Updated till day197

Updated till day197

README.md

@@ -166,6 +166,38 @@ Day | Topic
 **164** | [HTTP Parameter Pollution - Blog](/days/day164.md)
 **165** | [XXE Workshop - Labs](/days/day165.md)
 **166** | [How to Analyze Code for Vulnerabilities - Talk](/days/day166.md)
+**167** | [Testing 2FA - Blog](/days/day167.md)
+**168** | [Your E-Mail Validation Logic is Wrong - Blog](/days/day168.md)
+**169** | [Active Scanning Techniques - Blog](/days/day169.md)
+**170** | [Bypassing 2FA using OpenId Misconfiguration - Blog](/days/day170.md)
+**171** | [Security Shorts - Talk](/days/day171.md)
+**172** | [The JavaScript Bridge in Modern Desktop Applications - Blog](/days/day172.md)
+**173** | [Advanced Web Application Penetration Testing JWT Security Issues - Blog](/days/day173.md)
+**174** | [Quick Analysis for the SSID Format String Bug - Blog](/days/day174.md)
+**175** | [Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public) - Talk](/days/day175.md)
+**176** | [ iOS App Testing Through Burp on Corellium - blog](/days/day176.md)
+**177** | [Blind XSS: setup your self-hosted XSS Hunter with the PwnMachine - Blog](/days/day177.md)
+**178** | [Attacking GraphQL's Autocorrect - Blog](/days/day178.md)
+**179** | [Apex Security Whitepaper - Paper + Labs](/days/day179.md)
+**180** | [Django SSTI - Blog](/days/day180.md)
+**181** | [Pen-Testing Salesforce SAAS Application - Blog](/days/day181.md)
+**182** | [How to solve an XSS challenge from Intigriti in under 60 minutes - Blog](/days/day182.md)
+**183** | [How to get the max out of an IDOR? - Blog](/days/day183.md)
+**184** | [Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Blog](/days/day184.md)
+**185** | [Some ways to find more IDOR - Blog](/days/day185.md)
+**186** | [A supply-chain breach: Taking over an Atlassian account - Blog](/days/day186.md)
+**187** | [alert() is dead, long live print() - Blog](/days/day187.md)
+**188** | [Hacker Heroes #3 - @TomNomNom (Interview) - Talk](/days/day188.md)
+**189** | [SSRF in ColdFusion/CFML Tags and Functions - Blog](/days/day189.md)
+**190** | [$25,000 Facebook postMessage account takeover vulnerability - Video](/days/day190.md)
+**191** | [Pentester Diaries Ep6: The Importance of Report Writing - Talk](/days/day191.md)
+**192** | [Introduction to Web Cache Poisoning - Blog](/days/day192.md)
+**193** | [Intercepting Flutter iOS Application - Blog](/days/day193.md)
+**194** | [Credential stuffing in Bug bounty hunting - Blog](/days/day194.md)
+**195** | [What is a Browser Security Sandbox?! (Learn to Hack Firefox) - Video](/days/day195.md)
+**196** | [WILSON Cloud Respwnder - Blog](/days/day196.md)
+**197** | [$20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204 - Video](/days/day197.md)
 
+**166** | [How to Analyze Code for Vulnerabilities - Talk](/days/day166.md)
 
 

days/day167.md

@@ -0,0 +1,12 @@
+# Testing 2FA
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/6N3HnTssNA?amp=1

days/day168.md

@@ -0,0 +1,12 @@
+# Your E-Mail Validation Logic is Wrong
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/cTLAXiuYII?amp=1

days/day169.md

@@ -0,0 +1,12 @@
+# Active Scanning Techniques
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/a41ffloqSC?amp=1

days/day170.md

@@ -0,0 +1,12 @@
+# Bypassing 2FA using OpenId Misconfiguration
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/NfuBNl9uPj?amp=1

days/day171.md

@@ -0,0 +1,12 @@
+# Security Shorts 
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/lH3ltMYYef?amp=1

days/day172.md

@@ -0,0 +1,12 @@
+#  The JavaScript Bridge in Modern Desktop Applications
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/RQcPQpOAFp?amp=1

days/day173.md

@@ -0,0 +1,12 @@
+# Advanced Web Application Penetration Testing JWT Security Issues
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/FHu30eQ5GG?amp=1

days/day174.md

@@ -0,0 +1,12 @@
+# Quick Analysis for the SSID Format String Bug
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/TcMYDspTYa?amp=1

days/day175.md

@@ -0,0 +1,12 @@
+# Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public)
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/lducZMF8Ya?amp=1

days/day176.md

@@ -0,0 +1,12 @@
+#  iOS App Testing Through Burp on Corellium
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/Go9IjJJcSS?amp=1

days/day177.md

@@ -0,0 +1,12 @@
+# Blind XSS: setup your self-hosted XSS Hunter with the PwnMachine
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/Gtli4JlPuY?amp=1

days/day178.md

@@ -0,0 +1,12 @@
+# Attacking GraphQL's Autocorrect
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/hXJ0SEf4RY?amp=1

days/day179.md

@@ -0,0 +1,13 @@
+# Apex Security Whitepaper
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* Paper: https://t.co/RKiYQLsXXP?amp=1
+* Labs: https://t.co/WgMv2u4u7g?amp=1

days/day180.md

@@ -0,0 +1,12 @@
+# Django SSTI
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/fd9dgpYnP5?amp=1

days/day181.md

@@ -0,0 +1,13 @@
+# Pen-Testing Salesforce SAAS Application
+
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/IbLN9q7oRx?amp=1

days/day182.md

@@ -0,0 +1,12 @@
+# How to solve an XSS challenge from Intigriti in under 60 minutes
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/Fwxx54LSNz?amp=1

days/day183.md

@@ -0,0 +1,12 @@
+# How to get the max out of an IDOR?
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/W6EJUj1etG?amp=1

days/day184.md

@@ -0,0 +1,12 @@
+# Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/vQF9ArGydl?amp=1

days/day185.md

@@ -0,0 +1,12 @@
+# Some ways to find more IDOR
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/73tJhxdIah?amp=1

days/day186.md

@@ -0,0 +1,12 @@
+# A supply-chain breach: Taking over an Atlassian account
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/mWze17skKV?amp=1

days/day187.md

@@ -0,0 +1,12 @@
+# alert() is dead, long live print()
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/YuCfDX44zv?amp=1

days/day188.md

@@ -0,0 +1,12 @@
+# Hacker Heroes #3 - @TomNomNom (Interview)
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/oNzd0gO28Q?amp=1

days/day189.md

@@ -0,0 +1,12 @@
+# SSRF in ColdFusion/CFML Tags and Functions
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/UkQZ6xLFnF?amp=1

days/day190.md

@@ -0,0 +1,12 @@
+# $25,000 Facebook postMessage account takeover vulnerability
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/ynVVeNmmYU?amp=1

days/day191.md

@@ -0,0 +1,13 @@
+# Pentester Diaries Ep6: The Importance of Report Writing
+
+
+Index | Section
+--- | ---
+**1** | Learning Resource
+
+___
+
+
+#### Learning Resource: 
+
+* https://t.co/W78dx06CCW?amp=1