Skip to content
/ SecurityExplained Public

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

542 stars 103 forks Branches Tags Activity
Star

harsh-bothra/SecurityExplained

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

117 Commits
guest-resources
guest-resources
 
 
media
media
 
 
resources
resources
 
 
README.md
README.md
 
 
contributors.md
contributors.md
 
 
suggestions.md
suggestions.md
 
 

Repository files navigation

Security Explained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under #SecurityExplained series:

  1. Tweets explaining interesting security stuff
  2. Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks
  3. Security Discussion Spaces/Meets
  4. Monthly Mindmap/Mindmap based explainers for different attacks/techniques
  5. My Pentesting Methodology Breakdown
  6. Giveaways and Community Engagement
  7. GitHub Repository to Maintain "SecurityExplained"
  8. Public & Free to Access
  9. Newsletter

Follow me on Twitter for Regular Updates: Harsh Bothra.

Note: Please note that this series will run on irregular scehdules and it is not necessary to produce & share content on a regular or daily basis.

Content by Harsh

S.No. Topic
1 My Penetration Testing Methodology [Web]
2 FeroxBuster Explained
3 Creating Custom Wordlist for Content Discovery
4 Escalating HTML Injection to Cloud Metadata SSRF
5 Bypassing Privileges & Other Restrictions with Mass Assignment Attacks
6 Bypassing Biometrics in iOS with Objection
7 My Methodology to Test Premium Features
8 Bypassing Filters(and more) with Visual Spoofing
9 Path Traversal via File Upload
10 Attacking Zip Upload Functionality with ZipSlip Attack
11 RustScan - The Modern Port Scanner
12 Vulnerable Code Snippet - 1
13 Vulnerable Code Snippet - 2
14 Exploiting XXE in JSON Endpoints
15 Vulnerable Code Snippet - 3
16 Vulnerable Code Snippet - 4
17 Vulnerable Code Snippet - 5
18 Vulnerable Code Snippet - 6
19 Vulnerable Code Snippet - 7
20 Vulnerable Code Snippet - 8
21 Vulnerable Code Snippet - 9
22 Vulnerable Code Snippet - 10
23 Vulnerable Code Snippet - 11
24 Vulnerable Code Snippet - 12
25 Vulnerable Code Snippet - 13
26 Vulnerable Code Snippet - 14
27 Vulnerable Code Snippet - 15
28 Vulnerable Code Snippet - 16
29 Vulnerable Code Snippet - 17
30 Vulnerable Code Snippet - 18
31 Vulnerable Code Snippet - 19
32 Account Takeover Methodology
33 Vulnerable Code Snippet - 20
34 Vulnerable Code Snippet - 21
35 Vulnerable Code Snippet - 22
36 Vulnerable Code Snippet - 23
37 Vulnerable Code Snippet - 24
38 Vulnerable Code Snippet - 25
39 Vulnerable Code Snippet - 26
40 Vulnerable Code Snippet - 27
41 Vulnerable Code Snippet - 28
42 Vulnerable Code Snippet - 29
43 Vulnerable Code Snippet - 30
44 Vulnerable Code Snippet - 31
45 Vulnerable Code Snippet - 32
46 Vulnerable Code Snippet - 33
47 Vulnerable Code Snippet - 34
48 Vulnerable Code Snippet - 35
49 Vulnerable Code Snippet - 36
50 Vulnerable Code Snippet - 37
51 Vulnerable Code Snippet - 38
52 Vulnerable Code Snippet - 39
53 Vulnerable Code Snippet - 40
54 Vulnerable Code Snippet - 41
55 Vulnerable Code Snippet - 42
56 Vulnerable Code Snippet - 43
57 Vulnerable Code Snippet - 44
58 Vulnerable Code Snippet - 45
59 Ruby ERB SSTI
60 Introduction to CWE
61 CWE-787: Out-of-bounds Write
62 Vulnerable Code Snippet - 46
63 CWE-20: Improper Input Validation
64 Vulnerabilities in Cookie Based Authentication
65 How do I get Started in Cyber Security? — My Perspective & Learning Path!
66 Scope Based Recon Methodology: Exploring Tactics for Smart Recon
67 MFA Bypass Techniques
68 Vulnerable Code Snippet - 47
69 Vulnerable Code Snippet - 48
70 Vulnerable Code Snippet - 49
71 Vulnerable Code Snippet - 50
72 Vulnerable Code Snippet - 51
73 Vulnerable Code Snippet - 52
74 Vulnerable Code Snippet - 53
75 Vulnerable Code Snippet - 54
76 Vulnerable Code Snippet - 55
77 Vulnerable Code Snippet - 56
78 Vulnerable Code Snippet - 57
79 Vulnerable Code Snippet - 58
80 Vulnerable Code Snippet - 59
81 Vulnerable Code Snippet - 60
82 Vulnerable Code Snippet - 61
83 Vulnerable Code Snippet - 62
84 Vulnerable Code Snippet - 63
85 Vulnerable Code Snippet - 64
86 Vulnerable Code Snippet - 65
87 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
88 CWE-732: Incorrect Permission Assignment for Critical Resource
89 CWE-522: Insufficiently Protected Credentials
90 CWE-918: Server-Side Request Forgery (SSRF)
91 CWE-611: Improper Restriction of XML External Entity Reference
92 CWE-476: NULL Pointer Dereference
93 CWE-276: Incorrect Default Permissions
94 CWE-862: Missing Authorization
95 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
96 CWE-798: Use of Hard-coded Credentials
97 CWE-287: Improper Authentication

SecurityExplained NewsLetter

S.No. Topic
1 Issue-1
2 Issue-2
3 Issue-3
4 Issue-4
5 Issue-5
6 Issue-6
7 Issue-7
8 Issue-8
9 Issue-9
10 Issue-10
11 Issue-11
12 Issue-12
13 Issue-13
14 Issue-14

AskMeAnything

S.No. Topic
1 AMA-1: AMA with Harsh Bothra
2 AMA-2: AMA with Six2dez
3 AMA-3: AMA with Brumens

Threads

S.No. Topic
1 7 Hacking Books you must read
2 4 Subdomain Enumeration Tools you must have in your Arsenal 💻
3 6 Burp Extensions to Check for Access Control & Privilege Escalation Issues
4 5 Powerful Web Fuzzing & Content Discovery Tools You Must Know
5 17 Search Engines every Security Professional Must Know
6 7 Cyber Security Conferences Channel You Must Follow
7 9 Free Practice Labs to Master Cross-Site Scripting
8 11 MindMaps I have created that you may find useful!
9 14 Payload Repositories to find all the required Payloads & Attack Vectors

MindMaps

S.No. Topic
1 Account Takeover Techniques
2 CWE TOP 10 (2021)

About

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Topics

learning hacking pentesting bugbounty appsecurity

Resources

Readme
Activity

Stars

542 stars

Watchers

22 watching

Forks

103 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •