Skip to content

Instantly share code, notes, and snippets.

@rava-dosa

rava-dosa/startingwithhacking.md

Last active March 15, 2023 16:29
Show Gist options
  • Save rava-dosa/4e425406efe8112a260ff364befe1d46 to your computer and use it in GitHub Desktop.
Save rava-dosa/4e425406efe8112a260ff364befe1d46 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
startingwithhacking.md
  1. Awesome repo contains methodologies and tools,https://github.com/swisskyrepo/PayloadsAllTheThings
  2. https://github.com/vasanthk/how-web-works
  3. hackerone hacking101, bugcrowd
  4. pwning owasp juice shop, https://leanpub.com/juice-shop
  5. https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Online
  6. The Tangled Web: A Guide to Securing Modern Web Applications
  7. https://juice-shop.herokuapp.com
  8. bugbountynotes
  9. https://blog.quarkslab.com/reverse-engineering-a-philips-trimedia-cpu-based-ip-camera-part-1.html
  10. https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
  11. https://www.malwaretech.com/
  12. https://www.google.com/search?client=ubuntu&channel=fs&q=Platform+Firmware+Security+Defense+for+Enterprise+System+Administrators+and+Blue+Teams&ie=utf-8&oe=utf-8
  13. https://preossec.com/
  14. https://github.com/Screetsec/Vegile
  15. https://web.archive.org/web/20190322165819/https://techbizweb.com/hacking-microcontroller-firmware-through-a-usb/
  16. https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
  17. https://web.archive.org/web/20150430170555/http://sla.ckers.org/forum/, phrack
  18. https://medium.com/@douglasbellonrocha/defend-from-hackers-using-computer-networking-fundamentals-d80275f37af3
  19. https://web.archive.org/web/20190427103403/https://medium.com/@and_sanford/the-world-of-cybersecurity-f0b14429e1c4
  20. https://medium.com/swlh/smuggler-and-cove-a-poc-for-data-exfiltration-using-scapy-e44649feae6
  21. https://web.archive.org/web/20190720164257/https://medium.com/@ehsahil/recon-my-way-82b7e5f62e21
  22. http://pentestit.com/list-of-open-source-c2-post-exploitation-frameworks/
  23. https://web.archive.org/web/20190808041736/https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
  24. https://blog.cobalt.io/is-your-serverless-app-secure-d863055deaf6
  25. https://github.com/m4ll0k/Awesome-Hacking-Tools
  26. https://github.com/sbilly/awesome-security
  27. https://checkmarx.gitbooks.io/go-scp/
  28. https://github.com/guardrailsio/awesome-golang-security
  29. http://qnimate.com/same-origin-policy-in-nutshell/
  30. https://web.archive.org/web/20190806081016/https://www.fugue.co/blog/a-technical-analysis-of-the-capital-one-cloud-misconfiguration-breach
  31. https://github.com/Ignitetechnologies/Privilege-Escalation
  32. https://web.archive.org/web/20190905160156/https://research.securitum.com/xss-in-google-colaboratory-bypassing-content-security-policy/
  33. https://portswigger.net/kb/issues/00500100_open-redirection-reflected, https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e, https://web.archive.org/web/20190613132934/https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
  34. https://github.com/EdOverflow/can-i-take-over-xyz
  35. https://medium.com/@0xHyde/exploiting-history-back-3ec789c124dd. https://web.archive.org/web/20190928062359/https://medium.com/@0xHyde/exploiting-history-back-3ec789c124dd
  36. https://stackoverflow.com/questions/3338642/updating-address-bar-with-new-url-without-hash-or-reloading-the-page
  37. go to exploit db search for tcp, ....
  38. https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
  39. Docker -> https://blog.ropnop.com/docker-for-pentesters/

XSS

  1. https://security.stackexchange.com/questions/46836/what-is-mutation-xss-mxss
  2. https://www.youtube.com/watch?v=lG7U3fuNw3A
  3. https://github.com/cure53/DOMPurify
  4. https://github.com/google/closure-library
  5. https://github.com/s0md3v/AwesomeXSS
  6. https://web.archive.org/web/20190407180420/https://github.com/robocyber/Awesome-XSS-Payloads/blob/master/ADVANCED%20XSS
  7. https://brutelogic.com.br/blog/cors-enabled-xss/
  8. https://stackoverflow.com/questions/29951847/why-does-cors-allow-sending-data-to-any-server
  9. https://web.archive.org/web/20190729082300/https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/
  10. https://blog.0daylabs.com/category-jsp/
  11. https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa
  12. https://www.vulnhub.com/resources/
  13. https://github.com/The-Art-of-Hacking

DDoS mitigation

  1. https://web.archive.org/web/20190421080152/https://blog.thousandeyes.com/using-bgp-reroute-traffic-ddos/
  2. https://linuxacademy.com/blog/amazon-web-services-2/aws_shield/
  3. https://javapipe.com/blog/iptables-ddos-protection/

grocery store

(link: http://pwnable.kr) pwnable.kr (link: https://pwnable.tw) pwnable.tw (link: https://ctflearn.com) ctflearn.com (link: https://www.root-me.org) root-me.org (link: https://www.hackthebox.eu) hackthebox.eu (link: https://www.hacking-lab.com) hacking-lab.com (link: https://microcorruption.com) microcorruption.com (link: https://crackmes.one) crackmes.one (link: https://ctflearn.com/) ctflearn.com

osint

https://keyfindings.blog/2019/08/25/unravelling-the-norton-scam-final-chapter/

redteaming

https://0xsp.com/offensive/red-teaming-toolkit-collection

labs

https://github.com/aasthayadav/CompSecAttackLabs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment