Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/harsh-bothra/securityexplained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
https://github.com/harsh-bothra/securityexplained
appsecurity bugbounty hacking learning pentesting
Last synced: about 2 months ago
JSON representation
Host: GitHub
URL: https://github.com/harsh-bothra/securityexplained
Owner: harsh-bothra
Created: 2021-12-14T05:44:15.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2022-08-04T11:55:41.000Z (over 2 years ago)
Last Synced: 2024-11-05T12:05:58.063Z (3 months ago)
Topics: appsecurity, bugbounty, hacking, learning, pentesting
Homepage:
Size: 10.9 MB
Stars: 524
Watchers: 22
Forks: 98
Open Issues: 4
Metadata Files:
- Readme: README.md
Awesome Lists containing this project

README

        # Security Explained

SecurityExplained is a new series after the previous learning challenge series [#Learn365](https://www.github.com/harsh-bothra/learn365). The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under #SecurityExplained series: 

1. Tweets explaining interesting security stuff

2. Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks

3. Security Discussion Spaces/Meets

4. Monthly Mindmap/Mindmap based explainers for different attacks/techniques

5. My Pentesting Methodology Breakdown

6. Giveaways and Community Engagement 

7. GitHub Repository to Maintain "SecurityExplained"

8. Public & Free to Access

9. Newsletter

Follow me on Twitter for Regular Updates: [Harsh Bothra](https://twitter.com/harshbothra_).

**Note:** Please note that this series will run on irregular scehdules and it is not necessary to produce & share content on a regular or daily basis. 

# Content by Harsh

___

S.No. | Topic

--- | ---

**1** | [My Penetration Testing Methodology [Web]](/resources/web-pentesting-methodology.md)

**2** | [FeroxBuster Explained](/resources/feroxbuster-explained.md)

**3** | [Creating Custom Wordlist for Content Discovery](/resources/custom-wordlist-for-contentdiscovery.md)

**4** | [Escalating HTML Injection to Cloud Metadata SSRF](/resources/htmli-to-cloud-ssrf.md)

**5** | [Bypassing Privileges & Other Restrictions with Mass Assignment Attacks](/resources/attacks-with-mass-assign.md)

**6** | [Bypassing Biometrics in iOS with Objection](/resources/bypassing-ios-biometrics.md)

**7** | [My Methodology to Test Premium Features](/resources/premium-feature-testing-methodology.md)

**8** | [Bypassing Filters(and more) with Visual Spoofing](/resources/bypassing-filters-visual-spoofing.md)

**9** | [Path Traversal via File Upload](/resources/path-traversal-file-upload.md)

**10** | [Attacking Zip Upload Functionality with ZipSlip Attack](/resources/zip-slip-file-upload.md)

**11** | [RustScan - The Modern Port Scanner](/resources/rustscan-portscanner.md)

**12** | [Vulnerable Code Snippet - 1](/resources/vulnerable-code-1.md)

**13** | [Vulnerable Code Snippet - 2](/resources/vulnerable-code-2.md)

**14** | [Exploiting XXE in JSON Endpoints](/resources/xxe-in-json.md)

**15** | [Vulnerable Code Snippet - 3](/resources/vulnerable-code-3.md)

**16** | [Vulnerable Code Snippet - 4](/resources/vulnerable-code-4.md)

**17** | [Vulnerable Code Snippet - 5](/resources/vulnerable-code-5.md)

**18** | [Vulnerable Code Snippet - 6](/resources/vulnerable-code-6.md)

**19** | [Vulnerable Code Snippet - 7](/resources/vulnerable-code-7.md)

**20** | [Vulnerable Code Snippet - 8](/resources/vulnerable-code-8.md)

**21** | [Vulnerable Code Snippet - 9](/resources/vulnerable-code-9.md)

**22** | [Vulnerable Code Snippet - 10](/resources/vulnerable-code-10.md)

**23** | [Vulnerable Code Snippet - 11](/resources/vulnerable-code-11.md)

**24** | [Vulnerable Code Snippet - 12](/resources/vulnerable-code-12.md)

**25** | [Vulnerable Code Snippet - 13](/resources/vulnerable-code-13.md)

**26** | [Vulnerable Code Snippet - 14](/resources/vulnerable-code-14.md)

**27** | [Vulnerable Code Snippet - 15](/resources/vulnerable-code-15.md)

**28** | [Vulnerable Code Snippet - 16](/resources/vulnerable-code-16.md)

**29** | [Vulnerable Code Snippet - 17](/resources/vulnerable-code-17.md)

**30** | [Vulnerable Code Snippet - 18](/resources/vulnerable-code-18.md)

**31** | [Vulnerable Code Snippet - 19](/resources/vulnerable-code-19.md)

**32** | [Account Takeover Methodology](/resources/account-takeovers-methodology.md)

**33** | [Vulnerable Code Snippet - 20](/resources/vulnerable-code-20.md)

**34** | [Vulnerable Code Snippet - 21](/resources/vulnerable-code-21.md)

**35** | [Vulnerable Code Snippet - 22](/resources/vulnerable-code-22.md)

**36** | [Vulnerable Code Snippet - 23](/resources/vulnerable-code-23.md)

**37** | [Vulnerable Code Snippet - 24](/resources/vulnerable-code-24.md)

**38** | [Vulnerable Code Snippet - 25](/resources/vulnerable-code-25.md)

**39** | [Vulnerable Code Snippet - 26](/resources/vulnerable-code-26.md)

**40** | [Vulnerable Code Snippet - 27](/resources/vulnerable-code-27.md)

**41** | [Vulnerable Code Snippet - 28](/resources/vulnerable-code-28.md)

**42** | [Vulnerable Code Snippet - 29](/resources/vulnerable-code-29.md)

**43** | [Vulnerable Code Snippet - 30](/resources/vulnerable-code-30.md)

**44** | [Vulnerable Code Snippet - 31](/resources/vulnerable-code-31.md)

**45** | [Vulnerable Code Snippet - 32](/resources/vulnerable-code-32.md)

**46** | [Vulnerable Code Snippet - 33](/resources/vulnerable-code-33.md)

**47** | [Vulnerable Code Snippet - 34](/resources/vulnerable-code-34.md)

**48** | [Vulnerable Code Snippet - 35](/resources/vulnerable-code-35.md)

**49** | [Vulnerable Code Snippet - 36](/resources/vulnerable-code-36.md)

**50** | [Vulnerable Code Snippet - 37](/resources/vulnerable-code-37.md)

**51** | [Vulnerable Code Snippet - 38](/resources/vulnerable-code-38.md)

**52** | [Vulnerable Code Snippet - 39](/resources/vulnerable-code-39.md)

**53** | [Vulnerable Code Snippet - 40](/resources/vulnerable-code-40.md)

**54** | [Vulnerable Code Snippet - 41](/resources/vulnerable-code-41.md)

**55** | [Vulnerable Code Snippet - 42](/resources/vulnerable-code-42.md)

**56** | [Vulnerable Code Snippet - 43](/resources/vulnerable-code-43.md)

**57** | [Vulnerable Code Snippet - 44](/resources/vulnerable-code-44.md)

**58** | [Vulnerable Code Snippet - 45](/resources/vulnerable-code-45.md)

**59** | [Ruby ERB SSTI](/resources/ruby-erb-ssti.md)

**60** | [Introduction to CWE](/resources/intro-to-cwe.md)

**61** | [CWE-787: Out-of-bounds Write](/resources/cwe-787.md)

**62** | [Vulnerable Code Snippet - 46](/resources/vulnerable-code-46.md)

**63** | [CWE-20: Improper Input Validation](/resources/cwe-20.md)

**64** | [Vulnerabilities in Cookie Based Authentication](/resources/vulnerabilities-in-cookies.md)

**65** | [How do I get Started in Cyber Security? — My Perspective & Learning Path!](/resources/getting-into-cybersecurity.md)

**66** | [Scope Based Recon Methodology: Exploring Tactics for Smart Recon](/resources/scope-based-recon.md)

**67** | [MFA Bypass Techniques](/resources/mfa-bypass.md)

**68** | [Vulnerable Code Snippet - 47](/resources/vulnerable-code-47.md)

**69** | [Vulnerable Code Snippet - 48](/resources/vulnerable-code-48.md)

**70** | [Vulnerable Code Snippet - 49](/resources/vulnerable-code-49.md)

**71** | [Vulnerable Code Snippet - 50](/resources/vulnerable-code-50.md)

**72** | [Vulnerable Code Snippet - 51](/resources/vulnerable-code-51.md)

**73** | [Vulnerable Code Snippet - 52](/resources/vulnerable-code-52.md)

**74** | [Vulnerable Code Snippet - 53](/resources/vulnerable-code-53.md)

**75** | [Vulnerable Code Snippet - 54](/resources/vulnerable-code-54.md)

**76** | [Vulnerable Code Snippet - 55](/resources/vulnerable-code-55.md)

**77** | [Vulnerable Code Snippet - 56](/resources/vulnerable-code-56.md)

**78** | [Vulnerable Code Snippet - 57](/resources/vulnerable-code-57.md)

**79** | [Vulnerable Code Snippet - 58](/resources/vulnerable-code-58.md)

**80** | [Vulnerable Code Snippet - 59](/resources/vulnerable-code-59.md)

**81** | [Vulnerable Code Snippet - 60](/resources/vulnerable-code-60.md)

**82** | [Vulnerable Code Snippet - 61](/resources/vulnerable-code-61.md)

**83** | [Vulnerable Code Snippet - 62](/resources/vulnerable-code-62.md)

**84** | [Vulnerable Code Snippet - 63](/resources/vulnerable-code-63.md)

**85** | [Vulnerable Code Snippet - 64](/resources/vulnerable-code-64.md)

**86** | [Vulnerable Code Snippet - 65](/resources/vulnerable-code-65.md)

**87** | [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](/resources/cwe-200.md)

**88** | [CWE-732: Incorrect Permission Assignment for Critical Resource](/resources/cwe-732.md)

**89** | [CWE-522: Insufficiently Protected Credentials](/resources/cwe-522.md)

**90** | [CWE-918: Server-Side Request Forgery (SSRF)](/resources/cwe-918)

**91** | [CWE-611: Improper Restriction of XML External Entity Reference](/resources/cwe-611.md)

**92** | [CWE-476: NULL Pointer Dereference](/resources/cwe-476.md)

**93** | [CWE-276: Incorrect Default Permissions](/resources/cwe-276.md)

**94** | [CWE-862: Missing Authorization](/resources/cwe-862.md)

**95** | [CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer](/resources/cwe-119.md)

**96** | [CWE-798: Use of Hard-coded Credentials](/resources/cwe-798.md)

**97** | [CWE-287: Improper Authentication](/resources/cwe-287.md)

# SecurityExplained NewsLetter

___

S.No. | Topic

--- | ---

**1** | [Issue-1](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-newsletter-315740)

**2** | [Issue-2](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-2-969744)

**3** | [Issue-3](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-3-979380)

**4** | [Issue-4](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-4-990787)

**5** | [Issue-5](https://t.co/MIS3cFYYtj)

**6** | [Issue-6](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-6-1014382)

**7** | [Issue-7](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-7-1026847)

**8** | [Issue-8](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-8-1038241)

**9** | [Issue-9](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-9-1049767)

**10** | [Issue-10](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-10-1061802)

**11** | [Issue-11](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-11-1073189)

**12** | [Issue-12](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-12-1084203)

**13** | [Issue-13](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-13-1095142)

**14** | [Issue-14](https://www.getrevue.co/profile/harshbothra_/issues/securityexplained-issue-14-1106987)

# AskMeAnything 

___

S.No. | Topic

--- | ---

**1** | [AMA-1: AMA with Harsh Bothra](https://twitter.com/harshbothra_/status/1497233820336418816)

**2** | [AMA-2: AMA with Six2dez](https://twitter.com/harshbothra_/status/1499731408868179972)

**3** | [AMA-3: AMA with Brumens](https://twitter.com/harshbothra_/status/1511327809733480451)

# Threads

___

S.No. | Topic

--- | ---

**1** | [7 Hacking Books you must read](https://twitter.com/harshbothra_/status/1499346357227642886)

**2** | [4 Subdomain Enumeration Tools you must have in your Arsenal 💻](https://twitter.com/harshbothra_/status/1500101328978079744)

**3** | [6 Burp Extensions to Check for Access Control & Privilege Escalation Issues](https://twitter.com/harshbothra_/status/1500848764948389889)

**4** | [5 Powerful Web Fuzzing & Content Discovery Tools You Must Know](https://twitter.com/harshbothra_/status/1501928368521945090)

**5** | [17 Search Engines every Security Professional Must Know](https://twitter.com/harshbothra_/status/1503332626580471808)

**6** | [7 Cyber Security Conferences Channel You Must Follow](https://twitter.com/harshbothra_/status/1505869341748723714)

**7** | [9 Free Practice Labs to Master Cross-Site Scripting](https://twitter.com/harshbothra_/status/1508406052663934979)

**8** | [11 MindMaps I have created that you may find useful!](https://twitter.com/harshbothra_/status/1509168580071329792)

**9** | [14 Payload Repositories to find all the required Payloads & Attack Vectors](https://twitter.com/harshbothra_/status/1509870706347032579)

# MindMaps 

S.No. | Topic

--- | ---

**1** | [Account Takeover Techniques](https://www.xmind.net/m/M3WEqG/)

**2** | [CWE TOP 10 (2021)](https://www.xmind.net/m/icrqti)