{"id":13782457,"url":"https://github.com/pascalschulz/Infosec-Resources","last_synced_at":"2025-05-11T15:32:31.618Z","repository":{"id":215855799,"uuid":"177867866","full_name":"pascalschulz/Infosec-Resources","owner":"pascalschulz","description":"just a little treasure chest of stuff I need to watch / read later","archived":false,"fork":false,"pushed_at":"2021-03-26T07:37:44.000Z","size":21,"stargazers_count":31,"open_issues_count":0,"forks_count":13,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-17T17:43:19.398Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pascalschulz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-26T20:59:59.000Z","updated_at":"2024-10-20T13:34:40.000Z","dependencies_parsed_at":null,"dependency_job_id":"3d4062e8-7d26-4801-b90f-9ae275c21d24","html_url":"https://github.com/pascalschulz/Infosec-Resources","commit_stats":null,"previous_names":["pascalschulz/infosec-resources"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pascalschulz%2FInfosec-Resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pascalschulz%2FInfosec-Resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pascalschulz%2FInfosec-Resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pascalschulz%2FInfosec-Resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pascalschulz","download_url":"https://codeload.github.com/pascalschulz/Infosec-Resources/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253588744,"owners_count":21932315,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T18:01:37.391Z","updated_at":"2025-05-11T15:32:31.364Z","avatar_url":"https://github.com/pascalschulz.png","language":null,"funding_links":[],"categories":["Github resources"],"sub_categories":["Posts from Hacker101 members on how to get started hacking"],"readme":"# Infosec Resources\n\nThis is a try to create a comprehensive list of good write-ups and tools for specific vulnerablitiies. \n\n## Attack Guidance\n\n### OAuth\n * https://research.nccgroup.com/2020/07/07/an-offensive-guide-to-the-authorization-code-grant/\n \n### CRLF Injection\n * https://hackerone.com/reports/79552 \n * https://hackerone.com/reports/66386 \n * https://hackerone.com/reports/36105 \n * https://hackerone.com/reports/39181 \n * https://hackerone.com/reports/66257 \n * https://hackerone.com/reports/67386 \n * https://hackerone.com/reports/15492\n \n### Cross-Site-Scripting\n * http://lcamtuf.coredump.cx/postxss/\n * https://html5sec.org/\n * https://aem1k.com/aurebesh.js/\n \n### CSP \n * https://blog.innerht.ml/csp-2015/\n\n### Sensitive Information Disclosure\n * https://github.com/cure53/HTTPLeaks\n \n### URL Redirection\n * https://medium.com/bugbountywriteup/cvv-2-open-redirect-213555765607\n \n### Subdomain Takeover\n * https://www.hackerone.com/blog/Guide-Subdomain-Takeovers\n \n### SSTI (Server-Side Template Injection)\n * https://portswigger.net/blog/server-side-template-injection\n * https://speakerdeck.com/owaspmontreal/workshop-server-side-template-injection-ssti\n * https://www.lanmaster53.com/2016/03/09/exploring-ssti-flask-jinja2/\n * https://www.lanmaster53.com/2016/03/11/exploring-ssti-flask-jinja2-part-2/\n * https://nvisium.com/blog/2016/03/09/exploring-ssti-in-flask-jinja2.html\n * https://hackerone.com/reports/125980\n \n### SSRF (Server-Side Request Forgery)\n * http://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html\n * https://sethsec.blogspot.com/2015/12/exploiting-server-side-request-forgery.html\n * http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf\n * https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF\n * http://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/\n * https://www.bishopfox.com/blog/2016/02/burp-collaborate-listen-pentester-reviews-latest-burp-suite-addition/\n * https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit\n * https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb\n \n### SQL Injection \n * https://www.nccgroup.com/us/about-us/newsroom-and-events/blog/2019/march/did-you-order-a-sql-injection/\n \n### CSRF (Cross-Site-Request Forgery)\n * https://resources.infosecinstitute.com/bypassing-csrf-protections-fun-profit/#gref\n \n### CSS Injection\n * https://www.netsparker.com/blog/web-security/private-data-stolen-exploiting-css-injection/\n * https://portswigger.net/blog/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities#badcss\n * https://d0nut.medium.com/better-exfiltration-via-html-injection-31c72a2dae8b\n \n### HTTP Parameter Pollution\n * https://www.acunetix.com/blog/whitepaper-http-parameter-pollution/\n \n### Deserialization \n * https://github.com/frohoff/ysoserial\n * https://book.hacktricks.xyz/pentesting-web/deserialization\n\n### RCE\n * https://www.revshells.com/\n \n \n## Tech-Stack\n\n### Electron Apps\n\n * https://spaceraccoon.dev/open-sesame-escalating-open-redirect-to-rce-with-electron-code-review\n\n\n## Cheat-Sheets\n\n### API Hacking\n\n * https://dsopas.github.io/MindAPI/play/\n \n## Reconnaissance\n \n### Bug Bounty\n * https://www.offensity.com/de/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/\n \n## Tools\n\n### Reconnaissance\n * https://github.com/1N3/Sn1per\n \n### Bug Bounty Framework\n * https://github.com/pry0cc/axiom\n * https://blog.yeswehack.com/yeswerhackers/the-pwning-machine/\n \n## Blogs\n\n### Web Application Security\n * https://blog.innerht.ml/\n\n## Methodologies\n\n### Bug Finding\n * https://docs.google.com/presentation/d/1p8QiqbGndcEx1gm4_d3ne2fqeTqCTurTC77Lxe82zLY/edit#slide=id.p\n\n## Youtube\n\n### Web Application Hacking\n * https://www.youtube.com/watch?v=Casj9ly3XAk\u0026feature=youtu.be\n * https://www.youtube.com/watch?v=Qw1nNPiH_Go\n * https://www.youtube.com/watch?v=C4ZHAdI8o1w\n * https://www.youtube.com/watch?v=Y80drEt_TVQ\n\n### Random Videos\n * https://www.youtube.com/watch?v=RBoI0sSBeDo\n\n## Technical Challenges\n\n### File Transfer\n * https://file-downloads.com/\n\n## Further Lists\n\n### Write-Ups\n * https://pentester.land/list-of-bug-bounty-writeups.html\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpascalschulz%2FInfosec-Resources","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpascalschulz%2FInfosec-Resources","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpascalschulz%2FInfosec-Resources/lists"}