Pdf_Password.md ├── Day081_Offensive_GraphQL_API_Pentesting.md ├── Day082_BugBounties_with_Bash.md ├── Day083_Chrome_Extensions.md ├── Day084_Server_Side_Template_Injections.md ├── Day085_Exploiting_GraphQL_Endpoints_Blog.md ├── Day086_Exploiting_Email_Systems.md ├── Day087_Hacking_with_Dev_Tools.md ├── Day088_Common_Android_App_vulns.md ├── Day089_SAML_XML_Injection.md ├── Day090_Finding_Access_Control_and_Auth_issues_with_BURP.md ├── Day091_Oauth_2.0_Misimplementations.md ├── Day092_JWT_attacks.md ├── Day093-102_Random_Readings.md ├── Day103_Attacking_Ruby_On_Rails_App.md ├── Day104_Pentesting_CHrome_Extension_Case_Study.md ├── Day105_XXE_Simplified_Blog.md ├── Day106_Web_Hacking_Pro_Tips_with_@zseano.md ├── Day107_JS_Prototype_Pollution.md ├── Day108_XSS_Via_GraphQL_Endpoint.md ├── Day109_WS-2016-7107:_CSRF_tokens_in_Spring_and_the_BREACH_attack.md ├── Day10_CPDos.md ├── Day110_AWS_SSRF_Metadata_Leakage.md ├── Day111_Writing_Burp_Suite_Extensions_In_Kotlin.md ├── Day112-115_Random_Readings.md ├── Day116_Hacking_Oauth_Apps_Pt1.md ├── Day117_Portable_Data_exFiltration_Xss_For_PDFs.md ├── Day118_A_case_study_on_Task_hijacking_on_Android.md ├── Day119_Oauth_Flawed_CSRF_protection.md ├── Day11_UnicodeNormalization.md ├── Day120_Hacking_Electron_Apps_with_ElectroNegativity.md ├── Day121_Awesome_electron_Js_Hacking_Resources.md ├── Day122_Pentesting_Blockchain_Solutions.md ├── Day123-124_Random_Readings.md ├── Day125_Oversized_XML_attack.md ├── Day126_XML_complexity_attack.md ├── Day127_Web_Service_attacks.md ├── Day128_Domain_Hijacking_via_Logic_error.md ├── Day129_Automating_Recon_with_Axiom.md ├── Day12_WebSocket1.md ├── Day130_Testing_extensions_in_Chromium_Browsers.md ├── Day131_Pentesting_IoS.md ├── Day132_DNS_Out_of_band_Blind_SQL_injection.md ├── Day133_Git_Dorker_Talk.md ├── Day134_Mobisec_2020_Slides.md ├── Day135_Web_app_Pentesting_in_Angular_Context.md ├── Day136_RCE_in_Homebrew.md ├── Day137_Wordpress_Plugin_Security_Testing_Cheat_sheet.md ├── Day138_Finding_JS_pollution_and_exploiting.md ├── Day139_HowTo:_intercept_mutually-authenticated_TLS_communications_Java_thick_client.md ├── Day13_WebSocket2.md ├── Day140_Kubernetes_namespaces_isolation.md ├── Day141_Frag_attacks.md ├── Day142_Free_automated_Recon_Using_GH_actions.md ├── Day143_DAY[0]_Episode_66_BlackHat_USA,_Pre-Auth_RCEs,_and_JSON_Smuggling.md ├── Day144_Bug_Hunters_Adventure.md ├── Day145_Static_analysis_of_Client_Side_Js_code.md ├── Day146_Method_Confusion_in_GO_SSTI_Leading_to_FILE_read_and_RCE.md ├── Day147_Finding_and_Exploiting_Unintended_Func_in_webapps.md ├── Day148_Securities_and_Crumpets_Ep6.md ├── Day149_GraphQL_Csrf.md ├── Day14_WebSocket3.md ├── Day150_Deep_dive_into_ART.md ├── Day151_13_Nagios_vulnerabilities.md ├── Day152_Frida_Scripting_Guide.md ├── Day153_Android_Exported_activities_and_how_to_exploit_them.md ├── Day154_XXE_scape_through_the_front_door_circumeventing_the_firewall_with_HTTP_request_smuggling.md ├── Day155_Turning_Blind_RCE_into_GOOD_RCE_via_DNS_exfiltration_using_collabfiltrator.md ├── Day156_XSS_in_AWS_Console.md ├── Day157_Adventures_into_HTTP2_and_HTTP3.md ├── Day158_App_Caches_Forgotten_tales.md ├── Day159_cve_2021_argument_injection_in_Ruby_Dragonfly.md ├── Day15_WebCacheDeception.md ├── Day160_Dev_Secops_100_Intro_Course_free.md ├── Day161_Unexpected_ways_of_code_execution_in_Python.md ├── Day162_Retreiving_AWS_Security_credentials_from_AWS_console.md ├── Day163_Injection_SQL_and_NoSQL_blog.md ├── Day164_HTTP_parameter_pollution_Blog.md ├── Day165_XXE_Workshop_Labs.md ├── Day166_How_To_Analyze_Code_For_Vulns.md ├── Day167_Testing_2FA.md ├── Day168_Your_email_validation_logic_is_wrong.md ├── Day169_Active_Scanning_tecqniques.md ├── Day16_SessionPuzzling.md ├── Day170_Bypassing_2FA_using_OpenId_Misconfiguration.md ├── Day171_Security_shorts.md ├── Day172_JS_Bridge_in_Modern_Apps.md ├── Day173_Adv_Web_app_penetration_testing_jwt_security_issuesd.md ├── Day174_Quick_Analysis_for_the_SSID_format_string_bug.md ├── Day175_Live_Gitlab_asks_a_hacker_with_bugbounty_hunter.md ├── Day176_Ios_app_testing_through_burp_on_corellium.md ├── Day177_Blind_XSS_setting_up_the_self_hosted_xss_hunter_with_PWN_machine.md ├── Day178_Attacking_Graphql_autocorrect.md ├── Day179_Apex_security_whitepaper.md ├── Day17_MassAssignment.md ├── Day180_Django_SSTI.md ├── Day181_Pentesting_salesforce_SAAS_application.md ├── Day182_How_to_solve_xss_challenge_from_intigriti_under60mins.md ├── Day183_How_to_get_the_max_of_an_IDOR.md ├── Day184_Pre-auth_RCE_in_ForgeRock_openAM.md ├── Day185_Some_more_ways_to_find_more_IDOR.md ├── Day186_a_supply_chain_breach_taking_over_an_atlassian_account.md ├── Day18_HTTParameterPollution.md ├── Day19_GraphQL_1.md ├── Day1_ReDOS.md ├── Day20_GraphQL_2.md ├── Day21_GraphQL_3.md ├── Day22_Password_ResetToken_issues.md ├── Day23_My_First_Bash_Script.md ├── Day24_SalesForce_Security_1.md ├── Day25_SalesForce_Security_2.md ├── Day26_SalesForce_Security_WrapUP.md ├── Day27_Common_Buisness_Logic_Issues_1.md ├── Day28_Common_Buisness_Logic_Issues_2.md ├── Day29_Common_Buisness_Logic_Issues_3.md ├── Day2_SAML.md ├── Day30_Captcha_Bypass.md ├── Day31_Pentesting_Kibana_Service.md ├── Day32_Pentesting_Docker_Registry.md ├── Day33_Http_Scriptles_Attacks_1.md ├── Day34_Http_Scriptles_Attacks_Wrap.md ├── Day35_Pentesting_Resync_Service.md ├── Day36_CRLF_Injection.md ├── Day3_JIRA.md ├── Day4_CSTI.md ├── Day5_XSleaks.md ├── Day6_XSSI.md ├── Day7_JSONP.md ├── Day8_JsonAttacks.md └── Day9_HBHheaders.md /Day037_Pentesting_FTP_Service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day037_Pentesting_FTP_Service.md -------------------------------------------------------------------------------- /Day038_OpenID_Connect_Implementation_Issues.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day038_OpenID_Connect_Implementation_Issues.md -------------------------------------------------------------------------------- /Day039_Cookie_Based_Auth_Vulns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day039_Cookie_Based_Auth_Vulns.md -------------------------------------------------------------------------------- /Day040_Cobalti_Vuln_Dictionary.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day040_Cobalti_Vuln_Dictionary.md -------------------------------------------------------------------------------- /Day041_Race_Conditions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day041_Race_Conditions.md -------------------------------------------------------------------------------- /Day042_SMTP_Open_RELAY_attack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day042_SMTP_Open_RELAY_attack.md -------------------------------------------------------------------------------- /Day043_with_BAC_NET_Pentesting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day043_with_BAC_NET_Pentesting.md -------------------------------------------------------------------------------- /Day044_with_API_Pentesting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day044_with_API_Pentesting.md -------------------------------------------------------------------------------- /Day045_with_SSH_Pentesting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day045_with_SSH_Pentesting.md -------------------------------------------------------------------------------- /Day046_with_CORS_misconfig.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day046_with_CORS_misconfig.md -------------------------------------------------------------------------------- /Day047_with_Incomplete_trailing_escape_pattern_issue.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day047_with_Incomplete_trailing_escape_pattern_issue.md -------------------------------------------------------------------------------- /Day048_with_Pivoting_and_exploitation_in_Docker_Env.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day048_with_Pivoting_and_exploitation_in_Docker_Env.md -------------------------------------------------------------------------------- /Day049_with_Detecting_Complex_Code_patterns_with_semantic_grep.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day049_with_Detecting_Complex_Code_patterns_with_semantic_grep.md -------------------------------------------------------------------------------- /Day050_A_student_Roadmap_to_penetration_Testing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day050_A_student_Roadmap_to_penetration_Testing.md -------------------------------------------------------------------------------- /Day051_a_playlist_on_Hacking_by_Cobalt.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day051_a_playlist_on_Hacking_by_Cobalt.md -------------------------------------------------------------------------------- /Day052_JS_prototype_pollution.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day052_JS_prototype_pollution.md -------------------------------------------------------------------------------- /Day053_JSON_Deserialization_Attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day053_JSON_Deserialization_Attacks.md -------------------------------------------------------------------------------- /Day054_Android_app_Dynamic_analysis_with_House.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day054_Android_app_Dynamic_analysis_with_House.md -------------------------------------------------------------------------------- /Day055_Hacking_IIS_Servers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day055_Hacking_IIS_Servers.md -------------------------------------------------------------------------------- /Day056_Secure_Code_Review.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day056_Secure_Code_Review.md -------------------------------------------------------------------------------- /Day057_JSON_interoperability_Vulns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day057_JSON_interoperability_Vulns.md -------------------------------------------------------------------------------- /Day058_HTTP_Desync_Attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day058_HTTP_Desync_Attacks.md -------------------------------------------------------------------------------- /Day059_XSLT_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day059_XSLT_Injection.md -------------------------------------------------------------------------------- /Day060_Bypassing_AWS_policies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day060_Bypassing_AWS_policies.md -------------------------------------------------------------------------------- /Day061_Source_COde_Review_Guidelines.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day061_Source_COde_Review_Guidelines.md -------------------------------------------------------------------------------- /Day062_All_of_the_threats_Talk.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day062_All_of_the_threats_Talk.md -------------------------------------------------------------------------------- /Day063_Hidden_Properties_Attack_in_NodeJs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day063_Hidden_Properties_Attack_in_NodeJs.md -------------------------------------------------------------------------------- /Day064_HTTP_Request_Smuggling_2020_Talk.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day064_HTTP_Request_Smuggling_2020_Talk.md -------------------------------------------------------------------------------- /Day065_Dependency_Confusion_Attack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day065_Dependency_Confusion_Attack.md -------------------------------------------------------------------------------- /Day066_String_Format_Vulns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day066_String_Format_Vulns.md -------------------------------------------------------------------------------- /Day067_Dynamic_Mobile_Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day067_Dynamic_Mobile_Analysis.md -------------------------------------------------------------------------------- /Day068_Insecure_Deserialization_Talk.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day068_Insecure_Deserialization_Talk.md -------------------------------------------------------------------------------- /Day069_Web_Cache_Entanglement.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day069_Web_Cache_Entanglement.md -------------------------------------------------------------------------------- /Day070_OWASP_AMASS_Bootcamp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day070_OWASP_AMASS_Bootcamp.md -------------------------------------------------------------------------------- /Day071_Offensive_JS_techniques.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day071_Offensive_JS_techniques.md -------------------------------------------------------------------------------- /Day072_Basic_CMD_For_Pentesters.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day072_Basic_CMD_For_Pentesters.md -------------------------------------------------------------------------------- /Day073_Investigating_and_Defending_Office_365.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day073_Investigating_and_Defending_Office_365.md -------------------------------------------------------------------------------- /Day074_Winja_CTF_2021_Solutions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day074_Winja_CTF_2021_Solutions.md -------------------------------------------------------------------------------- /Day075_Kubernetes_Security_attacking_and_Defending_K8_Clusters.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day075_Kubernetes_Security_attacking_and_Defending_K8_Clusters.md -------------------------------------------------------------------------------- /Day076_Hacking_AWS_Cloud.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day076_Hacking_AWS_Cloud.md -------------------------------------------------------------------------------- /Day077_WAF_Evasion_Technique.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day077_WAF_Evasion_Technique.md -------------------------------------------------------------------------------- /Day078_File_Inclusion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day078_File_Inclusion.md -------------------------------------------------------------------------------- /Day079_DockerENT_Insights.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day079_DockerENT_Insights.md -------------------------------------------------------------------------------- /Day080_ImageMagick_Shell_Injection_Via_Pdf_Password.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day080_ImageMagick_Shell_Injection_Via_Pdf_Password.md -------------------------------------------------------------------------------- /Day081_Offensive_GraphQL_API_Pentesting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day081_Offensive_GraphQL_API_Pentesting.md -------------------------------------------------------------------------------- /Day082_BugBounties_with_Bash.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day082_BugBounties_with_Bash.md -------------------------------------------------------------------------------- /Day083_Chrome_Extensions.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | CHROME EXTENSIONS - CODE REVIEW 3 | 4 | # REFERENCES 5 | https://www.youtube.com/watch?v=hmNNPUicpuY 6 | -------------------------------------------------------------------------------- /Day084_Server_Side_Template_Injections.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day084_Server_Side_Template_Injections.md -------------------------------------------------------------------------------- /Day085_Exploiting_GraphQL_Endpoints_Blog.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day085_Exploiting_GraphQL_Endpoints_Blog.md -------------------------------------------------------------------------------- /Day086_Exploiting_Email_Systems.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day086_Exploiting_Email_Systems.md -------------------------------------------------------------------------------- /Day087_Hacking_with_Dev_Tools.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day087_Hacking_with_Dev_Tools.md -------------------------------------------------------------------------------- /Day088_Common_Android_App_vulns.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | COMMON ANDROID APPLICATION VULNERABILITIES 3 | 4 | # REFERENCE 5 | https://www.youtube.com/watch?v=51S8PeuzlmI 6 | -------------------------------------------------------------------------------- /Day089_SAML_XML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day089_SAML_XML_Injection.md -------------------------------------------------------------------------------- /Day090_Finding_Access_Control_and_Auth_issues_with_BURP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day090_Finding_Access_Control_and_Auth_issues_with_BURP.md -------------------------------------------------------------------------------- /Day091_Oauth_2.0_Misimplementations.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day091_Oauth_2.0_Misimplementations.md -------------------------------------------------------------------------------- /Day092_JWT_attacks.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | JWT ATTACKS 3 | 4 | # REFERENCE 5 | https://t.co/uZaskPO2jI?amp=1 6 | -------------------------------------------------------------------------------- /Day093-102_Random_Readings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day093-102_Random_Readings.md -------------------------------------------------------------------------------- /Day103_Attacking_Ruby_On_Rails_App.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | ATTACKING RUBY ON RAILS APPLICATIONS 3 | 4 | # REFERENCES 5 | http://phrack.org/issues/69/12.html#article 6 | -------------------------------------------------------------------------------- /Day104_Pentesting_CHrome_Extension_Case_Study.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day104_Pentesting_CHrome_Extension_Case_Study.md -------------------------------------------------------------------------------- /Day105_XXE_Simplified_Blog.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | BLOG - Discussing XXE in a simplified manner 3 | 4 | # REFERENCES 5 | https://t.co/b6JLORuZdL?amp=1 6 | -------------------------------------------------------------------------------- /Day106_Web_Hacking_Pro_Tips_with_@zseano.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | WEB HACKING PRO TIPS WITH @zseano 3 | 4 | # REFERENCES 5 | https://t.co/ulELdh5eW5?amp=1 6 | -------------------------------------------------------------------------------- /Day107_JS_Prototype_Pollution.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day107_JS_Prototype_Pollution.md -------------------------------------------------------------------------------- /Day108_XSS_Via_GraphQL_Endpoint.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day108_XSS_Via_GraphQL_Endpoint.md -------------------------------------------------------------------------------- /Day109_WS-2016-7107:_CSRF_tokens_in_Spring_and_the_BREACH_attack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day109_WS-2016-7107:_CSRF_tokens_in_Spring_and_the_BREACH_attack.md -------------------------------------------------------------------------------- /Day10_CPDos.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day10_CPDos.md -------------------------------------------------------------------------------- /Day110_AWS_SSRF_Metadata_Leakage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day110_AWS_SSRF_Metadata_Leakage.md -------------------------------------------------------------------------------- /Day111_Writing_Burp_Suite_Extensions_In_Kotlin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day111_Writing_Burp_Suite_Extensions_In_Kotlin.md -------------------------------------------------------------------------------- /Day112-115_Random_Readings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day112-115_Random_Readings.md -------------------------------------------------------------------------------- /Day116_Hacking_Oauth_Apps_Pt1.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Hackig Oauth Apps Part 1 3 | 4 | # REFERENCE 5 | https://www.youtube.com/watch?v=gVqrf2uUdQ0&t=7s 6 | -------------------------------------------------------------------------------- /Day117_Portable_Data_exFiltration_Xss_For_PDFs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day117_Portable_Data_exFiltration_Xss_For_PDFs.md -------------------------------------------------------------------------------- /Day118_A_case_study_on_Task_hijacking_on_Android.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day118_A_case_study_on_Task_hijacking_on_Android.md -------------------------------------------------------------------------------- /Day119_Oauth_Flawed_CSRF_protection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day119_Oauth_Flawed_CSRF_protection.md -------------------------------------------------------------------------------- /Day11_UnicodeNormalization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day11_UnicodeNormalization.md -------------------------------------------------------------------------------- /Day120_Hacking_Electron_Apps_with_ElectroNegativity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day120_Hacking_Electron_Apps_with_ElectroNegativity.md -------------------------------------------------------------------------------- /Day121_Awesome_electron_Js_Hacking_Resources.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day121_Awesome_electron_Js_Hacking_Resources.md -------------------------------------------------------------------------------- /Day122_Pentesting_Blockchain_Solutions.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | PENTESTING BLOCKCHAIN SOLUTIONS 3 | 4 | # REFERENCES 5 | https://www.youtube.com/watch?v=ahZ_V6qdBjQ 6 | -------------------------------------------------------------------------------- /Day123-124_Random_Readings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day123-124_Random_Readings.md -------------------------------------------------------------------------------- /Day125_Oversized_XML_attack.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | OVERSIED XML ATTACK 3 | 4 | # REFERENCE 5 | https://t.co/eGtRQhxwAE?amp=1 6 | -------------------------------------------------------------------------------- /Day126_XML_complexity_attack.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | XML COMPLEXITY ATTACK 3 | 4 | # REFERENCE 5 | https://www.ws-attacks.org/Recursive_Cryptography 6 | -------------------------------------------------------------------------------- /Day127_Web_Service_attacks.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | WEB SERVICE ATTACKS 3 | 4 | # REFERENCE 5 | https://t.co/8VnrwXkjRi?amp=1 6 | -------------------------------------------------------------------------------- /Day128_Domain_Hijacking_via_Logic_error.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day128_Domain_Hijacking_via_Logic_error.md -------------------------------------------------------------------------------- /Day129_Automating_Recon_with_Axiom.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Automation RECON with AXIOM 3 | 4 | # REFERENCE 5 | https://www.youtube.com/watch?v=tWml8Dy5RyM 6 | -------------------------------------------------------------------------------- /Day12_WebSocket1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day12_WebSocket1.md -------------------------------------------------------------------------------- /Day130_Testing_extensions_in_Chromium_Browsers.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | TESTING EXTENSIONS IN CHROMIUM BROWSER 3 | 4 | # REFERENCE 5 | https://t.co/yarG8te9si?amp=1 6 | -------------------------------------------------------------------------------- /Day131_Pentesting_IoS.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | PENTESTING IOS APP 3 | 4 | # REFERENCE 5 | https://www.youtube.com/watch?v=VQTQ0VaIXF0 6 | -------------------------------------------------------------------------------- /Day132_DNS_Out_of_band_Blind_SQL_injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day132_DNS_Out_of_band_Blind_SQL_injection.md -------------------------------------------------------------------------------- /Day133_Git_Dorker_Talk.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | GIT DORKER TALK 3 | 4 | # REFERENCE 5 | https://www.youtube.com/watch?v=UwzB5a5GrZk 6 | -------------------------------------------------------------------------------- /Day134_Mobisec_2020_Slides.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | MOBISEC 2020 Slides 3 | 4 | # REFERENCE 5 | https://t.co/Vx9iAVuoJZ?amp=1 6 | -------------------------------------------------------------------------------- /Day135_Web_app_Pentesting_in_Angular_Context.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | WEB APP PENTESTING IN ANGULAR CONTEXT 3 | 4 | # REFERENCE 5 | https://t.co/VBMUYuqXd8?amp=1 6 | 7 | -------------------------------------------------------------------------------- /Day136_RCE_in_Homebrew.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | RCE in HomeBrew 3 | 4 | # REFERENCES 5 | https://blog.ryotak.me/post/homebrew-security-incident-en/ 6 | -------------------------------------------------------------------------------- /Day137_Wordpress_Plugin_Security_Testing_Cheat_sheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day137_Wordpress_Plugin_Security_Testing_Cheat_sheet.md -------------------------------------------------------------------------------- /Day138_Finding_JS_pollution_and_exploiting.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | FINDING JS POLLUTION AND EXPLOITING IT 3 | 4 | # REFERENCES 5 | https://t.co/wsTDssatUd?amp=1 6 | -------------------------------------------------------------------------------- /Day139_HowTo:_intercept_mutually-authenticated_TLS_communications_Java_thick_client.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day139_HowTo:_intercept_mutually-authenticated_TLS_communications_Java_thick_client.md -------------------------------------------------------------------------------- /Day13_WebSocket2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day13_WebSocket2.md -------------------------------------------------------------------------------- /Day140_Kubernetes_namespaces_isolation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day140_Kubernetes_namespaces_isolation.md -------------------------------------------------------------------------------- /Day141_Frag_attacks.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | FRAG ATTACK 3 | 4 | # REFERENCE 5 | https://www.fragattacks.com/ 6 | -------------------------------------------------------------------------------- /Day142_Free_automated_Recon_Using_GH_actions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day142_Free_automated_Recon_Using_GH_actions.md -------------------------------------------------------------------------------- /Day143_DAY[0]_Episode_66_BlackHat_USA,_Pre-Auth_RCEs,_and_JSON_Smuggling.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | DAY[0] Episode 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling 3 | 4 | # REFERENCE 5 | https://t.co/VtX2iqSGVU?amp=1 6 | -------------------------------------------------------------------------------- /Day144_Bug_Hunters_Adventure.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | BUG HUNTERS ADVENTURE 3 | 4 | # REFERENCE 5 | https://t.co/7nzs3eWVNP?amp=1 6 | -------------------------------------------------------------------------------- /Day145_Static_analysis_of_Client_Side_Js_code.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | STATIC ANALYSIS OF CLIENT SIDE js code 3 | 4 | # REFERENCE 5 | https://t.co/naPDpUoznz?amp=1 6 | -------------------------------------------------------------------------------- /Day146_Method_Confusion_in_GO_SSTI_Leading_to_FILE_read_and_RCE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day146_Method_Confusion_in_GO_SSTI_Leading_to_FILE_read_and_RCE.md -------------------------------------------------------------------------------- /Day147_Finding_and_Exploiting_Unintended_Func_in_webapps.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day147_Finding_and_Exploiting_Unintended_Func_in_webapps.md -------------------------------------------------------------------------------- /Day148_Securities_and_Crumpets_Ep6.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day148_Securities_and_Crumpets_Ep6.md -------------------------------------------------------------------------------- /Day149_GraphQL_Csrf.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | GRAPGHQL CSRF 3 | 4 | # REFERENCE 5 | https://t.co/eQ2dUEWg3S?amp=1 6 | -------------------------------------------------------------------------------- /Day14_WebSocket3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day14_WebSocket3.md -------------------------------------------------------------------------------- /Day150_Deep_dive_into_ART.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day150_Deep_dive_into_ART.md -------------------------------------------------------------------------------- /Day151_13_Nagios_vulnerabilities.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | 13 NAGIOS VULNS 3 | 4 | # REFERENCE 5 | https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/ 6 | -------------------------------------------------------------------------------- /Day152_Frida_Scripting_Guide.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | FRIDA SCRIPTING GUIDE 3 | 4 | # REFERENCES 5 | https://t.co/FAU0W9hzZ5?amp=1 6 | -------------------------------------------------------------------------------- /Day153_Android_Exported_activities_and_how_to_exploit_them.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day153_Android_Exported_activities_and_how_to_exploit_them.md -------------------------------------------------------------------------------- /Day154_XXE_scape_through_the_front_door_circumeventing_the_firewall_with_HTTP_request_smuggling.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day154_XXE_scape_through_the_front_door_circumeventing_the_firewall_with_HTTP_request_smuggling.md -------------------------------------------------------------------------------- /Day155_Turning_Blind_RCE_into_GOOD_RCE_via_DNS_exfiltration_using_collabfiltrator.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day155_Turning_Blind_RCE_into_GOOD_RCE_via_DNS_exfiltration_using_collabfiltrator.md -------------------------------------------------------------------------------- /Day156_XSS_in_AWS_Console.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | XSS IN AWS CONSOLE 3 | 4 | # REFERENCES 5 | https://t.co/N7S6RqOyBE?amp=1 6 | -------------------------------------------------------------------------------- /Day157_Adventures_into_HTTP2_and_HTTP3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day157_Adventures_into_HTTP2_and_HTTP3.md -------------------------------------------------------------------------------- /Day158_App_Caches_Forgotten_tales.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | APP CACHE'S FORGOTTEN TALES 3 | 4 | # REFERENCES 5 | https://t.co/60Wt2d2Z9V?amp=1 6 | -------------------------------------------------------------------------------- /Day159_cve_2021_argument_injection_in_Ruby_Dragonfly.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | CVE-2021-33564 Argument Injection in Ruby Dragonfly 3 | 4 | # REFERENCES 5 | https://t.co/hLBcyS4NBQ?amp=1 6 | -------------------------------------------------------------------------------- /Day15_WebCacheDeception.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day15_WebCacheDeception.md -------------------------------------------------------------------------------- /Day160_Dev_Secops_100_Intro_Course_free.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day160_Dev_Secops_100_Intro_Course_free.md -------------------------------------------------------------------------------- /Day161_Unexpected_ways_of_code_execution_in_Python.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day161_Unexpected_ways_of_code_execution_in_Python.md -------------------------------------------------------------------------------- /Day162_Retreiving_AWS_Security_credentials_from_AWS_console.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day162_Retreiving_AWS_Security_credentials_from_AWS_console.md -------------------------------------------------------------------------------- /Day163_Injection_SQL_and_NoSQL_blog.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day163_Injection_SQL_and_NoSQL_blog.md -------------------------------------------------------------------------------- /Day164_HTTP_parameter_pollution_Blog.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | HTTP Parameter Pollution 3 | 4 | # REFERENCE 5 | https://t.co/wE6jHHopzF?amp=1 6 | -------------------------------------------------------------------------------- /Day165_XXE_Workshop_Labs.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | XXE Workshop - Labs 3 | 4 | # REFERENCES 5 | https://t.co/aCzx6F7mtA?amp=1 6 | -------------------------------------------------------------------------------- /Day166_How_To_Analyze_Code_For_Vulns.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | How to Analyze Code for Vulnerabilities 3 | 4 | # REFERENCE 5 | https://www.youtube.com/watch?v=A8CNysN-lOM 6 | -------------------------------------------------------------------------------- /Day167_Testing_2FA.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Testing 2FA 3 | 4 | # REFERENCE 5 | https://t.co/6N3HnTssNA?amp=1 6 | -------------------------------------------------------------------------------- /Day168_Your_email_validation_logic_is_wrong.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | YOUR EMAIL VALIDATION LOGIC IS WRONG 3 | 4 | # REFERENCES 5 | https://t.co/cTLAXiuYII?amp=1 6 | -------------------------------------------------------------------------------- /Day169_Active_Scanning_tecqniques.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | ACTIVE SCANNING TECHNIQUES 3 | 4 | # REFERENCE 5 | https://t.co/a41ffloqSC?amp=1 6 | -------------------------------------------------------------------------------- /Day16_SessionPuzzling.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day16_SessionPuzzling.md -------------------------------------------------------------------------------- /Day170_Bypassing_2FA_using_OpenId_Misconfiguration.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day170_Bypassing_2FA_using_OpenId_Misconfiguration.md -------------------------------------------------------------------------------- /Day171_Security_shorts.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | SECURITY SHORTS 3 | 4 | # REFERENCE 5 | https://t.co/lH3ltMYYef?amp=1 6 | -------------------------------------------------------------------------------- /Day172_JS_Bridge_in_Modern_Apps.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day172_JS_Bridge_in_Modern_Apps.md -------------------------------------------------------------------------------- /Day173_Adv_Web_app_penetration_testing_jwt_security_issuesd.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day173_Adv_Web_app_penetration_testing_jwt_security_issuesd.md -------------------------------------------------------------------------------- /Day174_Quick_Analysis_for_the_SSID_format_string_bug.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Quick Analysis for the SSID Format String Bug 3 | 4 | # REFERENCE 5 | https://t.co/TcMYDspTYa?amp=1 6 | -------------------------------------------------------------------------------- /Day175_Live_Gitlab_asks_a_hacker_with_bugbounty_hunter.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day175_Live_Gitlab_asks_a_hacker_with_bugbounty_hunter.md -------------------------------------------------------------------------------- /Day176_Ios_app_testing_through_burp_on_corellium.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | iOS App Testing Through Burp on Corellium 3 | 4 | # REFERENCE 5 | https://t.co/Go9IjJJcSS?amp=1 6 | -------------------------------------------------------------------------------- /Day177_Blind_XSS_setting_up_the_self_hosted_xss_hunter_with_PWN_machine.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day177_Blind_XSS_setting_up_the_self_hosted_xss_hunter_with_PWN_machine.md -------------------------------------------------------------------------------- /Day178_Attacking_Graphql_autocorrect.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Attacking GraphQL's Autocorrect 3 | 4 | # REFERENCE 5 | https://t.co/hXJ0SEf4RY?amp=1 6 | -------------------------------------------------------------------------------- /Day179_Apex_security_whitepaper.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Apex Security Whitepaper 3 | 4 | # REFERENCE 5 | https://t.co/RKiYQLsXXP?amp=1 6 | -------------------------------------------------------------------------------- /Day17_MassAssignment.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day17_MassAssignment.md -------------------------------------------------------------------------------- /Day180_Django_SSTI.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Django SSTI 3 | 4 | # REFERENCE 5 | https://t.co/fd9dgpYnP5?amp=1 6 | -------------------------------------------------------------------------------- /Day181_Pentesting_salesforce_SAAS_application.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Pen-Testing Salesforce SAAS Application 3 | 4 | # REFERENCE 5 | https://t.co/IbLN9q7oRx?amp=1 6 | -------------------------------------------------------------------------------- /Day182_How_to_solve_xss_challenge_from_intigriti_under60mins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day182_How_to_solve_xss_challenge_from_intigriti_under60mins.md -------------------------------------------------------------------------------- /Day183_How_to_get_the_max_of_an_IDOR.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | How to get the max out of an IDOR? 3 | 4 | # REFERENCE 5 | https://t.co/W6EJUj1etG?amp=1 6 | -------------------------------------------------------------------------------- /Day184_Pre-auth_RCE_in_ForgeRock_openAM.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) 3 | 4 | # REFERENCE 5 | https://t.co/vQF9ArGydl?amp=1 6 | -------------------------------------------------------------------------------- /Day185_Some_more_ways_to_find_more_IDOR.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | Some ways to find more IDOR 3 | 4 | # REFERENCE 5 | https://t.co/73tJhxdIah?amp=1 6 | -------------------------------------------------------------------------------- /Day186_a_supply_chain_breach_taking_over_an_atlassian_account.md: -------------------------------------------------------------------------------- 1 | # TOPIC 2 | A supply-chain breach: Taking over an Atlassian account 3 | 4 | # REFERENCE 5 | https://t.co/mWze17skKV?amp=1 6 | -------------------------------------------------------------------------------- /Day18_HTTParameterPollution.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day18_HTTParameterPollution.md -------------------------------------------------------------------------------- /Day19_GraphQL_1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day19_GraphQL_1.md -------------------------------------------------------------------------------- /Day1_ReDOS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day1_ReDOS.md -------------------------------------------------------------------------------- /Day20_GraphQL_2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day20_GraphQL_2.md -------------------------------------------------------------------------------- /Day21_GraphQL_3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day21_GraphQL_3.md -------------------------------------------------------------------------------- /Day22_Password_ResetToken_issues.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day22_Password_ResetToken_issues.md -------------------------------------------------------------------------------- /Day23_My_First_Bash_Script.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day23_My_First_Bash_Script.md -------------------------------------------------------------------------------- /Day24_SalesForce_Security_1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day24_SalesForce_Security_1.md -------------------------------------------------------------------------------- /Day25_SalesForce_Security_2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day25_SalesForce_Security_2.md -------------------------------------------------------------------------------- /Day26_SalesForce_Security_WrapUP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day26_SalesForce_Security_WrapUP.md -------------------------------------------------------------------------------- /Day27_Common_Buisness_Logic_Issues_1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day27_Common_Buisness_Logic_Issues_1.md -------------------------------------------------------------------------------- /Day28_Common_Buisness_Logic_Issues_2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day28_Common_Buisness_Logic_Issues_2.md -------------------------------------------------------------------------------- /Day29_Common_Buisness_Logic_Issues_3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day29_Common_Buisness_Logic_Issues_3.md -------------------------------------------------------------------------------- /Day2_SAML.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day2_SAML.md -------------------------------------------------------------------------------- /Day30_Captcha_Bypass.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day30_Captcha_Bypass.md -------------------------------------------------------------------------------- /Day31_Pentesting_Kibana_Service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day31_Pentesting_Kibana_Service.md -------------------------------------------------------------------------------- /Day32_Pentesting_Docker_Registry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day32_Pentesting_Docker_Registry.md -------------------------------------------------------------------------------- /Day33_Http_Scriptles_Attacks_1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day33_Http_Scriptles_Attacks_1.md -------------------------------------------------------------------------------- /Day34_Http_Scriptles_Attacks_Wrap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day34_Http_Scriptles_Attacks_Wrap.md -------------------------------------------------------------------------------- /Day35_Pentesting_Resync_Service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day35_Pentesting_Resync_Service.md -------------------------------------------------------------------------------- /Day36_CRLF_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day36_CRLF_Injection.md -------------------------------------------------------------------------------- /Day3_JIRA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day3_JIRA.md -------------------------------------------------------------------------------- /Day4_CSTI.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day4_CSTI.md -------------------------------------------------------------------------------- /Day5_XSleaks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day5_XSleaks.md -------------------------------------------------------------------------------- /Day6_XSSI.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day6_XSSI.md -------------------------------------------------------------------------------- /Day7_JSONP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day7_JSONP.md -------------------------------------------------------------------------------- /Day8_JsonAttacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day8_JsonAttacks.md -------------------------------------------------------------------------------- /Day9_HBHheaders.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jainiresh/Hack_365/HEAD/Day9_HBHheaders.md --------------------------------------------------------------------------------