{"id":18273330,"url":"https://github.com/harsh-bothra/securityexplained","last_synced_at":"2026-01-27T17:36:43.923Z","repository":{"id":43266440,"uuid":"438132179","full_name":"harsh-bothra/SecurityExplained","owner":"harsh-bothra","description":"SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.","archived":false,"fork":false,"pushed_at":"2022-08-04T11:55:41.000Z","size":11405,"stargazers_count":536,"open_issues_count":4,"forks_count":101,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-02-14T22:13:58.207Z","etag":null,"topics":["appsecurity","bugbounty","hacking","learning","pentesting"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/harsh-bothra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-14T05:44:15.000Z","updated_at":"2025-02-08T08:53:28.000Z","dependencies_parsed_at":"2022-07-09T02:46:29.286Z","dependency_job_id":null,"html_url":"https://github.com/harsh-bothra/SecurityExplained","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harsh-bothra%2FSecurityExplained","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harsh-bothra%2FSecurityExplained/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harsh-bothra%2FSecurityExplained/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harsh-bothra%2FSecurityExplained/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/harsh-bothra","download_url":"https://codeload.github.com/harsh-bothra/SecurityExplained/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247974623,"owners_count":21026742,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsecurity","bugbounty","hacking","learning","pentesting"],"created_at":"2024-11-05T12:06:03.355Z","updated_at":"2026-01-27T17:36:43.882Z","avatar_url":"https://github.com/harsh-bothra.png","language":null,"readme":"# Security Explained\n\nSecurityExplained is a new series after the previous learning challenge series [#Learn365](https://www.github.com/harsh-bothra/learn365). The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under #SecurityExplained series: \n1. Tweets explaining interesting security stuff\n2. Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks\n3. Security Discussion Spaces/Meets\n4. Monthly Mindmap/Mindmap based explainers for different attacks/techniques\n5. My Pentesting Methodology Breakdown\n6. Giveaways and Community Engagement \n7. GitHub Repository to Maintain \"SecurityExplained\"\n8. Public \u0026 Free to Access\n9. Newsletter\n\nFollow me on Twitter for Regular Updates: [Harsh Bothra](https://twitter.com/harshbothra_).\n\n**Note:** Please note that this series will run on irregular scehdules and it is not necessary to produce \u0026 share content on a regular or daily basis. \n\n# Content by Harsh\n___\nS.No. | Topic\n--- | ---\n**1** | [My Penetration Testing Methodology [Web]](/resources/web-pentesting-methodology.md)\n**2** | [FeroxBuster Explained](/resources/feroxbuster-explained.md)\n**3** | [Creating Custom Wordlist for Content Discovery](/resources/custom-wordlist-for-contentdiscovery.md)\n**4** | [Escalating HTML Injection to Cloud Metadata SSRF](/resources/htmli-to-cloud-ssrf.md)\n**5** | [Bypassing Privileges \u0026 Other Restrictions with Mass Assignment Attacks](/resources/attacks-with-mass-assign.md)\n**6** | [Bypassing Biometrics in iOS with Objection](/resources/bypassing-ios-biometrics.md)\n**7** | [My Methodology to Test Premium Features](/resources/premium-feature-testing-methodology.md)\n**8** | [Bypassing Filters(and more) with Visual Spoofing](/resources/bypassing-filters-visual-spoofing.md)\n**9** | [Path Traversal via File Upload](/resources/path-traversal-file-upload.md)\n**10** | [Attacking Zip Upload Functionality with ZipSlip Attack](/resources/zip-slip-file-upload.md)\n**11** | [RustScan - The Modern Port Scanner](/resources/rustscan-portscanner.md)\n**12** | [Vulnerable Code Snippet - 1](/resources/vulnerable-code-1.md)\n**13** | [Vulnerable Code Snippet - 2](/resources/vulnerable-code-2.md)\n**14** | [Exploiting XXE in JSON Endpoints](/resources/xxe-in-json.md)\n**15** | [Vulnerable Code Snippet - 3](/resources/vulnerable-code-3.md)\n**16** | [Vulnerable Code Snippet - 4](/resources/vulnerable-code-4.md)\n**17** | [Vulnerable Code Snippet - 5](/resources/vulnerable-code-5.md)\n**18** | [Vulnerable Code Snippet - 6](/resources/vulnerable-code-6.md)\n**19** | [Vulnerable Code Snippet - 7](/resources/vulnerable-code-7.md)\n**20** | [Vulnerable Code Snippet - 8](/resources/vulnerable-code-8.md)\n**21** | [Vulnerable Code Snippet - 9](/resources/vulnerable-code-9.md)\n**22** | [Vulnerable Code Snippet - 10](/resources/vulnerable-code-10.md)\n**23** | [Vulnerable Code Snippet - 11](/resources/vulnerable-code-11.md)\n**24** | [Vulnerable Code Snippet - 12](/resources/vulnerable-code-12.md)\n**25** | [Vulnerable Code Snippet - 13](/resources/vulnerable-code-13.md)\n**26** | [Vulnerable Code Snippet - 14](/resources/vulnerable-code-14.md)\n**27** | [Vulnerable Code Snippet - 15](/resources/vulnerable-code-15.md)\n**28** | [Vulnerable Code Snippet - 16](/resources/vulnerable-code-16.md)\n**29** | [Vulnerable Code Snippet - 17](/resources/vulnerable-code-17.md)\n**30** | [Vulnerable Code Snippet - 18](/resources/vulnerable-code-18.md)\n**31** | [Vulnerable Code Snippet - 19](/resources/vulnerable-code-19.md)\n**32** | [Account Takeover Methodology](/resources/account-takeovers-methodology.md)\n**33** | [Vulnerable Code Snippet - 20](/resources/vulnerable-code-20.md)\n**34** | [Vulnerable Code Snippet - 21](/resources/vulnerable-code-21.md)\n**35** | [Vulnerable Code Snippet - 22](/resources/vulnerable-code-22.md)\n**36** | [Vulnerable Code Snippet - 23](/resources/vulnerable-code-23.md)\n**37** | [Vulnerable Code Snippet - 24](/resources/vulnerable-code-24.md)\n**38** | [Vulnerable Code Snippet - 25](/resources/vulnerable-code-25.md)\n**39** | [Vulnerable Code Snippet - 26](/resources/vulnerable-code-26.md)\n**40** | [Vulnerable Code Snippet - 27](/resources/vulnerable-code-27.md)\n**41** | [Vulnerable Code Snippet - 28](/resources/vulnerable-code-28.md)\n**42** | [Vulnerable Code Snippet - 29](/resources/vulnerable-code-29.md)\n**43** | [Vulnerable Code Snippet - 30](/resources/vulnerable-code-30.md)\n**44** | [Vulnerable Code Snippet - 31](/resources/vulnerable-code-31.md)\n**45** | [Vulnerable Code Snippet - 32](/resources/vulnerable-code-32.md)\n**46** | [Vulnerable Code Snippet - 33](/resources/vulnerable-code-33.md)\n**47** | [Vulnerable Code Snippet - 34](/resources/vulnerable-code-34.md)\n**48** | [Vulnerable Code Snippet - 35](/resources/vulnerable-code-35.md)\n**49** | [Vulnerable Code Snippet - 36](/resources/vulnerable-code-36.md)\n**50** | [Vulnerable Code Snippet - 37](/resources/vulnerable-code-37.md)\n**51** | [Vulnerable Code Snippet - 38](/resources/vulnerable-code-38.md)\n**52** | [Vulnerable Code Snippet - 39](/resources/vulnerable-code-39.md)\n**53** | [Vulnerable Code Snippet - 40](/resources/vulnerable-code-40.md)\n**54** | [Vulnerable Code Snippet - 41](/resources/vulnerable-code-41.md)\n**55** | [Vulnerable Code Snippet - 42](/resources/vulnerable-code-42.md)\n**56** | [Vulnerable Code Snippet - 43](/resources/vulnerable-code-43.md)\n**57** | [Vulnerable Code Snippet - 44](/resources/vulnerable-code-44.md)\n**58** | [Vulnerable Code Snippet - 45](/resources/vulnerable-code-45.md)\n**59** | [Ruby ERB SSTI](/resources/ruby-erb-ssti.md)\n**60** | [Introduction to CWE](/resources/intro-to-cwe.md)\n**61** | [CWE-787: Out-of-bounds Write](/resources/cwe-787.md)\n**62** | [Vulnerable Code Snippet - 46](/resources/vulnerable-code-46.md)\n**63** | [CWE-20: Improper Input Validation](/resources/cwe-20.md)\n**64** | [Vulnerabilities in Cookie Based Authentication](/resources/vulnerabilities-in-cookies.md)\n**65** | [How do I get Started in Cyber Security? — My Perspective \u0026 Learning Path!](/resources/getting-into-cybersecurity.md)\n**66** | [Scope Based Recon Methodology: Exploring Tactics for Smart Recon](/resources/scope-based-recon.md)\n**67** | [MFA Bypass Techniques](/resources/mfa-bypass.md)\n**68** | [Vulnerable Code Snippet - 47](/resources/vulnerable-code-47.md)\n**69** | [Vulnerable Code Snippet - 48](/resources/vulnerable-code-48.md)\n**70** | [Vulnerable Code Snippet - 49](/resources/vulnerable-code-49.md)\n**71** | [Vulnerable Code Snippet - 50](/resources/vulnerable-code-50.md)\n**72** | [Vulnerable Code Snippet - 51](/resources/vulnerable-code-51.md)\n**73** | [Vulnerable Code Snippet - 52](/resources/vulnerable-code-52.md)\n**74** | [Vulnerable Code Snippet - 53](/resources/vulnerable-code-53.md)\n**75** | [Vulnerable Code Snippet - 54](/resources/vulnerable-code-54.md)\n**76** | [Vulnerable Code Snippet - 55](/resources/vulnerable-code-55.md)\n**77** | [Vulnerable Code Snippet - 56](/resources/vulnerable-code-56.md)\n**78** | [Vulnerable Code Snippet - 57](/resources/vulnerable-code-57.md)\n**79** | [Vulnerable Code Snippet - 58](/resources/vulnerable-code-58.md)\n**80** | [Vulnerable Code Snippet - 59](/resources/vulnerable-code-59.md)\n**81** | [Vulnerable Code Snippet - 60](/resources/vulnerable-code-60.md)\n**82** | [Vulnerable Code Snippet - 61](/resources/vulnerable-code-61.md)\n**83** | [Vulnerable Code Snippet - 62](/resources/vulnerable-code-62.md)\n**84** | [Vulnerable Code Snippet - 63](/resources/vulnerable-code-63.md)\n**85** | [Vulnerable Code Snippet - 64](/resources/vulnerable-code-64.md)\n**86** | [Vulnerable Code Snippet - 65](/resources/vulnerable-code-65.md)\n**87** | [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](/resources/cwe-200.md)\n**88** | [CWE-732: Incorrect Permission Assignment for Critical Resource](/resources/cwe-732.md)\n**89** | [CWE-522: Insufficiently Protected Credentials](/resources/cwe-522.md)\n**90** | [CWE-918: Server-Side Request Forgery (SSRF)](/resources/cwe-918)\n**91** | [CWE-611: Improper Restriction of XML External Entity Reference](/resources/cwe-611.md)\n**92** | [CWE-476: NULL Pointer Dereference](/resources/cwe-476.md)\n**93** | [CWE-276: Incorrect Default Permissions](/resources/cwe-276.md)\n**94** | [CWE-862: Missing Authorization](/resources/cwe-862.md)\n**95** | [CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer](/resources/cwe-119.md)\n**96** | [CWE-798: Use of Hard-coded Credentials](/resources/cwe-798.md)\n**97** | [CWE-287: Improper Authentication](/resources/cwe-287.md)\n\n# SecurityExplained NewsLetter\n\n___\nS.No. | Topic\n--- | ---\n**1** | [Issue-1](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-newsletter-315740)\n**2** | [Issue-2](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-2-969744)\n**3** | [Issue-3](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-3-979380)\n**4** | [Issue-4](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-4-990787)\n**5** | [Issue-5](https://t.co/MIS3cFYYtj)\n**6** | [Issue-6](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-6-1014382)\n**7** | [Issue-7](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-7-1026847)\n**8** | [Issue-8](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-8-1038241)\n**9** | [Issue-9](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-9-1049767)\n**10** | [Issue-10](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-10-1061802)\n**11** | [Issue-11](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-11-1073189)\n**12** | [Issue-12](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-12-1084203)\n**13** | [Issue-13](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-13-1095142)\n**14** | [Issue-14](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-14-1106987)\n\n# AskMeAnything \n\n___\nS.No. | Topic\n--- | ---\n**1** | [AMA-1: AMA with Harsh Bothra](https://twitter.com/harshbothra_/status/1497233820336418816)\n**2** | [AMA-2: AMA with Six2dez](https://twitter.com/harshbothra_/status/1499731408868179972)\n**3** | [AMA-3: AMA with Brumens](https://twitter.com/harshbothra_/status/1511327809733480451)\n\n# Threads\n___\nS.No. | Topic\n--- | ---\n**1** | [7 Hacking Books you must read](https://twitter.com/harshbothra_/status/1499346357227642886)\n**2** | [4 Subdomain Enumeration Tools you must have in your Arsenal 💻](https://twitter.com/harshbothra_/status/1500101328978079744)\n**3** | [6 Burp Extensions to Check for Access Control \u0026 Privilege Escalation Issues](https://twitter.com/harshbothra_/status/1500848764948389889)\n**4** | [5 Powerful Web Fuzzing \u0026 Content Discovery Tools You Must Know](https://twitter.com/harshbothra_/status/1501928368521945090)\n**5** | [17 Search Engines every Security Professional Must Know](https://twitter.com/harshbothra_/status/1503332626580471808)\n**6** | [7 Cyber Security Conferences Channel You Must Follow](https://twitter.com/harshbothra_/status/1505869341748723714)\n**7** | [9 Free Practice Labs to Master Cross-Site Scripting](https://twitter.com/harshbothra_/status/1508406052663934979)\n**8** | [11 MindMaps I have created that you may find useful!](https://twitter.com/harshbothra_/status/1509168580071329792)\n**9** | [14 Payload Repositories to find all the required Payloads \u0026 Attack Vectors](https://twitter.com/harshbothra_/status/1509870706347032579)\n\n# MindMaps \nS.No. | Topic\n--- | ---\n**1** | [Account Takeover Techniques](https://www.xmind.net/m/M3WEqG/)\n**2** | [CWE TOP 10 (2021)](https://www.xmind.net/m/icrqti)\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharsh-bothra%2Fsecurityexplained","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharsh-bothra%2Fsecurityexplained","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharsh-bothra%2Fsecurityexplained/lists"}