Github
Blog-Posts & Write-ups
CVE-2020-13379-Write-Up/Unauthenticated SSRF on Grafana
How I exploit the JSON CSRF with method override technique
Multiple Ways to Exploiting PUT Method
Arbitrary code execution on Facebook for Android through download feature
WRITE UP – GOOGLE BUG BOUNTY: XSS TO CLOUD SHELL INSTANCE TAKEOVER (RCE AS ROOT) – $5,000 USD
CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails
The Powerful HTTP Request Smuggling
Forcing Firefox to Execute XSS Payloads during 302 Redirects
Active Content Injection with SVG Files
Open redirect to a complete account takeover
Finding Hidden Files and Folders on IIS using BigQuery
We Hacked Apple for 3 Months: Here’s What We Found
NGINX may be protecting your applications from traversal attacks without you even knowing
Exploring SSTI In Flask/Jinja2
Exploring SSTI In Flask/Jinja2 Part II
Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call
BugPoc LFI challenge Walkthrough
S2–016 (Apache Struts) Remote Code Execution Vulnerability
A Glossary of Blind SSRF Chains
Your Full Map To Github Recon And Leaks Exposure
Pentesting PostgreSQL with SQL Injections
Breaking GitHub Private Pages for $35k
Discovering GraphQL endpoints and SQLi vulnerabilities
GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425)
GHSL-2021-050: Unauthenticated abritrary file read in Jellyfin - CVE-2021-21402
http2smugl: HTTP2 request smuggling security testing tool
I Built a TV That Plays All of Your Private YouTube Videos
Facebook account takeover due to a bypass of allowed callback URLs in the OAuth flow
Facebook account takeover due to a wide platform bug in ajaxpipe responses
Regexploit: DoS-able Regular Expressions
Jackson Polymorphic Deserialization
DNS Based Out of Band Blind SQL injection in Oracle — Dumping data
Out-of-Band (OOB) SQL Injection
ExifTool CVE-2021-22204 - Arbitrary Code Execution
A tale of solving all the recent XSS challenges using chrome 1-day
Just Gopher It: Escalating a Blind SSRF to RCE for $15k
Angular And AngularJS For Pentesters - Part 1
Angular And AngularJS For Pentesters - Part 2
Web App Pen Testing in an Angular Context
Intro to the Content Security Policy (CSP)
Burp Suite Extensions: Rarely Utilized but Quite Useful
Burp Suite extensions that should get your attention!
SSRF in PDF Renderer using SVG
From Git Folder Disclosure to Remote Code Execution
XSS via postMessage in chat.mozilla.org
Arbitrary code execution on Facebook for Android through download feature
SSTI/Exploiting Go's template engine to get xss
Method Confusion In Go SSTIs Lead To File Read And RCE.
Finding and Exploiting Unintended Functionality in Main Web App APIs
Server Side Template Injection – on the example of Pebble
Handlebars template injection and RCE in a Shopify app
Hacking the Hackers: Leveraging an SSRF in HackerTarget
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
Hackerone Reports
Insufficient validation on Digits bridge
Arbitrary code execution in desktop client via OpenSSL config
Cross-account stored XSS at embedded charts
DOM XSS on duckduckgo.com search
Ability to generate shipping labels in another store orders
Full Read SSRF on Gitlab's Internal Grafana
Private list members disclosure via GraphQL
Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com
Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
Open Redirect Leads to Account Takeover
Takeover an account that doesn't have a Shopify ID and more
HackerOne Jira integration plugin Leaked JWT to unauthorized jira users
Authorization Token on PlayStation Network Leaks via postMessage function
Access Token Smuggling from my.playstation.com via Referer Header
SSRF vulnerablity in app webhooks
Remote Code Execution in Slack desktop apps
RCE when removing metadata with ExifTool - CVE-2021-22204
SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"
Tools
https://github.com/ReFirmLabs/binwalk
https://github.com/zaproxy/zaproxy
https://github.com/xmendez/wfuzz
https://github.com/thewhiteh4t/FinalRecon
https://github.com/sensepost/gowitness
https://github.com/aquasecurity/kube-hunter
https://github.com/zigoo0/JSONBee
https://github.com/httpie/httpie
https://github.com/lobuhi/byp4xx
https://github.com/filedescriptor/untrusted-types
https://github.com/internetwache/GitTools
https://github.com/corkami/mitra
https://github.com/msrkp/PPScan
https://github.com/obheda12/GitDorker
https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet
https://github.com/Shopify/bugbounty-resources
https://github.com/arthaud/git-dumper
https://github.com/doyensec/inql
https://github.com/ffuf/pencode
https://github.com/projectdiscovery/interactsh
https://github.com/synacktiv/HopLa
https://github.com/ffuf/pencode
https://github.com/dwisiswant0/apkleaks
https://github.com/Lookyloo/lookyloo
https://github.com/doyensec/regexploit
https://github.com/p1g3/JSINFO-SCAN
https://github.com/swisskyrepo/GraphQLmap
https://github.com/stark0de/nginxpwner
https://github.com/nahamsec/recon_profile
https://github.com/gwen001/github-subdomains
https://github.com/tarunkant/Gopherus
https://github.com/0ang3el/websocket-smuggle
https://github.com/nikitastupin/clairvoyance
Videos & Conferences
DEF CON Safe Mode Red Team Village - Ray Doyle - Weaponized XSS Moving Beyond Alert
XML Object Exfiltration - HackTheBox Cyber Apocalypse CTF "E. Tree"
Exploiting Tomcat with LFI & Container Privesc - "Tabby" HackTheBox
XSS a Paste Service - Pasteurize (web) Google CTF 2020
Practical Attacks Using HTTP Request Smuggling by @defparam #NahamCon2020
HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference
You've Got Pwned: Exploiting E-Mail Systems by @securinti #NahamCon2020!
JWT jku&x5u =
SMTP Access via SSRF in HackerTarget API
Books
Real-World Bug Hunting: A Field Guide to Web Hacking
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Web Application Obfuscation (There is useful information but it's a very old book.)
The Tangled Web: A Guide to Securing Modern Web Applications (In Progress)
Academic/Conference Papers
Security Evaluation on Amazon Web Services'REST API Authentication Protocol Signature Version 4
Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications
SWAP: Mitigating XSS attacks using a reverse proxy
DOM Based Cross Site Scripting or XSS of the Third Kind
Path sensitive static analysis of web applications for remote code execution vulnerability detection
A Study on Remote Code Execution Vulnerability in Web Applications
XML Schema, DTD, and Entity Attacks
A Privacy-Preserving Defense Mechanism against Request Forgery Attacks
Formal Analysis of the Kaminsky DNS Cache-Poisoning Attack Using Probabilistic Model Checking
Flash security & Advanced CSRF
HTTP Strict Transport Security
Common Security Problems in the Code of Dynamic Web Applications
Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems
Jackson Deserialization Vulnerabilities
Abusing Hidden Properties to Attack the Node.js Ecosystem
Welcome to the NetSPI SQL Injection Wiki! (In Progress)
A Study of Out-of-Band Structured Query Language Injection (In Progress)
Practical Web Cache Poisoning: Redefining 'Unexploitable
OAuth 2.0 Security Best Current Practice
Server-Side Template Injection: RCE for the modern webapp
Penetration Testing
The Open Source Security Testing Methodology Manuel (OSSTMM 3) (In Progress)
