Security Explained

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under #SecurityExplained series:

1. Tweets explaining interesting security stuff
2. Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks
3. Security Discussion Spaces/Meets
4. Monthly Mindmap/Mindmap based explainers for different attacks/techniques
5. My Pentesting Methodology Breakdown
6. Giveaways and Community Engagement
7. GitHub Repository to Maintain "SecurityExplained"
8. Public & Free to Access
9. Newsletter

Follow me on Twitter for Regular Updates: Harsh Bothra.

Note: Please note that this series will run on irregular scehdules and it is not necessary to produce & share content on a regular or daily basis.

Content by Harsh

S.No. | Topic --- | --- 1 | My Penetration Testing Methodology [Web] 2 | FeroxBuster Explained 3 | Creating Custom Wordlist for Content Discovery 4 | Escalating HTML Injection to Cloud Metadata SSRF 5 | Bypassing Privileges & Other Restrictions with Mass Assignment Attacks 6 | Bypassing Biometrics in iOS with Objection 7 | My Methodology to Test Premium Features 8 | Bypassing Filters(and more) with Visual Spoofing 9 | Path Traversal via File Upload 10 | Attacking Zip Upload Functionality with ZipSlip Attack 11 | RustScan - The Modern Port Scanner 12 | Vulnerable Code Snippet - 1 13 | Vulnerable Code Snippet - 2 14 | Exploiting XXE in JSON Endpoints 15 | Vulnerable Code Snippet - 3 16 | Vulnerable Code Snippet - 4 17 | Vulnerable Code Snippet - 5 18 | Vulnerable Code Snippet - 6 19 | Vulnerable Code Snippet - 7 20 | Vulnerable Code Snippet - 8 21 | Vulnerable Code Snippet - 9 22 | Vulnerable Code Snippet - 10 23 | Vulnerable Code Snippet - 11 24 | Vulnerable Code Snippet - 12 25 | Vulnerable Code Snippet - 13 26 | Vulnerable Code Snippet - 14 27 | Vulnerable Code Snippet - 15 28 | Vulnerable Code Snippet - 16 29 | Vulnerable Code Snippet - 17 30 | Vulnerable Code Snippet - 18 31 | Vulnerable Code Snippet - 19 32 | Account Takeover Methodology 33 | Vulnerable Code Snippet - 20 34 | Vulnerable Code Snippet - 21 35 | Vulnerable Code Snippet - 22 36 | Vulnerable Code Snippet - 23 37 | Vulnerable Code Snippet - 24 38 | Vulnerable Code Snippet - 25 39 | Vulnerable Code Snippet - 26 40 | Vulnerable Code Snippet - 27 41 | Vulnerable Code Snippet - 28 42 | Vulnerable Code Snippet - 29 43 | Vulnerable Code Snippet - 30 44 | Vulnerable Code Snippet - 31 45 | Vulnerable Code Snippet - 32 46 | Vulnerable Code Snippet - 33 47 | Vulnerable Code Snippet - 34 48 | Vulnerable Code Snippet - 35 49 | Vulnerable Code Snippet - 36 50 | Vulnerable Code Snippet - 37 51 | Vulnerable Code Snippet - 38 52 | Vulnerable Code Snippet - 39 53 | Vulnerable Code Snippet - 40 54 | Vulnerable Code Snippet - 41 55 | Vulnerable Code Snippet - 42 56 | Vulnerable Code Snippet - 43 57 | Vulnerable Code Snippet - 44 58 | Vulnerable Code Snippet - 45 59 | Ruby ERB SSTI 60 | Introduction to CWE 61 | CWE-787: Out-of-bounds Write 62 | Vulnerable Code Snippet - 46 63 | CWE-20: Improper Input Validation 64 | Vulnerabilities in Cookie Based Authentication 65 | How do I get Started in Cyber Security? — My Perspective & Learning Path! 66 | Scope Based Recon Methodology: Exploring Tactics for Smart Recon 67 | MFA Bypass Techniques 68 | Vulnerable Code Snippet - 47 69 | Vulnerable Code Snippet - 48 70 | Vulnerable Code Snippet - 49 71 | Vulnerable Code Snippet - 50 72 | Vulnerable Code Snippet - 51 73 | Vulnerable Code Snippet - 52 74 | Vulnerable Code Snippet - 53 75 | Vulnerable Code Snippet - 54 76 | Vulnerable Code Snippet - 55 77 | Vulnerable Code Snippet - 56 78 | Vulnerable Code Snippet - 57 79 | Vulnerable Code Snippet - 58 80 | Vulnerable Code Snippet - 59 81 | Vulnerable Code Snippet - 60 82 | Vulnerable Code Snippet - 61 83 | Vulnerable Code Snippet - 62 84 | Vulnerable Code Snippet - 63 85 | Vulnerable Code Snippet - 64 86 | Vulnerable Code Snippet - 65 87 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor 88 | CWE-732: Incorrect Permission Assignment for Critical Resource 89 | CWE-522: Insufficiently Protected Credentials 90 | CWE-918: Server-Side Request Forgery (SSRF) 91 | CWE-611: Improper Restriction of XML External Entity Reference 92 | CWE-476: NULL Pointer Dereference 93 | CWE-276: Incorrect Default Permissions 94 | CWE-862: Missing Authorization 95 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer 96 | CWE-798: Use of Hard-coded Credentials 97 | CWE-287: Improper Authentication

SecurityExplained NewsLetter

S.No. | Topic --- | --- 1 | Issue-1 2 | Issue-2 3 | Issue-3 4 | Issue-4 5 | Issue-5 6 | Issue-6 7 | Issue-7 8 | Issue-8 9 | Issue-9 10 | Issue-10 11 | Issue-11 12 | Issue-12 13 | [Issue-13](https://www.getrevue.co/profile/harshbothra_/iss