Skip to content

The purpose of #Learn365 collection is to create informational content in multiple codecs and share with the community to allow knowledge advent and studying.

Notifications You must be signed in to change notification settings

Imran407704/Learn365

Repository files navigation

#Learn365

The purpose of #Learn365 collection is to create informational content in multiple codecs and share with the community to allow knowledge advent and studying. Inspired by @harshbhotra

Resources

Days Topic
Day 1 SSRF,RedTeam
Day 2 SSRF,RedTeam,THM Room
Day 3 SSRF,RedTeam,THM Room
Day 4 Broken Link Hijacking, THM Room
Day 5 Blind XSS,THM Room
Day 6 log4j, THM Room
Day 7 Password Reset link not expire, THM Room
Day 8 DMARC, THM Room
Day 9 CSRF, Linux PrivEsc
Day 10 Clickjacking, Linux PrivEsc
Day 11 Live Bug Hunting, Linux PrivEsc
Day 12 Bug Bounty Wordlist, Linux PrivEsc
Day 13 OWASP Web Application Security Testing, THM Room
Day 14 4.1.2 OWASP Fingerprint Web Server, THM Room
Day 15 4.1.3 OWASP Review Webserver Metafiles for Information Leakage, THM Room
Day 16 4.1.4 Enumerate Applications on Webserver
Day 17 4.1.5 Review Webpage Content for Information Leakage, THM Room
Day 18 4.1.6 Identify Application Entry Points
Day 19 4.1.7 Map Execution Paths Through Application, Github Recon
Day 20 4.1.8 Fingerprint Web Application Framework, Recon Techniques
Day 21 4.1.9,10 Map Application Architecture, THM Room
Day 22 4.2 Configuration and Deployment Management Testing, THM Room
Day 23 4.2.2 Test Application Platform Configuration, THM Room
Day 24 4.2.3 Test File Extensions Handling for Sensitive Information, THM Room
Day 25 4.2.4 Review Old Backup and Unreferenced Files for Sensitive Information, THM Room
Day 26 4.2.5 Enumerate Infrastructure and Application Admin Interfaces, THM Room
Day 27 4.2.6 Test HTTP Methods (with Video), THM Room
Day 28 4.2.7 Test HTTP Strict Transport Security (HSTS), THM Room
Day 29 4.2.8 Test RIA Cross Domain Policy, THM Room
Day 30 4.2.9 Test File Permission, THM Room
Day 31 4.2.10 Test for Subdomain Takeover, THM Room
Day 32 4.2.11 Test Cloud Storage, THM Room, eJPT
Day 33 4.2.12 Test for Content Security Policy, THM Room, eJPT
Day 34 4.3.1 Test Role Definitions, THM Room, eJPT
Day 35 4.3.2 Test User Registration Process
Day 36 4.3.3 Test Account Provisioning Process
Day 37 4.3.4 Testing for Account Enumeration and Guessable User Account
Day 38 4.3.5 Testing for Weak or Unenforced Username Policy, THM Room
Day 39 4.4.1 Testing for Credentials Transported over an Encrypted Channel
Day 40 4.4.2 Testing for Default Credentials
Day 41 CSRF
Day 42 Open Redirect
Day 43 log4j
Day 44 JWT attacks
Day 45 Content Discovery
Day 46 Idor
Day 47 Account takeover
Day 48 RCE on a Java Web Application
Day 49 Dependency Confusion
Day 50 Automate Blind XSS
Day 51 Finding And Exploiting S3 Amazon Buckets For Bug Bounties
Day 52 Web Cache Poisioning attack
Day 53 Unique Case for Price Manipulation
Day 54 Account takeover via the Password Reset Functionality
Day 55 API Token Hijacking Through Clickjacking, THM Room
Day 56 API Exploitation --→ Business Logic Bug
Day 57 Attended Infosec Community Conference on : Android Static Analysis
Day 58 Finding bugs on NFT website for fun & Profit by zseano
Day 59 EXIF Geolocation Data Not Stripped From Uploaded Images
Day 60 Thick Client Pentesting
Day 61 Conduct a Penetration Test Like a Pro in 6 Phases
Day 62 Firewall Penetration Testing
Day 63 Host Discovery & Vulnerability Scanning With Nessus
Day 64 AWS Web Application Firewall (WAF), 5 Exercise Pentesterlabs
Day 65 Introduction To Pentesting - Enumeration, 6 Pentesterlab Exercise
Day 66 Bypassing CSRF Protection, 5 Pentesterlab Exercise
Day 67 HTML Injection
Day 68 Exploiting SQL Injection, Completed Pentesterlab Unix Badge
Day 69 A Weird Price Tampering Vulnerability, Security Operations Center (SOC)
Day 70 A Summary of OAuth 2.0 Attack Methods
Day 71 6 Methods to bypass CSRF protection on a web application
Day 72 Two-factor authentication security testing and possible bypasses
Day 73 10 Types of Web Vulnerabilities that are Often Missed, Understanding BOLA
Day 74 My First Bug Bounty: SQL Injection, SQL INJECTION VULNERABILITY
Day 75 Dank Writeup On Broken Access Control, Bug bounty tips for broken access control on BurpSuite Part 1
Day 76 SSRF in PDF Renderer using SVG, Bypassing 2FA using OpenID Misconfiguration
Day 77 Easy IDOR hunting with Autorize?, HOW I hacked thousand of subdomains
Day 78 A business logic error bug worth 600$, 5 Methods to bypass Authentication (OTP)
Day 79 How did I earn €€€€ by breaking the back-end logic of the server, How to find IDOR Privilege escalation
Day 80 Account Takeover via Web Cache Poisoning based Reflected XSS, A Pentester's Guide to Server Side Template Injection
Day 81 Account Takeover: From zero to System Admin using basic skills, Apache Example Servlet leads to $$$$
Day 82 The easiest $2500 I got it from bug bounty program, A Pentester’s Guide to File Inclusion
Day 83 How I bypassed disable_functions in php to get a remote shell, JWTs - Patterns & Anti-patterns
Day 84 Finding Your Next Bug: GraphQL, No Rate Limit - 2K$ Bounty
Day 85 Facebook email disclosure and account takeover, How to learn anything in Computer Science or Cybersecurity
Day 86 Hacking banks with race conditions, Exploiting a Race Condition Vulnerability
Day 87 A Comprehensive Guide to Broken Access Control, Never leave this tip while you hunting Broken Access Control, POC
Day 88 A Journey from IDOR to Account Takeover, Exploiting open redirect - Whitelist bypass using Salesforce environment
Day 89 Union Based SQL Injection — Bug Hunting, Bypass confirmation to add payment method
Day 90 Exploiting cross-site scripting in Referer header, XSS via X-Forwarded-Host header
Day 91 How I bypassed 403 forbidden domain using a simple trick, Deleting account via support ticket
Day 92 Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite, WordPress < 5.8.3 - Object Injection Vulnerability
Day 93 0-day Cross Origin Request Forgery vulnerability in Grafana 8.x
Day 94 GOT ACCESS TO DOTA 2 ADMIN PANEL BY EXPLOITING IN-GAME FEATURE
Day 95 How I escalated RFI into LFI
Day 96 Stumbling upon a new way to exploit authorization bypass in Jira
Day 97 Clickjacking on Google MyAccount Worth 7,500$
Day 98 Info Disclosure and SQLi Writeup
Day 99 CSRF to HTML INJECTION which results in USER CREDENTIALS Stealing
Day 100 RCE with Flask Jinja Template Injection
Day 101 How I could have hacked your Uber account
Day 102 Bug Bounty Live Recon - Linked / JS Discovery!
Day 103 HTTP Request Smuggling on business.apple.com and Others
Day 104 SVG SSRFs and saga of bypasses, A Detailed Guide on Cewl
Day 105 How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
Day 106 XSS , HTML Injection and File Upload Bypass in HUAWEI Subdomain
Day 107 How Token Misconfiguration can lead to takeover account
Day 108 How to hack any Payment Gateway?
Day 109 Race Condition bypassing team limit
Day 110 Bypass Apple Corp SSO on Apple Admin Panel
Day 111 The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise
Day 112 Find security bugs while you sleep! Using nuclei templates, and more..
Day 113 Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings
Day 114 Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
Day 115 How I chained two vulnerabilities to steal credit card details?
Day 116 How I Made The BBC Hall Of Fame 3 Times
Day 117 Improper cookie not expiring after logged out!
Day 118 Open-Redirects, What you doing wrong when you fail at bug bounties?
Day 119 Bypassing WAF for $2222
Day 120 Subdomain Takeover using Mobile??
Day 121 Fuzzing and credentials leakage..awesome bug hunting writeup
Day 122 OTP bypass with response manipulation.
Day 123 There is no task Today Enjoy Eid Festival 🥳😊😃
Day 124 An Bug Bounty Hunter’s Guide to IDOR Vulnerabilities
Day 125 How I got a lousyT-Shirt from the Dutch Government.
Day 126 Hack the HAckers
Day 127 The $16,000 Dev Mistake
Day 128 Denial of Service through …
Day 129 How i found a vulnerability that leads to access any users’ sensitive data and got $500
Day 130 ToolTime - Cloud Recon 1
Day 131 A Fun SSRF through a Headless Browser
Day 132 2FA Bypass in PickMyCareer.in
Day 133 Exploiting Google Maps API keys for profit
Day 134 Creator Studio’s api endpoint is vulnerable to IDOR, exposes “p40_earnings_usd”:$$$
Day 135 I have 1% chance to hack this company
Day 136 HTTP Request Smuggling: Part-1 (Concepts)
Day 137 Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
Day 138 Can analyzing javascript files lead to remote code execution?
Day 139 My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information's & In Some cases Passwords At More Than 1000 Companies
Day 140 Origin IP found, WAF Cloudflare Bypass
Day 141 MFA (Multi-Factor Authentication)
Day 142 Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click
Day 143 Does ms15–034 still exist today ?
Day 144 How I managed to take over any account visits my profile with Stored XSS
Day 145 The Bucket’s Got a Hole in it

About

The purpose of #Learn365 collection is to create informational content in multiple codecs and share with the community to allow knowledge advent and studying.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published