Skip to content

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Notifications You must be signed in to change notification settings

harsh-bothra/SecurityExplained

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security Explained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under #SecurityExplained series:

  1. Tweets explaining interesting security stuff
  2. Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks
  3. Security Discussion Spaces/Meets
  4. Monthly Mindmap/Mindmap based explainers for different attacks/techniques
  5. My Pentesting Methodology Breakdown
  6. Giveaways and Community Engagement
  7. GitHub Repository to Maintain "SecurityExplained"
  8. Public & Free to Access
  9. Newsletter

Follow me on Twitter for Regular Updates: Harsh Bothra.

Note: Please note that this series will run on irregular scehdules and it is not necessary to produce & share content on a regular or daily basis.

Content by Harsh


S.No. Topic
1 My Penetration Testing Methodology [Web]
2 FeroxBuster Explained
3 Creating Custom Wordlist for Content Discovery
4 Escalating HTML Injection to Cloud Metadata SSRF
5 Bypassing Privileges & Other Restrictions with Mass Assignment Attacks
6 Bypassing Biometrics in iOS with Objection
7 My Methodology to Test Premium Features
8 Bypassing Filters(and more) with Visual Spoofing
9 Path Traversal via File Upload
10 Attacking Zip Upload Functionality with ZipSlip Attack
11 RustScan - The Modern Port Scanner
12 Vulnerable Code Snippet - 1
13 Vulnerable Code Snippet - 2
14 Exploiting XXE in JSON Endpoints
15 Vulnerable Code Snippet - 3
16 Vulnerable Code Snippet - 4
17 Vulnerable Code Snippet - 5
18 Vulnerable Code Snippet - 6
19 Vulnerable Code Snippet - 7
20 Vulnerable Code Snippet - 8
21 Vulnerable Code Snippet - 9
22 Vulnerable Code Snippet - 10
23 Vulnerable Code Snippet - 11
24 Vulnerable Code Snippet - 12
25 Vulnerable Code Snippet - 13
26 Vulnerable Code Snippet - 14
27 Vulnerable Code Snippet - 15
28 Vulnerable Code Snippet - 16
29 Vulnerable Code Snippet - 17
30 Vulnerable Code Snippet - 18
31 Vulnerable Code Snippet - 19
32 Account Takeover Methodology
33 Vulnerable Code Snippet - 20
34 Vulnerable Code Snippet - 21
35 Vulnerable Code Snippet - 22
36 Vulnerable Code Snippet - 23
37 Vulnerable Code Snippet - 24
38 Vulnerable Code Snippet - 25
39 Vulnerable Code Snippet - 26
40 Vulnerable Code Snippet - 27
41 Vulnerable Code Snippet - 28
42 Vulnerable Code Snippet - 29
43 Vulnerable Code Snippet - 30
44 Vulnerable Code Snippet - 31
45 Vulnerable Code Snippet - 32
46 Vulnerable Code Snippet - 33
47 Vulnerable Code Snippet - 34
48 Vulnerable Code Snippet - 35
49 Vulnerable Code Snippet - 36
50 Vulnerable Code Snippet - 37
51 Vulnerable Code Snippet - 38
52 Vulnerable Code Snippet - 39
53 Vulnerable Code Snippet - 40
54 Vulnerable Code Snippet - 41
55 Vulnerable Code Snippet - 42
56 Vulnerable Code Snippet - 43
57 Vulnerable Code Snippet - 44
58 Vulnerable Code Snippet - 45
59 Ruby ERB SSTI
60 Introduction to CWE
61 CWE-787: Out-of-bounds Write
62 Vulnerable Code Snippet - 46
63 CWE-20: Improper Input Validation
64 Vulnerabilities in Cookie Based Authentication
65 How do I get Started in Cyber Security? — My Perspective & Learning Path!
66 Scope Based Recon Methodology: Exploring Tactics for Smart Recon
67 MFA Bypass Techniques
68 Vulnerable Code Snippet - 47
69 Vulnerable Code Snippet - 48
70 Vulnerable Code Snippet - 49
71 Vulnerable Code Snippet - 50
72 Vulnerable Code Snippet - 51
73 Vulnerable Code Snippet - 52
74 Vulnerable Code Snippet - 53
75 Vulnerable Code Snippet - 54
76 Vulnerable Code Snippet - 55
77 Vulnerable Code Snippet - 56
78 Vulnerable Code Snippet - 57
79 Vulnerable Code Snippet - 58
80 Vulnerable Code Snippet - 59
81 Vulnerable Code Snippet - 60
82 Vulnerable Code Snippet - 61
83 Vulnerable Code Snippet - 62
84 Vulnerable Code Snippet - 63
85 Vulnerable Code Snippet - 64
86 Vulnerable Code Snippet - 65
87 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
88 CWE-732: Incorrect Permission Assignment for Critical Resource
89 CWE-522: Insufficiently Protected Credentials
90 CWE-918: Server-Side Request Forgery (SSRF)
91 CWE-611: Improper Restriction of XML External Entity Reference
92 CWE-476: NULL Pointer Dereference
93 CWE-276: Incorrect Default Permissions
94 CWE-862: Missing Authorization
95 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
96 CWE-798: Use of Hard-coded Credentials
97 CWE-287: Improper Authentication

SecurityExplained NewsLetter


S.No. Topic
1 Issue-1
2 Issue-2
3 Issue-3
4 Issue-4
5 Issue-5
6 Issue-6
7 Issue-7
8 Issue-8
9 Issue-9
10 Issue-10
11 Issue-11
12 Issue-12
13 Issue-13
14 Issue-14

AskMeAnything


S.No. Topic
1 AMA-1: AMA with Harsh Bothra
2 AMA-2: AMA with Six2dez
3 AMA-3: AMA with Brumens

Threads


S.No. Topic
1 7 Hacking Books you must read
2 4 Subdomain Enumeration Tools you must have in your Arsenal 💻
3 6 Burp Extensions to Check for Access Control & Privilege Escalation Issues
4 5 Powerful Web Fuzzing & Content Discovery Tools You Must Know
5 17 Search Engines every Security Professional Must Know
6 7 Cyber Security Conferences Channel You Must Follow
7 9 Free Practice Labs to Master Cross-Site Scripting
8 11 MindMaps I have created that you may find useful!
9 14 Payload Repositories to find all the required Payloads & Attack Vectors

MindMaps

S.No. Topic
1 Account Takeover Techniques
2 CWE TOP 10 (2021)

About

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published