{"id":21400609,"url":"https://github.com/cybersecurityup/ewptx-preparation","last_synced_at":"2026-01-25T07:37:18.090Z","repository":{"id":39345984,"uuid":"381712219","full_name":"CyberSecurityUP/eWPTX-Preparation","owner":"CyberSecurityUP","description":null,"archived":false,"fork":false,"pushed_at":"2021-06-30T13:32:04.000Z","size":283,"stargazers_count":345,"open_issues_count":1,"forks_count":76,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-03-16T15:56:43.630Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberSecurityUP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-30T13:31:01.000Z","updated_at":"2025-03-14T17:55:53.000Z","dependencies_parsed_at":"2022-08-01T08:19:22.772Z","dependency_job_id":null,"html_url":"https://github.com/CyberSecurityUP/eWPTX-Preparation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CyberSecurityUP/eWPTX-Preparation","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPTX-Preparation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPTX-Preparation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPTX-Preparation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPTX-Preparation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberSecurityUP","download_url":"https://codeload.github.com/CyberSecurityUP/eWPTX-Preparation/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FeWPTX-Preparation/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28747720,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T05:12:38.112Z","status":"ssl_error","status_checked_at":"2026-01-25T05:04:50.338Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T15:23:14.612Z","updated_at":"2026-01-25T07:37:18.052Z","avatar_url":"https://github.com/CyberSecurityUP.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# eWPTX-Preparation\n\n## Review\n\n### https://www.doyler.net/security-not-included/ewptx-review\n\n### https://diesec.home.blog/2021/06/05/elearnsecurity-web-application-penetration-tester-extreme-ewptxv2/\n\n### https://thomfre.dev/elearnsecurity-web-application-pentester\n\n### https://infosecwriteups.com/ewptxv2-exam-review-2646dd145940\n\n### https://blog.elearnsecurity.com/focus-on-the-web-application-penetration-testing-extreme-training-course-waptx.html\n\n### https://medium.com/@klockw3rk/elearnsecurity-web-application-penetration-testing-course-wapt-ewpt-2f7480120b8e\n\n### https://www.linkedin.com/pulse/como-se-tornar-um-engenheiro-e-mestre-em-offensive-dos-santos/?originalSubdomain=pt\n\n### https://www.ethicalhacker.net/features/root/course-review-elearnsecurity-waptx-webapp-pentester-extreme/\n\n### https://www.youtube.com/watch?v=ZaHt8KU3TBM\n\n### https://stacktrac3.co/ewptx-review/\n\n### https://community.infosecinstitute.com/discussion/129064/elearningsecurity-advanced-web-application-penetration-tester-ewptx-review\n\n### https://osandamalith.com/2016/12/29/journey-into-ewptx/\n\n### https://www.reddit.com/r/netsecstudents/comments/73728a/experience_with_elearnsecurity_web_application/\n\n## My Social Networks e ebooks\n\n### https://twitter.com/C0d3Cr4zy\n\n### https://www.linkedin.com/in/joas-antonio-dos-santos\n\n### https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU\n\n## LDAP Injection\n\n### https://www.neuralegion.com/blog/ldap-injection/\n\n### https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/LDAP%20Injection%20and%20Blind%20LDAP%20Injection.pdf\n\n### https://www.researchgate.net/publication/220049933_Vulnerabilities_of_LDAP_As_An_Authentication_Service\n\n### https://www.scirp.org/html/846.html\n\n### http://www.redbooks.ibm.com/redbooks/pdfs/sg246193.pdf\n\n### https://owasp.org/www-community/attacks/LDAP_Injection\n\n### https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html\n\n### https://www.synopsys.com/glossary/what-is-ldap-injection.html\n\n### https://www.netsparker.com/blog/web-security/ldap-injection-how-to-prevent/\n\n### https://book.hacktricks.xyz/pentesting-web/ldap-injection\n\n### https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/LDAP%20Injection%20and%20Blind%20LDAP%20Injection.pdf\n\n### https://www.calcomsoftware.com/preventing-ldap-reconnaissance/\n\n### https://www.computerworld.com/article/3135727/attackers-abuse-exposed-ldap-servers-to-amplify-ddos-attacks.html\n\n### https://portswigger.net/kb/issues/00100500_ldap-injection\n\n## Attacking Authentication \u0026 SSO\n\n### https://www.youtube.com/watch?v=h7ViO5YUuFA\n\n### https://www.youtube.com/watch?v=j9ALEIO3BSo\n\n### https://portswigger.net/daily-swig/vulnerabilities-in-single-sign-on-services-could-be-abused-to-bypass-authentication-controls\n\n### https://www.netspi.com/blog/technical/web-application-penetration-testing/attacking-sso-common-saml-vulnerabilities-ways-find/\n\n### https://duo.com/resources/videos/identity-theft-attacks-on-sso-systems\n\n### https://techbeacon.com/security/single-sign-still-open-attack-inside-look\n\n### https://workos.com/blog/fun-with-saml-sso-vulnerabilities-and-footguns\n\n### https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html\n\n### https://www.isdecisions.com/single-sign-on-active-directory-security-issues/\n\n### https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html\n\n### https://securityboulevard.com/2018/02/some-sso-systems-vulnerable-to-authentication-bypass/\n\n### https://dingelish.com/sso.pdf\n\n### https://yangliang.github.io/pdf/inscrypt15.pdf\n\n### https://www.researchgate.net/publication/257006846_An_authentication_flaw_in_browser-based_Single_Sign-On_protocols_Impact_and_remediations\n\n### https://www.okta.com/resources/whitepaper/5-identity-attacks-that-exploit-your-broken-authentication/\n\n### https://hdivsecurity.com/owasp-broken-authentication\n\n### https://github.com/dogangcr/vulnerable-sso\n\n### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md\n\n### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/SAML_Security_Cheat_Sheet.md\n\n### https://github.com/kelbyludwig/saml-attack-surface\n\n## Server Side Attacks\n\n### https://www.sciencedirect.com/topics/computer-science/server-side-attack#:~:text=Server%2Dside%20attacks%20(also%20called,client)%20to%20a%20listening%20service.\u0026text=Patching%2C%20system%20hardening%2C%20firewalls%2C,depth%20mitigate%20server%2Dside%20attacks.\n\n### https://www.javatpoint.com/server-side-attacks\n\n### https://portswigger.net/web-security/ssrf\n\n### https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection\n\n### https://sidechannel.tempestsi.com/server-side-request-forgery-attack-and-defense-64474bac3b1e\n\n### https://beaglesecurity.com/blog/article/server-side-request-forgery-attack.html\n\n### https://security.stackexchange.com/questions/195496/attacks-on-server-side-web\n\n- Subtopic 1\n\n### https://subscription.packtpub.com/book/networking_and_servers/9781785883149/6\n\n### https://blog.convisoappsec.com/en/explaning_remote_code_execution/\n\n### https://blog.sqreen.com/ssrf-explained/\n\n### https://www.neuralegion.com/blog/ssrf-server-side-request-forgery/\n\n### https://knowledge-base.secureflag.com/vulnerabilities/unvalidated_redirects_forwards/server_side_request_forgery_vulnerability.html\n\n### https://github.com/OWASP/www-community/blob/master/pages/attacks/Server-Side_Includes_(SSI)_Injection.md\n\n### https://github.com/esmog/nodexp\n\n### https://github.com/epinna/tplmap\n\n### https://github.com/payloadbox/ssti-payloads\n\n### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md\n\n### https://github.com/cujanovic/SSRF-Testing\n\n## Encoding and Filtering\n\n### https://owasp.org/www-community/attacks/Unicode_Encoding\n\n### https://owasp.org/www-community/Double_Encoding\n\n### https://www.cgisecurity.com/lib/URLEmbeddedAttacks.html\n\n### https://pt.slideshare.net/marco_morana/encoded-attacks-and-countermeasures-presentation\n\n### https://owasp-top-10-proactive-controls-2018.readthedocs.io/en/latest/c4-encode-escape-data.html\n\n### https://flylib.com/books/en/2.819.1.43/1/\n\n### https://github.com/OWASP/www-community/blob/master/pages/xss-filter-evasion-cheatsheet.md\n\n### https://github.com/OWASP/www-project-web-security-testing-guide/blob/master/latest/6-Appendix/D-Encoded_Injection.md\n\n### https://github.com/OWASP/www-community/blob/master/pages/Double_Encoding.md\n\n### https://github.com/OWASP/www-community/blob/master/pages/attacks/Unicode_Encoding.md\n\n### https://github.com/OWASP/wstg/blob/master/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md\n\n## XML Attacks\n\n### https://owasp.org/www-pdf-archive/XML_Based_Attacks_-_OWASP.pdf\n\n### https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing\n\n### https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870\n\n### https://portswigger.net/web-security/xxe\n\n### https://www.netsparker.com/blog/web-security/xxe-xml-external-entity-attacks/\n\n### https://www.whitehatsec.com/glossary/content/xml-injection\n\n### https://hdivsecurity.com/owasp-xml-external-entities-xxe\n\n### https://www.acunetix.com/blog/articles/xml-external-entity-xxe-vulnerabilities/\n\n### https://www.jigsawacademy.com/blogs/cyber-security/xml-external-entity/\n\n### https://www.opswat.com/blog/depth-look-xml-document-attack-vectors\n\n### https://www.appsecmonkey.com/blog/xxe\n\n### https://www.hacksplaining.com/prevention/xml-external-entities\n\n### https://we45.com/blog/xxe-injection-attack-3-ways-hit-hard/\n\n### https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity\n\n### https://ismailtasdelen.medium.com/xml-external-entity-xxe-injection-payload-list-937d33e5e116\n\n### https://github.com/payloadbox/xxe-injection-payload-list\n\n### https://hdivsecurity.com/bornsecure/prevention-of-xml-external-entity-xxe-attacks/\n\n### https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html\n\n### https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0/\n\n### https://gosecure.github.io/xxe-workshop/#0\n\n### https://www.synack.com/blog/a-deep-dive-into-xxe-injection/\n\n### https://support.f5.com/csp/article/K50262217\n\n### https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/top-level-protections/xml-entity-attack-protection.html\n\n### https://resources.infosecinstitute.com/topic/guide-xml-file-structure-external-entity-xxe-attacks/\n\n## Evasion Basic\n\n### https://github.com/EQuiw/2020-evasion-competition\n\n### https://github.com/OWASP/www-community/blob/master/pages/xss-filter-evasion-cheatsheet.md\n\n### https://github.com/0xInfection/Awesome-WAF\n\n### https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF\n\n### https://blog.isec.pl/waf-evasion-techniques/\n\n### https://www.sciencedirect.com/topics/computer-science/evasion-technique\n\n### https://medium.com/secjuice/waf-evasion-techniques-718026d693d8\n\n### https://owasp.org/www-pdf-archive/OWASP_Stammtisch_Frankfurt_WAF_Profiling_and_Evasion.pdf\n\n### https://blog.securelayer7.net/what-is-waf-how-web-application-firewall-evasion-techniques-work/\n\n### https://www.secjuice.com/web-application-firewall-waf-evasion/\n\n### https://www.exploit-db.com/docs/45366\n\n### https://www.infoq.com/presentations/waf-scripting-techniques-autonomous-attacks/\n\n### https://silo.tips/download/advanced-filter-evasion-and-web-application-firewall-bypassing\n\n### https://silo.tips/download/advanced-filter-evasion-and-web-application-firewall-bypassing\n\n### https://www.imperva.com/blog/score-sheet-testing-some-xss-evasion-techniques-against-our-waf/\n\n### https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/\n\n## Cross-Site Scripting and XSS Evasion\n\n### https://github.com/payloadbox/xss-payload-list\n\n### https://github.com/Learn-by-doing/xss\n\n### https://github.com/s0md3v/XSStrike\n\n### https://github.com/omurugur/XSS_Payload_List\n\n### https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot\n\n### https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md\n\n### https://owasp.org/www-community/xss-filter-evasion-cheatsheet\n\n### https://owasp.org/www-community/attacks/xss/\n\n### https://www.veracode.com/security/xss\n\n### https://portswigger.net/web-security/cross-site-scripting\n\n### https://www.acunetix.com/websitesecurity/xss/\n\n### https://www.netsparker.com/blog/web-security/xss-filter-evasion/\n\n### https://www.youtube.com/watch?v=O9vmnASdwZs\n\n### https://www.youtube.com/watch?v=sq0jdhigKYM\n\n### https://www.acunetix.com/blog/web-security-zone/xss-filter-evasion-basics/\n\n### https://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf\n\n### https://portswigger.net/web-security/cross-site-scripting/cheat-sheet\n\n### https://www.f5.com/pdf/white-papers/xss-evasion-wp.pdf\n\n### https://null-byte.wonderhowto.com/how-to/advanced-techniques-bypass-defeat-xss-filters-part-1-0190257/\n\n## Cross-Site Request Forgery\n\n### https://owasp.org/www-community/attacks/csrf\n\n### https://portswigger.net/web-security/csrf\n\n### https://www.acunetix.com/websitesecurity/csrf-attacks/\n\n### https://www.synopsys.com/glossary/what-is-csrf.html\n\n### https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/\n\n### https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/\n\n### https://www.rapid7.com/fundamentals/cross-site-request-forgery/\n\n### https://goteleport.com/blog/csrf-attacks/\n\n### https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\n\n### https://medium.com/@onehackman/cross-site-request-forgery-techniques-19270174ea4\n\n### https://auth0.com/blog/cross-site-request-forgery-csrf/\n\n### https://www.veracode.com/security/cross-site-request-forgery-guide-learn-all-about-csrf-attacks-and-csrf-protection\n\n### https://www.neuralegion.com/blog/cross-site-request-forgery-csrf/\n\n### https://blog.sessionstack.com/how-javascript-works-csrf-attacks-7-mitigation-strategies-757dfb08e7a6\n\n### https://blog.qualys.com/vulnerabilities-threat-research/2015/01/14/do-your-anti-csrf-tokens-really-protect-your-applications-from-csrf-attack\n\n### https://www.geeksforgeeks.org/cross-site-request-forgery-csrf-protection-methods-and-bypasses/\n\n### https://www.barracuda.com/glossary/csrf\n\n### https://seclab.stanford.edu/websec/csrf/\n\n### https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery\n\n## SQL Injections / Advanced SQL Injection and Bypass\n\n### https://owasp.org/www-community/attacks/SQL_Injection\n\n### https://www.devmedia.com.br/sql-injection/6102\n\n### https://www.youtube.com/watch?v=ciNHn38EyRc\n\n### https://www.youtube.com/watch?v=3Axp3VDnf0I\n\n### https://portswigger.net/web-security/sql-injection\n\n### https://www.acunetix.com/websitesecurity/sql-injection/\n\n### https://www.imperva.com/learn/application-security/sql-injection-sqli/\n\n### https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/\n\n### https://www.programmersought.com/article/16352206542/\n\n### https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF\n\n### https://www.secjuice.com/advanced-sqli-waf-bypass/\n\n### https://securityonline.info/sql-injection-9-ways-bypass-web-application-firewall/\n\n### https://incogbyte.github.io/hacking/2020/12/12/sqli-bypass-techs.html\n\n### https://www.ptsecurity.com/upload/corporate/ww-en/download/PT-devteev-CC-WAF-ENG.pdf\n\n### https://www.exploit-db.com/papers/17934\n\n### https://websec.files.wordpress.com/2010/11/sqli2.pdf\n\n### https://gist.github.com/cyberheartmi9/b4a4ff0f691be6b5c866450563258e86\n\n### https://isharaabeythissa.medium.com/sql-injection-waf-bypassing-b71cc373f6bf\n\n### https://pentestit.medium.com/bypassing-waf-4cfa1aad16bf\n\n### https://hydrasky.com/network-security/sql-injection-bypass-cheatsheet/\n\n### https://learncybersec.blogspot.com/2020/03/bypassing-web-application-firewall-part_20.html\n\n### https://securityreport.com/cloudflare-waf-xss-bypass-exploits-revealed/\n\n### https://titanwolf.org/Network/Articles/Article?AID=a3861efd-d7bd-4150-8ede-8d46df68bb8f#gsc.tab=0\n\n### http://spi.unob.cz/papers/2011/2011-11.pdf\n\n### https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423\n\n### https://null-byte.wonderhowto.com/how-to/sql-injection-101-avoid-detection-bypass-defenses-0184918/\n\n### https://security.stackexchange.com/questions/241149/sqli-filter-bypass-with-banned-table-column-names\n\n### https://infosecwriteups.com/fun-sql-injection-mod-security-bypass-644b54b0c445\n\n### https://book.hacktricks.xyz/pentesting-web/sql-injection\n\n### https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/\n\n### https://www.youtube.com/watch?v=2Fn0WAyZV0E\n\n### https://www.udemy.com/course/advanced-sql-tutorial/\n\n## Attacking Serialization\n\n\n### https://www.reblaze.com/blog/serialization-attacks-what-they-are-and-how-to-prevent-them/#:~:text=A%20serialization%20attack%20happens%20when,into%20an%20in%2Dmemory%20structure.\n\n### https://speakerdeck.com/pwntester/attacking-net-serialization\n\n### https://www.youtube.com/watch?v=eDfGpu3iE4Q\n\n### https://www.youtube.com/watch?v=qDoBlLwREYk\n\n### https://www.youtube.com/watch?v=NqHsaVhlxAQ\n\n### https://portswigger.net/web-security/deserialization\n\n### https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data\n\n### https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html\n\n### https://hdivsecurity.com/bornsecure/insecure-deserialization-attack-examples-mitigation/\n\n### https://snyk.io/blog/serialization-and-deserialization-in-java/\n\n### https://medium.com/gdg-vit/deserialization-attacks-d312fbe58e7d\n\n### https://infosecwriteups.com/insecure-deserialization-5c64e9943f0e\n\n### https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/\n\n### https://www.cyberbit.com/blog/endpoint-security/serialization-vulnerabilities-explained/\n\n### http://www.securitytube.net/video/1045\n\n### https://www.cisecurity.org/blog/data-deserialization/\n\n### https://blog.cobalt.io/the-anatomy-of-deserialization-attacks-b90b56328766\n\n### https://www.immuniweb.com/blog/OWASP-insecure-deserialization.html\n\n### https://securityboulevard.com/2018/06/deserialization-vulnerabilities-attacking-deserialization-in-js/\n\n### https://portswigger.net/web-security/deserialization#:~:text=Insecure%20deserialization%20is%20when%20user,data%20into%20the%20application%20code.\u0026text=For%20this%20reason%2C%20insecure%20deserialization,an%20%22object%20injection%22%20vulnerability.\n\n### https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization\n\n### https://www.acunetix.com/blog/articles/what-is-insecure-deserialization/\n\n### https://www.youtube.com/watch?v=nkTBwbnfesQ\n\n### https://www.youtube.com/watch?v=jwzeJU_62IQ\n\n### https://www.youtube.com/watch?v=EEHslhNbjeY\n\n### https://thehackerish.com/insecure-deserialization-explained-with-examples/\n\n### https://cyber.ithome.com.tw/2021/en/session-page/137\n\n### https://s.itho.me/ccms_slides/2021/5/17/fdc541c0-5889-4f81-8f42-13fbb4ae5e60.pdf\n\n### https://www.alluresec.com/2021/03/30/ewptxv2-review/\n\n### https://www.alluresec.com/2021/02/03/polygot-phar-deserialization/\n\n## Attacking Crypto\n\n### https://www.hacker101.com/sessions/crypto_attacks.html\n\n### https://www.csoonline.com/article/3253572/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html\n\n### https://www.coindesk.com/crypto-attacks-bitcoin-ethereum-classic-open-source-value\n\n### https://github.com/jvdsn/crypto-attacks\n\n### https://www.coindesk.com/hackers-mined-crypto-on-githubs-servers-report\n\n### https://heimdalsecurity.com/blog/github-infrastructure-used-to-mine-cryptocurrency/\n\n### https://dev.to/thibaultduponchelle/the-github-action-mining-attack-through-pull-request-2lmc\n\n### https://owasp.org/www-pdf-archive//Emil-gurevitch-practical-crypto-attacks-part-1.pdf\n\n### https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/\n\n### https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/\n\n### https://arstechnica.com/information-technology/2013/03/new-attacks-on-ssl-decrypt-authentication-cookies/\n\n### https://attack.mitre.org/techniques/T1140/\n\n### https://portswigger.net/bappstore/f923cbf91698420890354c1d8958fee6\n\n### https://hackernoon.com/a-guide-to-hashing-how-to-keep-your-database-safe-4n1fq31nz\n\n### https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/\n\n### https://auth0.com/blog/hashing-passwords-one-way-road-to-security/\n\n## API and Cloud Application Attacks\n\n### https://techbeacon.com/enterprise-it/pen-testing-cloud-based-apps-step-step-guide\n\n### https://kirkpatrickprice.com/blog/api-penetration-testing/\n\n### https://securetriad.io/the-what-why-and-how-of-api-penetration-testing/\n\n### https://secureideas.com/knowledge/what-is-the-difference-between-api-and-webapp-pentests\n\n### https://www.breachlock.com/penetration-testing-of-apis-and-microservices/\n\n### https://turingpoint.de/en/security-assessments/pentests/web-applications/\n\n### https://www.sans.org/webcasts/pen-testing-api-security-web-cloud-119180\n\n### https://thecyphere.com/services/web-application-penetration-testing/\n\n### https://www.iarminfo.com/api-penetration-testing/\n\n### https://www.securitycompassadvisory.com/blog/api-security-testing-best-practices-key-vulnerabilities/\n\n### https://outpost24.com/blog/what-is-api-security-and-how-to-protect-them\n\n### https://github.com/inonshk/31-days-of-API-Security-Tips\n\n### https://github.com/0xbigshaq/firepwn-tool\n\n### https://github.com/arainho/awesome-api-security\n\n### https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md\n\n### https://github.com/HSIS007/Useful_Websites_For_Pentester\n\n### https://book.hacktricks.xyz/pentesting/pentesting-web/web-api-pentesting\n\n### https://github.com/omkar-ukirde/api-pentesting\n\n### https://github.com/BBVA/apicheck\n\n### https://github.com/flipkart-incubator/Astra\n\n### https://github.com/dsopas/MindAPI\n\n*XMind - Evaluation Version*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fewptx-preparation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybersecurityup%2Fewptx-preparation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fewptx-preparation/lists"}