Awesome Open Source
Awesome Open Source

Learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Anubhav Singh. Huge thanks to Harsh Bothra, from whoam I got motivated to start this Learn365 challenge.


Day Topic
1
  • Learn Javascript
  • The Tool Box karma v2 and 4-ZERO-3 - Talk
  • Finding and exploiting unintended functionality in main web app APIs - Writeup
  • Workflow for Javascript Recon
2
  • Learn Javascript
  • Read BugBounty BootCamp - Book
  • Learn Python
3
  • Learn Javascript
  • AWS Lambda Command Injection - Writeup
  • A tale of zero click account takeover - Writeup
4
  • Learn CSS
  • Learn Python
5
  • Learn Javascript [Revision]
6
  • Solved DOM based XSS Labs on Portswigger
7
  • Solved DOM based XSS Labs on Portswigger
  • Learn Python
8
  • A Cool Account Takeover Vulnerability due to lack of Client Side Validation - WriteUp
9
  • WebSockets not Bound by SOP and CORS? - WriteUp
10
  • Unauth Cache Purging - WriteUp
  • How I was able to change victims password using IDN Homograph Attack - WriteUp
11
  • Controlling the web message source - Lab
  • JavaScript for Hackers - Video
  • HACKING postMessage() - Video
  • Introduction postmessage vulnerabilities - Writeup
  • Postmessage vulnerability demo -Lab
12
  • A simple Data Exfiltration! Excel magic - Writeup
13
  • One Token to leak them all : The story of a $8000 NPM_TOKEN - Writeup
  • Introduction to GraphQL - GraphQL Exploitation Part1 - Video
14
  • Finding The Origin IP Behind CDNs - Writeup
15
  • Hunting postMessage Vulnerabilities - White Paper
16
  • 120 Days of High Frequency Hunting - WriteUp
  • Hunting postMessage Vulnerabilities - White Paper
17
  • How to find new/more domains of a company? - Recon Stuff - Writeup
18
  • Read BugBounty BootCamp - Book
19
  • The Tale of a Click leading to RCE - Writeup
20
  • PostMessage Vulnerabilities - WriteUp
21
  • DVGA - Damn Vulnerable GraphQL Application Part 2 - Video
22
  • Chrome DevTools Crash Course - Video
23
  • Crontab for Linux Admins - Video
24
  • Template Injection in Action: 2-hour workshop on Template Injection (SSTI)
  • Read BugBounty BootCamp - Book
25
  • Hacking REST APIs: A beginner's guide - Course
26
  • Read BugBounty BootCamp - Book
  • Read zseano's methodology - Book
27
  • Read zseano's methodology - Book
28
  • Read zseano's methodology - Book
  • Params Discovering Hidden Treasure in WebApps - Writeup
29
  • WebSockets and Hacking - Writeup
30
  • Pentesting API Top 10 - Talk
31
  • Read BugBounty BootCamp - Book
  • Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite - Writeup
32
  • Android: Quick History on Smartphones - Video
  • Intro to App Development - Video
  • Top 25 Browser Extensions for Pentesters and Bugbounty Hunters (2022) - Writeup
33
  • Intro to Android Architecture and Security - Video
  • What is an Android Operating System & Its Features - Writeup
  • Android Internals 101: How Android OS Starts You Application - Writeup
  • Android Security Part 1- Understanding Android Basics - Writeup
34
  • Mobile Application Penetration Testing - TCM Course
35
  • Read BugBounty BootCamp - Book
36
  • Solved 1-10 Challenges of InjuredAndroid
  • Recon methodology of @GodfatherOrwa - Video
37
  • Read BugBounty BootCamp - Book
38
  • 1,2 Exercises: Android App Reverse Engineering 101
39
  • 3,4 Exercises: Android App Reverse Engineering 101
40
  • Android App Reverse Engineering LIVE! Part 1 - Workshop
41
  • Android Architecture + Static Analysis with apktool + gf + jadx
  • Insecure Logging & Storage + Setup Genymotion & pidcat
42
  • Troubleshooting connection between WSL and android emulator
43
  • Mobexler : A Mobile Application Penetration Testing Platform - Video
44
  • Android Pentesting Lab Setup - Writeup
45
  • Hacking Android Deeplink Issues and Insecure URL Validation - Video
46
  • SINGLE-SIGN-ON SECURITY ISSUES : BugBounty BootCamp - Book
47
  • Solved Flag 12 & 13 of Injured Android
48
  • Android SSL Pinning Bypass for Bug Bounties & Penetration Testing - Video
  • SSL Pinning in Android Part 1 - Writeup
  • SSL Pinning in Android Part 2 - Writeup
  • What is Android Rooting? - Writeup
  • Four Ways to Bypass Android SSL Verification and Certificate Pinning - Writeup
49
  • Bypassing OkHttp Certificate Pinning - Writeup
  • Disabling SSL Pinning in Android Apps using Frida / Objection - Writeup
  • How To Bypass Apps Root Detection In Android - Writeup
  • Bug Bounty on Android : setup your Genymotion environment for APK analysis - Writeup
50
  • The Ultimate Guide to Android SSL Pinning Bypass - Guide
51
  • OAuth terminologies and flows explained - Video
  • OAuth 2.0 Hacking Simplified Part 1 Understanding Basics - Writeup
  • OAuth 2.0 Hacking Simplified Part 2 Vulnerabilities and Mitigation - Writeup
52
  • Bug Bounty Bypassing Endpoints - Writeup
53
  • How I made 25000 USD in bug bounties with reverse proxy - Writeup
54
  • Intercepting Android Emulator SSL traffic with burp using magisk - Writeup
55
  • Subdomains Tools Review: a full and detailed comparison of subdomain enumeration tools - Writeup
56
  • Lab: Authentication bypass via OAuth implicit flow
57
  • Web Authentication and Authorization Zine - Zine
58
  • Forced OAuth profile linking - Lab
  • OAuth account hijacking via redirect_uri - Lab
  • Stealing OAuth access tokens via an open redirect - Lab
59
  • ANDROID APP SECURITY BASICS (Static analysis - Part 1) - Video
60
  • HACKING ANDROID WebViews (Static analysis - Part 2) - Video
  • Getting Started with Android Application Security - Writeup
  • Android Pentest: Automated Analysis using MobSF - Writeup
  • Static Analysis of Android Application & Tools Used - Writeup
  • Complete Android Pentesting Guide - Writeup
61
  • Android App Security & Testing - Writeup
  • Exploiting Android activity android:exported="true" - Writeup
  • Exploiting Activity in medium android app - Writeup
62
  • Android Penetration Testing: Drozer - Writeup
63
  • Android Pentest: Deep Link Exploitation - Writeup
64
  • Android Applications Pentesting (Static Analysis) - HackTricks
65
  • OAuth Sign Up AND Log In (1-6 Slides) - Slides
66
  • Authentication bypass due to weak verification of SAML Token - Writeup
67
  • Bypassing Google Authentication on Periscope's Administration Panel - Writeup
68
  • Burp Bounty v2 Documentation
  • Architect: Major Design Decisions - OAuth
  • Classic Web Application: Authorization Code Grant Flow - OAuth
69
  • Authorizationcode_tester - Tester: Exploit Mistakes
70
  • Pwning a Server using Markdown - Writeup
71
  • Critical XSS in chrome extension - Writeup
72
  • Penetrate the Protected Component in Android Part 1 - Writeup
73
  • Penetrate the Protected Component in Android Part 2 - Writeup
74
  • From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password - Writeup
75
  • How Tapjacking Made a Return with Android Marshmallow and Nobody Noticed - Writeup
76
  • How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? - Writeup
77
  • Android Development (1:45 Hrs) - Video
78
  • Android Development: Java Refresher - Video
79
  • Android Development: Activities & Layouts - Video
80
  • Android Development: MultiScreen Apps - Video
81
  • How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes - Writeup
82
  • From XSS to RCE (dompdf 0day) - Writeup
83
  • A Detailed Guide on httpx - Writeup
84
  • Chapter 24 API Hacking : BugBounty BootCamp - Book
85
  • Preparing for API Security Testing : Hacking APIs - Book
86
  • How web applications work : Hacking APIs - Book
87 - 90
  • The Anatomy of Web APIs : Hacking APIs - Book
91
  • DIVA Android App: Walkthrough - Writeup
92
  • The Anatomy of Web APIs : Hacking APIs - Book
93
  • Android Penetration Testing: Frida - Writeup
94
  • Diva apk analysis - Writeup
95
  • API Authentication: Hacking APIs - Book
96
  • Watch out the links : Account takeover! - Writeup
97
  • 10 things you must do when Pentesting Android Applications - Writeup
  • Dumping Android application memory with fridump - Writeup
  • Mobile Risks: M1 Improper platform usage - Writeup
  • Mobile Risks: M2 Insecure data storage - Writeup
  • Mobile Risks: M3 Insecure communication - Writeup
  • Understanding the OWASP Mobile Top 10 Security Risks: Part Two (M4-M7) - Writeup
  • Understanding the OWASP Mobile Top 10 Security Risks: Part Three (M8-M10) - Writeup
98
  • Vulnerable Android Broadcast Receivers - Writeup
99
  • API Insecurities Hacking APIs - Book
100
  • How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty - Writeup
101
  • Open Android Security Assessment Methodology - Repo
102
  • API Insecurities Hacking APIs (page 72 - 81) - Book
103
  • API Insecurities Hacking APIs (page 84 - 96) - Book
104
  • How I made $10K in bug bounties from GitHub secret leaks - Writeup
105
  • Android: How to Bypass Root Check and Certificate Pinning - Writeup
  • Comparison of Different Android Root-Detection Bypass Tools - Writeup
106
  • Bypassing a WAF by Finding the Origin IP - Video
107
  • Inspecting Android Traffic using Proxyman + apk-mitm - Writeup
108
  • NoSQL Injection in Plain Sight - Writeup
109
  • Configuring an out-of-band callback listener and notification service in under 10 minutes using AWS Lambda function URLs and Discord webhooks - Writeup
110
  • Supplemental Tools : Hacking APIs - Book
111
  • Android Root Detection Bypass Using Objection and Frida Scripts - Writeup
112
  • Configuring Frida with BurpSuite and Genymotion to bypass Android SSL Pinning - Writeup
113
  • Find new domains of a company using SSL Certificates - Bug Bounty Recon - Writeup
114
  • Exploiting Android Fingerprint Authentication - Writeup
115
  • Testing-Local-Authentication - Owasp Guide
116
  • Bypass of Biometrics & Password Security Functionality For android - Writeup
117
  • Creating Code for Bypassing Android Security Checks: Frida - Video
118
  • Sharpening your FRIDA scripting skills with Frida Tool - Writeup
119
  • Hacking Android Apps with Frida - Video
120
  • ATO without any interaction : aws cognito misconfiguration - Writeup
121
  • NahamCon CTF 2022 Write-up: Click Me! Android challenge - Writeup
122
  • Android Application Security [chapter 0x1] - Introduction to Frida - Writeup
123
  • Getting started with Frida on Android Apps - Writeup
124
  • Exploration of Native Modules on Android with Frida - Writeup
125
  • How to exploit GraphQL endpoint: introspection, query, mutations & tools - Writeup
126
  • DVGA Batch Query Attack GraphQL Exploitation : Part 3 DVGA - Video
127
  • The $16,000 Dev Mistake - Writeup
128
  • FirstBlood : HackEvent BugBountyHunter.com - Reports
129
  • Exploring Native Functions with Frida on Android - Writeup
130
  • Add JNI(C/C++) into your existing Android app - Writeup
131
  • Demystifying Frida - Video
132
  • How to hook Android Native methods with Frida (Noob Friendly) - Writeup
133
  • Instrumenting Native Android Functions using Frida - Writeup
134
  • Forging OAuth tokens using discovered client id and client secret - Writeup
135
  • Getting started with Android NDK: Android Tutorial - Writeup
136
  • Can analyzing javascript files lead to remote code execution? - Writeup
137
  • XML External Entity (XXE) : The Ultimate Guide - Writeup
138
  • Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application - Video
139
  • PHP Command Injection ->Time Based SQL $2000 bounty - Writeup
140
  • How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) - Writeup
141
  • My Bug Bounty Adventure (Fuzzing + Information Disclosure) - Writeup
142
  • Exploiting CRLF Injection can lands into a nice bounty - Writeup
143
  • PayPal IDOR via billing Agreement Token (closed Informative, payment fraud) - Writeup
144
  • How I Hacked NASA to execute arbitrary commands in their server! - Writeup
145
  • SQL injection through HTTP headers - Writeup
146
  • Automate your recon With Censys HOW Pro hacker use Censys - Writeup
147
  • How I Found a companys internal S3 Bucket with 41k Files - Writeup
148
  • Bypassing File Upload Restriction using Magic Bytes - Writeup
149
  • Story about more than 3.5 million PII leakage in Yahoo!!! (Using an IOS) - Writeup
150
  • How to find & access Admin Panel by digging into JS files - Writeup
151
  • Solved Lame Box - HTB
152
  • Understanding And Identifying Insecure Deserialization - Writeup
153
  • Dependency Confusion : A Supply Chain Attack - Writeup
154
  • Solved Lame Box - HTB
155
  • This is why you shouldnt trust your Federated Identity Provider - Writeup
156
  • If Its a Feature!!! Lets Abuse It for $750 - Writeup
157
  • Business Logic Errors - Art of Testing Cards - Writeup
158
  • Hacking Nginx: Best ways - Writeup
159
  • Frida hooking android part 1 - Writeup
160
  • Frida hooking android part 2 - Writeup
161
  • Frida hooking android part 3 - Writeup
162
  • Frida hooking android part 4 - Writeup
163
  • Frida hooking android part 5: Bypassing AES encryption - Writeup
164
  • Exploiting esoteric android vulnerability - Workshop by Sharan & Sanjay at BSides Ahmedabad 2021 - Video
165
  • Andromeda- GUI based Dynamic Instrumentation Toolkit powered by Frida - Shivang Desai - Video
166
  • How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook - Writeup
167
  • Hacking into WordPress themes for CVEs and Fun - Writeup
168
  • Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation - Writeup
169 - 170
  • Android development - Video
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Learning (76,251
Vulnerabilities (15,535
Penetration Testing (3,119
Information Security (1,250
Application Security (456
Pentesting Tools (191
Bugbountytips (55