diff --git a/README.md b/README.md index 9cdde54..f240e91 100644 --- a/README.md +++ b/README.md @@ -12,100 +12,100 @@ S.NO | Mind Map ___ Day | Topic --- | --- -**1** | [2FA Bypass Techniques](/days/day1.md) -**2** | [Regular Expression Denial Of Service](/days/day2.md) -**3** | [SAML Vulnerabilities](/days/day3.md) -**4** | [Unauthenticated & Exploitable JIRA Vulnerabilities ](/days/day4.md) -**5** | [Client-Side Template Injection(CSTI)](/days/day5.md) -**6** | [Cross-Site Leaks (XS-Leaks)](/days/day6.md) -**7** | [Cross-Site Script Includes (XSSI)](/days/day7.md) -**8** | [JSON Padding Attacks](/days/day8.md) -**9** | [JSON Attacks](/days/day9.md) -**10** | [Abusing Hop-by-Hop Headers](/days/day10.md) -**11** | [Cache Poisoned Denial of Service (CPDos)](/days/day11.md) -**12** | [Unicode Normalization](/days/day12.md) -**13** | [WebSocket Vulns (Part-1)](/days/day13.md) -**14** | [WebSocket Vulns (Part-2)](/days/day14.md) -**15** | [WebSocket Vulns (Part-3)](/days/day15.md) -**16** | [Web Cache Deception Attack](/days/day16.md) -**17** | [Session Puzzling Attack](/days/day17.md) -**18** | [Mass Assignment Attack](/days/day18.md) -**19** | [HTTP Parameter Pollution](/days/day19.md) -**20** | [GraphQL Series (Part-1)](/days/day20.md) -**21** | [GraphQL Vulnerabilities (Part-2)](/days/day21.md) -**22** | [GraphQL WrapUp (Part-3)](/days/day22.md) -**23** | [Password Reset Token Issues](/days/day23.md) -**24** | [My previous works](/days/day24.md) -**25** | [Salesforce Security Misconfiguration (Part-1)](/days/day25.md) -**26** | [Salesforce Security Misconfiguration (Part-2))](/days/day26.md) -**27** | [Salesforce Configuration Review (Wrap)](/days/day27.md) -**28** | [Common Business Logic Issues: Part-1](/days/day28.md) -**29** | [Common Business Logic Issues (Part-2)](/days/day29.md) -**30** | [Common Business Logic Issues (Wrap)](/days/day30.md) -**31** | [Captcha Bypass Techniques](/days/day31.md) -**32** | [Pentesting Kibana Service](/days/day32.md) -**33** | [Pentesting Docker Registry](/days/day33.md) -**34** | [HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1)](/days/day34.md) -**35** | [HTML Scriptless Attacks / Dangling Markup Attacks (Wrap)](/days/day35.md) -**36** | [Pentesting Rsync Service](/days/day36.md) -**37** | [CRLF Injection](/days/day37.md) -**38** | [Pentesting FTP Service](/days/day38.md) -**39** | [OpenID Connect Implementation Issues](/days/day39.md) -**40** | [Cookie Based Authentication Vulnerabilities](/days/day40.md) -**41** | [Cobalt Vulnerability Wiki - Resource](/days/day41.md) -**42** | [Race Conditions](/days/day42.md) -**43** | [SMTP Open Relay Attack](/days/day43.md) -**44** | [Pentesting BACNet](/days/day44.md) -**45** | [API Security Tips](/days/day45.md) -**46** | [Pentesting SSH - Talk](/days/day46.md) -**47** | [CORS Misconfiguration](/days/day47.md) -**48** | [Incomplete Trailing Escape Pattern Issue](/days/day48.md) -**49** | [Pivoting & Exploitation in Docker Environments - Talk](/days/day49.md) -**50** | [Detect Complex Code Patterns using Semantic grep - Talk](/days/day50.md) -**51** | [Student Roadmap to Become a Pentester - Talk](/days/day51.md) -**52** | [Hacking How-To Series - Playlist](/days/day52.md) -**53** | [JS Prototype Pollution](/days/day53.md) -**54** | [JSON Deserialization Attacks](/days/day54.md) -**55** | [Android App Dynamic Analysis using House](/days/day55.md) -**56** | [Testing IIS Servers](/days/day56.md) -**57** | [Secure Code Review - Talk](/days/day57.md) -**58** | [JSON Interoperability Vulnerabilities - Research Blog](/days/day58.md) -**59** | [HTTP Desync Attacks - Talk](/days/day59.md) -**60** | [XSLT Injection](/days/day60.md) -**61** | [Bypassing AWS Policies - Talk](/days/day61.md) -**62** | [Source Code Review Guidelines - Resource](/days/day62.md) -**63** | [All of the Threats: Intelligence, Modelling and Hunting - Talk](/days/day63.md) -**64** | [Hidden Property Abuse (HPA) attack in Node.js - Talk](/days/day64.md) -**65** | [HTTP Request Smuggling in 2020 - Talk](/days/day65.md) -**66** | [Dependecy Confusion Attack - Blog](/days/day66.md) -**67** | [Format String Vulnerabilities - Webinar](/days/day67.md) -**68** | [Mobile Application Dynamic Analysis - Webinar](/days/day68.md) -**69** | [Insecure Deserialization - Talk](/days/day69.md) -**70** | [Web Cache Entanglement - Talk + Blog](/days/day70.md) -**71** | [OWASP AMASS - Bootcamp](/days/day71.md) -**72** | [Offensive Javascript Techniques for Red Teamers](/days/day72.md) -**73** | [Basic CMD for Pentesters - Cheatsheet](/days/day73.md) -**74** | [Investigating and Defending Office 365 - Talk](/days/day74.md) -**75** | [WinjaCTF 2021 Solutions - Blog](/days/day75.md) -**76** | [Kubernetes Security: Attacking and Defending K8s Clusters - Talk](/days/day76.md) -**77** | [AWS Cloud Security - Resources](/days/day77.md) -**78** | [WAF Evasion Techniques - Blog](/days/day78.md) -**79** | [File Inclusion - All-in-One](/days/day79.md) -**80** | [DockerENT Insights - Tool Demo Talk](/days/day80.md) -**81** | [ImageMagick - Shell injection via PDF password : Research Blog](/days/day81.md) -**82** | [Offensive GraphQL API Pentesting - Talk](/days/day82.md) -**83** | [Bug Bounties with Bash - Talk](/days/day83.md) -**84** | [Chrome Extensions Code Review - Talk](/days/day84.md) -**85** | [Server-Side Template Injection - Talk](/days/day85.md) -**86** | [Exploiting GraphQL - Blog](/days/day86.md) -**87** | [Exploiting Email Systems - Talk](/days/day87.md) -**88** | [Hacking with DevTools - Tutorial](/days/day88.md) -**89** | [Common Android Application Vulnerabilities - Talk](/days/day89.md) -**90** | [SAML XML Injection - Research Blog](/days/day90.md) -**91** | [Finding Access Control & Authorization Issues with Burp - Blogs](/days/day91.md) -**92** | [OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk](/days/day92.md) -**93** | [JWT Attacks - Talk](/days/day93.md) -**94-102** | [Random Readings](/days/day94_102.md) +**1** | [2FA Bypass Techniques](/days/day001.md) +**2** | [Regular Expression Denial Of Service](/days/day002.md) +**3** | [SAML Vulnerabilities](/days/day003.md) +**4** | [Unauthenticated & Exploitable JIRA Vulnerabilities ](/days/day004.md) +**5** | [Client-Side Template Injection(CSTI)](/days/day005.md) +**6** | [Cross-Site Leaks (XS-Leaks)](/days/day006.md) +**7** | [Cross-Site Script Includes (XSSI)](/days/day007.md) +**8** | [JSON Padding Attacks](/days/day008.md) +**9** | [JSON Attacks](/days/day009.md) +**10** | [Abusing Hop-by-Hop Headers](/days/day010.md) +**11** | [Cache Poisoned Denial of Service (CPDos)](/days/day011.md) +**12** | [Unicode Normalization](/days/day012.md) +**13** | [WebSocket Vulns (Part-1)](/days/day013.md) +**14** | [WebSocket Vulns (Part-2)](/days/day014.md) +**15** | [WebSocket Vulns (Part-3)](/days/day015.md) +**16** | [Web Cache Deception Attack](/days/day016.md) +**17** | [Session Puzzling Attack](/days/day017.md) +**18** | [Mass Assignment Attack](/days/day018.md) +**19** | [HTTP Parameter Pollution](/days/day019.md) +**20** | [GraphQL Series (Part-1)](/days/day020.md) +**21** | [GraphQL Vulnerabilities (Part-2)](/days/day021.md) +**22** | [GraphQL WrapUp (Part-3)](/days/day022.md) +**23** | [Password Reset Token Issues](/days/day023.md) +**24** | [My previous works](/days/day024.md) +**25** | [Salesforce Security Misconfiguration (Part-1)](/days/day025.md) +**26** | [Salesforce Security Misconfiguration (Part-2))](/days/day026.md) +**27** | [Salesforce Configuration Review (Wrap)](/days/day027.md) +**28** | [Common Business Logic Issues: Part-1](/days/day028.md) +**29** | [Common Business Logic Issues (Part-2)](/days/day029.md) +**30** | [Common Business Logic Issues (Wrap)](/days/day030.md) +**31** | [Captcha Bypass Techniques](/days/day031.md) +**32** | [Pentesting Kibana Service](/days/day032.md) +**33** | [Pentesting Docker Registry](/days/day033.md) +**34** | [HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1)](/days/day034.md) +**35** | [HTML Scriptless Attacks / Dangling Markup Attacks (Wrap)](/days/day035.md) +**36** | [Pentesting Rsync Service](/days/day036.md) +**37** | [CRLF Injection](/days/day037.md) +**38** | [Pentesting FTP Service](/days/day038.md) +**39** | [OpenID Connect Implementation Issues](/days/day039.md) +**40** | [Cookie Based Authentication Vulnerabilities](/days/day040.md) +**41** | [Cobalt Vulnerability Wiki - Resource](/days/day041.md) +**42** | [Race Conditions](/days/day042.md) +**43** | [SMTP Open Relay Attack](/days/day043.md) +**44** | [Pentesting BACNet](/days/day044.md) +**45** | [API Security Tips](/days/day045.md) +**46** | [Pentesting SSH - Talk](/days/day046.md) +**47** | [CORS Misconfiguration](/days/day047.md) +**48** | [Incomplete Trailing Escape Pattern Issue](/days/day048.md) +**49** | [Pivoting & Exploitation in Docker Environments - Talk](/days/day049.md) +**50** | [Detect Complex Code Patterns using Semantic grep - Talk](/days/day050.md) +**51** | [Student Roadmap to Become a Pentester - Talk](/days/day051.md) +**52** | [Hacking How-To Series - Playlist](/days/day052.md) +**53** | [JS Prototype Pollution](/days/day053.md) +**54** | [JSON Deserialization Attacks](/days/day054.md) +**55** | [Android App Dynamic Analysis using House](/days/day055.md) +**56** | [Testing IIS Servers](/days/day056.md) +**57** | [Secure Code Review - Talk](/days/day057.md) +**58** | [JSON Interoperability Vulnerabilities - Research Blog](/days/day058.md) +**59** | [HTTP Desync Attacks - Talk](/days/day059.md) +**60** | [XSLT Injection](/days/day060.md) +**61** | [Bypassing AWS Policies - Talk](/days/day061.md) +**62** | [Source Code Review Guidelines - Resource](/days/day062.md) +**63** | [All of the Threats: Intelligence, Modelling and Hunting - Talk](/days/day063.md) +**64** | [Hidden Property Abuse (HPA) attack in Node.js - Talk](/days/day064.md) +**65** | [HTTP Request Smuggling in 2020 - Talk](/days/day065.md) +**66** | [Dependecy Confusion Attack - Blog](/days/day066.md) +**67** | [Format String Vulnerabilities - Webinar](/days/day067.md) +**68** | [Mobile Application Dynamic Analysis - Webinar](/days/day068.md) +**69** | [Insecure Deserialization - Talk](/days/day069.md) +**70** | [Web Cache Entanglement - Talk + Blog](/days/day070.md) +**71** | [OWASP AMASS - Bootcamp](/days/day071.md) +**72** | [Offensive Javascript Techniques for Red Teamers](/days/day072.md) +**73** | [Basic CMD for Pentesters - Cheatsheet](/days/day073.md) +**74** | [Investigating and Defending Office 365 - Talk](/days/day074.md) +**75** | [WinjaCTF 2021 Solutions - Blog](/days/day075.md) +**76** | [Kubernetes Security: Attacking and Defending K8s Clusters - Talk](/days/day076.md) +**77** | [AWS Cloud Security - Resources](/days/day077.md) +**78** | [WAF Evasion Techniques - Blog](/days/day078.md) +**79** | [File Inclusion - All-in-One](/days/day079.md) +**80** | [DockerENT Insights - Tool Demo Talk](/days/day080.md) +**81** | [ImageMagick - Shell injection via PDF password : Research Blog](/days/day081.md) +**82** | [Offensive GraphQL API Pentesting - Talk](/days/day082.md) +**83** | [Bug Bounties with Bash - Talk](/days/day083.md) +**84** | [Chrome Extensions Code Review - Talk](/days/day084.md) +**85** | [Server-Side Template Injection - Talk](/days/day085.md) +**86** | [Exploiting GraphQL - Blog](/days/day086.md) +**87** | [Exploiting Email Systems - Talk](/days/day087.md) +**88** | [Hacking with DevTools - Tutorial](/days/day088.md) +**89** | [Common Android Application Vulnerabilities - Talk](/days/day089.md) +**90** | [SAML XML Injection - Research Blog](/days/day090.md) +**91** | [Finding Access Control & Authorization Issues with Burp - Blogs](/days/day091.md) +**92** | [OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk](/days/day092.md) +**93** | [JWT Attacks - Talk](/days/day093.md) +**94-102** | [Random Readings](/days/day094_102.md) **103** | [Attacking Ruby on Rails Applications - Whitepaper](/days/day103.md) **104** | [Pentesting a Chrome Extension: Real Life Case Study - Blog](/days/day104.md) **105** | [XXE Simplified - Blog](/days/day105.md) diff --git a/days/day1.md b/days/day001.md similarity index 100% rename from days/day1.md rename to days/day001.md diff --git a/days/day2.md b/days/day002.md similarity index 100% rename from days/day2.md rename to days/day002.md diff --git a/days/day3.md b/days/day003.md similarity index 100% rename from days/day3.md rename to days/day003.md diff --git a/days/day4.md b/days/day004.md similarity index 100% rename from days/day4.md rename to days/day004.md diff --git a/days/day5.md b/days/day005.md similarity index 100% rename from days/day5.md rename to days/day005.md diff --git a/days/day6.md b/days/day006.md similarity index 100% rename from days/day6.md rename to days/day006.md diff --git a/days/day7.md b/days/day007.md similarity index 100% rename from days/day7.md rename to days/day007.md diff --git a/days/day8.md b/days/day008.md similarity index 100% rename from days/day8.md rename to days/day008.md diff --git a/days/day9.md b/days/day009.md similarity index 100% rename from days/day9.md rename to days/day009.md diff --git a/days/day10.md b/days/day010.md similarity index 99% rename from days/day10.md rename to days/day010.md index c78f3ea..5efcd77 100644 --- a/days/day10.md +++ b/days/day010.md @@ -73,4 +73,4 @@ https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/Bur https://0xn3va.gitbook.io/cheat-sheets/web-application/abusing-http-hop-by-hop-request-headers https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers -``` \ No newline at end of file +``` diff --git a/days/day11.md b/days/day011.md similarity index 99% rename from days/day11.md rename to days/day011.md index ea571cb..fc9511e 100644 --- a/days/day11.md +++ b/days/day011.md @@ -90,4 +90,4 @@ X-HTTP-Method-Override: DELETE 3. https://hackerone.com/reports/921704 4. https://hackerone.com/reports/326639 5. https://hackerone.com/reports/591302 -``` \ No newline at end of file +``` diff --git a/days/day12.md b/days/day012.md similarity index 99% rename from days/day12.md rename to days/day012.md index 92efd2a..b597af5 100644 --- a/days/day12.md +++ b/days/day012.md @@ -29,4 +29,4 @@ ___ 1. WAF & Filter Bypass for Attacks like XSS, SQLi, etc. 2. Account Takeovers 3. Text Transformation Attacks -``` \ No newline at end of file +``` diff --git a/days/day13.md b/days/day013.md similarity index 99% rename from days/day13.md rename to days/day013.md index 60cef57..ec6d8c9 100644 --- a/days/day13.md +++ b/days/day013.md @@ -47,4 +47,4 @@ ___ #### References ``` WebSocket Top 7 Vuln: https://www.neuralegion.com/blog/websocket-security-top-vulnerabilities/ -``` \ No newline at end of file +``` diff --git a/days/day14.md b/days/day014.md similarity index 99% rename from days/day14.md rename to days/day014.md index 26c6d04..3528a49 100644 --- a/days/day14.md +++ b/days/day014.md @@ -23,4 +23,4 @@ Look for all IDORs cases that you look for in normal HTTP workflow 2. This behavior can be abused by an attacker to exhaust resources and perform a Denial of Service Attack. - Try sending multiple requests to initiate a WS connection in a short time, this may trigger some lagging in the app processing which can be lead to App Level DoS. -``` \ No newline at end of file +``` diff --git a/days/day15.md b/days/day015.md similarity index 99% rename from days/day15.md rename to days/day015.md index 5500cf2..20d1391 100644 --- a/days/day15.md +++ b/days/day015.md @@ -51,4 +51,4 @@ PortSwigger: https://portswigger.net/web-security/websockets - https://hackerone.com/reports/512065 - https://hackerone.com/reports/1023669 - https://hackerone.com/reports/86283 -``` \ No newline at end of file +``` diff --git a/days/day16.md b/days/day016.md similarity index 100% rename from days/day16.md rename to days/day016.md diff --git a/days/day17.md b/days/day017.md similarity index 100% rename from days/day17.md rename to days/day017.md diff --git a/days/day18.md b/days/day018.md similarity index 100% rename from days/day18.md rename to days/day018.md diff --git a/days/day19.md b/days/day019.md similarity index 100% rename from days/day19.md rename to days/day019.md diff --git a/days/day20.md b/days/day020.md similarity index 100% rename from days/day20.md rename to days/day020.md diff --git a/days/day21.md b/days/day021.md similarity index 100% rename from days/day21.md rename to days/day021.md diff --git a/days/day22.md b/days/day022.md similarity index 100% rename from days/day22.md rename to days/day022.md diff --git a/days/day23.md b/days/day023.md similarity index 100% rename from days/day23.md rename to days/day023.md diff --git a/days/day24.md b/days/day024.md similarity index 100% rename from days/day24.md rename to days/day024.md diff --git a/days/day25.md b/days/day025.md similarity index 100% rename from days/day25.md rename to days/day025.md diff --git a/days/day26.md b/days/day026.md similarity index 100% rename from days/day26.md rename to days/day026.md diff --git a/days/day27.md b/days/day027.md similarity index 100% rename from days/day27.md rename to days/day027.md diff --git a/days/day28.md b/days/day028.md similarity index 100% rename from days/day28.md rename to days/day028.md diff --git a/days/day29.md b/days/day029.md similarity index 100% rename from days/day29.md rename to days/day029.md diff --git a/days/day30.md b/days/day030.md similarity index 100% rename from days/day30.md rename to days/day030.md diff --git a/days/day31.md b/days/day031.md similarity index 100% rename from days/day31.md rename to days/day031.md diff --git a/days/day32.md b/days/day032.md similarity index 100% rename from days/day32.md rename to days/day032.md diff --git a/days/day33.md b/days/day033.md similarity index 100% rename from days/day33.md rename to days/day033.md diff --git a/days/day34.md b/days/day034.md similarity index 99% rename from days/day34.md rename to days/day034.md index 0ff3136..5012a31 100644 --- a/days/day34.md +++ b/days/day034.md @@ -56,4 +56,4 @@ steal me'test ``` a. http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks/ -``` \ No newline at end of file +``` diff --git a/days/day35.md b/days/day035.md similarity index 99% rename from days/day35.md rename to days/day035.md index 060bb6b..2047298 100644 --- a/days/day35.md +++ b/days/day035.md @@ -57,4 +57,4 @@ ___ a. https://book.hacktricks.xyz/pentesting-web/dangling-markup-html-scriptless-injection b. https://github.com/cure53/HTTPLeaks/blob/main/leak.html c. https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup -``` \ No newline at end of file +``` diff --git a/days/day36.md b/days/day036.md similarity index 99% rename from days/day36.md rename to days/day036.md index 83cde9f..d9da1b6 100644 --- a/days/day36.md +++ b/days/day036.md @@ -61,4 +61,4 @@ a. https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html#rsync-port- b. https://blog.netspi.com/linux-hacking-case-studies-part-1-rsync/ c. https://medium.com/@minimalist.ascent/enumerating-rsync-servers-with-examples-cc3718e8e2c0 -``` \ No newline at end of file +``` diff --git a/days/day37.md b/days/day037.md similarity index 99% rename from days/day37.md rename to days/day037.md index d8ef07b..3eaf7b8 100644 --- a/days/day37.md +++ b/days/day037.md @@ -76,4 +76,4 @@ b. https://medium.com/cyberverse/crlf-injection-playbook-472c67f1cb46 c. https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection d. https://medium.com/bugbountywriteup/bugbounty-exploiting-crlf-injection-can-lands-into-a-nice-bounty-159525a9cb62 -``` \ No newline at end of file +``` diff --git a/days/day38.md b/days/day038.md similarity index 99% rename from days/day38.md rename to days/day038.md index 21afe99..09dd456 100644 --- a/days/day38.md +++ b/days/day038.md @@ -64,4 +64,4 @@ c. https://www.hackingarticles.in/ftp-penetration-testing-on-ubuntu-port-21/ d. https://www.mindpointgroup.com/blog/cyber-security/conducting-and-detecting-data-exfiltration/ e. https://www.briskinfosec.com/blogs/blogsdetail/FTP-Penetration-Testing -``` \ No newline at end of file +``` diff --git a/days/day39.md b/days/day039.md similarity index 99% rename from days/day39.md rename to days/day039.md index 263574d..a453c08 100644 --- a/days/day39.md +++ b/days/day039.md @@ -47,4 +47,4 @@ ___ a. This is a really nice article and fun read to understand about the implementation and issues. Kudos to the researcher. b. Original Tweet: https://twitter.com/_lauritz_/status/1322242562216890369 -``` \ No newline at end of file +``` diff --git a/days/day40.md b/days/day040.md similarity index 99% rename from days/day40.md rename to days/day040.md index c703310..a480b2b 100644 --- a/days/day40.md +++ b/days/day040.md @@ -161,4 +161,4 @@ f. https://github.com/harsh-bothra/learn365/blob/main/days/day17.md g. https://medium.com/@tehmezovismayil/cookie-based-php-local-file-inclusion-bug-bounty-553f8b38d4dc h. https://secureteam.co.uk/articles/web-application-security-articles/understanding-session-fixation-attacks/ -``` \ No newline at end of file +``` diff --git a/days/day41.md b/days/day041.md similarity index 100% rename from days/day41.md rename to days/day041.md diff --git a/days/day42.md b/days/day042.md similarity index 99% rename from days/day42.md rename to days/day042.md index a6a9372..f62585a 100644 --- a/days/day42.md +++ b/days/day042.md @@ -48,4 +48,4 @@ a. https://medium.com/@pravinponnusamy/race-condition-vulnerability-found-in-bug b. https://hackerone.com/reports/759247 c. https://book.hacktricks.xyz/pentesting-web/race-condition#oauth2-eternal-persistence -``` \ No newline at end of file +``` diff --git a/days/day43.md b/days/day043.md similarity index 99% rename from days/day43.md rename to days/day043.md index 0dc93f7..de2b0ec 100644 --- a/days/day43.md +++ b/days/day043.md @@ -56,4 +56,4 @@ h. . a. https://www.blackhillsinfosec.com/how-to-test-for-open-mail-relays/ b. https://www.rapid7.com/db/modules/auxiliary/scanner/smtp/smtp_relay/ -``` \ No newline at end of file +``` diff --git a/days/day44.md b/days/day044.md similarity index 99% rename from days/day44.md rename to days/day044.md index 3cb043a..8bb5fc3 100644 --- a/days/day44.md +++ b/days/day044.md @@ -84,4 +84,4 @@ b. https://sapsan.on.fleek.co/hacktricks/pentesting/47808-udp-bacnet/ c. https://hitcon.org/2015/ENT/PDF/Building%20Automation%20and%20Control_miaoski.pdf d. https://www.blackhat.com/docs/us-17/wednesday/us-17-Brandstetter-insecurity-In-Building-Automation-How-To-Create-Dark-Buildings-With-Light-Speed.pdf -``` \ No newline at end of file +``` diff --git a/days/day45.md b/days/day045.md similarity index 97% rename from days/day45.md rename to days/day045.md index 99e61b2..2d35fbb 100644 --- a/days/day45.md +++ b/days/day045.md @@ -13,4 +13,4 @@ ___ a. https://t.co/Sjh5fbU8zA?amp=1 -``` \ No newline at end of file +``` diff --git a/days/day46.md b/days/day046.md similarity index 83% rename from days/day46.md rename to days/day046.md index b46c08d..a61a1f9 100644 --- a/days/day46.md +++ b/days/day046.md @@ -16,4 +16,4 @@ a. https://t.co/yvyyxEOBdl?amp=1 ``` -#### Complete Content To Be Updated. \ No newline at end of file +#### Complete Content To Be Updated. diff --git a/days/day47.md b/days/day047.md similarity index 99% rename from days/day47.md rename to days/day047.md index e868ee0..0c10d82 100644 --- a/days/day47.md +++ b/days/day047.md @@ -104,4 +104,4 @@ c. https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoi d. https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397 e. https://www.corben.io/advanced-cors-techniques/https://github.com/chenjj/CORScanner -``` \ No newline at end of file +``` diff --git a/days/day48.md b/days/day048.md similarity index 99% rename from days/day48.md rename to days/day048.md index 78af9d6..51c7122 100644 --- a/days/day48.md +++ b/days/day048.md @@ -36,4 +36,4 @@ This is one of the recently encountered scenario, there may be other impact of t ``` a. https://www.programmersought.com/article/1312520870/ -``` \ No newline at end of file +``` diff --git a/days/day49.md b/days/day049.md similarity index 76% rename from days/day49.md rename to days/day049.md index 9932c99..2cf6993 100644 --- a/days/day49.md +++ b/days/day049.md @@ -7,4 +7,4 @@ Index | Section ___ -#### Learning Resource: https://www.youtube.com/watch?v=id7phzfgumg&list=PLruly0ngXhPF6SAjbleQ-Icm8kSu1lTNr&index=32 \ No newline at end of file +#### Learning Resource: https://www.youtube.com/watch?v=id7phzfgumg&list=PLruly0ngXhPF6SAjbleQ-Icm8kSu1lTNr&index=32 diff --git a/days/day50.md b/days/day050.md similarity index 76% rename from days/day50.md rename to days/day050.md index 8ca97e6..f73ab26 100644 --- a/days/day50.md +++ b/days/day050.md @@ -7,4 +7,4 @@ Index | Section ___ -#### Learning Resource: https://www.youtube.com/watch?v=IFRp2Y3cqOw&list=PLruly0ngXhPGvyl-gOp4d_TvIiedloX1l&index=16 \ No newline at end of file +#### Learning Resource: https://www.youtube.com/watch?v=IFRp2Y3cqOw&list=PLruly0ngXhPGvyl-gOp4d_TvIiedloX1l&index=16 diff --git a/days/day51.md b/days/day051.md similarity index 64% rename from days/day51.md rename to days/day051.md index 6bda5db..7ae6ddf 100644 --- a/days/day51.md +++ b/days/day051.md @@ -7,4 +7,4 @@ Index | Section ___ -#### Learning Resource: https://t.co/LAhhUhH1VR?amp=1 \ No newline at end of file +#### Learning Resource: https://t.co/LAhhUhH1VR?amp=1 diff --git a/days/day52.md b/days/day052.md similarity index 83% rename from days/day52.md rename to days/day052.md index 25279b9..6b4db54 100644 --- a/days/day52.md +++ b/days/day052.md @@ -7,4 +7,4 @@ Index | Section ___ -#### Learning Resource: https://youtube.com/playlist?list=PL1kKTj_P1E0wcSpop-TtDHUSNJZDofFzX \ No newline at end of file +#### Learning Resource: https://youtube.com/playlist?list=PL1kKTj_P1E0wcSpop-TtDHUSNJZDofFzX diff --git a/days/day53.md b/days/day053.md similarity index 61% rename from days/day53.md rename to days/day053.md index 6f975d1..efdb9ac 100644 --- a/days/day53.md +++ b/days/day053.md @@ -7,4 +7,4 @@ Index | Section ___ -#### Learning Resource: https://t.co/FLt7ZwD3I3?amp=1 \ No newline at end of file +#### Learning Resource: https://t.co/FLt7ZwD3I3?amp=1 diff --git a/days/day54.md b/days/day054.md similarity index 100% rename from days/day54.md rename to days/day054.md diff --git a/days/day55.md b/days/day055.md similarity index 97% rename from days/day55.md rename to days/day055.md index a607cbe..d4c4446 100644 --- a/days/day55.md +++ b/days/day055.md @@ -7,4 +7,4 @@ Index | Section ___ -#### Learning Resource: https://www.youtube.com/watch?v=n7vW-TVtXb0 \ No newline at end of file +#### Learning Resource: https://www.youtube.com/watch?v=n7vW-TVtXb0 diff --git a/days/day56.md b/days/day056.md similarity index 81% rename from days/day56.md rename to days/day056.md index f422274..2282a00 100644 --- a/days/day56.md +++ b/days/day056.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: * https://t.co/6AREbPdhZy?amp=1 -* https://t.co/5eZJUWZ3bf?amp=1 \ No newline at end of file +* https://t.co/5eZJUWZ3bf?amp=1 diff --git a/days/day57.md b/days/day057.md similarity index 70% rename from days/day57.md rename to days/day057.md index 28989e5..bc749d9 100644 --- a/days/day57.md +++ b/days/day057.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=0hczZ9wrYAU \ No newline at end of file +* https://www.youtube.com/watch?v=0hczZ9wrYAU diff --git a/days/day58.md b/days/day058.md similarity index 96% rename from days/day58.md rename to days/day058.md index 878deb4..7876137 100644 --- a/days/day58.md +++ b/days/day058.md @@ -43,4 +43,4 @@ a. https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability- ``` -#### Note: This work is carried out by BishopFox Labs & this repository doesn't take any credit for the same. Shoutout to @theBumbleSec for sharing this research work. \ No newline at end of file +#### Note: This work is carried out by BishopFox Labs & this repository doesn't take any credit for the same. Shoutout to @theBumbleSec for sharing this research work. diff --git a/days/day59.md b/days/day059.md similarity index 67% rename from days/day59.md rename to days/day059.md index 74a2082..359aafc 100644 --- a/days/day59.md +++ b/days/day059.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=_A04msdplXs&t=11s \ No newline at end of file +* https://www.youtube.com/watch?v=_A04msdplXs&t=11s diff --git a/days/day60.md b/days/day060.md similarity index 100% rename from days/day60.md rename to days/day060.md diff --git a/days/day61.md b/days/day061.md similarity index 98% rename from days/day61.md rename to days/day061.md index d19f60c..1c68140 100644 --- a/days/day61.md +++ b/days/day061.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* Talk by Jon Helmus: https://www.youtube.com/watch?v=OyEXjSxRB90 \ No newline at end of file +* Talk by Jon Helmus: https://www.youtube.com/watch?v=OyEXjSxRB90 diff --git a/days/day62.md b/days/day062.md similarity index 79% rename from days/day62.md rename to days/day062.md index 824ee65..12e1e43 100644 --- a/days/day62.md +++ b/days/day062.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* An interesting resource talking about Source Code Review Guidelines, Checklist, Remedial Code & Vulnerable Code Identification: https://info.ninadmathpati.com/resources/source-code-review \ No newline at end of file +* An interesting resource talking about Source Code Review Guidelines, Checklist, Remedial Code & Vulnerable Code Identification: https://info.ninadmathpati.com/resources/source-code-review diff --git a/days/day63.md b/days/day063.md similarity index 75% rename from days/day63.md rename to days/day063.md index 3aad376..0e3c791 100644 --- a/days/day63.md +++ b/days/day063.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=II5X0lj-Zjk \ No newline at end of file +* https://www.youtube.com/watch?v=II5X0lj-Zjk diff --git a/days/day64.md b/days/day064.md similarity index 74% rename from days/day64.md rename to days/day064.md index c0bdf36..2074fb1 100644 --- a/days/day64.md +++ b/days/day064.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=mDQwYVnEXt4 \ No newline at end of file +* https://www.youtube.com/watch?v=mDQwYVnEXt4 diff --git a/days/day65.md b/days/day065.md similarity index 71% rename from days/day65.md rename to days/day065.md index deffb47..8301d8a 100644 --- a/days/day65.md +++ b/days/day065.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=Zm-myHU8-RQ \ No newline at end of file +* https://www.youtube.com/watch?v=Zm-myHU8-RQ diff --git a/days/day66.md b/days/day066.md similarity index 91% rename from days/day66.md rename to days/day066.md index 0ff079a..f587439 100644 --- a/days/day66.md +++ b/days/day066.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://redhuntlabs.com/blog/dependency-confusion-attack-what-why-and-how.html \ No newline at end of file +* https://redhuntlabs.com/blog/dependency-confusion-attack-what-why-and-how.html diff --git a/days/day67.md b/days/day067.md similarity index 71% rename from days/day67.md rename to days/day067.md index 9f1e7dd..09f3855 100644 --- a/days/day67.md +++ b/days/day067.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=NnNYgFYcfSE \ No newline at end of file +* https://www.youtube.com/watch?v=NnNYgFYcfSE diff --git a/days/day68.md b/days/day068.md similarity index 72% rename from days/day68.md rename to days/day068.md index aa70111..2c7a077 100644 --- a/days/day68.md +++ b/days/day068.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=M6mqeI-Vd4I&t=6s \ No newline at end of file +* https://www.youtube.com/watch?v=M6mqeI-Vd4I&t=6s diff --git a/days/day69.md b/days/day069.md similarity index 72% rename from days/day69.md rename to days/day069.md index d82b61b..d13059d 100644 --- a/days/day69.md +++ b/days/day069.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=Y0QxwRyqlh8 \ No newline at end of file +* https://www.youtube.com/watch?v=Y0QxwRyqlh8 diff --git a/days/day70.md b/days/day070.md similarity index 71% rename from days/day70.md rename to days/day070.md index 20dcc90..353cf88 100644 --- a/days/day70.md +++ b/days/day070.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: * Talk: https://www.youtube.com/watch?v=jXSmx0fnjgg -* Blog: https://portswigger.net/research/web-cache-entanglement \ No newline at end of file +* Blog: https://portswigger.net/research/web-cache-entanglement diff --git a/days/day71.md b/days/day071.md similarity index 68% rename from days/day71.md rename to days/day071.md index c4f6832..14e9caa 100644 --- a/days/day71.md +++ b/days/day071.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=OOurkCPf2-I&t=2s \ No newline at end of file +* https://www.youtube.com/watch?v=OOurkCPf2-I&t=2s diff --git a/days/day72.md b/days/day072.md similarity index 80% rename from days/day72.md rename to days/day072.md index 318dc80..b2f3e8d 100644 --- a/days/day72.md +++ b/days/day072.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://t.co/A4UQmNcybI?amp=1 \ No newline at end of file +* https://t.co/A4UQmNcybI?amp=1 diff --git a/days/day73.md b/days/day073.md similarity index 64% rename from days/day73.md rename to days/day073.md index 9fdd119..0ff3b14 100644 --- a/days/day73.md +++ b/days/day073.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://book.hacktricks.xyz/windows/basic-cmd-for-pentesters \ No newline at end of file +* https://book.hacktricks.xyz/windows/basic-cmd-for-pentesters diff --git a/days/day74.md b/days/day074.md similarity index 86% rename from days/day74.md rename to days/day074.md index c1566b2..8f41f95 100644 --- a/days/day74.md +++ b/days/day074.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=ia0T8i7LAAI&list=PLH15HpR5qRsXE_4kOSy_SXwFkFQre4AV_&index=7 \ No newline at end of file +* https://www.youtube.com/watch?v=ia0T8i7LAAI&list=PLH15HpR5qRsXE_4kOSy_SXwFkFQre4AV_&index=7 diff --git a/days/day75.md b/days/day075.md similarity index 64% rename from days/day75.md rename to days/day075.md index aca1ce6..cd27c63 100644 --- a/days/day75.md +++ b/days/day075.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://shreyapohekar.com/blogs/winjactf-2021-solutions-2/ \ No newline at end of file +* https://shreyapohekar.com/blogs/winjactf-2021-solutions-2/ diff --git a/days/day76.md b/days/day076.md similarity index 78% rename from days/day76.md rename to days/day076.md index 9ec10b1..d785d13 100644 --- a/days/day76.md +++ b/days/day076.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: * https://www.youtube.com/watch?v=OOHmg1J_8ck -* https://github.com/magnologan/awesome-k8s-security \ No newline at end of file +* https://github.com/magnologan/awesome-k8s-security diff --git a/days/day77.md b/days/day077.md similarity index 78% rename from days/day77.md rename to days/day077.md index 75e01e3..1beb27f 100644 --- a/days/day77.md +++ b/days/day077.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://hackingthe.cloud/aws/ \ No newline at end of file +* https://hackingthe.cloud/aws/ diff --git a/days/day78.md b/days/day078.md similarity index 70% rename from days/day78.md rename to days/day078.md index 0424109..ecbb1ca 100644 --- a/days/day78.md +++ b/days/day078.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://blog.isec.pl/waf-evasion-techniques/ \ No newline at end of file +* https://blog.isec.pl/waf-evasion-techniques/ diff --git a/days/day79.md b/days/day079.md similarity index 71% rename from days/day79.md rename to days/day079.md index 0bc3d3d..0a9e1fc 100644 --- a/days/day79.md +++ b/days/day079.md @@ -8,4 +8,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=Luh4HGCLhmI \ No newline at end of file +* https://www.youtube.com/watch?v=Luh4HGCLhmI diff --git a/days/day80.md b/days/day080.md similarity index 80% rename from days/day80.md rename to days/day080.md index c2ff312..0700a8e 100644 --- a/days/day80.md +++ b/days/day080.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: * https://www.youtube.com/watch?v=wg9rxX_lEts -* https://github.com/r0hi7/DockerENT \ No newline at end of file +* https://github.com/r0hi7/DockerENT diff --git a/days/day81.md b/days/day081.md similarity index 90% rename from days/day81.md rename to days/day081.md index c8dd8dc..8be5c76 100644 --- a/days/day81.md +++ b/days/day081.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html \ No newline at end of file +* https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html diff --git a/days/day82.md b/days/day082.md similarity index 86% rename from days/day82.md rename to days/day082.md index a65ad6c..ba7933f 100644 --- a/days/day82.md +++ b/days/day082.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=eKj8F9bOOvk&list=PLegn9T1wU4sXzNdQauSUzyCGNR2W__FxH&index=1 \ No newline at end of file +* https://www.youtube.com/watch?v=eKj8F9bOOvk&list=PLegn9T1wU4sXzNdQauSUzyCGNR2W__FxH&index=1 diff --git a/days/day83.md b/days/day083.md similarity index 83% rename from days/day83.md rename to days/day083.md index dbb84b4..fbd5f85 100644 --- a/days/day83.md +++ b/days/day083.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=s9w0KutMorE&list=PLYn5_MxRvV-cP9HYIXiyqpz7mdGsaWRX5&index=1&t=3s \ No newline at end of file +* https://www.youtube.com/watch?v=s9w0KutMorE&list=PLYn5_MxRvV-cP9HYIXiyqpz7mdGsaWRX5&index=1&t=3s diff --git a/days/day84.md b/days/day084.md similarity index 71% rename from days/day84.md rename to days/day084.md index d28e0e1..9cd76a8 100644 --- a/days/day84.md +++ b/days/day084.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=hmNNPUicpuY \ No newline at end of file +* https://www.youtube.com/watch?v=hmNNPUicpuY diff --git a/days/day85.md b/days/day085.md similarity index 100% rename from days/day85.md rename to days/day085.md diff --git a/days/day86.md b/days/day086.md similarity index 89% rename from days/day86.md rename to days/day086.md index 8fc986e..5d371b8 100644 --- a/days/day86.md +++ b/days/day086.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/ \ No newline at end of file +* https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/ diff --git a/days/day87.md b/days/day087.md similarity index 83% rename from days/day87.md rename to days/day087.md index 143390d..4ff69a3 100644 --- a/days/day87.md +++ b/days/day087.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=cThFNXrBYQU&list=PLYn5_MxRvV-cP9HYIXiyqpz7mdGsaWRX5&index=3&t=25s \ No newline at end of file +* https://www.youtube.com/watch?v=cThFNXrBYQU&list=PLYn5_MxRvV-cP9HYIXiyqpz7mdGsaWRX5&index=3&t=25s diff --git a/days/day88.md b/days/day088.md similarity index 67% rename from days/day88.md rename to days/day088.md index 28d7729..ecf7d11 100644 --- a/days/day88.md +++ b/days/day088.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=Y1S5s3FmFsI&t=166s \ No newline at end of file +* https://www.youtube.com/watch?v=Y1S5s3FmFsI&t=166s diff --git a/days/day89.md b/days/day089.md similarity index 74% rename from days/day89.md rename to days/day089.md index f440071..8160d0f 100644 --- a/days/day89.md +++ b/days/day089.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://www.youtube.com/watch?v=51S8PeuzlmI \ No newline at end of file +* https://www.youtube.com/watch?v=51S8PeuzlmI diff --git a/days/day90.md b/days/day090.md similarity index 63% rename from days/day90.md rename to days/day090.md index fd2db5f..b070ea1 100644 --- a/days/day90.md +++ b/days/day090.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://research.nccgroup.com/2021/03/29/saml-xml-injection/ \ No newline at end of file +* https://research.nccgroup.com/2021/03/29/saml-xml-injection/ diff --git a/days/day91.md b/days/day091.md similarity index 90% rename from days/day91.md rename to days/day091.md index 685388c..934aaf2 100644 --- a/days/day91.md +++ b/days/day091.md @@ -11,4 +11,4 @@ ___ * https://blog.yeswehack.com/yeswerhackers/pimpmyburp-auth-analyzer-test-horizontal-vertical-privileges-escalation/ * https://blog.yeswehack.com/yeswerhackers/pimpmyburp-pwnfox-autorize-find-idor/ -* https://blog.yeswehack.com/yeswerhackers/pimpmyburp/pimpmyburp-autorepeater-add-automation-burp-suite/ \ No newline at end of file +* https://blog.yeswehack.com/yeswerhackers/pimpmyburp/pimpmyburp-autorepeater-add-automation-burp-suite/ diff --git a/days/day92.md b/days/day092.md similarity index 82% rename from days/day92.md rename to days/day092.md index 86d8651..fa698e1 100644 --- a/days/day92.md +++ b/days/day092.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://t.co/jdIfFdiSnL?amp=1 \ No newline at end of file +* https://t.co/jdIfFdiSnL?amp=1 diff --git a/days/day93.md b/days/day093.md similarity index 75% rename from days/day93.md rename to days/day093.md index f167b4e..ad54497 100644 --- a/days/day93.md +++ b/days/day093.md @@ -9,4 +9,4 @@ ___ #### Learning Resource: -* https://t.co/uZaskPO2jI?amp=1 \ No newline at end of file +* https://t.co/uZaskPO2jI?amp=1 diff --git a/days/day94_102.md b/days/day094_102.md similarity index 99% rename from days/day94_102.md rename to days/day094_102.md index 32ab96d..a114e89 100644 --- a/days/day94_102.md +++ b/days/day094_102.md @@ -17,4 +17,4 @@ ___ * Day 99: https://twitter.com/harshbothra_/status/1380579297023250433 * Day 100: https://twitter.com/harshbothra_/status/1380936643452887040 * Day 101: https://twitter.com/harshbothra_/status/1381281900073943048 -* Day 102: https://twitter.com/harshbothra_/status/1381627575521308679 \ No newline at end of file +* Day 102: https://twitter.com/harshbothra_/status/1381627575521308679