~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

learn365

★ 1695 via github-topic
→ View on GitHub

AI Summary: Learn365 is a personal initiative designed to promote continuous learning, focusing on various cybersecurity topics and methodologies over a year-long challenge. The repository includes extensive documentation covering diverse subjects such as vulnerability exploitation, secure coding practices, and penetration testing checklists. Notable features include daily learning topics with associated resources and mind maps, making it a comprehensive tool for knowledge enhancement in the infosec domain.

README

Learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Harsh Bothra. Huge thanks to Mehedi Hasan Remon, who originally created and maintained this repository.

S.NOMind Map
12FA Bypass Techniques
2Scope Based Recon
3Cookie Based Authentication Vulnerabilities
4Unauthenticated JIRA CVEs
5Android Application Penetration Testing Checklist
DayTopic
12FA Bypass Techniques
2Regular Expression Denial Of Service
3SAML Vulnerabilities
4Unauthenticated & Exploitable JIRA Vulnerabilities
5Client-Side Template Injection(CSTI)
6Cross-Site Leaks (XS-Leaks)
7Cross-Site Script Includes (XSSI)
8JSON Padding Attacks
9JSON Attacks
10Abusing Hop-by-Hop Headers
11Cache Poisoned Denial of Service (CPDos)
12Unicode Normalization
13WebSocket Vulns (Part-1)
14WebSocket Vulns (Part-2)
15WebSocket Vulns (Part-3)
16Web Cache Deception Attack
17Session Puzzling Attack
18Mass Assignment Attack
19HTTP Parameter Pollution
20GraphQL Series (Part-1)
21GraphQL Vulnerabilities (Part-2)
22GraphQL WrapUp (Part-3)
23Password Reset Token Issues
24My previous works
25Salesforce Security Misconfiguration (Part-1)
26Salesforce Security Misconfiguration (Part-2))
27Salesforce Configuration Review (Wrap)
28Common Business Logic Issues: Part-1
29Common Business Logic Issues (Part-2)
30Common Business Logic Issues (Wrap)
31Captcha Bypass Techniques
32Pentesting Kibana Service
33Pentesting Docker Registry
34HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1)
35HTML Scriptless Attacks / Dangling Markup Attacks (Wrap)
36Pentesting Rsync Service
37CRLF Injection
38Pentesting FTP Service
39OpenID Connect Implementation Issues
40Cookie Based Authentication Vulnerabilities
41Cobalt Vulnerability Wiki - Resource
42Race Conditions
43SMTP Open Relay Attack
44Pentesting BACNet
45API Security Tips
46Pentesting SSH - Talk
47CORS Misconfiguration
48Incomplete Trailing Escape Pattern Issue
49Pivoting & Exploitation in Docker Environments - Talk
50Detect Complex Code Patterns using Semantic grep - Talk
51Student Roadmap to Become a Pentester - Talk
52Hacking How-To Series - Playlist
53JS Prototype Pollution
54JSON Deserialization Attacks
55Android App Dynamic Analysis using House
56Testing IIS Servers
57Secure Code Review - Talk
58JSON Interoperability Vulnerabilities - Research Blog
59HTTP Desync Attacks - Talk
60XSLT Injection
61Bypassing AWS Policies - Talk
62Source Code Review Guidelines - Resource
63All of the Threats: Intelligence, Modelling and Hunting - Talk
64Hidden Property Abuse (HPA) attack in Node.js - Talk
65HTTP Request Smuggling in 2020 - Talk
66Dependecy Confusion Attack - Blog
67Format String Vulnerabilities - Webinar
68Mobile Application Dynamic Analysis - Webinar
69Insecure Deserialization - Talk
70Web Cache Entanglement - Talk + Blog
71OWASP AMASS - Bootcamp
72Offensive Javascript Techniques for Red Teamers
73Basic CMD for Pentesters - Cheatsheet
74Investigating and Defending Office 365 - Talk
75WinjaCTF 2021 Solutions - Blog
76Kubernetes Security: Attacking and Defending K8s Clusters - Talk
77AWS Cloud Security - Resources
78WAF Evasion Techniques - Blog
79File Inclusion - All-in-One
80DockerENT Insights - Tool Demo Talk
81ImageMagick - Shell injection via PDF password : Research Blog
82Offensive GraphQL API Pentesting - Talk
83Bug Bounties with Bash - Talk
84Chrome Extensions Code Review - Talk
85Server-Side Template Injection - Talk
86Exploiting GraphQL - Blog
87Exploiting Email Systems - Talk
88Hacking with DevTools - Tutorial
89Common Android Application Vulnerabilities - Talk
90SAML XML Injection - Research Blog
91Finding Access Control & Authorization Issues with Burp - Blogs
92OAuth 2.0 Misimplementation, Vulnerabilities, and Best Practices - Talk
93JWT Attacks - Talk
94-102Random Readings
103Attacking Ruby on Rails Applications - Whitepaper
104Pentesting a Chrome Extension: Real Life Case Study - Blog
105XXE Simplified - Blog
106Web Hacking Pro Tips #9 with @zseano - Talk
107JS Prototype Pollution - Blog
108XSS via GraphQL Endpoint - Blog
109WS-2016-7107: CSRF tokens in Spring and the BREACH attack - Blog
110AWS SSRF Metadata Leakage - Blog
111Burp Suite Extension Development - Blog
112-115Random Readings
116Hacking OAuth Apps Pt-1 - Tutorial
117Portable Data exFiltration: XSS for PDFs - Blog
118PoC code and a case study on Task Hijacking in Android explaining how and why it works. (aka StrandHogg) - Blog
119OAuth - Flawed CSRF Protection - Tutorial
120Hacking Electron Apps with Electronegativity - Talk
121Awesome ElectronJS Hacking Resources
122Pentesting Blockchain Solutions - Tutorial
123-124Random Readings
125Oversized XML Attack - Wiki
126XML Complexity Attack in Soap Header - Wiki
127Web Service Attacks [Remaining] - Wiki
128Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability - Blog
129Automating Recon with Axiom - Talk
130Testing Extensions in Chromium Browsers - Blog
131iOS Pentesting Series Pt. - 1 - Tutorial
132DNS Based Out of Band Blind SQL injection in Oracle — Dumping data - Blog
133GitDorker Talk - Talk
134Mobisec 2020 Slides - Slides & Videos
135Web App Pentesting in Angular Context - Blog
136RCE in Homebrew - Blog
137WordPress Plugin Security Testing Cheat Sheet - Wiki
138JavaScript prototype pollution: practice of finding and exploitation - Blog
139HowTo: intercept mutually-authenticated TLS communications of a Java thick client - Blog
140UBERNETES NAMESPACES ISOLATION - WHAT IT IS, WHAT IT ISN’T, LIFE, UNIVERSE AND EVERYTHING - Blog
141Frag Attacks - Wiki
142Free Automated Recon Using GH Actions - Talk
143DAY[0] Episode 66 - BlackHat USA, Pre-Auth RCEs, and JSON Smuggling - Talk
144Bug hunter adventures - Talk
145Static Analysis of Client-Side JS Code - Blog
146Method Confusion In Go SSTIs Lead To File Read And RCE - Blog
147Finding and Exploiting Unintended Functionality in Main Web App APIs - Blog
148SecuriTEA & Crumpets - Episode 6 - Gareth Heyes - Hackvertor - Talk
149GraphQL CSRF - Blog
150Deep dive into ART(Android Runtime) for dynamic binary analysis - Talk
15113 Nagios Vulnerabilities - Blog
152Frida Scripting Guide - Blog
153Android Exported Activities and how to exploit them - Talk
154XXE-scape through the front door: circumventing the firewall with HTTP request smuggling - Blog
155Turning Blind RCE into Good RCE via DNS Exfiltration using Collabfiltrator - Blog
156XSS in AWS Console - Blog
157Adventures into HTTP2 and HTTP3 - Blog
158AppCache’s forgotten tales - Blog
159CVE-2021-33564 Argument Injection in Ruby Dragonfly - Blog
160DevSecOps 100 - Introductory Couse [Free] - Course
161Unexpected Execution: Wild Ways Code Execution can Occur in Python - Talk
162Retrieving AWS security credentials from the AWS console - Blog
163Object Injection to SQL Injection & NoSql Injection Cheatsheet - Blog
164HTTP Parameter Pollution - Blog
165XXE Workshop - Labs
166How to Analyze Code for Vulnerabilities - Talk
167Testing 2FA - Blog
168Your E-Mail Validation Logic is Wrong - Blog
169Active Scanning Techniques - Blog
170Bypassing 2FA using OpenId Misconfiguration - Blog
171Security Shorts - Talk
172The JavaScript Bridge in Modern Desktop Applications - Blog
173Advanced Web Application Penetration Testing JWT Security Issues - Blog
174Quick Analysis for the SSID Format String Bug - Blog
175Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public) - Talk
176iOS App Testing Through Burp on Corellium - blog
177Blind XSS: setup your self-hosted XSS Hunter with the PwnMachine - Blog
178Attacking GraphQL’s Autocorrect - Blog
179Apex Security Whitepaper - Paper + Labs
180Django SSTI - Blog
181Pen-Testing Salesforce SAAS Application - Blog
182How to solve an XSS challenge from Intigriti in under 60 minutes - Blog
183How to get the max out of an IDOR? - Blog
184Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - Blog
185Some ways to find more IDOR - Blog
186A supply-chain breach: Taking over an Atlassian account - Blog
187alert() is dead, long live print() - Blog
188Hacker Heroes #3 - @TomNomNom (Interview) - Talk
189SSRF in ColdFusion/CFML Tags and Functions - Blog
190$25,000 Facebook postMessage account takeover vulnerability - Video
191Pentester Diaries Ep6: The Importance of Report Writing - Talk
192Introduction to Web Cache Poisoning - Blog
193Intercepting Flutter iOS Application - Blog
194Credential stuffing in Bug bounty hunting - Blog
195What is a Browser Security Sandbox?! (Learn to Hack Firefox) - Video
196WILSON Cloud Respwnder - Blog
197$20,000 RCE in GitLab via 0day in exiftool metadata processing library CVE-2021-22204 - Video
198Padding Oracle Attacks - Video
199Demystifying the state of kubernetes cluster security - Video
200Two One-liners for Quick ColdFusion Static Analysis Security Testing - Blog
201So many different techniques to learn here! [CTF walkthrough] - Video
202UDP Technology IP Camera vulnerabilities - Blog
203Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0 - Blog
204Reflected XSS Through Insecure Dynamic Loading - Blog
205Stored XSS via Mermaid Prototype Pollution vulnerability - Blog
206Getting Partial AWS Account IDs for any Cloudfront Website - Blog
207Remote code execution in cdnjs of Cloudflare - Blog
208Docker Security Series - Series
209REvil Vanishes! - Chrome Zero-Day Vulnerability, iOS WiFi SSID Bug, Patch Tuesday Review - Talk
210How to Build a Phishing Engagement – Coding TTP’s - Webcast
211Deep Link Exploitation: Introduction & Open/unvalidated Redirection - Blog
212Exploiting Android WebView Vulnerabilities - Blog
213WooCommerce Unauthenticated SQL Injection Vulnerability - Blog
214Traversing My Way in the Internal Network - Talk
215How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools - Blog
216Pre-Auth RCE in ManageEngine OPManager - Blog
217Guest Blog Post - Attacking the DevTools - Blog
218Kubernetes Hardening Guide - Blog
219Introducing hallucinate: One-stop TLS traffic inspection and manipulation using dynamic instrumentation - Blog
220Do Not use alert(1) in XSS - Blog
221A Look Into zseano’s Thoughts When Testing a Target - Video
222Zimbra 8.8.15 - Webmail Compromise via Email - Blog
223Security XML Implementation across the Web - Blog
224Potential remote code execution in PyPi - Blog
225XXE Case Studies - Blog
226HackerTools - NoSQLMap - Blog
227Learn with @sec_r0: Attacks and Defenses to Docker & Kubernetes - Talk
228Source Zero Con Talks - Talks
229DevOps for Hackers with Hands-On Labs w/ Ralph May - Talks
230Advanced Recon Guide - Blog
231Just Gopher It: Escalating a Blind SSRF to RCE for $15k - Blog
232Stealing Bitcoin with Cross-Site Request Forgery (Ride the Lightning + Umbrel) - Blog
233Modify in-flight data to payment provider Smart2Pay - Blog
234Hacker Heroes #9 - RobinZekerNiet (Interview) - Talk
235Learn with @HolyBugx: Demystifying Cookies and Tokens - Talk
236Hacker Tools: ReNgine – Automatic recon - Blog
237FROM PWN2OWN 2021: A NEW ATTACK SURFACE ON MICROSOFT EXCHANGE - Blog
238How to Hack Apple ID - Blog
239Insecure Features in PDFs - Blog
240Burp Upload Scanner - Blog
241Adobe Reader - PDF callback via XSLT stylesheet in XFA - Blog
242A Curious Exploration of Malicious PDF Documents - Blog
243Common mistakes when using permissions in Android - Blog
244iOS Pentesting 101 - Blog
245API Tokens: A Tedious Survey - Blog
246Cross-Site Request Forgery (CSRF) Complete Guide - Video
247HTTP Desync Attack Explained With Paper - Video
248AWS ReadOnlyAccess: Not Even Once - Blog
249Understanding Salesforce Flows and Common Security Risks - Blog
250Python context free payloads in Mako templates - Blog
251CVE-2021-26084 Remote Code Execution on Confluence Servers
252Introduction to smart contract security and hacking in Ethereum
253Automating Authorization Testing: AuthMatrix – Part 1
254Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing
255More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers
256Smart Contract Security Verification Standard
257Remote File Inclusion Zines by @sec_r0
258GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink
259Write-Up on Facebook Bug
260Mass assignment and learning new things
261A different way to attack certain reverse proxies
262Introducing Process Hiving & RunPE
263IAM Vulnerable - An AWS IAM Privilege Escalation Playground
264Complete Jailbreak Chart
265OWASP Top 10 2021
266Powershell for Pentesters
267How to search for XSS (with blacklisted HTML tags)
268How to learn anything in Computer Science or Cybersecurity - Security Simplified
269Reused VMWare exploits & Escaping Azure Container Instances [Bug Bounty Podcast]
270Docker Hacking
271Getting Started in Blockchain Security and Smart Contract Auditing - Beau Bullock
272HacktivityCon
273CrikeyCon 2021 - Shubham Shah - Hacking on Bug Bounties for Five Years
274Beginners Guide to 0day/CVE AppSec Research
275VULNERABILITY DIGGING WITH CODEQL
276OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
277Post Exploitation - Transferring Files To Windows Targets
278SecuriTEA & Crumpets - Episode 12 - Ksenia Peguero
279Talk: Absolute AppSec Ep. #147 - James Kettle (@albinowax), Security Research
280A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bug Bounty Podcast]
281NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation Podcast]
282Unusual Applications of OpenAI in Cybersecurity + How to get into CTFs
283SiegeCast “COBALT STRIKE BASICS” with Tim Medin and Joe Vest
284An Attacker’s Approach to Pentesting IBM Cloud - fwd:cloudsec 2021
285echo “Shell Injection”
286Exploiting Jinja SSTI with limited payload size.
287Fuzzing WebSocket messages on Burpsuite
288Thinking About Simple SQL Injections
289Training XSS Muscles
290“A tale of making internet pollution free” - Exploiting Client-Side Prototype Pollution in the wild
291Chasing a Dream:: Pre-authenticated Remote Code Execution in Dedecms
292Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts
293Ping’ing XMLSec
29410 Types of Web Vulnerabilities that are Often Missed
295CVE-2021–35215, SolarWinds Orion Deserialization to RCE.
296Bachelor’s thesis on HTTP Request Smuggling
297Stored XSS in markdown via the DesignReferenceFilter
298Building a POC for CVE-2021-40438
299Turbo Intruder: Embracing the billion-request attack
300How to conduct a basic security code review - Security Simplified
301How to Analyze Code for Vulnerabilities using Joern
302Azure Privilege Escalation via Service Principal Abuse
303CREATING A MALICIOUS AZURE AD OAUTH2 APPLICATION
3040-Day Hunting (Chaining Bugs/Methodology)
305Discourse SNS webhook RCE
306Android Exploits 101 Workshop
307SHELLS AND SOAP: WEBSPHERE DESERIALIZATION TO RCE
308PHP-FPM LOCAL ROOT VULNERABILITY
309Support Board 3.3.4 Arbitrary File Deletion to Remote Code Execution
310SuDump: Exploiting suid binaries through the kernel
311Attacking and Securing CI/CD Pipeline
312Exploiting Protobuf Webapps
313CookieMonster
314Get shells with JET, the Jolokia Exploitation Toolkit
315Android security checklist: WebView
3165 Ways to Exploit a Domain Takeover Vulnerability
317Create a proxy DLL with artifact kit
318How to search for XXE!
319Defeating Android Certificate Pinning with Frida
320What can I do with Open Redirect with OAuth?
321Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
322T-Reqs: HTTP Request Smuggling with Differential Fuzzing
323ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough
324MULTIPLE CONCRETE CMS VULNERABILITIES ( PART1 – RCE )
325Android App Hacking Workshop
326Secondary Contexts Slides
327HTTP/2 request smuggling (explained using beer)
328Scanning for hardcoded secrets in source code - Security Simplified
329Staying sane in bug bounties
330How Your E-book Might Be Reading You: Exploiting EPUB Reading Systems
331Attacking SAML implementations
332Uniscan: An RFI, LFI, and RCE Vulnerability Scanner
333JavaScript type confusion: Bypassed input validation (and how to remediate)
334Multiple Vulnerabilities in ResourceSpace
335Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog
336Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
337Simple SSRF Allows Access To Internal Assets
338Multiple Resource by XVNPW Blog
339WordPress Plugin Confusion: How an update can get you pwned
340RCE with SSRF and File Write as an exploit chain on Apache Guacamole
341Grafana CVE-2021-43798
342Data Exfiltration via CSS + SVG Font
343The Pen Testing Tools We’re Thankful for in 2021
344HitCon CTF Challenges by Orange
345-363Random Readings
364Metasploit Basics for Hackers
365NCC Group’s Cryptopals Guided Tour!
pentesting