hack-links.txt

https://twitter.com/ITSecurityguard | Patrik Fehrenbach🤖 (@ITSecurityguard) | Twitter
https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/ | The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning | Patrik Fehrenbach
https://www.youtube.com/feed/subscriptions | (3) Subscriptions - YouTube
https://blog.it-securityguard.com/the-stony-path-of-android-%f0%9f%a4%96-bug-bounty-bypassing-certificate-pinning/ | The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning | Patrik Fehrenbach
https://tweetdeck.twitter.com/ | TweetDeck
https://www.ivrodriguez.com/mobile-ctf/ | Mobile CTF
https://github.com/ivRodriguezCA | ivRodriguezCA (Ivan Rodriguez) · GitHub
https://ivrodriguez.com/mobile-ctf/ | Mobile CTF
https://github.com/ernw/AndroTickler | GitHub - ernw/AndroTickler: Penetration testing and auditing toolkit for Android apps.
https://www.hackerone.com/blog/How-to-Hack-Get-Started-Hacking-Mobile | Learning to Hack Mobile|How2Hack|By HackerOne
https://github.com/nabla-c0d3/ssl-kill-switch2 | GitHub - nabla-c0d3/ssl-kill-switch2: Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps
https://github.com/Fuzion24/JustTrustMe | GitHub - Fuzion24/JustTrustMe: An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

https://twitter.com/Pentest_Geek/status/1034905842880012289 | Pentest_Geek on Twitter: "Thanks again @Burp_Suite for creating the new REST API. Here is a PoC command-line tool for interacting with it. Can launch/query scans and perform basic knowledge-base lookups. Sorry @HackingDave but its written in Ruby 😜 https://t.co/84w0K6zSpk"
https://f-droid.org/en/2018/09/04/second-security-audit-results.html | Second Security Audit Results | F-Droid - Free and Open Source Android App Repository
https://twitter.com/phwd/status/1039550713142161409 | ️ on Twitter: "Breaking The Facebook For Android Application by Ashley King Bounty: $8500 https://t.co/AevbyRZRSA"
https://techblog.mediaservice.net/2018/04/brida-a-step-by-step-user-guide/ | Brida – A step-by-step user guide | @Mediaservice.net Technical Blog
https://blog.safehats.com/most-important-android-security-penetration-testing-tools-for-hackers-security-professionals-aa258dc61784 | Most Important Android Security Penetration Testing Tools for Hackers & Security Professionals
https://github.com/Mind0xP/Frida-Python-Binding | GitHub - Mind0xP/Frida-Python-Binding: Easy to use Frida python binding script
https://tinyhack.com/2018/02/05/pentesting-obfuscated-android-app/ | Pentesting obfuscated Android App – Tinyhack.com
https://secdevops.ai/ios-static-analysis-and-recon-c611eaa6d108 | iOS Static Analysis and Recon – SecDevOps
https://labs.nettitude.com/tutorials/using-frida-to-bypass-snapchats-certificate-pinning/ | Using Frida to Bypass Snapchat’s Certificate Pinning – Nettitude Labs
https://x1m.nl/posts/android-app-testing-part-1/ | Bug Bounty & Android Applications - Part 1 · Martijn - X1M
https://twitter.com/mobilesecurity_/status/970676777831092224 | Mobile Security on Twitter: "Prevent bypassing of SSL certificate pinning in iOS applications #MobileSecurity #iOSsecurity by @GuardSquare https://t.co/kYYFyX43ep… https://t.co/nhFQV804GG"
https://twitter.com/mobilesecurity_/status/966787418052587520 | Mobile Security on Twitter: "FiOS - new iOS pentesting tool based on @fridadotre #MobileSecurity #iOSsecurity https://t.co/koU64k08BJ… "
https://twitter.com/mobilesecurity_/status/966666086115692544 | Mobile Security on Twitter: "Hacking Tinder Accounts using Facebook Accountkit #MobileSecurity https://t.co/9M9mpGTw1z"
https://twitter.com/mobilesecurity_/status/965618348280176640 | Mobile Security on Twitter: "Mobile Application Hacking Diary Ep.2 #MobileSecurity @fridadotre https://t.co/Pe92QsQxRb… "
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet | GitHub - tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/ | Four Ways to Bypass Android SSL Verification and Certificate Pinning
https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ | Configuring Burp Suite with Android Nougat
https://medium.com/@abhimuralidharan/detecting-screen-capturing-in-ios-11-cca15881c785 | Detecting screen capturing in iOS 11 – Abhimuralidharan – Medium
https://twitter.com/ITSecurityguard/status/951208786043207682 | Patrik Fehrenbach🤖 on Twitter: "If you are into iOS pentesting, check out: Passionfruit https://t.co/nDug3u7NsY Simple iOS app blackbox assessment tool :-)… https://t.co/i7Hup4SP4J"
https://twitter.com/mobilesecurity_/status/944209608092110848 | Mobile Security on Twitter: "Intercepting HTTPS Traffic from Apps on Android 7+ using #Magisk & #Burp #MobileSecurity #AndroidSecurity @Burp_Suite by @NVISO_Labs https://t.co/0BF4PfXj4q… https://t.co/TFsgTGgS8A"
https://twitter.com/caseyjohnellis/status/946558246600417280 | caseyjohnellis on Twitter: "Breaking Mobile App Protection Mechanisms - @Ben_RA @Bugcrowd's #LevelUp2017 https://t.co/yvtA7ikFpe #bugbounty #ioshacking"
https://twitter.com/mobilesecurity_/status/931229119119052800 | Mobile Security on Twitter: "Advanced mobile penetration testing with Brida #MobileSecurity VIDEO by @apps3c | @fridadotre + @Burp_Suite https://t.co/USw3BARSje"
https://twitter.com/ErezYalon/status/931158775830073344 | Erez on Twitter: "We wrote a guide on Android's WebView. It turned up pretty good so converted into a blog post: https://t.co/DFfuh2sVXZ #infosec #appsec #AndroidDev @Checkmarx"
https://twitter.com/mobilesecurity_/status/930343296383234048 | Mobile Security on Twitter: "objection - runtime mobile exploration #MobileSecurity SLIDES and VIDEO by @sensepost and @leonjza | #0xcon https://t.co/xI2WA7MMka… https://t.co/cR7zxeTei6"
https://twitter.com/mobilesecurity_/status/929807008857018368 | Mobile Security on Twitter: "Intro to Android Hacking with FRIDA VIDEO by @brompwnie #MobileSecurity #AndroidSecurity https://t.co/TaFOzYbOvh"
https://twitter.com/Pouyadarabi/status/932779271818563585 | Pouya Darabi on Twitter: "SSL pinning bypass for Facebook and Instagram android app 🔍 https://t.co/Kv1Jw3uPkh https://t.co/HCHCTpOBMC https://t.co/HCHCTpOBMC"
https://twitter.com/mobilesecurity_/status/932358768238632960 | Mobile Security on Twitter: "Hacking mobile application #MobileSecurity [VIDEO] https://t.co/1P4eMKJgdG"
https://twitter.com/mobilesecurity_/status/932338366460387330 | Mobile Security on Twitter: "HackerOne Reports: a big list of Android Hackerone disclosed reports and other resources #MobileSecurity #AndroidSecurity https://t.co/lzFRVwiRdu"
https://www.youtube.com/watch?v=b6V7zutHfEo | (3) Basic Android Application Hacking - YouTube
https://www.youtube.com/watch?v=JF23iULOxgU | (3) Bypassing Android AV's - YouTube
https://mysmccd-my.sharepoint.com/personal/mahasatu_my_smccd_edu/_layouts/15/WopiFrame.aspx?sourcedoc={9f6ccfbf-409c-483f-8170-6dd111f1825f}&action=edit&wd=target%28Resources.one%7C45aebb95-7fbc-44ee-914f-1ad6f1dd63bd%2FMobile%20Security%7C910cc7c4-53ec-415c-bc31-84fc0c9b75c6%2F%29 | Final Resource

https://www.youtube.com/watch?v=10TrW2lsYSQ&t=354s | (2) Nullcon 2016 :- Sachin & Pankaj Party Performance - YouTube
https://soroush.secproject.com/downloadable/when-a-web-application-ssrf-causes-the-cloud-to-rain-credentials-and-more.pdf | when-a-web-application-ssrf-causes-the-cloud-to-rain-credentials-and-more.pdf
https://www.slideshare.net/SoroushDalili/waf-bypass-techniques-using-http-standard-and-web-servers-behaviour | WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
https://soroush.secproject.com/blog/2017/08/request-encoding-to-bypass-web-application-firewalls/ | Request encoding to bypass web application firewalls | Soroush Dalili (@irsdl) – سروش دلیلی
https://www.slideshare.net/SoroushDalili/a-forgotten-http-invisibility-cloak?ref=https://soroush.secproject.com/blog/2017/08/request-encoding-to-bypass-web-application-firewalls/ | A Forgotten HTTP Invisibility Cloak
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/request-encoding-to-bypass-web-application-firewalls/ | Request encoding to bypass web application firewalls
https://soroush.secproject.com/blog/2013/10/yahoo-bug-bounty-program-lfi-reported-and-patched/ | Yahoo bug bounty program – LFI reported and patched! | Soroush Dalili (@irsdl) – سروش دلیلی
https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/ | Upload a web.config File for Fun & Profit | Soroush Dalili (@irsdl) – سروش دلیلی
https://addons.mozilla.org/en-GB/firefox/addon/colorfultabs/ | ColorfulTabs – Get this Extension for 🦊 Firefox (en-GB)
https://soroush.secproject.com/blog/2016/10/flash-it-baby/ | Flash it baby! | Soroush Dalili (@irsdl) – سروش دلیلی
https://www.nccgroup.trust/uk/our-research/common-security-issues-in-financially-orientated-web-applications/ | Common Security Issues in Financially-Orientated Web Applications
https://soroush.secproject.com/blog/2018/12/more-research-on-net-deserialization/ | More research on .NET deserialization | Soroush Dalili (@irsdl) – سروش دلیلی
https://soroush.secproject.com/blog/2017/08/request-encoding-to-bypass-web-application-firewalls/ | Request encoding to bypass web application firewalls | Soroush Dalili (@irsdl) – سروش دلیلی
https://github.com/irsdl?tab=repositories | irsdl (Soroush Dalili) / Repositories · GitHub
https://github.com/irsdl/BurpSuiteJSBeautifier | GitHub - irsdl/BurpSuiteJSBeautifier: Burp Suite JS Beautifier

https://medium.com/ehsahil/ctf-walkthrough-hacken-cup-2018-1b48b0fd96c | CTF Walkthrough — Hacken Cup 2018 – ehsahil – Medium
https://footstep.ninja/posts/hacken-cup/ | cat ~/footstep.ninja/blog.txt
https://github.com/Veneno0/CTFwp/tree/master/Internetwache-CTF-2016/Web80 | CTFwp/Internetwache-CTF-2016/Web80 at master · Veneno0/CTFwp · GitHub
https://medium.com/ehsahil/ctf-walkthrough-hacken-cup-2018-1b48b0fd96c | CTF Walkthrough — Hacken Cup 2018 – ehsahil – Medium
https://medium.com/ehsahil/getting-access-to-25k-employees-details-c085d18b73f0 | Getting access to 25000 employees details – ehsahil – Medium
https://www.youtube.com/watch?v=UjJ33OhPDcQ | (132) Is The iPhone Smart Battery Case Worth The Price? - YouTube
https://twitter.com/ITSecurityguard/status/1021310140400717825 | Patrik Fehrenbach🤖 on Twitter: "GraphQL really represents the Crown Jewels of every company. If you want to find $$$ bounties, have a look at the @Hacker0x01 GraphQL :-) You can get the entire schema using Introspection (https://t.co/fym2D1RPNT) (thanks @mongobug <3) https://t.co/4IRe4IIFdL 80 MB PNG file… https://t.co/fXVIfILqdl"
https://twitter.com/soaj1664ashar/status/1079791723889475586?s=19 | 𝔸𝕤𝕙𝕒𝕣 𝕁𝕒𝕧𝕖𝕕 on Twitter: "Server-Side Request Forgery #SSRF Tools/Stuff https://t.co/Klcxbn7OM8 https://t.co/Pruy3KtHdD https://t.co/bjFjveIwrd https://t.co/yrshScjBEX https://t.co/V2UfVq3Ww6 https://t.co/iHTo6HxW9E https://t.co/sXZTRJssJA https://t.co/1fTRoxrnXZ https://t.co/QDJiUZ4utv"
https://2018.zeronights.ru/wp-content/uploads/materials/4%20ZN2018%20WV%20-%20BugBounty%20automation.pdf | Презентация PowerPoint - 4 ZN2018 WV - BugBounty automation.pdf
http://kb.entersoft.co.in/ | Knowledge Base Entersoft
https://pastebin.com/xZC446zy | SSRF - Pastebin.com
https://pastebin.com/yAd0YF4y | JWT - Pastebin.com
https://twitter.com/PhilippeDeRyck/status/1068812961374965760?s=09 | Philippe De Ryck on Twitter: "In the past few months, I have built two security cheat sheets (and more will follow). One is on Angular and the @OWASP top 10, and the other one on JSON Web Tokens (JWT) https://t.co/hEw0DqmFTx #Angular #JWT #websecurity #security… https://t.co/tt2HfTp3Sh"
https://twitter.com/armold9anthony/status/1082124430875283457?s=09 | Arnold Anthony on Twitter: "Pinterest Account Takeover via CSRF #bugbounty #OuthackThemAll https://t.co/r7baZOrj5k"
https://twitter.com/proabiral/status/1056906273101438976?s=09 | Abiral on Twitter: "Nice. Just wondering how you found the endpoint.… "
https://twitter.com/frgx/status/1045376878184292354?s=09 | Devdatta Akhawe on Twitter: "Great blogpost by @d0nutptr on how to be a high impact bug finder https://t.co/Rdzn0mRVOT Great companion to Google's list of non vulns https://t.co/POPKHDCMEM"
https://medium.com/@putracraft.theworld/server-side-request-forgery-in-openid-support-defcc64d5e41 | Server-side Request Forgery in OpenID support – Putra Adhari – Medium
https://medium.com/@modam3r5/unauthenticated-user-can-upload-an-attachment-at-hackerone-aff2a0c573b8 | Unauthenticated user can upload an attachment at HackerOne
https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a | How i found a 1500$ worth Deserialization vulnerability
https://arulkumar.in/multiple-open-url-redirection-vulnerability-in-facebook-worth-1500/ | Multiple Open URL Redirection Vulnerability on Facebook worth $1500
https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf | Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjković
https://medium.com/@zk34911/twitter-bug-bounty-misconfigured-json-endpoint-on-ads-twitter-com-2771ec83a82 | [Twitter Bug Bounty] Misconfigured JSON endpoint on ads.twitter.com
https://twitter.com/adrien_jeanneau/status/1030934842651942912 | Adrien on Twitter: "SSRF are ❤️ file:///etc/passwd : Not authorized file://\/\/etc/passwd : Work 😀 #BugBounty"
https://twitter.com/si9int/status/1043523444137181184 | SI9INT on Twitter: "Tired of getting ca(p)tch(a)ed when Google dorking? Create a custom search engine for your target and fire off your queries! #bugbountytip #bugbounty #pentesting… https://t.co/9RcZnOeaWh"
https://medium.com/bugbountywriteup/how-to-brute-force-efficiently-without-burp-pro-1bb2a414a09f | How to brute force efficiently without Burp Pro – InfoSec Write-ups – Medium
https://twitter.com/amolnaik4/status/1028284835440324608?s=09 | AMol NAik on Twitter: "Learn various types of CSRF exploitation with real-world experience using Bodhi: https://t.co/JinbI2PEaR #websec #csrf #security #learning #OWASP #webhacking #ITSecurity"
https://hackerone.com/reports/347139 | #347139 LFI and SSRF via XXE in emblem editor
https://hackerone.com/reports/288353 | #288353 SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE
https://hackerone.com/reports/282604 | #282604 Stored XSS on profile page via Steam display name
https://hackerone.com/reports/265050 | #265050 Blind SSRF in emblem editor (2)
https://footstep.ninja/posts/password-reset/ | cat ~/footstep.ninja/blog.txt
https://www.sagarvd.me/2018/09/youtube-csrf.html | Send request to Martians. Earthlings are already your friends.
https://pastebin.com/vvQ1yy6i | XXE - Pastebin.com
https://pastebin.com/9BSQjM3E | CSRF - Pastebin.com
https://pastebin.com/LqdrPWJc | XSS - Pastebin.com
https://pastebin.com/VjFGnUcm | My_work - Pastebin.com
https://pastebin.com/u/thecreat0r | Thecreat0r's Pastebin - Pastebin.com
https://xss.shift-js.info/ | XSS Challenge (by y0n3uchy)
https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf | Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjković
https://main.immersivelabs.online/signin | Immersive Labs

https://www.zomato.com/ncr/order-food-online?delivery_subzone=2856&place_name=Paschim+Puri%2C+West+Punjabi+Bagh | Order food online in West Punjabi Bagh, food delivery in West Punjabi Bagh - Zomato
https://pastebin.com/u/thecreat0r | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/u/thecreat0r/1/ScVMVJnC | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/yQsrXy47 | Jacacript Recon - Pastebin.com
https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
https://medium.com/bugbountywriteup/bug-bounty-tips-tricks-js-javascript-files-bdde412ea49d | Bug Bounty — Tips / Tricks / JS (JavaScript Files) – InfoSec Write-ups – Medium
https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
https://www.youtube.com/feed/subscriptions | (73) Subscriptions - YouTube
https://pastebin.com/hLxY1zvb | IDOR - Pastebin.com
https://jonbottarini.com/2018/10/09/get-as-image-function-pulls-any-insights-nrql-data-from-any-new-relic-account-idor/ | Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR) | Security and Bug Hunting
https://tomnomnom.com/talks/passiveish.pdf | passiveish.pdf
https://mysmccd-my.sharepoint.com/personal/mahasatu_my_smccd_edu/_layouts/15/WopiFrame.aspx?sourcedoc={fd3568d3-8636-4b68-a177-c0333eed8d04}&action=edit&wd=target%28CheckList.one%7C369f1318-ae92-455c-a893-f20b1dfeac0f%2FUntitled%20Page%7Cc2b33649-cb1a-4d53-9eb9-bc8d39746e4d%2F%29 | zomato
https://github.com/bugcrowd/HUNT/ | GitHub - bugcrowd/HUNT
https://xsshunter.com/app | XSS Hunter
https://github.com/GerbenJavado/LinkFinder/tree/master | GitHub - GerbenJavado/LinkFinder: A python script that finds endpoints in JavaScript files
https://backlog.com/git-tutorial/branching/switch-branch/ | Switch Branch | Backlog

https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
https://michenriksen.com/blog/aquatone-tool-for-domain-flyovers/ | AQUATONE: A tool for domain flyovers | michenriksen.com
https://web.archive.org/web/20180409183615/http://blog.rojanrijal.com/2017/12/public-s3-bucket-search-engine-open.html | Public S3 Bucket Search Engine - Open Source Project

https://pastebin.com/ | Pastebin.com - #1 paste tool since 2002!
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
http://10degres.net/aws-takeover-ssrf-javascript/ | AWS takeover through SSRF in JavaScript – Gwendal Le Coguic
https://samcurry.net/reading-asp-secrets-for-17000/ | Reading ASP secrets for $17,000 | Sam Curry
https://twitter.com/s0md3v/status/1075310630314209280 | Somdev Sangwan on Twitter: "CSRF mind map ❤️ Source: https://t.co/dfq6pJL2ip… "
https://hack-ed.net/2017/11/07/a-nifty-ssrf-bug-bounty-write-up/ | A Nifty SSRF Bug Bounty Write Up | Hack-Ed
https://nfsec.pl/pentest/6098 | NF.sec – Linux Security Blog - Passive Google Dorks
https://hackerone.com/bagipro?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Abagipro&querystring=&page=1 | bagipro's HackerOne Profile
https://twitter.com/pnig0s | Terry Zhang (@pnig0s) | Twitter
https://medium.com/@logicbomb_1 | Avinash Jain (https://twitter.com/logicbomb_1) – Medium
https://medium.com/@logicbomb_1/bugbounty-from-finding-jenkins-instance-to-command-execution-secure-your-jenkins-instance-9bd1e75c2288 | #BugBounty — From finding Jenkins instance to Command Execution.Secure your Jenkins Instance!
https://www.google.com/search?client=ubuntu&hs=QSV&channel=fs&ei=LlUuXO2kNI6OvQSBvrjADQ&q=all+of+my+twwets&oq=all+of+my+twwets&gs_l=psy-ab.3..0i13l2j0i13i5i30l3.3895.6611..6762...1.0..0.250.2208.0j7j5......0....1..gws-wiz.......0j0i71j0i67j0i10j33i22i29i30j0i22i30j0i22i10i30.Anx5GY7YS2g | all of my twwets - Google Search
https://www.allmytweets.net/ | All My Tweets - View all your tweets on one page.
https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=EdDRovrN-nw | (31) Shark Tank || Homeless woman Pitches Brick Gumbo - YouTube
https://www.youtube.com/watch?v=bGkTvhltmjA | Shark Tank I know how to sue people TEC - YouTube

https://www.youtube.com/ | (30) YouTube
https://www.facebook.com/?ref=logo | Facebook
https://twitter.com/Alra3ees/status/962794987258892288 | Emad Shanab on Twitter: "Recon scripts InputScanner https://t.co/pRitJrar5A JSParser https://t.co/JojIOqgUJG JS-Scan https://t.co/MMRyjCVyai mix-recon https://t.co/c9EFLtgcRE Sn1per https://t.co/t4lAnUnvEC ReconDog https://t.co/dngycSwUVg 003Recon https://t.co/mQcA1yrgfU"
https://github.com/003random/003Recon | GitHub - 003random/003Recon: Some tools to automate recon - 003random
https://twitter.com/Jhaddix | Jason Haddix (@Jhaddix) | Twitter
https://2019.appseccalifornia.org/index.php/training/ | Training - OWASP AppSec California 2019
https://www.eventbrite.com/e/appsec-california-2019-tickets-49541214105 | AppSec California 2019 Tickets, Tue, Jan 22, 2019 at 8:00 AM | Eventbrite
https://twitter.com/Jhaddix/status/1072512012050186240 | Jason Haddix on Twitter: "Bounty pro tip: if the target is a niche cms, crm, ad/analytics framework, or web framework, install it yourself and do content discovery on default paths/files for misconfigurations in access control. https://t.co/P1Duapfmwr cc @DanielMiessler"
http://vizualize.me/jhaddix | Jason Haddix | Vizualize.me
https://www.linkedin.com/in/jhaddix/ | (2) Jason Haddix | LinkedIn
https://twitter.com/Jhaddix/status/1079081260343975936 | Jason Haddix on Twitter: "I’ll be giving a live training version of “The Bug Hunter’s Methodology” at @Owasp @AppSecCali this year! Hope to see you there Jan 22-23! https://t.co/qjkLj2C4M0"
https://docs.google.com/presentation/d/1R-3eqlt31sL7_rj2f1_vGEqqb7hcx4vxX_L7E23lJVo/edit#slide=id.g3af0ae9b4b_3_61 | TBHM3 (p) - Google Slides
https://2019.appseccalifornia.org/index.php/training/ | Training - OWASP AppSec California 2019
https://tools.dnsstuff.com/ | Toolbox | DNSstuff
https://pbs.twimg.com/media/DX9jjrWV4AA6rbc.jpg | DX9jjrWV4AA6rbc.jpg (JPEG Image, 700 × 1200 pixels) - Scaled (53%)

https://pastebin.com/XxsHGmrP | Oauth - Pastebin.com
https://tools.ietf.org/html/rfc6819 | RFC 6819 - OAuth 2.0 Threat Model and Security Considerations
https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/ | Attacking the OAuth Protocol - Dhaval Kapil
https://sakurity.com/oauth | Sakurity
https://habr.com/post/150756/#comment_5116061 | Безопасность OAuth2 / Хабр
https://homakov.blogspot.com/2014/02/how-i-hacked-github-again.html | Egor Homakov: How I hacked Github again.
https://homakov.blogspot.com/2012/07/saferweb-most-common-oauth2.html | Egor Homakov: The Most Common OAuth2 Vulnerability
https://homakov.blogspot.com/2014/02/how-i-hacked-github-again.html | Egor Homakov: How I hacked Github again.
https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/ | Authorizing OAuth Apps | GitHub Developer Guide
https://www.reddit.com/r/netsec/comments/1xa5xh/how_i_hacked_github_again/cf9qjcl/ | reddit: the front page of the internet
https://www.reddit.com/r/netsec/comments/5fawzz/all_your_paypal_oauth_tokens_belong_to_me/ | All your Paypal #OAuth tokens belong to me - localhost for the win : netsec
https://www.reddit.com/r/netsec/comments/4lzr29/taking_over_heroku_accounts/ | Taking over Heroku accounts : netsec
http://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html | Site not found · GitHub Pages
https://www.reddit.com/r/netsec/comments/75z8pc/yahoo_bug_bounty_exploiting_oauth/ | Yahoo Bug Bounty: Exploiting OAuth Misconfiguration To Takeover Flickr Accounts : netsec
https://www.reddit.com/r/netsec/comments/6ixco5/authentication_bypass_on_airbnb_via_oauth_tokens/ | Authentication bypass on Airbnb via OAuth tokens theft : netsec
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ | Authentication bypass on Airbnb via OAuth tokens theft – Arne Swinnen's Security Blog
https://arxiv.org/pdf/1601.01229.pdf | () - 1601.01229.pdf
https://www.slideshare.net/illninogiggs/oauth-nightmares-abstract-oauth-nightmares | Oauth Nightmares Abstract OAuth Nightmares
https://blog.ninoishere.com/oauth-2-0/ | oAuth 2.0
http://blog.intothesymmetry.com/2015/06/on-oauth-token-hijacks-for-fun-and.html | On (OAuth) token hijacks for fun and profit part #1 (Google/Microsoft integration)
https://medium.com/@arbazhussain/stealing-0auth-token-mitm-3eeab46e96cf | Stealing 0Auth Token (MITM) – Arbaz Hussain – Medium
https://medium.com/bugbountywriteup/pre-domain-wildcard-cors-exploitation-2d6ac1d4bd30 | Pre-domain wildcard CORS Exploitation – InfoSec Write-ups – Medium
https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties | Exploiting CORS misconfigurations for Bitcoins and bounties | Blog
https://github.com/Voorivex/pentest-guide | GitHub - Voorivex/pentest-guide: Penetration tests cases, resources and guidelines.
https://codeburst.io/hunting-insecure-direct-object-reference-vulnerabilities-for-fun-and-profit-part-1-f338c6a52782 | Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)
https://medium.com/bugbountywriteup/how-i-was-able-to-generate-access-tokens-for-any-facebook-user-6b84392d0342 | How i was able to generate Access Tokens for any Facebook user.
http://blog.intothesymmetry.com/2013/05/oauth-dance-server-side-floow.html | OAuth “dance” - server side flow
http://blog.intothesymmetry.com/2015/06/on-oauth-token-hijacks-for-fun-and.html | On (OAuth) token hijacks for fun and profit part #1 (Google/Microsoft integration)
http://blog.intothesymmetry.com/2015/01/top-5-oauth-2-implementation.html | Top 5 OAuth 2 Implementation Vulnerabilities
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html | All your Paypal OAuth tokens belong to me - localhost for the win
https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/ | Bypassing Google Authentication on Periscope's Administration Panel – Jack
http://andrisatteka.blogspot.com/2014/09/how-microsoft-is-giving-your-data-to.html | Andris Atteka's Blog: How Microsoft is giving your data to Facebook… and everyone else
http://homakov.blogspot.com/2014/02/how-i-hacked-github-again.html | Egor Homakov: How I hacked Github again.

https://pastebin.com/u/thecreat0r | Thecreat0r's Pastebin - Pastebin.com
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://www.pentestpartners.com/security-blog/how-to-exploit-xss-with-csrf/ | How to exploit XSS with CSRF | Pen Test Partners
https://twitter.com/safety/unsafe_link_warning?unsafe_link=https%3A%2F%2Fwww.andmp.com%2F2018%2F12%2Fhow-i-managed-to-get-google.html%3Fm%3D1%23.XAPRIjsoB-8.facebook | t.co/wXv4CyUAXm
https://twitter.com/bonsaiviking/status/1070099535916163073 | Daniel Miller ✝ on Twitter: "Reminder: Nmap isn't super stealthy by default. More info: https://t.co/v2ORQASlPt… "
https://twitter.com/alex_casalboni/status/1070639887865577473 | Alex Casalboni on Twitter: "You asked for hands-on & self-paced material to understand & improve the #security of your #serverless apps. Here you go: https://t.co/aysLxuAUOQ Kudos @angelaw_ruohan @igngar_cloud 👌🙏"
https://publications.europa.eu/flexpaper/common/view.jsp?doc=63138617-f133-11e8-9982-01aa75ed71a1.en.PDF.pdf&user=&format=pdf&page=6 | Handbook on Cybersecurity - 63138617-f133-11e8-9982-01aa75ed71a1.en.PDF.pdf
https://twitter.com/KentGruber/status/1071113393254424577 | Kent Gruber on Twitter: "🌎 How-to setup a free SOCKS proxy w/ @googlecloud on macOS 🍏: 👩‍💻 1. gcloud alpha cloud-shell ssh --ssh-flag="-D localhost:5000" & 2. networksetup -setsocksfirewallproxy "Wi-Fi" localhost 5000 3. networksetup -setsocksfirewallproxystate "Wi-Fi" on ✨You have a "Google" IP now!"
https://github.com/mthbernardes/rsg | GitHub - mthbernardes/rsg: ReverShellGenerator - A tool to generate various ways to do a reverse shell
https://twitter.com/pwndizzle/status/1071765949399920640 | Alex Davies on Twitter: "Just got RCE on a bounty. Lessons learned - file upload features are dangerous, allowing servers to remotely retrieve files is even more dangerous, the server set the file extension from the content-type which was user controlled, if one type doesn't work try another! #tryharder"
https://lambda.grofers.com/how-we-load-tested-our-apis-in-production-18225ee77f45 | How we load tested our APIs in Production – Lambda - The Grofers Engineering Blog
https://github.com/bl4de/dictionaries | GitHub - bl4de/dictionaries: Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks
https://twitter.com/yamakira_/status/1072382154380853250 | Bharath on Twitter: "A one-liner to enumerate subdomains using Wayback Machine and waybackurls by @TomNomNom The results are not particularly exhaustive but quite useful in finding old and forgotten subdomains https://t.co/OBNQwhMueG #OSINT #AppSec… https://t.co/Qhbg1fUcra"
https://techvomit.net/web-application-penetration-testing-notes/ | Web Application Penetration Testing Notes
https://techvomit.net/web-application-penetration-testing-notes/ | Web Application Penetration Testing Notes
https://twitter.com/zapstiko/status/1068476968004476934 | Raihan Biswas ✪ on Twitter: "GitHub Recon Resources:-(Tools-Dorks) https://t.co/ZSv4KjZUzl https://t.co/0uidwevA0k https://t.co/GWulEU6dZe https://t.co/gtvENpqVMd https://t.co/dK4pdqzUau https://t.co/LWcI7UwYCU https://t.co/n1okfPbzpj https://t.co/AUG2xvdsZs https://t.co/BuYseOfTFD https://t.co/ZSv4KjZUzl"
https://twitter.com/adrien_jeanneau | Adrien (@adrien_jeanneau) | Twitter
https://kccna18.sched.com/event/GrZo | KubeCon + CloudNativeCon North America 2018: This Year, It’s About Security - Maya Ka...
https://github.com/dhaval17/awsome-security-write-ups-and-POCs | GitHub - dhaval17/awsome-security-write-ups-and-POCs: Awesome Writeups and POCs
https://twitter.com/honoki/status/1072756995495735298 | π₃ on Twitter: "Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on https://t.co/Tv8v1U6AN0 #bugbounty #ssrf #XXE… https://t.co/W4522O1kSY"
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/ | From blind XXE to root-level file read access | Honoki
https://github.com/sidaf/homebrew-pentest | GitHub - sidaf/homebrew-pentest: Homebrew Tap - Pen Test Tools
https://hackerone.com/reports/404797 | #404797 IDOR to delete images from other stores
https://medium.com/@riccardo.ancarani94/attacking-docker-exposed-api-3e01ffc3c124 | Attacking Docker exposed API – Riccardo Ancarani – Medium
https://blog.riccardoancarani.it/attacking-docker-exposed-api/ | Attacking Docker exposed API
https://hackerone.com/reports/434763 | #434763 Incorrect details on OAuth permissions screen allows DMs to be read without permission
https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/ | How I could have stolen your photos from Google - my first 3 bug bounty writeups
https://medium.com/bugbountywriteup/how-i-was-able-to-generate-access-tokens-for-any-facebook-user-6b84392d0342 | How i was able to generate Access Tokens for any Facebook user.
https://medium.com/bugbountywriteup/how-i-was-able-to-generate-access-tokens-for-any-facebook-user-6b84392d0342 | How i was able to generate Access Tokens for any Facebook user.
https://2018.zeronights.ru/wp-content/uploads/materials/4%20ZN2018%20WV%20-%20BugBounty%20automation.pdf | Презентация PowerPoint - 4 ZN2018 WV - BugBounty automation.pdf
https://medium.com/@adrien_jeanneau/how-i-was-able-to-list-some-internal-information-from-paypal-bugbounty-ca8d217a397c | How I was able to list some internal information from PayPal #BugBounty
https://medium.com/@maxpasqua/unremovable-tags-in-facebook-page-reviews-656e095e69aa | Unremovable Tags In Facebook Page Reviews – Max Pasqua – Medium
https://shkspr.mobi/blog/2018/12/twitter-bug-bounty/ | $3k Bug Bounty – Twitter’s OAuth Mistakes – Terence Eden's Blog
https://github.com/arbazkiraak/Leaks_RegexFilter | GitHub - arbazkiraak/Leaks_RegexFilter: Regex Filter on urls and files
https://twitter.com/phwd | ️ (@phwd) | Twitter
https://twitter.com/TomNomNom/status/1034078311209742336 | TomNomNom on Twitter: "Just added the 'keypairs' option to unfurl (https://t.co/LP6o4ywhRw) to output all the key=value pairs from query strings. Handy if you want to find all possible values for a key; just pipe it into `sort -u` :)"
https://medium.com/@grep_security/session-fixation-broken-authentication-and-session-management-c37ce0111bf5 | Session Fixation — Broken Authentication and Session Management
https://samcurry.net/reading-asp-secrets-for-17000/ | Reading ASP secrets for $17,000 | Sam Curry
https://medium.com/@mylesb/exploiting-a-wordpress-website-with-metasploit-ffa6f4e31e09 | Exploiting a WordPress Website with Metasploit – Myles Braithwaite – Medium
https://twitter.com/s0md3v/status/1075310630314209280 | Somdev Sangwan on Twitter: "CSRF mind map ❤️ Source: https://t.co/dfq6pJL2ip… "
https://payatu.com/csv-injection-basic-to-exploit/ | CSV injection: Basic to Exploit!!!! - payatu
https://www.blackhillsinfosec.com/xml-external-entity-beyond-etcpasswd-fun-profit/ | XML External Entity - Beyond /etc/passwd (For Fun & Profit) - Black Hills Information Security
https://blog.securitybreached.org/2018/09/16/idor-account-takeover-using-facebook/ | IDOR User Account Takeover By Connecting My Facebook Account with victims Account - Security Breached Blog
https://github.com/VKSRC/Github-Monitor | GitHub - VKSRC/Github-Monitor: Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
https://twitter.com/LooseSecurity/status/1074287183543058432 | m0z on Twitter: "Honestly, one of the most effective #XSS polyglots is simply: <iframe src="javasc%0a%0dript:alert(0);"> Bypasses most WAF and you can insert line feeds/CRLF characters like I did above to make it more obfuscated. #CyberSecurity #bugbountytip"
https://medium.com/@_bl4de/hidden-directories-and-files-as-a-source-of-sensitive-information-about-web-application-84e5c534e5ad | Hidden directories and files as a source of sensitive information about web application
http://www.vurt.ru/2013/02/python-command-line-oneliners/ | Python command line oneliners
https://www.netsparker.com/blog/web-security/importance-content-type-header-http-requests/ | The Importance of the Content-Type Header | Netsparker
https://blog.netspi.com/playing-content-type-xxe-json-endpoints/ | Playing with Content-Type – XXE on JSON Endpoints
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-09 | draft-ietf-oauth-security-topics-09
https://www.we45.com/blog/3-ways-an-xxe-vulnerability-could-hit-you-hard | 3 WAYS THAT an xxe injection attack COULD HIT YOU HARD!
https://medium.com/@stokochtrubbel/how-to-make-kali-bearable-to-look-at-5593771fafc5 | HOW TO MAKE KALI BEARABLE TO LOOK AT.. – STÖK – Medium
https://www.netsparker.com/whitepaper-http-security-headers/?utm_source=twitter.com&utm_medium=social&utm_content=whitepaper+http+security+headers&utm_campaign=netsparker+social+media | HTTP Security Headers and How They Work: Whitepaper | Netsparker
https://twitter.com/intigriti/status/1078318258661531648 | intigriti on Twitter: "Did you know you can smuggle payloads in a valid e-mail address using round brackets? Thanks for the tip, @securinti! #BugBounty #HackWithIntigriti… https://t.co/HBq2mOIRkT"
https://medium.com/@yogeshtantak7788/how-i-was-able-to-delete-google-gallery-data-idor-53d2f303efff | How I was able to delete Google Gallery Data [IDOR]
http://blog.intigriti.com/2018/12/30/ten-best-write-ups-of-2018/ | The best write-ups 2018 brought us – INTIGRITI
https://medium.com/@armaanpathan/abusing-acl-permissions-to-overwrite-other-users-uploaded-files-videos-on-s3-bucket-162c8877728 | Abusing ACL Permissions to Overwrite other User’s Uploaded Files/Videos on s3 Bucket
https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/ | Exploit PHP Remotely - WAF Rule & Filter Bypass
https://twitter.com/soaj1664ashar/status/1079791723889475586 | 𝔸𝕤𝕙𝕒𝕣 𝕁𝕒𝕧𝕖𝕕 on Twitter: "Server-Side Request Forgery #SSRF Tools/Stuff https://t.co/Klcxbn7OM8 https://t.co/Pruy3KtHdD https://t.co/bjFjveIwrd https://t.co/yrshScjBEX https://t.co/V2UfVq3Ww6 https://t.co/iHTo6HxW9E https://t.co/sXZTRJssJA https://t.co/1fTRoxrnXZ https://t.co/QDJiUZ4utv"
https://medium.com/@_bl4de/how-to-perform-the-static-analysis-of-website-source-code-with-the-browser-the-beginners-bug-d674828c8d9a | How to perform the static analysis of website source code with the browser — the beginner’s bug…
https://twitter.com/Alra3ees/status/1080276301909504002 | Emad Shanab on Twitter: "List of Recon methodology,Recon tools and Bug Bounty writeups. https://t.co/5CGnrhjWAa https://t.co/v4NTni4aUD https://t.co/RuNAsM2LKJ https://t.co/GGS4M4hC4Y https://t.co/YvyRlNhJvi https://t.co/NdZQeB9Anl https://t.co/k1D2LdrAfu https://t.co/EFvs35eCX8… https://t.co/0og00sFMAh"
https://web.archive.org/web/20180602092807/https://blog.it-securityguard.com/visual-recon-a-beginners-guide/ | [Tools] Visual Recon – A beginners guide | Patrik Fehrenbach
https://twitter.com/Wh11teW0lf/status/1078569346996277249 | Wh11teW0lf on Twitter: "(3/3) #XXE Endpoint Related Articles: https://t.co/5XlnFmVy21 @metasploit : https://t.co/t3qiamIvvN #infosec #bugbounty"

https://blog.ninoishere.com/deserialization-vulnerabilities-lab/ | Deserialization vulnerabilities Lab
https://twitter.com/Hogarth45_ND/status/1019647149645221890 | Jesse Clark on Twitter: "SQLi found in this format: (no spaces allowed, hence the parentheses) See This URL: website｡com/category/Article-Title-1147 Try This: website｡com/category/Article-Title-(1147)and(1=1) Confirm With: website｡com/category/Article-Title-(1147)and(1=2)"
https://github.com/0xRadi/OWASP-Web-Checklist#Information | GitHub - 0xRadi/OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist
https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf | Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjković
https://arulkumar.in/multiple-open-url-redirection-vulnerability-in-facebook-worth-1500/ | Multiple Open URL Redirection Vulnerability on Facebook worth $1500
https://twitter.com/ngalongc/status/944128954696335360 | Ron Chan on Twitter: "If you found a RCE on *.yahoo.com that is GET based, try to grab a complete copy of the incoming cookies and send to your server instead of executing id. Cause https://t.co/XUJcNLVwcp scoped their cookies to https://t.co/FsaETObcLM etcc then it worth >= 10k for sure"
https://medium.com/bugbountywriteup/how-to-brute-force-efficiently-without-burp-pro-1bb2a414a09f | How to brute force efficiently without Burp Pro – InfoSec Write-ups – Medium
https://twitter.com/_sbzo/status/986065763181256706 | RLobo on Twitter: "This video and this blog show how DOM-XSS works. Good references. https://t.co/TCg0wBDkVM… "
https://twitter.com/uraniumhacker/status/987573987818422272 | Uranium238 on Twitter: "#bugbountytips: Want to find employees of a company on github? Use this: https://t.co/E82rIdbZPx{COMPANY_NAME}-&type=Users. This will help to find any users who have "company_name-" in their name. Most of the time these accounts are employee accounts or is company owned."
https://twitter.com/EdOverflow/status/986214497965740032 | Ed on Twitter: "Bug bounty tip: Look for GitLab instances on targets or belonging to the target. When you stumble across the GitLab login panel (/users/sign_in), navigate to `/explore`. Once you get in, use the search function to find passwords, keys, etc.… https://t.co/reTSzMt6tM"

https://blog.ninoishere.com/deserialization-vulnerabilities-lab/ | Deserialization vulnerabilities Lab
https://twitter.com/Hogarth45_ND/status/1019647149645221890 | Jesse Clark on Twitter: "SQLi found in this format: (no spaces allowed, hence the parentheses) See This URL: website｡com/category/Article-Title-1147 Try This: website｡com/category/Article-Title-(1147)and(1=1) Confirm With: website｡com/category/Article-Title-(1147)and(1=2)"
https://buer.haus/breport/ | Bounty Report Generator
https://buer.haus/csrfgen/?targetUrl=https%3A%2F%2Fwww.google.com%2F&method=GET&encType=application%2Fx-www-form-urlencoded&inputName[]=foo&inputType[]=hidden&inputVal[]=bar&inputName[]=test&inputType[]=hidden&inputVal[]=test2&iframe=true | CSRFGen v1.02
https://github.com/0xRadi/OWASP-Web-Checklist#Information | GitHub - 0xRadi/OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist
https://laconicwolf.com/2018/08/22/5-ways-to-enumerate-usernames-in-web-applications/ | 5 ways to enumerate usernames in web applications - Laconic Wolf
https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf | Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjković
https://arulkumar.in/multiple-open-url-redirection-vulnerability-in-facebook-worth-1500/ | Multiple Open URL Redirection Vulnerability on Facebook worth $1500
https://twitter.com/ngalongc/status/944128954696335360 | Ron Chan on Twitter: "If you found a RCE on *.yahoo.com that is GET based, try to grab a complete copy of the incoming cookies and send to your server instead of executing id. Cause https://t.co/XUJcNLVwcp scoped their cookies to https://t.co/FsaETObcLM etcc then it worth >= 10k for sure"
https://si9int.sh/article/5 | SI9INT
https://medium.com/bugbountywriteup/how-to-brute-force-efficiently-without-burp-pro-1bb2a414a09f | How to brute force efficiently without Burp Pro – InfoSec Write-ups – Medium
https://pastebin.com/mkkYy4gj | blogs ========================= https://blog.mallardlabs.com http://c0rni3sm. - Pastebin.com
https://twitter.com/_sbzo/status/986065763181256706 | RLobo on Twitter: "This video and this blog show how DOM-XSS works. Good references. https://t.co/TCg0wBDkVM… "
https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/ | DOM-based XSS - The 3 Sinks - Brute XSS
https://twitter.com/uraniumhacker/status/987573987818422272 | Uranium238 on Twitter: "#bugbountytips: Want to find employees of a company on github? Use this: https://t.co/E82rIdbZPx{COMPANY_NAME}-&type=Users. This will help to find any users who have "company_name-" in their name. Most of the time these accounts are employee accounts or is company owned."
https://twitter.com/EdOverflow/status/986214497965740032 | Ed on Twitter: "Bug bounty tip: Look for GitLab instances on targets or belonging to the target. When you stumble across the GitLab login panel (/users/sign_in), navigate to `/explore`. Once you get in, use the search function to find passwords, keys, etc.… https://t.co/reTSzMt6tM"

https://pastebin.com/hX7rLWUC | Header-Secuirty - Pastebin.com
https://twitter.com/ldionmarcil/status/982390041099034625 | Louis Dion-Marcil on Twitter: "Shout out to @0xSobky, whose XSS polyglot helped me discover this. By far my favorite XSS payload. https://t.co/5P2OpryDra"
https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot | Unleashing an Ultimate XSS Polyglot · 0xSobky/HackVault Wiki · GitHub
https://postimg.org/image/8qa4jjd1b/ | Problem loading page

https://www.blackhat.com/docs/eu-16/materials/eu-16-Yang-Signing-Into-Billion-Mobile-Apps-Effortlessly-With-OAuth20.pdf?from=timeline&isappinstalled=1 | BlackHatEurope2016 - eu-16-Yang-Signing-Into-Billion-Mobile-Apps-Effortlessly-With-OAuth20.pdf
https://pastebin.com/edit/hLxY1zvb | Edit Paste: hLxY1zvb - Pastebin.com
https://cloud.app.box.com/s/9xgb9yzfcgla5hsd7bdltl78k74dzot7 | OAuth nightmares-public slides.pptx | Powered by Box
https://www.troyhunt.com/10-personal-finance-lessons-for-technology-professionals/ | Troy Hunt: 10 Personal Finance Lessons for Technology Professionals
https://github.com/foospidy/payloads | GitHub - foospidy/payloads: Git All the Payloads! A collection of web attack payloads.
https://hacks.mozilla.org/2018/03/es-modules-a-cartoon-deep-dive/?fbclid=IwAR2ITBMgSWJ1X9Qol9sxBsy1IHU1vd44cas4hhY4ku1iyNPrHtGNA_uWs_0 | ES modules: A cartoon deep-dive - Mozilla Hacks - the Web developer blog
https://www.ietf.org/id/draft-ietf-oauth-security-topics-11.txt | ietf.org/id/draft-ietf-oauth-security-topics-11.txt
https://www.youtube.com/watch?v=Pth9cupMTWQ | (11) Security OAuth 2.0 by Jonathon Brookfield and Fraser Winterborn - YouTube
https://linuxhandbook.com/curl-command-examples/ | CURL Command in Linux [21 Practical Examples]
https://www.youtube.com/watch?v=JC7tg5bgYOo&t=693s | (11) BSidesMCR 2018: Securing OAuth 2.0 For Native Apps by Jonathon Brookfield and Fraser Winterborn - YouTube
https://hackerone.com/reports/143717 | #143717 Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology_and_enumeration.md | PayloadsAllTheThings/Methodology_and_enumeration.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
https://medium.com/bugbountywriteup/how-i-was-able-to-generate-access-tokens-for-any-facebook-user-6b84392d0342 | How i was able to generate Access Tokens for any Facebook user.

https://pastebin.com/WJCBTsDN | BEST-RESOURCE - Pastebin.com
https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
http://blkstone.github.io/2017/06/29/web-for-pentester-xxe/ | Web for Pentester XXE解析 // Neurohazard
https://support.mozilla.org/en-US/kb/make-firefox-your-default-browser | Make Firefox your default browser | Firefox Help
http://blkstone.github.io/2017/06/24/web-for-pentester-sqli/ | Web for Pentester SQLi write up // Neurohazard
https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-2-target-their-mobile-apps-android-edition-f88a9f383fcc | Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)

https://s0cket7.com/picoctf-web/ | Pico CTF 2018 Web Exploitation Writeup – s0cket7
https://s0cket7.com/idor-account-takeover/ | IDOR leads to account takeover – s0cket7
https://pastebin.com/c6WQw2q9 | [Markdown] Open-Redirect - Pastebin.com
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html | Open Redirect Cheat Sheet · Pentester Land
https://ngailong.wordpress.com/2017/08/07/uber-login-csrf-open-redirect-account-takeover/ | [Uber 8k Bug] Login CSRF + Open Redirect = Account Take Over – Ron Chan
https://ngailong.wordpress.com/2017/11/22/uber-redirect_uri-is-difficult-to-do-it-right/ | [Uber] redirect_uri is difficult to do it right – Ron Chan
https://www.linkedin.com/?trk=aff_src.aff-lilpar_c.partners_pkw.10078_net.mediapartner_plc.Skimbit%20Ltd._pcrid.449670_learning&veh=aff_src.aff-lilpar_c.partners_pkw.10078_net.mediapartner_plc.Skimbit%20Ltd._pcrid.449670_learning&irgwc=1 | LinkedIn: Log In or Sign Up
https://ngailong.wordpress.com/2017/11/01/1k-per-day-challenge-earning-30k-in-30-days/ | 1k Per Day Challenge — Earning 30k in 30 Days – Ron Chan
https://www.linkedin.com/pulse/my-50k-personal-challenge-results-mark-litchfield | My $50k Personal Challenge - Results
https://ngailong.wordpress.com/2017/08/07/uber-login-csrf-open-redirect-account-takeover/ | [Uber 8k Bug] Login CSRF + Open Redirect = Account Take Over – Ron Chan
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ | Authentication bypass on Airbnb via OAuth tokens theft – Arne Swinnen's Security Blog
https://ngailong.wordpress.com/ | Ron Chan – My Bug Bounty Write Ups
https://github.com/ak1t4/open-redirect-scanner | GitHub - ak1t4/open-redirect-scanner: open redirect subdomains scanner
https://blog.ninoishere.com/oauth-2-0/ | oAuth 2.0
https://blog.ninoishere.com/from-open-redirect-to-account-takeover-part-ii/ | From Open Redirect to Account Takeover Part II
https://blog.ninoishere.com/from-open-redirect-to-account-takeover/ | From Open Redirect to Account Takeover
https://yassineaboukir.com/blog/how-i-discovered-a-1000-open-redirect-in-facebook/ | How I discovered a 1000$ open redirect in Facebook | Yassine ABOUKIR
https://www.indusface.com/blog/owasp-top-vulnerabilities/#A7-_Missing_Function_Level_Access_Control | OWASP Top 10 Vulnerabilities 2018 - Indusface Blog
https://support.portswigger.net/customer/portal/articles/1965733-using-burp-to-test-for-open-redirections | Using Burp to Test for Open Redirections | Burp Suite Support Center
https://twitter.com/ | (*) Twitter
https://appsecwiki.com/#/mobilesecurity?id=reportswriteups | Mobile Security - Application Security Wiki
https://hackerone.com/bagipro?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Abagipro&querystring=&page=1 | bagipro's HackerOne Profile

https://dev.to/search?q=oauth | Search Results - DEV Community 👩‍💻👨‍💻
https://dev.to/simov/oauth-simplified-2pbd | OAuth Simplified - DEV Community 👩‍💻👨‍💻
https://dev.to/oktadev/stolen-access-tokens-and-you-3gan | Stolen Access Tokens and You - DEV Community 👩‍💻👨‍💻
https://dev.to/tomerbendavid/my-security-notes-37fh | Basic Auth, SAML, Keys, OAuth, JWT and Tokens Quicky - DEV Community 👩‍💻👨‍💻
https://dev.to/rhymes/a-good-reason-not-to-use-oauth-only-accounts-in-your-apps-3on1 | A good reason not to use OAuth only accounts in your apps - DEV Community 👩‍💻👨‍💻
https://dev.to/anabella/dancing-with-oauth-emp | Dancing with OAuth: a step by step guide - DEV Community 👩‍💻👨‍💻
https://dev.to/antonfrattaroli/oauth-tips-for-the-uninitiated-476e | OAuth Tips for the Uninitiated - DEV Community 👩‍💻👨‍💻
https://www.youtube.com/watch?v=bvBsRalZoNc | JWT - YouTube
https://www.youtube.com/watch?v=K6pwjJ5h0Gg | (1) How does JWT work - YouTube
https://medium.com/@darutk/the-simplest-guide-to-oauth-2-0-8c71bd9a15bb | The Simplest Guide To OAuth 2.0 – Takahiko Kawasaki – Medium
https://medium.com/@darutk/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85 | Diagrams And Movies Of All The OAuth 2.0 Flows – Takahiko Kawasaki – Medium

https://appsecwiki.com/#/serversidesecurity?id=oauth-security | Server Side Security - Application Security Wiki
https://github.com/doyensec/graph-ql | doyensec/graph-ql: GraphQL Security Research Material
https://www.ietf.org/id/draft-ietf-oauth-security-topics-11.txt | https://www.ietf.org/id/draft-ietf-oauth-security-topics-11.txt
http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html | Top 10 OAuth 2 Implementation Vulnerabilities
https://sakurity.com/oauth | Sakurity
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth | PayloadsAllTheThings/OAuth at master · swisskyrepo/PayloadsAllTheThings
http://homakov.blogspot.com/2014/02/how-i-hacked-github-again.html | Egor Homakov: How I hacked Github again.
http://andrisatteka.blogspot.com/2014/09/how-microsoft-is-giving-your-data-to.html | Andris Atteka's Blog: How Microsoft is giving your data to Facebook… and everyone else
https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/ | Bypassing Google Authentication on Periscope's Administration Panel – Jack
http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html | Top 10 OAuth 2 Implementation Vulnerabilities
http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html | OAuth 2 attacks and bug bounties - The Postman Always Rings Twice
http://blog.intothesymmetry.com/search?updated-max=2013-05-01T11:04:00-07:00&max-results=7&start=40&by-date=false | Into the symmetry
http://blog.intothesymmetry.com/2017/05/oauth-worm-ii-revenge.html | OAuth Worm II - The revenge
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html | All your Paypal OAuth tokens belong to me - localhost for the win
http://blog.intothesymmetry.com/2016/06/native-applications-with-oauth-2.html | Native applications with OAuth 2
http://blog.intothesymmetry.com/2016/05/holy-redirecturi-batman.html | Holy redirect_uri Batman!
http://blog.intothesymmetry.com/2015/10/on-oauth-token-hijacks-for-fun-and.html | On (OAuth) token hijacks for fun and profit part #2 (Microsoft/xxx integration)
http://blog.intothesymmetry.com/2015/09/new-oauth-book-oauth-2-in-action.html | New OAuth book: OAuth 2 in Action
http://blog.intothesymmetry.com/2015/06/on-oauth-token-hijacks-for-fun-and.html | On (OAuth) token hijacks for fun and profit part #1 (Google/Microsoft integration)
http://blog.intothesymmetry.com/2015/01/top-5-oauth-2-implementation.html | Top 5 OAuth 2 Implementation Vulnerabilities
http://blog.intothesymmetry.com/2014/04/oauth-2-how-i-have-hacked-facebook.html | OAuth 2 - How I have hacked Facebook again (..and would have stolen a valid access token)
http://blog.intothesymmetry.com/2013/05/oauth-dance-server-side-floow.html | OAuth “dance” - server side flow
https://www.youtube.com/watch?v=yPp22irc5Q0 | How OAuth Works - YouTube
https://www.youtube.com/watch?v=_xrhWLqX1j0 | OAuth CSRF & the 'state' parameter - YouTube
https://www.youtube.com/watch?v=Pth9cupMTWQ | Security OAuth 2.0 by Jonathon Brookfield and Fraser Winterborn - YouTube
https://www.youtube.com/watch?v=tbllIrgNUpQ | OAuth 2.0 “state” parameter used for security purposes - YouTube
https://handouts.secappdev.org/handouts/2017/Jim%20Manico/04a.%20OAUTH%20Security%20Introduction%20MODULE%202-9-2017.pdf | 04a. OAUTH Security Introduction MODULE 2-9-2017
https://www.owasp.org/images/6/61/20151215-Top_X_OAuth_2_Hacks-asanso.pdf | 20151215-Top_X_OAuth_2_Hacks-asanso.pdf
https://www.youtube.com/watch?v=aIFRvSxIZ0k&index=2&list=PLE8DZa6PJapwu3PPr9kj2iWC-tDVBY_Sd | (1) OAuth 2.0 Security Introduction - Jim Manico - YouTube
https://www.youtube.com/watch?v=CHodPpqLqG8&list=PL4cUxeGkcC9jdm7QX143aMLAqyM-jTZ2x | (1) OAuth Login (Passport.js) Tutorial #2 - The OAuth Flow - YouTube
https://drive.google.com/file/d/1Qw3hhValdRAWNGJtLbbFYfKtaevkw4fQ/view | Hacking_OAuth2_0_for_fun_and_profit-Pranav_Hivarekar.pdf - Google Drive
https://www.youtube.com/results?search_query=owasp+switzerland | (1) owasp switzerland - YouTube
https://www.youtube.com/watch?v=VrGrpcttU8U | Christmas 2018: If Sara Ali Khan was Santa! - YouTube
https://www.youtube.com/watch?v=_wXQW-dIyL8 | (1) Cracking JWT tokens (...) - Luciano Mammino - Codemotion Milan 2017 - YouTube

https://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/ | MySQL SQL Injection Practical Cheat Sheet - Perspective Risk
https://www.jpsecnetworks.com/week-11-oscp-preparation-sql-injection/ | Week 11 – OSCP Preparation / SQL Injection 2018-11-26 00:16:18
https://www.hackersclub.io/single-post/2016/02/12/Advanced-SQL-Injection | Advanced SQL Injection | hackerclub
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-xss | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://appsecwiki.com/#/frontend | Frontend Security - Application Security Wiki
https://web.archive.org/web/20170724200429/http://teamultimate.in:80/sql-injection-explained/ | SQL Injection Explained From Scratch - Ultimate Hackers
https://web.archive.org/web/20170728042623/http://teamultimate.in:80/category/hacking-tutorials/sql-injection | SQL Injection Category - Ultimate Hackers
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/sqlmap-tricks-for-advanced-sql-injection/ | Sqlmap Tricks for Advanced SQL Injection | Trustwave | SpiderLabs | Trustwave
https://stealingthe.network/efficient-time-based-blind-sql-injection-using-mysql-bit-functions-and-operators/ | Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators – Stealing the Network
https://dl.packetstormsecurity.net/papers/database/SQLi_Insert.pdf | SQLi_Insert.pdf
http://kb.entersoft.co.in/vulnerabilities/blind-sql-injection.html | Blind Sql Injection
https://blog.netspi.com/netspi-sql-injection-wiki/ | NetSPI SQL Injection Wiki
https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/ | SQLi in INSERT worse than SELECT
https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/ | SQL Injection Authentication Bypass Cheat Sheet | Penetration Testing Lab
https://mahmoudsec.blogspot.com/2017/02/sql-injection-in-update-query-bug.html | Mahmoud Gamal - Security Blogs: SQL injection in an UPDATE query - a bug bounty story!
https://web.archive.org/web/20170728045932/http://teamultimate.in:80/login-bypass-with-sql-injection | Login Bypass With SQL Injection - Ultimate Hackers
https://somdev.me/sql-basics-for-sqli/ | Learn SQL for SQL Injection in 10 minutes – Somdev Sangwan
https://www.hackersclub.io/single-post/2016/02/12/Advanced-SQL-Injection | Advanced SQL Injection | hackerclub
https://jtnydv.xyz/2018/12/25/preliminary-sql-injection-part-1/ | Preliminary SQL Injection (Part 1) – Jatin Yadav
https://jtnydv.xyz/2018/12/27/preliminary-sql-injection-part-2/ | Preliminary SQL Injection (Part 2) – Jatin Yadav
https://medium.com/@tomnomnom/making-a-blind-sql-injection-a-little-less-blind-428dcb614ba8 | Making a Blind SQL Injection a Little Less Blind – TomNomNom – Medium
https://hackerone.com/reports/383127 | #383127 SQL Injection in report_xml.php through countryFilter[] parameter
https://hackerone.com/reports/310280 | #310280 [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php
https://blog.usejournal.com/bugbounty-database-hacked-of-indias-popular-sports-company-bypassing-host-header-to-sql-7b9af997c610 | #BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL…
https://medium.com/@nuraalamdipu/union-based-sql-injection-write-up-a-private-company-site-273f89a49ed9 | Union Based Sql injection Write up ->A private Company Site
https://hackerone.com/reports/300176 | #300176 [https://reviews.zomato.com] Time Based SQL Injection
https://stealingthe.network/efficient-time-based-blind-sql-injection-using-mysql-bit-functions-and-operators/ | Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators – Stealing the Network
https://hackerone.com/reports/258582 | #258582 [www.zomato.com] Union SQLi + Waf Bypass
https://gerbenjavado.com/the-race-to-the-top-of-a-bug-bounty-program/ | The race to the top of a bug bounty program
https://github.com/GerbenJavado/LinkFinder | GerbenJavado/LinkFinder: A python script that finds endpoints in JavaScript files
https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423 | SQLMap Tamper Scripts (SQL Injection and WAF bypass) - Security Research / Tools Discussion - Bugcrowd Forum
https://forum.bugcrowd.com/t/researcher-resources-tutorials/370 | Researcher Resources - Tutorials - Security Research - Bugcrowd Forum
http://sqlzoo.net/hack/ | SQL Injection Attack

https://mega.nz/?fbclid=IwAR2N_8FsXH8H53kXz45vnzJmbtiKitLHMxgwQc2yvdCRuiv26eSpIhsG3Ck#F!PJoR0LjD!SiNo4g78sKAIhoTWO-7xgQ!PV4HAbzA | MEGA
https://github.com/mike-works/modern-javascript | mike-works/modern-javascript: 👨‍🏫 Mike's Modern JavaScript course
https://drive.google.com/file/d/0B7LIdu29tPZROU9tMGR5WjlGZDA/view | Modern JavaScript.pdf - Google Drive
https://bugid.skylined.nl/20181017001.html | Fuzz in sixty seconds
https://pentester.land/conference-notes/2018/10/17/levelup-2018-practical-recon-techniques-for-bug-hunters-and-pentesters.html | Conference notes: Practical recon techniques for bug hunters & pen testers (LevelUp 0x02 / 2018) · Pentester Land
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://pentester.land/tips-n-tricks/2018/08/16/cloud-vps-providers-for-bug-hunters.html | Cloud VPS providers for pentesters and bug hunters · Pentester Land
https://pentester.land/conference-notes/2018/08/02/levelup-2018-the-bug-hunters-methodology-v3.html | Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018) · Pentester Land
https://blog.it-securityguard.com/tag/bug-bounty/ | bug bounty | Patrik Fehrenbach
https://gist.github.com/dexbyte/fb13e994ad180ce86c654cae1ce7d14f | DigitalOcean Coupon Code $35 / $100 1 Year Free Trial - December 2018
https://www.peerlyst.com/posts/the-how-to-use-nmap-wiki-peerlyst?utm_campaign=peerlyst_shared_post&utm_content=peerlyst_post&utm_medium=social&utm_source=twitter | The "how to use NMAP" wiki by Peerlyst - training, course, nmap scripting engine
https://github.com/sectalks/sectalks | sectalks/sectalks: CTFs, solutions and presentations
https://www.youtube.com/watch?v=OaXEDgW8SUE&index=25&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | (30) 25- BurpSuite Tabs part 1 - YouTube

https://enciphers.com/the-art-of-hacking-delhi-edition-web-application-hacking-basic-level/ | The Art Of Hacking (Delhi Edition) : Web Application Hacking – Basic Level – Enciphers
https://enciphers.com/wp-content/uploads/2018/10/CORS_POC.pdf | CORS_POC.pdf
https://enciphers.com/wp-content/uploads/2018/10/Web-Application-Penetration-Testing-Checklist.pdf | Webapp
https://enciphers.com/wp-content/uploads/2018/10/Resources.pdf | Resources.pdf
https://www.youtube.com/ | (29) YouTube
https://www.youtube.com/watch?v=NFRy89r4zKc | (29) Superman Destroys The World Engine | Man of Steel (2013) Movie Clip - YouTube
https://medium.com/ehsahil/ctf-walkthrough-hacken-cup-2018-1b48b0fd96c | CTF Walkthrough — Hacken Cup 2018 – ehsahil – Medium
http://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2/ | AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2 | Geekboy | Security Researcher
https://github.com/jonluca/Anubis | jonluca/Anubis: Subdomain enumeration and information gathering tool
https://www.anshumanbhartiya.com/2018/01/07/tko-subs/ | Anshuman Bhartiya|Open Sourcing tko-subs
https://www.anshumanbhartiya.com/2014/12/18/hidden-feature-in-slack-leads-to-unauthorized-information-leakage-of-files/ | Anshuman Bhartiya|Hidden Feature in Slack leads to Unauthorized Information Leakage of Files
https://www.anshumanbhartiya.com/2015/03/11/static-token-used-for-authentication-in-the-slack-ios-application/ | Anshuman Bhartiya|Static Token used for authentication in the Slack iOS application
https://www.anshumanbhartiya.com/2015/04/15/account-hijacking-in-indeed/ | Anshuman Bhartiya|Account Hijacking in Indeed
https://www.anshumanbhartiya.com/2015/04/30/a-csrf-protection-bypass-technique/ | Anshuman Bhartiya|A CSRF Protection Bypass Technique
https://www.anshumanbhartiya.com/2018/01/07/git-all-secrets/ | Anshuman Bhartiya|Open Sourcing git-all-secrets
https://github.com/anshumanbh/kubebot | anshumanbh/kubebot: A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform
https://github.com/anshumanbh | anshumanbh (Anshuman Bhartiya)
https://bugbountyworld.com/slack-links-archive/links/ | Slack Links Archive - Bug Bounty World
https://www.youtube.com/watch?v=adWzygDdQLw | (29) BsidesWLG 2017 - Glenn 'devalias' Grant - Gophers, whales and.. clouds? Oh my! - YouTube
https://github.com/0xdevalias/gopherblazer | 0xdevalias/gopherblazer: PoC's and Slides from 'Gophers, whales and.. clouds? Oh my!' BSides Wellington presentation by Glenn 'devalias' Grant
https://www.anshumanbhartiya.com/ | Anshuman Bhartiya
https://cloud.google.com/blog/products/gcp/exploring-container-security-an-overview | Exploring container security: An overview | Google Cloud Blog
http://10degres.net/why-bugbounty/ | Why Bug Bounty – Gwendal Le Coguic
https://speakerdeck.com/bountymachine/bug-bounty-hunting-on-steroids | Bug Bounty Hunting on Steroids - Speaker Deck
https://medium.com/@bountymachine/introducing-bountymachine-234cad93b5d2 | Introducing BountyMachine – BountyMachine – Medium
https://www.jeremydaly.com/event-injection-a-new-serverless-attack-vector/ | Event Injection: A New Serverless Attack Vector - Jeremy Daly
https://twitter.com/BsidesSD | BSides San Diego (@BsidesSD) | Twitter
https://boards.greenhouse.io/nuna/#.Ws8QPa9lCaN | Jobs at Nuna
https://www.youtube.com/watch?v=C-Z0XY352H4 | (29) Expl(IoT): Hacking IoT like a boss by: Aseem Jakhar - YouTube
https://www.youtube.com/watch?v=PGWp1RlYjTg | (29) Bug Bounty Hunting on Steroids by: Anshuman Bhartiya - YouTube
https://www.youtube.com/watch?v=s_1b7FSB-fI | (29) Bypass 2FA Stealing Private Keys by: Maxwell Koh - YouTube
https://www.youtube.com/watch?v=ln1EyJpJKjo | (29) Data Driven Web Hacking & Manual Testing by: Jason Haddix - YouTube
https://www.youtube.com/watch?v=Matw7umL9w4 | (29) ROOTCON 10 Remote Code Execution via Java Native Deserialization by David Jorm - YouTube
https://blog.secureideas.com/2014/02/announcing-burp-co2.html | Announcing Burp Co2! – Professionally Evil Insights
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/sqlmap-tricks-for-advanced-sql-injection/ | Sqlmap Tricks for Advanced SQL Injection | Trustwave | SpiderLabs | Trustwave
https://www.youtube.com/results?search_query=SSRF+bugcrowd+university | (29) SSRF bugcrowd university - YouTube
https://www.youtube.com/watch?v=GxkuBFUfnL8&list=PL9fPq3eQfaaCkilMUOZD4Tnvr8T9bFgjH&index=15 | (29) DEF CON 26 RECON VILLAGE - mgianarakis - Supercharge Your Web Recon With Commonspeak - YouTube
https://www.youtube.com/watch?v=7WYjSDZxFYc&list=PL9fPq3eQfaaCkilMUOZD4Tnvr8T9bFgjH&index=20 | (29) DEF CON 26 RECON VILLAGE - Anshuman Bhartiya, Glenn Grant - Bug Bounty Hunting on Steroids - YouTube
https://www.youtube.com/watch?v=1j6MNApbYtE&list=PL9fPq3eQfaaCkilMUOZD4Tnvr8T9bFgjH&index=24 | (29) DEF CON 26 RECON VILLAGE - jhaddix - Emergent Recon fresh methodology and tools for hackers in 201 - YouTube
https://www.youtube.com/watch?v=1WWb2HOqjcU | (29) #HITB2018AMS D1T1 - Fuzzing Javascript Engines for Fun and Pwnage - Areum Lee & Jeonghoon Shin - YouTube
https://www.youtube.com/watch?v=wPepicuHDzs | (29) #HITB2018AMS D1T1 - Brida: When Burp Suite meets Frida - Federico Dotta & Piergiovanni Cipolloni - YouTube
https://www.youtube.com/watch?v=Ii0ENuigBSM | (29) #HITB2018AMS CommSec D1 - A Deep Dive Into Malicious Documents - Josh Stroschein - YouTube
https://www.youtube.com/watch?v=JvQYTiu3ink | (29) #HITBGSEC 2017 CommSec D2 - 2FAssassin: Bypass 2FA, Stealing Private Keys, And More - Maxwell Koh - YouTube
https://www.youtube.com/watch?v=nHY0cWTMvO4 | (29) #HITBGSEC 2017 CommSec D2 - Searching For A Needle In A Remote Haystack - Vitaly Kamluk & Wayne Lee - YouTube
https://www.youtube.com/watch?v=gONh9FMKb7Q | (29) #HITB2018DXB D1T2: Gold Digging: Discovering Hidden Gems In APKs - Marc Schoenefeld - YouTube
https://www.youtube.com/watch?v=Cg-_TLdfUGw | (29) BSides Dubai 2018: Creating Browser Extensions To Hunt For Low-Hanging Fruit - Rewanth Cool - YouTube
https://twitter.com/anshuman_bh/status/995206192757555200 | Anshuman Bhartiya on Twitter: "Q - "Which tool is the best for subdomain enumeration?" There is no 1 tool that is the best AFAIK. The best bet (if you are super paranoid like me on missing out on any subdomain) is to run em all or at least the ones you know are good. This is what my workflow looks like!… https://t.co/kAcKQ38R6z"
https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a | Clickjackings in Google worth 14981.7$ – Raushan Raj – Medium
https://medium.com/@raushanraj_65039/google-sites-and-exploiting-same-origin-policy-d400bf569964 | Google sites and exploiting same origin policy. – Raushan Raj – Medium
https://medium.com/@raushanraj_65039/clickjacking-in-google-docs-and-voice-typing-feature-c481d00b020a | Clickjacking in Google Docs and Voice typing feature.
https://medium.com/@raushanraj_65039/facebook-bug-bounty-reports-1c1b8b55c050 | Facebook Bug Bounty Reports – Raushan Raj – Medium
https://medium.com/@raushanraj_65039/clickjacking-in-google-docs-and-voice-typing-feature-c481d00b020a | Clickjacking in Google Docs and Voice typing feature.

https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
https://www.youtube.com/watch?v=moz05bVQMes | Facebook graph API vs Graphql ! Why ethical hackers work on graphql ? - YouTube
https://www.youtube.com/watch?v=o9hT7v0OLJc | JWT vs Cookies for Authentication - YouTube
https://discordapp.com/channels/446854611937263616/446854611937263619 | Discord
https://www.youtube.com/watch?v=qTuzLjENKGs | Invalidating sessions across multiple devices - YouTube
https://www.youtube.com/watch?v=yPp22irc5Q0 | How OAuth Works - YouTube
https://www.youtube.com/watch?v=CtGnzr8KAoI | Facebook massive accounts hack | Data getting sold on dark web | FB to be fined ? - YouTube
https://www.youtube.com/watch?v=_xrhWLqX1j0 | OAuth CSRF & the 'state' parameter - YouTube
https://www.youtube.com/watch?v=Pth9cupMTWQ | Security OAuth 2.0 by Jonathon Brookfield and Fraser Winterborn - YouTube
https://www.youtube.com/channel/UCdnz7EZERHqmluR8RC2Y8pA/videos | BSides Leeds - YouTube
https://www.youtube.com/watch?v=DvS_ew77GXA | Passive-ish Recon Techniques by Tom Hudson - YouTube
https://www.youtube.com/watch?v=mGUsCAWwLGg | Performing JavaScript Static Analysis by Lewis Ardern - YouTube
https://www.youtube.com/watch?v=tbllIrgNUpQ | OAuth 2.0 “state” parameter used for security purposes - YouTube
https://stealingthe.network/efficient-time-based-blind-sql-injection-using-mysql-bit-functions-and-operators/ | Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators – Stealing the Network
http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html | Orange: GitHub Enterprise SQL Injection
https://pentesterlab.com/exercises/from_sqli_to_shell/course | [PentesterLab]
https://dl.packetstormsecurity.net/papers/database/SQLi_Insert.pdf | SQLi_Insert.pdf

https://pastebin.com/UpxiJyEP | mobile - Pastebin.com
https://medium.com/@AkshaySharmaUS/open-redirects-security-done-right-e524a3185496 | Open Redirects & Security Done Right! – Akshay ‘Ax’ Sharma – Medium
https://x1m.nl/posts/android-app-testing-part-1/ | Bug Bounty & Android Applications - Part 1 · Martijn - X1M
https://x1m.nl/posts/android-app-testing-part-1/ | Bug Bounty & Android Applications - Part 1 · Martijn - X1M
https://x1m.nl/posts/pentest-scripts-tools-and-more/#subdomains | Pentest scripts, tools & more · Martijn - X1M
https://michenriksen.com/blog/aquatone-tool-for-domain-flyovers/ | AQUATONE: A tool for domain flyovers | michenriksen.com
https://michenriksen.com/blog/gitrob-now-in-go/ | Gitrob: Now in Go | michenriksen.com
https://michenriksen.com/blog/subdomain-takeover-detection-with-aquatone/ | Subdomain takeover detection with AQUATONE | michenriksen.com
https://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/ | Gitrob: Putting the Open Source in OSINT | michenriksen.com
https://michenriksen.com/blog/new-version-of-gitrob-is-out/ | A new version of Gitrob is out | michenriksen.com
https://x1m.nl/project/vulnerable-android-app/ | Vulnerable Android Application · Martijn - X1M
https://twitter.com/mobilesecurity_/status/966787418052587520 | Mobile Security on Twitter: "FiOS - new iOS pentesting tool based on @fridadotre #MobileSecurity #iOSsecurity https://t.co/koU64k08BJ… "
https://twitter.com/mobilesecurity_/status/965618348280176640 | Mobile Security on Twitter: "Mobile Application Hacking Diary Ep.2 #MobileSecurity @fridadotre https://t.co/Pe92QsQxRb… "
https://www.exploit-db.com/search?q=SQL | Exploit Database Search
https://www.exploit-db.com/papers/26620 | Mobile Application Hacking Diary Ep.1
https://www.exploit-db.com/?author=1275 | Exploit Database by Offensive Security
https://www.youtube.com/feed/trending | (61) Trending - YouTube
https://twitter.com/KitPloit/status/952175925788987392 | ☣ KitPloit - Hacker Tools on Twitter: "cSploit Android - The most complete and advanced IT security professional toolkit on Android https://t.co/TYxGbydUpz #Android #AndroidPentesting #Framework… https://t.co/FTkwYdFXZL"
https://medium.com/@abhimuralidharan/detecting-screen-capturing-in-ios-11-cca15881c785 | Detecting screen capturing in iOS 11 – Abhimuralidharan – Medium
https://twitter.com/mobilesecurity_/status/951528569804656646 | Mobile Security on Twitter: "Beware of Open Source Projects on Google Play by @symantec #MobileSecurity #AndroidSecurity https://t.co/DYJeNzSmvR… "
https://twitter.com/ITSecurityguard/status/951208786043207682 | Patrik Fehrenbach🤖 on Twitter: "If you are into iOS pentesting, check out: Passionfruit https://t.co/nDug3u7NsY Simple iOS app blackbox assessment tool :-)… https://t.co/i7Hup4SP4J"
https://twitter.com/mobilesecurity_/status/944209608092110848 | Mobile Security on Twitter: "Intercepting HTTPS Traffic from Apps on Android 7+ using #Magisk & #Burp #MobileSecurity #AndroidSecurity @Burp_Suite by @NVISO_Labs https://t.co/0BF4PfXj4q… https://t.co/TFsgTGgS8A"
https://github.com/jiayy/android_vuln_poc-exp | jiayy/android_vuln_poc-exp: This project contains pocs and exploits for android vulneribilities
https://twitter.com/OguzhanTopgul/status/941766793567145984 | {ouz} on Twitter: "Want to read about Android evasion, anti-analysis, app protection, obfuscation? https://t.co/61RSAiSudg Feel free to contribute and suggest."
https://mobile-security.zeef.com/oguzhan.topgul#block_47329 | Mobile Security by Oguzhan Topgul | ZEEF
https://www.primevideo.com/storefront/ref=atv_hm_hom_c_bV3MWc_UyfHC1_1_1?contentType=merch&contentId=primemusic&merchId=primemusic | Prime Video
https://www.netflix.com/in/ | Netflix India – Watch TV Programmes Online, Watch Films Online

https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1510001675.pdf | PowerPoint Presentation
https://www.youtube.com/results?search_query=SANS+API+security | (58) SANS API security - YouTube
https://www.youtube.com/watch?v=Vtn1tIq8L2U | SANS Webcast: HTTP/2 & Websockets are gonna change the Pen Test World. Are You Ready? - YouTube
https://pastebin.com/mJf1UFpE | api-security - Pastebin.com
https://github.com/0xRadi/OWASP-Web-Checklist#Information | 0xRadi/OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist
https://payatu.com/beginners-guide-restful-api-vapt-part-2/ | Beginner’s Guide to RESTful API VAPT - Part 2 - payatu
https://payatu.com/beginners-guide-restful-api-vapt-part-1/ | Beginner’s Guide to RESTful API VAPT - Part 1 - payatu
https://twitter.com/skeltavik/status/983335500709814274?s=19 | Bram Ruttens on Twitter: "If you're into API testing, use this tool. It'll make your assessments so much easier. 💉 Thanks @Flipkart for creating this nifty framework! #pentest #security #tools https://t.co/9eDs8TFxfJ"
https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec | 5 Easy Steps to Understanding JSON Web Tokens (JWT)
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6 | Hacking JSON Web Token (JWT) – 101-writeups – Medium
https://www.slideshare.net/snyff/jwt-insecurity | Jwt == insecurity?
https://omergil.blogspot.com/2017/02/web-cache-deception-attack.html | Omer Gil: Web Cache Deception Attack
https://blog.ninoishere.com/tag/api/ | API - Nino
https://websec.be/files/20171109_DeRyck_APISecurityPitfalls.pdf | DeRyck_APISecuruity
https://www.youtube.com/watch?v=YQzU8xEBiPg | (58) Common API security pitfalls by Philippe De Ryck - YouTube
https://www.youtube.com/channel/UCSii2fuiLLlGqaR6sR_y0rA/videos | (58) secappdev.org - YouTube
https://handouts.secappdev.org/handouts/2016/Philippe%20De%20Ryck/DeRyck_SPASecurity.pdf | DeRyck_SPASecurity
https://handouts.secappdev.org/handouts/2017/Jim%20Manico/04a.%20OAUTH%20Security%20Introduction%20MODULE%202-9-2017.pdf | 04a. OAUTH Security Introduction MODULE 2-9-2017
https://handouts.secappdev.org/handouts/2017/Maarten%20Decat/maarten-decat-access-control-seccappdev2017.pdf | maarten-decat-access-control-seccappdev2017.pdf
https://handouts.secappdev.org/handouts/2016/Maarten%20Decat/presentation.pdf | PowerPoint Presentation
https://www.youtube.com/watch?v=9CJ_BAeOmW0 | (58) Deconstructing REST Security by David Blevins - YouTube
https://www.youtube.com/watch?v=u2CVkZaNr94 | (57) 413 Need More Sleep REST Could Help Drew Branch - YouTube
https://websec.be/resources/slides/ | Slides
https://websec.be/blog/codeeurope-2017/ | Common API Security Pitfalls
https://websec.be/blog/owaspbenelux-2017/ | Common REST API Security Pitfalls

https://github.com/sogko/graphql-schema-language-cheat-sheet | sogko/graphql-schema-language-cheat-sheet: GraphQL Shorthand Notation Cheat Sheet
https://coursehunters.net/course/prodvinutyy-graphql | Продвинутый GraphQL - Видеоуроки
https://github.com/FrontendMasters/intro-to-graphql | FrontendMasters/intro-to-graphql: Learn to create GraphQL APIs
https://docs.google.com/presentation/d/1IFirA70uc_GmrOS6WQh2Uy_N09yqpNPTWD-zgxA4MXE/edit#slide=id.g28b4bbfb40_0_27 | API's with Node - Google Slides
https://github.com/FrontendMasters/api-design-node-v2 | FrontendMasters/api-design-node-v2: Code and exercises for API Design in Node.js, v2: REST & GraphQL
https://devhints.io/graphql | GraphQL cheatsheet
https://medium.com/open-graphql/graphql-1-140fab436942 | Why GraphQL? – Open GraphQL – Medium
https://blog.goodapi.co/rest-vs-graphql-a-critical-review-5f77392658e7 | REST vs. GraphQL: A Critical Review – Good API
https://jsjaspreet.com/blog/graphql-best-practices | JS - Blog - GraphQL Best Practices
https://medium.freecodecamp.org/five-common-problems-in-graphql-apps-and-how-to-fix-them-ac74d37a293c | Five Common Problems in GraphQL Apps (And How to Fix Them)
https://coursehunters.net/course/fm-graphql | GraphQL (Frontendmaster) - Видеоуроки
https://slides.com/scotups/intro-to-graphql#/20 | Intro to GraphQL
https://raw.githubusercontent.com/sogko/graphql-shorthand-notation-cheat-sheet/master/graphql-shorthand-notation-cheat-sheet.png | graphql-shorthand-notation-cheat-sheet.png (2526×1785)
https://frontendmasters.com/courses/advanced-graphql/ | Learn Advanced GraphQL - Write Production-Ready GraphQL APIs with Scott Moss
https://philippeharewood.com/view-saved-offers-of-another-user/ | View saved offers of another user – These aren't the access_tokens you're looking for
https://medium.freecodecamp.org/so-whats-this-graphql-thing-i-keep-hearing-about-baf4d36c20cf | So what’s this GraphQL thing I keep hearing about? – freeCodeCamp.org
https://medium.freecodecamp.org/five-common-problems-in-graphql-apps-and-how-to-fix-them-ac74d37a293c | Five Common Problems in GraphQL Apps (And How to Fix Them)
https://medium.freecodecamp.org/the-5-things-you-need-to-know-to-understand-react-a1dbd5d114a3 | React’s Five Fingers of Death. Master these five concepts, then master React.
https://www.howtographql.com/basics/2-core-concepts/ | GraphQL Core Concepts Tutorial
https://facebook.github.io/relay/docs/en/prerequisites.html | Prerequisites · Relay
https://graphql.org/learn/ | Introduction to GraphQL | GraphQL
https://www.slideshare.net/NeeluTripathy2/pentesting-graphql-applications | Pentesting GraphQL Applications
https://graphqlmastery.com/blog/graphql-security-in-node-js-project | GraphQL security in Node.js project
https://summit.graphql.com/speakers/ | GraphQL Summit 2018
https://ithelp.ithome.com.tw/articles/10208008?sc=iThelpR | GraphQL Design: Two or three things about Security - iT State Help:: Helping solve problems and save IT people's day together
https://github.com/2fd/graphdoc | 2fd/graphdoc: Static page generator for documenting GraphQL Schema
https://xzfile.aliyuncs.com/ | https://xzfile.aliyuncs.com
https://www.oreilly.com/library/view/hands-on-graphql-for/9781788995627/video5_3.html | Handling Security - Hands-on GraphQL for Better RESTful Web Services [Video]
https://teamtreehouse.com/library/introduction-to-graphql | Introduction to GraphQL Course
http://localhost:3000/ | Playground - http://localhost:3000/
https://developer.github.com/v4/explorer/ | GraphQL API Explorer | GitHub Developer Guide
https://github.com/arkadiyt/bounty-targets-data/blob/master/data/hackerone_schema.graphql | bounty-targets-data/hackerone_schema.graphql at master · arkadiyt/bounty-targets-data
https://github.com/arkadiyt/bounty-targets-data/blob/master/data/hackerone_schema.graphql | bounty-targets-data/hackerone_schema.graphql at master · arkadiyt/bounty-targets-data
https://www.youtube.com/watch?v=loA3FwbVt90&index=4&t=0s&list=PLpi1lPB6opQzSqSuIkDbIL7f73EXcjB_7 | (57) Testing GraphQL (Jake Dawkins) - YouTube
https://www.youtube.com/watch?v=NKMDBH0CWHs&index=13&t=0s&list=PLpi1lPB6opQzSqSuIkDbIL7f73EXcjB_7 | (57) GraphQL for a Payments API: Challenges and Lessons (Sadique Ali Koothumadan) - YouTube
https://www.youtube.com/watch?v=NDrZi1b87C8&index=21&t=0s&list=PLpi1lPB6opQzSqSuIkDbIL7f73EXcjB_7 | (57) Hidden Gems of a GraphQL Query (Ivan Goncharov) - YouTube
https://www.youtube.com/watch?v=mOirp6cfMW4&index=34&t=0s&list=PLpi1lPB6opQzSqSuIkDbIL7f73EXcjB_7 | (57) Improving the GitHub Developer Experience with GraphQL (Brian Douglas) - YouTube
chrome://downloads/ | Downloads
https://voidsec.com/graphql-security-overview-and-testing-tips/ | GraphQL - Security Overview and Testing Tips - VoidSec
https://labs.detectify.com/2018/03/14/graphql-abuse/ | GraphQL abuse: Bypass account level permissions through parameter smuggling
https://twitter.com/jon_bottarini | Jon Bottarini (@jon_bottarini) | Twitter
https://hackerone.com/ldionmarcil?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Aldionmarcil&querystring=&page=1 | ldionmarcil's HackerOne Profile
https://hackerone.com/tts | HackerOne
https://twitter.com/GuidoVranken | Guido Vranken (@GuidoVranken) | Twitter
http://stamone-bug-bounty.blogspot.com/2017/10/dom-xss-auth_14.html?spref=tw | StamOne_

https://pastebin.com/n6uEj79E | Authentication/ATO-Bypass - Pastebin.com
https://support.insomnia.rest/article/23-installation#linux | Installation - Insomnia
https://twitter.com/kapytein/status/1020365823494557696 | kapytein on Twitter: "I've added some information about how I found this issue in the summary of the report. Keep an eye on the @Hacker0x01 GraphQL schema every now and then, to keep yourself updated with the upcoming features.. (and you know what new features often bring...) https://t.co/faNUzPhW61"
https://twitter.com/kapytein | kapytein (@kapytein) | Twitter
https://twitter.com/disclosedh1/status/1020364011861422081 | publiclyDisclosed on Twitter: "HackerOne disclosed a bug submitted by kapytein: https://t.co/yAhmw7Yskx - Bounty: $2,500 #hackerone #bugbounty… "
https://hackerone.com/reports/380317 | #380317 Team object exposes amount of participants in a private program to non-invited users
https://blog.securitybreached.org/2018/09/07/rce-jenkins-instance-dosomething-org-bug-bounty-poc/ | RCE Unsecure Jenkins Instance | Bug Bounty POC - Security Breached Blog
https://blog.securitybreached.org/2017/12/10/how-i-was-able-to-takeover-facebook-account-bug-bounty-poc/ | HOW I WAS ABLE TO TAKEOVER FACEBOOK ACCOUNT | Bug Bounty Poc - Security Breached Blog
https://blog.securitybreached.org/2018/09/16/idor-account-takeover-using-facebook/ | IDOR User Account Takeover By Connecting My Facebook Account with victims Account - Security Breached Blog
http://kb.entersoft.co.in/vulnerabilities/blind-sql-injection.html | Blind Sql Injection
https://github.com/rojan-rijal/Subdomains | rojan-rijal/Subdomains: Subdomains of Some sites
https://www.bugbountynotes.com/training/tutorial?id=6 | BugBountyNotes.com | Collaborate and work with other security researchers on bug bounties
https://hackerone.com/reports/143717 | #143717 Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
https://gist.github.com/mhmdiaa/2742c5e147d49a804b408bfed3d32d07 | waybackrobots.py
https://twitter.com/hosseeb/status/1055883959551221760 | Haseeb Qureshi on Twitter: "Don't "work harder." Instead: Cut away distractions. Stop doing fake work. Ask for help. Plan. Solicit criticism. Automate what can be automated. Engage your mentors. Exercise. Get more sleep. Whatever you do, don't "work harder." It's pretty much never the answer."
https://medium.com/@_bl4de | bl4de – Medium

http://www.pepcoding.com/resources.html | PepCoding.com
https://web.whatsapp.com/ | (17) WhatsApp
https://docs.google.com/spreadsheets/d/1baOu0Vo06sO2twN0EgG8K4IDvvq2J2Y6HUq4WHpXTYw/edit#gid=31135632 | Batches Calendar - Google Drive
https://pastebin.com/edit/mJf1UFpE | Edit Paste: mJf1UFpE - Pastebin.com
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://paper.li/mobilesecurity/1338849548#/tag-mobilesecurity | #mobilesecurity - #MobileSecurity - Daily News
https://trustfoundry.net/referer-redirection-inconspicuous-danger/ | Referer Redirection and Its Inconspicuous Danger - TrustFoundry
https://trustfoundry.net/exploiting-java-deserialization-on-jboss/ | Shells in Your Serial - Exploiting Java Deserialization on JBoss - TrustFoundry
https://trustfoundry.net/jwt-hacking-101/ | JWT Hacking 101 - TrustFoundry
https://twitter.com/s0md3v/status/1075310630314209280 | Somdev Sangwan on Twitter: "CSRF mind map ❤️ Source: https://t.co/dfq6pJL2ip… "
https://twitter.com/kapytein/status/1075198603000455168 | kapytein on Twitter: "Testing a GraphQL API? Use https://t.co/KIE7m0Teje. It has GraphQL query autocompletion (as it automatically fetches the schema), which makes testing so much easier. Not sure who recommended this to me. It is been around for some time."
https://hackedu.io/hacktivity/xxe-in-site-audit-function | Interactive Cybersecurity Training | HackEDU
https://www.speedtest.net/ | Speedtest by Ookla - The Global Broadband Speed Test
https://zonksec.com/blog/jwt-hacking-101/ | ZonkSec - JWT Hacking 101
https://www.slideshare.net/snyff/jwt-insecurity | Jwt == insecurity?
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6 | Hacking JSON Web Token (JWT) – 101-writeups – Medium
https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec | 5 Easy Steps to Understanding JSON Web Tokens (JWT)

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://gdgnd.org/users/sign_in | Google Developer Group
https://evren.ninja/dom-xss-trusted-types.html | E-LAB
https://github.com/glennzw/shodan-hq-nse | glennzw/shodan-hq-nse: Shodan HQ nmap plugin - passively scan targets
https://github.com/nahamsec/lazyrecon | nahamsec/lazyrecon: This script is intended to automate your reconnaissance process in an organized fashion
https://github.com/nahamsec/bbht | GitHub - nahamsec/bbht: A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
https://github.com/nahamsec/recon_profile/blob/master/bash_profile | recon_profile/bash_profile at master · nahamsec/recon_profile · GitHub
https://github.com/nahamsec/JSParser | GitHub - nahamsec/JSParser
https://juejin.im/entry/58f43b0c61ff4b0058fd734d | 跨站的艺术 - XSS Fuzzing 的技巧 - 阅读 - 掘金
https://juejin.im/post/5bbff9f7e51d450e8b1404c4 | JWT 详细分析 - 掘金
https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_248 | BUG BOUNTY FUNSHOP - Google Slides
https://tomnomnom.com/talks/passiveish.pdf | https://tomnomnom.com/talks/passiveish.pdf
https://pastebin.com/edit/E1HAEFZf | Edit Paste: E1HAEFZf - Pastebin.com

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/Alra3ees | Emad Shanab (@Alra3ees) | Twitter
https://medium.com/@_bl4de/hidden-directories-and-files-as-a-source-of-sensitive-information-about-web-application-84e5c534e5ad | Hidden directories and files as a source of sensitive information about web application
https://twitter.com/x0rz/status/1052899891624710145 | x0rz on Twitter: "Nginx off-by-slash vulnerability, cool trick presented by @orange_8361 at #hacklu… "
https://github.com/leonardomso/33-js-concepts | leonardomso/33-js-concepts: 📜 33 concepts every JavaScript developer should know.
https://github.com/30-seconds/30-seconds-of-code | 30-seconds/30-seconds-of-code: Curated collection of useful JavaScript snippets that you can understand in 30 seconds or less.
https://github.com/30-seconds/30-seconds-of-code | 30-seconds/30-seconds-of-code: Curated collection of useful JavaScript snippets that you can understand in 30 seconds or less.
https://medium.com/@zseano/its-all-in-the-detail-email-leak-account-takeover-thanks-to-waybackmachine-extensive-4be365580dd7 | It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive…
https://www.bugbountynotes.com/forum/viewforum?view=learning | View Learning/Training forum | BugBountyNotes.com
https://blog.teknogeek.io/ | Curiosity With a Side of Chaos
https://www.google.com/search?q=zseno+bug+hunting+methodology+bug+bounty+notes&oq=zseno+bug+hunting+methodology+bug+bounty+notes&aqs=chrome..69i57.13929j0j4&sourceid=chrome&ie=UTF-8 | zseno bug hunting methodology bug bounty notes - Google Search
https://medium.com/@infosecsanyam/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65 | BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs)
https://github.com/jhaddix/tbhm | jhaddix/tbhm: The Bug Hunters Methodology
https://www.bugbountynotes.com/explore/viewbug?id=2011 | BugBountyNotes.com | Disclosed Bug on Shopify found by zseano
https://www.bugbountynotes.com/explore/viewbug?id=2625 | BugBountyNotes.com | Disclosed Bug on Hackerone found by zseano
https://www.bugbountynotes.com/challenge?id=3 | "There's cross site request forgery (CSRF) protection, but how good is it?" bugbounty challenge | BugBountyNotes.com
https://www.bugbountynotes.com/challenge?id=3 | "There's cross site request forgery (CSRF) protection, but how good is it?" bugbounty challenge | BugBountyNotes.com
https://github.com/mystech7/Burp-Hunter | mystech7/Burp-Hunter: XSS Hunter Burp Plugin
https://wiki.mozilla.org/Security/FirefoxOperations#Security_Checklist | Security/FirefoxOperations - MozillaWiki
https://tomnomnom.com/talks/webvulns.pdf | webvulns.pdf
https://www.youtube.com/watch?v=tqFqN8A7waQ&feature=youtu.be | (25) Modern web application bugs - Erlend Oftedal - YouTube
https://twitter.com/zseano/status/1072477805265543168 | zseano💫 on Twitter: "Interesting URL redirect 'bypass'. So their filter made it so you could only redirect to /path or http(s)://hardcoded.theirdomain.com/path - except if you just simply added "puter", it would redirect to https://t.co/n5z1c5TyAT - and in 2018, that's a valid TLD. :D #BugBountyTip"
https://hackerone.com/reports/426147 | #426147 CORS misconfig | Account Takeover
https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_248 | BUG BOUNTY FUNSHOP - Google Slides
https://github.com/GerbenJavado/LinkFinder | GerbenJavado/LinkFinder: A python script that finds endpoints in JavaScript files
https://tomnomnom.com/talks/passiveish.pdf | passiveish.pdf
https://www.youtube.com/watch?v=DvS_ew77GXA | (25) Passive-ish Recon Techniques by Tom Hudson - YouTube
https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f | Bug Bounty Toolkit – BugBountyHunting – Medium
https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-1-always-read-the-source-code-f5a56ee242df | Bug Bounty Hunting Tips #1— Always read the source code
https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-2-target-their-mobile-apps-android-edition-f88a9f383fcc | Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)
https://github.com/dxa4481/truffleHog | dxa4481/truffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history
https://tomnomnom.com/talks/big-numbers.pdf | big-numbers
https://tomnomnom.com/talks/domxss.pdf | domxss.pdf
https://tomnomnom.com/talks/advxss.pdf | advxss.pdf
https://tomnomnom.com/talks/webvulns.pdf | webvulns.pdf
https://www.youtube.com/results?search_query=Tom+Hudson+Web+Vulnerabilities | (25) Tom Hudson Web Vulnerabilities - YouTube
https://www.youtube.com/watch?v=sY7pUJU8a7U&t=1483s | (25) Application Security - Understanding, Exploiting and Defending against Top Web Vulnerabilities - YouTube

https://www.youtube.com/watch?v=rObhS5WQSM8&list=PL-giMT7sGCVI9T4rKhuiTG4EDmUz-arBo&index=2 | (508) Sunny Wear's Brakeing Down Security Web App Sec Training #2 - YouTube
https://www.youtube.com/watch?v=h2duGBZLEek | (508) Bugcrowd University - Introduction to Burp Suite - YouTube
https://www.youtube.com/watch?v=vKudm1kDu8k&t=328s | (508) SANS Webcast: Web Hacking with Burp Suite - YouTube
https://www.facebook.com/ | Facebook

file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
https://noteshub.co.in/Communication-Skills-for-Professionals | Communication Skills for Professionals | NotesHub
https://noteshub.co.in/uploads/2017/notes/CSP2017-11-30%2014:51:45.pdf | CSP

https://immersivelabs.online/jobs/iml-pgi-0068 | PGI Intern - Jobs - Immersive Labs
https://www.pgitl.com/training/e-learning | E-Learning | PGI
https://www.managed.sa/ | Managed Services
https://www.youtube.com/playlist?list=WL | (506) Watch Later - YouTube
https://www.youtube.com/watch?v=jBi3a-dXsM8&t=225s&index=14&list=WL | (506) Hidden in Plain Site: Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017 - YouTube
https://www.youtube.com/watch?v=Qw1nNPiH_Go&index=3&list=PLIK9nm3mu-S6gCKmlC5CDFhWvbEX9fNW6&t=674s | (506) LevelUp 0x02 - Bug Bounty Hunter Methodology v3 - YouTube
https://www.youtube.com/watch?v=94-tlOCApOc&index=4&list=PLIK9nm3mu-S4K4jMHwtplbrE1JMg0jyN- | (506) Bugcrowd University - Broken Access Control Testing - YouTube
https://www.youtube.com/watch?v=VeW_G4xoh5Q&index=8&list=PLIK9nm3mu-S5InvR-myOS7hnae8w4EPFV | OWASP iGoat - Learning iOS App Penetration Testing & Defense - Swaroop Yermalkar, LevelUp 2017 - YouTube
https://www.youtube.com/watch?v=9ADubsByGos&t=16s&index=17&list=WL | PHV 2016, "How to Find 1,352 Wordpress XSS Plugin Vulnerabilities...." by Larry Cashdollar - YouTube
https://www.youtube.com/watch?v=k12u-76CarE&t=411s&index=21&list=WL | (506) ​Beyond the OWASP Top 10 - Modern web application bugs - NDC Security 2018 - YouTube
https://twitter.com/webtonull?lang=en | Erlend Oftedal (@webtonull) | Twitter
https://twitter.com/PhilippeDeRyck | Philippe De Ryck (@PhilippeDeRyck) | Twitter
https://pragmaticwebsecurity.com/index.html#courses | Pragmatic Web Security
https://pragmaticwebsecurity.com/talks/commonapisecuritypitfalls | Common API security pitfalls
https://vimeo.com/289491341 | Common API security pitfalls : Philippe De Ryck on Vimeo
https://essentials.pragmaticwebsecurity.com/ | Web Security Essentials - A Pragmatic Web Security course
https://angularmasterclass.pragmaticwebsecurity.com/ | Angular Security Masterclass - A Pragmatic Web Security course
https://cheatsheets.pragmaticwebsecurity.com/ | Security Cheat Sheets by Pragmatic Web Security
https://pragmaticwebsecurity.com/talks/owaspasvs.html | From the OWASP top 10(s) to the OWASP ASVS
https://ng-be.org/workshops/2018/12/security-in-angular-pragmatic-web-security | Security in Angular — NG-BE
https://www.zdnet.com/article/deserialization-issues-also-affect-ruby-not-just-java-php-and-net/ | Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNet
https://www.zdnet.com/article/steam-bug-could-have-given-you-access-to-all-the-cd-keys-of-any-game/ | Steam bug could have given you access to all the CD keys of any game | ZDNet
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/ | Bypassing and exploiting Bucket Upload Policies and Signed URLs
https://www.oreilly.com/library/view/building-a-modern/9781492044680/ | Building a Modern Security Program [Book]
https://github.com/frohoff/ysoserial | frohoff/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet | GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities
http://labsdetectify.wpengine.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/ | Hostile Subdomain Takeover using Heroku/Github/Desk + more
http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf | AppSecEU15-Server_side_browsing_considered_harmful.pdf
https://portswigger.net/blog/practical-web-cache-poisoning | Practical Web Cache Poisoning | Blog
https://hackerone.com/reports/341876 | #341876 SSRF in Exchange leads to ROOT access in all instances
https://cse.google.com/cse?cx=partner-pub-3256770407637090%3A2007347459&ie=UTF-8&q=dork&sa=Search&siteurl=www.irongeek.com%2F&ref=www.google.com%2F&ss=472j75250j4 | Google Custom Search
https://www.youtube.com/results?search_query=google+dorks+bsides | (506) google dorks bsides - YouTube
https://gbhackers.com/latest-google-dorks-list/ | Google Dorks List 2018 For Ethical Hacking and Penetration Testing
https://edgylabs.com/google-dorks-list | The Latest Google Dorks List and how to use it for Good
https://twitter.com/Alra3ees/status/1028830688932491264 | Emad Shanab on Twitter: "Dorkme:- Is a tool designed to facilitate the search for vulnerabilities with Google Dorks, such as sql injection vulnerabilities. Source:- https://t.co/XLWX0Uh1nt Demo: https://t.co/xmJthPGdlI"
chrome://bookmarks/?q=shodan | Bookmarks
https://github.com/jhaddix/tbhm/blob/master/12_IDOR.markdown | tbhm/12_IDOR.markdown at master · jhaddix/tbhm
https://github.com/jhaddix/tbhm/blob/master/10_Mobile.md | tbhm/10_Mobile.md at master · jhaddix/tbhm

https://pastebin.com/LEHfnLAw | [Markdown] GraphQl - Pastebin.com
https://www.youtube.com/watch?v=1N-O07SRuxY | In graph we trust: Microservices, GraphQL and security challenges - DevSecCon Singapore 2018 - YouTube
https://appseceurope2018a.sched.com/speaker/mohammed_a_imran.1y393q96 | Mohammed Imran - AppSec Europe 2018
https://www.youtube.com/channel/UCgxhfP2Hi8MQYz6ZkwpLA0A/videos | DevSecCon - YouTube
https://www.youtube.com/ | YouTube
https://twitter.com/ | (*) Twitter
https://www.slideshare.net/NeeluTripathy2/pentesting-graphql-applications | Pentesting GraphQL Applications
https://www.slideshare.net/ | Share and Discover Knowledge on LinkedIn SlideShare
https://twitter.com/freebuf | FreeBuf (@freebuf) | Twitter
https://philippeharewood.com/view-the-facebook-stories-for-any-media-effect/ | View the Facebook stories for any media effect – These aren't the access_tokens you're looking for
https://www.slideshare.net/secfigo/in-graph-we-trust-microservices-graphql-and-security-challenges | In graph we trust: Microservices, GraphQL and security challenges
https://www.slideshare.net/secfigo/strengthen-and-scale-security-for-a-dollar-or-less | Strengthen and Scale Security for a dollar or less
https://www.moesif.com/blog/technical/graphql/REST-vs-GraphQL-APIs-the-good-the-bad-the-ugly/ | REST vs GraphQL APIs, the Good, the Bad, the Ugly | Moesif’s Musings on Software
https://www.practo.com/delhi/doctor/dr-susan-k-s-ear-nose-throat-ent-specialist/info | Dr. Susan K S - Book Appointment Online, View Fees, Feedbacks | Practo
http://daitebi.com.br/nasofibroscopia-o-que-e-como-e-realizado-para-que-serve-como-e-feito/ | Nasofibroscopia: o que é? Como é realizado? Para que serve? Como é feito? | Daitebi
https://www.youtube.com/watch?v=wbbMgOZEQas | Authentication and Authorization in GraphQL | Prosper Otemuyiwa | BuzzJS 3.1 2018 - YouTube
https://www.youtube.com/watch?v=4_Bcw7BULC8 | Ryan Chenkie - Handling Authentication and Authorization in GraphQL - YouTube
https://www.youtube.com/watch?v=Urk5vPGnkeg | Zero Back To Back Funny Moments | Shahrukh Khan, Katrina, Anushka | Zero Official Trailer Launch - YouTube
https://github.com/br3akp0int/GQLParser | br3akp0int/GQLParser: A repository for GraphQL Extension for Burp Suite
https://medium.com/paypal-engineering/graphql-resolvers-best-practices-cd36fdbcef55 | GraphQL Resolvers: Best Practices – PayPal Engineering – Medium
https://hackernoon.com/piecing-together-graphql-ca6739cd8205 | Piecing Together GraphQL – Hacker Noon
https://medium.com/airbnb-engineering/how-airbnb-is-moving-10x-faster-at-scale-with-graphql-and-apollo-aa4ec92d69e2 | How Airbnb is Moving 10x Faster at Scale with GraphQL and Apollo
https://medium.com/open-graphql/reasonml-with-graphql-the-future-of-type-safe-web-applications-65be2e8f34c8 | ReasonML with GraphQL, the Future of Type-Safe Web Applications
https://www.programmableweb.com/news/top-5-things-to-remember-when-adding-graphql-backend/analysis/2018/10/01 | Top 5 things to Remember When Adding a GraphQL Backend | ProgrammableWeb
https://medium.com/paypal-engineering/graphql-resolvers-best-practices-cd36fdbcef55 | GraphQL Resolvers: Best Practices – PayPal Engineering – Medium
https://medium.com/netflix-techblog/our-learnings-from-adopting-graphql-f099de39ae5f | Our learnings from adopting GraphQL – Netflix TechBlog – Medium
https://kajansiva.gitbook.io/knowledge/daily/2018/december/12_11_2018 | Knowledge

https://www.freebuf.com/articles/web/10099.html | WAF bypassed the singularity - FreeBuf Internet Security New Media Platform
http://wafbypass.me/w/index.php/Main_Page | wafbypass.me | 522: Connection timed out
http://tech-technical.com/index.php/2015/11/11/waf-bypass-sql-injection-tutorial/
http://webvuln.blogspot.com/2015_04_01_archive.html | Tricks And Tips: April 2015
http://www.wooyun.org/bugs/wooyun-2014-089426 | 升级中
https://forum.90sec.org/forum.php?mod=viewthread&tid=9133 | 提示信息 - 九零
http://www.idiot-attacker.com/2016/02/macam-macam-kode-bypass-waf.html | Macam-macam kode Bypass WAF - Idiot Attacker
https://github.com/borbelyau/bypass-waf-ids-ips/blob/master/evasionsqli_methods | bypass-waf-ids-ips/evasionsqli_methods at master · borbelyau/bypass-waf-ids-ips

https://pastebin.com/S4nHhEZW | CORS - Pastebin.com
https://appsecwiki.com/#/serversidesecurity?id=ssrf | Server Side Security - Application Security Wiki
https://www.youtube.com/watch?v=K_ElxRc9LLk | (496) Server-Side Request Forgery (SSRF) - Web Application Security Series #1 - YouTube
https://www.corben.io/tricky-CORS/ | Tricky CORS Bypass in Yahoo! View – Corben Leo – Information Security Blog
https://medium.com/bugbountywriteup/the-design-and-implementation-of-ssrf-attack-framework-550e9fda16ea | All you need to know about SSRF and how may we write tools to do auto-detect
https://medium.com/@Auxy233 | Auxy – Medium
https://github.com/C0RB3N?tab=repositories | C0RB3N (Corben Leo) / Repositories
https://www.corben.io/advanced-cors-techniques/ | Advanced CORS Exploitation Techniques – Corben Leo – Information Security Blog
http://zeroyu.xyz/2018/03/06/introduction-to-ssrf/ | Understanding SSRF, this one is enough
https://www.bugcrowd.com/resource/broken-access-control-testing/ | Broken Access Control Testing | Bugcrowd
https://hackerone.com/reports/223203 | #223203 SVG Server Side Request Forgery (SSRF)
http://zeroyu.xyz/2018/03/06/introduction-to-ssrf/ | 了解SSRF,这一篇就足够了
https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb | Cloud Metadata Dictionary useful for SSRF Testing
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/ | From blind XXE to root-level file read access | Honoki
https://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326 | Exploiting SSRF like a Boss! – Zain Sabahat – Medium
http://api.hackertarget.com/reverseiplookup/?q= | api.hackertarget.com/reverseiplookup/?q=
https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a | Piercing the Veil: Server Side Request Forgery to NIPRNet access
http://blog.safebuff.com/2016/07/03/SSRF-Tips/ | SSRF Tips | xl7dev
https://si9int.sh/article/6 | SI9INT
https://klikki.fi/adv/wpgform.html | Klikki Oy - Google Forms (WordPress plugin) SSRF vulnerability
https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/ | Security Bugs in Practice: SSRF via Request Splitting
https://twitter.com/gwendallecoguic/status/1000023180101201921 | Gwendal Le Coguic on Twitter: "On a sife we have people fighting for XSS/CSRF/IDOR, like me, and on the other side we have ufos that bring #bugbounty to the next level with georgous findings from nowhere. Congratulations @0xACB it's a great lesson for hunters, companies, everyone. https://t.co/rnHcW1uNp3"
https://twitter.com/saurinn_/status/1031219232661495809 | Manuel 👁️ on Twitter: "But why?… "
https://hackerone.com/reports/374737 | HackerOne
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ | Into the Borg – SSRF inside Google production network | OpnSec
https://hackerone.com/reports/356765 | HackerOne
https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4 | How i found an SSRF in Yahoo! Guesthouse (Recon Wins)
https://medium.com/@mleblanc_82306 | Maxime Leblanc – Medium
https://www.youtube.com/watch?v=TrBUrVDlc20 | Hackfest 2015: Nicolas Grégoire presented "Server Side Browsing" - YouTube
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Tsai | DEF CON® 25 Hacking Conference - Talks
https://github.com/m6a-UdS/ssrf-lab | m6a-UdS/ssrf-lab: Lab for exploring SSRF vulnerabilities
https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6 | Privilege escalation in the Cloud: From SSRF to Global Account Administrator
https://www.youtube.com/watch?v=XvN25xG75x0 | (496) DON’T MISS: Anushka Sharma and Katrina Kaif’s EXCLUSIVE Full Interview | ZERO - YouTube

https://pastebin.com/u/Drvirus1911 | Drvirus1911's Pastebin - Pastebin.com
https://philippeharewood.com/facebookbugbounties.txt | https://philippeharewood.com/facebookbugbounties.txt
https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_357 | BUG BOUNTY FUNSHOP - Google Slides
https://medium.com/ehsahil/getting-started-in-bug-bounty-7052da28445a | Getting started in Bug Bounty – ehsahil – Medium
https://www.youtube.com/watch?time_continue=6&v=Qw1nNPiH_Go | (493) LevelUp 0x02 - Bug Bounty Hunter Methodology v3 - YouTube
https://www.youtube.com/watch?v=mQjTgDuLsp4&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | (493) Nicolas Grégoire - Hunting for Top Bounties - YouTube
https://www.facebook.com/notes/phwd/a-facebook-graphql-crash-course/1189337427822946 | (5) A Facebook GraphQL crash course
https://www.facebook.com/notes/phwd/facebook-api-bug-bounties-the-basic-sauce/818002471623112 | (5) Facebook API Bug Bounties - The Basic Sauce
https://developers.facebook.com/docs/graph-api/overview/ | Overview - Graph API
https://developers.facebook.com/docs/graph-api/reference/ | Graph API Reference
https://developers.facebook.com/graph-academy/ | Graph Academy - Facebook for Developers
https://www.pluralsight.com/courses/beginner-facebook-development | Introduction to the Facebook Graph API | Pluralsight
https://www.youtube.com/results?search_query=graph+api | (493) graph api - YouTube
https://www.youtube.com/watch?v=4TbnZAFTqAI&t=1s | (493) Facebook graph API testing ! And Secret Method to create multiple user id for same user ! - YouTube
https://www.0daydown.com/?s=Introduction+to+the+Facebook+Graph+API | Introduction to the Facebook Graph API | 0DayDown
https://learnflakes.net/?p=torrents&pid=10 | LearnFlakes.Net -Learning Community
http://ww7.learningdl.com/?z | ww7.learningdl.com/?z
https://www.youtube.com/watch?v=WvOrWq2-5cE | (493) Secrets of My Beard | My Beard Grow Journey | How to Grow Beard | - YouTube

https://www.youtube.com/watch?v=-gUkNAHR0jY&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) FileCry - The New Age Of XXE - YouTube
https://www.youtube.com/watch?v=v_5dTJYjSMA&list=PLoDjojPzHp2VtA6_UVO0uxtd6iNHaA0Sl | (488) t505 SWF Seeking Lazy Admin for Cross Domain Action Seth Art - YouTube
https://www.youtube.com/watch?v=XeeLkBkjLl0&index=6&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Black Hat USA 2015 - Abusing XSLT For Practical Attacks - YouTube
https://www.youtube.com/watch?v=oEUSNk8XAQY&index=7&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Vladimir Vorontsov - Blind XXE injections - YouTube
https://www.youtube.com/watch?v=Zl8U2YVp2lw&index=9&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Introduction to XML External Entity Injection (ISSA KY Workshop) - YouTube
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/ | Pentest Tips and Tricks – EK
https://www.youtube.com/results?search_query=race+condition+OWASP | (488) race condition OWASP - YouTube
https://www.youtube.com/channel/UCo7g5wKeNu32YIziwDqempw/videos | (488) SecureSet - YouTube
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://hackerone.com/reports/409380 | #409380 Stored XSS in merge request pages
https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/ | Offensive Security Bookmarks – EK
https://github.com/coreb1t/awesome-pentest-cheat-sheets | coreb1t/awesome-pentest-cheat-sheets: Collection of the cheat sheets useful for pentesting
https://github.com/tanprathan | tanprathan (Prathan Phongthiproek)
https://www.linkedin.com/in/pprathan/?originalSubdomain=th | (1) Prathan Phongthiproek | LinkedIn
https://github.com/jshaw87/Cheatsheets | Page not found · GitHub
https://github.com/coodict/javascript-in-one-pic | coodict/javascript-in-one-pic: Learn javascript in one picture.
https://code.google.com/archive/p/pentest-bookmarks/wikis/BookmarksList.wiki | Google Code Archive - Long-term storage for Google Code Project Hosting.
https://github.com/swisskyrepo/PayloadsAllTheThings | swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ | Penetration Testing Tools Cheat Sheet
https://twitter.com/trimstray/status/1068095885026955264 | trimstray on Twitter: "My top 5 @Burp_Suite extensions: - Random IP Address Header - CSP-Bypass - BypassWAF - Autorize - Hackvertor Which one do you use most often? or any other? #security #pentest #infosec #cybersecurity #cybersec #tech #it #technology"
https://www.cyberciti.biz/security/nmap-command-examples-tutorials/ | Top 32 Nmap Command Examples For Linux Sys/Network Admins - nixCraft
https://jerrygamblin.com/2018/10/29/google-home-insecurity/ | Google Home (in)Security – JerryGamblin.com
https://medium.com/@Skylinearafat/a-very-useful-technique-to-bypass-the-csrf-protection-for-fun-and-profit-471af64da276 | A very useful technique to bypass the CSRF protection for fun and profit.
https://gist.github.com/Rhynorater/311cf3981fda8303d65c27316e69209f | BXSS - CSP Bypass with Inline and Eval
https://twitter.com/binitamshah/status/1036541096522858496 | Binni Shah on Twitter: "Web Application Firewall (WAF) Evasion Techniques Part - 3 : Uninitialized Bash variable to bypass WAF : https://t.co/zRj9xsv0Dm ,Part 2 : Web Application Firewall (WAF) Evasion Techniques : https://t.co/11oAnX3Uhe , Part 1 : https://t.co/7zwnIngrDE cc @Menin_TheMiddle… https://t.co/N269avqr7i"
https://medium.freecodecamp.org/a-quick-introduction-to-web-security-f90beaf4dd41 | A quick introduction to web security – freeCodeCamp.org
https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf | jwt_security_cheatsheet - Page 1.pdf
https://twitter.com/binitamshah/status/1025982771393486848 | Binni Shah on Twitter: "Linux Post Exploitation Cheat Sheet : https://t.co/GSHVQAzRsn cc @GuifreRuiz"
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/ | Bypassing and exploiting Bucket Upload Policies and Signed URLs
http://cybersec-research.com/ssrf-on-digitalocean-site-bugbounty-tip/?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork | 404 Not Found
https://twitter.com/GoogleVRP/status/1022404220291567617 | Google Vulnerability Reward Program (VRP) on Twitter: "Don't render arbitrary HTML in Electron apps: https://t.co/fGhn2VPYUB. Good example of why we're rewarding impactful vulnerabilities and not exploits.… https://t.co/K85ePqPlVw"
https://twitter.com/rajchandel/status/1022174569757646848 | Hacking Articles on Twitter: "Collections of 150 CTF Challenges (Vulnhub+HTB) https://t.co/MrVO2vtJ0T … @VulnHub @hackthebox_eu #oscp #ctf"
https://twitter.com/Scott_Helme/status/1022035104372334592 | Scott Helme on Twitter: "I was asked to look into an XSS vulnerability on Etherscan which turned out to be caused by a custom Disqus integration: https://t.co/gc7EgvgArF"
https://twitter.com/SecurityMB/status/1021464816370798592 | Michał Bentkowski on Twitter: "Blogged! Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again. https://t.co/HKT28uQbwy"
https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html | Setting arbitrary request headers in Chromium via CRLF injection | MB blog
https://plus.google.com/114029233000745976870 | Michał Bentkowski - Google+
https://sekurak.pl/blad-bezpieczenstwa-w-aplikacji-desktopowej-google-chat-czyli-jak-uczynic-open-redirect-znow-wielkim/ | Security error in the Google Hangouts Chat desktop application - how to make Open Redirect great again
https://sekurak.pl/bezpieczenstwo-sieci-wi-fi-czesc-1/ | Bezpieczeństwo sieci Wi-Fi – część 1 (wstęp)
https://sekurak.pl/google-caja-i-xss-y-czyli-jak-dostac-trzy-razy-bounty-za-prawie-to-samo/ | Google Caja i XSS-y – czyli jak dostać trzy razy bounty za (prawie) to samo
https://sekurak.pl/facebook-wyplacil-10-latkowi-10-tys-usd-za-zgloszenie-luki-w-instagramie/ | Facebook wypłacił 10-latkowi 10 tys. USD za zgłoszenie luki w Instagramie
https://sekurak.pl/hack-the-pentagon-rusza-program-bug-bounty-prowadzony-przez-armie-usa/ | „Hack the Pentagon” — rusza program bug bounty prowadzony przez armię USA
https://sekurak.pl/dostal-10-000-od-google-za-podmiane-jednego-naglowka-header/ | He got $ 10,000 from Google for the replacement of one Header header
https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up | $7.5k Google services mix-up - Ezequiel Pereira
https://portswigger.net/kb/papers/crackingthelens-whitepaper.pdf | crackingthelens-whitepaper.pdf
https://sekurak.pl/za-jeden-prosty-xml-zgarnal-10-000-za-jednego-prostego-xml-a-zgarnal-10-000/ | Za jeden prosty XML zgarnął $10 000
https://sekurak.pl/slack-dostal-sie-do-glownego-panelu-admina-i-zgarnal-9000-w-ramach-bounty/ | Slack – dostał się do głównego panelu admina i zgarnął $9000 w ramach bounty
https://sekurak.pl/chcesz-byc-bogaty-i-slawny-kilkaset-programow-bug-bounty/ | Chcesz być bogaty i sławny? ;) Kilkaset programów bug bounty
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://0xpatrik.com/project-sonar-guide/ | Project Sonar: An Underrated Source of Internet-wide Data
https://0xpatrik.com/asset-discovery/ | Asset Discovery: Doing Reconnaissance the Hard Way
https://github.com/jobertabma?tab=repositories | jobertabma (Jobert Abma) / Repositories
https://silesiasecuritylab.com/articles/from-csrf-to-unauthorized-remote-admin-access/ | From CSRF to Unauthorized Remote Admin Access – Dawid Czagan
https://wiki.exploitpedia.org/view/OWASP_TOP_10#A1:2017-Injection | OWASP TOP 10 - wiki.exploitpedia.org
https://wiki.exploitpedia.org/view/Static_Analysis | Static Analysis - wiki.exploitpedia.org
https://twitter.com/SamiDrif | Sami 🦄 (@SamiDrif) | Twitter
https://www.youtube.com/ | (488) YouTube
https://www.youtube.com/watch?v=lEdmdCb1DT0 | (488) Who Will Save Iron Man In Endgame? - YouTube

https://pastebin.com/u/thecreat0r/1/Z4EmVYsB | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/9BSQjM3E | CSRF - Pastebin.com
https://pastebin.com/xZC446zy | SSRF - Pastebin.com
https://www.youtube.com/watch?v=rR0SnARknlk&list=PLZOToVAK85MoxxCMbxxiBbQ6pavP8aucC | (474) Cross-Site Request Forgery Explained - Part 1: Basic CSRF - YouTube
https://www.youtube.com/results?search_query=CSRF | (474) CSRF - YouTube
https://www.youtube.com/watch?v=KaEj_qZgiKY | (474) CSRF Introduction and what is the Same-Origin Policy? - web 0x04 - YouTube
https://www.youtube.com/watch?v=_JpDMFDlk3Y | (474) CSRF/XSRF/SEA SURF Kya Hote Hai ?? - YouTube
https://www.youtube.com/watch?v=5joX1skQtVE | (474) What is a CSRF? | OWASP Top 10 2013 | Video by Detectify - YouTube
https://null.co.in/events/525-delhi-null-delhi-meet-15-december-2018-combined-null-owasp-meet | null Delhi Meet 15 December 2018 Combined [null + OWASP] Meet
https://null.co.in/profile/3906-narendra-kumar | narendra kumar - null Community Profile
https://www.slideshare.net/NarendraKumar529/server-side-tempalate-injection-85399102 | Server side tempalate injection
https://tomnomnom.com/talks/advxss.pdf | advxss.pdf
https://appsecwiki.com/#/frontend?id=cross-site-request-forgery | Frontend Security - Application Security Wiki
https://philippeharewood.com/facebook-graphql-csrf/ | Facebook GraphQL CSRF – These aren't the access_tokens you're looking for
https://www.youtube.com/watch?v=NAR4nDEpD8g | (474) DVWA - CSRF ("Auto-Forcing New Passwords") - YouTube
https://www.youtube.com/results?search_query=bsides+CSRF | (474) bsides CSRF - YouTube
https://www.youtube.com/watch?v=enFcclD6nuk | BSides Boston - BruteLogic - Building Advanced XSS Vectors - YouTube
https://www.youtube.com/watch?v=vrjgD0azkCw | CSRF Explained - YouTube
http://bitspyder.net/browse.php?page=3 | .:: Bitspyder.net :: Downloads
https://learnflakes.net/?p=home&pid=1 | LearnFlakes.Net -Learning Community
https://medium.com/bugbountywriteup/csrf-account-takeover-explained-automated-manual-bug-bounty-447e4b96485b | CSRF account takeover Explained Automated/Manual — Bug Bounty
https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/ | haiderm.com | 521: Web server is down
https://twitter.com/prateek_0490/status/977764964944330753 | Prateek Tiwari on Twitter: "Also, to add to it, try and use “-1” {csrf_token=-1} as value of token and you will be amazed to see the result. 😉 #BugBounty #TogetherWeHitHarder… https://t.co/3RBhIegMPI"
https://www.youtube.com/watch?v=3KwGmKucayg&feature=youtu.be | (474) CSRF Bypass - YouTube
https://medium.com/@agrawalsmart7/what-is-csrf-how-to-bypass-the-csrf-protection-via-xss-55695f5789d7 | Hi all, and a Very Happy New Year to all, let’s Come to the topic, Today I just want to share some…
https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/ | Tricks for circumventing CSRF protection - Conference Zeronights 2017
https://hackerone.com/reports/115158 | #115158 CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION)
https://dl.packetstormsecurity.net/papers/attack/Using_XSS_to_bypass_CSRF_protection.pdf | Using XSS to bypass CSRF protection
https://blog.netspi.com/defeating-csrf-protections-expired-cross-domain-xml-domains/ | Defeating CSRF Protections Through Expired cross-domain.xml Domains
https://blog.netspi.com/fuzzing-parameters-in-csrf-resistant-applications-with-burp-proxy/ | Fuzzing Parameters in CSRF Resistant Applications with Burp Proxy
https://blog.netspi.com/netspi-sql-injection-wiki/ | NetSPI SQL Injection Wiki
https://hackerone.com/reports/233099/ | #233099 CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card
https://www.youtube.com/ | (474) YouTube

https://twitter.com/SamiDrif | Sami 🦄 (@SamiDrif) | Twitter
https://web-in-security.blogspot.com/2017/07/cors-misconfigurations-on-large-scale.html | CORS misconfigurations on a large scale
http://samidrif.net/
https://web.archive.org/web/20180813091525/https://bounty.github.com/researchers/Dharani-abss.html | Abhishek Dharani - GitHub Bug Bounty
https://www.slideshare.net/GreenD0g/deserialization-vulnerabilities | Deserialization vulnerabilities
https://hackerone.com/reports/301831 | #301831 Leaking sensitive files on Github leads to internal files (python scripts,SQL files)
https://opnsec.com/2018/03/stored-xss-on-facebook/ | Stored XSS on Facebook | OpnSec
https://www.sxcurity.pro/asus-sqli/
https://medium.com/bugbountywriteup/whats-tools-i-use-for-my-recon-during-bugbounty-ec25f7f12e6d | What tools I use for my recon during #BugBounty – InfoSec Write-ups – Medium
https://hackerone.com/reports/397527 | #397527 Leaking sensitive information on Github lead full access to all Grab Slack channels
https://pastebin.com/LEHfnLAw | [Markdown] GraphQl - Pastebin.com
https://twitter.com/snoopysecurity | (1) Sam Sanoop (@snoopysecurity) | Twitter
https://www.reddit.com/r/netsec/comments/8k5bvi/exposing_graphql_to_penetration_testers/?st=jphzadaa&sh=bf6394ca | Exposing GraphQL to Penetration Testers : netsec
https://exposingtheinvisible.org/guides/google-dorking/ | Smart searching with googleDorking | Exposing the Invisible
https://hackerone.com/reports/380317 | #380317 Team object exposes amount of participants in a private program to non-invited users

https://github.com/s-castillo/js-course-example/blob/master/course-examples/_js/simple-js.js | js-course-example/simple-js.js at master · s-castillo/js-course-example
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://github.com/chiangs/jsf-solutions2/blob/master/Module2/solutions.md#08---functions | jsf-solutions2/solutions.md at master · chiangs/jsf-solutions2
https://pastebin.com/WPMNrVzK | javascript-notes - Pastebin.com
https://www.youtube.com/watch?v=5aISC84gXBw | (468) Is The Katy Perry LOVE Story Over? Katy Finally Chats With Trevor About It | American Idol 2018 - YouTube

https://www.youtube.com/ | (459) YouTube
https://www.youtube.com/channel/UCTzvm6c3E6qH7jkO6HWn2Cg/videos | (459) UTD CSG - YouTube
https://www.youtube.com/feed/history | (459) History - YouTube
https://www.youtube.com/results?search_query=XXE | (459) XXE - YouTube
https://www.youtube.com/watch?v=BZOg_NgvP18 | (459) What Is An XXE Attack? - YouTube
https://appsecwiki.com/#/serversidesecurity?id=xxe | Server Side Security - Application Security Wiki
https://phonexicum.github.io/infosec/xxe.html | XXE
http://blkstone.github.io/2017/06/29/web-for-pentester-xxe/ | Web for Pentester XXE Resolution // Neurohazard
https://security.tencent.com/index.php/blog/msg/69 | 未知攻焉知防——XXE漏洞攻防 - 博客 - 腾讯安全应急响应中心
https://www.vsecurity.com//download/papers/XMLDTDEntityAttacks.pdf | XML Schema, DTD, and Entity Attacks
http://www.atomsec.org/%E5%AE%89%E5%85%A8/web_for_pentester_i-part-2/ | Web for pentester I part 2 – Atom Kid
https://2013.appsecusa.org/2013/wp-content/uploads/2013/12/WhatYouDidntKnowAboutXXEAttacks.pdf | OWASP
http://agrawalsmart7.com/2018/11/10/Understanding-XXE-from-Basic-to-Blind.html | Utkarsh Agrawal|Understanding Xxe From Basic To Blind
https://www.christian-schneider.net/GenericXxeDetection.html | Generic XXE Detection
https://www.christian-schneider.net/GenericXxeDetection.html | Generic XXE Detection
https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jedi | XXE: How to become a Jedi
https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html | Detecting and exploiting XXE in SAML Interfaces
https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/ | Gaining Filesystem Access via Blind OOB XXE – ∞ Growing Web Security Blog
https://www.youtube.com/watch?v=1EBWzbO8lgs&index=4&list=PLsyeobzWxl7oanwaonj3iV3rxfTdEA2gC | (459) XML Introduction 3 | Schema - YouTube
https://www.youtube.com/watch?v=eHSNT8vWLfc | (459) What You Didn't Know About XML External Entities Attacks - Timothy Morgan - YouTube
https://www.youtube.com/watch?v=2O874A5Uj3w | (459) AppSecEU 16 - C. Mainka, C. Spth, V. Mladenov - From DTD to XXE - An Evaluation of XML - Parsers - YouTube
https://appseceurope2016.sched.com/event/6XQ2/from-dtd-to-xxe-an-evaluation-of-xml-parsers | AppSec Europe 2016: From DTD to XXE: An Evaluation of XML-Pa...
http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html | @ONsec_Lab: XXE OOB exploitation at Java 1.7+
https://portswigger.net/kb/issues/00100400_xml-external-entity-injection | XML external entity injection | PortSwigger
https://blog.ninoishere.com/xxe-how-to-become-a-jedi/ | XXE: How to become a Jedi
https://www.facebook.com/pg/hacking.py/posts/?ref=page_internal | Hacking Is Sharing - Posts
https://darkweblinks.org/2018/08/10/xxe-how-to-become-a-jedi-yaroslav-babin/ | XXE: How to become a Jedi - Yaroslav Babin - Tor Hidden Service DarkWeb Links
https://blog.zsec.uk/blind-xxe-learning/ | Hunting in the Dark - Blind XXE
https://blog.ninoishere.com/tag/xxe/ | xxe - Nino

https://codeby.net/blogs/kniga-po-nmap-na-russkom/#12 | Nmap book in Russian
https://codeby.net/blogs/category/informacionnaja-bezopasnost/ | Information Security | The codeby
https://1cloud.ru/help/dns/dns_basics | Basics of working with DNS (domain name system)
https://habr.com/post/270159/ | Значимость SPF / Хабр
https://danielmiessler.com/study/dns/#gs.u_MO7iA | A DNS Primer | Daniel Miessler

https://codeby.net/threads/skanirovanie-seti-aktivnyj-fazzing-urok-5.65878/ | (1) Сканирование сети [активный фаззинг]. Урок 5 - Codeby.net - Информационная Безопасность
https://codeby.net/members/explorer.100533/#recent-content | (1) explorer | Codeby.net - Информационная Безопасность
https://codeby.net/members/pingvinich.73770/#recent-content | (1) PingVinich | Codeby.net - Информационная Безопасность
https://codeby.net/threads/aktivnyj-fazzing-poisk-subdomenov-urok-4.65842/ | (1) Активный фаззинг - поиск субдоменов. Урок 4 - Codeby.net - Информационная Безопасность
https://codeby.net/members/darklight.105361/#recent-content | (1) darklight | Codeby.net - Информационная Безопасность
https://codeby.net/threads/vzaimodejstvie-c-dns-urok-3.65828/ | (1) Взаимодействие c DNS. Урок 3 - Codeby.net - Информационная Безопасность
https://codeby.net/members/sergei-webware.66427/#recent-content | (1) Sergei webware | Codeby.net - Информационная Безопасность
https://codeby.net/threads/passivnyj-fazzing-ili-sbor-informacii-iz-otkrytyx-istochnikov.65781/ | (1) Пассивный фаззинг или сбор информации из открытых источников - Codeby.net - Информационная Безопасность
https://codeby.net/members/vertigo.72244/#recent-content | (1) Vertigo | Codeby.net - Информационная Безопасность
https://codeby.net/tags/lfi/ | (1) lfi | Codeby.net - Информационная Безопасность
https://codeby.net/threads/rukovodstvo-dlja-nachinajuschix-po-rabote-s-cenzuroj-v-internete.65642/ | (1) Руководство для начинающих по работе с цензурой в Интернете - Codeby.net - Информационная Безопасность
https://codeby.net/members/sith_ortodox.104801/#recent-content | (1) sith_ortodox | Codeby.net - Информационная Безопасность
https://codeby.net/members/i3wm.106227/#recent-content | (1) i3wm | Codeby.net - Информационная Безопасность
https://codeby.net/threads/istorii-za-kodom-na-puti-k-pravilnomu-kodu.65506/ | (1) [Истории за кодом] На пути к правильному коду. - Codeby.net - Информационная Безопасность
https://codeby.net/members/masonskoe_loje.106290/#recent-content | (1) Masonskoe_loje | Codeby.net - Информационная Безопасность
https://codeby.net/members/tayrus.74954/#recent-content | (1) Tayrus | Codeby.net - Информационная Безопасность
https://codeby.net/threads/hack-the-server-drupal.65356/ | (1) Hack the Server (Drupal) - Codeby.net - Information Security
https://codeby.net/threads/novyj-sposob-vzloma-wi-fi-avgust-2018.64485/ | (1) Новый способ взлома Wi-Fi | август 2018 - Codeby.net - Информационная Безопасность
https://codeby.net/threads/rsa-princip-raboty-algoritma-na-primerax-python-shifrovanie-v-internete-chast-1.64349/ | (1) RSA algorithm operation principle using python examples. Encryption on the Internet. Part 1. - Codeby.net - Information Security
https://codeby.net/threads/mini-framework-python-dlja-xakera-chast-4-svoj-mini-frejmvork.64083/ | (1) [Mini framework] - Python для хакера - [Часть 4] - Свой мини фреймворк - Codeby.net - Информационная Безопасность
https://codeby.net/threads/python-requests-threading-perebor-parolja-v-formax-avtorizacii.62698/ | (1) Python + requests + threading. Password search in authorization forms. - Codeby.net - Information Security
https://codeby.net/threads/anonimnyj-pentest-vpn-tor-vpn-chast-ii-reverse-shell-za-lokalnoj-setju.62656/ | (1) Анонимный пентест [VPN -> TOR -> VPN] (Часть II) - Reverse Shell за локальной сетью - Codeby.net - Информационная Безопасность
https://codeby.net/threads/pishem-skript-dlja-bruta-xehshej.62252/ | (1) Пишем скрипт для брута хэшей - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sozdanie-plagina-s-majnerom-dlja-brauzera-chrome.62202/ | (1) Создание плагина с майнером для браузера chrome - Codeby.net - Информационная Безопасность
https://codeby.net/threads/uroki-po-burp-suite-pro-chast-1-nachalo.62200/ | (1) Уроки по Burp Suite Pro Часть 1. Начало. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sposoby-zagruzki-shella-behkdora-na-sajt.61851/ | (1) Способы загрузки шелла/бэкдора на сайт. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/uchim-python-ch8-otojdem-ot-temy.61715/ | (1) Учим Python - [Ч8] - Отойдем от темы - Codeby.net - Информационная Безопасность
https://codeby.net/threads/kak-ispolzovat-shodan-api-s-python-dlja-avtomatizacii-skanirovanija-ujazvimyx-ustrojstv.61501/ | (1) Как использовать Shodan API с Python для автоматизации сканирования уязвимых устройств - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sryptography-for-beginners-chast-2-prostye-shifry.61379/ | (1) [Сryptography for beginners] - Часть 2. Простые шифры. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/nachinajuschim-kriptografija-vvedenie.61349/ | (1) [Начинающим] - Криптография. Введение. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/vzlom-web-prilozhenij-kak-pravilno-provodit-sbor-informacii-celevogo-veb-resursa.61041/ | (1) [Взлом web приложений] - Как правильно проводить сбор информации целевого веб ресурса. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/pishem-malvar-na-python-chast-i-telegram-bot.60941/ | (1) Пишем малварь на Python. Часть I. Telegram-bot. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/powerfull-dos.60856/ | (1) Powerfull Dos - Codeby.net - Информационная Безопасность
https://codeby.net/threads/powershell-dlja-xakera-chast-x-povyshenija-privilegij-skript-sherlock-ps1.60713/ | (1) PowerShell для хакера ( часть X ) Повышения привилегий . [скрипт Sherlock.ps1] - Codeby.net - Информационная Безопасность
https://codeby.net/threads/dekompiljacija-android-prilozhenij.60558/ | (1) Декомпиляция android-приложений - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-inkapsuljacija.59804/ | (1) Эксплуатация python приложений: Инкапсуляция. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-funkcija-input.59803/ | (1) Эксплуатация python приложений: функция input. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-modul-pickle.59799/ | (1) Эксплуатация python приложений: модуль pickle. - Codeby.net - Информационная Безопасность

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://www.youtube.com/watch?v=QhSdSesIu2M | Review the AttackDefense site for making penetration tests - YouTube
https://www.youtube.com/watch?v=UyaVMl91qyA | (336) AttackDefense: TShark Basics Lab Walk-through - YouTube
https://www.youtube.com/results?search_query=attackdefense&sp=CAI%253D | (336) attackdefense - YouTube
https://www.youtube.com/watch?v=e52Nd17DXs8 | (336) AttackDefence Lab ApPHP MicroBlog Remote Code Execution Solution - YouTube
https://www.youtube.com/watch?v=ZSIaTD2Dl0U | (336) AttackDefense.com: Nmap Firewall Challenge - YouTube
https://nitesculucian.github.io/2018/11/26/attackdefense-com-lfi-cve-2018-12613-exploit/ | AttackDefense.com [LFI] - CVE-2018-12613 Exploit
https://nitesculucian.github.io/ | Lucian Nitescu
https://pbs.twimg.com/media/Dq1uXfoU0AUsSh4.jpg | Dq1uXfoU0AUsSh4.jpg (893×886)
https://twitter.com/swaroopsy | Swaroop Yermalkar (@swaroopsy) | Twitter
https://github.com/rowdymehul/OWASP-s-AppSec-Israel-2018 | rowdymehul/OWASP-s-AppSec-Israel-2018: AppSec Israel 2018 will take place on 5-6 September, 2018 at Tel Aviv University, in central Tel Aviv.
http://www.rowdymehul.com/events/owasps-appsec-israel-2018/#more-1647 | OWASP’s AppSec Israel 2018 – Rowdy’s Caf`e
https://hackfest.ca/fr/formations/ios/ | iOS Mobile Application Hacking 2018
https://github.com/djadmin/awesome-bug-bounty | djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
https://www.allysonomalley.com/2018/08/06/learning-with-owasp-igoat-pentesting-with-swift/ | Learning with OWASP iGoat – Pentesting with Swift – allysonomalley.com
https://twitter.com/aseemjakhar/status/1006612530771288065 | aseemjakhar on Twitter: "T-0 And... your friendly neighborhood expliot - ioT exploitation framework can be found here https://t.co/iuxs3JREiG Please download, test, suggest and RT :)… https://t.co/a2JxzpCQJk"
http://sagarpopat.in/2017/06/07/automating-rest-api-penetration-testing-using-owasp-zap/ | Automating REST API Penetration testing using OWASP ZAP – I like building and breaking stuff
https://bitbucket.org/aseemjakhar/expliot_framework | aseemjakhar / expliot_framework — Bitbucket
https://www.bugcrowd.com/resources/ | Resources
https://schd.ws/hosted_files/appsecisrael2018/a3/Exploiting%20Smart%20Contracts%20for%20fun%20and%20profit%20-%20Erez%20Metula%20AppSec%20Labs%20-%20OWASP%20IL%202018.pdf | Microsoft PowerPoint - Exploiting Smart Contracts for fun and profit.pptx
https://www.securityjourney.com/blog/igoat-and-ios-mobile-pen-testing-s04e16/ | iGoat and iOS Mobile Pen Testing (S04E16) - Security Journey
https://app.securityjourney.com/user/sign_up | Security Journey
https://www.securityjourney.com/application-security-podcast/episodes/ | The Application Security Podcast's Episode List - Security Journey
https://www.linkedin.com/in/swaroop-yermalkar-2638b985/ | Swaroop Yermalkar | LinkedIn
https://www.youtube.com/watch?v=loHywYcwjmo&t=0s&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd&index=41 | (337) Pentesting Swift Application with OWASP iGoat - Swaroop Yermalkar - AppSecUSA 2018 - YouTube
https://www.amazon.in/Learning-Penetration-Testing-Swaroop-Yermalkar/dp/1785883259/ref=sr_1_2?ie=UTF8&qid=1503300995&sr=8-2&keywords=swaroop+yermalkar | Buy Learning iOS Penetration Testing Book Online at Low Prices in India | Learning iOS Penetration Testing Reviews & Ratings - Amazon.in
https://www.youtube.com/watch?v=FAopBbQukvI&index=46&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Single Page Applications: Is your design secure? - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=rGbpSeSyIfA&index=44&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Flying Above the Clouds: Securing Kubernetes - Jack Mannino - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=6RFh-h2n39Q&index=41&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Deserialization Vulnerability Remediation with Automated Gadget Chain Discovery - Ian Haken - YouTube
https://www.youtube.com/watch?v=t-zVC-CxYjw&index=39&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=eR-erlSOqP4&index=36&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | (336) Fixing Mobile AppSec - Sven Schleier - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=HaVEH1vFiN0&index=9&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | (337) OWASP Amass Project - Jeff Foley - YouTube
https://www.youtube.com/results?search_query=Sven+Schleier%5C | (336) Sven Schleier\ - YouTube
https://www.youtube.com/watch?v=HLeAIScDMNM | (336) Sven Schleier - OWASP Mobile Security Testing Guide MSTG - YouTube
https://www.youtube.com/watch?v=THJVzf-u7Iw&t=255s | (336) AppSec EU 2017 Fixing Mobile AppSec: The OWASP Mobile Project by Bernhard Mueller and Sven Schleier - YouTube

https://www.youtube.com/ | (333) YouTube
https://courses.knowthen.com/p/elm-beyond-the-basics | Elm Beyond the Basics | knowthen
http://bitspyder.net/browse.php?page=5 | .:: Bitspyder.net :: Downloads
https://medium.com/@Pinterest_Engineering/the-next-era-of-bug-bounty-at-pinterest-a646a72a0cd3 | The next era of Bug Bounty at Pinterest – Pinterest Engineering – Medium
https://medium.com/@hakluke/how-to-setup-an-automated-sub-domain-takeover-scanner-for-all-bug-bounty-programs-in-5-minutes-3562eb621db3 | How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
https://hawkinsecurity.com/2018/08/27/traversing-the-path-to-rce/ | Traversing the Path to RCE – ∞ Growing Web Security Blog
http://misteralfa-hack.blogspot.com/2018/03/facebook-f5-big-ip-persistence-cookie.html | Capitan Alfa: [Facebook] [F5 BIG-IP] PERSISTENCE COOKIE INFORMATION LEAKAGE
https://www.inputzero.io/p/facebook-internal-ip-disclosure.html | inputzero: Facebook Internal IP Disclosure - SSRF on Facebook | Dhiraj Mishra

https://pastebin.com/u/thecreat0r/1/Z4EmVYsB | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
https://www.youtube.com/watch?v=3iWFGFJsNa0 | (333) Web Hacking Pro Tips Deep Dive #3: Advanced Recon - YouTube
https://www.youtube.com/watch?v=1bivJl0B_bs | (333) Hacking Process - Recon - YouTube
https://twitter.com/ | (*) Twitter
https://def.camp/archives/2017/ | Archives – DefCamp 2018
https://def.camp/speaker/konrad-jedrzejczyk-3/#presentation | Konrad Jędrzejczyk – DefCamp 2018
https://www.youtube.com/watch?v=kCCWN0SRsq8&index=11&t=0s&list=PLnwq8gv9MEKhpkg2-sWdc3OV_pyXslZoL | WiFi practical hacking “Show me the passwords!” at DefCamp 2018 - YouTube
https://def.camp/speaker/marek-zmyslowski-2/#presentation | Marek Zmysłowski – DefCamp 2018
https://www.linkedin.com/in/mzmyslowski/?originalSubdomain=za | (2) Marek Zmysłowski | LinkedIn
https://www.linkedin.com/in/luciannitescu/ | (2) Nitescu Lucian | LinkedIn
https://nitesculucian.github.io/2018/07/24/msfvenom-cheat-sheet/ | Msfvenom Cheat Sheet
https://gitlab.com/r00k/kali-bash-config | Derek Rook / kali-bash-config · GitLab

https://www.speedtest.net/ | Speedtest by Ookla - The Global Broadband Speed Test

file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
https://drive.google.com/file/d/0BxDBNrqmA87UNklZbl9xYTBjclk/view | sanjay sharma.pdf - Google Drive

https://myactivity.google.com/myactivity?q=github&max=1539628199999999 | Google - My Activity
https://github.com/infoslack/awesome-web-hacking | infoslack/awesome-web-hacking: A list of web application security
https://github.com/qazbnm456/awesome-web-security#tips | qazbnm456/awesome-web-security: 🐶 A curated list of Web Security materials and resources.
https://github.com/djadmin/awesome-bug-bounty | djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

https://www.facebook.com/ | Facebook
file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
chrome://history/?q=github | History
https://github.com/vitalysim/Awesome-Hacking-Resources | vitalysim/Awesome-Hacking-Resources: A collection of hacking / penetration testing resources to make you better!
https://github.com/DoGByTe-ZN/infosec-resources4all | DoGByTe-ZN/infosec-resources4all: Only the best quality InfoSec-resources shared, based on regular sourcing of publicly available content found on the internet.
https://twitter.com/sprp77/status/985041832332746752?lang=en | Stefanie Proto 🔍 on Twitter: "My Awesome OSINT Folder https://t.co/QU5h1oUlVa #SOCMINT #infosec #data #opensource #OSINT #hack #Security #CyberSecurity #intelligence #recon #sourcecon #Infosys #API #code #dorking #SEO #awesome #SearchEngine #tools #github #infosecurity #code… https://t.co/pUcZd4AD5O"
https://github.com/jivoi/awesome-osint | jivoi/awesome-osint: A curated list of amazingly awesome OSINT
https://github.com/anshumanbh/git-all-secrets | anshumanbh/git-all-secrets: A tool to capture all the git secrets by leveraging multiple open source git searching tools
https://github.com/dsopas/assessment-mindset/tree/dev | dsopas/assessment-mindset at dev
https://github.com/cujanovic/Content-Bruteforcing-Wordlist | cujanovic/Content-Bruteforcing-Wordlist: Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
https://github.com/cujanovic/subdomain-bruteforce-list/blob/master/all.txt | subdomain-bruteforce-list/all.txt at master · cujanovic/subdomain-bruteforce-list
https://github.com/onlurking/awesome-infosec?fbclid=IwAR3qBqsRzutkoBx5OIzi1l3HyxWIMF0nIkqI_uUwf1_EQFap3c0wQm5gNOs | onlurking/awesome-infosec: A curated list of awesome infosec courses and training resources.
https://github.com/zardus/ctf-tools?fbclid=IwAR3GjJ7DMnozO3GiTl9VA9hDFCi7_gaDzlkyoG-p7OzzYx5QTBEfH3zEfH0 | zardus/ctf-tools: Some setup scripts for security research tools.
https://github.com/sectalks/sectalks | sectalks/sectalks: CTFs, solutions and presentations
https://github.com/michenriksen/gitrob | michenriksen/gitrob: Reconnaissance tool for GitHub organizations
https://github.com/anshumanbh/tko-subs | anshumanbh/tko-subs: A tool that can help detect and takeover subdomains with dead DNS records
https://github.com/codingo/ssrf-playground | codingo/ssrf-playground: A playground to practice SSRF Attacks against web apps
https://github.com/codingo/takeover | codingo/takeover: Sub-Domain TakeOver Vulnerability Scanner
https://github.com/random-robbie/My-Shodan-Scripts | random-robbie/My-Shodan-Scripts: Collection of Scripts for shodan searching stuff.
https://github.com/juliocesarfort/public-pentesting-reports/tree/master/Bugcrowd | public-pentesting-reports/Bugcrowd at master · juliocesarfort/public-pentesting-reports
https://github.com/BeDefended/RequestHighlighter | BeDefended/RequestHighlighter: Burp Suite extension that automatically highlights different HTTP requests
https://github.com/ChrisTruncer/PenTestScripts | ChrisTruncer/PenTestScripts: Scripts that are useful for me on pen tests
https://github.com/joe-shenouda/awesome-cyber-skills | joe-shenouda/awesome-cyber-skills: A curated list of hacking environments where you can train your cyber skills legally and safely
https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b | Cloud Metadata Dictionary useful for SSRF Testing
https://github.com/shieldfy/API-Security-Checklist | shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
https://github.com/DaniLabs/tools-tbhm | DaniLabs/tools-tbhm: Tools of "The Bug Hunters Methodology V2 by @jhaddix"
https://nitstorm.github.io/blog/burp-suite-intruder-attack-types/ | Understanding Burp Suite Intruder Attack Types - Nitin's Blog
https://github.com/sa7mon/S3Scanner | sa7mon/S3Scanner: Scan for open AWS S3 buckets and dump the contents
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet | tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
https://github.com/sgayou/medfusion-4000-research | sgayou/medfusion-4000-research: Medfusion 4000 security research & a MQX RCE.
https://github.com/jiayy/android_vuln_poc-exp | jiayy/android_vuln_poc-exp: This project contains pocs and exploits for android vulneribilities
https://twitter.com/HackwithGithub/status/927151008169390081 | Hack with GitHub on Twitter: "pentest-tools - Custom tools to help during #pentest Author: @gwendallecoguic https://t.co/loPD1RxHsn"
https://twitter.com/g0tmi1k/status/914824867698151426 | g0t mi1k on Twitter: "g0tmi1k starred frizb/OSCP-Survival-Guide on Github https://t.co/Oe0XaArzq6"
https://github.com/gwen001/pentest-tools | gwen001/pentest-tools: Custom pentesting tools
https://github.com/b-mueller/android_app_security_checklist/blob/master/README.md | android_app_security_checklist/README.md at master · b-mueller/android_app_security_checklist
https://github.com/LucaBongiorni?tab=repositories | LucaBongiorni / Repositories
https://github.com/LucaBongiorni/List-of-web-application-security | LucaBongiorni/List-of-web-application-security: List of web application security
https://github.com/LucaBongiorni/awae | LucaBongiorni/awae: wifi enterprise workshop
https://github.com/LucaBongiorni/awae/tree/master/lab1 | awae/lab1 at master · LucaBongiorni/awae
https://github.com/0xSobky/HackVault/wiki/AutoRecon-for-Automated-Reconnaissance | AutoRecon for Automated Reconnaissance · 0xSobky/HackVault Wiki
https://github.com/0xSobky/HackVault/wiki | Home · 0xSobky/HackVault Wiki
https://github.com/0xSobky | 0xSobky (Ahmed Elsobky)
https://0xsobky.github.io/ | Hacklog – by Ahmed Elsobky | Web Security Researcher
https://0xsobky.github.io/hijacking-facebook-tokens/ | Hijacking Facebook Apps' Access Tokens on the Fly! – Hacklog – by Ahmed Elsobky | Web Security Researcher
https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki | pentest-bookmarks/BookmarksList.wiki at master · jhaddix/pentest-bookmarks
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#xss---cross-site-scripting | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://github.com/cure53/H5SC | cure53/H5SC: HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
https://github.com/WebBreacher/offensiveinterview | WebBreacher/offensiveinterview: Interview questions to screen offensive (red team/pentest) candidates
https://github.com/ngalongc/bug-bounty-reference#cross-site-scripting-xss | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/Matir/pwnableweb | Matir/pwnableweb: PwnableWeb is a suite of web applications for use in information security training.
https://github.com/nVisium/xssValidator | nVisium/xssValidator: This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools | toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/nahamsec/lazys3 | nahamsec/lazys3
https://github.com/mohdhaji87/COEIA_WebHacking_Attacks-Defense/blob/master/COEIA_biweekly_presentation.pptx | COEIA_WebHacking_Attacks-Defense/COEIA_biweekly_presentation.pptx at master · mohdhaji87/COEIA_WebHacking_Attacks-Defense
https://github.com/mohdhaji87 | mohdhaji87 (Mohd Haji)
https://github.com/securing/BucketScanner | securing/BucketScanner: A tool for testing objects' permissions in AWS buckets
https://github.com/securing/DumpsterDiver | securing/DumpsterDiver: Tool to search secrets in various filetypes.
https://github.com/appsecco/the-art-of-subdomain-enumeration | appsecco/the-art-of-subdomain-enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration"
https://github.com/sensepost/gowitness | sensepost/gowitness: 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
https://github.com/yamakira?fbclid=IwAR37t9RL2CsLT94ypRdNPEp-3h8h3XhUvRyoE2veMNLwx7kb1wlQCcfjp5E | yamakira (Bharath)
https://github.com/HanseSecure/ExploitDev | HanseSecure/ExploitDev
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
https://github.com/Tristan-aemjk4h/Awesome-Hacking-Resources | Tristan-aemjk4h/Awesome-Hacking-Resources
https://github.com/enaqx/awesome-pentest#web-exploitation | enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things
https://github.com/rojan-rijal/pyrate | rojan-rijal/Pyrate: Practice Web App written in python with some vulnerabilities.
https://github.com/rojan-rijal/Subdomains/blob/master/README.md | Subdomains/README.md at master · rojan-rijal/Subdomains
https://github.com/rojan-rijal/LeakFinder | rojan-rijal/LeakFinder: https://sites.google.com/securifyinc.com/rojanrijal/leaked-sensitive-data

https://www.youtube.com/watch?v=3oJabjNIpQw | (285) FORTNITE BR - OUR FIRST PLAYGROUND MINI GAME!!!! (Death Run) - YouTube
https://www.facebook.com/ | (1) Facebook
https://www.facebook.com/pg/phwd-113702895386410/posts/?ref=page_internal | (1) @phwd - Posts
https://www.facebook.com/groups/bugbountygroup/ | (1) Facebook Bug Bounty Community
https://twitter.com/0ctac0der/likes | Tweets liked by Abhinav | 0ctac0der (@0ctac0der) | Twitter
https://www.imdb.com/title/tt0411008/ | Lost (TV Series 2004–2010) - IMDb
https://twitter.com/hvboppana/lists/security-three | @hvboppana/Security - Three on Twitter
https://www.netflix.com/search?q=Lost | Netflix

https://docs.google.com/document/d/1euMMHy0eO_UFPhv0Th_r9CrGyWqx9Az-pn3UyhO8yog/edit | More Links - Google Docs
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how.html | Vulnerability in Hangouts Chat: from open redirect to code execution | MB blog
https://blog.doyensec.com/2017/08/03/electron-framework-security.html | Modern Alchemy: Turning XSS into RCE · Doyensec's Blog
https://www.contrastsecurity.com/security-influencers/cve-2018-15685 | CVE-2018-15685 - Electron WebPreferences Remote Code Execution Finding
https://twitter.com/disclosedh1/status/985280378888966144 | publiclyDisclosed on Twitter: "Automattic disclosed a bug submitted by @mattaustin: https://t.co/RXp9xAgwNH - Bounty: $250 #hackerone #bugbounty… "
https://hackerone.com/reports/301458 | #301458 Remote Code Execution in Wordpress Desktop
https://henhouse.cure53.berlin/ | Cure53 Chinese New Year XSS Challenge 2018
https://speakerdeck.com/lmt_swallow/tangled-world-of-web-technology-are-we-safe?slide=7 | Tangled World of Web Technology ― Are we safe? - Speaker Deck
https://xss.shift-js.info/ | XSS Challenge (by y0n3uchy)

https://www.fireeye.com/services/training/courses.html | Incident Response and Malware Analysis Training | FireEye
https://web.whatsapp.com/ | (10) WhatsApp
file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
http://www.allitebooks.com/?s=Software+Engineering | Software Engineering ebooks - All IT eBooks
file:///home/mr-robot/Downloads/Introduction%20to%20the%20Design%20and%20Analysis%20of%20Algorithms%20-%20FTP%20Directory%20.pdf | Introduction to the Design and Analysis of Algorithms (2-downloads)

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://0xpatrik.com/subdomain-takeover-basics/ | Subdomain Takeover: Basics
https://0xpatrik.com/subdomain-takeover/ | Subdomain Takeover: Thoughts on Risks
https://github.com/ngalongc/bug-bounty-reference#cross-site-scripting-xss | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://docs.google.com/document/d/1SrSnxRwGTMFP19gz41a8b0ns820Z9pAwEl3hkxJ4UVg/edit | Recon/Subdomain - Google Docs
https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html | Subdomains Enumeration Cheat Sheet · Pentester Land
https://pentester.land/conference-notes/2018/04/25/levelup-2017-Esoteric-subdomain-enumeration-techniques.html | Conference notes: Esoteric subdomain enumeration techniques (LevelUp 2017) · Pentester Land
https://www.youtube.com/watch?v=e_Gq99CKAys&t=95s | (257) Esoteric sub-domain enumeration techniques - Bharath, from Bugcrowd's LevelUp 2017 - YouTube
http://blog.x1622.com/2016/11/subdomain-discovery-with-nmap-and.html | hacking and penetration testing: subdomain discovery with nmap and custom subdomain files

chrome://downloads/ | Downloads
https://0xevilc0de.com/about-these-videos/ | About These Videos - 0xEvilC0de.com
http://christian.kitchen/tutorials/programming/page/2/ | Programming » Download Free Movies Games MP3 Albums and Softwares!
https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05 | Gathering Open Source Intelligence – Posts By SpecterOps Team Members
https://gist.github.com/arbazkiraak/574cf1ae0a378115907f82ed07f1a374 | wordlist generated Based on : https://medium.com/@adrien_jeanneau/how-i-was-able-to-list-some-internal-information-from-paypal-bugbounty-ca8d217a397c
https://learningdl.net/tag/sans/page/2/ | Sans Archives - Page 2 of 10 - LEARNING FOR LIFE
https://github.com/aurainfosec/xss_payloads/blob/master/fetch.md | xss_payloads/fetch.md at master · aurainfosec/xss_payloads
https://www.youtube.com/watch?v=l3yThCIF7e4&t=0s&index=19&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | Self XSS we’re not so different you and I - Mathias Karlsson - Security Fest 2017 - YouTube
https://twitter.com/avlidienbrunn | ­Mathias Karlsson (@avlidienbrunn) | Twitter
https://www.youtube.com/channel/UC3pn_ccQdc22_L63d6MN1QA/videos | (249) OWASP Stockholm - YouTube

https://www.youtube.com/watch?v=XfB0g_JDIds | (246) Silicon Valley Season 2 - Jared Dunn explains what is SWOT Analysis to the team - YouTube
https://www.youtube.com/watch?v=bpXHZh9RfYk | (246) Reacting to Shameless by Prajakta Koli | Types of Reactions | MostlySane - YouTube
https://medium.com/@ehsahil/getting-started-in-bug-bounty-7052da28445a | Getting started in Bug Bounty – Sahil Ahamad – Medium
https://medium.com/ehsahil/recon-my-way-82b7e5f62e21 | Recon— my way. – ehsahil – Medium
https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ | Restricting AppCache to Secure Contexts | Mozilla Security Blog
https://twitter.com/kinugawamasato | Masato Kinugawa (@kinugawamasato) | Twitter
https://hackerone.com/reports/187542 | #187542 Brave Browser unexpectedly allows to send arbitrary IPC messages
https://vulnerabledoma.in/cny2018/omake.php | CNY OMAKE XSS Challenge
https://avlidienbrunn.se/xsschallenge3/index.php | https://avlidienbrunn.se/xsschallenge3/index.php
https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/ | SQLi in INSERT worse than SELECT
https://github.com/cure53/XSSChallengeWiki/wiki/XSSMas-Challenge-2016 | XSSMas Challenge 2016 · cure53/XSSChallengeWiki Wiki
https://labs.detectify.com/2017/01/12/csp-flaws-cookie-fixation/ | CSP flaws: cookie fixation
https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/ | postMessage XSS on a million sites
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/ | The pitfalls of postMessage
https://twitter.com/0xACB/status/999397917331992577 | André Baptista on Twitter: "Here it is: https://t.co/0oGo16N7UZ 🔥🔥🔥🔥🔥🔥 Thanks to @0xfad0 for the help! And thanks for the bounty, @Shopify and @Hacker0x01!!"
https://hackerone.com/reports/341876 | #341876 SSRF in Exchange leads to ROOT access in all instances
https://twitter.com/ITSecurityguard | Patrik Fehrenbach🤖 (@ITSecurityguard) | Twitter
https://twitter.com/Rhynorater/status/1034430585081671680 | Justin Gardner on Twitter: "Actually, just do yourself a favor, bug hunters, and go download/install every tool in @TomNomNom's Github. This shiz is super useful..."
https://twitter.com/Nettitude_Labs/status/1032593408437760000 | Nettitude Labs on Twitter: "Introducing Scrounger: An open source, modular and extensible iOS & Android mobile application penetration testing framework, by Ruben De Campos 📱 https://t.co/aC7mRXMhJY"
https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/ | Remote Code Execution on a Facebook server – Sec Team Blog
https://twitter.com/ITSecurityguard/status/1021310140400717825 | Patrik Fehrenbach🤖 on Twitter: "GraphQL really represents the Crown Jewels of every company. If you want to find $$$ bounties, have a look at the @Hacker0x01 GraphQL :-) You can get the entire schema using Introspection (https://t.co/fym2D1RPNT) (thanks @mongobug <3) https://t.co/4IRe4IIFdL 80 MB PNG file… https://t.co/fXVIfILqdl"
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ | Into the Borg – SSRF inside Google production network | OpnSec
https://twitter.com/stokfredrik/status/1012638867231526912 | STÖK on Twitter: "#hackeroftheday is @Jhaddix, with thousands of hours invested and over a decade in webhacking Jason’s knowledge regarding both past and new technology is vast, and with a methodology and multiple wordlists with his name on it, he’s a true pilar of the BB community! 👊🏻❤️… https://t.co/lo43nwfNf0"
https://github.com/smiegles/certs | smiegles/certs: Parse X509 certificates to get the (sub)domains in it.
http://website.tld.zip/tar/rar/whateverarchive
https://twitter.com/ITSecurityguard/status/1011003962047295490 | Patrik Fehrenbach🤖 on Twitter: "Sunday’s recon: search for https://t.co/22kQSI9UZJ to find those juicy website backups :)… "
https://blog.it-securityguard.com/visual-recon-a-beginners-guide/ | [Tools] Visual Recon – A beginners guide | Patrik Fehrenbach
https://blog.it-securityguard.com/ | Patrik Fehrenbach | ¯\_(ツ)_/¯
https://blog.it-securityguard.com/a-tale-of-7-vulnerabilities-paypal-bug-bounty/ | [Bug Bounty] A Tale of 7 Vulnerabilities | Patrik Fehrenbach
https://github.com/tomnomnom | tomnomnom (Tom Hudson)
https://twitter.com/TomNomNom | TomNomNom (@TomNomNom) | Twitter
https://twitter.com/EdOverflow | Twitter
https://twitter.com/x1m_martijn | x1m (@x1m_martijn) | Twitter
https://twitter.com/NathOnSecurity | (2) Nathan (@NathOnSecurity) | Twitter
https://twitter.com/Th3G3nt3lman | Twitter
https://twitter.com/uraniumhacker | Twitter
https://twitter.com/santi_lopezz99 | Santiago Lopez (@santi_lopezz99) | Twitter
https://twitter.com/iamnoooob | Rahul Maini (@iamnoooob) | Twitter
https://twitter.com/bbuerhaus | Twitter
https://twitter.com/rootxharsh | Harsh Jaiswal (@rootxharsh) | Twitter
https://twitter.com/Paresh_parmar1 | Paresh (@Paresh_parmar1) | Twitter
https://twitter.com/Abdulahhusam | Twitter
https://twitter.com/ngalongc | Ron Chan (@ngalongc) | Twitter
https://twitter.com/Parth_Malhotra | Parth Malhotra (@Parth_Malhotra) | Twitter
https://twitter.com/prateek_0490 | Twitter
https://twitter.com/jigarthakkar39 | Jigar Thakkar (@jigarthakkar39) | Twitter
https://twitter.com/niksthehacker | nikhil (@niksthehacker) | Twitter
https://twitter.com/ehrishiraj | Twitter
https://twitter.com/princechaddha | Twitter
https://twitter.com/nnwakelam | naffy (@nnwakelam) | Twitter
https://twitter.com/infosec_au | shubs (@infosec_au) | Twitter
https://twitter.com/bhavukjain1 | Bhavuk Jain (@bhavukjain1) | Twitter
https://twitter.com/garagosy | Twitter
https://twitter.com/akhilreni_hs | Akhil Reni (@akhilreni_hs) | Twitter
https://twitter.com/ArbazKiraak | Arbaz Hussain (@ArbazKiraak) | Twitter

https://www.youtube.com/ | (245) YouTube
https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/ | SQL Injection Authentication Bypass Cheat Sheet | Penetration Testing Lab
https://www.youtube.com/watch?v=2ngGLMgjRVU&index=16&list=PLZOToVAK85Mr4CzRimmw4KD84yUjkEAEw | (245) ISSA Web Pen-testing Workshop - Part 2 - SQL Injection - YouTube
https://mahmoudsec.blogspot.com/2018/07/sql-injection-and-silly-waf.html | Mahmoud Gamal - Security Blogs: SQL Injection and A silly WAF
https://mahmoudsec.blogspot.com/2017/02/sql-injection-in-update-query-bug.html | Mahmoud Gamal - Security Blogs: SQL injection in an UPDATE query - a bug bounty story!
https://mahmoudsec.blogspot.com/2017/10/lets-steal-some-tokens.html | Mahmoud Gamal - Security Blogs: Let’s steal some tokens!
https://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html | Mahmoud Gamal - Security Blogs: XSS vulnerability in Google image search

https://appsecwiki.com/#/serversidesecurity?id=sql-injection | Server Side Security - Application Security Wiki
https://samsclass.info/129S/129S_S18.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
http://www.securityidiots.com/Web-Pentest/LFI/guide-to-lfi.html | Hand Guide To Local File Inclusion(LFI)
http://ccsf.granicus.com/MediaPlayer.php?view_id=5&clip_id=1085 | CNIT 129S - Securing Web Applications - Mar 14th, 2018
https://www.youtube.com/watch?v=HjnkoE3aiqk&t=3s | Your Morning Fix: Will Marathas be given reservation in jobs, education? - YouTube
https://www.facebook.com/phwdbot/videos/2104182979632696 | Facebook
https://hackerone.com/reports/232174 | #232174 XSS on $shop$.myshopify.com/admin/ and partners.shopify.com via whitelist bypass in SVG icon for sales channel applications
https://ngailong.wordpress.com/ | Ron Chan – My Bug Bounty Write Ups
https://www.arneswinnen.net/2016/02/the-tales-of-a-bug-bounty-hunter-10-interesting-vulnerabilities-in-instagram/ | The Tales of a Bug Bounty Hunter: 10 Interesting Vulnerabilities in Instagram – Arne Swinnen's Security Blog
https://www.arneswinnen.net/wp-content/uploads/2016/02/10-Interesting-Vulnerabilities-in-Instagram-Arne-Swinnen.pdf | Even Giants Make Mistakes: 10 Interesting vulnerabilities in Instagram
http://schd.ws/hosted_files/appseceurope2016/f7/OWASP%20AppSec%20EU%202016%20-%20The%20Tales%20of%20a%20Bug%20Bounty%20Hunter%20-%20Arne%20Swinnen.pdf | OWASP AppSec Europe 2016 template
https://www.hackerone.com/blog/how-to-command-injections | Command Injection Vulnerabilities | HackerOne
https://github.com/ewilded/shelling | ewilded/shelling: SHELLING - a comprehensive OS command injection payload generator
https://hackerone.com/arneswinnen?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Aarneswinnen&page=1 | arneswinnen's HackerOne Profile
https://www.arneswinnen.net/ | Arne Swinnen's Security Blog – Just Another Infosec Blog
https://hackerone.com/moskowsky?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Amoskowsky&page=1 | HackerOne
https://twitter.com/@mskwsky | Artem (@mskwsky) | Twitter
https://habr.com/users/moskowsky/ | Профиль moskowsky / Хабрахабр
https://medium.freecodecamp.org/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1 | How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties

https://appsecwiki.com/#/serversidesecurity?id=oauth-security | Server Side Security - Application Security Wiki
https://sakurity.com/oauth | Sakurity
https://www.owasp.org/images/6/61/20151215-Top_X_OAuth_2_Hacks-asanso.pdf | 20151215-Top_X_OAuth_2_Hacks-asanso.pdf
http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html | Top 10 OAuth 2 Implementation Vulnerabilities
https://www.youtube.com/watch?v=l3yThCIF7e4&t=0s&index=19&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | (231) Self XSS we’re not so different you and I - Mathias Karlsson - Security Fest 2017 - YouTube
https://www.youtube.com/watch?v=X0mV9HXbKHY&index=4&list=PLE8DZa6PJapwu3PPr9kj2iWC-tDVBY_Sd | (231) LevelUp 0x02 - Hacking OAuth 2.0 For Fun And Profit - YouTube
https://drive.google.com/file/d/1Qw3hhValdRAWNGJtLbbFYfKtaevkw4fQ/view | Hacking_OAuth2_0_for_fun_and_profit-Pranav_Hivarekar.pdf - Google Drive

https://learnflakes.net/?p=torrents&pid=10 | Torrent List | LearnFlakes.Net -Learning Community
https://learnflakes.net/?p=torrents&pid=10&action=details&tid=20425 | SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Includes Everything (2016) | LearnFlakes.Net -Learning Community
https://learnflakes.net/?p=torrents&pid=10&action=details&tid=16363 | SANS 504 USB 2016.7z | LearnFlakes.Net -Learning Community

https://web.archive.org/web/20170724015441/http://teamultimate.in:80/getting-started-with-metasploit/ | Getting Started With Metasploit - Ultimate Hackers
https://www.hackersclub.io/single-post/2016/03/08/Metasploit-Tutorial-From-Basic-To-Advance | Metasploit Tutorial From Basic To Advance | hackerclub
http://www.hackingarticles.in/penetration-testing/ | Penetration Testing, Metasploit Tutorial, Metasploit Hacking,Pentest Tutorials
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki
https://www.fwhibbit.es/guia-metasploitable-2-parte-2 | Guia Metasploitable 2: Parte 2 – Follow The White Rabbit

https://web.archive.org/web/20180214155256/http://www.iran-sec.net | Iran Security Group Iran Security Group
https://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/ | [BBP系列二] Uber XSS via Cookie | zhchbin
https://www.facebook.com/notes/mrityunjoy-emu/yahoo-mail-box-stored-xss-write-upbounty-rewarded-10000-usd/677948372401448/ | (1) YAHOO MAIL BOX STORED XSS (write up)Bounty Rewarded $10,000 USD
https://medium.com/@SyntaxError4/reflective-xss-and-open-redirect-on-indeed-com-subdomain-b4ab40e40c83 | Reflective XSS and Open Redirect on Indeed.com subdomain
https://docs.google.com/presentation/d/1v3Me8IWDuvSb1k96UB5RNyXE-hLHk0i6cf5MDJMaxuY/pub?slide=id.p | XSS FTW - Google Slides
https://prakharprasad.com/crlf-injection-http-response-splitting-explained/ | CRLF Injection / HTTP Response Splitting Explained
https://portswigger.net/blog/abusing-javascript-frameworks-to-bypass-xss-mitigations | Abusing JavaScript frameworks to bypass XSS mitigations | Blog
https://hackerone.com/reports/265528 | #265528 Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)
https://hackerone.com/reports/263226 | #263226 HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute
https://github.com/karelorigin/XSS-Problems/ | karelorigin/XSS-Problems
https://www.noob.ninja/2017/09/story-of-parameter-specific-xss.html | Story of a Parameter Specific XSS!
https://beta.hackndo.com/la-faille-xss/ | The XSS attack - hackndo
https://snyk.io/blog/xss-attacks-the-next-wave | XSS Attacks: The Next Wave | Snyk
https://medium.com/bugbountywriteup/how-i-bypassed-practos-firewall-and-triggered-a-xss-b30164a8f1dc | How i bypassed Practo’s firewall and triggered a XSS.
https://web.archive.org/web/20180221190804/https://teamultimate.in/bypass-waf-xss-easily/ | Bypass any WAF for XSS easily – Ultimate Hackers
https://web.archive.org/web/20170826064802/http://teamultimate.in/solution-of-googles-xss-challenge/ | Solution of Google's XSS Challenge [Explained] - Ultimate Hackers
https://web.archive.org/web/20170724015545/http://teamultimate.in:80/csrf-explained-tutorial-2/ | Cross Site Request Forgery (CSRF) Explained - 2 - Ultimate Hackers
https://web.archive.org/web/20170721111747/http://teamultimate.in:80/csrf-explained-tutorial-beginners/ | Cross Site Request Forgery (CSRF) Explained For Beginners
https://web.archive.org/web/20170720190655/http://teamultimate.in:80/xssight-xss-scanner-payload-injector-d3v/ | XSSight : XSS Scanner And Payload Injector By Team Ultimate
https://web.archive.org/web/20170716104543/http://teamultimate.in:80/nmap-port-scanning-techniques-explained/ | Nmap Port Scanning Techniques Explained - Ultimate Hackers
https://web.archive.org/web/20170723063604/http://teamultimate.in:80/botnet | What is Botnet? How does it works? - Ultimate Hackers
https://web.archive.org/web/20170720083516/http://teamultimate.in:80/reflected-xss-on-json-ajax-xml-based-web-apps/ | Reflected XSS on JSON, AJAX, XML based web apps - Ultimate Hackers
https://web.archive.org/web/20170718180926/http://teamultimate.in:80/how-hackers-hack-their-target/ | How Hackers Actually Hack Their Target? - Ultimate Hackers
https://web.archive.org/web/20170722132829/http://teamultimate.in:80/how-tor-works-complete-guide/ | What is Tor and how it works? The Anonymity Network Explained - Ultimate Hackers
https://web.archive.org/web/20170728042623/http://teamultimate.in:80/category/hacking-tutorials/sql-injection | SQL Injection Category - Ultimate Hackers
https://web.archive.org/web/20170805063136/http://teamultimate.in:80/breaching-databases-sqlmap | Breaching Databases In Minutes With SQLMap - Ultimate Hackers
https://web.archive.org/web/20170723011948/http://teamultimate.in:80/error-based-sql-injection/ | Breaching Databases With Error Based SQL Injection - Ultimate Hackers
https://web.archive.org/web/20170724200429/http://teamultimate.in:80/sql-injection-explained/ | SQL Injection Explained From Scratch - Ultimate Hackers
https://web.archive.org/web/20170724015441/http://teamultimate.in:80/getting-started-with-metasploit/ | Getting Started With Metasploit - Ultimate Hackers
https://web.archive.org/web/20170810032801/http://teamultimate.in:80/category/hacking-tutorials/xss | XSS Category - Ultimate Hackers
https://web.archive.org/web/20170802110344/http://teamultimate.in:80/finding-admin-panel-website | How to find Admin Panel of a website? - Ultimate Hackers
https://web.archive.org/web/20170728104340/http://teamultimate.in:80/category/hacking-tutorials/information-gathering/ | Information Gathering Category - Ultimate Hackers
https://web.archive.org/web/20170723061454/http://teamultimate.in:80/category/hacking-tutorials/ | Hacking Tutorials Category - Ultimate Hackers
https://web.archive.org/web/20170728045932/http://teamultimate.in:80/login-bypass-with-sql-injection | Login Bypass With SQL Injection - Ultimate Hackers
https://web.archive.org/web/20170822125456/http://teamultimate.in:80/category/hacking-tutorials/xss/ | XSS Category - Ultimate Hackers
https://medium.com/bugbountywriteup/900-xss-in-yahoo-recon-wins-65ee6d4bfcbd | 900$ XSS in yahoo ( Recon Wins ) – InfoSec Write-ups – Medium
https://medium.com/@th3g3nt3l | Th3G3nt3lman – Medium
https://blog.blackfan.ru/2017/09/devtwittercom-xss.html | '>">123\: [dev.twitter.com] XSS
https://blog.blackfan.ru/ | '>">123\

https://blogs.sap.com/2015/12/18/xss-cross-site-scripting-methodology-and-solutions/ | XSS (Cross-Site Scripting) – Methodology and Solutions | SAP Blogs
https://blogs.sap.com/2015/12/17/xss-cross-site-scripting-overview-with-contexts/ | XSS (Cross-Site Scripting) – Overview and Contexts | SAP Blogs
https://respectxss.blogspot.com/ | Respect XSS
https://www.youtube.com/watch?v=LCkyW7RE6Wk&index=12&list=PLzptvsiJ9waSQ8l2rQ_nmD_L68WAo6KQu | (127) Logan | Way Down We Go | Music Video - YouTube
https://www.youtube.com/watch?v=bHTxJIC_jGI | (127) Maximizing Burp - YouTube
https://securityweekly.com/2016/01/13/security-weekly-446-adrien-debeaupre/ | Security Weekly #446: Adrien DeBeaupre - Security Weekly
https://www.youtube.com/watch?v=rWGvesGWwqY | (127) Diwali with Bhakt | Pee News Interview by Dhruv Rathee ft. Akash Banerjee on crackers - YouTube

https://coursehunters.net/source/egghead | Видеокурсы от egghead.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/codecourse | Видеокурсы от Codecourse - Смотреть онлайн - страница 1
https://coursehunters.net/source/scotch-io | Видеокурсы от scotch.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/frontendmasters | Видеокурсы от Frontend Masters - Смотреть онлайн - страница 1
https://coursehunters.net/frontend | Видеоуроки Front-end - страница 1
https://www.facebook.com/ | Facebook

https://www.youtube.com/watch?v=vKudm1kDu8k | (120) SANS Webcast: Web Hacking with Burp Suite - YouTube
chrome://downloads/ | Downloads
https://support.portswigger.net/customer/portal/articles/1969845-using-burp-to-test-for-the-owasp-top-ten | Using Burp to Test for the OWASP Top Ten | Burp Suite Support Center
https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles | Burp Testing Methodologies | Burp Suite Support Center
https://learnflakes.net/?p=messages&pid=20&message_id=294817 | Messages | LearnFlakes.Net -Learning Community
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214 | A Fuzzing Approach to Credentials Discovery using Burp Intruder
https://www.youtube.com/results?search_query=cobalt | (120) cobalt - YouTube
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html | Open Redirect Cheat Sheet · Pentester Land
https://medium.com/@kankrale.rahul/dos-on-facebook-android-app-using-65530-characters-of-zero-width-no-break-space-db41ca8ded89 | DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE.
https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html | Source code disclosure via exposed .git folder · Pentester Land
https://www.peerlyst.com/posts/information-gathering-first-step-of-hacking-sachin-wagh?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | Information Gathering – First Step of Hacking by Sachin Wagh - ethical hacking, operations, stealth
https://medium.com/mrlulzsec/cross-origin-authentication-detection-ccc2186e5338 | Cross-origin Authentication Detection – MrLulzsec – Medium
https://medium.com/@alicanact60/my-first-0day-exploit-csp-bypass-reflected-xss-bugbounty-c7efa4bed3d7 | My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY
https://medium.com/@egeken/facebook-hidden-redirection-vulnerability-aeaaac0b9d73 | Facebook hidden redirection vulnerability – Ege Ken – Medium
https://mango.pdf.zone/stealing-chrome-cookies-without-a-password | Stealing Chrome cookies without a password
https://medium.com/@mrnikhilsri/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a | SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software
https://medium.com/@raushanraj_65039/google-sites-and-exploiting-same-origin-policy-d400bf569964 | Google sites and exploiting same origin policy. – Raushan Raj – Medium
https://medium.com/@brs.sgdc/google-stored-xss-in-payments-350cd7ba0d1b | Google Stored XSS in Payments – Barış Sağdıç – Medium
https://medium.com/@plenumlab/idor-in-jwt-and-the-shortest-token-you-will-ever-see-uid-1234567890-4e02377ea03a | IDOR IN JWT AND THE SHORTEST TOKEN YOU WILL EVER SEE {}.{“uid”: “1234567890”}
https://www.youtube.com/feed/subscriptions | (120) Subscriptions - YouTube
https://www.youtube.com/watch?v=3cLik5XS-Xo | Most ES6 Features Demonstrated In Less than 20 Minutes - YouTube
https://twitter.com/0ctac0der | Abhinav | 0ctac0der (@0ctac0der) | Twitter
https://github.com/SEC642/dojo-basic | SEC642/dojo-basic

https://pentesterlab.com/ | [PentesterLab] Learn Web Penetration Testing: The Right Way
https://www.hacksplaining.com/ | Learn to Hack
https://resources.infosecinstitute.com/dns-hacking/ | DNS Hacking (Beginner to Advanced)
https://github.com/Matir/pwnableweb | Matir/pwnableweb: PwnableWeb is a suite of web applications for use in information security training.
https://bitvijays.github.io/LFC-VulnerableMachines.html#port-scanning | CTF Series : Vulnerable Machines — tech.bitvijays.com
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/ | Pentest Tips and Tricks – EK
https://www.youtube.com/watch?v=foToVAIBCTQ | How i Hacked Yahoo, Twitter & Google! - YouTube
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/ | COMP 116: Introduction to Computer Security
https://github.com/rojan-rijal/pyrate | rojan-rijal/Pyrate: Practice Web App written in python with some vulnerabilities.
http://www.hackingarticles.in/web-penetration-testing/ | Web Penetration Testing - Hacking Articles
https://www.pentesteracademy.com/ | Pentester Academy: Learn Pentesting Online
https://www.youtube.com/watch?v=OcrmPMSjdSw&index=32&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | 32- SOP, CORS, CSP and Exploiting Misconfigured CORS - YouTube

https://www.youtube.com/watch?v=-y-OcymRcZs&t=1538s | (105) Bug Bounty Session - IDOR - YouTube
https://docs.google.com/presentation/d/e/2PACX-1vT6giXqLAWdBTP0_8WlQdq7QkC0_FduNWGWcwn8Krbhmcw898S7Y3JthE8_5ds9aIoTP9-rR1l3N-xL/pub?start=true&loop=true&delayms=15000&slide=id.g44f05bce04_0_0 | IDOR Session - Google Slides
https://appsecwiki.com/#/serversidesecurity?id=insecure-direct-object-referenceidor | Server Side Security - Application Security Wiki
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004) | Testing for Insecure Direct Object References (OTG-AUTHZ-004) - OWASP
https://www.bugcrowd.com/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/ | How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards | Bugcrowd
https://medium.com/@arbazhussain/idor-while-connecting-social-account-in-hackster-io-2296b316b7a7 | IDOR While Connecting Social Account in Hackster.io
https://blog.securitybreached.org/2018/09/16/idor-account-takeover-using-facebook/ | IDOR User Account Takeover By Connecting My Facebook Account with victims Account - Security Breached Blog
https://pentest.blog/how-to-test-horizontal-vertical-authorization-issues-in-web-application/ | How to Test Horizontal & Vertical Authorization Issues in Web Application ? – Pentest Blog
https://twitter.com/jon_bottarini/status/1049785550855520257 | Jon Bottarini on Twitter: "My latest #bugbounty writeup: A $2,500 IDOR in New Relic that allowed me to run NRQL queries and retrieve data from any New Relic account. You can read it here: https://t.co/GD6xqODEX0 Let me know what you think! #TogetherWeHitHarder #HackerOne… https://t.co/tj9QpqZp8A"
https://www.jonbottarini.com/2018/01/02/abusing-internal-api-to-achieve-idor-in-new-relic/ | Abusing internal API to achieve IDOR in New Relic | Security and Bug Hunting
https://twitter.com/jon_bottarini/status/952101275252019200 | Jon Bottarini on Twitter: "Here's my latest blog about a nice IDOR I found in @newrelic - through abusing one of their internal API's, I hope you find it interesting! https://t.co/NVXY7h4Aul #BugBounty #hackerone #writeup… https://t.co/Y2sTqqmMUy"
https://medium.com/@armaanpathan/idor-was-leading-to-privilege-escalation-and-violating-the-facebook-policy-355c67c654e6 | IDOR was leading to Privilege Escalation and violating the Facebook policy
https://www.bugbountynotes.com/training/tutorial?id=2 | BugBountyNotes.com | Collaborate and work with other security researchers on bug bounties
https://zseano.com/tutorials/2.html | zseano | UK Security Researcher
https://twitter.com/prateek_0490/status/987045280565678083 | Prateek Tiwari on Twitter: "#BugBounty Tip: If you’ve found an IDOR where you’re able to change data of others then don’t jump out of your seat to report it > modify it to XSS payload & if inputs are not sanitized & variables are echo’d without getting escaped then IDOR>XSS>ATO #TogetherWeHitHarder #InfoSec"
https://support.portswigger.net/customer/portal/articles/1965691-using-burp-to-test-for-insecure-direct-object-references | Using Burp to Test for Insecure Direct Object References | Burp Suite Support Center

https://twitter.com/albinowax | James Kettle (@albinowax) | Twitter
http://www.securitygalore.com/site3/advanced_web_application_attacks | Advanced web application attacks | Amit Klein's security corner
https://github.com/m4ll0k/Awesome-Hacking-Tools | m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
https://github.com/qazbnm456/awesome-web-security | qazbnm456/awesome-web-security: 🐶 A curated list of Web Security materials and resources.
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/Tristan-aemjk4h/Awesome-Hacking-Resources | Tristan-aemjk4h/Awesome-Hacking-Resources
https://github.com/enaqx/awesome-pentest#web-exploitation | enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things

https://twitter.com/s0md3v | Somdev Sangwan (@s0md3v) | Twitter
https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email | The most complete guide to finding anyone’s email
https://somdev.me/sop-and-cors/ | CORS, SOP & crossdomain.xml For Dummies – Somdev Sangwan
https://somdev.me/ | Learn | Think | Hack – Somdev Sangwan
https://somdev.me/sql-basics-for-sqli/ | Learn SQL for SQL Injection in 10 minutes – Somdev Sangwan
https://lab.wallarm.com/cache-poisoning-and-other-dirty-tricks-120468f1053f | Cache poisoning and other dirty tricks – Wallarm
https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec | 5 Easy Steps to Understanding JSON Web Tokens (JWT)
https://medium.com/bugbountywriteup/the-design-and-implementation-of-ssrf-attack-framework-550e9fda16ea | All you need to know about SSRF and how may we write tools to do auto-detect
https://github.com/s0md3v/AwesomeXSS | s0md3v/AwesomeXSS: Awesome XSS stuff
https://somdev.me/sop-and-cors/ | CORS, SOP & crossdomain.xml For Dummies – Somdev Sangwan
https://medium.freecodecamp.org/a-quick-introduction-to-web-security-f90beaf4dd41 | A quick introduction to web security – freeCodeCamp.org
https://skeletonscribe.net/ | James Kettle Research Overview

https://coursehunters.net/source/ihatetomatoes | Видеокурсы от ihatetomatoes - Смотреть онлайн - страница 1

https://www.youtube.com/watch?v=NwS87LTCmLc | (75) Why GraphQL Is Awesome - YouTube
https://github.com/alekseylovchikov/ch-download | alekseylovchikov/ch-download: download video from coursehunters.net
https://coursehunters.net/course/usvoyte-react-dlya-sozdaniya-realnyh-prilozheniy | Усвойте React для создания реальных приложений - Видеоуроки
https://coursehunters.net/course/polnyy-kurs-veb-razrabotchika-react-s-redux-2nd-edition | Полный курс веб-разработчика React (с Redux)(2nd edition) - Видеоуроки
https://coursehunters.net/course/sovremennyy-javascript-bootcamp-2018 | Современный JavaScript Bootcamp (2018) - Видеоуроки
https://coursehunters.net/source/leveluptutorials | Видеокурсы от LevelUpTutorials - Смотреть онлайн - страница 1
https://coursehunters.net/course/prodvinutyy-react-js-polnyy-kurs | Продвинутый React.js - Полный курс (Ryan Florence) - Видеоуроки
https://coursehunters.net/course/nachalo-raboty-s-javascript-dlya-veb-razrabotki | Начало работы с JavaScript для веб-разработки - Видеоуроки
https://coursehunters.net/course/sozdaem-mean-prilozhenie-codepost-full-stack | Создаем MEAN приложение "CodePost" - Full Stack - Видеоуроки
https://coursehunters.net/source/tyler-mcginnis | Видеокурсы от Tyler McGinnis - Смотреть онлайн - страница 1
https://coursehunters.net/course/stroim-prilozheniya-s-react-socket-io-i-rethinkdb | Строим приложения с React, Socket.io и RethinkDB - Видеоуроки
https://coursehunters.net/source/scotch-io | Видеокурсы от scotch.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/egghead | Видеокурсы от egghead.io - Смотреть онлайн - страница 1
https://coursehunters.net/course/javascript-klyuchevoe-slovo-this-v-glubine | JavaScript 'this' в глубине - Видеоуроки
https://coursehunters.net/course/sozdaem-komponent-s-react-on-rails | Создаем компонент с React on Rails - Видеоуроки
https://coursehunters.net/course/nachalo-raboty-s-react-storybook | Начало работы с React Storybook - Видеоуроки
https://www.udemy.com/modern-javascript-the-complete-course-build-10-projects/ | Modern JavaScript The Complete Course - Build +10 Projects | Udemy
https://coursehunters.net/course/vvedenie-v-struktury-dannyh-dlya-sobesedovaniy | Введение в структуры данных для собеседований - Видеоуроки
https://www.udemy.com/the-complete-junior-to-senior-web-developer-roadmap/ | The Complete Junior to Senior Web Developer Roadmap (2018) | Udemy
https://coursehunters.net/course/aws-dlya-front-end-inzhenerov | Быстрая разработка на AWS: React, Node.js и GraphQL - Видеоуроки
https://coursehunters.net/course/polnoe-rukovodstvo-razrabotchika-2018-ot-dzhunika-k-senoru | Полное руководство разработчика 2018: от джуника к сеньору - Курс
https://coursehunters.net/course/testirovanie-javascript | Тестирование JavaScript (Kent C. Dodds) - Видеоуроки
https://coursehunters.net/course/advanced-javascript | Advanced JavaScript (Tyler Mcginnis) - Видеоуроки
https://coursehunters.net/source/vueschool-io | Видеокурсы от vueschool.io - Смотреть онлайн - страница 1
https://coursehunters.net/course/luchshiy-javascript | Лучший Javascript (leveluptutorials) - Видеоуроки
https://coursehunters.net/course/vue-js-master-klass | Vue.js Мастер-класс (vueschool.io) - Видеоуроки
https://coursehunters.net/course/sozdayte-interaktivnoe-javascript-menyu | Создайте интерактивное javascript меню - Видеоуроки
https://coursehunters.net/source/codewithmosh-mosh-hamedani | Видеокурсы codewithmosh (Mosh Hamedani) - Смотреть онлайн - страница 1
https://coursehunters.net/course/react-catch-up | React Catch-up (Ryan Florence) - Видеоуроки
https://coursehunters.net/course/asinhronnyy-javascript | Асинхронный JavaScript (Asynchronous JavaScript) - Видеоуроки
https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | Основы JavaScript для начинающих - Видеоуроки
https://coursehunters.net/course/vvedenie-v-struktury-dannyh-dlya-sobesedovaniy | Введение в структуры данных для собеседований - Видеоуроки
https://coursehunters.net/backend | Видеоуроки Back-end - страница 1
https://www.npmjs.com/package/coursehunters-cli | coursehunters-cli - npm
https://github.com/alekseylovchikov/ch-download | alekseylovchikov/ch-download: download video from coursehunters.net

https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | XSS Filter Evasion Cheat Sheet - OWASP
https://www.youtube.com/ | (74) YouTube
https://www.facebook.com/ | Facebook

https://github.com/Rev3rseSecurity/WebMap?fbclid=IwAR1F_-n2Mezz4DYjBwsCp8Ea0IrG3LjmtVYiLE5UyKKQnunNWL3-a_dMGmQ | Rev3rseSecurity/WebMap: Nmap Web Dashboard and Reporting

https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-xss | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://appsecwiki.com/#/frontend | Frontend Security - Application Security Wiki
http://blog.ironwasp.org/2014/07/contexts-and-cross-site-scripting-brief.html | IronWASP - Open Source Advanced Web Security Testing Platform: Contexts and Cross-site Scripting - a brief intro
https://ardern.io/2017/12/10/blind-xss/ | Ode To Blind XSS - ardern.io
https://www.corben.io/archives/ | Archives – Corben Leo – Information Security Blog
https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html | Stored XSS, and SSRF in Google using the Dataset Publishing Language
https://twitter.com/hacker_/status/951527150628327425 | Corben Leo on Twitter: "☢ Write-Up Alert: "Chaining Bugs to Steal Yahoo Contacts!" https://t.co/I5KPWExwtK"
https://www.youtube.com/watch?v=VO2uBSfXZso&t=544s | Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi - AppSecUSA 2017 - YouTube
https://www.youtube.com/watch?v=lGdfE-bhQhg | AppSec EU 2017 LT Increasing Web Seurity With The Power Of HTTP Headers by Jose Manuel Ortega - YouTube
https://www.youtube.com/watch?v=bOSdFnFAYNc&t=8s | AppSec EU 2017 OWASP Juice Shop by Björn Kimminich - YouTube
https://www.youtube.com/watch?v=p07acPBi-qw | AppSec EU 2017 Don't Trust The DOM: Bypassing XSS Mitigations Via Script Gadgets by Sebastian Lekies - YouTube
https://www.youtube.com/watch?v=Hmu21p9ybWs | Zane Lackey - Practical tips for web application security in the age of agile and DevOps - YouTube
https://www.youtube.com/watch?v=qHhhg1CEJfY | Evan Johnson - Misconfigured CORS and why web appsec is not getting easier - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=22CKQ_xed9s | James Kettle - Exploiting CORS Misconfigurations for Bitcoins and Bounties - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=43G_nSTdxLk | Automating API Penetration Testing using fuzzapi - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=9C_DaebngYg | Keynote: 50 Shades of AppSec - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=G539NwvpL3I | New Methods in Automated XSS Detection - Ken Belva - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=V1c2cy2G3Wo | Wait, Wait! Don't pwn Me! - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=5r5GkJL7Dgg | PHP Security, Redefined - Chris Cornutt - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=tp4TgJeqPhU | Secure Authentication without the Need for Passwords - Don Malloy - AppSecUSA 2015 - YouTube

https://appsecwiki.com/#/frontend?id=learning | Frontend Security - Application Security Wiki
https://twitter.com/jonathanmarcil/status/1031728013442859008 | Jonathan Marcil on Twitter: "XSS defense summary credits: @manicode @OWASPOC… "
https://twitter.com/manicode | Jim Manico (@manicode) | Twitter
https://twitter.com/OWASPOC | OWASP OC (@OWASPOC) | Twitter
https://twitter.com/matir | David (@matir) | Twitter
https://github.com/jhaddix/XSS.png/blob/master/XSS2.png | XSS.png/XSS2.png at master · jhaddix/XSS.png
https://github.com/jhaddix/tbhm/blob/master/05_XSS.md | tbhm/05_XSS.md at master · jhaddix/tbhm
https://github.com/LucaBongiorni/XSS.png/blob/master/XSS.png | XSS.png/XSS.png at master · LucaBongiorni/XSS.png
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-xss | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018 | Introduction to Web Application Security - Blackhoodie US 2018
https://sites.google.com/site/testsitehacking/10k-host-header | $10k host header - Ezequiel Pereira
https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018?from_action=save | Introduction to Web Application Security - Blackhoodie US 2018
https://image.slidesharecdn.com/blackhoodieexternalpresentation-final-181002225116/95/introduction-to-web-application-security-blackhoodie-us-2018-119-638.jpg?cb=1538521022 | introduction-to-web-application-security-blackhoodie-us-2018-119-638.jpg (638×359)
https://image.slidesharecdn.com/blackhoodieexternalpresentation-final-181002225116/95/introduction-to-web-application-security-blackhoodie-us-2018-118-638.jpg?cb=1538521022 | introduction-to-web-application-security-blackhoodie-us-2018-118-638.jpg (638×359)

https://sqlbolt.com/lesson/filtering_sorting_query_results | SQLBolt - Learn SQL - SQL Lesson 4: Filtering and sorting Query results
https://pgexercises.com/questions/basic/ | PostgreSQL exercises
https://www.amazon.in/ref=nav_logo | Online Shopping site in India: Shop Online for Mobiles, Books, Watches, Shoes and More - Amazon.in
https://www.amazon.in/Printers/b/ref=dp_bc_3?ie=UTF8&node=1375443031 | Printers: Buy Printers Online at Low Prices in India - Amazon.in
https://www.owasp.org/images/1/19/OTGv4.pdf | OTGv4.pdf
https://www.youtube.com/watch?v=Tke1IqDj8wM | (61) How much money I make from YOUTUBE? | QNA#3 - YouTube

https://www.youtube.com/watch?v=9r0-Sga2bEg&list=WL&index=46 | (65) Keith Hoodlet: Bug Bounty Hunting - Paul's Security Weekly #564 - YouTube
https://www.youtube.com/watch?v=OjcMWUo4NHw&index=103&list=WL | (65) BSides Glasgow 2018 - Andy Gill and Brian Higgins - The Internet of Death - YouTube
https://www.youtube.com/watch?v=Xy1K8ODZC8w&index=125&list=WL | (65) Writing Secure JavaScript - YouTube
https://www.peerlyst.com/posts/video-3-5-hours-of-free-appsec-training-from-sunny-wear-via-brakeing-down-security-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | [Video] 3,5 hours of free AppSec training from Sunny Wear via Brakeing Down Security by Peerlyst - web application security training
https://drive.google.com/drive/folders/0B-qfQ-gWynwidlJ1YjgxakdPWDA | WebApp_Class - Google Drive
https://twitter.com/SunnyWear | Sunny Wear (@SunnyWear) | Twitter
https://www.amazon.com/Burp-Suite-Cookbook-Sunny-Wear/dp/178953173X?keywords=burp+suite+cookbook&qid=1538080978&sr=8-1-fkmrnull&ref=mp_s_a_1_fkmrnull_1 | Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite: Sunny Wear: 9781789531732: Amazon.com: Books
https://www.pluralsight.com/courses/web-application-penetration-testing-with-burp-suite | Web Application Penetration Testing with Burp Suite | Pluralsight
https://www.pluralsight.com/courses/advanced-web-application-penetration-testing-burp-suite | Advanced Web Application Penetration Testing with Burp Suite | Pluralsight
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
chrome://bookmarks/?id=18 | Bookmarks
https://www.torontowebsitedeveloper.com/hacking-resources | Hacking Resources | Peter YaworskiToronto Website Developer
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
http://h1.nobbd.de/ | The unofficial HackerOne disclosure Timeline
https://github.com/PaulSec/awesome-sec-talks | PaulSec/awesome-sec-talks: A collected list of awesome security talks
https://github.com/denysdovhan/bash-handbook | denysdovhan/bash-handbook: For those who wanna learn Bash
https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/ | Offensive Security Bookmarks – EK
https://groups.google.com/forum/m/#!topic/rsua-ts2014/bsDNBH0MrcU | Tutorials - Google Groups
https://www.youtube.com/watch?v=hRuNHUwiQJA | (65) An introduction to Android application security testing (by Nikolay Elenkov) - YouTube
https://github.com/m4ll0k/Awesome-Hacking-Tools | m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://www.facebook.com/NineHackers/?fref=gc&dti=328952157561088&hc_location=ufi | Nine Hackers - Home

https://samsclass.info/129S/129S_F16.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?v=UjAGqCFl74U | (63) CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2) - YouTube
https://security.love/CSRF-PoC-Genorator/ | https://security.love/CSRF-PoC-Genorator/
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/readings/index.html#week3 | COMP 116: Introduction to Computer Security - Required Readings
https://www.veracode.com/security/csrf | Guide to CSRF (Cross-Site Request Forgery) | Veracode
https://blog.codinghorror.com/cross-site-request-forgeries-and-you/ | Cross-Site Request Forgeries and You
https://www.cs.utexas.edu/~shmat/courses/cs378_spring09/zeller.pdf | zeller.pdf
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/readings/index.html#week3 | COMP 116: Introduction to Computer Security - Required Readings
https://www.youtube.com/watch?v=PBvFuVRCuMg | (63) What is CSRF? - YouTube
https://www.hacksplaining.com/ | Pick a Vulnerability to Learn About
https://www.youtube.com/watch?v=9JrzPX1pVjs | (63) XSRF Cross Site Request Forgery - YouTube
https://www.youtube.com/watch?v=vRBihr41JTo | Cross Site Request Forgery - Computerphile - YouTube
https://www.youtube.com/watch?v=GgaI6vi_IOM | How to Cross Site Forgery Request (CSRF) - YouTube
https://www.youtube.com/watch?v=hW2ONyxAySY | (63) Understanding CSRF, the video tutorial edition - YouTube
https://www.troyhunt.com/understanding-csrf-video-tutorial/ | Troy Hunt: Understanding CSRF, the video tutorial edition
https://www.youtube.com/watch?v=TwG0Rd0hr18 | (63) Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery) - YouTube
https://blog.zsec.uk/csrf-2018/ | Delivering Many a Payload via CSRF
https://www.google.co.in/search?q=CNIT+129S%3A+13%3A+Attacking+Users%3A+Other+Techniques+(Part+1+of+2)&oq=CNIT+129S%3A+13%3A+Attacking+Users%3A+Other+Techniques+(Part+1+of+2)&aqs=chrome..69i57j69i61l3.471j0j7&sourceid=chrome&ie=UTF-8 | CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2) - Google Search
https://samsclass.info/129S/129S_S18.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://samsclass.info/129S/lec/ch13a.pdf | ch13a.key
https://www.youtube.com/watch?v=yn1UQYAX7kk | (63) CNIT 129S - Securing Web Applications, April 25, 2018 Lecture - YouTube
https://samsclass.info/129S/129S_F16.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?v=w9_gx0yOLCc | (63) FilterCopy | How I Fell In Love With My Best Friend | Ft. Apoorva Arora and Rohan Shah - YouTube
https://www.youtube.com/watch?v=30WTWkFe910 | (63) Silicon Valley | Season 1-5 | The Best of Gavin Belson - YouTube

https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://samsclass.info/129S/lec/ch12a.pdf | ch12a.key
https://samsclass.info/129S/lec/ch12b.pdf | ch12b.key
http://attackdirect.samsclass.info/xss-extra.htm | Project 9x: XSS Extra Credit (Up to 25 pts.)
https://www.youtube.com/watch?v=pkAz9OYZ-HM | (35) CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3) - YouTube
https://www.youtube.com/watch?v=pkAz9OYZ-HM | CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3) - YouTube
https://www.youtube.com/playlist?list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj | Hacker101 - YouTube
https://www.youtube.com/watch?v=HGaFCcWM57U&index=4&t=0s&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj | Hacker101 - XSS and Authorization - YouTube
https://www.youtube.com/watch?v=gkMl1suyj3M&t=1s | Bugcrowd University - Cross Site Scripting (XSS) - YouTube
https://www.bugcrowd.com/university/ | Bugcrowd University | Bugcrowd
https://www.youtube.com/watch?v=WsyswW5F4Io&t=22s | Cross-site scripting (XSS) explained - YouTube
https://zseano.com/tutorials/4.html | zseano | UK Security Researcher
http://brutelogic.com.br/blog/ | Brute XSS - Master the art of Cross Site Scripting.
https://blog.sucuri.net/2016/04/what-is-an-xss-vulnerability.html | What is XSS? - Cross Site Scripting Vulnerability
https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting | Types of Cross-Site Scripting - OWASP
https://quanyang.github.io/the-abcs-of-xss/ | The ABCs of XSS – Quan Yang
https://brutelogic.com.br/blog/xss101/ | XSS 101 - Brute XSS
https://www.csoonline.com/article/3269028/malware/what-is-cross-site-scripting-xss-low-hanging-fruit-for-both-attackers-and-defenders.html | What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders | CSO Online
http://www.hackingarticles.in/beginners-guide-cross-site-scripting-xss/ | Beginners Guide to Cross Site Scripting (XSS)
https://www.veracode.com/security/xss | Cross-Site Scripting (XSS) Cheat Sheet | CA Veracode
https://attack.samsclass.info/vulnphp/vuln-messageboard.php | Vulnerable Message Board
https://attack.samsclass.info/xss.htm | XSS Demos
https://www.youtube.com/watch?v=AtRL06gBgeo | BSides Delhi 2017 - Doing recon like it’s 2017 - Bharath Kumar - YouTube
http://www.cs.tufts.edu/comp/20/hackme.php | Hack Me Playground
https://www.youtube.com/ | (35) YouTube

https://www.hackersclub.io/blog/page/10 | hackerclub
https://www.hackersclub.io/single-post/2016/02/12/Advanced-SQL-Injection | Advanced SQL Injection | hackerclub
https://www.hackersclub.io/single-post/2018/02/10/Exploiting-Buffer-Overflows | Exploiting Buffer Overflows | hackerclub
https://www.hackersclub.io/single-post/2016/08/20/How-to-Hack-Using-JavaScript-XSS-Brute-Force-BeEF | How to Hack Using JavaScript (XSS, Brute Force, BeEF) | hackerclub
https://www.hackersclub.io/blog/tag/wireshark | hackerclub
https://www.hackersclub.io/single-post/2016/04/17/Bash-Scripting-Basics-Part-1 | Bash Scripting Basics Part 1 | hackerclub
https://www.hackersclub.io/single-post/2016/04/05/Perl-Script-TCP-Attack | Perl Script: TCP Attack | hackerclub
https://www.hackersclub.io/single-post/2016/03/30/20-Different-Types-of-DDoS-Attacks | 20 Different Types of DDoS Attacks | hackerclub
https://www.hackersclub.io/single-post/2016/03/27/Scheduling-Tasks-with-Cron-Jobs | Scheduling Tasks with Cron Jobs | hackerclub
https://www.hackersclub.io/single-post/2016/03/25/11-great-Rails-libraries-we-use-on-every-project | 11 great Rails libraries we use on every project | hackerclub
https://www.hackersclub.io/single-post/2016/03/24/Creating-a-Backdoor-Using-Meterpreter | Creating a Backdoor Using Meterpreter | hackerclub
https://www.hackersclub.io/blog/tag/python | hackerclub
https://www.hackersclub.io/single-post/2016/03/21/Client-Side-Exploits-in-Metasploit | Client Side Exploits in Metasploit | hackerclub
https://www.hackersclub.io/single-post/2016/03/18/Pentesting-Tips-Scanning-your-network-for-Reflective-Amplification-DDoS | Pentesting Tips - Scanning your network for Reflective Amplification DDoS | hackerclub
https://www.hackersclub.io/single-post/2016/03/11/Hacking-With-Python-Basic-SSH-BotNet | Hacking With Python - Basic SSH BotNet | hackerclub
https://www.hackersclub.io/single-post/2016/03/09/How-To-Kill-The-Entire-Internet-Connection-Of-User-In-Single-Click | How To “Kill“ The Entire “Internet Connection“ Of User In Single Click | hackerclub
https://www.hackersclub.io/single-post/2016/03/08/Metasploit-Tutorial-From-Basic-To-Advance | Metasploit Tutorial From Basic To Advance | hackerclub

https://twitter.com/ | (*) Twitter
https://www.youtube.com/watch?v=4TBStYr8t4g&index=11&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | (27) 11- Hashing, How it works and why we need it. - YouTube
https://main.immersivelabs.online/labs/tcpdump-episode-1/ | Immersive Labs
http://alumni.cs.ucr.edu/~marios/ethereal-tcpdump.pdf | ethereal-tcpdump.pdf
https://www.tcpdump.org/manpages/tcpdump.1.html | Manpage of TCPDUMP
http://linuxcommand.org/lc3_lts0070.php | Learning the shell - Lesson 7: I/O Redirection
https://lab-content.immersivelabs.online/Tooling-and-Techniques/Linux-Command-Line/CheatSheet-Linux-Essentials.pdf | CheatSheet-Linux-Essentials.pdf
https://www.jpsecnetworks.com/ | jpsecnetworks.com
https://www.jpsecnetworks.com/week-3-oscp-preparation/ | Week 3 – OSCP Preparation / (Wireshark, tcpdump, Shell Script and Python) 2018-09-18 20:08:38
https://www.google.co.in/search?q=javascript+training+in+delhi&oq=javascript+training+in+delhi&aqs=chrome..69i57j0l3j69i64.6293j0j7&sourceid=chrome&ie=UTF-8 | javascript training in delhi - Google Search

https://www.youtube.com/ | (17) YouTube
https://www.blackroomsec.com/updated-hacking-challenge-site-links/ | Updated Hacking Challenge Site Links
https://www.malware-traffic-analysis.net/training-exercises.html | Malware-Traffic-Analysis.net - Traffic Analysis Exercises
https://holidayhackchallenge.com/past-challenges/ | The SANS Holiday Hack Challenge: Past Challenges
https://www.sans.org/course/web-app-penetration-testing-ethical-hacking | Web Application Penetration Testing Training | SANS SEC542
https://www.sans.org/course/defending-web-applications-security-essentials | Web Application Security Training Course | SANS | Web App Security
https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking | Advanced Web App Penetration Testing Training | SANS SEC642

https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://github.com/publiclab/plots2 | publiclab/plots2: a collaborative knowledge-exchange platform in Rails; we welcome first-time contributors!
http://www.speedtest.net/result/7683572079 | Speedtest by Ookla - The Global Broadband Speed Test
http://www.hackingarticles.in/web-penetration-testing/ | Web Penetration Testing - Hacking Articles
http://www.hackingarticles.in/penetration-testing/ | Penetration Testing, Metasploit Tutorial, Metasploit Hacking,Pentest Tutorials
https://stackoverflow.com/questions/46941346/how-to-know-the-git-username-and-email-saved-during-configuration | command line - How to know the git username and email saved during configuration? - Stack Overflow
https://alvinalexander.com/git/git-show-change-username-email-address | How to show or change your Git username or email address | alvinalexander.com
https://stackoverflow.com/questions/8801729/is-it-possible-to-have-different-git-config-for-different-projects | Is it possible to have different git config for different projects - Stack Overflow
https://web.whatsapp.com/ | (14) WhatsApp
https://www.google.co.in/search?q=change+the+ruby+version&oq=change+the+ruby+version+&aqs=chrome..69i57j0l5.223993j0j4&sourceid=chrome&ie=UTF-8 | change the ruby version - Google Search
https://rvm.io/rubies/default | RVM: Ruby Version Manager - 'rvm default' - setting default ruby for new terminals
https://code.publiclab.org/ | Community toolbox
https://unix.stackexchange.com/questions/1373/how-do-i-switch-from-an-unknown-shell-to-bash | How do I switch from an unknown shell to bash? - Unix & Linux Stack Exchange
https://gorails.com/setup/ubuntu/16.04 | Install Ruby On Rails on Ubuntu 16.04 Xenial Xerus | GoRails
https://superuser.com/questions/46748/how-do-i-make-bash-my-default-shell-on-ubuntu | How do I make Bash my default shell on Ubuntu? - Super User
https://www.tecmint.com/change-a-users-default-shell-in-linux/ | 3 Ways to Change a Users Default Shell in Linux

https://twitter.com/HanseSecure/status/1035398658517295104 | Florian Hansemann on Twitter: "Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans. #infosec #pentest https://t.co/SsilxmY4IS… https://t.co/PFloi4rf1h"
https://www.tecmint.com/nmap-command-examples/ | 29 Practical Examples of NMAP Commands for Linux System/Network Administrators
https://twitter.com/kmkz_security/status/1003999163594485760 | kmkz on Twitter: "The easy way to exploit OOB XXE by exfiltrating data : https://t.co/tlCHIXThdA"

https://www.youtube.com/results?search_query=How+To+DevOps+%28While+Sneaking+in+Security%29+ | (17) How To DevOps (While Sneaking in Security) - YouTube
https://www.twitch.tv/videos/316744940 | shehackspurple - OWASP DevSlop - Twitch
https://www.owasp.org/index.php/OWASP_DevSlop_Project | OWASP DevSlop Project - OWASP
https://www.cybrary.it/course/secure-coding/ | The FREE Secure Coding Training Course only at Cybrary
https://www.peerlyst.com/companies/peerlyst?trk=post_page_author | Posts related to "Peerlyst" | Peerlyst
https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=sr_1_2?s=books&ie=UTF8&qid=1483585805&sr=1-2&keywords=sunny+wear | SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25: Sunny Wear: 9781508929574: Amazon.com: Books
https://7minsec.com/blog/ | Blog — 7 Minute Security
https://7minsec.com/projects/github/ | Github Repos — 7 Minute Security
https://gist.github.com/braimee/2ef29a7732bdb0e77a6779c42a31bf68 | 7 Minute Security podcast episode guide · GitHub
https://7ms.us/7ms-318-interview-with-bjorn-kimminich-of-owasp-juice-shop/ | 7MS #318: Interview with Bjorn Kimminich of OWASP Juice Shop
https://summerofcode.withgoogle.com/ | Home | Google Summer of Code
https://www.sunnywear.org/ | Home | Sunshine Solutions, LLC
https://www.youtube.com/c/SunnyWear | (18) Sunny Wear - YouTube

https://twitter.com/ | (*) Twitter
https://twitter.com/ | (*) Twitter
chrome://bookmarks/?id=18 | Bookmarks
https://www.peerlyst.com/posts/ctf-write-ups-wiki-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | CTF write-ups wiki by Peerlyst - cryptography, peerlyst wiki, bsides | Peerlyst
https://cmdchallenge.com/ | Commandline Challenge
https://www.explainshell.com/ | explainshell.com - match command-line arguments to their help text
https://www.youtube.com/watch?v=oxuRxtrO2Ag | Beginner's Guide to the Bash Terminal - YouTube
https://www.youtube.com/user/BadEditPro/playlists | (17) Joe Collins - YouTube
https://github.com/cneill/appsec-resources/blob/master/training.md#star-the-basics | appsec-resources/training.md at master · cneill/appsec-resources · GitHub
https://blog.sucuri.net/2016/04/what-is-an-xss-vulnerability.html | What is XSS? - Cross Site Scripting Vulnerability
https://www.youtube.com/watch?v=hRuNHUwiQJA | An introduction to Android application security testing (by Nikolay Elenkov) - YouTube
https://infocon.org/cons/ | InfoCon Collection: Hacking Conference Audio and Video Archive
https://groups.google.com/forum/m/#!topic/rsua-ts2014/bsDNBH0MrcU | Учебные материалы - Google Groups
https://github.com/m4ll0k/Awesome-Hacking-Tools | GitHub - m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK-A | Murmus CTF - YouTube
https://www.youtube.com/watch?v=fRx1m9VrRqc&index=3&list=PLI7sA2luNRhlzMMpqw6oI8UtMcJV6bYSK | SecureNinjaTV Cyber Kung Fu Mod 02 Footprinting and Reconnaissance - YouTube
https://www.youtube.com/watch?time_continue=5&v=Q7psiw5rI4Y | OSCP DC719 Discussion - YouTube
https://www.youtube.com/channel/UC9gcFaGnsI9nEh0CmTfFPCg | (17) Arbin Godar - YouTube
https://www.youtube.com/watch?v=zi3yDovd0RY&feature=youtu.be | (17) Sunny Wear's Brakeing Down Security Web App Sec Training #1 - YouTube
https://drive.google.com/drive/folders/0B-qfQ-gWynwidlJ1YjgxakdPWDA | WebApp_Class - Google Drive
https://www.youtube.com/watch?v=0rXszCC0RCA&list=PLKa-QXCHOmEl-msqRc13vxBSS9DVTDREc | (17) CTF Beginnings: Introduction to Capture the Flag Events - YouTube
https://www.youtube.com/channel/UCOKjPk436MZRcnhzPOg49AQ/about | (17) Sunny Wear - YouTube
https://www.tripwire.com/state-of-security/devops/how-to-devops-while-sneaking-in-security/#.Wz3uN-RxyPo.twitter | BSides Springfield Preview: How To DevOps (While Sneaking in Security)
https://www.youtube.com/watch?v=Vp2nEtsCr-U | Exploit Kits: The Biggest Threat You Know Nothing About (Sunny Wear) - YouTube
https://www.sunnywear.org/ | Home | Sunshine Solutions, LLC
https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=asap_bc?ie=UTF8%C2%A0 | SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25: Sunny Wear: 9781508929574: Amazon.com: Books
https://www.amazon.com/Burp-Suite-Cookbook-Sunny-Wear/dp/178953173X?keywords=burp+suite+cookbook&qid=1538080978&sr=8-1-fkmrnull&ref=mp_s_a_1_fkmrnull_1 | Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite: Sunny Wear: 9781789531732: Amazon.com: Books
https://www.eventbrite.com/e/isc2-central-florida-chapter-web-application-pentesting-class-tickets-47929769230 | (ISC)2 Central Florida Chapter - Web Application Pentesting Class Tickets, Sat, Sep 22, 2018 at 8:00 AM | Eventbrite
https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw/playlists | (17) BDS Podcast - YouTube
http://hack.plus/search/XSS | Hack+

https://www.virustotal.com/#/file/0c829abde7968478bd3172e395116f701e7e1c08b69dbada64351aa8e5409543/community | VirusTotal
https://malwareconfig.com/config/17a07c64c9219c39d1b282f5cbfb4ef0/ | MalwareConfig - AlienSpy:
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-ii/ | Week 2 – OSCP Preparation / Linux Review Part II (Netstat, SS, NETCAT, NCAT ) 2018-09-14 19:29:50
https://www.jpsecnetworks.com/ | jpsecnetworks.com
https://public.attackdefense.com/members | AttackDefense.com Member Area
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://0x00sec.org/t/whats-the-most-anonymous-active-scanning-technique/5678 | Whats the most anonymous active scanning technique? - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/how-do-those-hacking-tools-work-the-art-of-port-scanning/619 | How do those hacking tools work? The Art of Port Scanning - Networking - 0x00sec - The Home of the Hacker
https://0x00sec.org/u/0x00pf/activity/topics | Profile - 0x00pf - 0x00sec - The Home of the Hacker
https://0x00sec.org/search?q=How%20do%20those%20hackers%20tool | Search results for 'How do those hackers tool' - 0x00sec - The Home of the Hacker
https://0x00sec.org/ | 0x00sec - The Home of the Hacker
https://0x00sec.org/t/wannabe-tutorials-section-1-part-4/1223 | Wannabe Tutorials: Section 1 Part 4 - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/whats-the-most-anonymous-active-scanning-technique/5678 | Whats the most anonymous active scanning technique? - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/recon-nmap-basics/977 | Recon: Nmap Basics - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/recon-gaining-credentials-with-nmap-scripts/984 | Recon: Gaining Credentials with Nmap Scripts - Reconnaissance - 0x00sec - The Home of the Hacker
https://crawl3r.info/my-go-to-port-scan-nmap/ | My go-to port scan (nmap) – Crawl3r
https://linux.die.net/man/1/nmap | nmap(1) - Linux man page
http://bitspyder.net/details.php?id=73180 | .:: Bitspyder.net :: Details for torrent "Metasploit (ITProTV)"
http://bitspyder.net/details.php?id=73180 | .:: Bitspyder.net :: Details for torrent "Metasploit (ITProTV)"
http://bitspyder.net/details.php?id=81049&filelist=1#filelist | .:: Bitspyder.net :: Details for torrent "ITPro TV Bundle"

https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/ | Week 1 - OSCP Preparation / LAB Setup 2018-09-05 22:20:19
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-i/ | Week 2 - OSCP Preparation / Linux Review Part I 2018-09-12 23:20:47
https://immersivelabs-dca.slack.com/messages/C902F4BN0/files/FCV6J4NLQ/ | general | ImmersiveLabs-DCA Slack
https://main.immersivelabs.online/labs/netcat/ | Immersive Labs
https://www.youtube.com/watch?v=S1GdWiiYiPI | (26) Netcat (Reverse TCP Persistence with Netcat) - Part 2: Writing Persistence Scripts (Python and VB) - YouTube
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/ | Hacking with Netcat part 2: Bind and reverse shells - Hacking Tutorials
https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g | (26) Don Does 30 Official - YouTube
https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/ | Hack Like a Pro: How to Use Netcat, the Swiss Army Knife of Hacking Tools « Null Byte :: WonderHowTo

https://training.peritusinfosec.com/courses/366780/lectures/5604538 | Proxy And Repeater | Peritus Training School
https://www.fwhibbit.es/burp-suite-ii-construyendo-un-objetivo-sitemap-spider | Burp Suite II: Construyendo un objetivo, Sitemap & Spider – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-iii-intercepter-repeater | Burp Suite III: Intercepter & Repeater – Follow The White Rabbit
https://www.sniferl4bs.com/2015/07/burpsuite-vii-match-and-replace.html | BurpSuite VII - Match and Replace, Modificaciones HTML, Encoding and decoding - Snifer@L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's
http://www.speedtest.net/result/7671181967 | Speedtest by Ookla - The Global Broadband Speed Test

https://enciphers.com/knoxss-vs-burpsuitea-practical-demonstration/ | Knoxss vs Burpsuite(A practical Demonstration) – Enciphers
https://enciphers.com/our-three-favorite-burp-suite-extensions-and-how-to-use-them/ | Our three favorite burp suite extensions and how to use them – Enciphers
https://enciphers.com/3-must-have-tools-for-penetration-testers/ | 3 must have tools for Penetration testers – Enciphers
https://main.immersivelabs.online/labs/burp-target-scope/ | Immersive Labs
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project | Category:OWASP Top Ten Project - OWASP
https://www.youtube.com/watch?v=ET07_kVbVhw&list=PLVB4HEKGduYEa4Rr5kQA9hxkhzpHIamPt&index=8 | (20) Basics of Web Application Penetration Testing - A1 Injection - YouTube
https://www.pentestgeek.com/web-applications/burp-suite-tutorial-1 | Burp Suite Tutorial - Web Application Penetration Testing
https://enciphers.com/utilizing-burpsuite-extensions/ | Utilizing Burpsuite Extensions – Enciphers
https://www.pentesteracademy.com/members | Member Area
https://www.youtube.com/watch?v=boHIjDHGmIo | (20) Burp Hacks for Bounty Hunters - YouTube
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214?show=fuzzing-approach-credentials-discovery-burp-intruder-33214&cat=testing | A Fuzzing Approach to Credentials Discovery using Burp Intruder
https://www.fwhibbit.es/?s=burp | Search results for "burp" - Follow The White Rabbit
https://www.youtube.com/watch?v=h2duGBZLEek | (20) Bugcrowd University - Introduction to Burp Suite - YouTube
https://www.sniferl4bs.com/2015/06/burpsuite-iv-configuracion-de.html | BurpSuite IV - Configuration of Digital Certificate, ProxyTOR ?, saving and recovering - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-viii-historia-de-peticiones.html | BurpSuite VIII - History of requests, Comparing Sitemaps, Report of Vulnerabilities - Snifer @ L4b's

https://www.allmytweets.net/ | All My Tweets - View all your tweets on one page.
https://enciphers.com/2018/01/24/different-tricks-to-get-xss/ | Page not found – Enciphers
https://enciphers.com/2018/01/25/how-to-exploit-xxe-vulnerabilities/ | Page not found – Enciphers
http://codegrazer.com/blog/7-reflected-xss.html | Codegrazer: 7 Reflected Cross-site Scripting (XSS)
https://github.com/keon/algorithms/blob/master/algorithms/maths/primes_sieve_of_eratosthenes.py | algorithms/primes_sieve_of_eratosthenes.py at master · keon/algorithms
http://www.cs.tufts.edu/comp/116/archive/ | COMP 116: Introduction to Computer Security - Final Project Archive
https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/ | An Intro to x86_64 Reverse Engineering | Leo Tindall
https://leotindall.com/tutorial/additional-exercises-in-reverse-engineering/ | Additional Exercises in Reverse Engineering | Leo Tindall
https://leotindall.com/post/pdf-embedding-attacks/ | PDF Embedding Attacks | Leo Tindall
https://ajinabraham.com/static/Ajin_Abraham_Resume.pdf | Ajin Abraham - VisualCV
https://github.com/orangetw/My-CTF-Web-Challenges | orangetw/My-CTF-Web-Challenges: Collection of CTF Web challenges I made
https://twitter.com/tvmpt/status/908283005608886272 | TvM on Twitter: "Perseverance is the best advice to new bug hunters...… "
http://codegrazer.com/ | CodeGrazer: Penetration Testing Services
http://codegrazer.com/conference/dc151.html | Codegrazer: The Bug bounty scene: how to start with bug bounties
http://codegrazer.com/blog/7-reflected-xss.html | Codegrazer: 7 Reflected Cross-site Scripting (XSS)

https://www.netflix.com/browse | Netflix
https://twitter.com/g33kyshivam | (1) Shivam Goyal (@g33kyshivam) | Twitter
https://movaxbx.ru/2018/09/16/privilege-escalation-post-exploitation/ | MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers Privilege Escalation & Post-Exploitation
http://www.webappsec.org/projects/articles/071105.shtml | [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
https://medium.com/ehsahil/basic-penetration-testing-lab-1-7544969cb3ac | Basic Penetration testing lab — 1 – ehsahil – Medium
https://twitter.com/shehackspurple/status/1041695362438897665 | Tanya Janca on Twitter: "Thread: Are you looking for a mentor in the InfoSec field? Are you willing to take someone under your wing and become a mentor? Many people ask me to help them find someone and other's offer to help, this thread is for all of you. Please reply if you are looking or offering."
https://www.twitch.tv/shehackspurple | shehackspurple - Twitch
https://www.peerlyst.com/posts/the-how-to-become-infosec-job-title-collection-nicole-lamoureux?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | The How To Become {Infosec Job Title} Collection by Nicole Lamoureux - career, information security, workforce shortage | Peerlyst
https://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html | Privilege Escalation - Linux · pentestbook
https://medium.com/@pentest_it/how-to-intercept-tor-hidden-service-requests-with-burp-proxy-6214035963a0 | How to intercept TOR hidden service requests with Burp
https://pinkysplanet.net/simple-linux-x86-buffer-overflow/ | Simple Linux x86 Buffer Overflow
https://breakermag.com/a-bug-bounty-hunter-tells-all/ | A bug bounty hunter tells all
https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html | Passing OSCP - scund00r
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/ | COMP 116: Introduction to Computer Security
https://www.youtube.com/?pbjreload=10 | (11) YouTube
https://www.youtube.com/watch?v=XFckmtISfJk | (11) Unboxing Every iPhone XS + XS Max - YouTube
http://www.speedtest.net/ | Speedtest by Ookla - The Global Broadband Speed Test

https://www.facebook.com/saved/?cref=28 | Saved
https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/ | PWK/OSCP – Stack Buffer Overflow Practice – vortex's blog
https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_slides.pdf | dostackbufferoverflowgood/dostackbufferoverflowgood_slides.pdf at master · justinsteven/dostackbufferoverflowgood
https://www.youtube.com/channel/UCCBmFvsR6sIPrmjSVVxY9ng/channels | (1) Justin Steven - YouTube
https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_tutorial.pdf | dostackbufferoverflowgood/dostackbufferoverflowgood_tutorial.pdf at master · justinsteven/dostackbufferoverflowgood
https://linuxize.com/post/getting-started-with-tmux/ | Getting started with Tmux | Linuxize
https://linuxize.com/post/how-to-use-scp-command-to-securely-transfer-files/ | How to Use SCP Command to Securely Transfer Files | Linuxize
https://linuxize.com/post/how-to-enable-ssh-on-ubuntu-18-04/ | How to Enable SSH on Ubuntu 18.04 | Linuxize
https://linuxize.com/post/how-to-create-and-extract-archives-using-the-tar-command-in-linux/ | How to Create and Extract Archives Using the Tar Command in Linux | Linuxize
https://linuxize.com/post/how-to-unzip-files-in-linux/ | How to Unzip Files in Linux | Linuxize
https://linuxize.com/post/how-to-kill-a-process-in-linux/ | How to Kill a Process in Linux | Linuxize
https://linuxize.com/post/curl-command-examples/ | Curl Command Examples | Linuxize
https://linuxize.com/post/how-to-list-users-in-linux/ | How to List Users in Linux | Linuxize
https://linuxize.com/post/wget-command-examples/ | Wget Command Examples | Linuxize
https://linuxize.com/post/how-to-deploy-rocket-chat-on-ubuntu-18-04/ | How to Deploy Rocket.Chat on Ubuntu 18.04 | Linuxize
https://linuxize.com/post/how-to-find-files-in-linux-using-the-command-line/ | How to Find Files in Linux Using the Command Line | Linuxize
https://linuxize.com/post/how-to-use-linux-screen/ | How To Use Linux Screen | Linuxize
https://linuxize.com/post/create-a-linux-swap-file/ | Create a Linux Swap File | Linuxize
https://linuxize.com/post/how-to-create-and-manage-cron-jobs/ | How to create and manage cron jobs | Linuxize
https://medium.com/@protector47/persistent-cross-site-scripting-on-redacted-worth-2-000-1e760617ccab | Persistent Cross-Site Scripting on redacted worth $2,000
https://github.com/MistSpark | MistSpark (Omar_Ahmed)
https://github.com/MistSpark/OSCP_Review | MistSpark/OSCP_Review
https://www.facebook.com/groups/oscpsg/permalink/1912283138864720/ | OSCP Study Group
https://blog.techorganic.com/2012/10/16/introduction-to-pivoting-part-3-ncat/ | Introduction to pivoting, Part 3: Ncat – Techorganic – Musings from the brainpan
https://www.facebook.com/ieeemsit/posts/2476178855755461 | IEEE MSIT - Posts

https://immersivelabs-dca.slack.com/messages/C902F4BN0/details/ | general | ImmersiveLabs-DCA Slack
file:///home/g33kyshivam/Downloads/Java%20Class%20Notes.pdf | Java Class Notes
https://www.youtube.com/feed/subscriptions | (7) Subscriptions - YouTube

https://mail.google.com/mail/u/0/?pli=1#inbox | Inbox (1,410) - shivam.goyal397@gmail.com - Gmail
https://www.facebook.com/ | Facebook

https://www.youtube.com/watch?v=jPSuZI7gYPA | SSLstrip - Working and Prevention ! HSTS vs 301 redirect ! Reality vs Myths - YouTube
https://www.youtube.com/ | YouTube
https://hacksandsecurity.org/posts/understating-asymmetric-and-symmetric-key-cryptography-hash-functions-mitm-attacks-salts | Understating asymmetric and symmetric key cryptography, hash functions, MITM attacks, Salts, Bruteforce attacks and more | Hacks and Security
https://www.youtube.com/playlist?list=PLf8bMP4RWebLVGpUnhji9Olkj1jdXfzFd | cryptography - YouTube
https://www.jpsecnetworks.com/oscp-the-challenge-begins/ | OSCP, the challenge begins! – JPSecNetworks
https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/ | Week 1 – OSCP Preparation / LAB Setup – JPSecNetworks
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-i/ | Week 2 – OSCP Preparation / Linux Review Part I – JPSecNetworks
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-ii/ | Week 2 – OSCP Preparation / Linux Review Part II (Netstat, SS, NETCAT, NCAT ) – JPSecNetworks

https://doge.codes/php?utm_source=telegram&utm_medium=promo_post&utm_campaign=php1&utm_content=web_fl | Online course on the basics of PHP | Doge Codes
https://www.codingninjas.in/app/payment | Online Programming/Coding Courses/Classes, Practice Coding Online: Coding Ninjas
https://www.youtube.com/feed/subscriptions | Subscriptions - YouTube

https://twitter.com/rag_sec | RagSec (@rag_sec) | Twitter
https://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/ | MySQL SQL Injection Practical Cheat Sheet - Perspective Risk
https://github.com/NetSPI/PowerUpSQL | NetSPI/PowerUpSQL: PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
http://www.fuzzysecurity.com/tutorials/16.html | http://www.fuzzysecurity.com/tutorials/16.html
https://www.askapache.com/hacking/changing-password-xp/ | Changing Any Password On XP
https://www.google.co.in/search?q=sennheiser%20delhi&oq=senhister+del&aqs=chrome.2.69i57j0l5.3850j0j7&sourceid=chrome&ie=UTF-8&npsic=0&rflfq=1&rlha=0&rllag=28555657,77146795,11016&tbm=lcl&rldimm=11577421290328404015&lqi=ChBzZW5uaGVpc2VyIGRlbGhpIgOIAQE&ved=2ahUKEwijuam16KrdAhWHtI8KHZV_DLUQvS4wAXoECAYQIg&rldoc=1&tbs=lrf:!2m4!1e17!4m2!17m1!1e2!2m1!1e3!2m1!1e16!3sIAE,lf:1,lf_ui:4#rlfi=hd:;si:11577421290328404015,l,ChBzZW5uaGVpc2VyIGRlbGhpIgOIAQE;mv:!3m12!1m3!1d84107.26859113981!2d77.14679525!3d28.555657299999996!2m3!1f0!2f0!3f0!3m2!1i231!2i288!4f13.1;tbs:lrf:!2m1!1e3!2m1!1e16!2m4!1e17!4m2!17m1!1e2!3sIAE,lf:1,lf_ui:4 | sennheiser delhi - Google Search
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/ | Windows Privilege Escalation Methods for Pentesters – Pentest Blog
https://www.cybrary.it/0p3n/windows-xp-netapi-exploitation/ | Windows XP Netapi Exploitation - Cybrary

https://www.youtube.com/watch?v=ztHopE5Wnpc&t=7920s | (73) Database Design Course - Learn how to design and plan a database for beginners - YouTube
https://www.youtube.com/watch?v=3W5zFjedIrk&list=PL_c9BZzLwBRKn20DFbNeLAAbw4ZMTlZPH&index=4 | (73) MySQL 4 - Beginner Terms Part 1 - YouTube
https://www.youtube.com/user/CalebTheVideoMaker2/playlists | (73) Caleb Curry - YouTube
https://main.immersivelabs.online/cyber-skills/skills/skill-set/ethical-infrastructure-hacking | Immersive Labs
https://main.immersivelabs.online/cyber-skills/skills/skill-set/ethical-web-hacking | Immersive Labs

http://www.speedtest.net/result/7601977469 | Speedtest by Ookla - The Global Broadband Speed Test
https://www.youtube.com/ | (55) YouTube
https://www.guru99.com/database-normalization.html | What is Normalization? 1NF, 2NF, 3NF & BCNF with Examples
https://www.calebcurry.com/freecodecamp-database-design-full-course/ | freeCodeCamp Database Design Full Course - Caleb Curry
https://www.tv-subs.com/subtitles/mr-robot-season-1-episode-2-english-8182 | Mr.Robot.S01E02.720p.HDTV.x264-KILLERS English subtitle

https://www.youtube.com/playlist?list=PLp4w7b_XLssRTl34st7tMeRA0emwz0vTr | (54) Website Hacking (Sql Injection) - YouTube
https://www.youtube.com/watch?v=rapaRJDO3vA | (54) SQL Injection Tutorial For Beginners - Kali Linux - #1 - YouTube
https://www.youtube.com/watch?v=dzj9Y2ahYx8&t=3s | (54) Introduction to SQL Injection with SQLMap - YouTube
https://www.youtube.com/watch?v=ciNHn38EyRc | Running an SQL Injection Attack - Computerphile - YouTube
https://www.youtube.com/watch?v=WFFQw01EYHM | (54) SQL Injection Attack Tutorial (2018) - YouTube
https://www.youtube.com/watch?v=_jKylhJtPmI | (54) Hacking Websites with SQL Injection - Computerphile - YouTube
https://main.immersivelabs.online/labs/web-applications-sql-injection/ethical-web-hacking | Immersive Labs
https://www.youtube.com/watch?v=BR-VeQUoRCw&index=2&list=PLZOToVAK85Mr4CzRimmw4KD84yUjkEAEw&t=0s | SQL Injection Explained - Part 1: The Basics - YouTube
https://www.acunetix.com/websitesecurity/blind-sql-injection/ | Blind SQL Injection: What is it? | Acunetix
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://www.w3schools.com/sql/sql_injection.asp | SQL Injection
https://www.veracode.com/security/sql-injection | SQL Injection Cheat Sheet & Tutorial | CA Veracode
http://www.cs.tufts.edu/comp/20/hackme.php | Hack Me Playground
https://www.twitch.tv/techlahoma/videos/all | techlahoma's Videos - Twitch
https://www.meetup.com/OKCSQL/events/ | Upcoming Events | OKC SQL Server User Group (Oklahoma City, OK) | Meetup
https://mail.google.com/mail/u/0/#inbox/FMfcgxvzKQldWMktczDtzGFhvZTFDfdF | Techlahoma Foundation has invited you to join a Slack workspace - shivam.goyal397@gmail.com - Gmail
https://techlahoma.slack.com/join/invite/enQtNDI3ODg0MzIwNzczLWE3OWY1YTI3MmU1ZGJhNTFkZWU0NzEzOTMxNjJmMDc0YWNlN2ZhMDM1OGJhYjdlMzNiNzgyMjdjYTgyMDU3OGI | Create Account | Slack

https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit | How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki
https://www.hackers-arise.com/single-post/2017/02/06/Metasploit-Basics-Part-3-Payloads | Metasploit Basics, Part 3: Payloads | hackers-arise
https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/ | Deep Dive Into Stageless Meterpreter Payloads
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki

https://main.immersivelabs.online/labs/sqlmap/ | Immersive Labs
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit | How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki
https://www.hackers-arise.com/single-post/2017/02/06/Metasploit-Basics-Part-3-Payloads | Metasploit Basics, Part 3: Payloads | hackers-arise
https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/ | Deep Dive Into Stageless Meterpreter Payloads
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki
https://www.youtube.com/watch?v=_jKylhJtPmI | (53) Hacking Websites with SQL Injection - Computerphile - YouTube
https://www.youtube.com/watch?v=WFFQw01EYHM | SQL Injection Attack Tutorial (2018) - YouTube
https://www.youtube.com/watch?v=ciNHn38EyRc | Running an SQL Injection Attack - Computerphile - YouTube
https://www.youtube.com/watch?v=dzj9Y2ahYx8&t=3s | Introduction to SQL Injection with SQLMap - YouTube
https://www.youtube.com/watch?v=rapaRJDO3vA | SQL Injection Tutorial For Beginners - Kali Linux - #1 - YouTube
https://www.youtube.com/playlist?list=PLp4w7b_XLssRTl34st7tMeRA0emwz0vTr | (53) Website Hacking (Sql Injection) - YouTube

http://linuxcommand.org/lc3_lts0090.php | Learning the shell - Lesson 9: Permissions
https://lab-content.immersivelabs.online/Tooling-and-Techniques/Linux-Command-Line/CheatSheet-Linux-Essentials.pdf | CheatSheet-Linux-Essentials.pdf
http://www.comptechdoc.org/os/linux/usersguide/linux_ugbasics.html | Basic Linux Commands
https://www.cyberciti.biz/faq/find-unix-linux-hidden-directories/ | Linux / Unix: Find Hidden Directories, Files and Folders - nixCraft
https://crawl3r.info/should-students-use-immersive-labs/ | Should students use Immersive Labs? – Crawl3r
https://slides.com/g33kyshivam/linux-101/edit | Edit: Linux 101
https://www.youtube.com/ | (19) YouTube

https://www.sniferl4bs.com/2015/07/burpsuite-vii-match-and-replace.html | BurpSuite VII - Match and Replace, HTML Modifications, Encoding and decoding - Snifer @ L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guide to use BurpSuite in Spanish - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-xii-analisis-web-owasp_13.html | BurpSuite XIII - Análisis Web OWASP - Descubriendo directorios y ficheros ocultos - Snifer@L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-viii-historia-de-peticiones.html | BurpSuite VIII - History of requests, Comparing Sitemaps, Report of Vulnerabilities - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-x-metodologia-de-analisis-web.html | BurpSuite X - Web Analysis Methodology with Owasp - Snifer @ L4b's

http://www.gaza-hacker.net/cc/index.html | فريق قراصنة غزة || Gaza Hacker Team
https://www.facebook.com/Melegy.GHI | (1) Ahmed El Melegy

https://training.peritusinfosec.com/courses/366780/lectures/5602752 | Exercise | Peritus Training School
https://www.youtube.com/watch?v=6fRKlf1DsZU | (45) OWASP AppsecEU13 - Nicolas Grgoire : Burp Suite Pro Real life tips and tricks - YouTube
https://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-http-methods-using-netcat | Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos)
https://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 | https://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
https://www.youtube.com/watch?v=Tosp-JyWVS4&t=0s&list=PLZOToVAK85MrsyNmNp0yyUTBXqKRTh623&index=56 | (45) Introduction to HTTP Parameter Pollution (HPP) Attack - YouTube
https://learnflakes.net/?p=home&pid=1 | LearnFlakes.Net -Learning Community

https://www.shawarkhan.com/2018/08/who-am-i.html | Who am i? | Shawar Khan
https://www.w3schools.com/jsref/met_win_scrollby.asp | Window scrollBy() Method
https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://www.techmedia.com.ng/2018/05/interview-with-rodolfo-assis-brutelogic-security-researcher-from-brazil/ | ERROR 404 - Techmedia NG
https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745 | XXE on Windows system …then what ?? – Hamada – Medium
http://www.amanhardikar.com/mindmaps/Practice.html | www.amanhardikar.com/mindmaps/Practice.html
https://medium.com/@rojanrijal/hack-more-learn-more-earn-more-and-get-invited-more-ef581ff0ac7a | Hack more, learn more, earn more and get invited more.
https://dev.to/bjhaid_93/beginners-guide-to-fetching-data-with-ajax-fetch-api--asyncawait-3m1l | Beginners Guide To Fetching Data With (AJAX, Fetch API & Async/Await) - DEV Community 👩‍💻👨‍💻

https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's

https://www.sniferl4bs.com/p/guia-de-uso-de-zap-en-espanol.html | Zed Attack Proxy (ZAP) User Guide in Spanish - Snifer @ L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's
https://www.sniferl4bs.com/2018/05/wireshark-101-exportar-objetos-http.html | Wireshark 101: Exportar objetos HTTP, DICOM, SMB, TFTP - Snifer@L4b's
https://www.sniferl4bs.com/2016/06/hacking-101-politica-del-mismo-origen.html | Hacking 101 - Política del mismo origen (Same Origin Policy) SOP - Snifer@L4b's
https://www.sniferl4bs.com/2016/09/coleccion-de-retos-sobre-xss-cross-site.html | Colección de Retos sobre XSS - Cross Site Scripting - Snifer@L4b's
https://www.sniferl4bs.com/2016/02/hacking-101-fingerprinting-aplicaciones.html | Hacking 101 - Fingerprinting Aplicaciones Web - Snifer@L4b's
https://underc0de.org/foro/talleres-underc0de-213/taller-de-seguridad-web-1/ | Privacy error
https://www.sniferl4bs.com/2013/04/comprendiendo-un-csrf-o-xsrf-cross-site.html | Comprendiendo un CSRF o XSRF (Cross Site Request Forgery) - Snifer@L4b's

http://www.kneda.net/documentos/Pentesting%20con%20kali.pdf | Pentesting con kali.pdf

https://www.fwhibbit.es/category/recoleccion-informacion/page/3 | Recolección de información – Página 3 – Follow The White Rabbit
https://www.fwhibbit.es/category/hacking-wifi/page/2 | Hacking WiFi – Página 2 – Follow The White Rabbit
https://www.fwhibbit.es/network-miner-examen-forense-de-capturas-de-red | Network Miner - Network capture forensic exam - Follow The White Rabbit
https://www.fwhibbit.es/deteccion-de-origenes-de-trafico-con-scapy-parte-1 | Traffic origination detection with Scapy - Part 1 - Follow The White Rabbit
https://www.fwhibbit.es/analisis-basico-de-ficheros-pcap | Basic analysis of PCAP files - Follow The White Rabbit
https://www.fwhibbit.es/the-samurai-path-scapy-parte-1 | The Samurai Path – Scapy (Parte 1) – Follow The White Rabbit
https://www.fwhibbit.es/the-path-of-the-samurai-scapy-parte-2 | The Path of the Samurai – Scapy (Parte 2) – Follow The White Rabbit
https://www.netresec.com/index.ashx?page=NetworkMiner | NetworkMiner - The NSM and Network Forensics Analysis Tool ⛏
https://www.fwhibbit.es/quien-vive-en-la-pina-debajo-del-mar-wifi-pineapple-i | ¿Quien vive en la piña debajo del mar? – WiFi Pineapple (I) – Follow The White Rabbit
https://www.fwhibbit.es/mr-robot-pwn-phone-el-telefono-de-elliot-diy | Mr. Robot Pwn Phone. El teléfono de Elliot DIY – Follow The White Rabbit
https://www.fwhibbit.es/cracking-wps-con-dumpper | Cracking WPS con Dumpper – Follow The White Rabbit
https://www.fwhibbit.es/protege-tu-wifi | Protege tu Wifi – Follow The White Rabbit
https://www.fwhibbit.es/category/linux | Linux – Follow The White Rabbit
https://www.fwhibbit.es/category/redes | Redes – Follow The White Rabbit
https://www.fwhibbit.es/reconocimiento-pasivo-en-un-phishing | Reconocimiento pasivo en un phishing – Follow The White Rabbit
https://www.fwhibbit.es/category/explotacion | Explotación – Follow The White Rabbit
https://www.fwhibbit.es/bypass-waf | Bypass WAF – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-iii-intercepter-repeater | Burp Suite III: Intercepter & Repeater – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-ii-construyendo-un-objetivo-sitemap-spider | Burp Suite II: Construyendo un objetivo, Sitemap & Spider – Follow The White Rabbit
https://www.fwhibbit.es/bypass-validation-upload | Bypass validation upload – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-i-la-navaja-suiza-del-pentester | Burp Suite I: La Navaja Suiza del Pentester – Follow The White Rabbit
https://www.fwhibbit.es/ctf-team-whoami-reto-1 | CTF – TEAM WHOAMI – RETO-1 – Follow The White Rabbit
https://www.fwhibbit.es/escaneando-like-a-sir | Escaneando like a Sir – Follow The White Rabbit
https://www.fwhibbit.es/guia-metasploitable-2-parte-2 | Guia Metasploitable 2: Parte 2 – Follow The White Rabbit

https://elbinario.net/category/software/page/4/ | Software – Página 4 – Elbinario
https://elbinario.net/category/seguridad/page/7/ | Security - Page 7 - Elbinario
https://elbinario.net/2016/11/22/pgp-en-android-con-openkeychan/ | PGP en android con OpenKeyChan – Elbinario
https://elbinario.net/2016/11/10/nuestro-servicio-web-bajo-i2p/ | Nuestro Servicio Web Bajo I2P – Elbinario
https://elbinario.net/2016/10/04/esnifando-imagenes-con-drifnet/ | Esnifando imágenes con driftnet – Elbinario
https://elbinario.net/2016/09/23/instalacion-de-openswan-l2tpipsec-en-raspbian/ | Instalacion de OpenSwan L2tp/Ipsec en Raspbian – Elbinario
https://elbinario.net/2016/04/19/conectando-a-telecomix-desde-i2p/ | Conectando a Telecomix desde I2P – Elbinario
https://elbinario.net/2016/04/07/port-knocking-y-single-packet-authorization/ | Port-Knocking y Single Packet Authorization – Elbinario
https://elbinario.net/2016/02/10/privacidad-para-smartphones-android-2-0/ | Privacidad para smartphones – Android 2.0 – Elbinario
https://elbinario.net/2016/02/16/ya-puedes-probar-el-correo-cifrado-de-bitmask/ | ¡Ya puedes probar el Correo Cifrado de Bitmask! – Elbinario
https://elbinario.net/2016/02/09/privacidad-para-smartphones-android/ | Privacidad para smartphones – Android – Elbinario
https://elbinario.net/2015/12/03/privacidad-para-principiantes-el-navegador/ | Privacidad para principiantes – El navegador – Elbinario
https://elbinario.net/2015/11/21/una-app-salvaje-ha-aparecido/ | Csploit – Una app salvaje ha aparecido – Elbinario
https://elbinario.net/2015/11/29/gpg-editar-identificadores-de-usuario-desde-shell/ | GPG: EDITAR IDENTIFICADORES DE USUARIO DESDE SHELL – Elbinario
https://elbinario.net/2015/10/31/hacker-activistas-hacktivistas-y-terroristas/ | Hacker, activistas, hacktivistas y terroristas – Elbinario
https://elbinario.net/2015/11/04/windows-10-deberia-estar-prohibido/ | Windows 10 debería estar prohibido – Elbinario
https://elbinario.net/2015/10/29/godaddy-o-la-cueva-de-ali-baba/ | Godaddy, o la cueva de Alí Babá. – Elbinario
https://elbinario.net/2015/10/20/lidiando-con-las-cookies/ | Lidiando con las cookies – Elbinario
https://elbinario.net/2015/10/09/herramientas-y-tipos-de-ataque-con-kali-nethunter/ | Herramientas y tipos de ataque con Kali NetHunter – Elbinario
https://elbinario.net/2015/10/02/instalar-kali-nethunter-en-android/ | Instalar Kali NetHunter en Android – Elbinario
https://elbinario.net/2015/10/02/otra-de-seguridad-para-el-cunado-scammers/ | Otra de seguridad para el cuñado. Scammers – Elbinario
https://elbinario.net/2015/08/10/privacidad-para-principiantes-uso-de-wifi-publica/ | Privacidad para principiantes – Uso de wifi pública – Elbinario
https://elbinario.net/2015/07/15/privacidad-para-principiantes-llamadas-y-sms/ | Privacidad para principiantes – Llamadas y SMS – Elbinario
https://elbinario.net/2015/06/01/privoxy-un-proxy-para-mas-privacidad/ | Privoxy, un proxy para más privacidad – Elbinario
https://elbinario.net/2015/07/08/privacidad-correo/ | Privacidad para principiantes – El correo – Elbinario
https://elbinario.net/2015/05/26/whonix-la-distribucion-gnulinux-disenada-para-el-anonimato/ | Whonix, la distribución GNU/Linux diseñada para el anonimato – Elbinario
https://elbinario.net/2015/04/03/publicada-la-auditoria-de-truecrypt/ | Publicada la auditoria de Truecrypt – Elbinario
https://elbinario.net/2015/04/12/mi-vida-como-criptofriki/ | Mi vida como Criptofriki – Elbinario
https://elbinario.net/2015/03/12/bitmask-comunicacion-cifrada-para-simples-mortales/ | Bitmask – Comunicación cifrada para simples mortales – Elbinario
https://elbinario.net/2015/02/26/instalacion-y-configuracion-de-la-vpn-de-riseup-bitmask/ | Installation and Configuration of the Riseup VPN: Bitmask - Elbinario

https://twitter.com/g33kyshivam | (2) Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/JR_kneda | kneda (@JR_kneda) | Twitter
https://twitter.com/JR_kneda | kneda (@JR_kneda) | Twitter
https://twitter.com/naivenom | Naivenom (@naivenom) | Twitter
https://t.me/joinchat/CKeYakbKgvCGg4NVwPkTng | Telegram: Join Group Chat
https://www.fwhibbit.es/introduccion-reversing-0x00-introduccion | Introducción al Reversing con radare2 – 0x00 Introduccion – Follow The White Rabbit
https://www.youtube.com/ | (3) YouTube
https://www.sniferl4bs.com/ | Snifer @ L4b's
https://www.sniferl4bs.com/p/blog-page_7.html | Pentesting with Kali - Snifer @ L4b's
https://www.sniferl4bs.com/2014/04/pcaps-gratuitos-para-analizar-y-pasar.html | Free Pcap's to analyze and hang out - Snifer @ L4b's
https://www.sniferl4bs.com/2014/04/examenes-de-prueba-de-lpi-online-y.html | Examenes de prueba de LPI Online y gratuitos - Snifer@L4b's
https://www.sniferl4bs.com/2014/04/que-rayos-me-pasa-no-tengo-vida.html | ¿Que rayos me pasa no tengo vida? Comienza el juego - Snifer@L4b's
https://www.sniferl4bs.com/2014/03/listado-completo-herramientas-en-kali.html | Listado Completo Herramientas en Kali Linux - Snifer@L4b's
https://www.sniferl4bs.com/2015/02/pdf-hacking-con-buscadores-google-bing.html | PDF - Hacking con Buscadores Google Bing y Shodan - Snifer@L4b's
https://heap-exploitation.dhavalkapil.com/ | Preface · Heap Exploitation
http://sanseolab.tistory.com/archive/201807 | SanseoLab :: 2018/07 Posts Posts
https://www.google.co.in/search?q=transalte&oq=trans&aqs=chrome.0.69i59j69i61j69i65l3j69i61.1017j0j7&sourceid=chrome&ie=UTF-8 | transalte - Google Search
https://www.fwhibbit.es/introduccion-al-reversing-con-radare2-0x06-lotto | Introducción al Reversing con radare2 – 0x06 Lotto – Follow The White Rabbit
https://blog.skullsecurity.org/2015/defcon-quals-babyecho-format-string-vulns-in-gory-detail | Defcon Quals: babyecho (format string vulns in gory detail) » SkullSecurity
https://elbinario.net/category/software/page/4/ | Software - Page 4 - Elbinario
https://elbinario.net/2018/04/18/jugando-con-la-programacion/ | Jugando con la programación – Elbinario
https://elbinario.net/2018/04/09/cifrar-perfil-thunderbird-con-encfs/ | Cifrar perfil Thunderbird con Encfs – Elbinario
https://elbinario.net/2017/06/30/cuidadin-con-zeronet/ | Cuidadin con ZeroNet – Elbinario
https://elbinario.net/2017/07/19/dont-be-evil-se-un-mono-mas/ | Don’t be evil!! Se un mono más. – Elbinario
https://elbinario.net/2017/07/13/mejor-software-libre-o-privativo-cuestion-de-ideologia/ | ¿Mejor software libre o privativo? Cuestión de ideología – Elbinario
https://elbinario.net/2017/05/23/usar-gnupg-con-el-editor-geany/ | Usar GnuPG con el Editor Geany – Elbinario
https://elbinario.net/2017/04/25/guia-para-los-heroes-del-p2pi2p/ | GUIA PARA LOS HEROES DEL P2P+I2P – Elbinario
https://elbinario.net/2017/04/13/un-poco-de-osint-con-twitter-y-harvey/ | Un poco de OSINT con Twitter y Harvey – Elbinario
https://elbinario.net/2017/04/11/passwordmanager-beta-apk-by-foo/ | PasswordManager (beta) apk by foo – Elbinario
https://elbinario.net/2017/03/06/juega-en-gnulinux-episodio-1-winehq/ | Juega en GNU/Linux episodio 1 WineHQ – Elbinario
https://elbinario.net/2017/03/10/juega-en-gnulinux-episodio-2-playonlinux/ | Juega en GNU/Linux episodio 2 PlayOnLinux – Elbinario
https://elbinario.net/2017/02/02/trasteando-con-ensamblador-primera-parte/ | Trasteando con Ensamblador: primera parte – Elbinario
https://elbinario.net/2017/02/16/trasteando-con-ensamblador-segunda-parte/ | Trasteando con Ensamblador: segunda parte – Elbinario
https://elbinario.net/2017/03/03/trasteando-con-ensamblador-final/ | Trasteando con Ensamblador: Final – Elbinario
https://elbinario.net/2014/05/06/resumen-de-la-semananegra/ | Resumen de la #SemanaNegra – Elbinario
https://elbinario.net/2016/07/12/rogue-access-pointap-con-raspberryprimera-parte/ | Rogue Access Point (AP) with Raspberry (first part) - Elbinario
https://elbinario.net/2016/07/28/rogue-access-pointap-con-raspberryfinal/ | Rogue Access Point (AP) with Raspberry (final) - Elbinario
https://elbinario.net/2015/08/23/wifitracking-y-web-browser-fingerprinting-en-centros-comerciales-y-tiendas/ | WifiTracking and Web Browser Fingerprinting in shopping centers and stores - Elbinario
https://elbinario.net/2015/08/10/privacidad-para-principiantes-uso-de-wifi-publica/ | Privacy for beginners - Use of public Wi-Fi - Elbinario
https://elbinario.net/2014/06/20/enviar-paquetes-wireless-sin-protocolo/ | Enviar paquetes wireless sin protocolo – Elbinario
https://elbinario.net/2016/11/23/wifi-pineapple-plataforma-de-auditoria-de-redes-wifis/ | Wifi Pineapple – Plataforma de auditoría de redes wifis – Elbinario
https://elbinario.net/tag/privacidad/ | privacidad – Elbinario
https://elbinario.net/tag/linux/ | linux – Elbinario
https://www.fwhibbit.es/introduccion-al-reversing-con-radare2-0x06-lotto | Introducción al Reversing con radare2 – 0x06 Lotto – Follow The White Rabbit

https://twitter.com/ | (*) Twitter
https://365.csaw.io/team/336 | CSAW 365
https://pbs.twimg.com/media/DbMSmYqWsAEy3_L.jpg | DbMSmYqWsAEy3_L.jpg (1200×928)
https://coursehunters.net/course/programmirovanie-na-c-si-dlya-nachinayushchih | Программирование на C (си) для начинающих - Видеоуроки
https://www.empirehacking.nyc/archive/ | Empire Hacking
https://www.nyc-infosec.com/ | NYC Infosec Community
https://365.csaw.io/challenges | CSAW 365
https://ubuntuforums.org/showthread.php?t=1323712 | Any good tutorial on Glibc?
https://c.developpez.com/cours/20-heures/ | C in 20 hours

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
http://0xc0ffee.io/blog/OSCP-Goldmine | OSCP Goldmine (not clickbait) | 0xc0ffee☕
http://0xc0ffee.io/blog/OSCP-Goldmine | OSCP Goldmine (not clickbait) | 0xc0ffee☕
http://justpentest.blogspot.com/2015/07/minishare1.4.1-bufferoverflow.html | Minishare 1.4.1 Bufferoverflow
https://samsclass.info/127/proj/vuln-server.htm | Exploiting "Vulnerable Server" for Windows 7
http://0xc0ffee.io/blog/tu-ctf2017-worth-a-thousand-words | TU-CTF 2017 - Steganography 100 | 0xc0ffee☕

https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | Основы JavaScript для начинающих - Видеоуроки
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson3/solutions.md | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://zellwk.com/blog/js-in-dom/?ck_subscriber_id=168610568 | Altering the DOM with JavaScript | Zell Liew
https://zellwk.com/blog/looping-through-js-objects/ | Looping through objects in JavaScript | Zell Liew
https://zellwk.com/blog/looping-through-js-objects/ | Looping through objects in JavaScript | Zell Liew
https://medium.com/@nickbalestra/javascripts-lexical-scope-hoisting-and-closures-without-mystery-c2324681d4be | Javascript’s lexical scope, hoisting and closures without mystery.
https://scotch.io/tutorials/understanding-scope-in-javascript | Understanding Scope in JavaScript ― Scotch
http://127.0.0.1:5500/index.html | Learning Javascript
https://vanillajstoolkit.com/code-snippets/#selectors | Code Snippets | The Vanilla JS Toolkit

https://courses.learncodeonline.in/learn//Javascript-for-2018-developer/25328/114621?section=25331 | Free Javascript tutorials
https://www.youtube.com/watch?v=ztqxSdG6HCU | (58) 4 Reasons You're Not Losing Weight - YouTube
https://www.youtube.com/watch?v=bw2OpssObmg | Can You Turn Fat Into Muscle? - YouTube

https://www.youtube.com/watch?v=bweEXpJ0Hk8 | 5 Fitness MISTAKES You Should Avoid - YouTube
https://www.youtube.com/watch?v=kxCdXia2oJw | Light Weights Vs Heavy Weights - YouTube
https://www.youtube.com/watch?v=1snkU1LFwLM | 5 Muscle Building Tips For BEGINNERS - YouTube
https://www.youtube.com/watch?v=IXjHG7Z7k5g | How Long Should You REST Between SETS? (The Current Research) - YouTube
https://www.youtube.com/watch?v=ZH_NGgzijBw | Is Training to FAILURE Necessary? - YouTube
https://www.youtube.com/watch?v=MJOD71YWz1Q | How Much Protein Can Your Body Absorb Per Meal? - YouTube
https://www.youtube.com/watch?v=HKfcAnlMueg | Multivitamins - The Industry's Biggest Lie - YouTube
https://www.youtube.com/watch?v=7f8ybrwqxww | Why You Should Consider CALISTHENICS (Especially BEGINNERS) - YouTube
https://www.youtube.com/watch?v=jMObYA0n6As | Should You Take COLD SHOWERS For MUSCLE and STRENGTH? - YouTube
https://www.youtube.com/watch?v=xJG_3kz8gl4 | Do Cardio or Weights First? - YouTube
https://www.youtube.com/watch?v=WTVsVIjlpH8 | What is Carb Cycling? - YouTube
https://www.youtube.com/watch?v=FY5O607L08k | How Many Times a Week Should I Workout? - YouTube
https://www.youtube.com/watch?v=GH5-HHxeIe4 | Weight Training VS Low Intensity Cardio - Best Way to Burn Fat? - YouTube

https://www.youtube.com/results?search_query=webpwnized+web+goat | (41) webpwnized web goat - YouTube
https://www.sniferl4bs.com/2014/01/burpuite-i-primeros-pasos.html | Burp Suite I - Primeros Pasos - Snifer@L4b's
https://www.youtube.com/watch?v=KHuEspNyAsM | (41) Web Authentication Hacking Tutorial: Burpsuite and WebGoat - YouTube
https://www.youtube.com/watch?v=h2duGBZLEek | (41) Bugcrowd University - Introduction to Burp Suite - YouTube
https://coursehunters.net/ | Учитесь, Блеать! - Видеокурсы для разработчиков

https://medium.com/cyberdefenders/burp-suite-webpage-enumeration-and-vulnerability-testing-cfd0b140570d | Burp Suite: Webpage Enumeration and Vulnerability Testing
https://medium.com/@d0znpp/the-best-burp-plugin-ive-ever-seen-2d17780342 | The best Burp plugin I’ve ever seen – Ivan Novikov – Medium

https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=cL9NsXpUqYI&t=2s | (35) Web App Penetration Testing - #3 - Brute Force Attacks With Burp Suite - YouTube

http://www.crypto-textbook.com/ | Cryptography Textbook
http://wiki.crypto.rub.de/Buch/en/projects_further_information.php | Understanding Cryptography, A Textbook for Students and Practitioners - with a Foreword by Bart Preneel
https://www.cryptool.org/en | Home EN - CrypTool Portal
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week2-cryptography.pdf | Cyber Security Week 2
https://www.youtube.com/watch?v=2aHkqB2-46k | (10) Lecture 1: Introduction to Cryptography by Christof Paar - YouTube
https://www.cs.rit.edu/~ark/462/module01/notes.shtml | CSCI 462—Introduction to Cryptography
https://www.cs.rit.edu/~ark/462/module01/notes.shtml | CSCI 462—Introduction to Cryptography

https://linuxhandbook.com/category/linux-commands/page/2/ | Linux Commands – Page 2
https://linuxhandbook.com/sed-reference-guide/ | Complete Sed Command Guide [Explained with Practical Examples]

https://coursehunters.net/archive | Архив СourseHunters.net
https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | The Basics of JavaScript for Beginners - Video Tutorials
https://github.com/s-castillo/js-course-example/blob/master/course-examples/_js/simple-js.js | js-course-example/simple-js.js at master · s-castillo/js-course-example
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md#27-functions | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md#29-scopes-closures | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://learnjavascript.today/?ck_subscriber_id=168610568 | Build 20 real components from scratch | Learn JavaScript with Zell
https://www.udemy.com/modern-javascript-from-the-beginning/ | Modern JavaScript From The Beginning | Udemy
https://www.udemy.com/modern-javascript/ | The Modern JavaScript Bootcamp (2018) | Udemy
https://mail.google.com/mail/u/0/#search/zell/FMfcgxvwzvJFqDsnqmHhqNcqrBXgWFsq | 15 sample lessons - shivam.goyal397@gmail.com - Gmail
https://scotch.io/tutorials/understanding-scope-in-javascript | Understanding Scope in JavaScript ― Scotch

http://securityidiots.com/ | Welcome to Security Idiots!!
https://evilzone.org/ | Evilzone - Hacking and Security Network
https://greysec.net/forumdisplay.php?fid=9 | GreySec Forums - Web Application Security
https://greysec.net/showthread.php?tid=3370 | We are a group of Canada hackers,We will share with you all what we have and you too.
https://0x00sec.org/t/the-pentesterlab-bootcamp/1241 | The Pentesterlab Bootcamp - Web Hacking - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/hackthebox-gr-virtual-lab-free/2030/24 | Hackthebox.gr Virtual Lab (FREE) - Web Hacking - 0x00sec - The Home of the Hacker
https://gbhackers.com/category/webapp/ | Webapp Pentesting Archives - GBHackers On Security

https://www.youtube.com/results?search_query=leetwood+Mac | (97) leetwood Mac - YouTube
https://github.com/tuftsdev/DefenseAgainstTheDarkArts/tree/gh-pages/labs | DefenseAgainstTheDarkArts/labs at gh-pages · tuftsdev/DefenseAgainstTheDarkArts
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week1-networks.pdf | Cyber Security Week 1
https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=hwSxDvLRcsI&t=829s | (97) Mount Your Friends in 3D (CLIMB GREATNESS MOUNTAIN!) - YouTube

https://www.facebook.com/ | Facebook
https://academy.silesiasecuritylab.com/p/how-hackers-find-sql-injections-in-minutes-with-sqlmap | How Hackers Find SQL Injections in Minutes with Sqlmap | Dawid Czagan
https://spyclub.tech/#blog | SpyClub
https://spyclub.tech/resume.pdf | Tarunkant Gupta – Curriculum Vitae
https://www.youtube.com/watch?v=8vhnzAvXMGM&index=5&list=PLtr9ezc61PUb3iQMlvnicIC3BIra2BZId | (22) 4- Essential Tools - netcat - YouTube
https://www.youtube.com/watch?v=OaXEDgW8SUE&index=25&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | (22) 25- BurpSuite Tabs part 1 - YouTube
http://www.hackingarticles.in/setup-dns-penetration-testing-lab-on-windows-server-2012/ | Setup DNS Penetration Testing Lab on Windows Server 2012
https://www.waterstones.com/book/learning-kali-linux/ric-messier/9781492028697 | Learning Kali Linux by Ric Messier | Waterstones
http://shop.oreilly.com/product/0636920063568.do | Ethical Hacking - O'Reilly Media
https://www.oreilly.com/library/view/security-testing-and/9781492029328/ | Security Testing and Ethical Hacking with Kali Linux [Video]
chrome://downloads/ | Downloads

https://main.immersivelabs.online/cyber-skills/techniques/skill-set/databases | Immersive Labs
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/index-summer.html | COMP 116: Introduction to Computer Security
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://github.com/sectalks/sectalks | GitHub - sectalks/sectalks: CTFs, solutions and presentations
https://www.peerlyst.com/posts/the-how-to-use-nmap-wiki-peerlyst?utm_campaign=peerlyst_shared_post&utm_content=peerlyst_post&utm_medium=social&utm_source=twitter | The "how to use NMAP" wiki by Peerlyst - training, course, nmap scripting engine
https://pentester.land/conference-notes/2018/10/17/levelup-2018-practical-recon-techniques-for-bug-hunters-and-pentesters.html | Conference notes: Practical recon techniques for bug hunters & pen testers (LevelUp 0x02 / 2018) · Pentester Land
https://pentester.land/conference-notes | Conference notes · Pentester Land
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://pentester.land/newsletter | The 5 Hacking NewsLetter · Pentester Land
https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/search?query=bug+hunt | (8) Cooper - YouTube
https://bugid.skylined.nl/20181017001.html | Fuzz in sixty seconds
https://us17.campaign-archive.com/home/?u=5cc7586e74a1b2f77a7c647a0&id=f84c40c1cc | Pranav Hivarekar's Security Thursday via Peritus InfoSec
http://kmb.ufoctf.ru/bash/main.html | Основные команды Bash · Курс молодого CTF бойца v 1.5
https://www.hacksplaining.com/lessons | Pick a Vulnerability to Learn About
https://www.hacksplaining.com/lessons | Pick a Vulnerability to Learn About

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://gdgnd.org/users/sign_in | Google Developer Group
https://evren.ninja/dom-xss-trusted-types.html | E-LAB
https://github.com/glennzw/shodan-hq-nse | glennzw/shodan-hq-nse: Shodan HQ nmap plugin - passively scan targets
https://github.com/nahamsec/lazyrecon | nahamsec/lazyrecon: This script is intended to automate your reconnaissance process in an organized fashion
https://github.com/nahamsec/bbht | GitHub - nahamsec/bbht: A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
https://github.com/nahamsec/recon_profile/blob/master/bash_profile | recon_profile/bash_profile at master · nahamsec/recon_profile · GitHub
https://github.com/nahamsec/JSParser | GitHub - nahamsec/JSParser
https://juejin.im/entry/58f43b0c61ff4b0058fd734d | 跨站的艺术 - XSS Fuzzing 的技巧 - 阅读 - 掘金
https://juejin.im/post/5bbff9f7e51d450e8b1404c4 | JWT 详细分析 - 掘金
https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_248 | BUG BOUNTY FUNSHOP - Google Slides
https://tomnomnom.com/talks/passiveish.pdf | https://tomnomnom.com/talks/passiveish.pdf
https://pastebin.com/edit/E1HAEFZf | Edit Paste: E1HAEFZf - Pastebin.com

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/Alra3ees | Emad Shanab (@Alra3ees) | Twitter
https://medium.com/@_bl4de/hidden-directories-and-files-as-a-source-of-sensitive-information-about-web-application-84e5c534e5ad | Hidden directories and files as a source of sensitive information about web application
https://twitter.com/x0rz/status/1052899891624710145 | x0rz on Twitter: "Nginx off-by-slash vulnerability, cool trick presented by @orange_8361 at #hacklu… "
https://github.com/leonardomso/33-js-concepts | leonardomso/33-js-concepts: 📜 33 concepts every JavaScript developer should know.
https://github.com/30-seconds/30-seconds-of-code | 30-seconds/30-seconds-of-code: Curated collection of useful JavaScript snippets that you can understand in 30 seconds or less.
https://github.com/30-seconds/30-seconds-of-code | 30-seconds/30-seconds-of-code: Curated collection of useful JavaScript snippets that you can understand in 30 seconds or less.
https://medium.com/@zseano/its-all-in-the-detail-email-leak-account-takeover-thanks-to-waybackmachine-extensive-4be365580dd7 | It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive…
https://www.bugbountynotes.com/forum/viewforum?view=learning | View Learning/Training forum | BugBountyNotes.com
https://blog.teknogeek.io/ | Curiosity With a Side of Chaos
https://www.google.com/search?q=zseno+bug+hunting+methodology+bug+bounty+notes&oq=zseno+bug+hunting+methodology+bug+bounty+notes&aqs=chrome..69i57.13929j0j4&sourceid=chrome&ie=UTF-8 | zseno bug hunting methodology bug bounty notes - Google Search
https://medium.com/@infosecsanyam/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65 | BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs)
https://github.com/jhaddix/tbhm | jhaddix/tbhm: The Bug Hunters Methodology
https://www.bugbountynotes.com/explore/viewbug?id=2011 | BugBountyNotes.com | Disclosed Bug on Shopify found by zseano
https://www.bugbountynotes.com/explore/viewbug?id=2625 | BugBountyNotes.com | Disclosed Bug on Hackerone found by zseano
https://www.bugbountynotes.com/challenge?id=3 | "There's cross site request forgery (CSRF) protection, but how good is it?" bugbounty challenge | BugBountyNotes.com
https://www.bugbountynotes.com/challenge?id=3 | "There's cross site request forgery (CSRF) protection, but how good is it?" bugbounty challenge | BugBountyNotes.com
https://github.com/mystech7/Burp-Hunter | mystech7/Burp-Hunter: XSS Hunter Burp Plugin
https://wiki.mozilla.org/Security/FirefoxOperations#Security_Checklist | Security/FirefoxOperations - MozillaWiki
https://tomnomnom.com/talks/webvulns.pdf | webvulns.pdf
https://www.youtube.com/watch?v=tqFqN8A7waQ&feature=youtu.be | (25) Modern web application bugs - Erlend Oftedal - YouTube
https://twitter.com/zseano/status/1072477805265543168 | zseano💫 on Twitter: "Interesting URL redirect 'bypass'. So their filter made it so you could only redirect to /path or http(s)://hardcoded.theirdomain.com/path - except if you just simply added "puter", it would redirect to https://t.co/n5z1c5TyAT - and in 2018, that's a valid TLD. :D #BugBountyTip"
https://hackerone.com/reports/426147 | #426147 CORS misconfig | Account Takeover
https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_248 | BUG BOUNTY FUNSHOP - Google Slides
https://github.com/GerbenJavado/LinkFinder | GerbenJavado/LinkFinder: A python script that finds endpoints in JavaScript files
https://tomnomnom.com/talks/passiveish.pdf | passiveish.pdf
https://www.youtube.com/watch?v=DvS_ew77GXA | (25) Passive-ish Recon Techniques by Tom Hudson - YouTube
https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f | Bug Bounty Toolkit – BugBountyHunting – Medium
https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-1-always-read-the-source-code-f5a56ee242df | Bug Bounty Hunting Tips #1— Always read the source code
https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-2-target-their-mobile-apps-android-edition-f88a9f383fcc | Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)
https://github.com/dxa4481/truffleHog | dxa4481/truffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history
https://tomnomnom.com/talks/big-numbers.pdf | big-numbers
https://tomnomnom.com/talks/domxss.pdf | domxss.pdf
https://tomnomnom.com/talks/advxss.pdf | advxss.pdf
https://tomnomnom.com/talks/webvulns.pdf | webvulns.pdf
https://www.youtube.com/results?search_query=Tom+Hudson+Web+Vulnerabilities | (25) Tom Hudson Web Vulnerabilities - YouTube
https://www.youtube.com/watch?v=sY7pUJU8a7U&t=1483s | (25) Application Security - Understanding, Exploiting and Defending against Top Web Vulnerabilities - YouTube

https://www.youtube.com/watch?v=rObhS5WQSM8&list=PL-giMT7sGCVI9T4rKhuiTG4EDmUz-arBo&index=2 | (508) Sunny Wear's Brakeing Down Security Web App Sec Training #2 - YouTube
https://www.youtube.com/watch?v=h2duGBZLEek | (508) Bugcrowd University - Introduction to Burp Suite - YouTube
https://www.youtube.com/watch?v=vKudm1kDu8k&t=328s | (508) SANS Webcast: Web Hacking with Burp Suite - YouTube
https://www.facebook.com/ | Facebook

file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
https://noteshub.co.in/Communication-Skills-for-Professionals | Communication Skills for Professionals | NotesHub
https://noteshub.co.in/uploads/2017/notes/CSP2017-11-30%2014:51:45.pdf | CSP

https://immersivelabs.online/jobs/iml-pgi-0068 | PGI Intern - Jobs - Immersive Labs
https://www.pgitl.com/training/e-learning | E-Learning | PGI
https://www.managed.sa/ | Managed Services
https://www.youtube.com/playlist?list=WL | (506) Watch Later - YouTube
https://www.youtube.com/watch?v=jBi3a-dXsM8&t=225s&index=14&list=WL | (506) Hidden in Plain Site: Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017 - YouTube
https://www.youtube.com/watch?v=Qw1nNPiH_Go&index=3&list=PLIK9nm3mu-S6gCKmlC5CDFhWvbEX9fNW6&t=674s | (506) LevelUp 0x02 - Bug Bounty Hunter Methodology v3 - YouTube
https://www.youtube.com/watch?v=94-tlOCApOc&index=4&list=PLIK9nm3mu-S4K4jMHwtplbrE1JMg0jyN- | (506) Bugcrowd University - Broken Access Control Testing - YouTube
https://www.youtube.com/watch?v=VeW_G4xoh5Q&index=8&list=PLIK9nm3mu-S5InvR-myOS7hnae8w4EPFV | OWASP iGoat - Learning iOS App Penetration Testing & Defense - Swaroop Yermalkar, LevelUp 2017 - YouTube
https://www.youtube.com/watch?v=9ADubsByGos&t=16s&index=17&list=WL | PHV 2016, "How to Find 1,352 Wordpress XSS Plugin Vulnerabilities...." by Larry Cashdollar - YouTube
https://www.youtube.com/watch?v=k12u-76CarE&t=411s&index=21&list=WL | (506) ​Beyond the OWASP Top 10 - Modern web application bugs - NDC Security 2018 - YouTube
https://twitter.com/webtonull?lang=en | Erlend Oftedal (@webtonull) | Twitter
https://twitter.com/PhilippeDeRyck | Philippe De Ryck (@PhilippeDeRyck) | Twitter
https://pragmaticwebsecurity.com/index.html#courses | Pragmatic Web Security
https://pragmaticwebsecurity.com/talks/commonapisecuritypitfalls | Common API security pitfalls
https://vimeo.com/289491341 | Common API security pitfalls : Philippe De Ryck on Vimeo
https://essentials.pragmaticwebsecurity.com/ | Web Security Essentials - A Pragmatic Web Security course
https://angularmasterclass.pragmaticwebsecurity.com/ | Angular Security Masterclass - A Pragmatic Web Security course
https://cheatsheets.pragmaticwebsecurity.com/ | Security Cheat Sheets by Pragmatic Web Security
https://pragmaticwebsecurity.com/talks/owaspasvs.html | From the OWASP top 10(s) to the OWASP ASVS
https://ng-be.org/workshops/2018/12/security-in-angular-pragmatic-web-security | Security in Angular — NG-BE
https://www.zdnet.com/article/deserialization-issues-also-affect-ruby-not-just-java-php-and-net/ | Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNet
https://www.zdnet.com/article/steam-bug-could-have-given-you-access-to-all-the-cd-keys-of-any-game/ | Steam bug could have given you access to all the CD keys of any game | ZDNet
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/ | Bypassing and exploiting Bucket Upload Policies and Signed URLs
https://www.oreilly.com/library/view/building-a-modern/9781492044680/ | Building a Modern Security Program [Book]
https://github.com/frohoff/ysoserial | frohoff/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet | GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities
http://labsdetectify.wpengine.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/ | Hostile Subdomain Takeover using Heroku/Github/Desk + more
http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf | AppSecEU15-Server_side_browsing_considered_harmful.pdf
https://portswigger.net/blog/practical-web-cache-poisoning | Practical Web Cache Poisoning | Blog
https://hackerone.com/reports/341876 | #341876 SSRF in Exchange leads to ROOT access in all instances
https://cse.google.com/cse?cx=partner-pub-3256770407637090%3A2007347459&ie=UTF-8&q=dork&sa=Search&siteurl=www.irongeek.com%2F&ref=www.google.com%2F&ss=472j75250j4 | Google Custom Search
https://www.youtube.com/results?search_query=google+dorks+bsides | (506) google dorks bsides - YouTube
https://gbhackers.com/latest-google-dorks-list/ | Google Dorks List 2018 For Ethical Hacking and Penetration Testing
https://edgylabs.com/google-dorks-list | The Latest Google Dorks List and how to use it for Good
https://twitter.com/Alra3ees/status/1028830688932491264 | Emad Shanab on Twitter: "Dorkme:- Is a tool designed to facilitate the search for vulnerabilities with Google Dorks, such as sql injection vulnerabilities. Source:- https://t.co/XLWX0Uh1nt Demo: https://t.co/xmJthPGdlI"
chrome://bookmarks/?q=shodan | Bookmarks
https://github.com/jhaddix/tbhm/blob/master/12_IDOR.markdown | tbhm/12_IDOR.markdown at master · jhaddix/tbhm
https://github.com/jhaddix/tbhm/blob/master/How%20Do%20I%20shot%20Web-.pdf | tbhm/How Do I shot Web-.pdf at master · jhaddix/tbhm
https://github.com/jhaddix/tbhm/blob/master/10_Mobile.md | tbhm/10_Mobile.md at master · jhaddix/tbhm

https://pastebin.com/LEHfnLAw | [Markdown] GraphQl - Pastebin.com
https://www.youtube.com/watch?v=1N-O07SRuxY | In graph we trust: Microservices, GraphQL and security challenges - DevSecCon Singapore 2018 - YouTube
https://appseceurope2018a.sched.com/speaker/mohammed_a_imran.1y393q96 | Mohammed Imran - AppSec Europe 2018
https://www.youtube.com/channel/UCgxhfP2Hi8MQYz6ZkwpLA0A/videos | DevSecCon - YouTube
https://www.youtube.com/ | YouTube
https://twitter.com/ | (*) Twitter
https://www.slideshare.net/NeeluTripathy2/pentesting-graphql-applications | Pentesting GraphQL Applications
https://www.slideshare.net/ | Share and Discover Knowledge on LinkedIn SlideShare
https://twitter.com/freebuf | FreeBuf (@freebuf) | Twitter
https://philippeharewood.com/view-the-facebook-stories-for-any-media-effect/ | View the Facebook stories for any media effect – These aren't the access_tokens you're looking for
https://www.slideshare.net/secfigo/in-graph-we-trust-microservices-graphql-and-security-challenges | In graph we trust: Microservices, GraphQL and security challenges
https://www.slideshare.net/secfigo/strengthen-and-scale-security-for-a-dollar-or-less | Strengthen and Scale Security for a dollar or less
https://www.moesif.com/blog/technical/graphql/REST-vs-GraphQL-APIs-the-good-the-bad-the-ugly/ | REST vs GraphQL APIs, the Good, the Bad, the Ugly | Moesif’s Musings on Software
https://www.practo.com/delhi/doctor/dr-susan-k-s-ear-nose-throat-ent-specialist/info | Dr. Susan K S - Book Appointment Online, View Fees, Feedbacks | Practo
http://daitebi.com.br/nasofibroscopia-o-que-e-como-e-realizado-para-que-serve-como-e-feito/ | Nasofibroscopia: o que é? Como é realizado? Para que serve? Como é feito? | Daitebi
https://www.youtube.com/watch?v=wbbMgOZEQas | Authentication and Authorization in GraphQL | Prosper Otemuyiwa | BuzzJS 3.1 2018 - YouTube
https://www.youtube.com/watch?v=4_Bcw7BULC8 | Ryan Chenkie - Handling Authentication and Authorization in GraphQL - YouTube
https://www.youtube.com/watch?v=Urk5vPGnkeg | Zero Back To Back Funny Moments | Shahrukh Khan, Katrina, Anushka | Zero Official Trailer Launch - YouTube
https://github.com/br3akp0int/GQLParser | br3akp0int/GQLParser: A repository for GraphQL Extension for Burp Suite
https://medium.com/paypal-engineering/graphql-resolvers-best-practices-cd36fdbcef55 | GraphQL Resolvers: Best Practices – PayPal Engineering – Medium
https://hackernoon.com/piecing-together-graphql-ca6739cd8205 | Piecing Together GraphQL – Hacker Noon
https://medium.com/airbnb-engineering/how-airbnb-is-moving-10x-faster-at-scale-with-graphql-and-apollo-aa4ec92d69e2 | How Airbnb is Moving 10x Faster at Scale with GraphQL and Apollo
https://medium.com/open-graphql/reasonml-with-graphql-the-future-of-type-safe-web-applications-65be2e8f34c8 | ReasonML with GraphQL, the Future of Type-Safe Web Applications
https://www.programmableweb.com/news/top-5-things-to-remember-when-adding-graphql-backend/analysis/2018/10/01 | Top 5 things to Remember When Adding a GraphQL Backend | ProgrammableWeb
https://medium.com/paypal-engineering/graphql-resolvers-best-practices-cd36fdbcef55 | GraphQL Resolvers: Best Practices – PayPal Engineering – Medium
https://medium.com/netflix-techblog/our-learnings-from-adopting-graphql-f099de39ae5f | Our learnings from adopting GraphQL – Netflix TechBlog – Medium
https://kajansiva.gitbook.io/knowledge/daily/2018/december/12_11_2018 | Knowledge

https://www.freebuf.com/articles/web/10099.html | WAF bypassed the singularity - FreeBuf Internet Security New Media Platform
http://wafbypass.me/w/index.php/Main_Page | wafbypass.me | 522: Connection timed out
http://tech-technical.com/index.php/2015/11/11/waf-bypass-sql-injection-tutorial/
http://webvuln.blogspot.com/2015_04_01_archive.html | Tricks And Tips: April 2015
http://www.wooyun.org/bugs/wooyun-2014-089426 | 升级中
https://forum.90sec.org/forum.php?mod=viewthread&tid=9133 | 提示信息 - 九零
http://www.idiot-attacker.com/2016/02/macam-macam-kode-bypass-waf.html | Macam-macam kode Bypass WAF - Idiot Attacker
https://github.com/borbelyau/bypass-waf-ids-ips/blob/master/evasionsqli_methods | bypass-waf-ids-ips/evasionsqli_methods at master · borbelyau/bypass-waf-ids-ips

https://pastebin.com/S4nHhEZW | CORS - Pastebin.com
https://appsecwiki.com/#/serversidesecurity?id=ssrf | Server Side Security - Application Security Wiki
https://www.youtube.com/watch?v=K_ElxRc9LLk | (496) Server-Side Request Forgery (SSRF) - Web Application Security Series #1 - YouTube
https://www.corben.io/tricky-CORS/ | Tricky CORS Bypass in Yahoo! View – Corben Leo – Information Security Blog
https://medium.com/bugbountywriteup/the-design-and-implementation-of-ssrf-attack-framework-550e9fda16ea | All you need to know about SSRF and how may we write tools to do auto-detect
https://medium.com/@Auxy233 | Auxy – Medium
https://github.com/C0RB3N?tab=repositories | C0RB3N (Corben Leo) / Repositories
https://www.corben.io/advanced-cors-techniques/ | Advanced CORS Exploitation Techniques – Corben Leo – Information Security Blog
http://zeroyu.xyz/2018/03/06/introduction-to-ssrf/ | Understanding SSRF, this one is enough
https://www.bugcrowd.com/resource/broken-access-control-testing/ | Broken Access Control Testing | Bugcrowd
https://hackerone.com/reports/223203 | #223203 SVG Server Side Request Forgery (SSRF)
http://zeroyu.xyz/2018/03/06/introduction-to-ssrf/ | 了解SSRF,这一篇就足够了
https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb | Cloud Metadata Dictionary useful for SSRF Testing
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/ | From blind XXE to root-level file read access | Honoki
https://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326 | Exploiting SSRF like a Boss! – Zain Sabahat – Medium
http://api.hackertarget.com/reverseiplookup/?q= | api.hackertarget.com/reverseiplookup/?q=
https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a | Piercing the Veil: Server Side Request Forgery to NIPRNet access
http://blog.safebuff.com/2016/07/03/SSRF-Tips/ | SSRF Tips | xl7dev
https://si9int.sh/article/6 | SI9INT
https://klikki.fi/adv/wpgform.html | Klikki Oy - Google Forms (WordPress plugin) SSRF vulnerability
https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/ | Security Bugs in Practice: SSRF via Request Splitting
https://twitter.com/gwendallecoguic/status/1000023180101201921 | Gwendal Le Coguic on Twitter: "On a sife we have people fighting for XSS/CSRF/IDOR, like me, and on the other side we have ufos that bring #bugbounty to the next level with georgous findings from nowhere. Congratulations @0xACB it's a great lesson for hunters, companies, everyone. https://t.co/rnHcW1uNp3"
https://twitter.com/saurinn_/status/1031219232661495809 | Manuel 👁️ on Twitter: "But why?… "
https://hackerone.com/reports/374737 | HackerOne
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ | Into the Borg – SSRF inside Google production network | OpnSec
https://hackerone.com/reports/356765 | HackerOne
https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4 | How i found an SSRF in Yahoo! Guesthouse (Recon Wins)
https://medium.com/@mleblanc_82306 | Maxime Leblanc – Medium
https://www.youtube.com/watch?v=TrBUrVDlc20 | Hackfest 2015: Nicolas Grégoire presented "Server Side Browsing" - YouTube
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Tsai | DEF CON® 25 Hacking Conference - Talks
https://github.com/m6a-UdS/ssrf-lab | m6a-UdS/ssrf-lab: Lab for exploring SSRF vulnerabilities
https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6 | Privilege escalation in the Cloud: From SSRF to Global Account Administrator
https://www.youtube.com/watch?v=XvN25xG75x0 | (496) DON’T MISS: Anushka Sharma and Katrina Kaif’s EXCLUSIVE Full Interview | ZERO - YouTube

https://pastebin.com/u/Drvirus1911 | Drvirus1911's Pastebin - Pastebin.com
https://philippeharewood.com/facebookbugbounties.txt | https://philippeharewood.com/facebookbugbounties.txt
https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_357 | BUG BOUNTY FUNSHOP - Google Slides
https://medium.com/ehsahil/getting-started-in-bug-bounty-7052da28445a | Getting started in Bug Bounty – ehsahil – Medium
https://www.youtube.com/watch?time_continue=6&v=Qw1nNPiH_Go | (493) LevelUp 0x02 - Bug Bounty Hunter Methodology v3 - YouTube
https://www.youtube.com/watch?v=mQjTgDuLsp4&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | (493) Nicolas Grégoire - Hunting for Top Bounties - YouTube
https://www.facebook.com/notes/phwd/a-facebook-graphql-crash-course/1189337427822946 | (5) A Facebook GraphQL crash course
https://www.facebook.com/notes/phwd/facebook-api-bug-bounties-the-basic-sauce/818002471623112 | (5) Facebook API Bug Bounties - The Basic Sauce
https://developers.facebook.com/docs/graph-api/overview/ | Overview - Graph API
https://developers.facebook.com/docs/graph-api/reference/ | Graph API Reference
https://developers.facebook.com/graph-academy/ | Graph Academy - Facebook for Developers
https://www.pluralsight.com/courses/beginner-facebook-development | Introduction to the Facebook Graph API | Pluralsight
https://www.youtube.com/results?search_query=graph+api | (493) graph api - YouTube
https://www.youtube.com/watch?v=4TbnZAFTqAI&t=1s | (493) Facebook graph API testing ! And Secret Method to create multiple user id for same user ! - YouTube
https://www.0daydown.com/?s=Introduction+to+the+Facebook+Graph+API | Introduction to the Facebook Graph API | 0DayDown
https://learnflakes.net/?p=torrents&pid=10 | LearnFlakes.Net -Learning Community
http://ww7.learningdl.com/?z | ww7.learningdl.com/?z
https://www.youtube.com/watch?v=WvOrWq2-5cE | (493) Secrets of My Beard | My Beard Grow Journey | How to Grow Beard | - YouTube

https://www.youtube.com/watch?v=-gUkNAHR0jY&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) FileCry - The New Age Of XXE - YouTube
https://www.youtube.com/watch?v=v_5dTJYjSMA&list=PLoDjojPzHp2VtA6_UVO0uxtd6iNHaA0Sl | (488) t505 SWF Seeking Lazy Admin for Cross Domain Action Seth Art - YouTube
https://www.youtube.com/watch?v=XeeLkBkjLl0&index=6&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Black Hat USA 2015 - Abusing XSLT For Practical Attacks - YouTube
https://www.youtube.com/watch?v=oEUSNk8XAQY&index=7&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Vladimir Vorontsov - Blind XXE injections - YouTube
https://www.youtube.com/watch?v=Zl8U2YVp2lw&index=9&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Introduction to XML External Entity Injection (ISSA KY Workshop) - YouTube
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/ | Pentest Tips and Tricks – EK
https://www.youtube.com/results?search_query=race+condition+OWASP | (488) race condition OWASP - YouTube
https://www.youtube.com/channel/UCo7g5wKeNu32YIziwDqempw/videos | (488) SecureSet - YouTube
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://hackerone.com/reports/409380 | #409380 Stored XSS in merge request pages
https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/ | Offensive Security Bookmarks – EK
https://github.com/coreb1t/awesome-pentest-cheat-sheets | coreb1t/awesome-pentest-cheat-sheets: Collection of the cheat sheets useful for pentesting
https://github.com/tanprathan | tanprathan (Prathan Phongthiproek)
https://www.linkedin.com/in/pprathan/?originalSubdomain=th | (1) Prathan Phongthiproek | LinkedIn
https://github.com/jshaw87/Cheatsheets | Page not found · GitHub
https://github.com/coodict/javascript-in-one-pic | coodict/javascript-in-one-pic: Learn javascript in one picture.
https://code.google.com/archive/p/pentest-bookmarks/wikis/BookmarksList.wiki | Google Code Archive - Long-term storage for Google Code Project Hosting.
https://github.com/swisskyrepo/PayloadsAllTheThings | swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ | Penetration Testing Tools Cheat Sheet
https://twitter.com/trimstray/status/1068095885026955264 | trimstray on Twitter: "My top 5 @Burp_Suite extensions: - Random IP Address Header - CSP-Bypass - BypassWAF - Autorize - Hackvertor Which one do you use most often? or any other? #security #pentest #infosec #cybersecurity #cybersec #tech #it #technology"
https://www.cyberciti.biz/security/nmap-command-examples-tutorials/ | Top 32 Nmap Command Examples For Linux Sys/Network Admins - nixCraft
https://jerrygamblin.com/2018/10/29/google-home-insecurity/ | Google Home (in)Security – JerryGamblin.com
https://medium.com/@Skylinearafat/a-very-useful-technique-to-bypass-the-csrf-protection-for-fun-and-profit-471af64da276 | A very useful technique to bypass the CSRF protection for fun and profit.
https://gist.github.com/Rhynorater/311cf3981fda8303d65c27316e69209f | BXSS - CSP Bypass with Inline and Eval
https://twitter.com/binitamshah/status/1036541096522858496 | Binni Shah on Twitter: "Web Application Firewall (WAF) Evasion Techniques Part - 3 : Uninitialized Bash variable to bypass WAF : https://t.co/zRj9xsv0Dm ,Part 2 : Web Application Firewall (WAF) Evasion Techniques : https://t.co/11oAnX3Uhe , Part 1 : https://t.co/7zwnIngrDE cc @Menin_TheMiddle… https://t.co/N269avqr7i"
https://medium.freecodecamp.org/a-quick-introduction-to-web-security-f90beaf4dd41 | A quick introduction to web security – freeCodeCamp.org
https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf | jwt_security_cheatsheet - Page 1.pdf
https://twitter.com/binitamshah/status/1025982771393486848 | Binni Shah on Twitter: "Linux Post Exploitation Cheat Sheet : https://t.co/GSHVQAzRsn cc @GuifreRuiz"
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/ | Bypassing and exploiting Bucket Upload Policies and Signed URLs
http://cybersec-research.com/ssrf-on-digitalocean-site-bugbounty-tip/?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork | 404 Not Found
https://twitter.com/GoogleVRP/status/1022404220291567617 | Google Vulnerability Reward Program (VRP) on Twitter: "Don't render arbitrary HTML in Electron apps: https://t.co/fGhn2VPYUB. Good example of why we're rewarding impactful vulnerabilities and not exploits.… https://t.co/K85ePqPlVw"
https://twitter.com/rajchandel/status/1022174569757646848 | Hacking Articles on Twitter: "Collections of 150 CTF Challenges (Vulnhub+HTB) https://t.co/MrVO2vtJ0T … @VulnHub @hackthebox_eu #oscp #ctf"
https://twitter.com/Scott_Helme/status/1022035104372334592 | Scott Helme on Twitter: "I was asked to look into an XSS vulnerability on Etherscan which turned out to be caused by a custom Disqus integration: https://t.co/gc7EgvgArF"
https://twitter.com/SecurityMB/status/1021464816370798592 | Michał Bentkowski on Twitter: "Blogged! Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again. https://t.co/HKT28uQbwy"
https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html | Setting arbitrary request headers in Chromium via CRLF injection | MB blog
https://plus.google.com/114029233000745976870 | Michał Bentkowski - Google+
https://sekurak.pl/blad-bezpieczenstwa-w-aplikacji-desktopowej-google-chat-czyli-jak-uczynic-open-redirect-znow-wielkim/ | Security error in the Google Hangouts Chat desktop application - how to make Open Redirect great again
https://sekurak.pl/bezpieczenstwo-sieci-wi-fi-czesc-1/ | Bezpieczeństwo sieci Wi-Fi – część 1 (wstęp)
https://sekurak.pl/google-caja-i-xss-y-czyli-jak-dostac-trzy-razy-bounty-za-prawie-to-samo/ | Google Caja i XSS-y – czyli jak dostać trzy razy bounty za (prawie) to samo
https://sekurak.pl/facebook-wyplacil-10-latkowi-10-tys-usd-za-zgloszenie-luki-w-instagramie/ | Facebook wypłacił 10-latkowi 10 tys. USD za zgłoszenie luki w Instagramie
https://sekurak.pl/hack-the-pentagon-rusza-program-bug-bounty-prowadzony-przez-armie-usa/ | „Hack the Pentagon” — rusza program bug bounty prowadzony przez armię USA
https://sekurak.pl/dostal-10-000-od-google-za-podmiane-jednego-naglowka-header/ | He got $ 10,000 from Google for the replacement of one Header header
https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up | $7.5k Google services mix-up - Ezequiel Pereira
https://portswigger.net/kb/papers/crackingthelens-whitepaper.pdf | crackingthelens-whitepaper.pdf
https://sekurak.pl/za-jeden-prosty-xml-zgarnal-10-000-za-jednego-prostego-xml-a-zgarnal-10-000/ | Za jeden prosty XML zgarnął $10 000
https://sekurak.pl/slack-dostal-sie-do-glownego-panelu-admina-i-zgarnal-9000-w-ramach-bounty/ | Slack – dostał się do głównego panelu admina i zgarnął $9000 w ramach bounty
https://sekurak.pl/chcesz-byc-bogaty-i-slawny-kilkaset-programow-bug-bounty/ | Chcesz być bogaty i sławny? ;) Kilkaset programów bug bounty
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://0xpatrik.com/project-sonar-guide/ | Project Sonar: An Underrated Source of Internet-wide Data
https://0xpatrik.com/asset-discovery/ | Asset Discovery: Doing Reconnaissance the Hard Way
https://github.com/jobertabma?tab=repositories | jobertabma (Jobert Abma) / Repositories
https://silesiasecuritylab.com/articles/from-csrf-to-unauthorized-remote-admin-access/ | From CSRF to Unauthorized Remote Admin Access – Dawid Czagan
https://wiki.exploitpedia.org/view/OWASP_TOP_10#A1:2017-Injection | OWASP TOP 10 - wiki.exploitpedia.org
https://wiki.exploitpedia.org/view/Static_Analysis | Static Analysis - wiki.exploitpedia.org
https://twitter.com/SamiDrif | Sami 🦄 (@SamiDrif) | Twitter
https://www.youtube.com/ | (488) YouTube
https://www.youtube.com/watch?v=lEdmdCb1DT0 | (488) Who Will Save Iron Man In Endgame? - YouTube

https://pastebin.com/u/thecreat0r/1/Z4EmVYsB | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/9BSQjM3E | CSRF - Pastebin.com
https://pastebin.com/xZC446zy | SSRF - Pastebin.com
https://www.youtube.com/watch?v=rR0SnARknlk&list=PLZOToVAK85MoxxCMbxxiBbQ6pavP8aucC | (474) Cross-Site Request Forgery Explained - Part 1: Basic CSRF - YouTube
https://www.youtube.com/results?search_query=CSRF | (474) CSRF - YouTube
https://www.youtube.com/watch?v=KaEj_qZgiKY | (474) CSRF Introduction and what is the Same-Origin Policy? - web 0x04 - YouTube
https://www.youtube.com/watch?v=_JpDMFDlk3Y | (474) CSRF/XSRF/SEA SURF Kya Hote Hai ?? - YouTube
https://www.youtube.com/watch?v=5joX1skQtVE | (474) What is a CSRF? | OWASP Top 10 2013 | Video by Detectify - YouTube
https://null.co.in/events/525-delhi-null-delhi-meet-15-december-2018-combined-null-owasp-meet | null Delhi Meet 15 December 2018 Combined [null + OWASP] Meet
https://null.co.in/profile/3906-narendra-kumar | narendra kumar - null Community Profile
https://www.slideshare.net/NarendraKumar529/server-side-tempalate-injection-85399102 | Server side tempalate injection
https://tomnomnom.com/talks/advxss.pdf | advxss.pdf
https://appsecwiki.com/#/frontend?id=cross-site-request-forgery | Frontend Security - Application Security Wiki
https://philippeharewood.com/facebook-graphql-csrf/ | Facebook GraphQL CSRF – These aren't the access_tokens you're looking for
https://www.youtube.com/watch?v=NAR4nDEpD8g | (474) DVWA - CSRF ("Auto-Forcing New Passwords") - YouTube
https://www.youtube.com/results?search_query=bsides+CSRF | (474) bsides CSRF - YouTube
https://www.youtube.com/watch?v=enFcclD6nuk | BSides Boston - BruteLogic - Building Advanced XSS Vectors - YouTube
https://www.youtube.com/watch?v=vrjgD0azkCw | CSRF Explained - YouTube
http://bitspyder.net/browse.php?page=3 | .:: Bitspyder.net :: Downloads
https://learnflakes.net/?p=home&pid=1 | LearnFlakes.Net -Learning Community
https://medium.com/bugbountywriteup/csrf-account-takeover-explained-automated-manual-bug-bounty-447e4b96485b | CSRF account takeover Explained Automated/Manual — Bug Bounty
https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/ | haiderm.com | 521: Web server is down
https://twitter.com/prateek_0490/status/977764964944330753 | Prateek Tiwari on Twitter: "Also, to add to it, try and use “-1” {csrf_token=-1} as value of token and you will be amazed to see the result. 😉 #BugBounty #TogetherWeHitHarder… https://t.co/3RBhIegMPI"
https://www.youtube.com/watch?v=3KwGmKucayg&feature=youtu.be | (474) CSRF Bypass - YouTube
https://medium.com/@agrawalsmart7/what-is-csrf-how-to-bypass-the-csrf-protection-via-xss-55695f5789d7 | Hi all, and a Very Happy New Year to all, let’s Come to the topic, Today I just want to share some…
https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/ | Tricks for circumventing CSRF protection - Conference Zeronights 2017
https://hackerone.com/reports/115158 | #115158 CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION)
https://dl.packetstormsecurity.net/papers/attack/Using_XSS_to_bypass_CSRF_protection.pdf | Using XSS to bypass CSRF protection
https://blog.netspi.com/defeating-csrf-protections-expired-cross-domain-xml-domains/ | Defeating CSRF Protections Through Expired cross-domain.xml Domains
https://blog.netspi.com/fuzzing-parameters-in-csrf-resistant-applications-with-burp-proxy/ | Fuzzing Parameters in CSRF Resistant Applications with Burp Proxy
https://blog.netspi.com/netspi-sql-injection-wiki/ | NetSPI SQL Injection Wiki
https://hackerone.com/reports/233099/ | #233099 CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card
https://www.youtube.com/ | (474) YouTube

https://twitter.com/SamiDrif | Sami 🦄 (@SamiDrif) | Twitter
https://web-in-security.blogspot.com/2017/07/cors-misconfigurations-on-large-scale.html | CORS misconfigurations on a large scale
http://samidrif.net/
https://web.archive.org/web/20180813091525/https://bounty.github.com/researchers/Dharani-abss.html | Abhishek Dharani - GitHub Bug Bounty
https://www.slideshare.net/GreenD0g/deserialization-vulnerabilities | Deserialization vulnerabilities
https://hackerone.com/reports/301831 | #301831 Leaking sensitive files on Github leads to internal files (python scripts,SQL files)
https://opnsec.com/2018/03/stored-xss-on-facebook/ | Stored XSS on Facebook | OpnSec
https://www.sxcurity.pro/asus-sqli/
https://medium.com/bugbountywriteup/whats-tools-i-use-for-my-recon-during-bugbounty-ec25f7f12e6d | What tools I use for my recon during #BugBounty – InfoSec Write-ups – Medium
https://hackerone.com/reports/397527 | #397527 Leaking sensitive information on Github lead full access to all Grab Slack channels
https://pastebin.com/LEHfnLAw | [Markdown] GraphQl - Pastebin.com
https://twitter.com/snoopysecurity | (1) Sam Sanoop (@snoopysecurity) | Twitter
https://www.reddit.com/r/netsec/comments/8k5bvi/exposing_graphql_to_penetration_testers/?st=jphzadaa&sh=bf6394ca | Exposing GraphQL to Penetration Testers : netsec
https://exposingtheinvisible.org/guides/google-dorking/ | Smart searching with googleDorking | Exposing the Invisible
https://hackerone.com/reports/380317 | #380317 Team object exposes amount of participants in a private program to non-invited users

https://github.com/s-castillo/js-course-example/blob/master/course-examples/_js/simple-js.js | js-course-example/simple-js.js at master · s-castillo/js-course-example
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://github.com/chiangs/jsf-solutions2/blob/master/Module2/solutions.md#08---functions | jsf-solutions2/solutions.md at master · chiangs/jsf-solutions2
https://pastebin.com/WPMNrVzK | javascript-notes - Pastebin.com
https://www.youtube.com/watch?v=5aISC84gXBw | (468) Is The Katy Perry LOVE Story Over? Katy Finally Chats With Trevor About It | American Idol 2018 - YouTube

https://www.youtube.com/ | (459) YouTube
https://www.youtube.com/channel/UCTzvm6c3E6qH7jkO6HWn2Cg/videos | (459) UTD CSG - YouTube
https://www.youtube.com/feed/history | (459) History - YouTube
https://www.youtube.com/results?search_query=XXE | (459) XXE - YouTube
https://www.youtube.com/watch?v=BZOg_NgvP18 | (459) What Is An XXE Attack? - YouTube
https://appsecwiki.com/#/serversidesecurity?id=xxe | Server Side Security - Application Security Wiki
https://phonexicum.github.io/infosec/xxe.html | XXE
http://blkstone.github.io/2017/06/29/web-for-pentester-xxe/ | Web for Pentester XXE Resolution // Neurohazard
https://security.tencent.com/index.php/blog/msg/69 | 未知攻焉知防——XXE漏洞攻防 - 博客 - 腾讯安全应急响应中心
https://www.vsecurity.com//download/papers/XMLDTDEntityAttacks.pdf | XML Schema, DTD, and Entity Attacks
http://www.atomsec.org/%E5%AE%89%E5%85%A8/web_for_pentester_i-part-2/ | Web for pentester I part 2 – Atom Kid
https://2013.appsecusa.org/2013/wp-content/uploads/2013/12/WhatYouDidntKnowAboutXXEAttacks.pdf | OWASP
http://agrawalsmart7.com/2018/11/10/Understanding-XXE-from-Basic-to-Blind.html | Utkarsh Agrawal|Understanding Xxe From Basic To Blind
https://www.christian-schneider.net/GenericXxeDetection.html | Generic XXE Detection
https://www.christian-schneider.net/GenericXxeDetection.html | Generic XXE Detection
https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jedi | XXE: How to become a Jedi
https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html | Detecting and exploiting XXE in SAML Interfaces
https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/ | Gaining Filesystem Access via Blind OOB XXE – ∞ Growing Web Security Blog
https://www.youtube.com/watch?v=1EBWzbO8lgs&index=4&list=PLsyeobzWxl7oanwaonj3iV3rxfTdEA2gC | (459) XML Introduction 3 | Schema - YouTube
https://www.youtube.com/watch?v=eHSNT8vWLfc | (459) What You Didn't Know About XML External Entities Attacks - Timothy Morgan - YouTube
https://www.youtube.com/watch?v=2O874A5Uj3w | (459) AppSecEU 16 - C. Mainka, C. Spth, V. Mladenov - From DTD to XXE - An Evaluation of XML - Parsers - YouTube
https://appseceurope2016.sched.com/event/6XQ2/from-dtd-to-xxe-an-evaluation-of-xml-parsers | AppSec Europe 2016: From DTD to XXE: An Evaluation of XML-Pa...
http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html | @ONsec_Lab: XXE OOB exploitation at Java 1.7+
https://portswigger.net/kb/issues/00100400_xml-external-entity-injection | XML external entity injection | PortSwigger
https://blog.ninoishere.com/xxe-how-to-become-a-jedi/ | XXE: How to become a Jedi
https://www.facebook.com/pg/hacking.py/posts/?ref=page_internal | Hacking Is Sharing - Posts
https://darkweblinks.org/2018/08/10/xxe-how-to-become-a-jedi-yaroslav-babin/ | XXE: How to become a Jedi - Yaroslav Babin - Tor Hidden Service DarkWeb Links
https://blog.zsec.uk/blind-xxe-learning/ | Hunting in the Dark - Blind XXE
https://blog.ninoishere.com/tag/xxe/ | xxe - Nino

https://codeby.net/blogs/kniga-po-nmap-na-russkom/#12 | Nmap book in Russian
https://codeby.net/blogs/category/informacionnaja-bezopasnost/ | Information Security | The codeby
https://1cloud.ru/help/dns/dns_basics | Basics of working with DNS (domain name system)
https://habr.com/post/270159/ | Значимость SPF / Хабр
https://danielmiessler.com/study/dns/#gs.u_MO7iA | A DNS Primer | Daniel Miessler

https://codeby.net/threads/skanirovanie-seti-aktivnyj-fazzing-urok-5.65878/ | (1) Сканирование сети [активный фаззинг]. Урок 5 - Codeby.net - Информационная Безопасность
https://codeby.net/members/explorer.100533/#recent-content | (1) explorer | Codeby.net - Информационная Безопасность
https://codeby.net/members/pingvinich.73770/#recent-content | (1) PingVinich | Codeby.net - Информационная Безопасность
https://codeby.net/threads/aktivnyj-fazzing-poisk-subdomenov-urok-4.65842/ | (1) Активный фаззинг - поиск субдоменов. Урок 4 - Codeby.net - Информационная Безопасность
https://codeby.net/members/darklight.105361/#recent-content | (1) darklight | Codeby.net - Информационная Безопасность
https://codeby.net/threads/vzaimodejstvie-c-dns-urok-3.65828/ | (1) Взаимодействие c DNS. Урок 3 - Codeby.net - Информационная Безопасность
https://codeby.net/members/sergei-webware.66427/#recent-content | (1) Sergei webware | Codeby.net - Информационная Безопасность
https://codeby.net/threads/passivnyj-fazzing-ili-sbor-informacii-iz-otkrytyx-istochnikov.65781/ | (1) Пассивный фаззинг или сбор информации из открытых источников - Codeby.net - Информационная Безопасность
https://codeby.net/members/vertigo.72244/#recent-content | (1) Vertigo | Codeby.net - Информационная Безопасность
https://codeby.net/tags/lfi/ | (1) lfi | Codeby.net - Информационная Безопасность
https://codeby.net/threads/rukovodstvo-dlja-nachinajuschix-po-rabote-s-cenzuroj-v-internete.65642/ | (1) Руководство для начинающих по работе с цензурой в Интернете - Codeby.net - Информационная Безопасность
https://codeby.net/members/sith_ortodox.104801/#recent-content | (1) sith_ortodox | Codeby.net - Информационная Безопасность
https://codeby.net/members/i3wm.106227/#recent-content | (1) i3wm | Codeby.net - Информационная Безопасность
https://codeby.net/threads/istorii-za-kodom-na-puti-k-pravilnomu-kodu.65506/ | (1) [Истории за кодом] На пути к правильному коду. - Codeby.net - Информационная Безопасность
https://codeby.net/members/masonskoe_loje.106290/#recent-content | (1) Masonskoe_loje | Codeby.net - Информационная Безопасность
https://codeby.net/members/tayrus.74954/#recent-content | (1) Tayrus | Codeby.net - Информационная Безопасность
https://codeby.net/threads/hack-the-server-drupal.65356/ | (1) Hack the Server (Drupal) - Codeby.net - Information Security
https://codeby.net/threads/novyj-sposob-vzloma-wi-fi-avgust-2018.64485/ | (1) Новый способ взлома Wi-Fi | август 2018 - Codeby.net - Информационная Безопасность
https://codeby.net/threads/rsa-princip-raboty-algoritma-na-primerax-python-shifrovanie-v-internete-chast-1.64349/ | (1) RSA algorithm operation principle using python examples. Encryption on the Internet. Part 1. - Codeby.net - Information Security
https://codeby.net/threads/mini-framework-python-dlja-xakera-chast-4-svoj-mini-frejmvork.64083/ | (1) [Mini framework] - Python для хакера - [Часть 4] - Свой мини фреймворк - Codeby.net - Информационная Безопасность
https://codeby.net/threads/python-requests-threading-perebor-parolja-v-formax-avtorizacii.62698/ | (1) Python + requests + threading. Password search in authorization forms. - Codeby.net - Information Security
https://codeby.net/threads/anonimnyj-pentest-vpn-tor-vpn-chast-ii-reverse-shell-za-lokalnoj-setju.62656/ | (1) Анонимный пентест [VPN -> TOR -> VPN] (Часть II) - Reverse Shell за локальной сетью - Codeby.net - Информационная Безопасность
https://codeby.net/threads/pishem-skript-dlja-bruta-xehshej.62252/ | (1) Пишем скрипт для брута хэшей - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sozdanie-plagina-s-majnerom-dlja-brauzera-chrome.62202/ | (1) Создание плагина с майнером для браузера chrome - Codeby.net - Информационная Безопасность
https://codeby.net/threads/uroki-po-burp-suite-pro-chast-1-nachalo.62200/ | (1) Уроки по Burp Suite Pro Часть 1. Начало. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sposoby-zagruzki-shella-behkdora-na-sajt.61851/ | (1) Способы загрузки шелла/бэкдора на сайт. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/uchim-python-ch8-otojdem-ot-temy.61715/ | (1) Учим Python - [Ч8] - Отойдем от темы - Codeby.net - Информационная Безопасность
https://codeby.net/threads/kak-ispolzovat-shodan-api-s-python-dlja-avtomatizacii-skanirovanija-ujazvimyx-ustrojstv.61501/ | (1) Как использовать Shodan API с Python для автоматизации сканирования уязвимых устройств - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sryptography-for-beginners-chast-2-prostye-shifry.61379/ | (1) [Сryptography for beginners] - Часть 2. Простые шифры. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/nachinajuschim-kriptografija-vvedenie.61349/ | (1) [Начинающим] - Криптография. Введение. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/vzlom-web-prilozhenij-kak-pravilno-provodit-sbor-informacii-celevogo-veb-resursa.61041/ | (1) [Взлом web приложений] - Как правильно проводить сбор информации целевого веб ресурса. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/pishem-malvar-na-python-chast-i-telegram-bot.60941/ | (1) Пишем малварь на Python. Часть I. Telegram-bot. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/powerfull-dos.60856/ | (1) Powerfull Dos - Codeby.net - Информационная Безопасность
https://codeby.net/threads/powershell-dlja-xakera-chast-x-povyshenija-privilegij-skript-sherlock-ps1.60713/ | (1) PowerShell для хакера ( часть X ) Повышения привилегий . [скрипт Sherlock.ps1] - Codeby.net - Информационная Безопасность
https://codeby.net/threads/dekompiljacija-android-prilozhenij.60558/ | (1) Декомпиляция android-приложений - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-inkapsuljacija.59804/ | (1) Эксплуатация python приложений: Инкапсуляция. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-funkcija-input.59803/ | (1) Эксплуатация python приложений: функция input. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-modul-pickle.59799/ | (1) Эксплуатация python приложений: модуль pickle. - Codeby.net - Информационная Безопасность

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://www.youtube.com/watch?v=QhSdSesIu2M | Review the AttackDefense site for making penetration tests - YouTube
https://www.youtube.com/watch?v=UyaVMl91qyA | (336) AttackDefense: TShark Basics Lab Walk-through - YouTube
https://www.youtube.com/results?search_query=attackdefense&sp=CAI%253D | (336) attackdefense - YouTube
https://www.youtube.com/watch?v=e52Nd17DXs8 | (336) AttackDefence Lab ApPHP MicroBlog Remote Code Execution Solution - YouTube
https://www.youtube.com/watch?v=ZSIaTD2Dl0U | (336) AttackDefense.com: Nmap Firewall Challenge - YouTube
https://nitesculucian.github.io/2018/11/26/attackdefense-com-lfi-cve-2018-12613-exploit/ | AttackDefense.com [LFI] - CVE-2018-12613 Exploit
https://nitesculucian.github.io/ | Lucian Nitescu
https://pbs.twimg.com/media/Dq1uXfoU0AUsSh4.jpg | Dq1uXfoU0AUsSh4.jpg (893×886)
https://twitter.com/swaroopsy | Swaroop Yermalkar (@swaroopsy) | Twitter
https://github.com/rowdymehul/OWASP-s-AppSec-Israel-2018 | rowdymehul/OWASP-s-AppSec-Israel-2018: AppSec Israel 2018 will take place on 5-6 September, 2018 at Tel Aviv University, in central Tel Aviv.
http://www.rowdymehul.com/events/owasps-appsec-israel-2018/#more-1647 | OWASP’s AppSec Israel 2018 – Rowdy’s Caf`e
https://hackfest.ca/fr/formations/ios/ | iOS Mobile Application Hacking 2018
https://github.com/djadmin/awesome-bug-bounty | djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
https://www.allysonomalley.com/2018/08/06/learning-with-owasp-igoat-pentesting-with-swift/ | Learning with OWASP iGoat – Pentesting with Swift – allysonomalley.com
https://twitter.com/aseemjakhar/status/1006612530771288065 | aseemjakhar on Twitter: "T-0 And... your friendly neighborhood expliot - ioT exploitation framework can be found here https://t.co/iuxs3JREiG Please download, test, suggest and RT :)… https://t.co/a2JxzpCQJk"
http://sagarpopat.in/2017/06/07/automating-rest-api-penetration-testing-using-owasp-zap/ | Automating REST API Penetration testing using OWASP ZAP – I like building and breaking stuff
https://bitbucket.org/aseemjakhar/expliot_framework | aseemjakhar / expliot_framework — Bitbucket
https://www.bugcrowd.com/resources/ | Resources
https://schd.ws/hosted_files/appsecisrael2018/a3/Exploiting%20Smart%20Contracts%20for%20fun%20and%20profit%20-%20Erez%20Metula%20AppSec%20Labs%20-%20OWASP%20IL%202018.pdf | Microsoft PowerPoint - Exploiting Smart Contracts for fun and profit.pptx
https://www.securityjourney.com/blog/igoat-and-ios-mobile-pen-testing-s04e16/ | iGoat and iOS Mobile Pen Testing (S04E16) - Security Journey
https://app.securityjourney.com/user/sign_up | Security Journey
https://www.securityjourney.com/application-security-podcast/episodes/ | The Application Security Podcast's Episode List - Security Journey
https://www.linkedin.com/in/swaroop-yermalkar-2638b985/ | Swaroop Yermalkar | LinkedIn
https://www.youtube.com/watch?v=loHywYcwjmo&t=0s&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd&index=41 | (337) Pentesting Swift Application with OWASP iGoat - Swaroop Yermalkar - AppSecUSA 2018 - YouTube
https://www.amazon.in/Learning-Penetration-Testing-Swaroop-Yermalkar/dp/1785883259/ref=sr_1_2?ie=UTF8&qid=1503300995&sr=8-2&keywords=swaroop+yermalkar | Buy Learning iOS Penetration Testing Book Online at Low Prices in India | Learning iOS Penetration Testing Reviews & Ratings - Amazon.in
https://www.youtube.com/watch?v=FAopBbQukvI&index=46&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Single Page Applications: Is your design secure? - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=rGbpSeSyIfA&index=44&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Flying Above the Clouds: Securing Kubernetes - Jack Mannino - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=6RFh-h2n39Q&index=41&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Deserialization Vulnerability Remediation with Automated Gadget Chain Discovery - Ian Haken - YouTube
https://www.youtube.com/watch?v=t-zVC-CxYjw&index=39&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=eR-erlSOqP4&index=36&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | (336) Fixing Mobile AppSec - Sven Schleier - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=HaVEH1vFiN0&index=9&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | (337) OWASP Amass Project - Jeff Foley - YouTube
https://www.youtube.com/results?search_query=Sven+Schleier%5C | (336) Sven Schleier\ - YouTube
https://www.youtube.com/watch?v=HLeAIScDMNM | (336) Sven Schleier - OWASP Mobile Security Testing Guide MSTG - YouTube
https://www.youtube.com/watch?v=THJVzf-u7Iw&t=255s | (336) AppSec EU 2017 Fixing Mobile AppSec: The OWASP Mobile Project by Bernhard Mueller and Sven Schleier - YouTube

https://www.youtube.com/ | (333) YouTube
https://courses.knowthen.com/p/elm-beyond-the-basics | Elm Beyond the Basics | knowthen
http://bitspyder.net/browse.php?page=5 | .:: Bitspyder.net :: Downloads
https://medium.com/@Pinterest_Engineering/the-next-era-of-bug-bounty-at-pinterest-a646a72a0cd3 | The next era of Bug Bounty at Pinterest – Pinterest Engineering – Medium
https://medium.com/@hakluke/how-to-setup-an-automated-sub-domain-takeover-scanner-for-all-bug-bounty-programs-in-5-minutes-3562eb621db3 | How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
https://hawkinsecurity.com/2018/08/27/traversing-the-path-to-rce/ | Traversing the Path to RCE – ∞ Growing Web Security Blog
http://misteralfa-hack.blogspot.com/2018/03/facebook-f5-big-ip-persistence-cookie.html | Capitan Alfa: [Facebook] [F5 BIG-IP] PERSISTENCE COOKIE INFORMATION LEAKAGE
https://www.inputzero.io/p/facebook-internal-ip-disclosure.html | inputzero: Facebook Internal IP Disclosure - SSRF on Facebook | Dhiraj Mishra

https://pastebin.com/u/thecreat0r/1/Z4EmVYsB | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
https://www.youtube.com/watch?v=3iWFGFJsNa0 | (333) Web Hacking Pro Tips Deep Dive #3: Advanced Recon - YouTube
https://www.youtube.com/watch?v=1bivJl0B_bs | (333) Hacking Process - Recon - YouTube
https://twitter.com/ | (*) Twitter
https://def.camp/archives/2017/ | Archives – DefCamp 2018
https://def.camp/speaker/konrad-jedrzejczyk-3/#presentation | Konrad Jędrzejczyk – DefCamp 2018
https://www.youtube.com/watch?v=kCCWN0SRsq8&index=11&t=0s&list=PLnwq8gv9MEKhpkg2-sWdc3OV_pyXslZoL | WiFi practical hacking “Show me the passwords!” at DefCamp 2018 - YouTube
https://def.camp/speaker/marek-zmyslowski-2/#presentation | Marek Zmysłowski – DefCamp 2018
https://www.linkedin.com/in/mzmyslowski/?originalSubdomain=za | (2) Marek Zmysłowski | LinkedIn
https://www.linkedin.com/in/luciannitescu/ | (2) Nitescu Lucian | LinkedIn
https://nitesculucian.github.io/2018/07/24/msfvenom-cheat-sheet/ | Msfvenom Cheat Sheet
https://gitlab.com/r00k/kali-bash-config | Derek Rook / kali-bash-config · GitLab

https://www.speedtest.net/ | Speedtest by Ookla - The Global Broadband Speed Test

file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
https://drive.google.com/file/d/0BxDBNrqmA87UNklZbl9xYTBjclk/view | sanjay sharma.pdf - Google Drive

https://myactivity.google.com/myactivity?q=github&max=1539628199999999 | Google - My Activity
https://github.com/infoslack/awesome-web-hacking | infoslack/awesome-web-hacking: A list of web application security
https://github.com/qazbnm456/awesome-web-security#tips | qazbnm456/awesome-web-security: 🐶 A curated list of Web Security materials and resources.
https://github.com/djadmin/awesome-bug-bounty | djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

https://www.facebook.com/ | Facebook
file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
chrome://history/?q=github | History
https://github.com/vitalysim/Awesome-Hacking-Resources | vitalysim/Awesome-Hacking-Resources: A collection of hacking / penetration testing resources to make you better!
https://github.com/DoGByTe-ZN/infosec-resources4all | DoGByTe-ZN/infosec-resources4all: Only the best quality InfoSec-resources shared, based on regular sourcing of publicly available content found on the internet.
https://twitter.com/sprp77/status/985041832332746752?lang=en | Stefanie Proto 🔍 on Twitter: "My Awesome OSINT Folder https://t.co/QU5h1oUlVa #SOCMINT #infosec #data #opensource #OSINT #hack #Security #CyberSecurity #intelligence #recon #sourcecon #Infosys #API #code #dorking #SEO #awesome #SearchEngine #tools #github #infosecurity #code… https://t.co/pUcZd4AD5O"
https://github.com/jivoi/awesome-osint | jivoi/awesome-osint: A curated list of amazingly awesome OSINT
https://github.com/anshumanbh/git-all-secrets | anshumanbh/git-all-secrets: A tool to capture all the git secrets by leveraging multiple open source git searching tools
https://github.com/dsopas/assessment-mindset/tree/dev | dsopas/assessment-mindset at dev
https://github.com/cujanovic/Content-Bruteforcing-Wordlist | cujanovic/Content-Bruteforcing-Wordlist: Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
https://github.com/cujanovic/subdomain-bruteforce-list/blob/master/all.txt | subdomain-bruteforce-list/all.txt at master · cujanovic/subdomain-bruteforce-list
https://github.com/onlurking/awesome-infosec?fbclid=IwAR3qBqsRzutkoBx5OIzi1l3HyxWIMF0nIkqI_uUwf1_EQFap3c0wQm5gNOs | onlurking/awesome-infosec: A curated list of awesome infosec courses and training resources.
https://github.com/zardus/ctf-tools?fbclid=IwAR3GjJ7DMnozO3GiTl9VA9hDFCi7_gaDzlkyoG-p7OzzYx5QTBEfH3zEfH0 | zardus/ctf-tools: Some setup scripts for security research tools.
https://github.com/sectalks/sectalks | sectalks/sectalks: CTFs, solutions and presentations
https://github.com/michenriksen/gitrob | michenriksen/gitrob: Reconnaissance tool for GitHub organizations
https://github.com/anshumanbh/tko-subs | anshumanbh/tko-subs: A tool that can help detect and takeover subdomains with dead DNS records
https://github.com/codingo/ssrf-playground | codingo/ssrf-playground: A playground to practice SSRF Attacks against web apps
https://github.com/codingo/takeover | codingo/takeover: Sub-Domain TakeOver Vulnerability Scanner
https://github.com/random-robbie/My-Shodan-Scripts | random-robbie/My-Shodan-Scripts: Collection of Scripts for shodan searching stuff.
https://github.com/juliocesarfort/public-pentesting-reports/tree/master/Bugcrowd | public-pentesting-reports/Bugcrowd at master · juliocesarfort/public-pentesting-reports
https://github.com/BeDefended/RequestHighlighter | BeDefended/RequestHighlighter: Burp Suite extension that automatically highlights different HTTP requests
https://github.com/ChrisTruncer/PenTestScripts | ChrisTruncer/PenTestScripts: Scripts that are useful for me on pen tests
https://github.com/joe-shenouda/awesome-cyber-skills | joe-shenouda/awesome-cyber-skills: A curated list of hacking environments where you can train your cyber skills legally and safely
https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b | Cloud Metadata Dictionary useful for SSRF Testing
https://github.com/shieldfy/API-Security-Checklist | shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
https://github.com/DaniLabs/tools-tbhm | DaniLabs/tools-tbhm: Tools of "The Bug Hunters Methodology V2 by @jhaddix"
https://nitstorm.github.io/blog/burp-suite-intruder-attack-types/ | Understanding Burp Suite Intruder Attack Types - Nitin's Blog
https://github.com/sa7mon/S3Scanner | sa7mon/S3Scanner: Scan for open AWS S3 buckets and dump the contents
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet | tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
https://github.com/sgayou/medfusion-4000-research | sgayou/medfusion-4000-research: Medfusion 4000 security research & a MQX RCE.
https://github.com/jiayy/android_vuln_poc-exp | jiayy/android_vuln_poc-exp: This project contains pocs and exploits for android vulneribilities
https://twitter.com/HackwithGithub/status/927151008169390081 | Hack with GitHub on Twitter: "pentest-tools - Custom tools to help during #pentest Author: @gwendallecoguic https://t.co/loPD1RxHsn"
https://twitter.com/g0tmi1k/status/914824867698151426 | g0t mi1k on Twitter: "g0tmi1k starred frizb/OSCP-Survival-Guide on Github https://t.co/Oe0XaArzq6"
https://github.com/gwen001/pentest-tools | gwen001/pentest-tools: Custom pentesting tools
https://github.com/b-mueller/android_app_security_checklist/blob/master/README.md | android_app_security_checklist/README.md at master · b-mueller/android_app_security_checklist
https://github.com/LucaBongiorni?tab=repositories | LucaBongiorni / Repositories
https://github.com/LucaBongiorni/List-of-web-application-security | LucaBongiorni/List-of-web-application-security: List of web application security
https://github.com/LucaBongiorni/awae | LucaBongiorni/awae: wifi enterprise workshop
https://github.com/LucaBongiorni/awae/tree/master/lab1 | awae/lab1 at master · LucaBongiorni/awae
https://github.com/0xSobky/HackVault/wiki/AutoRecon-for-Automated-Reconnaissance | AutoRecon for Automated Reconnaissance · 0xSobky/HackVault Wiki
https://github.com/0xSobky/HackVault/wiki | Home · 0xSobky/HackVault Wiki
https://github.com/0xSobky | 0xSobky (Ahmed Elsobky)
https://0xsobky.github.io/ | Hacklog – by Ahmed Elsobky | Web Security Researcher
https://0xsobky.github.io/hijacking-facebook-tokens/ | Hijacking Facebook Apps' Access Tokens on the Fly! – Hacklog – by Ahmed Elsobky | Web Security Researcher
https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki | pentest-bookmarks/BookmarksList.wiki at master · jhaddix/pentest-bookmarks
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#xss---cross-site-scripting | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://github.com/cure53/H5SC | cure53/H5SC: HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
https://github.com/WebBreacher/offensiveinterview | WebBreacher/offensiveinterview: Interview questions to screen offensive (red team/pentest) candidates
https://github.com/ngalongc/bug-bounty-reference#cross-site-scripting-xss | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/Matir/pwnableweb | Matir/pwnableweb: PwnableWeb is a suite of web applications for use in information security training.
https://github.com/nVisium/xssValidator | nVisium/xssValidator: This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools | toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/nahamsec/lazys3 | nahamsec/lazys3
https://github.com/mohdhaji87/COEIA_WebHacking_Attacks-Defense/blob/master/COEIA_biweekly_presentation.pptx | COEIA_WebHacking_Attacks-Defense/COEIA_biweekly_presentation.pptx at master · mohdhaji87/COEIA_WebHacking_Attacks-Defense
https://github.com/mohdhaji87 | mohdhaji87 (Mohd Haji)
https://github.com/securing/BucketScanner | securing/BucketScanner: A tool for testing objects' permissions in AWS buckets
https://github.com/securing/DumpsterDiver | securing/DumpsterDiver: Tool to search secrets in various filetypes.
https://github.com/appsecco/the-art-of-subdomain-enumeration | appsecco/the-art-of-subdomain-enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration"
https://github.com/sensepost/gowitness | sensepost/gowitness: 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
https://github.com/yamakira?fbclid=IwAR37t9RL2CsLT94ypRdNPEp-3h8h3XhUvRyoE2veMNLwx7kb1wlQCcfjp5E | yamakira (Bharath)
https://github.com/HanseSecure/ExploitDev | HanseSecure/ExploitDev
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
https://github.com/Tristan-aemjk4h/Awesome-Hacking-Resources | Tristan-aemjk4h/Awesome-Hacking-Resources
https://github.com/enaqx/awesome-pentest#web-exploitation | enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things
https://github.com/rojan-rijal/pyrate | rojan-rijal/Pyrate: Practice Web App written in python with some vulnerabilities.
https://github.com/rojan-rijal/Subdomains/blob/master/README.md | Subdomains/README.md at master · rojan-rijal/Subdomains
https://github.com/rojan-rijal/LeakFinder | rojan-rijal/LeakFinder: https://sites.google.com/securifyinc.com/rojanrijal/leaked-sensitive-data

https://www.youtube.com/watch?v=3oJabjNIpQw | (285) FORTNITE BR - OUR FIRST PLAYGROUND MINI GAME!!!! (Death Run) - YouTube
https://www.facebook.com/ | (1) Facebook
https://www.facebook.com/pg/phwd-113702895386410/posts/?ref=page_internal | (1) @phwd - Posts
https://www.facebook.com/groups/bugbountygroup/ | (1) Facebook Bug Bounty Community
https://twitter.com/0ctac0der/likes | Tweets liked by Abhinav | 0ctac0der (@0ctac0der) | Twitter
https://www.imdb.com/title/tt0411008/ | Lost (TV Series 2004–2010) - IMDb
https://twitter.com/hvboppana/lists/security-three | @hvboppana/Security - Three on Twitter
https://www.netflix.com/search?q=Lost | Netflix

https://docs.google.com/document/d/1euMMHy0eO_UFPhv0Th_r9CrGyWqx9Az-pn3UyhO8yog/edit | More Links - Google Docs
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how.html | Vulnerability in Hangouts Chat: from open redirect to code execution | MB blog
https://blog.doyensec.com/2017/08/03/electron-framework-security.html | Modern Alchemy: Turning XSS into RCE · Doyensec's Blog
https://www.contrastsecurity.com/security-influencers/cve-2018-15685 | CVE-2018-15685 - Electron WebPreferences Remote Code Execution Finding
https://twitter.com/disclosedh1/status/985280378888966144 | publiclyDisclosed on Twitter: "Automattic disclosed a bug submitted by @mattaustin: https://t.co/RXp9xAgwNH - Bounty: $250 #hackerone #bugbounty… "
https://hackerone.com/reports/301458 | #301458 Remote Code Execution in Wordpress Desktop
https://henhouse.cure53.berlin/ | Cure53 Chinese New Year XSS Challenge 2018
https://speakerdeck.com/lmt_swallow/tangled-world-of-web-technology-are-we-safe?slide=7 | Tangled World of Web Technology ― Are we safe? - Speaker Deck
https://xss.shift-js.info/ | XSS Challenge (by y0n3uchy)

https://www.fireeye.com/services/training/courses.html | Incident Response and Malware Analysis Training | FireEye
https://web.whatsapp.com/ | (10) WhatsApp
file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
http://www.allitebooks.com/?s=Software+Engineering | Software Engineering ebooks - All IT eBooks
file:///home/mr-robot/Downloads/Introduction%20to%20the%20Design%20and%20Analysis%20of%20Algorithms%20-%20FTP%20Directory%20.pdf | Introduction to the Design and Analysis of Algorithms (2-downloads)

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://0xpatrik.com/subdomain-takeover-basics/ | Subdomain Takeover: Basics
https://0xpatrik.com/subdomain-takeover/ | Subdomain Takeover: Thoughts on Risks
https://github.com/ngalongc/bug-bounty-reference#cross-site-scripting-xss | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://docs.google.com/document/d/1SrSnxRwGTMFP19gz41a8b0ns820Z9pAwEl3hkxJ4UVg/edit | Recon/Subdomain - Google Docs
https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html | Subdomains Enumeration Cheat Sheet · Pentester Land
https://pentester.land/conference-notes/2018/04/25/levelup-2017-Esoteric-subdomain-enumeration-techniques.html | Conference notes: Esoteric subdomain enumeration techniques (LevelUp 2017) · Pentester Land
https://www.youtube.com/watch?v=e_Gq99CKAys&t=95s | (257) Esoteric sub-domain enumeration techniques - Bharath, from Bugcrowd's LevelUp 2017 - YouTube
http://blog.x1622.com/2016/11/subdomain-discovery-with-nmap-and.html | hacking and penetration testing: subdomain discovery with nmap and custom subdomain files

chrome://downloads/ | Downloads
https://0xevilc0de.com/about-these-videos/ | About These Videos - 0xEvilC0de.com
http://christian.kitchen/tutorials/programming/page/2/ | Programming » Download Free Movies Games MP3 Albums and Softwares!
https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05 | Gathering Open Source Intelligence – Posts By SpecterOps Team Members
https://gist.github.com/arbazkiraak/574cf1ae0a378115907f82ed07f1a374 | wordlist generated Based on : https://medium.com/@adrien_jeanneau/how-i-was-able-to-list-some-internal-information-from-paypal-bugbounty-ca8d217a397c
https://learningdl.net/tag/sans/page/2/ | Sans Archives - Page 2 of 10 - LEARNING FOR LIFE
https://github.com/aurainfosec/xss_payloads/blob/master/fetch.md | xss_payloads/fetch.md at master · aurainfosec/xss_payloads
https://www.youtube.com/watch?v=l3yThCIF7e4&t=0s&index=19&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | Self XSS we’re not so different you and I - Mathias Karlsson - Security Fest 2017 - YouTube
https://twitter.com/avlidienbrunn | ­Mathias Karlsson (@avlidienbrunn) | Twitter
https://www.youtube.com/channel/UC3pn_ccQdc22_L63d6MN1QA/videos | (249) OWASP Stockholm - YouTube

https://www.youtube.com/watch?v=XfB0g_JDIds | (246) Silicon Valley Season 2 - Jared Dunn explains what is SWOT Analysis to the team - YouTube
https://www.youtube.com/watch?v=bpXHZh9RfYk | (246) Reacting to Shameless by Prajakta Koli | Types of Reactions | MostlySane - YouTube
https://medium.com/@ehsahil/getting-started-in-bug-bounty-7052da28445a | Getting started in Bug Bounty – Sahil Ahamad – Medium
https://medium.com/ehsahil/recon-my-way-82b7e5f62e21 | Recon— my way. – ehsahil – Medium
https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ | Restricting AppCache to Secure Contexts | Mozilla Security Blog
https://twitter.com/kinugawamasato | Masato Kinugawa (@kinugawamasato) | Twitter
https://hackerone.com/reports/187542 | #187542 Brave Browser unexpectedly allows to send arbitrary IPC messages
https://vulnerabledoma.in/cny2018/omake.php | CNY OMAKE XSS Challenge
https://avlidienbrunn.se/xsschallenge3/index.php | https://avlidienbrunn.se/xsschallenge3/index.php
https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/ | SQLi in INSERT worse than SELECT
https://github.com/cure53/XSSChallengeWiki/wiki/XSSMas-Challenge-2016 | XSSMas Challenge 2016 · cure53/XSSChallengeWiki Wiki
https://labs.detectify.com/2017/01/12/csp-flaws-cookie-fixation/ | CSP flaws: cookie fixation
https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/ | postMessage XSS on a million sites
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/ | The pitfalls of postMessage
https://twitter.com/0xACB/status/999397917331992577 | André Baptista on Twitter: "Here it is: https://t.co/0oGo16N7UZ 🔥🔥🔥🔥🔥🔥 Thanks to @0xfad0 for the help! And thanks for the bounty, @Shopify and @Hacker0x01!!"
https://hackerone.com/reports/341876 | #341876 SSRF in Exchange leads to ROOT access in all instances
https://twitter.com/ITSecurityguard | Patrik Fehrenbach🤖 (@ITSecurityguard) | Twitter
https://twitter.com/Rhynorater/status/1034430585081671680 | Justin Gardner on Twitter: "Actually, just do yourself a favor, bug hunters, and go download/install every tool in @TomNomNom's Github. This shiz is super useful..."
https://twitter.com/Nettitude_Labs/status/1032593408437760000 | Nettitude Labs on Twitter: "Introducing Scrounger: An open source, modular and extensible iOS & Android mobile application penetration testing framework, by Ruben De Campos 📱 https://t.co/aC7mRXMhJY"
https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/ | Remote Code Execution on a Facebook server – Sec Team Blog
https://twitter.com/ITSecurityguard/status/1021310140400717825 | Patrik Fehrenbach🤖 on Twitter: "GraphQL really represents the Crown Jewels of every company. If you want to find $$$ bounties, have a look at the @Hacker0x01 GraphQL :-) You can get the entire schema using Introspection (https://t.co/fym2D1RPNT) (thanks @mongobug <3) https://t.co/4IRe4IIFdL 80 MB PNG file… https://t.co/fXVIfILqdl"
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ | Into the Borg – SSRF inside Google production network | OpnSec
https://twitter.com/stokfredrik/status/1012638867231526912 | STÖK on Twitter: "#hackeroftheday is @Jhaddix, with thousands of hours invested and over a decade in webhacking Jason’s knowledge regarding both past and new technology is vast, and with a methodology and multiple wordlists with his name on it, he’s a true pilar of the BB community! 👊🏻❤️… https://t.co/lo43nwfNf0"
https://github.com/smiegles/certs | smiegles/certs: Parse X509 certificates to get the (sub)domains in it.
http://website.tld.zip/tar/rar/whateverarchive
https://twitter.com/ITSecurityguard/status/1011003962047295490 | Patrik Fehrenbach🤖 on Twitter: "Sunday’s recon: search for https://t.co/22kQSI9UZJ to find those juicy website backups :)… "
https://blog.it-securityguard.com/visual-recon-a-beginners-guide/ | [Tools] Visual Recon – A beginners guide | Patrik Fehrenbach
https://blog.it-securityguard.com/ | Patrik Fehrenbach | ¯\_(ツ)_/¯
https://blog.it-securityguard.com/a-tale-of-7-vulnerabilities-paypal-bug-bounty/ | [Bug Bounty] A Tale of 7 Vulnerabilities | Patrik Fehrenbach
https://github.com/tomnomnom | tomnomnom (Tom Hudson)
https://twitter.com/TomNomNom | TomNomNom (@TomNomNom) | Twitter
https://twitter.com/EdOverflow | Twitter
https://twitter.com/x1m_martijn | x1m (@x1m_martijn) | Twitter
https://twitter.com/NathOnSecurity | (2) Nathan (@NathOnSecurity) | Twitter
https://twitter.com/Th3G3nt3lman | Twitter
https://twitter.com/uraniumhacker | Twitter
https://twitter.com/santi_lopezz99 | Santiago Lopez (@santi_lopezz99) | Twitter
https://twitter.com/iamnoooob | Rahul Maini (@iamnoooob) | Twitter
https://twitter.com/bbuerhaus | Twitter
https://twitter.com/rootxharsh | Harsh Jaiswal (@rootxharsh) | Twitter
https://twitter.com/Paresh_parmar1 | Paresh (@Paresh_parmar1) | Twitter
https://twitter.com/Abdulahhusam | Twitter
https://twitter.com/ngalongc | Ron Chan (@ngalongc) | Twitter
https://twitter.com/Parth_Malhotra | Parth Malhotra (@Parth_Malhotra) | Twitter
https://twitter.com/prateek_0490 | Twitter
https://twitter.com/jigarthakkar39 | Jigar Thakkar (@jigarthakkar39) | Twitter
https://twitter.com/niksthehacker | nikhil (@niksthehacker) | Twitter
https://twitter.com/ehrishiraj | Twitter
https://twitter.com/princechaddha | Twitter
https://twitter.com/nnwakelam | naffy (@nnwakelam) | Twitter
https://twitter.com/infosec_au | shubs (@infosec_au) | Twitter
https://twitter.com/bhavukjain1 | Bhavuk Jain (@bhavukjain1) | Twitter
https://twitter.com/garagosy | Twitter
https://twitter.com/akhilreni_hs | Akhil Reni (@akhilreni_hs) | Twitter
https://twitter.com/ArbazKiraak | Arbaz Hussain (@ArbazKiraak) | Twitter

https://www.youtube.com/ | (245) YouTube
https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/ | SQL Injection Authentication Bypass Cheat Sheet | Penetration Testing Lab
https://www.youtube.com/watch?v=2ngGLMgjRVU&index=16&list=PLZOToVAK85Mr4CzRimmw4KD84yUjkEAEw | (245) ISSA Web Pen-testing Workshop - Part 2 - SQL Injection - YouTube
https://mahmoudsec.blogspot.com/2018/07/sql-injection-and-silly-waf.html | Mahmoud Gamal - Security Blogs: SQL Injection and A silly WAF
https://mahmoudsec.blogspot.com/2017/02/sql-injection-in-update-query-bug.html | Mahmoud Gamal - Security Blogs: SQL injection in an UPDATE query - a bug bounty story!
https://mahmoudsec.blogspot.com/2017/10/lets-steal-some-tokens.html | Mahmoud Gamal - Security Blogs: Let’s steal some tokens!
https://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html | Mahmoud Gamal - Security Blogs: XSS vulnerability in Google image search

https://appsecwiki.com/#/serversidesecurity?id=sql-injection | Server Side Security - Application Security Wiki
https://samsclass.info/129S/129S_S18.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
http://www.securityidiots.com/Web-Pentest/LFI/guide-to-lfi.html | Hand Guide To Local File Inclusion(LFI)
http://ccsf.granicus.com/MediaPlayer.php?view_id=5&clip_id=1085 | CNIT 129S - Securing Web Applications - Mar 14th, 2018
https://www.youtube.com/watch?v=HjnkoE3aiqk&t=3s | Your Morning Fix: Will Marathas be given reservation in jobs, education? - YouTube
https://www.facebook.com/phwdbot/videos/2104182979632696 | Facebook
https://hackerone.com/reports/232174 | #232174 XSS on $shop$.myshopify.com/admin/ and partners.shopify.com via whitelist bypass in SVG icon for sales channel applications
https://ngailong.wordpress.com/ | Ron Chan – My Bug Bounty Write Ups
https://www.arneswinnen.net/2016/02/the-tales-of-a-bug-bounty-hunter-10-interesting-vulnerabilities-in-instagram/ | The Tales of a Bug Bounty Hunter: 10 Interesting Vulnerabilities in Instagram – Arne Swinnen's Security Blog
https://www.arneswinnen.net/wp-content/uploads/2016/02/10-Interesting-Vulnerabilities-in-Instagram-Arne-Swinnen.pdf | Even Giants Make Mistakes: 10 Interesting vulnerabilities in Instagram
http://schd.ws/hosted_files/appseceurope2016/f7/OWASP%20AppSec%20EU%202016%20-%20The%20Tales%20of%20a%20Bug%20Bounty%20Hunter%20-%20Arne%20Swinnen.pdf | OWASP AppSec Europe 2016 template
https://www.hackerone.com/blog/how-to-command-injections | Command Injection Vulnerabilities | HackerOne
https://github.com/ewilded/shelling | ewilded/shelling: SHELLING - a comprehensive OS command injection payload generator
https://hackerone.com/arneswinnen?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Aarneswinnen&page=1 | arneswinnen's HackerOne Profile
https://www.arneswinnen.net/ | Arne Swinnen's Security Blog – Just Another Infosec Blog
https://hackerone.com/moskowsky?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Amoskowsky&page=1 | HackerOne
https://twitter.com/@mskwsky | Artem (@mskwsky) | Twitter
https://habr.com/users/moskowsky/ | Профиль moskowsky / Хабрахабр
https://medium.freecodecamp.org/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1 | How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties

https://appsecwiki.com/#/serversidesecurity?id=oauth-security | Server Side Security - Application Security Wiki
https://sakurity.com/oauth | Sakurity
https://www.owasp.org/images/6/61/20151215-Top_X_OAuth_2_Hacks-asanso.pdf | 20151215-Top_X_OAuth_2_Hacks-asanso.pdf
http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html | Top 10 OAuth 2 Implementation Vulnerabilities
https://www.youtube.com/watch?v=l3yThCIF7e4&t=0s&index=19&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | (231) Self XSS we’re not so different you and I - Mathias Karlsson - Security Fest 2017 - YouTube
https://www.youtube.com/watch?v=X0mV9HXbKHY&index=4&list=PLE8DZa6PJapwu3PPr9kj2iWC-tDVBY_Sd | (231) LevelUp 0x02 - Hacking OAuth 2.0 For Fun And Profit - YouTube
https://drive.google.com/file/d/1Qw3hhValdRAWNGJtLbbFYfKtaevkw4fQ/view | Hacking_OAuth2_0_for_fun_and_profit-Pranav_Hivarekar.pdf - Google Drive

https://security.stackexchange.com/questions/11868/difference-between-directory-traversal-and-file-inclusion | web application - Difference between directory traversal and file inclusion - Information Security Stack Exchange
https://preetshah90.blogspot.com/2017/03/upcoming-directorypath-traversal-vs-lfi.html | DIRECTORY/PATH TRAVERSAL vs LFI vs RFI | Preet Shah
https://www.youtube.com/channel/UCVLbzhxVTiTLiVKeGV7WEBg/playlists | (212) Tutorials Point (India) Pvt. Ltd. - YouTube
https://www.youtube.com/watch?v=TE2qYd-4CyI&list=PLWPirh4EWFpErPIVe3nIAet9TDxx1pBcd | (212) Java Essentials - Introduction to java essentials - YouTube
https://www.youtube.com/playlist?list=PLWPirh4EWFpH9r6Ka2-XskwTCQDc_yCr7 | Analysis of Investment - YouTube
https://www.youtube.com/watch?v=3mtr0ouSwRo&list=PLWPirh4EWFpFO9DnEwsLF4hjPio7aD9Qc | Android - Introduction - YouTube
https://www.youtube.com/watch?v=fHAfc7Hjq28&list=PLWPirh4EWFpGrpcMfZ6UcdI786QdtSxV8 | DBMS - Introduction - YouTube
https://www.youtube.com/watch?v=RE8pliq6y5U&list=PLWPirh4EWFpH79B3fG8eK4S53TUDaxYNE | Programming Language - YouTube
https://www.youtube.com/watch?v=ivomZN-WdTU&list=PLWPirh4EWFpEcnU9tOme3rTM9L0rXukuj&index=3 | Bootstrap - Getting Started - YouTube
https://www.youtube.com/watch?v=JcwjUNzlGg8&list=PLWPirh4EWFpFKYRhzNA_vHMNDNrhINruK | CSS - Introduction - YouTube
https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H | Android Penetration Testing Overview - YouTube
https://www.youtube.com/watch?v=DiP2MU_Ik_Q&list=PLWPirh4EWFpESKWJmrgQwmsnTrL_K93Wi&index=36 | Penetration Testing - Path Traversal Attack - YouTube

https://learningdl.net/?s=O%E2%80%99Reilly | Search for "O’Reilly" - LEARNING FOR LIFE
https://medium.com/codingthesmartway-com-blog/top-3-node-js-online-courses-fea1d145953f | Top 3 Node.js Online Courses – CodingTheSmartWay.com Blog – Medium
https://hackr.io/tutorial/nodejs-the-complete-guide-incl-mvc-rest-apis-graphql | Reviews of 'NodeJS - The Complete Guide (incl. MVC, REST APIs, GraphQL)' for learning Node.js | Hackr.io
https://drive.google.com/drive/folders/1vuLDYz5AEHEJ-bAe5tapcYC9ENR7P4c0 | [FreeCourseSite.com] Linux Academy Courses - Google Drive
https://drive.google.com/drive/folders/1Th4FiYe8Vm9xnkX6I8--qLo6wKduj_Fz | [FreeCourseSite.com] Udacity Course Archive - Google Drive
https://drive.google.com/drive/folders/1FEy_A5V93ZRO9Y9RAMDd0lvA6UA7D9qa | [FreeCourseSite.com] TreeHouse SiteRip - Google Drive
https://drive.google.com/drive/folders/15SydbHEndXhtCxUssj_hlPNa03Jb2U6A | [FreeCourseSite.com] Code4StartUP Course Collection - Google Drive
https://drive.google.com/drive/folders/1b6Saoaew9d4C5bTCJoHxEffqfEoGDk7N | the-complete-web-development-bootcamp - Google Drive
https://drive.google.com/file/d/1UGY7TZ0BhCFP_WCIxmZkdq8NRPUy4h9j/view | [FreeCourseSite.com] Design Patterns (Clean Coders).rar - Google Drive
https://www.udemy.com/user/maximilian-schwarzmuller/?key=taught_courses&taught_courses=2 | Maximilian Schwarzmüller | Professional Web Developer and Instructor | Udemy

https://learnflakes.net/?p=torrents&pid=10 | Torrent List | LearnFlakes.Net -Learning Community
https://learnflakes.net/?p=torrents&pid=10&action=details&tid=20425 | SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Includes Everything (2016) | LearnFlakes.Net -Learning Community
https://learnflakes.net/?p=torrents&pid=10&action=details&tid=16363 | SANS 504 USB 2016.7z | LearnFlakes.Net -Learning Community

https://web.archive.org/web/20170724015441/http://teamultimate.in:80/getting-started-with-metasploit/ | Getting Started With Metasploit - Ultimate Hackers
https://www.hackersclub.io/single-post/2016/03/08/Metasploit-Tutorial-From-Basic-To-Advance | Metasploit Tutorial From Basic To Advance | hackerclub
http://www.hackingarticles.in/penetration-testing/ | Penetration Testing, Metasploit Tutorial, Metasploit Hacking,Pentest Tutorials
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki
https://www.fwhibbit.es/guia-metasploitable-2-parte-2 | Guia Metasploitable 2: Parte 2 – Follow The White Rabbit

https://web.archive.org/web/20180214155256/http://www.iran-sec.net | Iran Security Group Iran Security Group
https://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/ | [BBP系列二] Uber XSS via Cookie | zhchbin
https://www.facebook.com/notes/mrityunjoy-emu/yahoo-mail-box-stored-xss-write-upbounty-rewarded-10000-usd/677948372401448/ | (1) YAHOO MAIL BOX STORED XSS (write up)Bounty Rewarded $10,000 USD
https://medium.com/@SyntaxError4/reflective-xss-and-open-redirect-on-indeed-com-subdomain-b4ab40e40c83 | Reflective XSS and Open Redirect on Indeed.com subdomain
https://docs.google.com/presentation/d/1v3Me8IWDuvSb1k96UB5RNyXE-hLHk0i6cf5MDJMaxuY/pub?slide=id.p | XSS FTW - Google Slides
https://prakharprasad.com/crlf-injection-http-response-splitting-explained/ | CRLF Injection / HTTP Response Splitting Explained
https://portswigger.net/blog/abusing-javascript-frameworks-to-bypass-xss-mitigations | Abusing JavaScript frameworks to bypass XSS mitigations | Blog
https://hackerone.com/reports/265528 | #265528 Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)
https://hackerone.com/reports/263226 | #263226 HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute
https://github.com/karelorigin/XSS-Problems/ | karelorigin/XSS-Problems
https://www.noob.ninja/2017/09/story-of-parameter-specific-xss.html | Story of a Parameter Specific XSS!
https://beta.hackndo.com/la-faille-xss/ | The XSS attack - hackndo
https://snyk.io/blog/xss-attacks-the-next-wave | XSS Attacks: The Next Wave | Snyk
https://medium.com/bugbountywriteup/how-i-bypassed-practos-firewall-and-triggered-a-xss-b30164a8f1dc | How i bypassed Practo’s firewall and triggered a XSS.
https://web.archive.org/web/20180221190804/https://teamultimate.in/bypass-waf-xss-easily/ | Bypass any WAF for XSS easily – Ultimate Hackers
https://web.archive.org/web/20170826064802/http://teamultimate.in/solution-of-googles-xss-challenge/ | Solution of Google's XSS Challenge [Explained] - Ultimate Hackers
https://web.archive.org/web/20170724015545/http://teamultimate.in:80/csrf-explained-tutorial-2/ | Cross Site Request Forgery (CSRF) Explained - 2 - Ultimate Hackers
https://web.archive.org/web/20170721111747/http://teamultimate.in:80/csrf-explained-tutorial-beginners/ | Cross Site Request Forgery (CSRF) Explained For Beginners
https://web.archive.org/web/20170720190655/http://teamultimate.in:80/xssight-xss-scanner-payload-injector-d3v/ | XSSight : XSS Scanner And Payload Injector By Team Ultimate
https://web.archive.org/web/20170716104543/http://teamultimate.in:80/nmap-port-scanning-techniques-explained/ | Nmap Port Scanning Techniques Explained - Ultimate Hackers
https://web.archive.org/web/20170723063604/http://teamultimate.in:80/botnet | What is Botnet? How does it works? - Ultimate Hackers
https://web.archive.org/web/20170720083516/http://teamultimate.in:80/reflected-xss-on-json-ajax-xml-based-web-apps/ | Reflected XSS on JSON, AJAX, XML based web apps - Ultimate Hackers
https://web.archive.org/web/20170718180926/http://teamultimate.in:80/how-hackers-hack-their-target/ | How Hackers Actually Hack Their Target? - Ultimate Hackers
https://web.archive.org/web/20170722132829/http://teamultimate.in:80/how-tor-works-complete-guide/ | What is Tor and how it works? The Anonymity Network Explained - Ultimate Hackers
https://web.archive.org/web/20170728042623/http://teamultimate.in:80/category/hacking-tutorials/sql-injection | SQL Injection Category - Ultimate Hackers
https://web.archive.org/web/20170805063136/http://teamultimate.in:80/breaching-databases-sqlmap | Breaching Databases In Minutes With SQLMap - Ultimate Hackers
https://web.archive.org/web/20170723011948/http://teamultimate.in:80/error-based-sql-injection/ | Breaching Databases With Error Based SQL Injection - Ultimate Hackers
https://web.archive.org/web/20170724200429/http://teamultimate.in:80/sql-injection-explained/ | SQL Injection Explained From Scratch - Ultimate Hackers
https://web.archive.org/web/20170724015441/http://teamultimate.in:80/getting-started-with-metasploit/ | Getting Started With Metasploit - Ultimate Hackers
https://web.archive.org/web/20170810032801/http://teamultimate.in:80/category/hacking-tutorials/xss | XSS Category - Ultimate Hackers
https://web.archive.org/web/20170802110344/http://teamultimate.in:80/finding-admin-panel-website | How to find Admin Panel of a website? - Ultimate Hackers
https://web.archive.org/web/20170728104340/http://teamultimate.in:80/category/hacking-tutorials/information-gathering/ | Information Gathering Category - Ultimate Hackers
https://web.archive.org/web/20170723061454/http://teamultimate.in:80/category/hacking-tutorials/ | Hacking Tutorials Category - Ultimate Hackers
https://web.archive.org/web/20170728045932/http://teamultimate.in:80/login-bypass-with-sql-injection | Login Bypass With SQL Injection - Ultimate Hackers
https://web.archive.org/web/20170822125456/http://teamultimate.in:80/category/hacking-tutorials/xss/ | XSS Category - Ultimate Hackers
https://medium.com/bugbountywriteup/900-xss-in-yahoo-recon-wins-65ee6d4bfcbd | 900$ XSS in yahoo ( Recon Wins ) – InfoSec Write-ups – Medium
https://medium.com/@th3g3nt3l | Th3G3nt3lman – Medium
https://blog.blackfan.ru/2017/09/devtwittercom-xss.html | '>">123\: [dev.twitter.com] XSS
https://blog.blackfan.ru/ | '>">123\

https://blogs.sap.com/2015/12/18/xss-cross-site-scripting-methodology-and-solutions/ | XSS (Cross-Site Scripting) – Methodology and Solutions | SAP Blogs
https://blogs.sap.com/2015/12/17/xss-cross-site-scripting-overview-with-contexts/ | XSS (Cross-Site Scripting) – Overview and Contexts | SAP Blogs
https://respectxss.blogspot.com/ | Respect XSS
https://www.youtube.com/watch?v=LCkyW7RE6Wk&index=12&list=PLzptvsiJ9waSQ8l2rQ_nmD_L68WAo6KQu | (127) Logan | Way Down We Go | Music Video - YouTube
https://www.youtube.com/watch?v=bHTxJIC_jGI | (127) Maximizing Burp - YouTube
https://securityweekly.com/2016/01/13/security-weekly-446-adrien-debeaupre/ | Security Weekly #446: Adrien DeBeaupre - Security Weekly
https://www.youtube.com/watch?v=rWGvesGWwqY | (127) Diwali with Bhakt | Pee News Interview by Dhruv Rathee ft. Akash Banerjee on crackers - YouTube

https://coursehunters.net/source/egghead | Видеокурсы от egghead.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/codecourse | Видеокурсы от Codecourse - Смотреть онлайн - страница 1
https://coursehunters.net/source/scotch-io | Видеокурсы от scotch.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/frontendmasters | Видеокурсы от Frontend Masters - Смотреть онлайн - страница 1
https://coursehunters.net/frontend | Видеоуроки Front-end - страница 1
https://www.facebook.com/ | Facebook

https://www.youtube.com/watch?v=vKudm1kDu8k | (120) SANS Webcast: Web Hacking with Burp Suite - YouTube
chrome://downloads/ | Downloads
https://support.portswigger.net/customer/portal/articles/1969845-using-burp-to-test-for-the-owasp-top-ten | Using Burp to Test for the OWASP Top Ten | Burp Suite Support Center
https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles | Burp Testing Methodologies | Burp Suite Support Center
https://learnflakes.net/?p=messages&pid=20&message_id=294817 | Messages | LearnFlakes.Net -Learning Community
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214 | A Fuzzing Approach to Credentials Discovery using Burp Intruder
https://www.youtube.com/results?search_query=cobalt | (120) cobalt - YouTube
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html | Open Redirect Cheat Sheet · Pentester Land
https://medium.com/@kankrale.rahul/dos-on-facebook-android-app-using-65530-characters-of-zero-width-no-break-space-db41ca8ded89 | DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE.
https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html | Source code disclosure via exposed .git folder · Pentester Land
https://www.peerlyst.com/posts/information-gathering-first-step-of-hacking-sachin-wagh?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | Information Gathering – First Step of Hacking by Sachin Wagh - ethical hacking, operations, stealth
https://medium.com/mrlulzsec/cross-origin-authentication-detection-ccc2186e5338 | Cross-origin Authentication Detection – MrLulzsec – Medium
https://medium.com/@alicanact60/my-first-0day-exploit-csp-bypass-reflected-xss-bugbounty-c7efa4bed3d7 | My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY
https://medium.com/@egeken/facebook-hidden-redirection-vulnerability-aeaaac0b9d73 | Facebook hidden redirection vulnerability – Ege Ken – Medium
https://mango.pdf.zone/stealing-chrome-cookies-without-a-password | Stealing Chrome cookies without a password
https://medium.com/@mrnikhilsri/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a | SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software
https://medium.com/@raushanraj_65039/google-sites-and-exploiting-same-origin-policy-d400bf569964 | Google sites and exploiting same origin policy. – Raushan Raj – Medium
https://medium.com/@brs.sgdc/google-stored-xss-in-payments-350cd7ba0d1b | Google Stored XSS in Payments – Barış Sağdıç – Medium
https://medium.com/@plenumlab/idor-in-jwt-and-the-shortest-token-you-will-ever-see-uid-1234567890-4e02377ea03a | IDOR IN JWT AND THE SHORTEST TOKEN YOU WILL EVER SEE {}.{“uid”: “1234567890”}
https://www.youtube.com/feed/subscriptions | (120) Subscriptions - YouTube
https://www.youtube.com/watch?v=3cLik5XS-Xo | Most ES6 Features Demonstrated In Less than 20 Minutes - YouTube
https://twitter.com/0ctac0der | Abhinav | 0ctac0der (@0ctac0der) | Twitter
https://github.com/SEC642/dojo-basic | SEC642/dojo-basic

https://pentesterlab.com/ | [PentesterLab] Learn Web Penetration Testing: The Right Way
https://www.hacksplaining.com/ | Learn to Hack
https://resources.infosecinstitute.com/dns-hacking/ | DNS Hacking (Beginner to Advanced)
https://github.com/Matir/pwnableweb | Matir/pwnableweb: PwnableWeb is a suite of web applications for use in information security training.
https://bitvijays.github.io/LFC-VulnerableMachines.html#port-scanning | CTF Series : Vulnerable Machines — tech.bitvijays.com
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/ | Pentest Tips and Tricks – EK
https://www.youtube.com/watch?v=foToVAIBCTQ | How i Hacked Yahoo, Twitter & Google! - YouTube
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/ | COMP 116: Introduction to Computer Security
https://github.com/rojan-rijal/pyrate | rojan-rijal/Pyrate: Practice Web App written in python with some vulnerabilities.
http://www.hackingarticles.in/web-penetration-testing/ | Web Penetration Testing - Hacking Articles
https://www.pentesteracademy.com/ | Pentester Academy: Learn Pentesting Online
https://www.youtube.com/watch?v=OcrmPMSjdSw&index=32&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | 32- SOP, CORS, CSP and Exploiting Misconfigured CORS - YouTube

https://www.youtube.com/watch?v=-y-OcymRcZs&t=1538s | (105) Bug Bounty Session - IDOR - YouTube
https://docs.google.com/presentation/d/e/2PACX-1vT6giXqLAWdBTP0_8WlQdq7QkC0_FduNWGWcwn8Krbhmcw898S7Y3JthE8_5ds9aIoTP9-rR1l3N-xL/pub?start=true&loop=true&delayms=15000&slide=id.g44f05bce04_0_0 | IDOR Session - Google Slides
https://appsecwiki.com/#/serversidesecurity?id=insecure-direct-object-referenceidor | Server Side Security - Application Security Wiki
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004) | Testing for Insecure Direct Object References (OTG-AUTHZ-004) - OWASP
https://www.bugcrowd.com/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/ | How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards | Bugcrowd
https://medium.com/@arbazhussain/idor-while-connecting-social-account-in-hackster-io-2296b316b7a7 | IDOR While Connecting Social Account in Hackster.io
https://blog.securitybreached.org/2018/09/16/idor-account-takeover-using-facebook/ | IDOR User Account Takeover By Connecting My Facebook Account with victims Account - Security Breached Blog
https://pentest.blog/how-to-test-horizontal-vertical-authorization-issues-in-web-application/ | How to Test Horizontal & Vertical Authorization Issues in Web Application ? – Pentest Blog
https://twitter.com/jon_bottarini/status/1049785550855520257 | Jon Bottarini on Twitter: "My latest #bugbounty writeup: A $2,500 IDOR in New Relic that allowed me to run NRQL queries and retrieve data from any New Relic account. You can read it here: https://t.co/GD6xqODEX0 Let me know what you think! #TogetherWeHitHarder #HackerOne… https://t.co/tj9QpqZp8A"
https://www.jonbottarini.com/2018/01/02/abusing-internal-api-to-achieve-idor-in-new-relic/ | Abusing internal API to achieve IDOR in New Relic | Security and Bug Hunting
https://twitter.com/jon_bottarini/status/952101275252019200 | Jon Bottarini on Twitter: "Here's my latest blog about a nice IDOR I found in @newrelic - through abusing one of their internal API's, I hope you find it interesting! https://t.co/NVXY7h4Aul #BugBounty #hackerone #writeup… https://t.co/Y2sTqqmMUy"
https://medium.com/@armaanpathan/idor-was-leading-to-privilege-escalation-and-violating-the-facebook-policy-355c67c654e6 | IDOR was leading to Privilege Escalation and violating the Facebook policy
https://www.bugbountynotes.com/training/tutorial?id=2 | BugBountyNotes.com | Collaborate and work with other security researchers on bug bounties
https://zseano.com/tutorials/2.html | zseano | UK Security Researcher
https://twitter.com/prateek_0490/status/987045280565678083 | Prateek Tiwari on Twitter: "#BugBounty Tip: If you’ve found an IDOR where you’re able to change data of others then don’t jump out of your seat to report it > modify it to XSS payload & if inputs are not sanitized & variables are echo’d without getting escaped then IDOR>XSS>ATO #TogetherWeHitHarder #InfoSec"
https://support.portswigger.net/customer/portal/articles/1965691-using-burp-to-test-for-insecure-direct-object-references | Using Burp to Test for Insecure Direct Object References | Burp Suite Support Center

https://twitter.com/albinowax | James Kettle (@albinowax) | Twitter
http://www.securitygalore.com/site3/advanced_web_application_attacks | Advanced web application attacks | Amit Klein's security corner
https://github.com/m4ll0k/Awesome-Hacking-Tools | m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
https://github.com/qazbnm456/awesome-web-security | qazbnm456/awesome-web-security: 🐶 A curated list of Web Security materials and resources.
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/Tristan-aemjk4h/Awesome-Hacking-Resources | Tristan-aemjk4h/Awesome-Hacking-Resources
https://github.com/enaqx/awesome-pentest#web-exploitation | enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things

https://twitter.com/s0md3v | Somdev Sangwan (@s0md3v) | Twitter
https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email | The most complete guide to finding anyone’s email
https://somdev.me/sop-and-cors/ | CORS, SOP & crossdomain.xml For Dummies – Somdev Sangwan
https://somdev.me/ | Learn | Think | Hack – Somdev Sangwan
https://somdev.me/sql-basics-for-sqli/ | Learn SQL for SQL Injection in 10 minutes – Somdev Sangwan
https://lab.wallarm.com/cache-poisoning-and-other-dirty-tricks-120468f1053f | Cache poisoning and other dirty tricks – Wallarm
https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec | 5 Easy Steps to Understanding JSON Web Tokens (JWT)
https://medium.com/bugbountywriteup/the-design-and-implementation-of-ssrf-attack-framework-550e9fda16ea | All you need to know about SSRF and how may we write tools to do auto-detect
https://github.com/s0md3v/AwesomeXSS | s0md3v/AwesomeXSS: Awesome XSS stuff
https://somdev.me/sop-and-cors/ | CORS, SOP & crossdomain.xml For Dummies – Somdev Sangwan
https://medium.freecodecamp.org/a-quick-introduction-to-web-security-f90beaf4dd41 | A quick introduction to web security – freeCodeCamp.org
https://skeletonscribe.net/ | James Kettle Research Overview

https://coursehunters.net/source/ihatetomatoes | Видеокурсы от ihatetomatoes - Смотреть онлайн - страница 1

https://www.youtube.com/watch?v=NwS87LTCmLc | (75) Why GraphQL Is Awesome - YouTube
https://github.com/alekseylovchikov/ch-download | alekseylovchikov/ch-download: download video from coursehunters.net
https://coursehunters.net/course/usvoyte-react-dlya-sozdaniya-realnyh-prilozheniy | Усвойте React для создания реальных приложений - Видеоуроки
https://coursehunters.net/course/polnyy-kurs-veb-razrabotchika-react-s-redux-2nd-edition | Полный курс веб-разработчика React (с Redux)(2nd edition) - Видеоуроки
https://coursehunters.net/course/sovremennyy-javascript-bootcamp-2018 | Современный JavaScript Bootcamp (2018) - Видеоуроки
https://coursehunters.net/source/leveluptutorials | Видеокурсы от LevelUpTutorials - Смотреть онлайн - страница 1
https://coursehunters.net/course/prodvinutyy-react-js-polnyy-kurs | Продвинутый React.js - Полный курс (Ryan Florence) - Видеоуроки
https://coursehunters.net/course/nachalo-raboty-s-javascript-dlya-veb-razrabotki | Начало работы с JavaScript для веб-разработки - Видеоуроки
https://coursehunters.net/course/sozdaem-mean-prilozhenie-codepost-full-stack | Создаем MEAN приложение "CodePost" - Full Stack - Видеоуроки
https://coursehunters.net/source/tyler-mcginnis | Видеокурсы от Tyler McGinnis - Смотреть онлайн - страница 1
https://coursehunters.net/course/stroim-prilozheniya-s-react-socket-io-i-rethinkdb | Строим приложения с React, Socket.io и RethinkDB - Видеоуроки
https://coursehunters.net/source/scotch-io | Видеокурсы от scotch.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/egghead | Видеокурсы от egghead.io - Смотреть онлайн - страница 1
https://coursehunters.net/course/javascript-klyuchevoe-slovo-this-v-glubine | JavaScript 'this' в глубине - Видеоуроки
https://coursehunters.net/course/sozdaem-komponent-s-react-on-rails | Создаем компонент с React on Rails - Видеоуроки
https://coursehunters.net/course/nachalo-raboty-s-react-storybook | Начало работы с React Storybook - Видеоуроки
https://www.udemy.com/modern-javascript-the-complete-course-build-10-projects/ | Modern JavaScript The Complete Course - Build +10 Projects | Udemy
https://coursehunters.net/course/vvedenie-v-struktury-dannyh-dlya-sobesedovaniy | Введение в структуры данных для собеседований - Видеоуроки
https://www.udemy.com/the-complete-junior-to-senior-web-developer-roadmap/ | The Complete Junior to Senior Web Developer Roadmap (2018) | Udemy
https://coursehunters.net/course/aws-dlya-front-end-inzhenerov | Быстрая разработка на AWS: React, Node.js и GraphQL - Видеоуроки
https://coursehunters.net/course/polnoe-rukovodstvo-razrabotchika-2018-ot-dzhunika-k-senoru | Полное руководство разработчика 2018: от джуника к сеньору - Курс
https://coursehunters.net/course/testirovanie-javascript | Тестирование JavaScript (Kent C. Dodds) - Видеоуроки
https://coursehunters.net/course/advanced-javascript | Advanced JavaScript (Tyler Mcginnis) - Видеоуроки
https://coursehunters.net/source/vueschool-io | Видеокурсы от vueschool.io - Смотреть онлайн - страница 1
https://coursehunters.net/course/luchshiy-javascript | Лучший Javascript (leveluptutorials) - Видеоуроки
https://coursehunters.net/course/vue-js-master-klass | Vue.js Мастер-класс (vueschool.io) - Видеоуроки
https://coursehunters.net/course/sozdayte-interaktivnoe-javascript-menyu | Создайте интерактивное javascript меню - Видеоуроки
https://coursehunters.net/source/codewithmosh-mosh-hamedani | Видеокурсы codewithmosh (Mosh Hamedani) - Смотреть онлайн - страница 1
https://coursehunters.net/course/react-catch-up | React Catch-up (Ryan Florence) - Видеоуроки
https://coursehunters.net/course/asinhronnyy-javascript | Асинхронный JavaScript (Asynchronous JavaScript) - Видеоуроки
https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | Основы JavaScript для начинающих - Видеоуроки
https://coursehunters.net/course/vvedenie-v-struktury-dannyh-dlya-sobesedovaniy | Введение в структуры данных для собеседований - Видеоуроки
https://coursehunters.net/backend | Видеоуроки Back-end - страница 1
https://www.npmjs.com/package/coursehunters-cli | coursehunters-cli - npm
https://github.com/alekseylovchikov/ch-download | alekseylovchikov/ch-download: download video from coursehunters.net

https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | XSS Filter Evasion Cheat Sheet - OWASP
https://www.youtube.com/ | (74) YouTube
https://www.facebook.com/ | Facebook

https://github.com/Rev3rseSecurity/WebMap?fbclid=IwAR1F_-n2Mezz4DYjBwsCp8Ea0IrG3LjmtVYiLE5UyKKQnunNWL3-a_dMGmQ | Rev3rseSecurity/WebMap: Nmap Web Dashboard and Reporting

https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-xss | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://appsecwiki.com/#/frontend | Frontend Security - Application Security Wiki
http://blog.ironwasp.org/2014/07/contexts-and-cross-site-scripting-brief.html | IronWASP - Open Source Advanced Web Security Testing Platform: Contexts and Cross-site Scripting - a brief intro
https://ardern.io/2017/12/10/blind-xss/ | Ode To Blind XSS - ardern.io
https://www.corben.io/archives/ | Archives – Corben Leo – Information Security Blog
https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html | Stored XSS, and SSRF in Google using the Dataset Publishing Language
https://twitter.com/hacker_/status/951527150628327425 | Corben Leo on Twitter: "☢ Write-Up Alert: "Chaining Bugs to Steal Yahoo Contacts!" https://t.co/I5KPWExwtK"
https://www.youtube.com/watch?v=VO2uBSfXZso&t=544s | Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi - AppSecUSA 2017 - YouTube
https://www.youtube.com/watch?v=lGdfE-bhQhg | AppSec EU 2017 LT Increasing Web Seurity With The Power Of HTTP Headers by Jose Manuel Ortega - YouTube
https://www.youtube.com/watch?v=bOSdFnFAYNc&t=8s | AppSec EU 2017 OWASP Juice Shop by Björn Kimminich - YouTube
https://www.youtube.com/watch?v=p07acPBi-qw | AppSec EU 2017 Don't Trust The DOM: Bypassing XSS Mitigations Via Script Gadgets by Sebastian Lekies - YouTube
https://www.youtube.com/watch?v=Hmu21p9ybWs | Zane Lackey - Practical tips for web application security in the age of agile and DevOps - YouTube
https://www.youtube.com/watch?v=qHhhg1CEJfY | Evan Johnson - Misconfigured CORS and why web appsec is not getting easier - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=22CKQ_xed9s | James Kettle - Exploiting CORS Misconfigurations for Bitcoins and Bounties - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=43G_nSTdxLk | Automating API Penetration Testing using fuzzapi - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=9C_DaebngYg | Keynote: 50 Shades of AppSec - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=G539NwvpL3I | New Methods in Automated XSS Detection - Ken Belva - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=V1c2cy2G3Wo | Wait, Wait! Don't pwn Me! - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=5r5GkJL7Dgg | PHP Security, Redefined - Chris Cornutt - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=tp4TgJeqPhU | Secure Authentication without the Need for Passwords - Don Malloy - AppSecUSA 2015 - YouTube

https://appsecwiki.com/#/frontend?id=learning | Frontend Security - Application Security Wiki
https://twitter.com/jonathanmarcil/status/1031728013442859008 | Jonathan Marcil on Twitter: "XSS defense summary credits: @manicode @OWASPOC… "
https://twitter.com/manicode | Jim Manico (@manicode) | Twitter
https://twitter.com/OWASPOC | OWASP OC (@OWASPOC) | Twitter
https://twitter.com/matir | David (@matir) | Twitter
https://github.com/jhaddix/XSS.png/blob/master/XSS2.png | XSS.png/XSS2.png at master · jhaddix/XSS.png
https://github.com/jhaddix/tbhm/blob/master/05_XSS.md | tbhm/05_XSS.md at master · jhaddix/tbhm
https://github.com/LucaBongiorni/XSS.png/blob/master/XSS.png | XSS.png/XSS.png at master · LucaBongiorni/XSS.png
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-xss | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018 | Introduction to Web Application Security - Blackhoodie US 2018
https://sites.google.com/site/testsitehacking/10k-host-header | $10k host header - Ezequiel Pereira
https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018?from_action=save | Introduction to Web Application Security - Blackhoodie US 2018
https://image.slidesharecdn.com/blackhoodieexternalpresentation-final-181002225116/95/introduction-to-web-application-security-blackhoodie-us-2018-119-638.jpg?cb=1538521022 | introduction-to-web-application-security-blackhoodie-us-2018-119-638.jpg (638×359)
https://image.slidesharecdn.com/blackhoodieexternalpresentation-final-181002225116/95/introduction-to-web-application-security-blackhoodie-us-2018-118-638.jpg?cb=1538521022 | introduction-to-web-application-security-blackhoodie-us-2018-118-638.jpg (638×359)

https://sqlbolt.com/lesson/filtering_sorting_query_results | SQLBolt - Learn SQL - SQL Lesson 4: Filtering and sorting Query results
https://pgexercises.com/questions/basic/ | PostgreSQL exercises
https://www.amazon.in/ref=nav_logo | Online Shopping site in India: Shop Online for Mobiles, Books, Watches, Shoes and More - Amazon.in
https://www.amazon.in/Printers/b/ref=dp_bc_3?ie=UTF8&node=1375443031 | Printers: Buy Printers Online at Low Prices in India - Amazon.in
https://www.owasp.org/images/1/19/OTGv4.pdf | OTGv4.pdf
https://www.youtube.com/watch?v=Tke1IqDj8wM | (61) How much money I make from YOUTUBE? | QNA#3 - YouTube

https://www.youtube.com/watch?v=9r0-Sga2bEg&list=WL&index=46 | (65) Keith Hoodlet: Bug Bounty Hunting - Paul's Security Weekly #564 - YouTube
https://www.youtube.com/watch?v=OjcMWUo4NHw&index=103&list=WL | (65) BSides Glasgow 2018 - Andy Gill and Brian Higgins - The Internet of Death - YouTube
https://www.youtube.com/watch?v=Xy1K8ODZC8w&index=125&list=WL | (65) Writing Secure JavaScript - YouTube
https://www.peerlyst.com/posts/video-3-5-hours-of-free-appsec-training-from-sunny-wear-via-brakeing-down-security-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | [Video] 3,5 hours of free AppSec training from Sunny Wear via Brakeing Down Security by Peerlyst - web application security training
https://drive.google.com/drive/folders/0B-qfQ-gWynwidlJ1YjgxakdPWDA | WebApp_Class - Google Drive
https://twitter.com/SunnyWear | Sunny Wear (@SunnyWear) | Twitter
https://www.amazon.com/Burp-Suite-Cookbook-Sunny-Wear/dp/178953173X?keywords=burp+suite+cookbook&qid=1538080978&sr=8-1-fkmrnull&ref=mp_s_a_1_fkmrnull_1 | Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite: Sunny Wear: 9781789531732: Amazon.com: Books
https://www.pluralsight.com/courses/web-application-penetration-testing-with-burp-suite | Web Application Penetration Testing with Burp Suite | Pluralsight
https://www.pluralsight.com/courses/advanced-web-application-penetration-testing-burp-suite | Advanced Web Application Penetration Testing with Burp Suite | Pluralsight
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
chrome://bookmarks/?id=18 | Bookmarks
https://www.torontowebsitedeveloper.com/hacking-resources | Hacking Resources | Peter YaworskiToronto Website Developer
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
http://h1.nobbd.de/ | The unofficial HackerOne disclosure Timeline
https://github.com/PaulSec/awesome-sec-talks | PaulSec/awesome-sec-talks: A collected list of awesome security talks
https://github.com/denysdovhan/bash-handbook | denysdovhan/bash-handbook: For those who wanna learn Bash
https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/ | Offensive Security Bookmarks – EK
https://groups.google.com/forum/m/#!topic/rsua-ts2014/bsDNBH0MrcU | Tutorials - Google Groups
https://www.youtube.com/watch?v=hRuNHUwiQJA | (65) An introduction to Android application security testing (by Nikolay Elenkov) - YouTube
https://github.com/m4ll0k/Awesome-Hacking-Tools | m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://www.facebook.com/NineHackers/?fref=gc&dti=328952157561088&hc_location=ufi | Nine Hackers - Home

https://samsclass.info/129S/129S_F16.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?v=UjAGqCFl74U | (63) CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2) - YouTube
https://security.love/CSRF-PoC-Genorator/ | https://security.love/CSRF-PoC-Genorator/
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/readings/index.html#week3 | COMP 116: Introduction to Computer Security - Required Readings
https://www.veracode.com/security/csrf | Guide to CSRF (Cross-Site Request Forgery) | Veracode
https://blog.codinghorror.com/cross-site-request-forgeries-and-you/ | Cross-Site Request Forgeries and You
https://www.cs.utexas.edu/~shmat/courses/cs378_spring09/zeller.pdf | zeller.pdf
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/readings/index.html#week3 | COMP 116: Introduction to Computer Security - Required Readings
https://www.youtube.com/watch?v=PBvFuVRCuMg | (63) What is CSRF? - YouTube
https://www.hacksplaining.com/ | Pick a Vulnerability to Learn About
https://www.youtube.com/watch?v=9JrzPX1pVjs | (63) XSRF Cross Site Request Forgery - YouTube
https://www.youtube.com/watch?v=vRBihr41JTo | Cross Site Request Forgery - Computerphile - YouTube
https://www.youtube.com/watch?v=GgaI6vi_IOM | How to Cross Site Forgery Request (CSRF) - YouTube
https://www.youtube.com/watch?v=hW2ONyxAySY | (63) Understanding CSRF, the video tutorial edition - YouTube
https://www.troyhunt.com/understanding-csrf-video-tutorial/ | Troy Hunt: Understanding CSRF, the video tutorial edition
https://www.youtube.com/watch?v=TwG0Rd0hr18 | (63) Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery) - YouTube
https://blog.zsec.uk/csrf-2018/ | Delivering Many a Payload via CSRF
https://www.google.co.in/search?q=CNIT+129S%3A+13%3A+Attacking+Users%3A+Other+Techniques+(Part+1+of+2)&oq=CNIT+129S%3A+13%3A+Attacking+Users%3A+Other+Techniques+(Part+1+of+2)&aqs=chrome..69i57j69i61l3.471j0j7&sourceid=chrome&ie=UTF-8 | CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2) - Google Search
https://samsclass.info/129S/129S_S18.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://samsclass.info/129S/lec/ch13a.pdf | ch13a.key
https://www.youtube.com/watch?v=yn1UQYAX7kk | (63) CNIT 129S - Securing Web Applications, April 25, 2018 Lecture - YouTube
https://samsclass.info/129S/129S_F16.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?v=w9_gx0yOLCc | (63) FilterCopy | How I Fell In Love With My Best Friend | Ft. Apoorva Arora and Rohan Shah - YouTube
https://www.youtube.com/watch?v=30WTWkFe910 | (63) Silicon Valley | Season 1-5 | The Best of Gavin Belson - YouTube

https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://samsclass.info/129S/lec/ch12a.pdf | ch12a.key
https://samsclass.info/129S/lec/ch12b.pdf | ch12b.key
http://attackdirect.samsclass.info/xss-extra.htm | Project 9x: XSS Extra Credit (Up to 25 pts.)
https://www.youtube.com/watch?v=pkAz9OYZ-HM | (35) CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3) - YouTube
https://www.youtube.com/watch?v=pkAz9OYZ-HM | CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3) - YouTube
https://www.youtube.com/playlist?list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj | Hacker101 - YouTube
https://www.youtube.com/watch?v=HGaFCcWM57U&index=4&t=0s&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj | Hacker101 - XSS and Authorization - YouTube
https://www.youtube.com/watch?v=gkMl1suyj3M&t=1s | Bugcrowd University - Cross Site Scripting (XSS) - YouTube
https://www.bugcrowd.com/university/ | Bugcrowd University | Bugcrowd
https://www.youtube.com/watch?v=WsyswW5F4Io&t=22s | Cross-site scripting (XSS) explained - YouTube
https://zseano.com/tutorials/4.html | zseano | UK Security Researcher
http://brutelogic.com.br/blog/ | Brute XSS - Master the art of Cross Site Scripting.
https://blog.sucuri.net/2016/04/what-is-an-xss-vulnerability.html | What is XSS? - Cross Site Scripting Vulnerability
https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting | Types of Cross-Site Scripting - OWASP
https://quanyang.github.io/the-abcs-of-xss/ | The ABCs of XSS – Quan Yang
https://brutelogic.com.br/blog/xss101/ | XSS 101 - Brute XSS
https://www.csoonline.com/article/3269028/malware/what-is-cross-site-scripting-xss-low-hanging-fruit-for-both-attackers-and-defenders.html | What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders | CSO Online
http://www.hackingarticles.in/beginners-guide-cross-site-scripting-xss/ | Beginners Guide to Cross Site Scripting (XSS)
https://www.veracode.com/security/xss | Cross-Site Scripting (XSS) Cheat Sheet | CA Veracode
https://attack.samsclass.info/vulnphp/vuln-messageboard.php | Vulnerable Message Board
https://attack.samsclass.info/xss.htm | XSS Demos
https://www.youtube.com/watch?v=AtRL06gBgeo | BSides Delhi 2017 - Doing recon like it’s 2017 - Bharath Kumar - YouTube
http://www.cs.tufts.edu/comp/20/hackme.php | Hack Me Playground
https://www.youtube.com/ | (35) YouTube

https://www.hackersclub.io/blog/page/10 | hackerclub
https://www.hackersclub.io/single-post/2016/02/12/Advanced-SQL-Injection | Advanced SQL Injection | hackerclub
https://www.hackersclub.io/single-post/2018/02/10/Exploiting-Buffer-Overflows | Exploiting Buffer Overflows | hackerclub
https://www.hackersclub.io/single-post/2016/08/20/How-to-Hack-Using-JavaScript-XSS-Brute-Force-BeEF | How to Hack Using JavaScript (XSS, Brute Force, BeEF) | hackerclub
https://www.hackersclub.io/blog/tag/wireshark | hackerclub
https://www.hackersclub.io/single-post/2016/04/17/Bash-Scripting-Basics-Part-1 | Bash Scripting Basics Part 1 | hackerclub
https://www.hackersclub.io/single-post/2016/04/05/Perl-Script-TCP-Attack | Perl Script: TCP Attack | hackerclub
https://www.hackersclub.io/single-post/2016/03/30/20-Different-Types-of-DDoS-Attacks | 20 Different Types of DDoS Attacks | hackerclub
https://www.hackersclub.io/single-post/2016/03/27/Scheduling-Tasks-with-Cron-Jobs | Scheduling Tasks with Cron Jobs | hackerclub
https://www.hackersclub.io/single-post/2016/03/25/11-great-Rails-libraries-we-use-on-every-project | 11 great Rails libraries we use on every project | hackerclub
https://www.hackersclub.io/single-post/2016/03/24/Creating-a-Backdoor-Using-Meterpreter | Creating a Backdoor Using Meterpreter | hackerclub
https://www.hackersclub.io/blog/tag/python | hackerclub
https://www.hackersclub.io/single-post/2016/03/21/Client-Side-Exploits-in-Metasploit | Client Side Exploits in Metasploit | hackerclub
https://www.hackersclub.io/single-post/2016/03/18/Pentesting-Tips-Scanning-your-network-for-Reflective-Amplification-DDoS | Pentesting Tips - Scanning your network for Reflective Amplification DDoS | hackerclub
https://www.hackersclub.io/single-post/2016/03/11/Hacking-With-Python-Basic-SSH-BotNet | Hacking With Python - Basic SSH BotNet | hackerclub
https://www.hackersclub.io/single-post/2016/03/09/How-To-Kill-The-Entire-Internet-Connection-Of-User-In-Single-Click | How To “Kill“ The Entire “Internet Connection“ Of User In Single Click | hackerclub
https://www.hackersclub.io/single-post/2016/03/08/Metasploit-Tutorial-From-Basic-To-Advance | Metasploit Tutorial From Basic To Advance | hackerclub

https://twitter.com/ | (*) Twitter
https://www.youtube.com/watch?v=4TBStYr8t4g&index=11&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | (27) 11- Hashing, How it works and why we need it. - YouTube
https://main.immersivelabs.online/labs/tcpdump-episode-1/ | Immersive Labs
http://alumni.cs.ucr.edu/~marios/ethereal-tcpdump.pdf | ethereal-tcpdump.pdf
https://www.tcpdump.org/manpages/tcpdump.1.html | Manpage of TCPDUMP
http://linuxcommand.org/lc3_lts0070.php | Learning the shell - Lesson 7: I/O Redirection
https://lab-content.immersivelabs.online/Tooling-and-Techniques/Linux-Command-Line/CheatSheet-Linux-Essentials.pdf | CheatSheet-Linux-Essentials.pdf
https://www.jpsecnetworks.com/ | jpsecnetworks.com
https://www.jpsecnetworks.com/week-3-oscp-preparation/ | Week 3 – OSCP Preparation / (Wireshark, tcpdump, Shell Script and Python) 2018-09-18 20:08:38
https://www.google.co.in/search?q=javascript+training+in+delhi&oq=javascript+training+in+delhi&aqs=chrome..69i57j0l3j69i64.6293j0j7&sourceid=chrome&ie=UTF-8 | javascript training in delhi - Google Search

https://www.youtube.com/ | (17) YouTube
https://www.blackroomsec.com/updated-hacking-challenge-site-links/ | Updated Hacking Challenge Site Links
https://www.malware-traffic-analysis.net/training-exercises.html | Malware-Traffic-Analysis.net - Traffic Analysis Exercises
https://holidayhackchallenge.com/past-challenges/ | The SANS Holiday Hack Challenge: Past Challenges
https://www.sans.org/course/web-app-penetration-testing-ethical-hacking | Web Application Penetration Testing Training | SANS SEC542
https://www.sans.org/course/defending-web-applications-security-essentials | Web Application Security Training Course | SANS | Web App Security
https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking | Advanced Web App Penetration Testing Training | SANS SEC642

https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://github.com/publiclab/plots2 | publiclab/plots2: a collaborative knowledge-exchange platform in Rails; we welcome first-time contributors!
http://www.speedtest.net/result/7683572079 | Speedtest by Ookla - The Global Broadband Speed Test
http://www.hackingarticles.in/web-penetration-testing/ | Web Penetration Testing - Hacking Articles
http://www.hackingarticles.in/penetration-testing/ | Penetration Testing, Metasploit Tutorial, Metasploit Hacking,Pentest Tutorials
https://stackoverflow.com/questions/46941346/how-to-know-the-git-username-and-email-saved-during-configuration | command line - How to know the git username and email saved during configuration? - Stack Overflow
https://alvinalexander.com/git/git-show-change-username-email-address | How to show or change your Git username or email address | alvinalexander.com
https://stackoverflow.com/questions/8801729/is-it-possible-to-have-different-git-config-for-different-projects | Is it possible to have different git config for different projects - Stack Overflow
https://web.whatsapp.com/ | (14) WhatsApp
https://www.google.co.in/search?q=change+the+ruby+version&oq=change+the+ruby+version+&aqs=chrome..69i57j0l5.223993j0j4&sourceid=chrome&ie=UTF-8 | change the ruby version - Google Search
https://rvm.io/rubies/default | RVM: Ruby Version Manager - 'rvm default' - setting default ruby for new terminals
https://code.publiclab.org/ | Community toolbox
https://unix.stackexchange.com/questions/1373/how-do-i-switch-from-an-unknown-shell-to-bash | How do I switch from an unknown shell to bash? - Unix & Linux Stack Exchange
https://gorails.com/setup/ubuntu/16.04 | Install Ruby On Rails on Ubuntu 16.04 Xenial Xerus | GoRails
https://superuser.com/questions/46748/how-do-i-make-bash-my-default-shell-on-ubuntu | How do I make Bash my default shell on Ubuntu? - Super User
https://www.tecmint.com/change-a-users-default-shell-in-linux/ | 3 Ways to Change a Users Default Shell in Linux

https://twitter.com/HanseSecure/status/1035398658517295104 | Florian Hansemann on Twitter: "Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans. #infosec #pentest https://t.co/SsilxmY4IS… https://t.co/PFloi4rf1h"
https://www.tecmint.com/nmap-command-examples/ | 29 Practical Examples of NMAP Commands for Linux System/Network Administrators
https://twitter.com/kmkz_security/status/1003999163594485760 | kmkz on Twitter: "The easy way to exploit OOB XXE by exfiltrating data : https://t.co/tlCHIXThdA"

https://www.youtube.com/results?search_query=How+To+DevOps+%28While+Sneaking+in+Security%29+ | (17) How To DevOps (While Sneaking in Security) - YouTube
https://www.twitch.tv/videos/316744940 | shehackspurple - OWASP DevSlop - Twitch
https://www.owasp.org/index.php/OWASP_DevSlop_Project | OWASP DevSlop Project - OWASP
https://www.cybrary.it/course/secure-coding/ | The FREE Secure Coding Training Course only at Cybrary
https://www.peerlyst.com/companies/peerlyst?trk=post_page_author | Posts related to "Peerlyst" | Peerlyst
https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=sr_1_2?s=books&ie=UTF8&qid=1483585805&sr=1-2&keywords=sunny+wear | SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25: Sunny Wear: 9781508929574: Amazon.com: Books
https://7minsec.com/blog/ | Blog — 7 Minute Security
https://7minsec.com/projects/github/ | Github Repos — 7 Minute Security
https://gist.github.com/braimee/2ef29a7732bdb0e77a6779c42a31bf68 | 7 Minute Security podcast episode guide · GitHub
https://7ms.us/7ms-318-interview-with-bjorn-kimminich-of-owasp-juice-shop/ | 7MS #318: Interview with Bjorn Kimminich of OWASP Juice Shop
https://summerofcode.withgoogle.com/ | Home | Google Summer of Code
https://www.sunnywear.org/ | Home | Sunshine Solutions, LLC
https://www.youtube.com/c/SunnyWear | (18) Sunny Wear - YouTube

https://twitter.com/ | (*) Twitter
https://twitter.com/ | (*) Twitter
chrome://bookmarks/?id=18 | Bookmarks
https://www.peerlyst.com/posts/ctf-write-ups-wiki-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | CTF write-ups wiki by Peerlyst - cryptography, peerlyst wiki, bsides | Peerlyst
https://cmdchallenge.com/ | Commandline Challenge
https://www.explainshell.com/ | explainshell.com - match command-line arguments to their help text
https://www.youtube.com/watch?v=oxuRxtrO2Ag | Beginner's Guide to the Bash Terminal - YouTube
https://www.youtube.com/user/BadEditPro/playlists | (17) Joe Collins - YouTube
https://github.com/cneill/appsec-resources/blob/master/training.md#star-the-basics | appsec-resources/training.md at master · cneill/appsec-resources · GitHub
https://blog.sucuri.net/2016/04/what-is-an-xss-vulnerability.html | What is XSS? - Cross Site Scripting Vulnerability
https://www.youtube.com/watch?v=hRuNHUwiQJA | An introduction to Android application security testing (by Nikolay Elenkov) - YouTube
https://infocon.org/cons/ | InfoCon Collection: Hacking Conference Audio and Video Archive
https://groups.google.com/forum/m/#!topic/rsua-ts2014/bsDNBH0MrcU | Учебные материалы - Google Groups
https://github.com/m4ll0k/Awesome-Hacking-Tools | GitHub - m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK-A | Murmus CTF - YouTube
https://www.youtube.com/watch?v=fRx1m9VrRqc&index=3&list=PLI7sA2luNRhlzMMpqw6oI8UtMcJV6bYSK | SecureNinjaTV Cyber Kung Fu Mod 02 Footprinting and Reconnaissance - YouTube
https://www.youtube.com/watch?time_continue=5&v=Q7psiw5rI4Y | OSCP DC719 Discussion - YouTube
https://www.youtube.com/channel/UC9gcFaGnsI9nEh0CmTfFPCg | (17) Arbin Godar - YouTube
https://www.youtube.com/watch?v=zi3yDovd0RY&feature=youtu.be | (17) Sunny Wear's Brakeing Down Security Web App Sec Training #1 - YouTube
https://drive.google.com/drive/folders/0B-qfQ-gWynwidlJ1YjgxakdPWDA | WebApp_Class - Google Drive
https://www.youtube.com/watch?v=0rXszCC0RCA&list=PLKa-QXCHOmEl-msqRc13vxBSS9DVTDREc | (17) CTF Beginnings: Introduction to Capture the Flag Events - YouTube
https://www.youtube.com/channel/UCOKjPk436MZRcnhzPOg49AQ/about | (17) Sunny Wear - YouTube
https://www.tripwire.com/state-of-security/devops/how-to-devops-while-sneaking-in-security/#.Wz3uN-RxyPo.twitter | BSides Springfield Preview: How To DevOps (While Sneaking in Security)
https://www.youtube.com/watch?v=Vp2nEtsCr-U | Exploit Kits: The Biggest Threat You Know Nothing About (Sunny Wear) - YouTube
https://www.sunnywear.org/ | Home | Sunshine Solutions, LLC
https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=asap_bc?ie=UTF8%C2%A0 | SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25: Sunny Wear: 9781508929574: Amazon.com: Books
https://www.amazon.com/Burp-Suite-Cookbook-Sunny-Wear/dp/178953173X?keywords=burp+suite+cookbook&qid=1538080978&sr=8-1-fkmrnull&ref=mp_s_a_1_fkmrnull_1 | Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite: Sunny Wear: 9781789531732: Amazon.com: Books
https://www.eventbrite.com/e/isc2-central-florida-chapter-web-application-pentesting-class-tickets-47929769230 | (ISC)2 Central Florida Chapter - Web Application Pentesting Class Tickets, Sat, Sep 22, 2018 at 8:00 AM | Eventbrite
https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw/playlists | (17) BDS Podcast - YouTube
http://hack.plus/search/XSS | Hack+

https://www.virustotal.com/#/file/0c829abde7968478bd3172e395116f701e7e1c08b69dbada64351aa8e5409543/community | VirusTotal
https://malwareconfig.com/config/17a07c64c9219c39d1b282f5cbfb4ef0/ | MalwareConfig - AlienSpy:
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-ii/ | Week 2 – OSCP Preparation / Linux Review Part II (Netstat, SS, NETCAT, NCAT ) 2018-09-14 19:29:50
https://www.jpsecnetworks.com/ | jpsecnetworks.com
https://public.attackdefense.com/members | AttackDefense.com Member Area
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://0x00sec.org/t/whats-the-most-anonymous-active-scanning-technique/5678 | Whats the most anonymous active scanning technique? - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/how-do-those-hacking-tools-work-the-art-of-port-scanning/619 | How do those hacking tools work? The Art of Port Scanning - Networking - 0x00sec - The Home of the Hacker
https://0x00sec.org/u/0x00pf/activity/topics | Profile - 0x00pf - 0x00sec - The Home of the Hacker
https://0x00sec.org/search?q=How%20do%20those%20hackers%20tool | Search results for 'How do those hackers tool' - 0x00sec - The Home of the Hacker
https://0x00sec.org/ | 0x00sec - The Home of the Hacker
https://0x00sec.org/t/wannabe-tutorials-section-1-part-4/1223 | Wannabe Tutorials: Section 1 Part 4 - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/whats-the-most-anonymous-active-scanning-technique/5678 | Whats the most anonymous active scanning technique? - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/recon-nmap-basics/977 | Recon: Nmap Basics - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/recon-gaining-credentials-with-nmap-scripts/984 | Recon: Gaining Credentials with Nmap Scripts - Reconnaissance - 0x00sec - The Home of the Hacker
https://crawl3r.info/my-go-to-port-scan-nmap/ | My go-to port scan (nmap) – Crawl3r
https://linux.die.net/man/1/nmap | nmap(1) - Linux man page
http://bitspyder.net/details.php?id=73180 | .:: Bitspyder.net :: Details for torrent "Metasploit (ITProTV)"
http://bitspyder.net/details.php?id=73180 | .:: Bitspyder.net :: Details for torrent "Metasploit (ITProTV)"
http://bitspyder.net/details.php?id=81049&filelist=1#filelist | .:: Bitspyder.net :: Details for torrent "ITPro TV Bundle"

https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/ | Week 1 - OSCP Preparation / LAB Setup 2018-09-05 22:20:19
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-i/ | Week 2 - OSCP Preparation / Linux Review Part I 2018-09-12 23:20:47
https://immersivelabs-dca.slack.com/messages/C902F4BN0/files/FCV6J4NLQ/ | general | ImmersiveLabs-DCA Slack
https://main.immersivelabs.online/labs/netcat/ | Immersive Labs
https://www.youtube.com/watch?v=S1GdWiiYiPI | (26) Netcat (Reverse TCP Persistence with Netcat) - Part 2: Writing Persistence Scripts (Python and VB) - YouTube
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/ | Hacking with Netcat part 2: Bind and reverse shells - Hacking Tutorials
https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g | (26) Don Does 30 Official - YouTube
https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/ | Hack Like a Pro: How to Use Netcat, the Swiss Army Knife of Hacking Tools « Null Byte :: WonderHowTo

https://training.peritusinfosec.com/courses/366780/lectures/5604538 | Proxy And Repeater | Peritus Training School
https://www.fwhibbit.es/burp-suite-ii-construyendo-un-objetivo-sitemap-spider | Burp Suite II: Construyendo un objetivo, Sitemap & Spider – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-iii-intercepter-repeater | Burp Suite III: Intercepter & Repeater – Follow The White Rabbit
https://www.sniferl4bs.com/2015/07/burpsuite-vii-match-and-replace.html | BurpSuite VII - Match and Replace, Modificaciones HTML, Encoding and decoding - Snifer@L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's
http://www.speedtest.net/result/7671181967 | Speedtest by Ookla - The Global Broadband Speed Test

https://enciphers.com/knoxss-vs-burpsuitea-practical-demonstration/ | Knoxss vs Burpsuite(A practical Demonstration) – Enciphers
https://enciphers.com/our-three-favorite-burp-suite-extensions-and-how-to-use-them/ | Our three favorite burp suite extensions and how to use them – Enciphers
https://enciphers.com/3-must-have-tools-for-penetration-testers/ | 3 must have tools for Penetration testers – Enciphers
https://main.immersivelabs.online/labs/burp-target-scope/ | Immersive Labs
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project | Category:OWASP Top Ten Project - OWASP
https://www.youtube.com/watch?v=ET07_kVbVhw&list=PLVB4HEKGduYEa4Rr5kQA9hxkhzpHIamPt&index=8 | (20) Basics of Web Application Penetration Testing - A1 Injection - YouTube
https://www.pentestgeek.com/web-applications/burp-suite-tutorial-1 | Burp Suite Tutorial - Web Application Penetration Testing
https://enciphers.com/utilizing-burpsuite-extensions/ | Utilizing Burpsuite Extensions – Enciphers
https://www.pentesteracademy.com/members | Member Area
https://www.youtube.com/watch?v=boHIjDHGmIo | (20) Burp Hacks for Bounty Hunters - YouTube
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214?show=fuzzing-approach-credentials-discovery-burp-intruder-33214&cat=testing | A Fuzzing Approach to Credentials Discovery using Burp Intruder
https://www.fwhibbit.es/?s=burp | Search results for "burp" - Follow The White Rabbit
https://www.youtube.com/watch?v=h2duGBZLEek | (20) Bugcrowd University - Introduction to Burp Suite - YouTube
https://www.sniferl4bs.com/2015/06/burpsuite-iv-configuracion-de.html | BurpSuite IV - Configuration of Digital Certificate, ProxyTOR ?, saving and recovering - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-viii-historia-de-peticiones.html | BurpSuite VIII - History of requests, Comparing Sitemaps, Report of Vulnerabilities - Snifer @ L4b's

https://www.allmytweets.net/ | All My Tweets - View all your tweets on one page.
https://enciphers.com/2018/01/24/different-tricks-to-get-xss/ | Page not found – Enciphers
https://enciphers.com/2018/01/25/how-to-exploit-xxe-vulnerabilities/ | Page not found – Enciphers
http://codegrazer.com/blog/7-reflected-xss.html | Codegrazer: 7 Reflected Cross-site Scripting (XSS)
https://github.com/keon/algorithms/blob/master/algorithms/maths/primes_sieve_of_eratosthenes.py | algorithms/primes_sieve_of_eratosthenes.py at master · keon/algorithms
http://www.cs.tufts.edu/comp/116/archive/ | COMP 116: Introduction to Computer Security - Final Project Archive
https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/ | An Intro to x86_64 Reverse Engineering | Leo Tindall
https://leotindall.com/tutorial/additional-exercises-in-reverse-engineering/ | Additional Exercises in Reverse Engineering | Leo Tindall
https://leotindall.com/post/pdf-embedding-attacks/ | PDF Embedding Attacks | Leo Tindall
https://ajinabraham.com/static/Ajin_Abraham_Resume.pdf | Ajin Abraham - VisualCV
https://github.com/orangetw/My-CTF-Web-Challenges | orangetw/My-CTF-Web-Challenges: Collection of CTF Web challenges I made
https://twitter.com/tvmpt/status/908283005608886272 | TvM on Twitter: "Perseverance is the best advice to new bug hunters...… "
http://codegrazer.com/ | CodeGrazer: Penetration Testing Services
http://codegrazer.com/conference/dc151.html | Codegrazer: The Bug bounty scene: how to start with bug bounties
http://codegrazer.com/blog/7-reflected-xss.html | Codegrazer: 7 Reflected Cross-site Scripting (XSS)

https://www.netflix.com/browse | Netflix
https://twitter.com/g33kyshivam | (1) Shivam Goyal (@g33kyshivam) | Twitter
https://movaxbx.ru/2018/09/16/privilege-escalation-post-exploitation/ | MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers Privilege Escalation & Post-Exploitation
http://www.webappsec.org/projects/articles/071105.shtml | [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
https://medium.com/ehsahil/basic-penetration-testing-lab-1-7544969cb3ac | Basic Penetration testing lab — 1 – ehsahil – Medium
https://twitter.com/shehackspurple/status/1041695362438897665 | Tanya Janca on Twitter: "Thread: Are you looking for a mentor in the InfoSec field? Are you willing to take someone under your wing and become a mentor? Many people ask me to help them find someone and other's offer to help, this thread is for all of you. Please reply if you are looking or offering."
https://www.twitch.tv/shehackspurple | shehackspurple - Twitch
https://www.peerlyst.com/posts/the-how-to-become-infosec-job-title-collection-nicole-lamoureux?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | The How To Become {Infosec Job Title} Collection by Nicole Lamoureux - career, information security, workforce shortage | Peerlyst
https://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html | Privilege Escalation - Linux · pentestbook
https://medium.com/@pentest_it/how-to-intercept-tor-hidden-service-requests-with-burp-proxy-6214035963a0 | How to intercept TOR hidden service requests with Burp
https://pinkysplanet.net/simple-linux-x86-buffer-overflow/ | Simple Linux x86 Buffer Overflow
https://breakermag.com/a-bug-bounty-hunter-tells-all/ | A bug bounty hunter tells all
https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html | Passing OSCP - scund00r
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/ | COMP 116: Introduction to Computer Security
https://www.youtube.com/?pbjreload=10 | (11) YouTube
https://www.youtube.com/watch?v=XFckmtISfJk | (11) Unboxing Every iPhone XS + XS Max - YouTube
http://www.speedtest.net/ | Speedtest by Ookla - The Global Broadband Speed Test

https://www.facebook.com/saved/?cref=28 | Saved
https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/ | PWK/OSCP – Stack Buffer Overflow Practice – vortex's blog
https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_slides.pdf | dostackbufferoverflowgood/dostackbufferoverflowgood_slides.pdf at master · justinsteven/dostackbufferoverflowgood
https://www.youtube.com/channel/UCCBmFvsR6sIPrmjSVVxY9ng/channels | (1) Justin Steven - YouTube
https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_tutorial.pdf | dostackbufferoverflowgood/dostackbufferoverflowgood_tutorial.pdf at master · justinsteven/dostackbufferoverflowgood
https://linuxize.com/post/getting-started-with-tmux/ | Getting started with Tmux | Linuxize
https://linuxize.com/post/how-to-use-scp-command-to-securely-transfer-files/ | How to Use SCP Command to Securely Transfer Files | Linuxize
https://linuxize.com/post/how-to-enable-ssh-on-ubuntu-18-04/ | How to Enable SSH on Ubuntu 18.04 | Linuxize
https://linuxize.com/post/how-to-create-and-extract-archives-using-the-tar-command-in-linux/ | How to Create and Extract Archives Using the Tar Command in Linux | Linuxize
https://linuxize.com/post/how-to-unzip-files-in-linux/ | How to Unzip Files in Linux | Linuxize
https://linuxize.com/post/how-to-kill-a-process-in-linux/ | How to Kill a Process in Linux | Linuxize
https://linuxize.com/post/curl-command-examples/ | Curl Command Examples | Linuxize
https://linuxize.com/post/how-to-list-users-in-linux/ | How to List Users in Linux | Linuxize
https://linuxize.com/post/wget-command-examples/ | Wget Command Examples | Linuxize
https://linuxize.com/post/how-to-deploy-rocket-chat-on-ubuntu-18-04/ | How to Deploy Rocket.Chat on Ubuntu 18.04 | Linuxize
https://linuxize.com/post/how-to-find-files-in-linux-using-the-command-line/ | How to Find Files in Linux Using the Command Line | Linuxize
https://linuxize.com/post/how-to-use-linux-screen/ | How To Use Linux Screen | Linuxize
https://linuxize.com/post/create-a-linux-swap-file/ | Create a Linux Swap File | Linuxize
https://linuxize.com/post/how-to-create-and-manage-cron-jobs/ | How to create and manage cron jobs | Linuxize
https://medium.com/@protector47/persistent-cross-site-scripting-on-redacted-worth-2-000-1e760617ccab | Persistent Cross-Site Scripting on redacted worth $2,000
https://github.com/MistSpark | MistSpark (Omar_Ahmed)
https://github.com/MistSpark/OSCP_Review | MistSpark/OSCP_Review
https://www.facebook.com/groups/oscpsg/permalink/1912283138864720/ | OSCP Study Group
https://blog.techorganic.com/2012/10/16/introduction-to-pivoting-part-3-ncat/ | Introduction to pivoting, Part 3: Ncat – Techorganic – Musings from the brainpan
https://www.facebook.com/ieeemsit/posts/2476178855755461 | IEEE MSIT - Posts

https://immersivelabs-dca.slack.com/messages/C902F4BN0/details/ | general | ImmersiveLabs-DCA Slack
file:///home/g33kyshivam/Downloads/Java%20Class%20Notes.pdf | Java Class Notes
https://www.youtube.com/feed/subscriptions | (7) Subscriptions - YouTube

https://mail.google.com/mail/u/0/?pli=1#inbox | Inbox (1,410) - shivam.goyal397@gmail.com - Gmail
https://www.facebook.com/ | Facebook

https://www.youtube.com/watch?v=jPSuZI7gYPA | SSLstrip - Working and Prevention ! HSTS vs 301 redirect ! Reality vs Myths - YouTube
https://www.youtube.com/ | YouTube
https://hacksandsecurity.org/posts/understating-asymmetric-and-symmetric-key-cryptography-hash-functions-mitm-attacks-salts | Understating asymmetric and symmetric key cryptography, hash functions, MITM attacks, Salts, Bruteforce attacks and more | Hacks and Security
https://www.youtube.com/playlist?list=PLf8bMP4RWebLVGpUnhji9Olkj1jdXfzFd | cryptography - YouTube
https://www.jpsecnetworks.com/oscp-the-challenge-begins/ | OSCP, the challenge begins! – JPSecNetworks
https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/ | Week 1 – OSCP Preparation / LAB Setup – JPSecNetworks
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-i/ | Week 2 – OSCP Preparation / Linux Review Part I – JPSecNetworks
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-ii/ | Week 2 – OSCP Preparation / Linux Review Part II (Netstat, SS, NETCAT, NCAT ) – JPSecNetworks

https://doge.codes/php?utm_source=telegram&utm_medium=promo_post&utm_campaign=php1&utm_content=web_fl | Online course on the basics of PHP | Doge Codes
https://www.codingninjas.in/app/payment | Online Programming/Coding Courses/Classes, Practice Coding Online: Coding Ninjas
https://www.youtube.com/feed/subscriptions | Subscriptions - YouTube

http://www.pepcoding.com/resources.html | PepCoding.com
http://www.pepcoding.com/PepTool/?path=0core/2lect2/8pat8 | PepCoding - For programming excellence and peace
https://www.hackerrank.com/contests/pepsep2018/leaderboard | Leaderboard | HackerRank
https://www.hackerrank.com/contests/pepsep2018/challenges/pep-java-1gettingstarted-14pattern8/leaderboard | Pep_Java_1GettingStarted_14Pattern8 Leaderboard | PepSep2018 Question | Contests | HackerRank
https://www.hackerrank.com/contests/pepsep2018/challenges/pep-java-1gettingstarted-15pattern9 | Pep_Java_1GettingStarted_15Pattern9 | PepSep2018 Question | Contests | HackerRank
https://www.hackerrank.com/contests/pepsep2018/challenges/pep-java-1gettingstarted-16pattern10 | Pep_Java_1GettingStarted_16Pattern10 | PepSep2018 Question | Contests | HackerRank

https://twitter.com/rag_sec | RagSec (@rag_sec) | Twitter
https://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/ | MySQL SQL Injection Practical Cheat Sheet - Perspective Risk
https://github.com/NetSPI/PowerUpSQL | NetSPI/PowerUpSQL: PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
http://www.fuzzysecurity.com/tutorials/16.html | http://www.fuzzysecurity.com/tutorials/16.html
https://www.askapache.com/hacking/changing-password-xp/ | Changing Any Password On XP
https://www.google.co.in/search?q=sennheiser%20delhi&oq=senhister+del&aqs=chrome.2.69i57j0l5.3850j0j7&sourceid=chrome&ie=UTF-8&npsic=0&rflfq=1&rlha=0&rllag=28555657,77146795,11016&tbm=lcl&rldimm=11577421290328404015&lqi=ChBzZW5uaGVpc2VyIGRlbGhpIgOIAQE&ved=2ahUKEwijuam16KrdAhWHtI8KHZV_DLUQvS4wAXoECAYQIg&rldoc=1&tbs=lrf:!2m4!1e17!4m2!17m1!1e2!2m1!1e3!2m1!1e16!3sIAE,lf:1,lf_ui:4#rlfi=hd:;si:11577421290328404015,l,ChBzZW5uaGVpc2VyIGRlbGhpIgOIAQE;mv:!3m12!1m3!1d84107.26859113981!2d77.14679525!3d28.555657299999996!2m3!1f0!2f0!3f0!3m2!1i231!2i288!4f13.1;tbs:lrf:!2m1!1e3!2m1!1e16!2m4!1e17!4m2!17m1!1e2!3sIAE,lf:1,lf_ui:4 | sennheiser delhi - Google Search
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/ | Windows Privilege Escalation Methods for Pentesters – Pentest Blog
https://www.cybrary.it/0p3n/windows-xp-netapi-exploitation/ | Windows XP Netapi Exploitation - Cybrary

https://www.youtube.com/watch?v=ztHopE5Wnpc&t=7920s | (73) Database Design Course - Learn how to design and plan a database for beginners - YouTube
https://www.youtube.com/watch?v=3W5zFjedIrk&list=PL_c9BZzLwBRKn20DFbNeLAAbw4ZMTlZPH&index=4 | (73) MySQL 4 - Beginner Terms Part 1 - YouTube
https://www.youtube.com/user/CalebTheVideoMaker2/playlists | (73) Caleb Curry - YouTube
https://main.immersivelabs.online/cyber-skills/skills/skill-set/ethical-infrastructure-hacking | Immersive Labs
https://main.immersivelabs.online/cyber-skills/skills/skill-set/ethical-web-hacking | Immersive Labs

http://www.speedtest.net/result/7601977469 | Speedtest by Ookla - The Global Broadband Speed Test
https://www.youtube.com/ | (55) YouTube
https://www.guru99.com/database-normalization.html | What is Normalization? 1NF, 2NF, 3NF & BCNF with Examples
https://www.calebcurry.com/freecodecamp-database-design-full-course/ | freeCodeCamp Database Design Full Course - Caleb Curry
https://www.tv-subs.com/subtitles/mr-robot-season-1-episode-2-english-8182 | Mr.Robot.S01E02.720p.HDTV.x264-KILLERS English subtitle

https://www.youtube.com/playlist?list=PLp4w7b_XLssRTl34st7tMeRA0emwz0vTr | (54) Website Hacking (Sql Injection) - YouTube
https://www.youtube.com/watch?v=rapaRJDO3vA | (54) SQL Injection Tutorial For Beginners - Kali Linux - #1 - YouTube
https://www.youtube.com/watch?v=dzj9Y2ahYx8&t=3s | (54) Introduction to SQL Injection with SQLMap - YouTube
https://www.youtube.com/watch?v=ciNHn38EyRc | Running an SQL Injection Attack - Computerphile - YouTube
https://www.youtube.com/watch?v=WFFQw01EYHM | (54) SQL Injection Attack Tutorial (2018) - YouTube
https://www.youtube.com/watch?v=_jKylhJtPmI | (54) Hacking Websites with SQL Injection - Computerphile - YouTube
https://main.immersivelabs.online/labs/web-applications-sql-injection/ethical-web-hacking | Immersive Labs
https://www.youtube.com/watch?v=BR-VeQUoRCw&index=2&list=PLZOToVAK85Mr4CzRimmw4KD84yUjkEAEw&t=0s | SQL Injection Explained - Part 1: The Basics - YouTube
https://www.acunetix.com/websitesecurity/blind-sql-injection/ | Blind SQL Injection: What is it? | Acunetix
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://www.w3schools.com/sql/sql_injection.asp | SQL Injection
https://www.veracode.com/security/sql-injection | SQL Injection Cheat Sheet & Tutorial | CA Veracode
http://www.cs.tufts.edu/comp/20/hackme.php | Hack Me Playground
https://www.twitch.tv/techlahoma/videos/all | techlahoma's Videos - Twitch
https://www.meetup.com/OKCSQL/events/ | Upcoming Events | OKC SQL Server User Group (Oklahoma City, OK) | Meetup
https://mail.google.com/mail/u/0/#inbox/FMfcgxvzKQldWMktczDtzGFhvZTFDfdF | Techlahoma Foundation has invited you to join a Slack workspace - shivam.goyal397@gmail.com - Gmail
https://techlahoma.slack.com/join/invite/enQtNDI3ODg0MzIwNzczLWE3OWY1YTI3MmU1ZGJhNTFkZWU0NzEzOTMxNjJmMDc0YWNlN2ZhMDM1OGJhYjdlMzNiNzgyMjdjYTgyMDU3OGI | Create Account | Slack

https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit | How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki
https://www.hackers-arise.com/single-post/2017/02/06/Metasploit-Basics-Part-3-Payloads | Metasploit Basics, Part 3: Payloads | hackers-arise
https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/ | Deep Dive Into Stageless Meterpreter Payloads
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki

https://main.immersivelabs.online/labs/sqlmap/ | Immersive Labs
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit | How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki
https://www.hackers-arise.com/single-post/2017/02/06/Metasploit-Basics-Part-3-Payloads | Metasploit Basics, Part 3: Payloads | hackers-arise
https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/ | Deep Dive Into Stageless Meterpreter Payloads
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki
https://www.youtube.com/watch?v=_jKylhJtPmI | (53) Hacking Websites with SQL Injection - Computerphile - YouTube
https://www.youtube.com/watch?v=WFFQw01EYHM | SQL Injection Attack Tutorial (2018) - YouTube
https://www.youtube.com/watch?v=ciNHn38EyRc | Running an SQL Injection Attack - Computerphile - YouTube
https://www.youtube.com/watch?v=dzj9Y2ahYx8&t=3s | Introduction to SQL Injection with SQLMap - YouTube
https://www.youtube.com/watch?v=rapaRJDO3vA | SQL Injection Tutorial For Beginners - Kali Linux - #1 - YouTube
https://www.youtube.com/playlist?list=PLp4w7b_XLssRTl34st7tMeRA0emwz0vTr | (53) Website Hacking (Sql Injection) - YouTube

http://linuxcommand.org/lc3_lts0090.php | Learning the shell - Lesson 9: Permissions
https://lab-content.immersivelabs.online/Tooling-and-Techniques/Linux-Command-Line/CheatSheet-Linux-Essentials.pdf | CheatSheet-Linux-Essentials.pdf
http://www.comptechdoc.org/os/linux/usersguide/linux_ugbasics.html | Basic Linux Commands
https://www.cyberciti.biz/faq/find-unix-linux-hidden-directories/ | Linux / Unix: Find Hidden Directories, Files and Folders - nixCraft
https://crawl3r.info/should-students-use-immersive-labs/ | Should students use Immersive Labs? – Crawl3r
https://slides.com/g33kyshivam/linux-101/edit | Edit: Linux 101
https://www.youtube.com/ | (19) YouTube

https://www.sniferl4bs.com/2015/07/burpsuite-vii-match-and-replace.html | BurpSuite VII - Match and Replace, HTML Modifications, Encoding and decoding - Snifer @ L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guide to use BurpSuite in Spanish - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-xii-analisis-web-owasp_13.html | BurpSuite XIII - Análisis Web OWASP - Descubriendo directorios y ficheros ocultos - Snifer@L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-viii-historia-de-peticiones.html | BurpSuite VIII - History of requests, Comparing Sitemaps, Report of Vulnerabilities - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-x-metodologia-de-analisis-web.html | BurpSuite X - Web Analysis Methodology with Owasp - Snifer @ L4b's

http://www.gaza-hacker.net/cc/index.html | فريق قراصنة غزة || Gaza Hacker Team
https://www.facebook.com/Melegy.GHI | (1) Ahmed El Melegy

https://training.peritusinfosec.com/courses/366780/lectures/5602752 | Exercise | Peritus Training School
https://www.youtube.com/watch?v=6fRKlf1DsZU | (45) OWASP AppsecEU13 - Nicolas Grgoire : Burp Suite Pro Real life tips and tricks - YouTube
https://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-http-methods-using-netcat | Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos)
https://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 | https://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
https://www.youtube.com/watch?v=Tosp-JyWVS4&t=0s&list=PLZOToVAK85MrsyNmNp0yyUTBXqKRTh623&index=56 | (45) Introduction to HTTP Parameter Pollution (HPP) Attack - YouTube
https://learnflakes.net/?p=home&pid=1 | LearnFlakes.Net -Learning Community

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/xdavidhu | xdavidhu (@xdavidhu) | Twitter
https://xdavidhu.me/ | [xdavidhu]
https://github.com/xdavidhu?tab=stars | xdavidhu (David Schütz) / Starred
https://regala.im/2018/08/18/choosing-programs/ | [HackerOne] - Prioritizing and choosing a program to focus on
https://blog.netspi.com/15-ways-to-download-a-file/ | 15 Ways to Download a File
https://twitter.com/_wix1 | Mu (@_wix1) | Twitter
https://twitter.com/HanseSecure | (1) Florian Hansemann (@HanseSecure) | Twitter
https://twitter.com/cyberboyIndia | Shashank (@cyberboyIndia) | Twitter

https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=kFLx7d1H0qc | (22) Uno Funny Moments - Delirious, Uno Champion of the World?? - YouTube
https://h4ck.co/oscp-journey-exam-lab-prep-tips/ | OSCP Journey: Exam & Lab Prep Tips – h4ck.co
https://coursehunters.net/ | Learn, Bleat! - Video courses for developers

https://www.shawarkhan.com/2018/08/who-am-i.html | Who am i? | Shawar Khan
https://www.w3schools.com/jsref/met_win_scrollby.asp | Window scrollBy() Method
https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://www.techmedia.com.ng/2018/05/interview-with-rodolfo-assis-brutelogic-security-researcher-from-brazil/ | ERROR 404 - Techmedia NG
https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745 | XXE on Windows system …then what ?? – Hamada – Medium
http://www.amanhardikar.com/mindmaps/Practice.html | www.amanhardikar.com/mindmaps/Practice.html
https://medium.com/@rojanrijal/hack-more-learn-more-earn-more-and-get-invited-more-ef581ff0ac7a | Hack more, learn more, earn more and get invited more.
https://dev.to/bjhaid_93/beginners-guide-to-fetching-data-with-ajax-fetch-api--asyncawait-3m1l | Beginners Guide To Fetching Data With (AJAX, Fetch API & Async/Await) - DEV Community 👩‍💻👨‍💻

https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's

https://www.sniferl4bs.com/p/guia-de-uso-de-zap-en-espanol.html | Zed Attack Proxy (ZAP) User Guide in Spanish - Snifer @ L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's
https://www.sniferl4bs.com/2018/05/wireshark-101-exportar-objetos-http.html | Wireshark 101: Exportar objetos HTTP, DICOM, SMB, TFTP - Snifer@L4b's
https://www.sniferl4bs.com/2016/06/hacking-101-politica-del-mismo-origen.html | Hacking 101 - Política del mismo origen (Same Origin Policy) SOP - Snifer@L4b's
https://www.sniferl4bs.com/2016/09/coleccion-de-retos-sobre-xss-cross-site.html | Colección de Retos sobre XSS - Cross Site Scripting - Snifer@L4b's
https://www.sniferl4bs.com/2016/02/hacking-101-fingerprinting-aplicaciones.html | Hacking 101 - Fingerprinting Aplicaciones Web - Snifer@L4b's
https://underc0de.org/foro/talleres-underc0de-213/taller-de-seguridad-web-1/ | Privacy error
https://www.sniferl4bs.com/2013/04/comprendiendo-un-csrf-o-xsrf-cross-site.html | Comprendiendo un CSRF o XSRF (Cross Site Request Forgery) - Snifer@L4b's

http://www.kneda.net/documentos/Pentesting%20con%20kali.pdf | Pentesting con kali.pdf

https://www.youtube.com/feed/subscriptions | (3) Subscriptions - YouTube

https://www.fwhibbit.es/category/recoleccion-informacion/page/3 | Recolección de información – Página 3 – Follow The White Rabbit
https://www.fwhibbit.es/category/hacking-wifi/page/2 | Hacking WiFi – Página 2 – Follow The White Rabbit
https://www.fwhibbit.es/network-miner-examen-forense-de-capturas-de-red | Network Miner - Network capture forensic exam - Follow The White Rabbit
https://www.fwhibbit.es/deteccion-de-origenes-de-trafico-con-scapy-parte-1 | Traffic origination detection with Scapy - Part 1 - Follow The White Rabbit
https://www.fwhibbit.es/analisis-basico-de-ficheros-pcap | Basic analysis of PCAP files - Follow The White Rabbit
https://www.fwhibbit.es/the-samurai-path-scapy-parte-1 | The Samurai Path – Scapy (Parte 1) – Follow The White Rabbit
https://www.fwhibbit.es/the-path-of-the-samurai-scapy-parte-2 | The Path of the Samurai – Scapy (Parte 2) – Follow The White Rabbit
https://www.netresec.com/index.ashx?page=NetworkMiner | NetworkMiner - The NSM and Network Forensics Analysis Tool ⛏
https://www.fwhibbit.es/quien-vive-en-la-pina-debajo-del-mar-wifi-pineapple-i | ¿Quien vive en la piña debajo del mar? – WiFi Pineapple (I) – Follow The White Rabbit
https://www.fwhibbit.es/mr-robot-pwn-phone-el-telefono-de-elliot-diy | Mr. Robot Pwn Phone. El teléfono de Elliot DIY – Follow The White Rabbit
https://www.fwhibbit.es/cracking-wps-con-dumpper | Cracking WPS con Dumpper – Follow The White Rabbit
https://www.fwhibbit.es/protege-tu-wifi | Protege tu Wifi – Follow The White Rabbit
https://www.fwhibbit.es/category/linux | Linux – Follow The White Rabbit
https://www.fwhibbit.es/category/redes | Redes – Follow The White Rabbit
https://www.fwhibbit.es/reconocimiento-pasivo-en-un-phishing | Reconocimiento pasivo en un phishing – Follow The White Rabbit
https://www.fwhibbit.es/category/explotacion | Explotación – Follow The White Rabbit
https://www.fwhibbit.es/bypass-waf | Bypass WAF – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-iii-intercepter-repeater | Burp Suite III: Intercepter & Repeater – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-ii-construyendo-un-objetivo-sitemap-spider | Burp Suite II: Construyendo un objetivo, Sitemap & Spider – Follow The White Rabbit
https://www.fwhibbit.es/bypass-validation-upload | Bypass validation upload – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-i-la-navaja-suiza-del-pentester | Burp Suite I: La Navaja Suiza del Pentester – Follow The White Rabbit
https://www.fwhibbit.es/ctf-team-whoami-reto-1 | CTF – TEAM WHOAMI – RETO-1 – Follow The White Rabbit
https://www.fwhibbit.es/escaneando-like-a-sir | Escaneando like a Sir – Follow The White Rabbit
https://www.fwhibbit.es/guia-metasploitable-2-parte-2 | Guia Metasploitable 2: Parte 2 – Follow The White Rabbit

https://elbinario.net/category/software/page/4/ | Software – Página 4 – Elbinario
https://elbinario.net/category/seguridad/page/7/ | Security - Page 7 - Elbinario
https://elbinario.net/2016/11/22/pgp-en-android-con-openkeychan/ | PGP en android con OpenKeyChan – Elbinario
https://elbinario.net/2016/11/10/nuestro-servicio-web-bajo-i2p/ | Nuestro Servicio Web Bajo I2P – Elbinario
https://elbinario.net/2016/10/04/esnifando-imagenes-con-drifnet/ | Esnifando imágenes con driftnet – Elbinario
https://elbinario.net/2016/09/23/instalacion-de-openswan-l2tpipsec-en-raspbian/ | Instalacion de OpenSwan L2tp/Ipsec en Raspbian – Elbinario
https://elbinario.net/2016/04/19/conectando-a-telecomix-desde-i2p/ | Conectando a Telecomix desde I2P – Elbinario
https://elbinario.net/2016/04/07/port-knocking-y-single-packet-authorization/ | Port-Knocking y Single Packet Authorization – Elbinario
https://elbinario.net/2016/02/10/privacidad-para-smartphones-android-2-0/ | Privacidad para smartphones – Android 2.0 – Elbinario
https://elbinario.net/2016/02/16/ya-puedes-probar-el-correo-cifrado-de-bitmask/ | ¡Ya puedes probar el Correo Cifrado de Bitmask! – Elbinario
https://elbinario.net/2016/02/09/privacidad-para-smartphones-android/ | Privacidad para smartphones – Android – Elbinario
https://elbinario.net/2015/12/03/privacidad-para-principiantes-el-navegador/ | Privacidad para principiantes – El navegador – Elbinario
https://elbinario.net/2015/11/21/una-app-salvaje-ha-aparecido/ | Csploit – Una app salvaje ha aparecido – Elbinario
https://elbinario.net/2015/11/29/gpg-editar-identificadores-de-usuario-desde-shell/ | GPG: EDITAR IDENTIFICADORES DE USUARIO DESDE SHELL – Elbinario
https://elbinario.net/2015/10/31/hacker-activistas-hacktivistas-y-terroristas/ | Hacker, activistas, hacktivistas y terroristas – Elbinario
https://elbinario.net/2015/11/04/windows-10-deberia-estar-prohibido/ | Windows 10 debería estar prohibido – Elbinario
https://elbinario.net/2015/10/29/godaddy-o-la-cueva-de-ali-baba/ | Godaddy, o la cueva de Alí Babá. – Elbinario
https://elbinario.net/2015/10/20/lidiando-con-las-cookies/ | Lidiando con las cookies – Elbinario
https://elbinario.net/2015/10/09/herramientas-y-tipos-de-ataque-con-kali-nethunter/ | Herramientas y tipos de ataque con Kali NetHunter – Elbinario
https://elbinario.net/2015/10/02/instalar-kali-nethunter-en-android/ | Instalar Kali NetHunter en Android – Elbinario
https://elbinario.net/2015/10/02/otra-de-seguridad-para-el-cunado-scammers/ | Otra de seguridad para el cuñado. Scammers – Elbinario
https://elbinario.net/2015/08/10/privacidad-para-principiantes-uso-de-wifi-publica/ | Privacidad para principiantes – Uso de wifi pública – Elbinario
https://elbinario.net/2015/07/15/privacidad-para-principiantes-llamadas-y-sms/ | Privacidad para principiantes – Llamadas y SMS – Elbinario
https://elbinario.net/2015/06/01/privoxy-un-proxy-para-mas-privacidad/ | Privoxy, un proxy para más privacidad – Elbinario
https://elbinario.net/2015/07/08/privacidad-correo/ | Privacidad para principiantes – El correo – Elbinario
https://elbinario.net/2015/05/26/whonix-la-distribucion-gnulinux-disenada-para-el-anonimato/ | Whonix, la distribución GNU/Linux diseñada para el anonimato – Elbinario
https://elbinario.net/2015/04/03/publicada-la-auditoria-de-truecrypt/ | Publicada la auditoria de Truecrypt – Elbinario
https://elbinario.net/2015/04/12/mi-vida-como-criptofriki/ | Mi vida como Criptofriki – Elbinario
https://elbinario.net/2015/03/12/bitmask-comunicacion-cifrada-para-simples-mortales/ | Bitmask – Comunicación cifrada para simples mortales – Elbinario
https://elbinario.net/2015/02/26/instalacion-y-configuracion-de-la-vpn-de-riseup-bitmask/ | Installation and Configuration of the Riseup VPN: Bitmask - Elbinario

https://twitter.com/g33kyshivam | (2) Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/JR_kneda | kneda (@JR_kneda) | Twitter
https://twitter.com/JR_kneda | kneda (@JR_kneda) | Twitter
https://twitter.com/naivenom | Naivenom (@naivenom) | Twitter
https://t.me/joinchat/CKeYakbKgvCGg4NVwPkTng | Telegram: Join Group Chat
https://www.fwhibbit.es/introduccion-reversing-0x00-introduccion | Introducción al Reversing con radare2 – 0x00 Introduccion – Follow The White Rabbit
https://www.youtube.com/ | (3) YouTube
https://www.sniferl4bs.com/ | Snifer @ L4b's
https://www.sniferl4bs.com/p/blog-page_7.html | Pentesting with Kali - Snifer @ L4b's
https://www.sniferl4bs.com/2014/04/pcaps-gratuitos-para-analizar-y-pasar.html | Free Pcap's to analyze and hang out - Snifer @ L4b's
https://www.sniferl4bs.com/2014/04/examenes-de-prueba-de-lpi-online-y.html | Examenes de prueba de LPI Online y gratuitos - Snifer@L4b's
https://www.sniferl4bs.com/2014/04/que-rayos-me-pasa-no-tengo-vida.html | ¿Que rayos me pasa no tengo vida? Comienza el juego - Snifer@L4b's
https://www.sniferl4bs.com/2014/03/listado-completo-herramientas-en-kali.html | Listado Completo Herramientas en Kali Linux - Snifer@L4b's
https://www.sniferl4bs.com/2015/02/pdf-hacking-con-buscadores-google-bing.html | PDF - Hacking con Buscadores Google Bing y Shodan - Snifer@L4b's
https://heap-exploitation.dhavalkapil.com/ | Preface · Heap Exploitation
http://sanseolab.tistory.com/archive/201807 | SanseoLab :: 2018/07 Posts Posts
https://www.google.co.in/search?q=transalte&oq=trans&aqs=chrome.0.69i59j69i61j69i65l3j69i61.1017j0j7&sourceid=chrome&ie=UTF-8 | transalte - Google Search
https://www.fwhibbit.es/introduccion-al-reversing-con-radare2-0x06-lotto | Introducción al Reversing con radare2 – 0x06 Lotto – Follow The White Rabbit
https://blog.skullsecurity.org/2015/defcon-quals-babyecho-format-string-vulns-in-gory-detail | Defcon Quals: babyecho (format string vulns in gory detail) » SkullSecurity
https://elbinario.net/category/software/page/4/ | Software - Page 4 - Elbinario
https://elbinario.net/2018/04/18/jugando-con-la-programacion/ | Jugando con la programación – Elbinario
https://elbinario.net/2018/04/09/cifrar-perfil-thunderbird-con-encfs/ | Cifrar perfil Thunderbird con Encfs – Elbinario
https://elbinario.net/2017/06/30/cuidadin-con-zeronet/ | Cuidadin con ZeroNet – Elbinario
https://elbinario.net/2017/07/19/dont-be-evil-se-un-mono-mas/ | Don’t be evil!! Se un mono más. – Elbinario
https://elbinario.net/2017/07/13/mejor-software-libre-o-privativo-cuestion-de-ideologia/ | ¿Mejor software libre o privativo? Cuestión de ideología – Elbinario
https://elbinario.net/2017/05/23/usar-gnupg-con-el-editor-geany/ | Usar GnuPG con el Editor Geany – Elbinario
https://elbinario.net/2017/04/25/guia-para-los-heroes-del-p2pi2p/ | GUIA PARA LOS HEROES DEL P2P+I2P – Elbinario
https://elbinario.net/2017/04/13/un-poco-de-osint-con-twitter-y-harvey/ | Un poco de OSINT con Twitter y Harvey – Elbinario
https://elbinario.net/2017/04/11/passwordmanager-beta-apk-by-foo/ | PasswordManager (beta) apk by foo – Elbinario
https://elbinario.net/2017/03/06/juega-en-gnulinux-episodio-1-winehq/ | Juega en GNU/Linux episodio 1 WineHQ – Elbinario
https://elbinario.net/2017/03/10/juega-en-gnulinux-episodio-2-playonlinux/ | Juega en GNU/Linux episodio 2 PlayOnLinux – Elbinario
https://elbinario.net/2017/02/02/trasteando-con-ensamblador-primera-parte/ | Trasteando con Ensamblador: primera parte – Elbinario
https://elbinario.net/2017/02/16/trasteando-con-ensamblador-segunda-parte/ | Trasteando con Ensamblador: segunda parte – Elbinario
https://elbinario.net/2017/03/03/trasteando-con-ensamblador-final/ | Trasteando con Ensamblador: Final – Elbinario
https://elbinario.net/2014/05/06/resumen-de-la-semananegra/ | Resumen de la #SemanaNegra – Elbinario
https://elbinario.net/2016/07/12/rogue-access-pointap-con-raspberryprimera-parte/ | Rogue Access Point (AP) with Raspberry (first part) - Elbinario
https://elbinario.net/2016/07/28/rogue-access-pointap-con-raspberryfinal/ | Rogue Access Point (AP) with Raspberry (final) - Elbinario
https://elbinario.net/2015/08/23/wifitracking-y-web-browser-fingerprinting-en-centros-comerciales-y-tiendas/ | WifiTracking and Web Browser Fingerprinting in shopping centers and stores - Elbinario
https://elbinario.net/2015/08/10/privacidad-para-principiantes-uso-de-wifi-publica/ | Privacy for beginners - Use of public Wi-Fi - Elbinario
https://elbinario.net/2014/06/20/enviar-paquetes-wireless-sin-protocolo/ | Enviar paquetes wireless sin protocolo – Elbinario
https://elbinario.net/2016/11/23/wifi-pineapple-plataforma-de-auditoria-de-redes-wifis/ | Wifi Pineapple – Plataforma de auditoría de redes wifis – Elbinario
https://elbinario.net/tag/privacidad/ | privacidad – Elbinario
https://elbinario.net/tag/linux/ | linux – Elbinario
https://www.fwhibbit.es/introduccion-al-reversing-con-radare2-0x06-lotto | Introducción al Reversing con radare2 – 0x06 Lotto – Follow The White Rabbit

https://twitter.com/ | (*) Twitter
https://365.csaw.io/team/336 | CSAW 365
https://pbs.twimg.com/media/DbMSmYqWsAEy3_L.jpg | DbMSmYqWsAEy3_L.jpg (1200×928)
https://coursehunters.net/course/programmirovanie-na-c-si-dlya-nachinayushchih | Программирование на C (си) для начинающих - Видеоуроки
https://www.empirehacking.nyc/archive/ | Empire Hacking
https://www.nyc-infosec.com/ | NYC Infosec Community
https://365.csaw.io/challenges | CSAW 365
https://ubuntuforums.org/showthread.php?t=1323712 | Any good tutorial on Glibc?
https://c.developpez.com/cours/20-heures/ | C in 20 hours

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/0v_hell | ĐɆ₳Đ Ɽ₳฿฿ł₮ (@0v_hell) | Twitter
https://www.youtube.com/watch?v=BslKjxaP4Ik | (74) BJP IT Cell Part 2: Money offered after the Interview! | Dhruv Rathee - YouTube

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://coursehunters.net/course/programmirovanie-na-c-si-dlya-nachinayushchih | Программирование на C (си) для начинающих - Видеоуроки
https://www.youtube.com/ | (73) YouTube

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
http://0xc0ffee.io/blog/OSCP-Goldmine | OSCP Goldmine (not clickbait) | 0xc0ffee☕
http://0xc0ffee.io/blog/OSCP-Goldmine | OSCP Goldmine (not clickbait) | 0xc0ffee☕
http://justpentest.blogspot.com/2015/07/minishare1.4.1-bufferoverflow.html | Minishare 1.4.1 Bufferoverflow
https://samsclass.info/127/proj/vuln-server.htm | Exploiting "Vulnerable Server" for Windows 7
http://0xc0ffee.io/blog/tu-ctf2017-worth-a-thousand-words | TU-CTF 2017 - Steganography 100 | 0xc0ffee☕

https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | Основы JavaScript для начинающих - Видеоуроки
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson3/solutions.md | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://mail.google.com/mail/u/0/#search/zell/FMfcgxvwzvJFqDsnqmHhqNcqrBXgWFsq | 15 sample lessons - shivam.goyal397@gmail.com - Gmail
https://zellwk.com/blog/js-in-dom/?ck_subscriber_id=168610568 | Altering the DOM with JavaScript | Zell Liew
https://zellwk.com/blog/looping-through-js-objects/ | Looping through objects in JavaScript | Zell Liew
https://zellwk.com/blog/looping-through-js-objects/ | Looping through objects in JavaScript | Zell Liew
https://medium.com/@nickbalestra/javascripts-lexical-scope-hoisting-and-closures-without-mystery-c2324681d4be | Javascript’s lexical scope, hoisting and closures without mystery.
https://scotch.io/tutorials/understanding-scope-in-javascript | Understanding Scope in JavaScript ― Scotch
https://courses.learncodeonline.in/learn//Javascript-for-2018-developer/25328/114621?section=25331 | Free Javascript tutorials
http://127.0.0.1:5500/index.html | Learning Javascript
https://vanillajstoolkit.com/code-snippets/#selectors | Code Snippets | The Vanilla JS Toolkit

https://www.youtube.com/watch?v=ztqxSdG6HCU | (58) 4 Reasons You're Not Losing Weight - YouTube
https://www.youtube.com/watch?v=bw2OpssObmg | Can You Turn Fat Into Muscle? - YouTube

https://www.youtube.com/watch?v=bweEXpJ0Hk8 | 5 Fitness MISTAKES You Should Avoid - YouTube
https://www.youtube.com/watch?v=kxCdXia2oJw | Light Weights Vs Heavy Weights - YouTube
https://www.youtube.com/watch?v=1snkU1LFwLM | 5 Muscle Building Tips For BEGINNERS - YouTube
https://www.youtube.com/watch?v=IXjHG7Z7k5g | How Long Should You REST Between SETS? (The Current Research) - YouTube
https://www.youtube.com/watch?v=ZH_NGgzijBw | Is Training to FAILURE Necessary? - YouTube
https://www.youtube.com/watch?v=MJOD71YWz1Q | How Much Protein Can Your Body Absorb Per Meal? - YouTube
https://www.youtube.com/watch?v=HKfcAnlMueg | Multivitamins - The Industry's Biggest Lie - YouTube
https://www.youtube.com/watch?v=7f8ybrwqxww | Why You Should Consider CALISTHENICS (Especially BEGINNERS) - YouTube
https://www.youtube.com/watch?v=jMObYA0n6As | Should You Take COLD SHOWERS For MUSCLE and STRENGTH? - YouTube
https://www.youtube.com/watch?v=xJG_3kz8gl4 | Do Cardio or Weights First? - YouTube
https://www.youtube.com/watch?v=WTVsVIjlpH8 | What is Carb Cycling? - YouTube
https://www.youtube.com/watch?v=FY5O607L08k | How Many Times a Week Should I Workout? - YouTube
https://www.youtube.com/watch?v=GH5-HHxeIe4 | Weight Training VS Low Intensity Cardio - Best Way to Burn Fat? - YouTube

https://www.youtube.com/results?search_query=webpwnized+web+goat | (41) webpwnized web goat - YouTube
https://www.sniferl4bs.com/2014/01/burpuite-i-primeros-pasos.html | Burp Suite I - Primeros Pasos - Snifer@L4b's
https://www.youtube.com/watch?v=KHuEspNyAsM | (41) Web Authentication Hacking Tutorial: Burpsuite and WebGoat - YouTube
https://www.youtube.com/watch?v=h2duGBZLEek | (41) Bugcrowd University - Introduction to Burp Suite - YouTube
https://coursehunters.net/ | Учитесь, Блеать! - Видеокурсы для разработчиков

https://medium.com/cyberdefenders/burp-suite-webpage-enumeration-and-vulnerability-testing-cfd0b140570d | Burp Suite: Webpage Enumeration and Vulnerability Testing
https://medium.com/@d0znpp/the-best-burp-plugin-ive-ever-seen-2d17780342 | The best Burp plugin I’ve ever seen – Ivan Novikov – Medium

https://www.youtube.com/watch?v=YeOLwZJDJgg | Best Camera for Vlogging| Independence day Special 🇮🇳 - YouTube
https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=cL9NsXpUqYI&t=2s | (35) Web App Penetration Testing - #3 - Brute Force Attacks With Burp Suite - YouTube

https://www.netflix.com/browse/genre/83 | Netflix
https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://pentester.land/conference-notes/2018/08/02/levelup-2018-the-bug-hunters-methodology-v3.html | Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018) · Pentester Land
https://pentester.land/conference-notes | Conference notes · Pentester Land
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://pentester.land/list-of-bug-bounty-writeups.html | List of bug bounty writeups · Pentester Land
https://pentester.land/conference-notes | Conference notes · Pentester Land
https://pentester.land/challenge | Challenges · Pentester Land
https://bugbountyforum.com/tools/recon/ | Bug Bounty Forum - tools - Recon
https://2000.shodan.io/#/ | Shodan 2000
https://twitter.com/0v_hell | (1) ĐɆ₳Đ Ɽ₳฿฿ł₮@Defcon (@0v_hell) | Twitter
https://guif.re/ | Guifre Home
https://www.sploitspren.com/SLAE/ | SLAE WriteUps
https://twitter.com/HanseSecure | (1) Florian Hansemann (@HanseSecure) | Twitter

https://www.youtube.com/watch?v=718DNxSWPe4 | (26) Reduce Belly fat in 1 week | FASTEST WAY - YouTube
https://twitter.com/i/notifications | Twitter / Notifications
https://twitter.com/Johnsy13067365 | Johnsy (@Johnsy13067365) | Twitter
https://docs.google.com/document/d/101EsKlu41ICdeE7mEv189SS8wMtcdXfRtua0ClYjP1M/edit#heading=h.y6e8l083walm | Web Application Penetration Testing Course URLs.docx - Google Docs

https://mail.google.com/mail/u/0/#inbox | Inbox (1,359) - shivam.goyal397@gmail.com - Gmail
https://www.youtube.com/watch?v=7_7bR8P4UQA | (3) BEST and FASTEST Fat Loss Exercise | BeerBiceps Hindi - YouTube
https://www.youtube.com/watch?v=7_7bR8P4UQA | BEST and FASTEST Fat Loss Exercise | BeerBiceps Hindi - YouTube
https://www.youtube.com/watch?v=AWkClbrkvEs | Jyada Handsome Kaise Dikhe! Men's Grooming Basics Explained in Hindi | BeerBiceps Male Grooming Tips - YouTube
https://www.youtube.com/watch?v=VaHbHXfH4A4 | What Girls Like In Men - TOP 10 MOST ATTRACTIVE Men's Traits BeerBiceps Hindi - YouTube
https://www.youtube.com/watch?v=0_ts04nAWao | (4) Our upcoming Website with forum, New youtube channels and a lot more ! - YouTube

https://samsclass.info/129S/lec/ch3.pdf | ch3.key
https://www.youtube.com/results?search_query=CNIT+129S%3A+Ch+3%3A+Web+Application+Technologies | CNIT 129S: Ch 3: Web Application Technologies - YouTube
https://www.youtube.com/watch?v=sj5SP5q4uM4 | (19) CNIT 129S - Securing Web Applications, January 31, 2018 Lecture - YouTube

http://www.crypto-textbook.com/ | Cryptography Textbook
http://wiki.crypto.rub.de/Buch/en/projects_further_information.php | Understanding Cryptography, A Textbook for Students and Practitioners - with a Foreword by Bart Preneel
https://www.cryptool.org/en | Home EN - CrypTool Portal
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week2-cryptography.pdf | Cyber Security Week 2
https://www.youtube.com/watch?v=2aHkqB2-46k | (10) Lecture 1: Introduction to Cryptography by Christof Paar - YouTube
https://www.cs.rit.edu/~ark/462/module01/notes.shtml | CSCI 462—Introduction to Cryptography
https://www.cs.rit.edu/~ark/462/module01/notes.shtml | CSCI 462—Introduction to Cryptography
https://wiki.gnome.org/Internships | Internships - GNOME Wiki!

https://linuxhandbook.com/category/linux-commands/page/2/ | Linux Commands – Page 2
https://linuxhandbook.com/sed-reference-guide/ | Complete Sed Command Guide [Explained with Practical Examples]

https://samsclass.info/129S/129S_F16.shtml#lecture | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?time_continue=3&v=Wa6lf9LdgNE | (35) CNIT 129S: Ch 3: Web Application Technologies Part 1 - YouTube
https://www.pentesteracademy.com/course?id=40 | Reverse Engineering Linux 32-bit Applications
https://www.pentesteracademy.com/course?id=41 | Reverse Engineering Win32 Applications
https://www.tunnelbear.com/account#/signup?v=c2.0.3 | TunnelBear: Simple and Secure Privacy Apps

https://coursehunters.net/archive | Архив СourseHunters.net
https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | The Basics of JavaScript for Beginners - Video Tutorials
https://github.com/s-castillo/js-course-example/blob/master/course-examples/_js/simple-js.js | js-course-example/simple-js.js at master · s-castillo/js-course-example
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md#27-functions | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md#29-scopes-closures | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://learnjavascript.today/?ck_subscriber_id=168610568 | Build 20 real components from scratch | Learn JavaScript with Zell
https://www.udemy.com/modern-javascript-from-the-beginning/ | Modern JavaScript From The Beginning | Udemy
https://www.udemy.com/modern-javascript/ | The Modern JavaScript Bootcamp (2018) | Udemy
https://mail.google.com/mail/u/0/#search/zell/FMfcgxvwzvJFqDsnqmHhqNcqrBXgWFsq | 15 sample lessons - shivam.goyal397@gmail.com - Gmail
https://scotch.io/tutorials/understanding-scope-in-javascript | Understanding Scope in JavaScript ― Scotch

https://www.flipkart.com/computers/printers-inks/printers/single-function-printers/pr?sid=6bo%2Cffn%2Ct64%2C1pr&q=printer&otracker=categorytree&p%5B%5D=facets.brand%255B%255D%3DSamsung | Online Shopping Site for Mobiles, Fashion, Books, Electronics, Home Appliances and More
https://www.amazon.in/s/ref=sr_nr_n_0?fst=as%3Aoff&rh=n%3A976392031%2Cn%3A14784019031%2Cn%3A1375443031%2Cn%3A1375444031%2Ck%3Aprinter%2Cp_n_feature_browse-bin%3A1464470031&keywords=printer&ie=UTF8&qid=1532836071&rnid=976393031 | Amazon.in: printer - Monochrome / All-In-One Printers / Printers: Computers & Accessories
https://www.amazon.in/Canon-MF3010-Digital-Multifunction-Printer/dp/B009LJKURO/ref=sr_1_16?s=computers&ie=UTF8&qid=1532837066&sr=1-16&keywords=printer&refinements=p_n_feature_browse-bin%3A1464470031 | Amazon.in: Buy Canon MF3010 Digital Multifunction Laser Printer Online at Low Prices in India | Canon Reviews & Ratings
https://www.youtube.com/ | YouTube

http://securityidiots.com/ | Welcome to Security Idiots!!
https://evilzone.org/ | Evilzone - Hacking and Security Network
https://greysec.net/forumdisplay.php?fid=9 | GreySec Forums - Web Application Security
https://greysec.net/showthread.php?tid=3370 | We are a group of Canada hackers,We will share with you all what we have and you too.
https://0x00sec.org/t/the-pentesterlab-bootcamp/1241 | The Pentesterlab Bootcamp - Web Hacking - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/hackthebox-gr-virtual-lab-free/2030/24 | Hackthebox.gr Virtual Lab (FREE) - Web Hacking - 0x00sec - The Home of the Hacker
https://gbhackers.com/category/webapp/ | Webapp Pentesting Archives - GBHackers On Security

https://www.youtube.com/results?search_query=leetwood+Mac | (97) leetwood Mac - YouTube
https://github.com/tuftsdev/DefenseAgainstTheDarkArts/tree/gh-pages/labs | DefenseAgainstTheDarkArts/labs at gh-pages · tuftsdev/DefenseAgainstTheDarkArts
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week1-networks.pdf | Cyber Security Week 1
https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=hwSxDvLRcsI&t=829s | (97) Mount Your Friends in 3D (CLIMB GREATNESS MOUNTAIN!) - YouTube

https://www.facebook.com/ | Facebook
https://academy.silesiasecuritylab.com/p/how-hackers-find-sql-injections-in-minutes-with-sqlmap | How Hackers Find SQL Injections in Minutes with Sqlmap | Dawid Czagan
https://spyclub.tech/#blog | SpyClub
https://spyclub.tech/resume.pdf | Tarunkant Gupta – Curriculum Vitae
https://www.youtube.com/watch?v=8vhnzAvXMGM&index=5&list=PLtr9ezc61PUb3iQMlvnicIC3BIra2BZId | (22) 4- Essential Tools - netcat - YouTube
https://www.youtube.com/watch?v=OaXEDgW8SUE&index=25&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | (22) 25- BurpSuite Tabs part 1 - YouTube
http://www.hackingarticles.in/setup-dns-penetration-testing-lab-on-windows-server-2012/ | Setup DNS Penetration Testing Lab on Windows Server 2012
https://www.waterstones.com/book/learning-kali-linux/ric-messier/9781492028697 | Learning Kali Linux by Ric Messier | Waterstones
http://shop.oreilly.com/product/0636920063568.do | Ethical Hacking - O'Reilly Media
https://www.oreilly.com/library/view/security-testing-and/9781492029328/ | Security Testing and Ethical Hacking with Kali Linux [Video]
chrome://downloads/ | Downloads

https://www.udemy.com/website-application-penetration-testing-using-burp-suite/ | Web Application Penetration Testing Using Burp Suite | Udemy
https://www.google.co.in/search?q=metasplot+pentester+academt&oq=metasplot+pentester+academt&aqs=chrome..69i57j0.8244j0j4&sourceid=chrome&ie=UTF-8 | metasplot pentester academt - Google Search
https://www.pentesteracademy.com/course?id=10 | Pentesting with Metasploit
https://main.immersivelabs.online/cyber-skills/tools/skill-set/scanning | Immersive Labs
https://main.immersivelabs.online/cyber-skills/tools/skill-set/metasploit-028124de-8e24-4754-9d14-8dc1f1bfc1bf | Immersive Labs
https://main.immersivelabs.online/cyber-skills/tools/skill-set/common-tool-sets | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/ethical-web-hacking | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/databases | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/wireless | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/enumeration | Immersive Labs
https://main.immersivelabs.online/cyber-skills/tools/skill-set/security-engineering | Immersive Labs

https://docs.google.com/document/d/17cpPLdUb6NeuDXK3shVK1fFMHWxYVQSFbvL3bw3eG6Q/edit | Website Performance - Google Docs
https://github.com/webcompat/webcompat.com | GitHub - webcompat/webcompat.com: Source code for
https://webcompat.com/ | Web Compatibility | webcompat.com
https://github.com/webcompat/webcompat.com/wiki/Architecture | Architecture · webcompat/webcompat.com Wiki · GitHub
https://www.facebook.com/ | Facebook

https://www.facebook.com/ | (1) Facebook
https://github.com/mike-works/sql-fundamentals | GitHub - mike-works/sql-fundamentals: 👨‍🏫 Mike's SQL Fundamentals and Professional SQL Courses
https://drive.google.com/file/d/17DckYclE6PJ2b42dMO-zVB_5WAk-bYYj/view | SQL Fundamentals.pdf - Google Drive
https://www.youtube.com/feed/subscriptions | (12) Subscriptions - YouTube
https://www.youtube.com/watch?v=kF2OWLdvWtk&list=PLUhdoQx6gMwJIgBZJ2i0PfJp4IB2U0eY1 | (12) Burp Suite - Configuring all browsers and Windows ! Fix Errors ! Basic Concepts and working - YouTube
https://www.youtube.com/watch?v=_Yw7QWbk9Vs&list=PLUhdoQx6gMwI94DteZyxKdfLN_lFGegsi | (12) Cryptography ( Encryption ) and its types - the backbone of security of networks and computers - YouTube
https://www.youtube.com/watch?v=ISVAQhwU7Ag&list=PLUhdoQx6gMwJojPb3f2BzRzCa1jIF6JBT | (12) Cryptocurrencies - price calculations , market caps , manipulations and more - YouTube
https://www.youtube.com/ | (12) YouTube

https://main.immersivelabs.online/cyber-skills/techniques/skill-set/databases | Immersive Labs
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/index-summer.html | COMP 116: Introduction to Computer Security
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://github.com/sectalks/sectalks | GitHub - sectalks/sectalks: CTFs, solutions and presentations
https://www.peerlyst.com/posts/the-how-to-use-nmap-wiki-peerlyst?utm_campaign=peerlyst_shared_post&utm_content=peerlyst_post&utm_medium=social&utm_source=twitter | The "how to use NMAP" wiki by Peerlyst - training, course, nmap scripting engine
https://pentester.land/conference-notes/2018/10/17/levelup-2018-practical-recon-techniques-for-bug-hunters-and-pentesters.html | Conference notes: Practical recon techniques for bug hunters & pen testers (LevelUp 0x02 / 2018) · Pentester Land
https://pentester.land/conference-notes | Conference notes · Pentester Land
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://pentester.land/newsletter | The 5 Hacking NewsLetter · Pentester Land
https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/search?query=bug+hunt | (8) Cooper - YouTube
https://bugid.skylined.nl/20181017001.html | Fuzz in sixty seconds
https://us17.campaign-archive.com/home/?u=5cc7586e74a1b2f77a7c647a0&id=f84c40c1cc | Pranav Hivarekar's Security Thursday via Peritus InfoSec
http://kmb.ufoctf.ru/bash/main.html | Основные команды Bash · Курс молодого CTF бойца v 1.5
https://www.hacksplaining.com/lessons | Pick a Vulnerability to Learn About
https://www.hacksplaining.com/lessons | Pick a Vulnerability to Learn About

https://mike.works/courses | Courses | Mike.Works Developer Training
https://frontendmasters.com/workshops/web-security/ | Web Security with Mike North
https://frontendmasters.com/courses/web-security/ | Learn Web Application Security for Web Developers Course by Mike North
https://frontendmasters.com/teachers/mike-north/ | Learn from Mike North's courses on Frontend Masters
https://github.com/mike-works/modern-javascript | GitHub - mike-works/modern-javascript: 👨‍🏫 Mike's Modern JavaScript course
https://drive.google.com/file/d/0B7LIdu29tPZROU9tMGR5WjlGZDA/view | Modern JavaScript.pdf - Google Drive
https://www.facebook.com/ | (1) Facebook
https://www.facebook.com/groups/crackzoneguru/search/?query=NETFLIX | (1) ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://websiteforstudents.com/how-to-install-foxit-reader-on-ubuntu-16-04-17-10-18-04-desktop/ | How to Install Foxit Reader on Ubuntu 16.04 / 17.10 / 18.04 Desktop | Website for Students

https://www.peerlyst.com/posts/video-3-5-hours-of-free-appsec-training-from-sunny-wear-via-brakeing-down-security-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | [Video] 3,5 hours of free AppSec training from Sunny Wear via Brakeing Down Security by Peerlyst - web application security training
https://www.facebook.com/groups/crackzoneguru/?fref=nf | ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://mega.nz/?fbclid=IwAR2N_8FsXH8H53kXz45vnzJmbtiKitLHMxgwQc2yvdCRuiv26eSpIhsG3Ck#F!PJoR0LjD!SiNo4g78sKAIhoTWO-7xgQ | MEGA
https://temp-mail.org/ | Temp Mail - Disposable Temporary Email
https://www.facebook.com/saved/?cref=28 | Saved
https://www.facebook.com/groups/crackzoneguru/permalink/2385798268313804/ | ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://www.google.co.in/search?q=llevar+a+la+fuerza&oq=llevar+a+la+fuerza&aqs=chrome..69i57&sourceid=chrome&ie=UTF-8 | llevar a la fuerza - Google Search
https://g-otaku.xyz/cgi-sys/suspendedpage.cgi | Account Suspended
chrome://bookmarks/?q=gene | Bookmarks
https://g-otaku.xyz/cgi-sys/suspendedpage.cgi | Account Suspended
https://www.google.co.in/search?q=cc+generator&oq=cc+geenrat&aqs=chrome.1.69i57j0l5.2750j0j7&sourceid=chrome&ie=UTF-8 | cc generator - Google Search
https://namso-gen.com/ | Namso Gen - Credit card numbers generator based on your own BIN pattern
https://elders-c0de.xyz/card/ccn1/ | https://elders-c0de.xyz/card/ccn1/

https://www.facebook.com/groups/crackzoneguru/search/?query=mega%20accounts | (1) ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://www.facebook.com/pg/NineHackers/posts/?ref=page_internal | (1) Nine Hackers - Posts
https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking | Advanced Web App Penetration Testing Training | SANS SEC642
https://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/ | Advanced Web Attacks, Exploitation, Vulnerabilities Live Security Training
https://www.pentesteracademy.com/course?id=5 | Web Application Pentesting
https://drive.google.com/drive/folders/0BwyWDQ59jRVGMFp3UnBfeUEzanM | Sprp77 Awesome OSINT - Google Drive
https://drive.google.com/drive/folders/0B9h6Z88xmpyKNk5TSjVhVElnRHc | Pentester Academy - Google Drive
chrome://history/?q=mega | History
https://drive.google.com/drive/folders/0B9h6Z88xmpyKOFYwd2RWWHViZXc | Courses - Google Drive
https://certcollection.org/forum/topic/319079-sec642-advanced-web-app-penetration/page__p__1208865__hl__+sans%20+642#entry1208865 | [Offer] SEC642 Advanced Web App Penetration - SECURITY SHARES - IT Certification Forum
https://certcollection.org/forum/index.php?app=core&module=search&do=search&fromMainBar=1 | Search Results - IT Certification Forum
https://certcollection.org/forum/topic/318916-sans-sec642-advanced-web-app-penetration-on-demandmp3tools/page__st__28__p__1211429__hl__+642#entry1211429 | [Offer] SANS SEC642: Advanced Web App Penetration. On Demand,MP3,Tools - SECURITY SHARES - IT Certification Forum - Page 3
https://www.watchmetech.com/mega-bandwidth-limit-quota-exceeded/ | Bypass Mega Bandwidth Limit Quota Exceeded Error [100% Working] ⚡
https://www.youtube.com/watch?time_continue=163&v=TsMlYS6RmdI | (100) Bypass Mega Download Limit Bandwidth Exceeded Error and Download using IDM ⚡ - YouTube
https://www.reddit.com/r/Piracy/comments/98sbr0/bypass_mega_download_limit_bandwidth_exceeded/ | Bypass Mega Download Limit Bandwidth Exceeded Error and Download using IDM : Piracy
https://mega.nz/sync | MEGAsync - Download
https://www.reddit.com/r/MEGA/comments/59onj3/what_is_the_bandwidth_for_free_users/ | what is the bandwidth for free users? : MEGA

https://pastebin.com/qVG8Qt1N | BURP-SUITE - Pastebin.com
https://github.com/BeDefended/RequestHighlighter | GitHub - BeDefended/RequestHighlighter: Burp Suite extension that automatically highlights different HTTP requests
https://github.com/gwen001/pentest-tools | GitHub - gwen001/pentest-tools: Custom pentesting tools
https://github.com/DaniLabs/tools-tbhm | GitHub - DaniLabs/tools-tbhm: Tools of "The Bug Hunters Methodology V2 by @jhaddix"
https://github.com/ChrisTruncer/PenTestScripts | GitHub - ChrisTruncer/PenTestScripts: Scripts that are useful for me on pen tests
https://github.com/codingo/takeover | GitHub - codingo/takeover: Sub-Domain TakeOver Vulnerability Scanner
https://github.com/anshumanbh/tko-subs | GitHub - anshumanbh/tko-subs: A tool that can help detect and takeover subdomains with dead DNS records
https://github.com/cujanovic/subdomain-bruteforce-list/blob/master/all.txt | subdomain-bruteforce-list/all.txt at master · cujanovic/subdomain-bruteforce-list · GitHub
https://github.com/cujanovic/Content-Bruteforcing-Wordlist | GitHub - cujanovic/Content-Bruteforcing-Wordlist: Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
https://github.com/Tristan-aemjk4h/Awesome-Hacking-Resources | GitHub - Tristan-aemjk4h/Awesome-Hacking-Resources
https://github.com/rojan-rijal/Subdomains/blob/master/README.md | Subdomains/README.md at master · rojan-rijal/Subdomains · GitHub
https://github.com/rojan-rijal/LeakFinder | GitHub - rojan-rijal/LeakFinder: https://sites.google.com/securifyinc.com/rojanrijal/leaked-sensitive-data

https://immersivelabs.online/jobs/iml-pgi-0068 | PGI Intern - Jobs - Immersive Labs
https://www.pgitl.com/training/e-learning | E-Learning | PGI
https://www.managed.sa/ | Managed Services
https://www.youtube.com/playlist?list=WL | (506) Watch Later - YouTube
https://www.youtube.com/watch?v=jBi3a-dXsM8&t=225s&index=14&list=WL | (506) Hidden in Plain Site: Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017 - YouTube
https://www.youtube.com/watch?v=Qw1nNPiH_Go&index=3&list=PLIK9nm3mu-S6gCKmlC5CDFhWvbEX9fNW6&t=674s | (506) LevelUp 0x02 - Bug Bounty Hunter Methodology v3 - YouTube
https://www.youtube.com/watch?v=94-tlOCApOc&index=4&list=PLIK9nm3mu-S4K4jMHwtplbrE1JMg0jyN- | (506) Bugcrowd University - Broken Access Control Testing - YouTube
https://www.youtube.com/watch?v=VeW_G4xoh5Q&index=8&list=PLIK9nm3mu-S5InvR-myOS7hnae8w4EPFV | OWASP iGoat - Learning iOS App Penetration Testing & Defense - Swaroop Yermalkar, LevelUp 2017 - YouTube
https://www.youtube.com/watch?v=9ADubsByGos&t=16s&index=17&list=WL | PHV 2016, "How to Find 1,352 Wordpress XSS Plugin Vulnerabilities...." by Larry Cashdollar - YouTube
https://www.youtube.com/watch?v=k12u-76CarE&t=411s&index=21&list=WL | (506) ​Beyond the OWASP Top 10 - Modern web application bugs - NDC Security 2018 - YouTube
https://twitter.com/webtonull?lang=en | Erlend Oftedal (@webtonull) | Twitter
https://twitter.com/PhilippeDeRyck | Philippe De Ryck (@PhilippeDeRyck) | Twitter
https://pragmaticwebsecurity.com/index.html#courses | Pragmatic Web Security
https://pragmaticwebsecurity.com/talks/commonapisecuritypitfalls | Common API security pitfalls
https://vimeo.com/289491341 | Common API security pitfalls : Philippe De Ryck on Vimeo
https://essentials.pragmaticwebsecurity.com/ | Web Security Essentials - A Pragmatic Web Security course
https://angularmasterclass.pragmaticwebsecurity.com/ | Angular Security Masterclass - A Pragmatic Web Security course
https://cheatsheets.pragmaticwebsecurity.com/ | Security Cheat Sheets by Pragmatic Web Security
https://pragmaticwebsecurity.com/talks/owaspasvs.html | From the OWASP top 10(s) to the OWASP ASVS
https://ng-be.org/workshops/2018/12/security-in-angular-pragmatic-web-security | Security in Angular — NG-BE
https://www.zdnet.com/article/deserialization-issues-also-affect-ruby-not-just-java-php-and-net/ | Deserialization issues also affect Ruby, not just Java, PHP, and .NET | ZDNet
https://www.zdnet.com/article/steam-bug-could-have-given-you-access-to-all-the-cd-keys-of-any-game/ | Steam bug could have given you access to all the CD keys of any game | ZDNet
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/ | Bypassing and exploiting Bucket Upload Policies and Signed URLs
https://www.oreilly.com/library/view/building-a-modern/9781492044680/ | Building a Modern Security Program [Book]
https://github.com/frohoff/ysoserial | frohoff/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet | GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities
http://labsdetectify.wpengine.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/ | Hostile Subdomain Takeover using Heroku/Github/Desk + more
http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf | AppSecEU15-Server_side_browsing_considered_harmful.pdf
https://portswigger.net/blog/practical-web-cache-poisoning | Practical Web Cache Poisoning | Blog
https://hackerone.com/reports/341876 | #341876 SSRF in Exchange leads to ROOT access in all instances
https://cse.google.com/cse?cx=partner-pub-3256770407637090%3A2007347459&ie=UTF-8&q=dork&sa=Search&siteurl=www.irongeek.com%2F&ref=www.google.com%2F&ss=472j75250j4 | Google Custom Search
https://www.youtube.com/results?search_query=google+dorks+bsides | (506) google dorks bsides - YouTube
https://gbhackers.com/latest-google-dorks-list/ | Google Dorks List 2018 For Ethical Hacking and Penetration Testing
https://edgylabs.com/google-dorks-list | The Latest Google Dorks List and how to use it for Good
https://twitter.com/Alra3ees/status/1028830688932491264 | Emad Shanab on Twitter: "Dorkme:- Is a tool designed to facilitate the search for vulnerabilities with Google Dorks, such as sql injection vulnerabilities. Source:- https://t.co/XLWX0Uh1nt Demo: https://t.co/xmJthPGdlI"
chrome://bookmarks/?q=shodan | Bookmarks
https://github.com/jhaddix/tbhm/blob/master/12_IDOR.markdown | tbhm/12_IDOR.markdown at master · jhaddix/tbhm
https://github.com/jhaddix/tbhm/blob/master/How%20Do%20I%20shot%20Web-.pdf | tbhm/How Do I shot Web-.pdf at master · jhaddix/tbhm
https://github.com/jhaddix/tbhm/blob/master/10_Mobile.md | tbhm/10_Mobile.md at master · jhaddix/tbhm

https://pastebin.com/LEHfnLAw | [Markdown] GraphQl - Pastebin.com
https://www.youtube.com/watch?v=1N-O07SRuxY | In graph we trust: Microservices, GraphQL and security challenges - DevSecCon Singapore 2018 - YouTube
https://appseceurope2018a.sched.com/speaker/mohammed_a_imran.1y393q96 | Mohammed Imran - AppSec Europe 2018
https://www.youtube.com/channel/UCgxhfP2Hi8MQYz6ZkwpLA0A/videos | DevSecCon - YouTube
https://www.youtube.com/ | YouTube
https://twitter.com/ | (*) Twitter
https://www.slideshare.net/NeeluTripathy2/pentesting-graphql-applications | Pentesting GraphQL Applications
https://www.slideshare.net/ | Share and Discover Knowledge on LinkedIn SlideShare
https://twitter.com/freebuf | FreeBuf (@freebuf) | Twitter
https://philippeharewood.com/view-the-facebook-stories-for-any-media-effect/ | View the Facebook stories for any media effect – These aren't the access_tokens you're looking for
https://www.slideshare.net/secfigo/in-graph-we-trust-microservices-graphql-and-security-challenges | In graph we trust: Microservices, GraphQL and security challenges
https://www.slideshare.net/secfigo/strengthen-and-scale-security-for-a-dollar-or-less | Strengthen and Scale Security for a dollar or less
https://www.moesif.com/blog/technical/graphql/REST-vs-GraphQL-APIs-the-good-the-bad-the-ugly/ | REST vs GraphQL APIs, the Good, the Bad, the Ugly | Moesif’s Musings on Software
https://www.practo.com/delhi/doctor/dr-susan-k-s-ear-nose-throat-ent-specialist/info | Dr. Susan K S - Book Appointment Online, View Fees, Feedbacks | Practo
http://daitebi.com.br/nasofibroscopia-o-que-e-como-e-realizado-para-que-serve-como-e-feito/ | Nasofibroscopia: o que é? Como é realizado? Para que serve? Como é feito? | Daitebi
https://www.youtube.com/watch?v=wbbMgOZEQas | Authentication and Authorization in GraphQL | Prosper Otemuyiwa | BuzzJS 3.1 2018 - YouTube
https://www.youtube.com/watch?v=4_Bcw7BULC8 | Ryan Chenkie - Handling Authentication and Authorization in GraphQL - YouTube
https://www.youtube.com/watch?v=Urk5vPGnkeg | Zero Back To Back Funny Moments | Shahrukh Khan, Katrina, Anushka | Zero Official Trailer Launch - YouTube
https://github.com/br3akp0int/GQLParser | br3akp0int/GQLParser: A repository for GraphQL Extension for Burp Suite
https://medium.com/paypal-engineering/graphql-resolvers-best-practices-cd36fdbcef55 | GraphQL Resolvers: Best Practices – PayPal Engineering – Medium
https://hackernoon.com/piecing-together-graphql-ca6739cd8205 | Piecing Together GraphQL – Hacker Noon
https://medium.com/airbnb-engineering/how-airbnb-is-moving-10x-faster-at-scale-with-graphql-and-apollo-aa4ec92d69e2 | How Airbnb is Moving 10x Faster at Scale with GraphQL and Apollo
https://medium.com/open-graphql/reasonml-with-graphql-the-future-of-type-safe-web-applications-65be2e8f34c8 | ReasonML with GraphQL, the Future of Type-Safe Web Applications
https://www.programmableweb.com/news/top-5-things-to-remember-when-adding-graphql-backend/analysis/2018/10/01 | Top 5 things to Remember When Adding a GraphQL Backend | ProgrammableWeb
https://medium.com/paypal-engineering/graphql-resolvers-best-practices-cd36fdbcef55 | GraphQL Resolvers: Best Practices – PayPal Engineering – Medium
https://medium.com/netflix-techblog/our-learnings-from-adopting-graphql-f099de39ae5f | Our learnings from adopting GraphQL – Netflix TechBlog – Medium
https://kajansiva.gitbook.io/knowledge/daily/2018/december/12_11_2018 | Knowledge

https://www.freebuf.com/articles/web/10099.html | WAF bypassed the singularity - FreeBuf Internet Security New Media Platform
http://wafbypass.me/w/index.php/Main_Page | wafbypass.me | 522: Connection timed out
http://tech-technical.com/index.php/2015/11/11/waf-bypass-sql-injection-tutorial/
http://webvuln.blogspot.com/2015_04_01_archive.html | Tricks And Tips: April 2015
http://www.wooyun.org/bugs/wooyun-2014-089426 | 升级中
https://forum.90sec.org/forum.php?mod=viewthread&tid=9133 | 提示信息 - 九零
http://www.idiot-attacker.com/2016/02/macam-macam-kode-bypass-waf.html | Macam-macam kode Bypass WAF - Idiot Attacker
https://github.com/borbelyau/bypass-waf-ids-ips/blob/master/evasionsqli_methods | bypass-waf-ids-ips/evasionsqli_methods at master · borbelyau/bypass-waf-ids-ips

https://pastebin.com/S4nHhEZW | CORS - Pastebin.com
https://appsecwiki.com/#/serversidesecurity?id=ssrf | Server Side Security - Application Security Wiki
https://www.youtube.com/watch?v=K_ElxRc9LLk | (496) Server-Side Request Forgery (SSRF) - Web Application Security Series #1 - YouTube
https://www.corben.io/tricky-CORS/ | Tricky CORS Bypass in Yahoo! View – Corben Leo – Information Security Blog
https://medium.com/bugbountywriteup/the-design-and-implementation-of-ssrf-attack-framework-550e9fda16ea | All you need to know about SSRF and how may we write tools to do auto-detect
https://medium.com/@Auxy233 | Auxy – Medium
https://github.com/C0RB3N?tab=repositories | C0RB3N (Corben Leo) / Repositories
https://www.corben.io/advanced-cors-techniques/ | Advanced CORS Exploitation Techniques – Corben Leo – Information Security Blog
http://zeroyu.xyz/2018/03/06/introduction-to-ssrf/ | Understanding SSRF, this one is enough
https://www.bugcrowd.com/resource/broken-access-control-testing/ | Broken Access Control Testing | Bugcrowd
https://hackerone.com/reports/223203 | #223203 SVG Server Side Request Forgery (SSRF)
http://zeroyu.xyz/2018/03/06/introduction-to-ssrf/ | 了解SSRF,这一篇就足够了
https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb | Cloud Metadata Dictionary useful for SSRF Testing
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/ | From blind XXE to root-level file read access | Honoki
https://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326 | Exploiting SSRF like a Boss! – Zain Sabahat – Medium
http://api.hackertarget.com/reverseiplookup/?q= | api.hackertarget.com/reverseiplookup/?q=
https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a | Piercing the Veil: Server Side Request Forgery to NIPRNet access
http://blog.safebuff.com/2016/07/03/SSRF-Tips/ | SSRF Tips | xl7dev
https://si9int.sh/article/6 | SI9INT
https://klikki.fi/adv/wpgform.html | Klikki Oy - Google Forms (WordPress plugin) SSRF vulnerability
https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/ | Security Bugs in Practice: SSRF via Request Splitting
https://twitter.com/gwendallecoguic/status/1000023180101201921 | Gwendal Le Coguic on Twitter: "On a sife we have people fighting for XSS/CSRF/IDOR, like me, and on the other side we have ufos that bring #bugbounty to the next level with georgous findings from nowhere. Congratulations @0xACB it's a great lesson for hunters, companies, everyone. https://t.co/rnHcW1uNp3"
https://twitter.com/saurinn_/status/1031219232661495809 | Manuel 👁️ on Twitter: "But why?… "
https://hackerone.com/reports/374737 | HackerOne
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ | Into the Borg – SSRF inside Google production network | OpnSec
https://hackerone.com/reports/356765 | HackerOne
https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4 | How i found an SSRF in Yahoo! Guesthouse (Recon Wins)
https://medium.com/@mleblanc_82306 | Maxime Leblanc – Medium
https://www.youtube.com/watch?v=TrBUrVDlc20 | Hackfest 2015: Nicolas Grégoire presented "Server Side Browsing" - YouTube
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Tsai | DEF CON® 25 Hacking Conference - Talks
https://github.com/m6a-UdS/ssrf-lab | m6a-UdS/ssrf-lab: Lab for exploring SSRF vulnerabilities
https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6 | Privilege escalation in the Cloud: From SSRF to Global Account Administrator
https://www.youtube.com/watch?v=XvN25xG75x0 | (496) DON’T MISS: Anushka Sharma and Katrina Kaif’s EXCLUSIVE Full Interview | ZERO - YouTube

https://pastebin.com/u/Drvirus1911 | Drvirus1911's Pastebin - Pastebin.com
https://philippeharewood.com/facebookbugbounties.txt | https://philippeharewood.com/facebookbugbounties.txt
https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_357 | BUG BOUNTY FUNSHOP - Google Slides
https://medium.com/ehsahil/getting-started-in-bug-bounty-7052da28445a | Getting started in Bug Bounty – ehsahil – Medium
https://www.youtube.com/watch?time_continue=6&v=Qw1nNPiH_Go | (493) LevelUp 0x02 - Bug Bounty Hunter Methodology v3 - YouTube
https://www.youtube.com/watch?v=mQjTgDuLsp4&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | (493) Nicolas Grégoire - Hunting for Top Bounties - YouTube
https://www.facebook.com/notes/phwd/a-facebook-graphql-crash-course/1189337427822946 | (5) A Facebook GraphQL crash course
https://www.facebook.com/notes/phwd/facebook-api-bug-bounties-the-basic-sauce/818002471623112 | (5) Facebook API Bug Bounties - The Basic Sauce
https://developers.facebook.com/docs/graph-api/overview/ | Overview - Graph API
https://developers.facebook.com/docs/graph-api/reference/ | Graph API Reference
https://developers.facebook.com/graph-academy/ | Graph Academy - Facebook for Developers
https://www.pluralsight.com/courses/beginner-facebook-development | Introduction to the Facebook Graph API | Pluralsight
https://www.youtube.com/results?search_query=graph+api | (493) graph api - YouTube
https://www.youtube.com/watch?v=4TbnZAFTqAI&t=1s | (493) Facebook graph API testing ! And Secret Method to create multiple user id for same user ! - YouTube
https://www.0daydown.com/?s=Introduction+to+the+Facebook+Graph+API | Introduction to the Facebook Graph API | 0DayDown
https://learnflakes.net/?p=torrents&pid=10 | LearnFlakes.Net -Learning Community
http://ww7.learningdl.com/?z | ww7.learningdl.com/?z
https://www.youtube.com/watch?v=WvOrWq2-5cE | (493) Secrets of My Beard | My Beard Grow Journey | How to Grow Beard | - YouTube

https://www.youtube.com/watch?v=-gUkNAHR0jY&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) FileCry - The New Age Of XXE - YouTube
https://www.youtube.com/watch?v=v_5dTJYjSMA&list=PLoDjojPzHp2VtA6_UVO0uxtd6iNHaA0Sl | (488) t505 SWF Seeking Lazy Admin for Cross Domain Action Seth Art - YouTube
https://www.youtube.com/watch?v=XeeLkBkjLl0&index=6&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Black Hat USA 2015 - Abusing XSLT For Practical Attacks - YouTube
https://www.youtube.com/watch?v=oEUSNk8XAQY&index=7&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Vladimir Vorontsov - Blind XXE injections - YouTube
https://www.youtube.com/watch?v=Zl8U2YVp2lw&index=9&list=PLoDjojPzHp2Wo8U6Xp0KAoCL2b55Yo5WN | (488) Introduction to XML External Entity Injection (ISSA KY Workshop) - YouTube
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/ | Pentest Tips and Tricks – EK
https://www.youtube.com/results?search_query=race+condition+OWASP | (488) race condition OWASP - YouTube
https://www.youtube.com/channel/UCo7g5wKeNu32YIziwDqempw/videos | (488) SecureSet - YouTube
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://hackerone.com/reports/409380 | #409380 Stored XSS in merge request pages
https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/ | Offensive Security Bookmarks – EK
https://github.com/coreb1t/awesome-pentest-cheat-sheets | coreb1t/awesome-pentest-cheat-sheets: Collection of the cheat sheets useful for pentesting
https://github.com/tanprathan | tanprathan (Prathan Phongthiproek)
https://www.linkedin.com/in/pprathan/?originalSubdomain=th | (1) Prathan Phongthiproek | LinkedIn
https://github.com/jshaw87/Cheatsheets | Page not found · GitHub
https://github.com/coodict/javascript-in-one-pic | coodict/javascript-in-one-pic: Learn javascript in one picture.
https://code.google.com/archive/p/pentest-bookmarks/wikis/BookmarksList.wiki | Google Code Archive - Long-term storage for Google Code Project Hosting.
https://github.com/swisskyrepo/PayloadsAllTheThings | swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ | Penetration Testing Tools Cheat Sheet
https://twitter.com/trimstray/status/1068095885026955264 | trimstray on Twitter: "My top 5 @Burp_Suite extensions: - Random IP Address Header - CSP-Bypass - BypassWAF - Autorize - Hackvertor Which one do you use most often? or any other? #security #pentest #infosec #cybersecurity #cybersec #tech #it #technology"
https://www.cyberciti.biz/security/nmap-command-examples-tutorials/ | Top 32 Nmap Command Examples For Linux Sys/Network Admins - nixCraft
https://jerrygamblin.com/2018/10/29/google-home-insecurity/ | Google Home (in)Security – JerryGamblin.com
https://medium.com/@Skylinearafat/a-very-useful-technique-to-bypass-the-csrf-protection-for-fun-and-profit-471af64da276 | A very useful technique to bypass the CSRF protection for fun and profit.
https://gist.github.com/Rhynorater/311cf3981fda8303d65c27316e69209f | BXSS - CSP Bypass with Inline and Eval
https://twitter.com/binitamshah/status/1036541096522858496 | Binni Shah on Twitter: "Web Application Firewall (WAF) Evasion Techniques Part - 3 : Uninitialized Bash variable to bypass WAF : https://t.co/zRj9xsv0Dm ,Part 2 : Web Application Firewall (WAF) Evasion Techniques : https://t.co/11oAnX3Uhe , Part 1 : https://t.co/7zwnIngrDE cc @Menin_TheMiddle… https://t.co/N269avqr7i"
https://medium.freecodecamp.org/a-quick-introduction-to-web-security-f90beaf4dd41 | A quick introduction to web security – freeCodeCamp.org
https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf | jwt_security_cheatsheet - Page 1.pdf
https://twitter.com/binitamshah/status/1025982771393486848 | Binni Shah on Twitter: "Linux Post Exploitation Cheat Sheet : https://t.co/GSHVQAzRsn cc @GuifreRuiz"
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/ | Bypassing and exploiting Bucket Upload Policies and Signed URLs
http://cybersec-research.com/ssrf-on-digitalocean-site-bugbounty-tip/?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork | 404 Not Found
https://twitter.com/GoogleVRP/status/1022404220291567617 | Google Vulnerability Reward Program (VRP) on Twitter: "Don't render arbitrary HTML in Electron apps: https://t.co/fGhn2VPYUB. Good example of why we're rewarding impactful vulnerabilities and not exploits.… https://t.co/K85ePqPlVw"
https://twitter.com/rajchandel/status/1022174569757646848 | Hacking Articles on Twitter: "Collections of 150 CTF Challenges (Vulnhub+HTB) https://t.co/MrVO2vtJ0T … @VulnHub @hackthebox_eu #oscp #ctf"
https://twitter.com/Scott_Helme/status/1022035104372334592 | Scott Helme on Twitter: "I was asked to look into an XSS vulnerability on Etherscan which turned out to be caused by a custom Disqus integration: https://t.co/gc7EgvgArF"
https://twitter.com/SecurityMB/status/1021464816370798592 | Michał Bentkowski on Twitter: "Blogged! Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again. https://t.co/HKT28uQbwy"
https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html | Setting arbitrary request headers in Chromium via CRLF injection | MB blog
https://plus.google.com/114029233000745976870 | Michał Bentkowski - Google+
https://sekurak.pl/blad-bezpieczenstwa-w-aplikacji-desktopowej-google-chat-czyli-jak-uczynic-open-redirect-znow-wielkim/ | Security error in the Google Hangouts Chat desktop application - how to make Open Redirect great again
https://sekurak.pl/bezpieczenstwo-sieci-wi-fi-czesc-1/ | Bezpieczeństwo sieci Wi-Fi – część 1 (wstęp)
https://sekurak.pl/google-caja-i-xss-y-czyli-jak-dostac-trzy-razy-bounty-za-prawie-to-samo/ | Google Caja i XSS-y – czyli jak dostać trzy razy bounty za (prawie) to samo
https://sekurak.pl/facebook-wyplacil-10-latkowi-10-tys-usd-za-zgloszenie-luki-w-instagramie/ | Facebook wypłacił 10-latkowi 10 tys. USD za zgłoszenie luki w Instagramie
https://sekurak.pl/hack-the-pentagon-rusza-program-bug-bounty-prowadzony-przez-armie-usa/ | „Hack the Pentagon” — rusza program bug bounty prowadzony przez armię USA
https://sekurak.pl/dostal-10-000-od-google-za-podmiane-jednego-naglowka-header/ | He got $ 10,000 from Google for the replacement of one Header header
https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up | $7.5k Google services mix-up - Ezequiel Pereira
https://portswigger.net/kb/papers/crackingthelens-whitepaper.pdf | crackingthelens-whitepaper.pdf
https://sekurak.pl/za-jeden-prosty-xml-zgarnal-10-000-za-jednego-prostego-xml-a-zgarnal-10-000/ | Za jeden prosty XML zgarnął $10 000
https://sekurak.pl/slack-dostal-sie-do-glownego-panelu-admina-i-zgarnal-9000-w-ramach-bounty/ | Slack – dostał się do głównego panelu admina i zgarnął $9000 w ramach bounty
https://sekurak.pl/chcesz-byc-bogaty-i-slawny-kilkaset-programow-bug-bounty/ | Chcesz być bogaty i sławny? ;) Kilkaset programów bug bounty
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://0xpatrik.com/project-sonar-guide/ | Project Sonar: An Underrated Source of Internet-wide Data
https://0xpatrik.com/asset-discovery/ | Asset Discovery: Doing Reconnaissance the Hard Way
https://github.com/jobertabma?tab=repositories | jobertabma (Jobert Abma) / Repositories
https://silesiasecuritylab.com/articles/from-csrf-to-unauthorized-remote-admin-access/ | From CSRF to Unauthorized Remote Admin Access – Dawid Czagan
https://wiki.exploitpedia.org/view/OWASP_TOP_10#A1:2017-Injection | OWASP TOP 10 - wiki.exploitpedia.org
https://wiki.exploitpedia.org/view/Static_Analysis | Static Analysis - wiki.exploitpedia.org
https://twitter.com/SamiDrif | Sami 🦄 (@SamiDrif) | Twitter
https://www.youtube.com/ | (488) YouTube
https://www.youtube.com/watch?v=lEdmdCb1DT0 | (488) Who Will Save Iron Man In Endgame? - YouTube

https://pastebin.com/u/thecreat0r/1/Z4EmVYsB | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/9BSQjM3E | CSRF - Pastebin.com
https://pastebin.com/xZC446zy | SSRF - Pastebin.com
https://www.youtube.com/watch?v=rR0SnARknlk&list=PLZOToVAK85MoxxCMbxxiBbQ6pavP8aucC | (474) Cross-Site Request Forgery Explained - Part 1: Basic CSRF - YouTube
https://www.youtube.com/results?search_query=CSRF | (474) CSRF - YouTube
https://www.youtube.com/watch?v=KaEj_qZgiKY | (474) CSRF Introduction and what is the Same-Origin Policy? - web 0x04 - YouTube
https://www.youtube.com/watch?v=_JpDMFDlk3Y | (474) CSRF/XSRF/SEA SURF Kya Hote Hai ?? - YouTube
https://www.youtube.com/watch?v=5joX1skQtVE | (474) What is a CSRF? | OWASP Top 10 2013 | Video by Detectify - YouTube
https://null.co.in/events/525-delhi-null-delhi-meet-15-december-2018-combined-null-owasp-meet | null Delhi Meet 15 December 2018 Combined [null + OWASP] Meet
https://null.co.in/profile/3906-narendra-kumar | narendra kumar - null Community Profile
https://www.slideshare.net/NarendraKumar529/server-side-tempalate-injection-85399102 | Server side tempalate injection
https://tomnomnom.com/talks/advxss.pdf | advxss.pdf
https://appsecwiki.com/#/frontend?id=cross-site-request-forgery | Frontend Security - Application Security Wiki
https://philippeharewood.com/facebook-graphql-csrf/ | Facebook GraphQL CSRF – These aren't the access_tokens you're looking for
https://www.youtube.com/watch?v=NAR4nDEpD8g | (474) DVWA - CSRF ("Auto-Forcing New Passwords") - YouTube
https://www.youtube.com/results?search_query=bsides+CSRF | (474) bsides CSRF - YouTube
https://www.youtube.com/watch?v=enFcclD6nuk | BSides Boston - BruteLogic - Building Advanced XSS Vectors - YouTube
https://www.youtube.com/watch?v=vrjgD0azkCw | CSRF Explained - YouTube
http://bitspyder.net/browse.php?page=3 | .:: Bitspyder.net :: Downloads
https://learnflakes.net/?p=home&pid=1 | LearnFlakes.Net -Learning Community
https://medium.com/bugbountywriteup/csrf-account-takeover-explained-automated-manual-bug-bounty-447e4b96485b | CSRF account takeover Explained Automated/Manual — Bug Bounty
https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/ | haiderm.com | 521: Web server is down
https://twitter.com/prateek_0490/status/977764964944330753 | Prateek Tiwari on Twitter: "Also, to add to it, try and use “-1” {csrf_token=-1} as value of token and you will be amazed to see the result. 😉 #BugBounty #TogetherWeHitHarder… https://t.co/3RBhIegMPI"
https://www.youtube.com/watch?v=3KwGmKucayg&feature=youtu.be | (474) CSRF Bypass - YouTube
https://medium.com/@agrawalsmart7/what-is-csrf-how-to-bypass-the-csrf-protection-via-xss-55695f5789d7 | Hi all, and a Very Happy New Year to all, let’s Come to the topic, Today I just want to share some…
https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/ | Tricks for circumventing CSRF protection - Conference Zeronights 2017
https://hackerone.com/reports/115158 | #115158 CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION)
https://dl.packetstormsecurity.net/papers/attack/Using_XSS_to_bypass_CSRF_protection.pdf | Using XSS to bypass CSRF protection
https://blog.netspi.com/defeating-csrf-protections-expired-cross-domain-xml-domains/ | Defeating CSRF Protections Through Expired cross-domain.xml Domains
https://blog.netspi.com/fuzzing-parameters-in-csrf-resistant-applications-with-burp-proxy/ | Fuzzing Parameters in CSRF Resistant Applications with Burp Proxy
https://blog.netspi.com/netspi-sql-injection-wiki/ | NetSPI SQL Injection Wiki
https://hackerone.com/reports/233099/ | #233099 CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card
https://www.youtube.com/ | (474) YouTube

https://twitter.com/SamiDrif | Sami 🦄 (@SamiDrif) | Twitter
https://web-in-security.blogspot.com/2017/07/cors-misconfigurations-on-large-scale.html | CORS misconfigurations on a large scale
http://samidrif.net/
https://web.archive.org/web/20180813091525/https://bounty.github.com/researchers/Dharani-abss.html | Abhishek Dharani - GitHub Bug Bounty
https://www.slideshare.net/GreenD0g/deserialization-vulnerabilities | Deserialization vulnerabilities
https://hackerone.com/reports/301831 | #301831 Leaking sensitive files on Github leads to internal files (python scripts,SQL files)
https://opnsec.com/2018/03/stored-xss-on-facebook/ | Stored XSS on Facebook | OpnSec
https://www.sxcurity.pro/asus-sqli/
https://medium.com/bugbountywriteup/whats-tools-i-use-for-my-recon-during-bugbounty-ec25f7f12e6d | What tools I use for my recon during #BugBounty – InfoSec Write-ups – Medium
https://hackerone.com/reports/397527 | #397527 Leaking sensitive information on Github lead full access to all Grab Slack channels
https://pastebin.com/LEHfnLAw | [Markdown] GraphQl - Pastebin.com
https://twitter.com/snoopysecurity | (1) Sam Sanoop (@snoopysecurity) | Twitter
https://www.reddit.com/r/netsec/comments/8k5bvi/exposing_graphql_to_penetration_testers/?st=jphzadaa&sh=bf6394ca | Exposing GraphQL to Penetration Testers : netsec
https://exposingtheinvisible.org/guides/google-dorking/ | Smart searching with googleDorking | Exposing the Invisible
https://hackerone.com/reports/380317 | #380317 Team object exposes amount of participants in a private program to non-invited users

https://github.com/s-castillo/js-course-example/blob/master/course-examples/_js/simple-js.js | js-course-example/simple-js.js at master · s-castillo/js-course-example
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://github.com/chiangs/jsf-solutions2/blob/master/Module2/solutions.md#08---functions | jsf-solutions2/solutions.md at master · chiangs/jsf-solutions2
https://pastebin.com/WPMNrVzK | javascript-notes - Pastebin.com
https://www.youtube.com/watch?v=5aISC84gXBw | (468) Is The Katy Perry LOVE Story Over? Katy Finally Chats With Trevor About It | American Idol 2018 - YouTube

https://www.youtube.com/ | (459) YouTube
https://www.youtube.com/channel/UCTzvm6c3E6qH7jkO6HWn2Cg/videos | (459) UTD CSG - YouTube
https://www.youtube.com/feed/history | (459) History - YouTube
https://www.youtube.com/results?search_query=XXE | (459) XXE - YouTube
https://www.youtube.com/watch?v=BZOg_NgvP18 | (459) What Is An XXE Attack? - YouTube
https://appsecwiki.com/#/serversidesecurity?id=xxe | Server Side Security - Application Security Wiki
https://phonexicum.github.io/infosec/xxe.html | XXE
http://blkstone.github.io/2017/06/29/web-for-pentester-xxe/ | Web for Pentester XXE Resolution // Neurohazard
https://security.tencent.com/index.php/blog/msg/69 | 未知攻焉知防——XXE漏洞攻防 - 博客 - 腾讯安全应急响应中心
https://www.vsecurity.com//download/papers/XMLDTDEntityAttacks.pdf | XML Schema, DTD, and Entity Attacks
http://www.atomsec.org/%E5%AE%89%E5%85%A8/web_for_pentester_i-part-2/ | Web for pentester I part 2 – Atom Kid
https://2013.appsecusa.org/2013/wp-content/uploads/2013/12/WhatYouDidntKnowAboutXXEAttacks.pdf | OWASP
http://agrawalsmart7.com/2018/11/10/Understanding-XXE-from-Basic-to-Blind.html | Utkarsh Agrawal|Understanding Xxe From Basic To Blind
https://www.christian-schneider.net/GenericXxeDetection.html | Generic XXE Detection
https://www.christian-schneider.net/GenericXxeDetection.html | Generic XXE Detection
https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jedi | XXE: How to become a Jedi
https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html | Detecting and exploiting XXE in SAML Interfaces
https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/ | Gaining Filesystem Access via Blind OOB XXE – ∞ Growing Web Security Blog
https://www.youtube.com/watch?v=1EBWzbO8lgs&index=4&list=PLsyeobzWxl7oanwaonj3iV3rxfTdEA2gC | (459) XML Introduction 3 | Schema - YouTube
https://www.youtube.com/watch?v=eHSNT8vWLfc | (459) What You Didn't Know About XML External Entities Attacks - Timothy Morgan - YouTube
https://www.youtube.com/watch?v=2O874A5Uj3w | (459) AppSecEU 16 - C. Mainka, C. Spth, V. Mladenov - From DTD to XXE - An Evaluation of XML - Parsers - YouTube
https://appseceurope2016.sched.com/event/6XQ2/from-dtd-to-xxe-an-evaluation-of-xml-parsers | AppSec Europe 2016: From DTD to XXE: An Evaluation of XML-Pa...
http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html | @ONsec_Lab: XXE OOB exploitation at Java 1.7+
https://portswigger.net/kb/issues/00100400_xml-external-entity-injection | XML external entity injection | PortSwigger
https://blog.ninoishere.com/xxe-how-to-become-a-jedi/ | XXE: How to become a Jedi
https://www.facebook.com/pg/hacking.py/posts/?ref=page_internal | Hacking Is Sharing - Posts
https://darkweblinks.org/2018/08/10/xxe-how-to-become-a-jedi-yaroslav-babin/ | XXE: How to become a Jedi - Yaroslav Babin - Tor Hidden Service DarkWeb Links
https://blog.zsec.uk/blind-xxe-learning/ | Hunting in the Dark - Blind XXE
https://blog.ninoishere.com/tag/xxe/ | xxe - Nino

https://codeby.net/blogs/kniga-po-nmap-na-russkom/#12 | Nmap book in Russian
https://codeby.net/blogs/category/informacionnaja-bezopasnost/ | Information Security | The codeby
https://1cloud.ru/help/dns/dns_basics | Basics of working with DNS (domain name system)
https://habr.com/post/270159/ | Значимость SPF / Хабр
https://danielmiessler.com/study/dns/#gs.u_MO7iA | A DNS Primer | Daniel Miessler

https://codeby.net/threads/skanirovanie-seti-aktivnyj-fazzing-urok-5.65878/ | (1) Сканирование сети [активный фаззинг]. Урок 5 - Codeby.net - Информационная Безопасность
https://codeby.net/members/explorer.100533/#recent-content | (1) explorer | Codeby.net - Информационная Безопасность
https://codeby.net/members/pingvinich.73770/#recent-content | (1) PingVinich | Codeby.net - Информационная Безопасность
https://codeby.net/threads/aktivnyj-fazzing-poisk-subdomenov-urok-4.65842/ | (1) Активный фаззинг - поиск субдоменов. Урок 4 - Codeby.net - Информационная Безопасность
https://codeby.net/members/darklight.105361/#recent-content | (1) darklight | Codeby.net - Информационная Безопасность
https://codeby.net/threads/vzaimodejstvie-c-dns-urok-3.65828/ | (1) Взаимодействие c DNS. Урок 3 - Codeby.net - Информационная Безопасность
https://codeby.net/members/sergei-webware.66427/#recent-content | (1) Sergei webware | Codeby.net - Информационная Безопасность
https://codeby.net/threads/passivnyj-fazzing-ili-sbor-informacii-iz-otkrytyx-istochnikov.65781/ | (1) Пассивный фаззинг или сбор информации из открытых источников - Codeby.net - Информационная Безопасность
https://codeby.net/members/vertigo.72244/#recent-content | (1) Vertigo | Codeby.net - Информационная Безопасность
https://codeby.net/tags/lfi/ | (1) lfi | Codeby.net - Информационная Безопасность
https://codeby.net/threads/rukovodstvo-dlja-nachinajuschix-po-rabote-s-cenzuroj-v-internete.65642/ | (1) Руководство для начинающих по работе с цензурой в Интернете - Codeby.net - Информационная Безопасность
https://codeby.net/members/sith_ortodox.104801/#recent-content | (1) sith_ortodox | Codeby.net - Информационная Безопасность
https://codeby.net/members/i3wm.106227/#recent-content | (1) i3wm | Codeby.net - Информационная Безопасность
https://codeby.net/threads/istorii-za-kodom-na-puti-k-pravilnomu-kodu.65506/ | (1) [Истории за кодом] На пути к правильному коду. - Codeby.net - Информационная Безопасность
https://codeby.net/members/masonskoe_loje.106290/#recent-content | (1) Masonskoe_loje | Codeby.net - Информационная Безопасность
https://codeby.net/members/tayrus.74954/#recent-content | (1) Tayrus | Codeby.net - Информационная Безопасность
https://codeby.net/threads/hack-the-server-drupal.65356/ | (1) Hack the Server (Drupal) - Codeby.net - Information Security
https://codeby.net/threads/novyj-sposob-vzloma-wi-fi-avgust-2018.64485/ | (1) Новый способ взлома Wi-Fi | август 2018 - Codeby.net - Информационная Безопасность
https://codeby.net/threads/rsa-princip-raboty-algoritma-na-primerax-python-shifrovanie-v-internete-chast-1.64349/ | (1) RSA algorithm operation principle using python examples. Encryption on the Internet. Part 1. - Codeby.net - Information Security
https://codeby.net/threads/mini-framework-python-dlja-xakera-chast-4-svoj-mini-frejmvork.64083/ | (1) [Mini framework] - Python для хакера - [Часть 4] - Свой мини фреймворк - Codeby.net - Информационная Безопасность
https://codeby.net/threads/python-requests-threading-perebor-parolja-v-formax-avtorizacii.62698/ | (1) Python + requests + threading. Password search in authorization forms. - Codeby.net - Information Security
https://codeby.net/threads/anonimnyj-pentest-vpn-tor-vpn-chast-ii-reverse-shell-za-lokalnoj-setju.62656/ | (1) Анонимный пентест [VPN -> TOR -> VPN] (Часть II) - Reverse Shell за локальной сетью - Codeby.net - Информационная Безопасность
https://codeby.net/threads/pishem-skript-dlja-bruta-xehshej.62252/ | (1) Пишем скрипт для брута хэшей - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sozdanie-plagina-s-majnerom-dlja-brauzera-chrome.62202/ | (1) Создание плагина с майнером для браузера chrome - Codeby.net - Информационная Безопасность
https://codeby.net/threads/uroki-po-burp-suite-pro-chast-1-nachalo.62200/ | (1) Уроки по Burp Suite Pro Часть 1. Начало. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sposoby-zagruzki-shella-behkdora-na-sajt.61851/ | (1) Способы загрузки шелла/бэкдора на сайт. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/uchim-python-ch8-otojdem-ot-temy.61715/ | (1) Учим Python - [Ч8] - Отойдем от темы - Codeby.net - Информационная Безопасность
https://codeby.net/threads/kak-ispolzovat-shodan-api-s-python-dlja-avtomatizacii-skanirovanija-ujazvimyx-ustrojstv.61501/ | (1) Как использовать Shodan API с Python для автоматизации сканирования уязвимых устройств - Codeby.net - Информационная Безопасность
https://codeby.net/threads/sryptography-for-beginners-chast-2-prostye-shifry.61379/ | (1) [Сryptography for beginners] - Часть 2. Простые шифры. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/nachinajuschim-kriptografija-vvedenie.61349/ | (1) [Начинающим] - Криптография. Введение. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/vzlom-web-prilozhenij-kak-pravilno-provodit-sbor-informacii-celevogo-veb-resursa.61041/ | (1) [Взлом web приложений] - Как правильно проводить сбор информации целевого веб ресурса. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/pishem-malvar-na-python-chast-i-telegram-bot.60941/ | (1) Пишем малварь на Python. Часть I. Telegram-bot. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/powerfull-dos.60856/ | (1) Powerfull Dos - Codeby.net - Информационная Безопасность
https://codeby.net/threads/powershell-dlja-xakera-chast-x-povyshenija-privilegij-skript-sherlock-ps1.60713/ | (1) PowerShell для хакера ( часть X ) Повышения привилегий . [скрипт Sherlock.ps1] - Codeby.net - Информационная Безопасность
https://codeby.net/threads/dekompiljacija-android-prilozhenij.60558/ | (1) Декомпиляция android-приложений - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-inkapsuljacija.59804/ | (1) Эксплуатация python приложений: Инкапсуляция. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-funkcija-input.59803/ | (1) Эксплуатация python приложений: функция input. - Codeby.net - Информационная Безопасность
https://codeby.net/threads/ehkspluatacija-python-prilozhenij-modul-pickle.59799/ | (1) Эксплуатация python приложений: модуль pickle. - Codeby.net - Информационная Безопасность

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://www.youtube.com/watch?v=QhSdSesIu2M | Review the AttackDefense site for making penetration tests - YouTube
https://www.youtube.com/watch?v=UyaVMl91qyA | (336) AttackDefense: TShark Basics Lab Walk-through - YouTube
https://www.youtube.com/results?search_query=attackdefense&sp=CAI%253D | (336) attackdefense - YouTube
https://www.youtube.com/watch?v=e52Nd17DXs8 | (336) AttackDefence Lab ApPHP MicroBlog Remote Code Execution Solution - YouTube
https://www.youtube.com/watch?v=ZSIaTD2Dl0U | (336) AttackDefense.com: Nmap Firewall Challenge - YouTube
https://nitesculucian.github.io/2018/11/26/attackdefense-com-lfi-cve-2018-12613-exploit/ | AttackDefense.com [LFI] - CVE-2018-12613 Exploit
https://nitesculucian.github.io/ | Lucian Nitescu
https://pbs.twimg.com/media/Dq1uXfoU0AUsSh4.jpg | Dq1uXfoU0AUsSh4.jpg (893×886)
https://twitter.com/swaroopsy | Swaroop Yermalkar (@swaroopsy) | Twitter
https://github.com/rowdymehul/OWASP-s-AppSec-Israel-2018 | rowdymehul/OWASP-s-AppSec-Israel-2018: AppSec Israel 2018 will take place on 5-6 September, 2018 at Tel Aviv University, in central Tel Aviv.
http://www.rowdymehul.com/events/owasps-appsec-israel-2018/#more-1647 | OWASP’s AppSec Israel 2018 – Rowdy’s Caf`e
https://hackfest.ca/fr/formations/ios/ | iOS Mobile Application Hacking 2018
https://github.com/djadmin/awesome-bug-bounty | djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
https://www.allysonomalley.com/2018/08/06/learning-with-owasp-igoat-pentesting-with-swift/ | Learning with OWASP iGoat – Pentesting with Swift – allysonomalley.com
https://twitter.com/aseemjakhar/status/1006612530771288065 | aseemjakhar on Twitter: "T-0 And... your friendly neighborhood expliot - ioT exploitation framework can be found here https://t.co/iuxs3JREiG Please download, test, suggest and RT :)… https://t.co/a2JxzpCQJk"
http://sagarpopat.in/2017/06/07/automating-rest-api-penetration-testing-using-owasp-zap/ | Automating REST API Penetration testing using OWASP ZAP – I like building and breaking stuff
https://bitbucket.org/aseemjakhar/expliot_framework | aseemjakhar / expliot_framework — Bitbucket
https://www.bugcrowd.com/resources/ | Resources
https://schd.ws/hosted_files/appsecisrael2018/a3/Exploiting%20Smart%20Contracts%20for%20fun%20and%20profit%20-%20Erez%20Metula%20AppSec%20Labs%20-%20OWASP%20IL%202018.pdf | Microsoft PowerPoint - Exploiting Smart Contracts for fun and profit.pptx
https://www.securityjourney.com/blog/igoat-and-ios-mobile-pen-testing-s04e16/ | iGoat and iOS Mobile Pen Testing (S04E16) - Security Journey
https://app.securityjourney.com/user/sign_up | Security Journey
https://www.securityjourney.com/application-security-podcast/episodes/ | The Application Security Podcast's Episode List - Security Journey
https://www.linkedin.com/in/swaroop-yermalkar-2638b985/ | Swaroop Yermalkar | LinkedIn
https://www.youtube.com/watch?v=loHywYcwjmo&t=0s&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd&index=41 | (337) Pentesting Swift Application with OWASP iGoat - Swaroop Yermalkar - AppSecUSA 2018 - YouTube
https://www.amazon.in/Learning-Penetration-Testing-Swaroop-Yermalkar/dp/1785883259/ref=sr_1_2?ie=UTF8&qid=1503300995&sr=8-2&keywords=swaroop+yermalkar | Buy Learning iOS Penetration Testing Book Online at Low Prices in India | Learning iOS Penetration Testing Reviews & Ratings - Amazon.in
https://www.youtube.com/watch?v=FAopBbQukvI&index=46&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Single Page Applications: Is your design secure? - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=rGbpSeSyIfA&index=44&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Flying Above the Clouds: Securing Kubernetes - Jack Mannino - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=6RFh-h2n39Q&index=41&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Deserialization Vulnerability Remediation with Automated Gadget Chain Discovery - Ian Haken - YouTube
https://www.youtube.com/watch?v=t-zVC-CxYjw&index=39&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=eR-erlSOqP4&index=36&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | (336) Fixing Mobile AppSec - Sven Schleier - AppSecUSA 2018 - YouTube
https://www.youtube.com/watch?v=HaVEH1vFiN0&index=9&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd | (337) OWASP Amass Project - Jeff Foley - YouTube
https://www.youtube.com/results?search_query=Sven+Schleier%5C | (336) Sven Schleier\ - YouTube
https://www.youtube.com/watch?v=HLeAIScDMNM | (336) Sven Schleier - OWASP Mobile Security Testing Guide MSTG - YouTube
https://www.youtube.com/watch?v=THJVzf-u7Iw&t=255s | (336) AppSec EU 2017 Fixing Mobile AppSec: The OWASP Mobile Project by Bernhard Mueller and Sven Schleier - YouTube

https://www.youtube.com/ | (333) YouTube
https://courses.knowthen.com/p/elm-beyond-the-basics | Elm Beyond the Basics | knowthen
http://bitspyder.net/browse.php?page=5 | .:: Bitspyder.net :: Downloads
https://medium.com/@Pinterest_Engineering/the-next-era-of-bug-bounty-at-pinterest-a646a72a0cd3 | The next era of Bug Bounty at Pinterest – Pinterest Engineering – Medium
https://medium.com/@hakluke/how-to-setup-an-automated-sub-domain-takeover-scanner-for-all-bug-bounty-programs-in-5-minutes-3562eb621db3 | How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
https://hawkinsecurity.com/2018/08/27/traversing-the-path-to-rce/ | Traversing the Path to RCE – ∞ Growing Web Security Blog
http://misteralfa-hack.blogspot.com/2018/03/facebook-f5-big-ip-persistence-cookie.html | Capitan Alfa: [Facebook] [F5 BIG-IP] PERSISTENCE COOKIE INFORMATION LEAKAGE
https://www.inputzero.io/p/facebook-internal-ip-disclosure.html | inputzero: Facebook Internal IP Disclosure - SSRF on Facebook | Dhiraj Mishra

https://pastebin.com/u/thecreat0r/1/Z4EmVYsB | Thecreat0r's Pastebin - Pastebin.com
https://pastebin.com/E1HAEFZf | My-Recon-Guide - Pastebin.com
https://www.youtube.com/watch?v=3iWFGFJsNa0 | (333) Web Hacking Pro Tips Deep Dive #3: Advanced Recon - YouTube
https://www.youtube.com/watch?v=1bivJl0B_bs | (333) Hacking Process - Recon - YouTube
https://twitter.com/ | (*) Twitter
https://def.camp/archives/2017/ | Archives – DefCamp 2018
https://def.camp/speaker/konrad-jedrzejczyk-3/#presentation | Konrad Jędrzejczyk – DefCamp 2018
https://www.youtube.com/watch?v=kCCWN0SRsq8&index=11&t=0s&list=PLnwq8gv9MEKhpkg2-sWdc3OV_pyXslZoL | WiFi practical hacking “Show me the passwords!” at DefCamp 2018 - YouTube
https://def.camp/speaker/marek-zmyslowski-2/#presentation | Marek Zmysłowski – DefCamp 2018
https://www.linkedin.com/in/mzmyslowski/?originalSubdomain=za | (2) Marek Zmysłowski | LinkedIn
https://www.linkedin.com/in/luciannitescu/ | (2) Nitescu Lucian | LinkedIn
https://nitesculucian.github.io/2018/07/24/msfvenom-cheat-sheet/ | Msfvenom Cheat Sheet
https://gitlab.com/r00k/kali-bash-config | Derek Rook / kali-bash-config · GitLab

https://www.speedtest.net/ | Speedtest by Ookla - The Global Broadband Speed Test

file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
https://drive.google.com/file/d/0BxDBNrqmA87UNklZbl9xYTBjclk/view | sanjay sharma.pdf - Google Drive

https://myactivity.google.com/myactivity?q=github&max=1539628199999999 | Google - My Activity
https://github.com/infoslack/awesome-web-hacking | infoslack/awesome-web-hacking: A list of web application security
https://github.com/qazbnm456/awesome-web-security#tips | qazbnm456/awesome-web-security: 🐶 A curated list of Web Security materials and resources.
https://github.com/djadmin/awesome-bug-bounty | djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

https://www.facebook.com/ | Facebook
file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
chrome://history/?q=github | History
https://github.com/vitalysim/Awesome-Hacking-Resources | vitalysim/Awesome-Hacking-Resources: A collection of hacking / penetration testing resources to make you better!
https://github.com/DoGByTe-ZN/infosec-resources4all | DoGByTe-ZN/infosec-resources4all: Only the best quality InfoSec-resources shared, based on regular sourcing of publicly available content found on the internet.
https://twitter.com/sprp77/status/985041832332746752?lang=en | Stefanie Proto 🔍 on Twitter: "My Awesome OSINT Folder https://t.co/QU5h1oUlVa #SOCMINT #infosec #data #opensource #OSINT #hack #Security #CyberSecurity #intelligence #recon #sourcecon #Infosys #API #code #dorking #SEO #awesome #SearchEngine #tools #github #infosecurity #code… https://t.co/pUcZd4AD5O"
https://github.com/jivoi/awesome-osint | jivoi/awesome-osint: A curated list of amazingly awesome OSINT
https://github.com/anshumanbh/git-all-secrets | anshumanbh/git-all-secrets: A tool to capture all the git secrets by leveraging multiple open source git searching tools
https://github.com/dsopas/assessment-mindset/tree/dev | dsopas/assessment-mindset at dev
https://github.com/cujanovic/Content-Bruteforcing-Wordlist | cujanovic/Content-Bruteforcing-Wordlist: Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
https://github.com/cujanovic/subdomain-bruteforce-list/blob/master/all.txt | subdomain-bruteforce-list/all.txt at master · cujanovic/subdomain-bruteforce-list
https://github.com/onlurking/awesome-infosec?fbclid=IwAR3qBqsRzutkoBx5OIzi1l3HyxWIMF0nIkqI_uUwf1_EQFap3c0wQm5gNOs | onlurking/awesome-infosec: A curated list of awesome infosec courses and training resources.
https://github.com/zardus/ctf-tools?fbclid=IwAR3GjJ7DMnozO3GiTl9VA9hDFCi7_gaDzlkyoG-p7OzzYx5QTBEfH3zEfH0 | zardus/ctf-tools: Some setup scripts for security research tools.
https://github.com/sectalks/sectalks | sectalks/sectalks: CTFs, solutions and presentations
https://github.com/michenriksen/gitrob | michenriksen/gitrob: Reconnaissance tool for GitHub organizations
https://github.com/anshumanbh/tko-subs | anshumanbh/tko-subs: A tool that can help detect and takeover subdomains with dead DNS records
https://github.com/codingo/ssrf-playground | codingo/ssrf-playground: A playground to practice SSRF Attacks against web apps
https://github.com/codingo/takeover | codingo/takeover: Sub-Domain TakeOver Vulnerability Scanner
https://github.com/random-robbie/My-Shodan-Scripts | random-robbie/My-Shodan-Scripts: Collection of Scripts for shodan searching stuff.
https://github.com/juliocesarfort/public-pentesting-reports/tree/master/Bugcrowd | public-pentesting-reports/Bugcrowd at master · juliocesarfort/public-pentesting-reports
https://github.com/BeDefended/RequestHighlighter | BeDefended/RequestHighlighter: Burp Suite extension that automatically highlights different HTTP requests
https://github.com/ChrisTruncer/PenTestScripts | ChrisTruncer/PenTestScripts: Scripts that are useful for me on pen tests
https://github.com/joe-shenouda/awesome-cyber-skills | joe-shenouda/awesome-cyber-skills: A curated list of hacking environments where you can train your cyber skills legally and safely
https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b | Cloud Metadata Dictionary useful for SSRF Testing
https://github.com/shieldfy/API-Security-Checklist | shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
https://github.com/DaniLabs/tools-tbhm | DaniLabs/tools-tbhm: Tools of "The Bug Hunters Methodology V2 by @jhaddix"
https://nitstorm.github.io/blog/burp-suite-intruder-attack-types/ | Understanding Burp Suite Intruder Attack Types - Nitin's Blog
https://github.com/sa7mon/S3Scanner | sa7mon/S3Scanner: Scan for open AWS S3 buckets and dump the contents
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet | tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
https://github.com/sgayou/medfusion-4000-research | sgayou/medfusion-4000-research: Medfusion 4000 security research & a MQX RCE.
https://github.com/jiayy/android_vuln_poc-exp | jiayy/android_vuln_poc-exp: This project contains pocs and exploits for android vulneribilities
https://twitter.com/HackwithGithub/status/927151008169390081 | Hack with GitHub on Twitter: "pentest-tools - Custom tools to help during #pentest Author: @gwendallecoguic https://t.co/loPD1RxHsn"
https://twitter.com/g0tmi1k/status/914824867698151426 | g0t mi1k on Twitter: "g0tmi1k starred frizb/OSCP-Survival-Guide on Github https://t.co/Oe0XaArzq6"
https://github.com/gwen001/pentest-tools | gwen001/pentest-tools: Custom pentesting tools
https://github.com/b-mueller/android_app_security_checklist/blob/master/README.md | android_app_security_checklist/README.md at master · b-mueller/android_app_security_checklist
https://github.com/LucaBongiorni?tab=repositories | LucaBongiorni / Repositories
https://github.com/LucaBongiorni/List-of-web-application-security | LucaBongiorni/List-of-web-application-security: List of web application security
https://github.com/LucaBongiorni/awae | LucaBongiorni/awae: wifi enterprise workshop
https://github.com/LucaBongiorni/awae/tree/master/lab1 | awae/lab1 at master · LucaBongiorni/awae
https://github.com/0xSobky/HackVault/wiki/AutoRecon-for-Automated-Reconnaissance | AutoRecon for Automated Reconnaissance · 0xSobky/HackVault Wiki
https://github.com/0xSobky/HackVault/wiki | Home · 0xSobky/HackVault Wiki
https://github.com/0xSobky | 0xSobky (Ahmed Elsobky)
https://0xsobky.github.io/ | Hacklog – by Ahmed Elsobky | Web Security Researcher
https://0xsobky.github.io/hijacking-facebook-tokens/ | Hijacking Facebook Apps' Access Tokens on the Fly! – Hacklog – by Ahmed Elsobky | Web Security Researcher
https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki | pentest-bookmarks/BookmarksList.wiki at master · jhaddix/pentest-bookmarks
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#xss---cross-site-scripting | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://github.com/cure53/H5SC | cure53/H5SC: HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
https://github.com/WebBreacher/offensiveinterview | WebBreacher/offensiveinterview: Interview questions to screen offensive (red team/pentest) candidates
https://github.com/ngalongc/bug-bounty-reference#cross-site-scripting-xss | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/Matir/pwnableweb | Matir/pwnableweb: PwnableWeb is a suite of web applications for use in information security training.
https://github.com/nVisium/xssValidator | nVisium/xssValidator: This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools | toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/nahamsec/lazys3 | nahamsec/lazys3
https://github.com/mohdhaji87/COEIA_WebHacking_Attacks-Defense/blob/master/COEIA_biweekly_presentation.pptx | COEIA_WebHacking_Attacks-Defense/COEIA_biweekly_presentation.pptx at master · mohdhaji87/COEIA_WebHacking_Attacks-Defense
https://github.com/mohdhaji87 | mohdhaji87 (Mohd Haji)
https://github.com/securing/BucketScanner | securing/BucketScanner: A tool for testing objects' permissions in AWS buckets
https://github.com/securing/DumpsterDiver | securing/DumpsterDiver: Tool to search secrets in various filetypes.
https://github.com/appsecco/the-art-of-subdomain-enumeration | appsecco/the-art-of-subdomain-enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration"
https://github.com/sensepost/gowitness | sensepost/gowitness: 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
https://github.com/yamakira?fbclid=IwAR37t9RL2CsLT94ypRdNPEp-3h8h3XhUvRyoE2veMNLwx7kb1wlQCcfjp5E | yamakira (Bharath)
https://github.com/HanseSecure/ExploitDev | HanseSecure/ExploitDev
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
https://github.com/Tristan-aemjk4h/Awesome-Hacking-Resources | Tristan-aemjk4h/Awesome-Hacking-Resources
https://github.com/enaqx/awesome-pentest#web-exploitation | enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things
https://github.com/rojan-rijal/pyrate | rojan-rijal/Pyrate: Practice Web App written in python with some vulnerabilities.
https://github.com/rojan-rijal/Subdomains/blob/master/README.md | Subdomains/README.md at master · rojan-rijal/Subdomains
https://github.com/rojan-rijal/LeakFinder | rojan-rijal/LeakFinder: https://sites.google.com/securifyinc.com/rojanrijal/leaked-sensitive-data

https://www.youtube.com/watch?v=3oJabjNIpQw | (285) FORTNITE BR - OUR FIRST PLAYGROUND MINI GAME!!!! (Death Run) - YouTube
https://www.facebook.com/ | (1) Facebook
https://www.facebook.com/pg/phwd-113702895386410/posts/?ref=page_internal | (1) @phwd - Posts
https://www.facebook.com/groups/bugbountygroup/ | (1) Facebook Bug Bounty Community
https://twitter.com/0ctac0der/likes | Tweets liked by Abhinav | 0ctac0der (@0ctac0der) | Twitter
https://www.imdb.com/title/tt0411008/ | Lost (TV Series 2004–2010) - IMDb
https://twitter.com/hvboppana/lists/security-three | @hvboppana/Security - Three on Twitter
https://www.netflix.com/search?q=Lost | Netflix

https://docs.google.com/document/d/1euMMHy0eO_UFPhv0Th_r9CrGyWqx9Az-pn3UyhO8yog/edit | More Links - Google Docs
https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how.html | Vulnerability in Hangouts Chat: from open redirect to code execution | MB blog
https://blog.doyensec.com/2017/08/03/electron-framework-security.html | Modern Alchemy: Turning XSS into RCE · Doyensec's Blog
https://www.contrastsecurity.com/security-influencers/cve-2018-15685 | CVE-2018-15685 - Electron WebPreferences Remote Code Execution Finding
https://twitter.com/disclosedh1/status/985280378888966144 | publiclyDisclosed on Twitter: "Automattic disclosed a bug submitted by @mattaustin: https://t.co/RXp9xAgwNH - Bounty: $250 #hackerone #bugbounty… "
https://hackerone.com/reports/301458 | #301458 Remote Code Execution in Wordpress Desktop
https://henhouse.cure53.berlin/ | Cure53 Chinese New Year XSS Challenge 2018
https://speakerdeck.com/lmt_swallow/tangled-world-of-web-technology-are-we-safe?slide=7 | Tangled World of Web Technology ― Are we safe? - Speaker Deck
https://xss.shift-js.info/ | XSS Challenge (by y0n3uchy)

https://www.fireeye.com/services/training/courses.html | Incident Response and Malware Analysis Training | FireEye
https://web.whatsapp.com/ | (10) WhatsApp
file:///home/mr-robot/Downloads/Aman%20syllabus.pdf | Aman syllabus.pdf
http://www.allitebooks.com/?s=Software+Engineering | Software Engineering ebooks - All IT eBooks
file:///home/mr-robot/Downloads/Introduction%20to%20the%20Design%20and%20Analysis%20of%20Algorithms%20-%20FTP%20Directory%20.pdf | Introduction to the Design and Analysis of Algorithms (2-downloads)

https://twitter.com/i/likes | Tweets liked by Shivam Goyal (@g33kyshivam) | Twitter
https://0xpatrik.com/subdomain-takeover-basics/ | Subdomain Takeover: Basics
https://0xpatrik.com/subdomain-takeover/ | Subdomain Takeover: Thoughts on Risks
https://github.com/ngalongc/bug-bounty-reference#cross-site-scripting-xss | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://docs.google.com/document/d/1SrSnxRwGTMFP19gz41a8b0ns820Z9pAwEl3hkxJ4UVg/edit | Recon/Subdomain - Google Docs
https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html | Subdomains Enumeration Cheat Sheet · Pentester Land
https://pentester.land/conference-notes/2018/04/25/levelup-2017-Esoteric-subdomain-enumeration-techniques.html | Conference notes: Esoteric subdomain enumeration techniques (LevelUp 2017) · Pentester Land
https://www.youtube.com/watch?v=e_Gq99CKAys&t=95s | (257) Esoteric sub-domain enumeration techniques - Bharath, from Bugcrowd's LevelUp 2017 - YouTube
http://blog.x1622.com/2016/11/subdomain-discovery-with-nmap-and.html | hacking and penetration testing: subdomain discovery with nmap and custom subdomain files

chrome://downloads/ | Downloads
https://0xevilc0de.com/about-these-videos/ | About These Videos - 0xEvilC0de.com
http://christian.kitchen/tutorials/programming/page/2/ | Programming » Download Free Movies Games MP3 Albums and Softwares!
https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05 | Gathering Open Source Intelligence – Posts By SpecterOps Team Members
https://gist.github.com/arbazkiraak/574cf1ae0a378115907f82ed07f1a374 | wordlist generated Based on : https://medium.com/@adrien_jeanneau/how-i-was-able-to-list-some-internal-information-from-paypal-bugbounty-ca8d217a397c
https://learningdl.net/tag/sans/page/2/ | Sans Archives - Page 2 of 10 - LEARNING FOR LIFE
https://github.com/aurainfosec/xss_payloads/blob/master/fetch.md | xss_payloads/fetch.md at master · aurainfosec/xss_payloads
https://www.youtube.com/watch?v=l3yThCIF7e4&t=0s&index=19&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | Self XSS we’re not so different you and I - Mathias Karlsson - Security Fest 2017 - YouTube
https://twitter.com/avlidienbrunn | ­Mathias Karlsson (@avlidienbrunn) | Twitter
https://www.youtube.com/channel/UC3pn_ccQdc22_L63d6MN1QA/videos | (249) OWASP Stockholm - YouTube

https://www.youtube.com/watch?v=XfB0g_JDIds | (246) Silicon Valley Season 2 - Jared Dunn explains what is SWOT Analysis to the team - YouTube
https://www.youtube.com/watch?v=bpXHZh9RfYk | (246) Reacting to Shameless by Prajakta Koli | Types of Reactions | MostlySane - YouTube
https://medium.com/@ehsahil/getting-started-in-bug-bounty-7052da28445a | Getting started in Bug Bounty – Sahil Ahamad – Medium
https://medium.com/ehsahil/recon-my-way-82b7e5f62e21 | Recon— my way. – ehsahil – Medium
https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ | Restricting AppCache to Secure Contexts | Mozilla Security Blog
https://twitter.com/kinugawamasato | Masato Kinugawa (@kinugawamasato) | Twitter
https://hackerone.com/reports/187542 | #187542 Brave Browser unexpectedly allows to send arbitrary IPC messages
https://vulnerabledoma.in/cny2018/omake.php | CNY OMAKE XSS Challenge
https://avlidienbrunn.se/xsschallenge3/index.php | https://avlidienbrunn.se/xsschallenge3/index.php
https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/ | SQLi in INSERT worse than SELECT
https://github.com/cure53/XSSChallengeWiki/wiki/XSSMas-Challenge-2016 | XSSMas Challenge 2016 · cure53/XSSChallengeWiki Wiki
https://labs.detectify.com/2017/01/12/csp-flaws-cookie-fixation/ | CSP flaws: cookie fixation
https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/ | postMessage XSS on a million sites
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/ | The pitfalls of postMessage
https://twitter.com/0xACB/status/999397917331992577 | André Baptista on Twitter: "Here it is: https://t.co/0oGo16N7UZ 🔥🔥🔥🔥🔥🔥 Thanks to @0xfad0 for the help! And thanks for the bounty, @Shopify and @Hacker0x01!!"
https://hackerone.com/reports/341876 | #341876 SSRF in Exchange leads to ROOT access in all instances
https://twitter.com/ITSecurityguard | Patrik Fehrenbach🤖 (@ITSecurityguard) | Twitter
https://twitter.com/Rhynorater/status/1034430585081671680 | Justin Gardner on Twitter: "Actually, just do yourself a favor, bug hunters, and go download/install every tool in @TomNomNom's Github. This shiz is super useful..."
https://twitter.com/Nettitude_Labs/status/1032593408437760000 | Nettitude Labs on Twitter: "Introducing Scrounger: An open source, modular and extensible iOS & Android mobile application penetration testing framework, by Ruben De Campos 📱 https://t.co/aC7mRXMhJY"
https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/ | Remote Code Execution on a Facebook server – Sec Team Blog
https://twitter.com/ITSecurityguard/status/1021310140400717825 | Patrik Fehrenbach🤖 on Twitter: "GraphQL really represents the Crown Jewels of every company. If you want to find $$$ bounties, have a look at the @Hacker0x01 GraphQL :-) You can get the entire schema using Introspection (https://t.co/fym2D1RPNT) (thanks @mongobug <3) https://t.co/4IRe4IIFdL 80 MB PNG file… https://t.co/fXVIfILqdl"
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ | Into the Borg – SSRF inside Google production network | OpnSec
https://twitter.com/stokfredrik/status/1012638867231526912 | STÖK on Twitter: "#hackeroftheday is @Jhaddix, with thousands of hours invested and over a decade in webhacking Jason’s knowledge regarding both past and new technology is vast, and with a methodology and multiple wordlists with his name on it, he’s a true pilar of the BB community! 👊🏻❤️… https://t.co/lo43nwfNf0"
https://github.com/smiegles/certs | smiegles/certs: Parse X509 certificates to get the (sub)domains in it.
http://website.tld.zip/tar/rar/whateverarchive
https://twitter.com/ITSecurityguard/status/1011003962047295490 | Patrik Fehrenbach🤖 on Twitter: "Sunday’s recon: search for https://t.co/22kQSI9UZJ to find those juicy website backups :)… "
https://blog.it-securityguard.com/visual-recon-a-beginners-guide/ | [Tools] Visual Recon – A beginners guide | Patrik Fehrenbach
https://blog.it-securityguard.com/ | Patrik Fehrenbach | ¯\_(ツ)_/¯
https://blog.it-securityguard.com/a-tale-of-7-vulnerabilities-paypal-bug-bounty/ | [Bug Bounty] A Tale of 7 Vulnerabilities | Patrik Fehrenbach
https://github.com/tomnomnom | tomnomnom (Tom Hudson)
https://twitter.com/TomNomNom | TomNomNom (@TomNomNom) | Twitter
https://twitter.com/EdOverflow | Twitter
https://twitter.com/x1m_martijn | x1m (@x1m_martijn) | Twitter
https://twitter.com/NathOnSecurity | (2) Nathan (@NathOnSecurity) | Twitter
https://twitter.com/Th3G3nt3lman | Twitter
https://twitter.com/uraniumhacker | Twitter
https://twitter.com/santi_lopezz99 | Santiago Lopez (@santi_lopezz99) | Twitter
https://twitter.com/iamnoooob | Rahul Maini (@iamnoooob) | Twitter
https://twitter.com/bbuerhaus | Twitter
https://twitter.com/rootxharsh | Harsh Jaiswal (@rootxharsh) | Twitter
https://twitter.com/Paresh_parmar1 | Paresh (@Paresh_parmar1) | Twitter
https://twitter.com/Abdulahhusam | Twitter
https://twitter.com/ngalongc | Ron Chan (@ngalongc) | Twitter
https://twitter.com/Parth_Malhotra | Parth Malhotra (@Parth_Malhotra) | Twitter
https://twitter.com/prateek_0490 | Twitter
https://twitter.com/jigarthakkar39 | Jigar Thakkar (@jigarthakkar39) | Twitter
https://twitter.com/niksthehacker | nikhil (@niksthehacker) | Twitter
https://twitter.com/ehrishiraj | Twitter
https://twitter.com/princechaddha | Twitter
https://twitter.com/nnwakelam | naffy (@nnwakelam) | Twitter
https://twitter.com/infosec_au | shubs (@infosec_au) | Twitter
https://twitter.com/bhavukjain1 | Bhavuk Jain (@bhavukjain1) | Twitter
https://twitter.com/garagosy | Twitter
https://twitter.com/akhilreni_hs | Akhil Reni (@akhilreni_hs) | Twitter
https://twitter.com/ArbazKiraak | Arbaz Hussain (@ArbazKiraak) | Twitter

https://www.youtube.com/ | (245) YouTube
https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/ | SQL Injection Authentication Bypass Cheat Sheet | Penetration Testing Lab
https://www.youtube.com/watch?v=2ngGLMgjRVU&index=16&list=PLZOToVAK85Mr4CzRimmw4KD84yUjkEAEw | (245) ISSA Web Pen-testing Workshop - Part 2 - SQL Injection - YouTube
https://mahmoudsec.blogspot.com/2018/07/sql-injection-and-silly-waf.html | Mahmoud Gamal - Security Blogs: SQL Injection and A silly WAF
https://mahmoudsec.blogspot.com/2017/02/sql-injection-in-update-query-bug.html | Mahmoud Gamal - Security Blogs: SQL injection in an UPDATE query - a bug bounty story!
https://mahmoudsec.blogspot.com/2017/10/lets-steal-some-tokens.html | Mahmoud Gamal - Security Blogs: Let’s steal some tokens!
https://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html | Mahmoud Gamal - Security Blogs: XSS vulnerability in Google image search

https://appsecwiki.com/#/serversidesecurity?id=sql-injection | Server Side Security - Application Security Wiki
https://samsclass.info/129S/129S_S18.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
http://www.securityidiots.com/Web-Pentest/LFI/guide-to-lfi.html | Hand Guide To Local File Inclusion(LFI)
http://ccsf.granicus.com/MediaPlayer.php?view_id=5&clip_id=1085 | CNIT 129S - Securing Web Applications - Mar 14th, 2018
https://www.youtube.com/watch?v=HjnkoE3aiqk&t=3s | Your Morning Fix: Will Marathas be given reservation in jobs, education? - YouTube
https://www.facebook.com/phwdbot/videos/2104182979632696 | Facebook
https://hackerone.com/reports/232174 | #232174 XSS on $shop$.myshopify.com/admin/ and partners.shopify.com via whitelist bypass in SVG icon for sales channel applications
https://ngailong.wordpress.com/ | Ron Chan – My Bug Bounty Write Ups
https://www.arneswinnen.net/2016/02/the-tales-of-a-bug-bounty-hunter-10-interesting-vulnerabilities-in-instagram/ | The Tales of a Bug Bounty Hunter: 10 Interesting Vulnerabilities in Instagram – Arne Swinnen's Security Blog
https://www.arneswinnen.net/wp-content/uploads/2016/02/10-Interesting-Vulnerabilities-in-Instagram-Arne-Swinnen.pdf | Even Giants Make Mistakes: 10 Interesting vulnerabilities in Instagram
http://schd.ws/hosted_files/appseceurope2016/f7/OWASP%20AppSec%20EU%202016%20-%20The%20Tales%20of%20a%20Bug%20Bounty%20Hunter%20-%20Arne%20Swinnen.pdf | OWASP AppSec Europe 2016 template
https://www.hackerone.com/blog/how-to-command-injections | Command Injection Vulnerabilities | HackerOne
https://github.com/ewilded/shelling | ewilded/shelling: SHELLING - a comprehensive OS command injection payload generator
https://hackerone.com/arneswinnen?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Aarneswinnen&page=1 | arneswinnen's HackerOne Profile
https://www.arneswinnen.net/ | Arne Swinnen's Security Blog – Just Another Infosec Blog
https://hackerone.com/moskowsky?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20from%3Amoskowsky&page=1 | HackerOne
https://twitter.com/@mskwsky | Artem (@mskwsky) | Twitter
https://habr.com/users/moskowsky/ | Профиль moskowsky / Хабрахабр
https://medium.freecodecamp.org/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1 | How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties

https://appsecwiki.com/#/serversidesecurity?id=oauth-security | Server Side Security - Application Security Wiki
https://sakurity.com/oauth | Sakurity
https://www.owasp.org/images/6/61/20151215-Top_X_OAuth_2_Hacks-asanso.pdf | 20151215-Top_X_OAuth_2_Hacks-asanso.pdf
http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html | Top 10 OAuth 2 Implementation Vulnerabilities
https://www.youtube.com/watch?v=l3yThCIF7e4&t=0s&index=19&list=PLl-GuflHOikWnr0kOThK0xOyFXhBZbdLv | (231) Self XSS we’re not so different you and I - Mathias Karlsson - Security Fest 2017 - YouTube
https://www.youtube.com/watch?v=X0mV9HXbKHY&index=4&list=PLE8DZa6PJapwu3PPr9kj2iWC-tDVBY_Sd | (231) LevelUp 0x02 - Hacking OAuth 2.0 For Fun And Profit - YouTube
https://drive.google.com/file/d/1Qw3hhValdRAWNGJtLbbFYfKtaevkw4fQ/view | Hacking_OAuth2_0_for_fun_and_profit-Pranav_Hivarekar.pdf - Google Drive

https://security.stackexchange.com/questions/11868/difference-between-directory-traversal-and-file-inclusion | web application - Difference between directory traversal and file inclusion - Information Security Stack Exchange
https://preetshah90.blogspot.com/2017/03/upcoming-directorypath-traversal-vs-lfi.html | DIRECTORY/PATH TRAVERSAL vs LFI vs RFI | Preet Shah
https://www.youtube.com/channel/UCVLbzhxVTiTLiVKeGV7WEBg/playlists | (212) Tutorials Point (India) Pvt. Ltd. - YouTube
https://www.youtube.com/watch?v=TE2qYd-4CyI&list=PLWPirh4EWFpErPIVe3nIAet9TDxx1pBcd | (212) Java Essentials - Introduction to java essentials - YouTube
https://www.youtube.com/playlist?list=PLWPirh4EWFpH9r6Ka2-XskwTCQDc_yCr7 | Analysis of Investment - YouTube
https://www.youtube.com/watch?v=3mtr0ouSwRo&list=PLWPirh4EWFpFO9DnEwsLF4hjPio7aD9Qc | Android - Introduction - YouTube
https://www.youtube.com/watch?v=fHAfc7Hjq28&list=PLWPirh4EWFpGrpcMfZ6UcdI786QdtSxV8 | DBMS - Introduction - YouTube
https://www.youtube.com/watch?v=RE8pliq6y5U&list=PLWPirh4EWFpH79B3fG8eK4S53TUDaxYNE | Programming Language - YouTube
https://www.youtube.com/watch?v=ivomZN-WdTU&list=PLWPirh4EWFpEcnU9tOme3rTM9L0rXukuj&index=3 | Bootstrap - Getting Started - YouTube
https://www.youtube.com/watch?v=JcwjUNzlGg8&list=PLWPirh4EWFpFKYRhzNA_vHMNDNrhINruK | CSS - Introduction - YouTube
https://www.youtube.com/watch?v=zHknRia3I6s&list=PLWPirh4EWFpESLreb04c4eZoCvJQJrC6H | Android Penetration Testing Overview - YouTube
https://www.youtube.com/watch?v=DiP2MU_Ik_Q&list=PLWPirh4EWFpESKWJmrgQwmsnTrL_K93Wi&index=36 | Penetration Testing - Path Traversal Attack - YouTube

https://learningdl.net/?s=O%E2%80%99Reilly | Search for "O’Reilly" - LEARNING FOR LIFE
https://medium.com/codingthesmartway-com-blog/top-3-node-js-online-courses-fea1d145953f | Top 3 Node.js Online Courses – CodingTheSmartWay.com Blog – Medium
https://hackr.io/tutorial/nodejs-the-complete-guide-incl-mvc-rest-apis-graphql | Reviews of 'NodeJS - The Complete Guide (incl. MVC, REST APIs, GraphQL)' for learning Node.js | Hackr.io
https://drive.google.com/drive/folders/1vuLDYz5AEHEJ-bAe5tapcYC9ENR7P4c0 | [FreeCourseSite.com] Linux Academy Courses - Google Drive
https://drive.google.com/drive/folders/1Th4FiYe8Vm9xnkX6I8--qLo6wKduj_Fz | [FreeCourseSite.com] Udacity Course Archive - Google Drive
https://drive.google.com/drive/folders/1FEy_A5V93ZRO9Y9RAMDd0lvA6UA7D9qa | [FreeCourseSite.com] TreeHouse SiteRip - Google Drive
https://drive.google.com/drive/folders/15SydbHEndXhtCxUssj_hlPNa03Jb2U6A | [FreeCourseSite.com] Code4StartUP Course Collection - Google Drive
https://drive.google.com/drive/folders/1b6Saoaew9d4C5bTCJoHxEffqfEoGDk7N | the-complete-web-development-bootcamp - Google Drive
https://drive.google.com/file/d/1UGY7TZ0BhCFP_WCIxmZkdq8NRPUy4h9j/view | [FreeCourseSite.com] Design Patterns (Clean Coders).rar - Google Drive
https://www.udemy.com/user/maximilian-schwarzmuller/?key=taught_courses&taught_courses=2 | Maximilian Schwarzmüller | Professional Web Developer and Instructor | Udemy

https://learnflakes.net/?p=torrents&pid=10 | Torrent List | LearnFlakes.Net -Learning Community
https://learnflakes.net/?p=torrents&pid=10&action=details&tid=20425 | SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Includes Everything (2016) | LearnFlakes.Net -Learning Community
https://learnflakes.net/?p=torrents&pid=10&action=details&tid=16363 | SANS 504 USB 2016.7z | LearnFlakes.Net -Learning Community

https://web.archive.org/web/20170724015441/http://teamultimate.in:80/getting-started-with-metasploit/ | Getting Started With Metasploit - Ultimate Hackers
https://www.hackersclub.io/single-post/2016/03/08/Metasploit-Tutorial-From-Basic-To-Advance | Metasploit Tutorial From Basic To Advance | hackerclub
http://www.hackingarticles.in/penetration-testing/ | Penetration Testing, Metasploit Tutorial, Metasploit Hacking,Pentest Tutorials
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki
https://www.fwhibbit.es/guia-metasploitable-2-parte-2 | Guia Metasploitable 2: Parte 2 – Follow The White Rabbit

https://web.archive.org/web/20180214155256/http://www.iran-sec.net | Iran Security Group Iran Security Group
https://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/ | [BBP系列二] Uber XSS via Cookie | zhchbin
https://www.facebook.com/notes/mrityunjoy-emu/yahoo-mail-box-stored-xss-write-upbounty-rewarded-10000-usd/677948372401448/ | (1) YAHOO MAIL BOX STORED XSS (write up)Bounty Rewarded $10,000 USD
https://medium.com/@SyntaxError4/reflective-xss-and-open-redirect-on-indeed-com-subdomain-b4ab40e40c83 | Reflective XSS and Open Redirect on Indeed.com subdomain
https://docs.google.com/presentation/d/1v3Me8IWDuvSb1k96UB5RNyXE-hLHk0i6cf5MDJMaxuY/pub?slide=id.p | XSS FTW - Google Slides
https://prakharprasad.com/crlf-injection-http-response-splitting-explained/ | CRLF Injection / HTTP Response Splitting Explained
https://portswigger.net/blog/abusing-javascript-frameworks-to-bypass-xss-mitigations | Abusing JavaScript frameworks to bypass XSS mitigations | Blog
https://hackerone.com/reports/265528 | #265528 Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)
https://hackerone.com/reports/263226 | #263226 HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute
https://github.com/karelorigin/XSS-Problems/ | karelorigin/XSS-Problems
https://www.noob.ninja/2017/09/story-of-parameter-specific-xss.html | Story of a Parameter Specific XSS!
https://beta.hackndo.com/la-faille-xss/ | The XSS attack - hackndo
https://snyk.io/blog/xss-attacks-the-next-wave | XSS Attacks: The Next Wave | Snyk
https://medium.com/bugbountywriteup/how-i-bypassed-practos-firewall-and-triggered-a-xss-b30164a8f1dc | How i bypassed Practo’s firewall and triggered a XSS.
https://web.archive.org/web/20180221190804/https://teamultimate.in/bypass-waf-xss-easily/ | Bypass any WAF for XSS easily – Ultimate Hackers
https://web.archive.org/web/20170826064802/http://teamultimate.in/solution-of-googles-xss-challenge/ | Solution of Google's XSS Challenge [Explained] - Ultimate Hackers
https://web.archive.org/web/20170724015545/http://teamultimate.in:80/csrf-explained-tutorial-2/ | Cross Site Request Forgery (CSRF) Explained - 2 - Ultimate Hackers
https://web.archive.org/web/20170721111747/http://teamultimate.in:80/csrf-explained-tutorial-beginners/ | Cross Site Request Forgery (CSRF) Explained For Beginners
https://web.archive.org/web/20170720190655/http://teamultimate.in:80/xssight-xss-scanner-payload-injector-d3v/ | XSSight : XSS Scanner And Payload Injector By Team Ultimate
https://web.archive.org/web/20170716104543/http://teamultimate.in:80/nmap-port-scanning-techniques-explained/ | Nmap Port Scanning Techniques Explained - Ultimate Hackers
https://web.archive.org/web/20170723063604/http://teamultimate.in:80/botnet | What is Botnet? How does it works? - Ultimate Hackers
https://web.archive.org/web/20170720083516/http://teamultimate.in:80/reflected-xss-on-json-ajax-xml-based-web-apps/ | Reflected XSS on JSON, AJAX, XML based web apps - Ultimate Hackers
https://web.archive.org/web/20170718180926/http://teamultimate.in:80/how-hackers-hack-their-target/ | How Hackers Actually Hack Their Target? - Ultimate Hackers
https://web.archive.org/web/20170722132829/http://teamultimate.in:80/how-tor-works-complete-guide/ | What is Tor and how it works? The Anonymity Network Explained - Ultimate Hackers
https://web.archive.org/web/20170728042623/http://teamultimate.in:80/category/hacking-tutorials/sql-injection | SQL Injection Category - Ultimate Hackers
https://web.archive.org/web/20170805063136/http://teamultimate.in:80/breaching-databases-sqlmap | Breaching Databases In Minutes With SQLMap - Ultimate Hackers
https://web.archive.org/web/20170723011948/http://teamultimate.in:80/error-based-sql-injection/ | Breaching Databases With Error Based SQL Injection - Ultimate Hackers
https://web.archive.org/web/20170724200429/http://teamultimate.in:80/sql-injection-explained/ | SQL Injection Explained From Scratch - Ultimate Hackers
https://web.archive.org/web/20170724015441/http://teamultimate.in:80/getting-started-with-metasploit/ | Getting Started With Metasploit - Ultimate Hackers
https://web.archive.org/web/20170810032801/http://teamultimate.in:80/category/hacking-tutorials/xss | XSS Category - Ultimate Hackers
https://web.archive.org/web/20170802110344/http://teamultimate.in:80/finding-admin-panel-website | How to find Admin Panel of a website? - Ultimate Hackers
https://web.archive.org/web/20170728104340/http://teamultimate.in:80/category/hacking-tutorials/information-gathering/ | Information Gathering Category - Ultimate Hackers
https://web.archive.org/web/20170723061454/http://teamultimate.in:80/category/hacking-tutorials/ | Hacking Tutorials Category - Ultimate Hackers
https://web.archive.org/web/20170728045932/http://teamultimate.in:80/login-bypass-with-sql-injection | Login Bypass With SQL Injection - Ultimate Hackers
https://web.archive.org/web/20170822125456/http://teamultimate.in:80/category/hacking-tutorials/xss/ | XSS Category - Ultimate Hackers
https://medium.com/bugbountywriteup/900-xss-in-yahoo-recon-wins-65ee6d4bfcbd | 900$ XSS in yahoo ( Recon Wins ) – InfoSec Write-ups – Medium
https://medium.com/@th3g3nt3l | Th3G3nt3lman – Medium
https://blog.blackfan.ru/2017/09/devtwittercom-xss.html | '>">123\: [dev.twitter.com] XSS
https://blog.blackfan.ru/ | '>">123\

https://blogs.sap.com/2015/12/18/xss-cross-site-scripting-methodology-and-solutions/ | XSS (Cross-Site Scripting) – Methodology and Solutions | SAP Blogs
https://blogs.sap.com/2015/12/17/xss-cross-site-scripting-overview-with-contexts/ | XSS (Cross-Site Scripting) – Overview and Contexts | SAP Blogs
https://respectxss.blogspot.com/ | Respect XSS
https://www.youtube.com/watch?v=LCkyW7RE6Wk&index=12&list=PLzptvsiJ9waSQ8l2rQ_nmD_L68WAo6KQu | (127) Logan | Way Down We Go | Music Video - YouTube
https://www.youtube.com/watch?v=bHTxJIC_jGI | (127) Maximizing Burp - YouTube
https://securityweekly.com/2016/01/13/security-weekly-446-adrien-debeaupre/ | Security Weekly #446: Adrien DeBeaupre - Security Weekly
https://www.youtube.com/watch?v=rWGvesGWwqY | (127) Diwali with Bhakt | Pee News Interview by Dhruv Rathee ft. Akash Banerjee on crackers - YouTube

https://coursehunters.net/source/egghead | Видеокурсы от egghead.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/codecourse | Видеокурсы от Codecourse - Смотреть онлайн - страница 1
https://coursehunters.net/source/scotch-io | Видеокурсы от scotch.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/frontendmasters | Видеокурсы от Frontend Masters - Смотреть онлайн - страница 1
https://coursehunters.net/frontend | Видеоуроки Front-end - страница 1
https://www.facebook.com/ | Facebook

https://www.youtube.com/watch?v=vKudm1kDu8k | (120) SANS Webcast: Web Hacking with Burp Suite - YouTube
chrome://downloads/ | Downloads
https://support.portswigger.net/customer/portal/articles/1969845-using-burp-to-test-for-the-owasp-top-ten | Using Burp to Test for the OWASP Top Ten | Burp Suite Support Center
https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles | Burp Testing Methodologies | Burp Suite Support Center
https://learnflakes.net/?p=messages&pid=20&message_id=294817 | Messages | LearnFlakes.Net -Learning Community
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214 | A Fuzzing Approach to Credentials Discovery using Burp Intruder
https://www.youtube.com/results?search_query=cobalt | (120) cobalt - YouTube
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html | Open Redirect Cheat Sheet · Pentester Land
https://medium.com/@kankrale.rahul/dos-on-facebook-android-app-using-65530-characters-of-zero-width-no-break-space-db41ca8ded89 | DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE.
https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html | Source code disclosure via exposed .git folder · Pentester Land
https://www.peerlyst.com/posts/information-gathering-first-step-of-hacking-sachin-wagh?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | Information Gathering – First Step of Hacking by Sachin Wagh - ethical hacking, operations, stealth
https://medium.com/mrlulzsec/cross-origin-authentication-detection-ccc2186e5338 | Cross-origin Authentication Detection – MrLulzsec – Medium
https://medium.com/@alicanact60/my-first-0day-exploit-csp-bypass-reflected-xss-bugbounty-c7efa4bed3d7 | My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY
https://medium.com/@egeken/facebook-hidden-redirection-vulnerability-aeaaac0b9d73 | Facebook hidden redirection vulnerability – Ege Ken – Medium
https://mango.pdf.zone/stealing-chrome-cookies-without-a-password | Stealing Chrome cookies without a password
https://medium.com/@mrnikhilsri/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a | SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software
https://medium.com/@raushanraj_65039/google-sites-and-exploiting-same-origin-policy-d400bf569964 | Google sites and exploiting same origin policy. – Raushan Raj – Medium
https://medium.com/@brs.sgdc/google-stored-xss-in-payments-350cd7ba0d1b | Google Stored XSS in Payments – Barış Sağdıç – Medium
https://medium.com/@plenumlab/idor-in-jwt-and-the-shortest-token-you-will-ever-see-uid-1234567890-4e02377ea03a | IDOR IN JWT AND THE SHORTEST TOKEN YOU WILL EVER SEE {}.{“uid”: “1234567890”}
https://www.youtube.com/feed/subscriptions | (120) Subscriptions - YouTube
https://www.youtube.com/watch?v=3cLik5XS-Xo | Most ES6 Features Demonstrated In Less than 20 Minutes - YouTube
https://twitter.com/0ctac0der | Abhinav | 0ctac0der (@0ctac0der) | Twitter
https://github.com/SEC642/dojo-basic | SEC642/dojo-basic

https://pentesterlab.com/ | [PentesterLab] Learn Web Penetration Testing: The Right Way
https://www.hacksplaining.com/ | Learn to Hack
https://resources.infosecinstitute.com/dns-hacking/ | DNS Hacking (Beginner to Advanced)
https://github.com/Matir/pwnableweb | Matir/pwnableweb: PwnableWeb is a suite of web applications for use in information security training.
https://bitvijays.github.io/LFC-VulnerableMachines.html#port-scanning | CTF Series : Vulnerable Machines — tech.bitvijays.com
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/ | Pentest Tips and Tricks – EK
https://www.youtube.com/watch?v=foToVAIBCTQ | How i Hacked Yahoo, Twitter & Google! - YouTube
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/ | COMP 116: Introduction to Computer Security
https://github.com/rojan-rijal/pyrate | rojan-rijal/Pyrate: Practice Web App written in python with some vulnerabilities.
http://www.hackingarticles.in/web-penetration-testing/ | Web Penetration Testing - Hacking Articles
https://www.pentesteracademy.com/ | Pentester Academy: Learn Pentesting Online
https://www.youtube.com/watch?v=OcrmPMSjdSw&index=32&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | 32- SOP, CORS, CSP and Exploiting Misconfigured CORS - YouTube

https://www.youtube.com/watch?v=-y-OcymRcZs&t=1538s | (105) Bug Bounty Session - IDOR - YouTube
https://docs.google.com/presentation/d/e/2PACX-1vT6giXqLAWdBTP0_8WlQdq7QkC0_FduNWGWcwn8Krbhmcw898S7Y3JthE8_5ds9aIoTP9-rR1l3N-xL/pub?start=true&loop=true&delayms=15000&slide=id.g44f05bce04_0_0 | IDOR Session - Google Slides
https://appsecwiki.com/#/serversidesecurity?id=insecure-direct-object-referenceidor | Server Side Security - Application Security Wiki
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004) | Testing for Insecure Direct Object References (OTG-AUTHZ-004) - OWASP
https://www.bugcrowd.com/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/ | How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards | Bugcrowd
https://medium.com/@arbazhussain/idor-while-connecting-social-account-in-hackster-io-2296b316b7a7 | IDOR While Connecting Social Account in Hackster.io
https://blog.securitybreached.org/2018/09/16/idor-account-takeover-using-facebook/ | IDOR User Account Takeover By Connecting My Facebook Account with victims Account - Security Breached Blog
https://pentest.blog/how-to-test-horizontal-vertical-authorization-issues-in-web-application/ | How to Test Horizontal & Vertical Authorization Issues in Web Application ? – Pentest Blog
https://twitter.com/jon_bottarini/status/1049785550855520257 | Jon Bottarini on Twitter: "My latest #bugbounty writeup: A $2,500 IDOR in New Relic that allowed me to run NRQL queries and retrieve data from any New Relic account. You can read it here: https://t.co/GD6xqODEX0 Let me know what you think! #TogetherWeHitHarder #HackerOne… https://t.co/tj9QpqZp8A"
https://www.jonbottarini.com/2018/01/02/abusing-internal-api-to-achieve-idor-in-new-relic/ | Abusing internal API to achieve IDOR in New Relic | Security and Bug Hunting
https://twitter.com/jon_bottarini/status/952101275252019200 | Jon Bottarini on Twitter: "Here's my latest blog about a nice IDOR I found in @newrelic - through abusing one of their internal API's, I hope you find it interesting! https://t.co/NVXY7h4Aul #BugBounty #hackerone #writeup… https://t.co/Y2sTqqmMUy"
https://medium.com/@armaanpathan/idor-was-leading-to-privilege-escalation-and-violating-the-facebook-policy-355c67c654e6 | IDOR was leading to Privilege Escalation and violating the Facebook policy
https://www.bugbountynotes.com/training/tutorial?id=2 | BugBountyNotes.com | Collaborate and work with other security researchers on bug bounties
https://zseano.com/tutorials/2.html | zseano | UK Security Researcher
https://twitter.com/prateek_0490/status/987045280565678083 | Prateek Tiwari on Twitter: "#BugBounty Tip: If you’ve found an IDOR where you’re able to change data of others then don’t jump out of your seat to report it > modify it to XSS payload & if inputs are not sanitized & variables are echo’d without getting escaped then IDOR>XSS>ATO #TogetherWeHitHarder #InfoSec"
https://support.portswigger.net/customer/portal/articles/1965691-using-burp-to-test-for-insecure-direct-object-references | Using Burp to Test for Insecure Direct Object References | Burp Suite Support Center

https://twitter.com/albinowax | James Kettle (@albinowax) | Twitter
http://www.securitygalore.com/site3/advanced_web_application_attacks | Advanced web application attacks | Amit Klein's security corner
https://github.com/m4ll0k/Awesome-Hacking-Tools | m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
https://github.com/qazbnm456/awesome-web-security | qazbnm456/awesome-web-security: 🐶 A curated list of Web Security materials and resources.
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
https://github.com/Tristan-aemjk4h/Awesome-Hacking-Resources | Tristan-aemjk4h/Awesome-Hacking-Resources
https://github.com/enaqx/awesome-pentest#web-exploitation | enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things

https://twitter.com/s0md3v | Somdev Sangwan (@s0md3v) | Twitter
https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email | The most complete guide to finding anyone’s email
https://somdev.me/sop-and-cors/ | CORS, SOP & crossdomain.xml For Dummies – Somdev Sangwan
https://somdev.me/ | Learn | Think | Hack – Somdev Sangwan
https://somdev.me/sql-basics-for-sqli/ | Learn SQL for SQL Injection in 10 minutes – Somdev Sangwan
https://lab.wallarm.com/cache-poisoning-and-other-dirty-tricks-120468f1053f | Cache poisoning and other dirty tricks – Wallarm
https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec | 5 Easy Steps to Understanding JSON Web Tokens (JWT)
https://medium.com/bugbountywriteup/the-design-and-implementation-of-ssrf-attack-framework-550e9fda16ea | All you need to know about SSRF and how may we write tools to do auto-detect
https://github.com/s0md3v/AwesomeXSS | s0md3v/AwesomeXSS: Awesome XSS stuff
https://somdev.me/sop-and-cors/ | CORS, SOP & crossdomain.xml For Dummies – Somdev Sangwan
https://medium.freecodecamp.org/a-quick-introduction-to-web-security-f90beaf4dd41 | A quick introduction to web security – freeCodeCamp.org
https://skeletonscribe.net/ | James Kettle Research Overview

https://coursehunters.net/source/ihatetomatoes | Видеокурсы от ihatetomatoes - Смотреть онлайн - страница 1

https://www.youtube.com/watch?v=NwS87LTCmLc | (75) Why GraphQL Is Awesome - YouTube
https://github.com/alekseylovchikov/ch-download | alekseylovchikov/ch-download: download video from coursehunters.net
https://coursehunters.net/course/usvoyte-react-dlya-sozdaniya-realnyh-prilozheniy | Усвойте React для создания реальных приложений - Видеоуроки
https://coursehunters.net/course/polnyy-kurs-veb-razrabotchika-react-s-redux-2nd-edition | Полный курс веб-разработчика React (с Redux)(2nd edition) - Видеоуроки
https://coursehunters.net/course/sovremennyy-javascript-bootcamp-2018 | Современный JavaScript Bootcamp (2018) - Видеоуроки
https://coursehunters.net/source/leveluptutorials | Видеокурсы от LevelUpTutorials - Смотреть онлайн - страница 1
https://coursehunters.net/course/prodvinutyy-react-js-polnyy-kurs | Продвинутый React.js - Полный курс (Ryan Florence) - Видеоуроки
https://coursehunters.net/course/nachalo-raboty-s-javascript-dlya-veb-razrabotki | Начало работы с JavaScript для веб-разработки - Видеоуроки
https://coursehunters.net/course/sozdaem-mean-prilozhenie-codepost-full-stack | Создаем MEAN приложение "CodePost" - Full Stack - Видеоуроки
https://coursehunters.net/source/tyler-mcginnis | Видеокурсы от Tyler McGinnis - Смотреть онлайн - страница 1
https://coursehunters.net/course/stroim-prilozheniya-s-react-socket-io-i-rethinkdb | Строим приложения с React, Socket.io и RethinkDB - Видеоуроки
https://coursehunters.net/source/scotch-io | Видеокурсы от scotch.io - Смотреть онлайн - страница 1
https://coursehunters.net/source/egghead | Видеокурсы от egghead.io - Смотреть онлайн - страница 1
https://coursehunters.net/course/javascript-klyuchevoe-slovo-this-v-glubine | JavaScript 'this' в глубине - Видеоуроки
https://coursehunters.net/course/sozdaem-komponent-s-react-on-rails | Создаем компонент с React on Rails - Видеоуроки
https://coursehunters.net/course/nachalo-raboty-s-react-storybook | Начало работы с React Storybook - Видеоуроки
https://www.udemy.com/modern-javascript-the-complete-course-build-10-projects/ | Modern JavaScript The Complete Course - Build +10 Projects | Udemy
https://coursehunters.net/course/vvedenie-v-struktury-dannyh-dlya-sobesedovaniy | Введение в структуры данных для собеседований - Видеоуроки
https://www.udemy.com/the-complete-junior-to-senior-web-developer-roadmap/ | The Complete Junior to Senior Web Developer Roadmap (2018) | Udemy
https://coursehunters.net/course/aws-dlya-front-end-inzhenerov | Быстрая разработка на AWS: React, Node.js и GraphQL - Видеоуроки
https://coursehunters.net/course/polnoe-rukovodstvo-razrabotchika-2018-ot-dzhunika-k-senoru | Полное руководство разработчика 2018: от джуника к сеньору - Курс
https://coursehunters.net/course/testirovanie-javascript | Тестирование JavaScript (Kent C. Dodds) - Видеоуроки
https://coursehunters.net/course/advanced-javascript | Advanced JavaScript (Tyler Mcginnis) - Видеоуроки
https://coursehunters.net/source/vueschool-io | Видеокурсы от vueschool.io - Смотреть онлайн - страница 1
https://coursehunters.net/course/luchshiy-javascript | Лучший Javascript (leveluptutorials) - Видеоуроки
https://coursehunters.net/course/vue-js-master-klass | Vue.js Мастер-класс (vueschool.io) - Видеоуроки
https://coursehunters.net/course/sozdayte-interaktivnoe-javascript-menyu | Создайте интерактивное javascript меню - Видеоуроки
https://coursehunters.net/source/codewithmosh-mosh-hamedani | Видеокурсы codewithmosh (Mosh Hamedani) - Смотреть онлайн - страница 1
https://coursehunters.net/course/react-catch-up | React Catch-up (Ryan Florence) - Видеоуроки
https://coursehunters.net/course/asinhronnyy-javascript | Асинхронный JavaScript (Asynchronous JavaScript) - Видеоуроки
https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | Основы JavaScript для начинающих - Видеоуроки
https://coursehunters.net/course/vvedenie-v-struktury-dannyh-dlya-sobesedovaniy | Введение в структуры данных для собеседований - Видеоуроки
https://coursehunters.net/backend | Видеоуроки Back-end - страница 1
https://www.npmjs.com/package/coursehunters-cli | coursehunters-cli - npm
https://github.com/alekseylovchikov/ch-download | alekseylovchikov/ch-download: download video from coursehunters.net

https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | XSS Filter Evasion Cheat Sheet - OWASP
https://www.youtube.com/ | (74) YouTube
https://www.facebook.com/ | Facebook

https://github.com/Rev3rseSecurity/WebMap?fbclid=IwAR1F_-n2Mezz4DYjBwsCp8Ea0IrG3LjmtVYiLE5UyKKQnunNWL3-a_dMGmQ | Rev3rseSecurity/WebMap: Nmap Web Dashboard and Reporting

https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-xss | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://appsecwiki.com/#/frontend | Frontend Security - Application Security Wiki
http://blog.ironwasp.org/2014/07/contexts-and-cross-site-scripting-brief.html | IronWASP - Open Source Advanced Web Security Testing Platform: Contexts and Cross-site Scripting - a brief intro
https://ardern.io/2017/12/10/blind-xss/ | Ode To Blind XSS - ardern.io
https://www.corben.io/archives/ | Archives – Corben Leo – Information Security Blog
https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html | Stored XSS, and SSRF in Google using the Dataset Publishing Language
https://twitter.com/hacker_/status/951527150628327425 | Corben Leo on Twitter: "☢ Write-Up Alert: "Chaining Bugs to Steal Yahoo Contacts!" https://t.co/I5KPWExwtK"
https://www.youtube.com/watch?v=VO2uBSfXZso&t=544s | Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi - AppSecUSA 2017 - YouTube
https://www.youtube.com/watch?v=lGdfE-bhQhg | AppSec EU 2017 LT Increasing Web Seurity With The Power Of HTTP Headers by Jose Manuel Ortega - YouTube
https://www.youtube.com/watch?v=bOSdFnFAYNc&t=8s | AppSec EU 2017 OWASP Juice Shop by Björn Kimminich - YouTube
https://www.youtube.com/watch?v=p07acPBi-qw | AppSec EU 2017 Don't Trust The DOM: Bypassing XSS Mitigations Via Script Gadgets by Sebastian Lekies - YouTube
https://www.youtube.com/watch?v=Hmu21p9ybWs | Zane Lackey - Practical tips for web application security in the age of agile and DevOps - YouTube
https://www.youtube.com/watch?v=qHhhg1CEJfY | Evan Johnson - Misconfigured CORS and why web appsec is not getting easier - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=22CKQ_xed9s | James Kettle - Exploiting CORS Misconfigurations for Bitcoins and Bounties - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=43G_nSTdxLk | Automating API Penetration Testing using fuzzapi - AppSecUSA 2016 - YouTube
https://www.youtube.com/watch?v=9C_DaebngYg | Keynote: 50 Shades of AppSec - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=G539NwvpL3I | New Methods in Automated XSS Detection - Ken Belva - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=V1c2cy2G3Wo | Wait, Wait! Don't pwn Me! - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=5r5GkJL7Dgg | PHP Security, Redefined - Chris Cornutt - AppSecUSA 2015 - YouTube
https://www.youtube.com/watch?v=tp4TgJeqPhU | Secure Authentication without the Need for Passwords - Don Malloy - AppSecUSA 2015 - YouTube

https://appsecwiki.com/#/frontend?id=learning | Frontend Security - Application Security Wiki
https://twitter.com/jonathanmarcil/status/1031728013442859008 | Jonathan Marcil on Twitter: "XSS defense summary credits: @manicode @OWASPOC… "
https://twitter.com/manicode | Jim Manico (@manicode) | Twitter
https://twitter.com/OWASPOC | OWASP OC (@OWASPOC) | Twitter
https://twitter.com/matir | David (@matir) | Twitter
https://github.com/jhaddix/XSS.png/blob/master/XSS2.png | XSS.png/XSS2.png at master · jhaddix/XSS.png
https://github.com/jhaddix/tbhm/blob/master/05_XSS.md | tbhm/05_XSS.md at master · jhaddix/tbhm
https://github.com/LucaBongiorni/XSS.png/blob/master/XSS.png | XSS.png/XSS.png at master · LucaBongiorni/XSS.png
https://github.com/qazbnm456/awesome-web-security/blob/master/README.md#practices-xss | awesome-web-security/README.md at master · qazbnm456/awesome-web-security
https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018 | Introduction to Web Application Security - Blackhoodie US 2018
https://sites.google.com/site/testsitehacking/10k-host-header | $10k host header - Ezequiel Pereira
https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018?from_action=save | Introduction to Web Application Security - Blackhoodie US 2018
https://image.slidesharecdn.com/blackhoodieexternalpresentation-final-181002225116/95/introduction-to-web-application-security-blackhoodie-us-2018-119-638.jpg?cb=1538521022 | introduction-to-web-application-security-blackhoodie-us-2018-119-638.jpg (638×359)
https://image.slidesharecdn.com/blackhoodieexternalpresentation-final-181002225116/95/introduction-to-web-application-security-blackhoodie-us-2018-118-638.jpg?cb=1538521022 | introduction-to-web-application-security-blackhoodie-us-2018-118-638.jpg (638×359)

https://sqlbolt.com/lesson/filtering_sorting_query_results | SQLBolt - Learn SQL - SQL Lesson 4: Filtering and sorting Query results
https://pgexercises.com/questions/basic/ | PostgreSQL exercises
https://www.amazon.in/ref=nav_logo | Online Shopping site in India: Shop Online for Mobiles, Books, Watches, Shoes and More - Amazon.in
https://www.amazon.in/Printers/b/ref=dp_bc_3?ie=UTF8&node=1375443031 | Printers: Buy Printers Online at Low Prices in India - Amazon.in
https://www.owasp.org/images/1/19/OTGv4.pdf | OTGv4.pdf
https://www.youtube.com/watch?v=Tke1IqDj8wM | (61) How much money I make from YOUTUBE? | QNA#3 - YouTube

https://www.youtube.com/watch?v=9r0-Sga2bEg&list=WL&index=46 | (65) Keith Hoodlet: Bug Bounty Hunting - Paul's Security Weekly #564 - YouTube
https://www.youtube.com/watch?v=OjcMWUo4NHw&index=103&list=WL | (65) BSides Glasgow 2018 - Andy Gill and Brian Higgins - The Internet of Death - YouTube
https://www.youtube.com/watch?v=Xy1K8ODZC8w&index=125&list=WL | (65) Writing Secure JavaScript - YouTube
https://www.peerlyst.com/posts/video-3-5-hours-of-free-appsec-training-from-sunny-wear-via-brakeing-down-security-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | [Video] 3,5 hours of free AppSec training from Sunny Wear via Brakeing Down Security by Peerlyst - web application security training
https://drive.google.com/drive/folders/0B-qfQ-gWynwidlJ1YjgxakdPWDA | WebApp_Class - Google Drive
https://twitter.com/SunnyWear | Sunny Wear (@SunnyWear) | Twitter
https://www.amazon.com/Burp-Suite-Cookbook-Sunny-Wear/dp/178953173X?keywords=burp+suite+cookbook&qid=1538080978&sr=8-1-fkmrnull&ref=mp_s_a_1_fkmrnull_1 | Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite: Sunny Wear: 9781789531732: Amazon.com: Books
https://www.pluralsight.com/courses/web-application-penetration-testing-with-burp-suite | Web Application Penetration Testing with Burp Suite | Pluralsight
https://www.pluralsight.com/courses/advanced-web-application-penetration-testing-burp-suite | Advanced Web Application Penetration Testing with Burp Suite | Pluralsight
https://github.com/ngalongc/bug-bounty-reference | ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
chrome://bookmarks/?id=18 | Bookmarks
https://www.torontowebsitedeveloper.com/hacking-resources | Hacking Resources | Peter YaworskiToronto Website Developer
https://github.com/juliocesarfort/public-pentesting-reports | juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
http://h1.nobbd.de/ | The unofficial HackerOne disclosure Timeline
https://github.com/PaulSec/awesome-sec-talks | PaulSec/awesome-sec-talks: A collected list of awesome security talks
https://github.com/denysdovhan/bash-handbook | denysdovhan/bash-handbook: For those who wanna learn Bash
https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/ | Offensive Security Bookmarks – EK
https://groups.google.com/forum/m/#!topic/rsua-ts2014/bsDNBH0MrcU | Tutorials - Google Groups
https://www.youtube.com/watch?v=hRuNHUwiQJA | (65) An introduction to Android application security testing (by Nikolay Elenkov) - YouTube
https://github.com/m4ll0k/Awesome-Hacking-Tools | m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://www.facebook.com/NineHackers/?fref=gc&dti=328952157561088&hc_location=ufi | Nine Hackers - Home

https://samsclass.info/129S/129S_F16.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?v=UjAGqCFl74U | (63) CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2) - YouTube
https://security.love/CSRF-PoC-Genorator/ | https://security.love/CSRF-PoC-Genorator/
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/readings/index.html#week3 | COMP 116: Introduction to Computer Security - Required Readings
https://www.veracode.com/security/csrf | Guide to CSRF (Cross-Site Request Forgery) | Veracode
https://blog.codinghorror.com/cross-site-request-forgeries-and-you/ | Cross-Site Request Forgeries and You
https://www.cs.utexas.edu/~shmat/courses/cs378_spring09/zeller.pdf | zeller.pdf
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/readings/index.html#week3 | COMP 116: Introduction to Computer Security - Required Readings
https://www.youtube.com/watch?v=PBvFuVRCuMg | (63) What is CSRF? - YouTube
https://www.hacksplaining.com/ | Pick a Vulnerability to Learn About
https://www.youtube.com/watch?v=9JrzPX1pVjs | (63) XSRF Cross Site Request Forgery - YouTube
https://www.youtube.com/watch?v=vRBihr41JTo | Cross Site Request Forgery - Computerphile - YouTube
https://www.youtube.com/watch?v=GgaI6vi_IOM | How to Cross Site Forgery Request (CSRF) - YouTube
https://www.youtube.com/watch?v=hW2ONyxAySY | (63) Understanding CSRF, the video tutorial edition - YouTube
https://www.troyhunt.com/understanding-csrf-video-tutorial/ | Troy Hunt: Understanding CSRF, the video tutorial edition
https://www.youtube.com/watch?v=TwG0Rd0hr18 | (63) Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery) - YouTube
https://blog.zsec.uk/csrf-2018/ | Delivering Many a Payload via CSRF
https://www.google.co.in/search?q=CNIT+129S%3A+13%3A+Attacking+Users%3A+Other+Techniques+(Part+1+of+2)&oq=CNIT+129S%3A+13%3A+Attacking+Users%3A+Other+Techniques+(Part+1+of+2)&aqs=chrome..69i57j69i61l3.471j0j7&sourceid=chrome&ie=UTF-8 | CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2) - Google Search
https://samsclass.info/129S/129S_S18.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://samsclass.info/129S/lec/ch13a.pdf | ch13a.key
https://www.youtube.com/watch?v=yn1UQYAX7kk | (63) CNIT 129S - Securing Web Applications, April 25, 2018 Lecture - YouTube
https://samsclass.info/129S/129S_F16.shtml | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?v=w9_gx0yOLCc | (63) FilterCopy | How I Fell In Love With My Best Friend | Ft. Apoorva Arora and Rohan Shah - YouTube
https://www.youtube.com/watch?v=30WTWkFe910 | (63) Silicon Valley | Season 1-5 | The Best of Gavin Belson - YouTube

https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://samsclass.info/129S/lec/ch12a.pdf | ch12a.key
https://samsclass.info/129S/lec/ch12b.pdf | ch12b.key
http://attackdirect.samsclass.info/xss-extra.htm | Project 9x: XSS Extra Credit (Up to 25 pts.)
https://www.youtube.com/watch?v=pkAz9OYZ-HM | (35) CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3) - YouTube
https://www.youtube.com/watch?v=pkAz9OYZ-HM | CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3) - YouTube
https://www.youtube.com/playlist?list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj | Hacker101 - YouTube
https://www.youtube.com/watch?v=HGaFCcWM57U&index=4&t=0s&list=PLxhvVyxYRviZd1oEA9nmnilY3PhVrt4nj | Hacker101 - XSS and Authorization - YouTube
https://www.youtube.com/watch?v=gkMl1suyj3M&t=1s | Bugcrowd University - Cross Site Scripting (XSS) - YouTube
https://www.bugcrowd.com/university/ | Bugcrowd University | Bugcrowd
https://www.youtube.com/watch?v=WsyswW5F4Io&t=22s | Cross-site scripting (XSS) explained - YouTube
https://zseano.com/tutorials/4.html | zseano | UK Security Researcher
http://brutelogic.com.br/blog/ | Brute XSS - Master the art of Cross Site Scripting.
https://blog.sucuri.net/2016/04/what-is-an-xss-vulnerability.html | What is XSS? - Cross Site Scripting Vulnerability
https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting | Types of Cross-Site Scripting - OWASP
https://quanyang.github.io/the-abcs-of-xss/ | The ABCs of XSS – Quan Yang
https://brutelogic.com.br/blog/xss101/ | XSS 101 - Brute XSS
https://www.csoonline.com/article/3269028/malware/what-is-cross-site-scripting-xss-low-hanging-fruit-for-both-attackers-and-defenders.html | What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders | CSO Online
http://www.hackingarticles.in/beginners-guide-cross-site-scripting-xss/ | Beginners Guide to Cross Site Scripting (XSS)
https://www.veracode.com/security/xss | Cross-Site Scripting (XSS) Cheat Sheet | CA Veracode
https://attack.samsclass.info/vulnphp/vuln-messageboard.php | Vulnerable Message Board
https://attack.samsclass.info/xss.htm | XSS Demos
https://www.youtube.com/watch?v=AtRL06gBgeo | BSides Delhi 2017 - Doing recon like it’s 2017 - Bharath Kumar - YouTube
http://www.cs.tufts.edu/comp/20/hackme.php | Hack Me Playground
https://www.youtube.com/ | (35) YouTube

https://www.hackersclub.io/blog/page/10 | hackerclub
https://www.hackersclub.io/single-post/2016/02/12/Advanced-SQL-Injection | Advanced SQL Injection | hackerclub
https://www.hackersclub.io/single-post/2018/02/10/Exploiting-Buffer-Overflows | Exploiting Buffer Overflows | hackerclub
https://www.hackersclub.io/single-post/2016/08/20/How-to-Hack-Using-JavaScript-XSS-Brute-Force-BeEF | How to Hack Using JavaScript (XSS, Brute Force, BeEF) | hackerclub
https://www.hackersclub.io/blog/tag/wireshark | hackerclub
https://www.hackersclub.io/single-post/2016/04/17/Bash-Scripting-Basics-Part-1 | Bash Scripting Basics Part 1 | hackerclub
https://www.hackersclub.io/single-post/2016/04/05/Perl-Script-TCP-Attack | Perl Script: TCP Attack | hackerclub
https://www.hackersclub.io/single-post/2016/03/30/20-Different-Types-of-DDoS-Attacks | 20 Different Types of DDoS Attacks | hackerclub
https://www.hackersclub.io/single-post/2016/03/27/Scheduling-Tasks-with-Cron-Jobs | Scheduling Tasks with Cron Jobs | hackerclub
https://www.hackersclub.io/single-post/2016/03/25/11-great-Rails-libraries-we-use-on-every-project | 11 great Rails libraries we use on every project | hackerclub
https://www.hackersclub.io/single-post/2016/03/24/Creating-a-Backdoor-Using-Meterpreter | Creating a Backdoor Using Meterpreter | hackerclub
https://www.hackersclub.io/blog/tag/python | hackerclub
https://www.hackersclub.io/single-post/2016/03/21/Client-Side-Exploits-in-Metasploit | Client Side Exploits in Metasploit | hackerclub
https://www.hackersclub.io/single-post/2016/03/18/Pentesting-Tips-Scanning-your-network-for-Reflective-Amplification-DDoS | Pentesting Tips - Scanning your network for Reflective Amplification DDoS | hackerclub
https://www.hackersclub.io/single-post/2016/03/11/Hacking-With-Python-Basic-SSH-BotNet | Hacking With Python - Basic SSH BotNet | hackerclub
https://www.hackersclub.io/single-post/2016/03/09/How-To-Kill-The-Entire-Internet-Connection-Of-User-In-Single-Click | How To “Kill“ The Entire “Internet Connection“ Of User In Single Click | hackerclub
https://www.hackersclub.io/single-post/2016/03/08/Metasploit-Tutorial-From-Basic-To-Advance | Metasploit Tutorial From Basic To Advance | hackerclub

https://twitter.com/ | (*) Twitter
https://www.youtube.com/watch?v=4TBStYr8t4g&index=11&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | (27) 11- Hashing, How it works and why we need it. - YouTube
https://main.immersivelabs.online/labs/tcpdump-episode-1/ | Immersive Labs
http://alumni.cs.ucr.edu/~marios/ethereal-tcpdump.pdf | ethereal-tcpdump.pdf
https://www.tcpdump.org/manpages/tcpdump.1.html | Manpage of TCPDUMP
http://linuxcommand.org/lc3_lts0070.php | Learning the shell - Lesson 7: I/O Redirection
https://lab-content.immersivelabs.online/Tooling-and-Techniques/Linux-Command-Line/CheatSheet-Linux-Essentials.pdf | CheatSheet-Linux-Essentials.pdf
https://www.jpsecnetworks.com/ | jpsecnetworks.com
https://www.jpsecnetworks.com/week-3-oscp-preparation/ | Week 3 – OSCP Preparation / (Wireshark, tcpdump, Shell Script and Python) 2018-09-18 20:08:38
https://www.google.co.in/search?q=javascript+training+in+delhi&oq=javascript+training+in+delhi&aqs=chrome..69i57j0l3j69i64.6293j0j7&sourceid=chrome&ie=UTF-8 | javascript training in delhi - Google Search

https://www.youtube.com/ | (17) YouTube
https://www.blackroomsec.com/updated-hacking-challenge-site-links/ | Updated Hacking Challenge Site Links
https://www.malware-traffic-analysis.net/training-exercises.html | Malware-Traffic-Analysis.net - Traffic Analysis Exercises
https://holidayhackchallenge.com/past-challenges/ | The SANS Holiday Hack Challenge: Past Challenges
https://www.sans.org/course/web-app-penetration-testing-ethical-hacking | Web Application Penetration Testing Training | SANS SEC542
https://www.sans.org/course/defending-web-applications-security-essentials | Web Application Security Training Course | SANS | Web App Security
https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking | Advanced Web App Penetration Testing Training | SANS SEC642

https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://github.com/publiclab/plots2 | publiclab/plots2: a collaborative knowledge-exchange platform in Rails; we welcome first-time contributors!
http://www.speedtest.net/result/7683572079 | Speedtest by Ookla - The Global Broadband Speed Test
http://www.hackingarticles.in/web-penetration-testing/ | Web Penetration Testing - Hacking Articles
http://www.hackingarticles.in/penetration-testing/ | Penetration Testing, Metasploit Tutorial, Metasploit Hacking,Pentest Tutorials
https://stackoverflow.com/questions/46941346/how-to-know-the-git-username-and-email-saved-during-configuration | command line - How to know the git username and email saved during configuration? - Stack Overflow
https://alvinalexander.com/git/git-show-change-username-email-address | How to show or change your Git username or email address | alvinalexander.com
https://stackoverflow.com/questions/8801729/is-it-possible-to-have-different-git-config-for-different-projects | Is it possible to have different git config for different projects - Stack Overflow
https://web.whatsapp.com/ | (14) WhatsApp
https://www.google.co.in/search?q=change+the+ruby+version&oq=change+the+ruby+version+&aqs=chrome..69i57j0l5.223993j0j4&sourceid=chrome&ie=UTF-8 | change the ruby version - Google Search
https://rvm.io/rubies/default | RVM: Ruby Version Manager - 'rvm default' - setting default ruby for new terminals
https://code.publiclab.org/ | Community toolbox
https://unix.stackexchange.com/questions/1373/how-do-i-switch-from-an-unknown-shell-to-bash | How do I switch from an unknown shell to bash? - Unix & Linux Stack Exchange
https://gorails.com/setup/ubuntu/16.04 | Install Ruby On Rails on Ubuntu 16.04 Xenial Xerus | GoRails
https://superuser.com/questions/46748/how-do-i-make-bash-my-default-shell-on-ubuntu | How do I make Bash my default shell on Ubuntu? - Super User
https://www.tecmint.com/change-a-users-default-shell-in-linux/ | 3 Ways to Change a Users Default Shell in Linux

https://twitter.com/HanseSecure/status/1035398658517295104 | Florian Hansemann on Twitter: "Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans. #infosec #pentest https://t.co/SsilxmY4IS… https://t.co/PFloi4rf1h"
https://www.tecmint.com/nmap-command-examples/ | 29 Practical Examples of NMAP Commands for Linux System/Network Administrators
https://twitter.com/kmkz_security/status/1003999163594485760 | kmkz on Twitter: "The easy way to exploit OOB XXE by exfiltrating data : https://t.co/tlCHIXThdA"

https://www.youtube.com/results?search_query=How+To+DevOps+%28While+Sneaking+in+Security%29+ | (17) How To DevOps (While Sneaking in Security) - YouTube
https://www.twitch.tv/videos/316744940 | shehackspurple - OWASP DevSlop - Twitch
https://www.owasp.org/index.php/OWASP_DevSlop_Project | OWASP DevSlop Project - OWASP
https://www.cybrary.it/course/secure-coding/ | The FREE Secure Coding Training Course only at Cybrary
https://www.peerlyst.com/companies/peerlyst?trk=post_page_author | Posts related to "Peerlyst" | Peerlyst
https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=sr_1_2?s=books&ie=UTF8&qid=1483585805&sr=1-2&keywords=sunny+wear | SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25: Sunny Wear: 9781508929574: Amazon.com: Books
https://7minsec.com/blog/ | Blog — 7 Minute Security
https://7minsec.com/projects/github/ | Github Repos — 7 Minute Security
https://gist.github.com/braimee/2ef29a7732bdb0e77a6779c42a31bf68 | 7 Minute Security podcast episode guide · GitHub
https://7ms.us/7ms-318-interview-with-bjorn-kimminich-of-owasp-juice-shop/ | 7MS #318: Interview with Bjorn Kimminich of OWASP Juice Shop
https://summerofcode.withgoogle.com/ | Home | Google Summer of Code
https://www.sunnywear.org/ | Home | Sunshine Solutions, LLC
https://www.youtube.com/c/SunnyWear | (18) Sunny Wear - YouTube

https://twitter.com/ | (*) Twitter
https://twitter.com/ | (*) Twitter
chrome://bookmarks/?id=18 | Bookmarks
https://www.peerlyst.com/posts/ctf-write-ups-wiki-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | CTF write-ups wiki by Peerlyst - cryptography, peerlyst wiki, bsides | Peerlyst
https://cmdchallenge.com/ | Commandline Challenge
https://www.explainshell.com/ | explainshell.com - match command-line arguments to their help text
https://www.youtube.com/watch?v=oxuRxtrO2Ag | Beginner's Guide to the Bash Terminal - YouTube
https://www.youtube.com/user/BadEditPro/playlists | (17) Joe Collins - YouTube
https://github.com/cneill/appsec-resources/blob/master/training.md#star-the-basics | appsec-resources/training.md at master · cneill/appsec-resources · GitHub
https://blog.sucuri.net/2016/04/what-is-an-xss-vulnerability.html | What is XSS? - Cross Site Scripting Vulnerability
https://www.youtube.com/watch?v=hRuNHUwiQJA | An introduction to Android application security testing (by Nikolay Elenkov) - YouTube
https://infocon.org/cons/ | InfoCon Collection: Hacking Conference Audio and Video Archive
https://groups.google.com/forum/m/#!topic/rsua-ts2014/bsDNBH0MrcU | Учебные материалы - Google Groups
https://github.com/m4ll0k/Awesome-Hacking-Tools | GitHub - m4ll0k/Awesome-Hacking-Tools: Awesome Hacking Tools
https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK-A | Murmus CTF - YouTube
https://www.youtube.com/watch?v=fRx1m9VrRqc&index=3&list=PLI7sA2luNRhlzMMpqw6oI8UtMcJV6bYSK | SecureNinjaTV Cyber Kung Fu Mod 02 Footprinting and Reconnaissance - YouTube
https://www.youtube.com/watch?time_continue=5&v=Q7psiw5rI4Y | OSCP DC719 Discussion - YouTube
https://www.youtube.com/channel/UC9gcFaGnsI9nEh0CmTfFPCg | (17) Arbin Godar - YouTube
https://www.youtube.com/watch?v=zi3yDovd0RY&feature=youtu.be | (17) Sunny Wear's Brakeing Down Security Web App Sec Training #1 - YouTube
https://drive.google.com/drive/folders/0B-qfQ-gWynwidlJ1YjgxakdPWDA | WebApp_Class - Google Drive
https://www.youtube.com/watch?v=0rXszCC0RCA&list=PLKa-QXCHOmEl-msqRc13vxBSS9DVTDREc | (17) CTF Beginnings: Introduction to Capture the Flag Events - YouTube
https://www.youtube.com/channel/UCOKjPk436MZRcnhzPOg49AQ/about | (17) Sunny Wear - YouTube
https://www.tripwire.com/state-of-security/devops/how-to-devops-while-sneaking-in-security/#.Wz3uN-RxyPo.twitter | BSides Springfield Preview: How To DevOps (While Sneaking in Security)
https://www.youtube.com/watch?v=Vp2nEtsCr-U | Exploit Kits: The Biggest Threat You Know Nothing About (Sunny Wear) - YouTube
https://www.sunnywear.org/ | Home | Sunshine Solutions, LLC
https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=asap_bc?ie=UTF8%C2%A0 | SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25: Sunny Wear: 9781508929574: Amazon.com: Books
https://www.amazon.com/Burp-Suite-Cookbook-Sunny-Wear/dp/178953173X?keywords=burp+suite+cookbook&qid=1538080978&sr=8-1-fkmrnull&ref=mp_s_a_1_fkmrnull_1 | Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite: Sunny Wear: 9781789531732: Amazon.com: Books
https://www.eventbrite.com/e/isc2-central-florida-chapter-web-application-pentesting-class-tickets-47929769230 | (ISC)2 Central Florida Chapter - Web Application Pentesting Class Tickets, Sat, Sep 22, 2018 at 8:00 AM | Eventbrite
https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw/playlists | (17) BDS Podcast - YouTube
http://hack.plus/search/XSS | Hack+

https://www.virustotal.com/#/file/0c829abde7968478bd3172e395116f701e7e1c08b69dbada64351aa8e5409543/community | VirusTotal
https://malwareconfig.com/config/17a07c64c9219c39d1b282f5cbfb4ef0/ | MalwareConfig - AlienSpy:
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-ii/ | Week 2 – OSCP Preparation / Linux Review Part II (Netstat, SS, NETCAT, NCAT ) 2018-09-14 19:29:50
https://www.jpsecnetworks.com/ | jpsecnetworks.com
https://public.attackdefense.com/members | AttackDefense.com Member Area
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://0x00sec.org/t/whats-the-most-anonymous-active-scanning-technique/5678 | Whats the most anonymous active scanning technique? - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/how-do-those-hacking-tools-work-the-art-of-port-scanning/619 | How do those hacking tools work? The Art of Port Scanning - Networking - 0x00sec - The Home of the Hacker
https://0x00sec.org/u/0x00pf/activity/topics | Profile - 0x00pf - 0x00sec - The Home of the Hacker
https://0x00sec.org/search?q=How%20do%20those%20hackers%20tool | Search results for 'How do those hackers tool' - 0x00sec - The Home of the Hacker
https://0x00sec.org/ | 0x00sec - The Home of the Hacker
https://0x00sec.org/t/wannabe-tutorials-section-1-part-4/1223 | Wannabe Tutorials: Section 1 Part 4 - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/whats-the-most-anonymous-active-scanning-technique/5678 | Whats the most anonymous active scanning technique? - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/recon-nmap-basics/977 | Recon: Nmap Basics - Reconnaissance - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/recon-gaining-credentials-with-nmap-scripts/984 | Recon: Gaining Credentials with Nmap Scripts - Reconnaissance - 0x00sec - The Home of the Hacker
https://crawl3r.info/my-go-to-port-scan-nmap/ | My go-to port scan (nmap) – Crawl3r
https://linux.die.net/man/1/nmap | nmap(1) - Linux man page
http://bitspyder.net/details.php?id=73180 | .:: Bitspyder.net :: Details for torrent "Metasploit (ITProTV)"
http://bitspyder.net/details.php?id=73180 | .:: Bitspyder.net :: Details for torrent "Metasploit (ITProTV)"
http://bitspyder.net/details.php?id=81049&filelist=1#filelist | .:: Bitspyder.net :: Details for torrent "ITPro TV Bundle"

https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/ | Week 1 - OSCP Preparation / LAB Setup 2018-09-05 22:20:19
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-i/ | Week 2 - OSCP Preparation / Linux Review Part I 2018-09-12 23:20:47
https://immersivelabs-dca.slack.com/messages/C902F4BN0/files/FCV6J4NLQ/ | general | ImmersiveLabs-DCA Slack
https://main.immersivelabs.online/labs/netcat/ | Immersive Labs
https://www.youtube.com/watch?v=S1GdWiiYiPI | (26) Netcat (Reverse TCP Persistence with Netcat) - Part 2: Writing Persistence Scripts (Python and VB) - YouTube
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/ | Hacking with Netcat part 2: Bind and reverse shells - Hacking Tutorials
https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g | (26) Don Does 30 Official - YouTube
https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/ | Hack Like a Pro: How to Use Netcat, the Swiss Army Knife of Hacking Tools « Null Byte :: WonderHowTo

https://training.peritusinfosec.com/courses/366780/lectures/5604538 | Proxy And Repeater | Peritus Training School
https://www.fwhibbit.es/burp-suite-ii-construyendo-un-objetivo-sitemap-spider | Burp Suite II: Construyendo un objetivo, Sitemap & Spider – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-iii-intercepter-repeater | Burp Suite III: Intercepter & Repeater – Follow The White Rabbit
https://www.sniferl4bs.com/2015/07/burpsuite-vii-match-and-replace.html | BurpSuite VII - Match and Replace, Modificaciones HTML, Encoding and decoding - Snifer@L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's
http://www.speedtest.net/result/7671181967 | Speedtest by Ookla - The Global Broadband Speed Test

https://enciphers.com/knoxss-vs-burpsuitea-practical-demonstration/ | Knoxss vs Burpsuite(A practical Demonstration) – Enciphers
https://enciphers.com/our-three-favorite-burp-suite-extensions-and-how-to-use-them/ | Our three favorite burp suite extensions and how to use them – Enciphers
https://enciphers.com/3-must-have-tools-for-penetration-testers/ | 3 must have tools for Penetration testers – Enciphers
https://main.immersivelabs.online/labs/burp-target-scope/ | Immersive Labs
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project | Category:OWASP Top Ten Project - OWASP
https://www.youtube.com/watch?v=ET07_kVbVhw&list=PLVB4HEKGduYEa4Rr5kQA9hxkhzpHIamPt&index=8 | (20) Basics of Web Application Penetration Testing - A1 Injection - YouTube
https://www.pentestgeek.com/web-applications/burp-suite-tutorial-1 | Burp Suite Tutorial - Web Application Penetration Testing
https://enciphers.com/utilizing-burpsuite-extensions/ | Utilizing Burpsuite Extensions – Enciphers
https://www.pentesteracademy.com/members | Member Area
https://www.youtube.com/watch?v=boHIjDHGmIo | (20) Burp Hacks for Bounty Hunters - YouTube
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214?show=fuzzing-approach-credentials-discovery-burp-intruder-33214&cat=testing | A Fuzzing Approach to Credentials Discovery using Burp Intruder
https://www.fwhibbit.es/?s=burp | Search results for "burp" - Follow The White Rabbit
https://www.youtube.com/watch?v=h2duGBZLEek | (20) Bugcrowd University - Introduction to Burp Suite - YouTube
https://www.sniferl4bs.com/2015/06/burpsuite-iv-configuracion-de.html | BurpSuite IV - Configuration of Digital Certificate, ProxyTOR ?, saving and recovering - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-viii-historia-de-peticiones.html | BurpSuite VIII - History of requests, Comparing Sitemaps, Report of Vulnerabilities - Snifer @ L4b's

https://www.allmytweets.net/ | All My Tweets - View all your tweets on one page.
https://enciphers.com/2018/01/24/different-tricks-to-get-xss/ | Page not found – Enciphers
https://enciphers.com/2018/01/25/how-to-exploit-xxe-vulnerabilities/ | Page not found – Enciphers
http://codegrazer.com/blog/7-reflected-xss.html | Codegrazer: 7 Reflected Cross-site Scripting (XSS)
https://github.com/keon/algorithms/blob/master/algorithms/maths/primes_sieve_of_eratosthenes.py | algorithms/primes_sieve_of_eratosthenes.py at master · keon/algorithms
http://www.cs.tufts.edu/comp/116/archive/ | COMP 116: Introduction to Computer Security - Final Project Archive
https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/ | An Intro to x86_64 Reverse Engineering | Leo Tindall
https://leotindall.com/tutorial/additional-exercises-in-reverse-engineering/ | Additional Exercises in Reverse Engineering | Leo Tindall
https://leotindall.com/post/pdf-embedding-attacks/ | PDF Embedding Attacks | Leo Tindall
https://ajinabraham.com/static/Ajin_Abraham_Resume.pdf | Ajin Abraham - VisualCV
https://github.com/orangetw/My-CTF-Web-Challenges | orangetw/My-CTF-Web-Challenges: Collection of CTF Web challenges I made
https://twitter.com/tvmpt/status/908283005608886272 | TvM on Twitter: "Perseverance is the best advice to new bug hunters...… "
http://codegrazer.com/ | CodeGrazer: Penetration Testing Services
http://codegrazer.com/conference/dc151.html | Codegrazer: The Bug bounty scene: how to start with bug bounties
http://codegrazer.com/blog/7-reflected-xss.html | Codegrazer: 7 Reflected Cross-site Scripting (XSS)

https://www.netflix.com/browse | Netflix
https://twitter.com/g33kyshivam | (1) Shivam Goyal (@g33kyshivam) | Twitter
https://movaxbx.ru/2018/09/16/privilege-escalation-post-exploitation/ | MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers Privilege Escalation & Post-Exploitation
http://www.webappsec.org/projects/articles/071105.shtml | [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
https://medium.com/ehsahil/basic-penetration-testing-lab-1-7544969cb3ac | Basic Penetration testing lab — 1 – ehsahil – Medium
https://twitter.com/shehackspurple/status/1041695362438897665 | Tanya Janca on Twitter: "Thread: Are you looking for a mentor in the InfoSec field? Are you willing to take someone under your wing and become a mentor? Many people ask me to help them find someone and other's offer to help, this thread is for all of you. Please reply if you are looking or offering."
https://www.twitch.tv/shehackspurple | shehackspurple - Twitch
https://www.peerlyst.com/posts/the-how-to-become-infosec-job-title-collection-nicole-lamoureux?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | The How To Become {Infosec Job Title} Collection by Nicole Lamoureux - career, information security, workforce shortage | Peerlyst
https://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html | Privilege Escalation - Linux · pentestbook
https://medium.com/@pentest_it/how-to-intercept-tor-hidden-service-requests-with-burp-proxy-6214035963a0 | How to intercept TOR hidden service requests with Burp
https://pinkysplanet.net/simple-linux-x86-buffer-overflow/ | Simple Linux x86 Buffer Overflow
https://breakermag.com/a-bug-bounty-hunter-tells-all/ | A bug bounty hunter tells all
https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html | Passing OSCP - scund00r
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/ | COMP 116: Introduction to Computer Security
https://www.youtube.com/?pbjreload=10 | (11) YouTube
https://www.youtube.com/watch?v=XFckmtISfJk | (11) Unboxing Every iPhone XS + XS Max - YouTube
http://www.speedtest.net/ | Speedtest by Ookla - The Global Broadband Speed Test

https://www.facebook.com/saved/?cref=28 | Saved
https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/ | PWK/OSCP – Stack Buffer Overflow Practice – vortex's blog
https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_slides.pdf | dostackbufferoverflowgood/dostackbufferoverflowgood_slides.pdf at master · justinsteven/dostackbufferoverflowgood
https://www.youtube.com/channel/UCCBmFvsR6sIPrmjSVVxY9ng/channels | (1) Justin Steven - YouTube
https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_tutorial.pdf | dostackbufferoverflowgood/dostackbufferoverflowgood_tutorial.pdf at master · justinsteven/dostackbufferoverflowgood
https://linuxize.com/post/getting-started-with-tmux/ | Getting started with Tmux | Linuxize
https://linuxize.com/post/how-to-use-scp-command-to-securely-transfer-files/ | How to Use SCP Command to Securely Transfer Files | Linuxize
https://linuxize.com/post/how-to-enable-ssh-on-ubuntu-18-04/ | How to Enable SSH on Ubuntu 18.04 | Linuxize
https://linuxize.com/post/how-to-create-and-extract-archives-using-the-tar-command-in-linux/ | How to Create and Extract Archives Using the Tar Command in Linux | Linuxize
https://linuxize.com/post/how-to-unzip-files-in-linux/ | How to Unzip Files in Linux | Linuxize
https://linuxize.com/post/how-to-kill-a-process-in-linux/ | How to Kill a Process in Linux | Linuxize
https://linuxize.com/post/curl-command-examples/ | Curl Command Examples | Linuxize
https://linuxize.com/post/how-to-list-users-in-linux/ | How to List Users in Linux | Linuxize
https://linuxize.com/post/wget-command-examples/ | Wget Command Examples | Linuxize
https://linuxize.com/post/how-to-deploy-rocket-chat-on-ubuntu-18-04/ | How to Deploy Rocket.Chat on Ubuntu 18.04 | Linuxize
https://linuxize.com/post/how-to-find-files-in-linux-using-the-command-line/ | How to Find Files in Linux Using the Command Line | Linuxize
https://linuxize.com/post/how-to-use-linux-screen/ | How To Use Linux Screen | Linuxize
https://linuxize.com/post/create-a-linux-swap-file/ | Create a Linux Swap File | Linuxize
https://linuxize.com/post/how-to-create-and-manage-cron-jobs/ | How to create and manage cron jobs | Linuxize
https://medium.com/@protector47/persistent-cross-site-scripting-on-redacted-worth-2-000-1e760617ccab | Persistent Cross-Site Scripting on redacted worth $2,000
https://github.com/MistSpark | MistSpark (Omar_Ahmed)
https://github.com/MistSpark/OSCP_Review | MistSpark/OSCP_Review
https://www.facebook.com/groups/oscpsg/permalink/1912283138864720/ | OSCP Study Group
https://blog.techorganic.com/2012/10/16/introduction-to-pivoting-part-3-ncat/ | Introduction to pivoting, Part 3: Ncat – Techorganic – Musings from the brainpan
https://www.facebook.com/ieeemsit/posts/2476178855755461 | IEEE MSIT - Posts

https://immersivelabs-dca.slack.com/messages/C902F4BN0/details/ | general | ImmersiveLabs-DCA Slack
file:///home/g33kyshivam/Downloads/Java%20Class%20Notes.pdf | Java Class Notes
https://www.youtube.com/feed/subscriptions | (7) Subscriptions - YouTube

https://mail.google.com/mail/u/0/?pli=1#inbox | Inbox (1,410) - shivam.goyal397@gmail.com - Gmail
https://www.facebook.com/ | Facebook

https://www.youtube.com/watch?v=jPSuZI7gYPA | SSLstrip - Working and Prevention ! HSTS vs 301 redirect ! Reality vs Myths - YouTube
https://www.youtube.com/ | YouTube
https://hacksandsecurity.org/posts/understating-asymmetric-and-symmetric-key-cryptography-hash-functions-mitm-attacks-salts | Understating asymmetric and symmetric key cryptography, hash functions, MITM attacks, Salts, Bruteforce attacks and more | Hacks and Security
https://www.youtube.com/playlist?list=PLf8bMP4RWebLVGpUnhji9Olkj1jdXfzFd | cryptography - YouTube
https://www.jpsecnetworks.com/oscp-the-challenge-begins/ | OSCP, the challenge begins! – JPSecNetworks
https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/ | Week 1 – OSCP Preparation / LAB Setup – JPSecNetworks
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-i/ | Week 2 – OSCP Preparation / Linux Review Part I – JPSecNetworks
https://www.jpsecnetworks.com/week-2-oscp-preparation-linux-review-part-ii/ | Week 2 – OSCP Preparation / Linux Review Part II (Netstat, SS, NETCAT, NCAT ) – JPSecNetworks

https://doge.codes/php?utm_source=telegram&utm_medium=promo_post&utm_campaign=php1&utm_content=web_fl | Online course on the basics of PHP | Doge Codes
https://www.codingninjas.in/app/payment | Online Programming/Coding Courses/Classes, Practice Coding Online: Coding Ninjas
https://www.youtube.com/feed/subscriptions | Subscriptions - YouTube

http://www.pepcoding.com/resources.html | PepCoding.com
http://www.pepcoding.com/PepTool/?path=0core/2lect2/8pat8 | PepCoding - For programming excellence and peace
https://www.hackerrank.com/contests/pepsep2018/leaderboard | Leaderboard | HackerRank
https://www.hackerrank.com/contests/pepsep2018/challenges/pep-java-1gettingstarted-14pattern8/leaderboard | Pep_Java_1GettingStarted_14Pattern8 Leaderboard | PepSep2018 Question | Contests | HackerRank
https://www.hackerrank.com/contests/pepsep2018/challenges/pep-java-1gettingstarted-15pattern9 | Pep_Java_1GettingStarted_15Pattern9 | PepSep2018 Question | Contests | HackerRank
https://www.hackerrank.com/contests/pepsep2018/challenges/pep-java-1gettingstarted-16pattern10 | Pep_Java_1GettingStarted_16Pattern10 | PepSep2018 Question | Contests | HackerRank

https://twitter.com/rag_sec | RagSec (@rag_sec) | Twitter
https://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/ | MySQL SQL Injection Practical Cheat Sheet - Perspective Risk
https://github.com/NetSPI/PowerUpSQL | NetSPI/PowerUpSQL: PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
http://www.fuzzysecurity.com/tutorials/16.html | http://www.fuzzysecurity.com/tutorials/16.html
https://www.askapache.com/hacking/changing-password-xp/ | Changing Any Password On XP
https://www.google.co.in/search?q=sennheiser%20delhi&oq=senhister+del&aqs=chrome.2.69i57j0l5.3850j0j7&sourceid=chrome&ie=UTF-8&npsic=0&rflfq=1&rlha=0&rllag=28555657,77146795,11016&tbm=lcl&rldimm=11577421290328404015&lqi=ChBzZW5uaGVpc2VyIGRlbGhpIgOIAQE&ved=2ahUKEwijuam16KrdAhWHtI8KHZV_DLUQvS4wAXoECAYQIg&rldoc=1&tbs=lrf:!2m4!1e17!4m2!17m1!1e2!2m1!1e3!2m1!1e16!3sIAE,lf:1,lf_ui:4#rlfi=hd:;si:11577421290328404015,l,ChBzZW5uaGVpc2VyIGRlbGhpIgOIAQE;mv:!3m12!1m3!1d84107.26859113981!2d77.14679525!3d28.555657299999996!2m3!1f0!2f0!3f0!3m2!1i231!2i288!4f13.1;tbs:lrf:!2m1!1e3!2m1!1e16!2m4!1e17!4m2!17m1!1e2!3sIAE,lf:1,lf_ui:4 | sennheiser delhi - Google Search
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/ | Windows Privilege Escalation Methods for Pentesters – Pentest Blog
https://www.cybrary.it/0p3n/windows-xp-netapi-exploitation/ | Windows XP Netapi Exploitation - Cybrary

https://www.youtube.com/watch?v=ztHopE5Wnpc&t=7920s | (73) Database Design Course - Learn how to design and plan a database for beginners - YouTube
https://www.youtube.com/watch?v=3W5zFjedIrk&list=PL_c9BZzLwBRKn20DFbNeLAAbw4ZMTlZPH&index=4 | (73) MySQL 4 - Beginner Terms Part 1 - YouTube
https://www.youtube.com/user/CalebTheVideoMaker2/playlists | (73) Caleb Curry - YouTube
https://main.immersivelabs.online/cyber-skills/skills/skill-set/ethical-infrastructure-hacking | Immersive Labs
https://main.immersivelabs.online/cyber-skills/skills/skill-set/ethical-web-hacking | Immersive Labs

http://www.speedtest.net/result/7601977469 | Speedtest by Ookla - The Global Broadband Speed Test
https://www.youtube.com/ | (55) YouTube
https://www.guru99.com/database-normalization.html | What is Normalization? 1NF, 2NF, 3NF & BCNF with Examples
https://www.calebcurry.com/freecodecamp-database-design-full-course/ | freeCodeCamp Database Design Full Course - Caleb Curry
https://www.tv-subs.com/subtitles/mr-robot-season-1-episode-2-english-8182 | Mr.Robot.S01E02.720p.HDTV.x264-KILLERS English subtitle

https://www.youtube.com/playlist?list=PLp4w7b_XLssRTl34st7tMeRA0emwz0vTr | (54) Website Hacking (Sql Injection) - YouTube
https://www.youtube.com/watch?v=rapaRJDO3vA | (54) SQL Injection Tutorial For Beginners - Kali Linux - #1 - YouTube
https://www.youtube.com/watch?v=dzj9Y2ahYx8&t=3s | (54) Introduction to SQL Injection with SQLMap - YouTube
https://www.youtube.com/watch?v=ciNHn38EyRc | Running an SQL Injection Attack - Computerphile - YouTube
https://www.youtube.com/watch?v=WFFQw01EYHM | (54) SQL Injection Attack Tutorial (2018) - YouTube
https://www.youtube.com/watch?v=_jKylhJtPmI | (54) Hacking Websites with SQL Injection - Computerphile - YouTube
https://main.immersivelabs.online/labs/web-applications-sql-injection/ethical-web-hacking | Immersive Labs
https://www.youtube.com/watch?v=BR-VeQUoRCw&index=2&list=PLZOToVAK85Mr4CzRimmw4KD84yUjkEAEw&t=0s | SQL Injection Explained - Part 1: The Basics - YouTube
https://www.acunetix.com/websitesecurity/blind-sql-injection/ | Blind SQL Injection: What is it? | Acunetix
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://www.w3schools.com/sql/sql_injection.asp | SQL Injection
https://www.veracode.com/security/sql-injection | SQL Injection Cheat Sheet & Tutorial | CA Veracode
http://www.cs.tufts.edu/comp/20/hackme.php | Hack Me Playground
https://www.twitch.tv/techlahoma/videos/all | techlahoma's Videos - Twitch
https://www.meetup.com/OKCSQL/events/ | Upcoming Events | OKC SQL Server User Group (Oklahoma City, OK) | Meetup
https://mail.google.com/mail/u/0/#inbox/FMfcgxvzKQldWMktczDtzGFhvZTFDfdF | Techlahoma Foundation has invited you to join a Slack workspace - shivam.goyal397@gmail.com - Gmail
https://techlahoma.slack.com/join/invite/enQtNDI3ODg0MzIwNzczLWE3OWY1YTI3MmU1ZGJhNTFkZWU0NzEzOTMxNjJmMDc0YWNlN2ZhMDM1OGJhYjdlMzNiNzgyMjdjYTgyMDU3OGI | Create Account | Slack

https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit | How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki
https://www.hackers-arise.com/single-post/2017/02/06/Metasploit-Basics-Part-3-Payloads | Metasploit Basics, Part 3: Payloads | hackers-arise
https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/ | Deep Dive Into Stageless Meterpreter Payloads
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki

https://main.immersivelabs.online/labs/sqlmap/ | Immersive Labs
https://www.hackers-arise.com/single-post/2017/07/31/Metasploit-Basics-Part-9-Using-msfvenom-to-Create-Custom-Payloads | Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads | hackers-arise
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit | How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki
https://www.hackers-arise.com/single-post/2017/02/06/Metasploit-Basics-Part-3-Payloads | Metasploit Basics, Part 3: Payloads | hackers-arise
https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/ | Deep Dive Into Stageless Meterpreter Payloads
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom | How to use msfvenom · rapid7/metasploit-framework Wiki
https://www.youtube.com/watch?v=_jKylhJtPmI | (53) Hacking Websites with SQL Injection - Computerphile - YouTube
https://www.youtube.com/watch?v=WFFQw01EYHM | SQL Injection Attack Tutorial (2018) - YouTube
https://www.youtube.com/watch?v=ciNHn38EyRc | Running an SQL Injection Attack - Computerphile - YouTube
https://www.youtube.com/watch?v=dzj9Y2ahYx8&t=3s | Introduction to SQL Injection with SQLMap - YouTube
https://www.youtube.com/watch?v=rapaRJDO3vA | SQL Injection Tutorial For Beginners - Kali Linux - #1 - YouTube
https://www.youtube.com/playlist?list=PLp4w7b_XLssRTl34st7tMeRA0emwz0vTr | (53) Website Hacking (Sql Injection) - YouTube

http://linuxcommand.org/lc3_lts0090.php | Learning the shell - Lesson 9: Permissions
https://lab-content.immersivelabs.online/Tooling-and-Techniques/Linux-Command-Line/CheatSheet-Linux-Essentials.pdf | CheatSheet-Linux-Essentials.pdf
http://www.comptechdoc.org/os/linux/usersguide/linux_ugbasics.html | Basic Linux Commands
https://www.cyberciti.biz/faq/find-unix-linux-hidden-directories/ | Linux / Unix: Find Hidden Directories, Files and Folders - nixCraft
https://crawl3r.info/should-students-use-immersive-labs/ | Should students use Immersive Labs? – Crawl3r
https://slides.com/g33kyshivam/linux-101/edit | Edit: Linux 101
https://www.youtube.com/ | (19) YouTube

https://www.sniferl4bs.com/2015/07/burpsuite-vii-match-and-replace.html | BurpSuite VII - Match and Replace, HTML Modifications, Encoding and decoding - Snifer @ L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guide to use BurpSuite in Spanish - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-xii-analisis-web-owasp_13.html | BurpSuite XIII - Análisis Web OWASP - Descubriendo directorios y ficheros ocultos - Snifer@L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-viii-historia-de-peticiones.html | BurpSuite VIII - History of requests, Comparing Sitemaps, Report of Vulnerabilities - Snifer @ L4b's
https://www.sniferl4bs.com/2015/07/burpsuite-x-metodologia-de-analisis-web.html | BurpSuite X - Web Analysis Methodology with Owasp - Snifer @ L4b's

http://www.gaza-hacker.net/cc/index.html | فريق قراصنة غزة || Gaza Hacker Team
https://www.facebook.com/Melegy.GHI | (1) Ahmed El Melegy

https://training.peritusinfosec.com/courses/366780/lectures/5602752 | Exercise | Peritus Training School
https://www.youtube.com/watch?v=6fRKlf1DsZU | (45) OWASP AppsecEU13 - Nicolas Grgoire : Burp Suite Pro Real life tips and tricks - YouTube
https://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-http-methods-using-netcat | Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos)
https://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 | https://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
https://www.youtube.com/watch?v=Tosp-JyWVS4&t=0s&list=PLZOToVAK85MrsyNmNp0yyUTBXqKRTh623&index=56 | (45) Introduction to HTTP Parameter Pollution (HPP) Attack - YouTube
https://learnflakes.net/?p=home&pid=1 | LearnFlakes.Net -Learning Community

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/xdavidhu | xdavidhu (@xdavidhu) | Twitter
https://xdavidhu.me/ | [xdavidhu]
https://github.com/xdavidhu?tab=stars | xdavidhu (David Schütz) / Starred
https://regala.im/2018/08/18/choosing-programs/ | [HackerOne] - Prioritizing and choosing a program to focus on
https://blog.netspi.com/15-ways-to-download-a-file/ | 15 Ways to Download a File
https://twitter.com/_wix1 | Mu (@_wix1) | Twitter
https://twitter.com/HanseSecure | (1) Florian Hansemann (@HanseSecure) | Twitter
https://twitter.com/cyberboyIndia | Shashank (@cyberboyIndia) | Twitter

https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=kFLx7d1H0qc | (22) Uno Funny Moments - Delirious, Uno Champion of the World?? - YouTube
https://h4ck.co/oscp-journey-exam-lab-prep-tips/ | OSCP Journey: Exam & Lab Prep Tips – h4ck.co
https://coursehunters.net/ | Learn, Bleat! - Video courses for developers

https://www.shawarkhan.com/2018/08/who-am-i.html | Who am i? | Shawar Khan
https://www.w3schools.com/jsref/met_win_scrollby.asp | Window scrollBy() Method
https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://www.techmedia.com.ng/2018/05/interview-with-rodolfo-assis-brutelogic-security-researcher-from-brazil/ | ERROR 404 - Techmedia NG
https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745 | XXE on Windows system …then what ?? – Hamada – Medium
http://www.amanhardikar.com/mindmaps/Practice.html | www.amanhardikar.com/mindmaps/Practice.html
https://medium.com/@rojanrijal/hack-more-learn-more-earn-more-and-get-invited-more-ef581ff0ac7a | Hack more, learn more, earn more and get invited more.
https://dev.to/bjhaid_93/beginners-guide-to-fetching-data-with-ajax-fetch-api--asyncawait-3m1l | Beginners Guide To Fetching Data With (AJAX, Fetch API & Async/Await) - DEV Community 👩‍💻👨‍💻

https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's

https://www.sniferl4bs.com/p/guia-de-uso-de-zap-en-espanol.html | Zed Attack Proxy (ZAP) User Guide in Spanish - Snifer @ L4b's
https://www.sniferl4bs.com/p/guia-de-uso-de-burpsuite.html | Guia de uso de BurpSuite en Español - Snifer@L4b's
https://www.sniferl4bs.com/2018/05/wireshark-101-exportar-objetos-http.html | Wireshark 101: Exportar objetos HTTP, DICOM, SMB, TFTP - Snifer@L4b's
https://www.sniferl4bs.com/2016/06/hacking-101-politica-del-mismo-origen.html | Hacking 101 - Política del mismo origen (Same Origin Policy) SOP - Snifer@L4b's
https://www.sniferl4bs.com/2016/09/coleccion-de-retos-sobre-xss-cross-site.html | Colección de Retos sobre XSS - Cross Site Scripting - Snifer@L4b's
https://www.sniferl4bs.com/2016/02/hacking-101-fingerprinting-aplicaciones.html | Hacking 101 - Fingerprinting Aplicaciones Web - Snifer@L4b's
https://underc0de.org/foro/talleres-underc0de-213/taller-de-seguridad-web-1/ | Privacy error
https://www.sniferl4bs.com/2013/04/comprendiendo-un-csrf-o-xsrf-cross-site.html | Comprendiendo un CSRF o XSRF (Cross Site Request Forgery) - Snifer@L4b's

http://www.kneda.net/documentos/Pentesting%20con%20kali.pdf | Pentesting con kali.pdf

https://www.youtube.com/feed/subscriptions | (3) Subscriptions - YouTube

https://www.fwhibbit.es/category/recoleccion-informacion/page/3 | Recolección de información – Página 3 – Follow The White Rabbit
https://www.fwhibbit.es/category/hacking-wifi/page/2 | Hacking WiFi – Página 2 – Follow The White Rabbit
https://www.fwhibbit.es/network-miner-examen-forense-de-capturas-de-red | Network Miner - Network capture forensic exam - Follow The White Rabbit
https://www.fwhibbit.es/deteccion-de-origenes-de-trafico-con-scapy-parte-1 | Traffic origination detection with Scapy - Part 1 - Follow The White Rabbit
https://www.fwhibbit.es/analisis-basico-de-ficheros-pcap | Basic analysis of PCAP files - Follow The White Rabbit
https://www.fwhibbit.es/the-samurai-path-scapy-parte-1 | The Samurai Path – Scapy (Parte 1) – Follow The White Rabbit
https://www.fwhibbit.es/the-path-of-the-samurai-scapy-parte-2 | The Path of the Samurai – Scapy (Parte 2) – Follow The White Rabbit
https://www.netresec.com/index.ashx?page=NetworkMiner | NetworkMiner - The NSM and Network Forensics Analysis Tool ⛏
https://www.fwhibbit.es/quien-vive-en-la-pina-debajo-del-mar-wifi-pineapple-i | ¿Quien vive en la piña debajo del mar? – WiFi Pineapple (I) – Follow The White Rabbit
https://www.fwhibbit.es/mr-robot-pwn-phone-el-telefono-de-elliot-diy | Mr. Robot Pwn Phone. El teléfono de Elliot DIY – Follow The White Rabbit
https://www.fwhibbit.es/cracking-wps-con-dumpper | Cracking WPS con Dumpper – Follow The White Rabbit
https://www.fwhibbit.es/protege-tu-wifi | Protege tu Wifi – Follow The White Rabbit
https://www.fwhibbit.es/category/linux | Linux – Follow The White Rabbit
https://www.fwhibbit.es/category/redes | Redes – Follow The White Rabbit
https://www.fwhibbit.es/reconocimiento-pasivo-en-un-phishing | Reconocimiento pasivo en un phishing – Follow The White Rabbit
https://www.fwhibbit.es/category/explotacion | Explotación – Follow The White Rabbit
https://www.fwhibbit.es/bypass-waf | Bypass WAF – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-iii-intercepter-repeater | Burp Suite III: Intercepter & Repeater – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-ii-construyendo-un-objetivo-sitemap-spider | Burp Suite II: Construyendo un objetivo, Sitemap & Spider – Follow The White Rabbit
https://www.fwhibbit.es/bypass-validation-upload | Bypass validation upload – Follow The White Rabbit
https://www.fwhibbit.es/burp-suite-i-la-navaja-suiza-del-pentester | Burp Suite I: La Navaja Suiza del Pentester – Follow The White Rabbit
https://www.fwhibbit.es/ctf-team-whoami-reto-1 | CTF – TEAM WHOAMI – RETO-1 – Follow The White Rabbit
https://www.fwhibbit.es/escaneando-like-a-sir | Escaneando like a Sir – Follow The White Rabbit
https://www.fwhibbit.es/guia-metasploitable-2-parte-2 | Guia Metasploitable 2: Parte 2 – Follow The White Rabbit

https://elbinario.net/category/software/page/4/ | Software – Página 4 – Elbinario
https://elbinario.net/category/seguridad/page/7/ | Security - Page 7 - Elbinario
https://elbinario.net/2016/11/22/pgp-en-android-con-openkeychan/ | PGP en android con OpenKeyChan – Elbinario
https://elbinario.net/2016/11/10/nuestro-servicio-web-bajo-i2p/ | Nuestro Servicio Web Bajo I2P – Elbinario
https://elbinario.net/2016/10/04/esnifando-imagenes-con-drifnet/ | Esnifando imágenes con driftnet – Elbinario
https://elbinario.net/2016/09/23/instalacion-de-openswan-l2tpipsec-en-raspbian/ | Instalacion de OpenSwan L2tp/Ipsec en Raspbian – Elbinario
https://elbinario.net/2016/04/19/conectando-a-telecomix-desde-i2p/ | Conectando a Telecomix desde I2P – Elbinario
https://elbinario.net/2016/04/07/port-knocking-y-single-packet-authorization/ | Port-Knocking y Single Packet Authorization – Elbinario
https://elbinario.net/2016/02/10/privacidad-para-smartphones-android-2-0/ | Privacidad para smartphones – Android 2.0 – Elbinario
https://elbinario.net/2016/02/16/ya-puedes-probar-el-correo-cifrado-de-bitmask/ | ¡Ya puedes probar el Correo Cifrado de Bitmask! – Elbinario
https://elbinario.net/2016/02/09/privacidad-para-smartphones-android/ | Privacidad para smartphones – Android – Elbinario
https://elbinario.net/2015/12/03/privacidad-para-principiantes-el-navegador/ | Privacidad para principiantes – El navegador – Elbinario
https://elbinario.net/2015/11/21/una-app-salvaje-ha-aparecido/ | Csploit – Una app salvaje ha aparecido – Elbinario
https://elbinario.net/2015/11/29/gpg-editar-identificadores-de-usuario-desde-shell/ | GPG: EDITAR IDENTIFICADORES DE USUARIO DESDE SHELL – Elbinario
https://elbinario.net/2015/10/31/hacker-activistas-hacktivistas-y-terroristas/ | Hacker, activistas, hacktivistas y terroristas – Elbinario
https://elbinario.net/2015/11/04/windows-10-deberia-estar-prohibido/ | Windows 10 debería estar prohibido – Elbinario
https://elbinario.net/2015/10/29/godaddy-o-la-cueva-de-ali-baba/ | Godaddy, o la cueva de Alí Babá. – Elbinario
https://elbinario.net/2015/10/20/lidiando-con-las-cookies/ | Lidiando con las cookies – Elbinario
https://elbinario.net/2015/10/09/herramientas-y-tipos-de-ataque-con-kali-nethunter/ | Herramientas y tipos de ataque con Kali NetHunter – Elbinario
https://elbinario.net/2015/10/02/instalar-kali-nethunter-en-android/ | Instalar Kali NetHunter en Android – Elbinario
https://elbinario.net/2015/10/02/otra-de-seguridad-para-el-cunado-scammers/ | Otra de seguridad para el cuñado. Scammers – Elbinario
https://elbinario.net/2015/08/10/privacidad-para-principiantes-uso-de-wifi-publica/ | Privacidad para principiantes – Uso de wifi pública – Elbinario
https://elbinario.net/2015/07/15/privacidad-para-principiantes-llamadas-y-sms/ | Privacidad para principiantes – Llamadas y SMS – Elbinario
https://elbinario.net/2015/06/01/privoxy-un-proxy-para-mas-privacidad/ | Privoxy, un proxy para más privacidad – Elbinario
https://elbinario.net/2015/07/08/privacidad-correo/ | Privacidad para principiantes – El correo – Elbinario
https://elbinario.net/2015/05/26/whonix-la-distribucion-gnulinux-disenada-para-el-anonimato/ | Whonix, la distribución GNU/Linux diseñada para el anonimato – Elbinario
https://elbinario.net/2015/04/03/publicada-la-auditoria-de-truecrypt/ | Publicada la auditoria de Truecrypt – Elbinario
https://elbinario.net/2015/04/12/mi-vida-como-criptofriki/ | Mi vida como Criptofriki – Elbinario
https://elbinario.net/2015/03/12/bitmask-comunicacion-cifrada-para-simples-mortales/ | Bitmask – Comunicación cifrada para simples mortales – Elbinario
https://elbinario.net/2015/02/26/instalacion-y-configuracion-de-la-vpn-de-riseup-bitmask/ | Installation and Configuration of the Riseup VPN: Bitmask - Elbinario

https://twitter.com/g33kyshivam | (2) Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/JR_kneda | kneda (@JR_kneda) | Twitter
https://twitter.com/JR_kneda | kneda (@JR_kneda) | Twitter
https://twitter.com/naivenom | Naivenom (@naivenom) | Twitter
https://t.me/joinchat/CKeYakbKgvCGg4NVwPkTng | Telegram: Join Group Chat
https://www.fwhibbit.es/introduccion-reversing-0x00-introduccion | Introducción al Reversing con radare2 – 0x00 Introduccion – Follow The White Rabbit
https://www.youtube.com/ | (3) YouTube
https://www.sniferl4bs.com/ | Snifer @ L4b's
https://www.sniferl4bs.com/p/blog-page_7.html | Pentesting with Kali - Snifer @ L4b's
https://www.sniferl4bs.com/2014/04/pcaps-gratuitos-para-analizar-y-pasar.html | Free Pcap's to analyze and hang out - Snifer @ L4b's
https://www.sniferl4bs.com/2014/04/examenes-de-prueba-de-lpi-online-y.html | Examenes de prueba de LPI Online y gratuitos - Snifer@L4b's
https://www.sniferl4bs.com/2014/04/que-rayos-me-pasa-no-tengo-vida.html | ¿Que rayos me pasa no tengo vida? Comienza el juego - Snifer@L4b's
https://www.sniferl4bs.com/2014/03/listado-completo-herramientas-en-kali.html | Listado Completo Herramientas en Kali Linux - Snifer@L4b's
https://www.sniferl4bs.com/2015/02/pdf-hacking-con-buscadores-google-bing.html | PDF - Hacking con Buscadores Google Bing y Shodan - Snifer@L4b's
https://heap-exploitation.dhavalkapil.com/ | Preface · Heap Exploitation
http://sanseolab.tistory.com/archive/201807 | SanseoLab :: 2018/07 Posts Posts
https://www.google.co.in/search?q=transalte&oq=trans&aqs=chrome.0.69i59j69i61j69i65l3j69i61.1017j0j7&sourceid=chrome&ie=UTF-8 | transalte - Google Search
https://www.fwhibbit.es/introduccion-al-reversing-con-radare2-0x06-lotto | Introducción al Reversing con radare2 – 0x06 Lotto – Follow The White Rabbit
https://blog.skullsecurity.org/2015/defcon-quals-babyecho-format-string-vulns-in-gory-detail | Defcon Quals: babyecho (format string vulns in gory detail) » SkullSecurity
https://elbinario.net/category/software/page/4/ | Software - Page 4 - Elbinario
https://elbinario.net/2018/04/18/jugando-con-la-programacion/ | Jugando con la programación – Elbinario
https://elbinario.net/2018/04/09/cifrar-perfil-thunderbird-con-encfs/ | Cifrar perfil Thunderbird con Encfs – Elbinario
https://elbinario.net/2017/06/30/cuidadin-con-zeronet/ | Cuidadin con ZeroNet – Elbinario
https://elbinario.net/2017/07/19/dont-be-evil-se-un-mono-mas/ | Don’t be evil!! Se un mono más. – Elbinario
https://elbinario.net/2017/07/13/mejor-software-libre-o-privativo-cuestion-de-ideologia/ | ¿Mejor software libre o privativo? Cuestión de ideología – Elbinario
https://elbinario.net/2017/05/23/usar-gnupg-con-el-editor-geany/ | Usar GnuPG con el Editor Geany – Elbinario
https://elbinario.net/2017/04/25/guia-para-los-heroes-del-p2pi2p/ | GUIA PARA LOS HEROES DEL P2P+I2P – Elbinario
https://elbinario.net/2017/04/13/un-poco-de-osint-con-twitter-y-harvey/ | Un poco de OSINT con Twitter y Harvey – Elbinario
https://elbinario.net/2017/04/11/passwordmanager-beta-apk-by-foo/ | PasswordManager (beta) apk by foo – Elbinario
https://elbinario.net/2017/03/06/juega-en-gnulinux-episodio-1-winehq/ | Juega en GNU/Linux episodio 1 WineHQ – Elbinario
https://elbinario.net/2017/03/10/juega-en-gnulinux-episodio-2-playonlinux/ | Juega en GNU/Linux episodio 2 PlayOnLinux – Elbinario
https://elbinario.net/2017/02/02/trasteando-con-ensamblador-primera-parte/ | Trasteando con Ensamblador: primera parte – Elbinario
https://elbinario.net/2017/02/16/trasteando-con-ensamblador-segunda-parte/ | Trasteando con Ensamblador: segunda parte – Elbinario
https://elbinario.net/2017/03/03/trasteando-con-ensamblador-final/ | Trasteando con Ensamblador: Final – Elbinario
https://elbinario.net/2014/05/06/resumen-de-la-semananegra/ | Resumen de la #SemanaNegra – Elbinario
https://elbinario.net/2016/07/12/rogue-access-pointap-con-raspberryprimera-parte/ | Rogue Access Point (AP) with Raspberry (first part) - Elbinario
https://elbinario.net/2016/07/28/rogue-access-pointap-con-raspberryfinal/ | Rogue Access Point (AP) with Raspberry (final) - Elbinario
https://elbinario.net/2015/08/23/wifitracking-y-web-browser-fingerprinting-en-centros-comerciales-y-tiendas/ | WifiTracking and Web Browser Fingerprinting in shopping centers and stores - Elbinario
https://elbinario.net/2015/08/10/privacidad-para-principiantes-uso-de-wifi-publica/ | Privacy for beginners - Use of public Wi-Fi - Elbinario
https://elbinario.net/2014/06/20/enviar-paquetes-wireless-sin-protocolo/ | Enviar paquetes wireless sin protocolo – Elbinario
https://elbinario.net/2016/11/23/wifi-pineapple-plataforma-de-auditoria-de-redes-wifis/ | Wifi Pineapple – Plataforma de auditoría de redes wifis – Elbinario
https://elbinario.net/tag/privacidad/ | privacidad – Elbinario
https://elbinario.net/tag/linux/ | linux – Elbinario
https://www.fwhibbit.es/introduccion-al-reversing-con-radare2-0x06-lotto | Introducción al Reversing con radare2 – 0x06 Lotto – Follow The White Rabbit

https://twitter.com/ | (*) Twitter
https://365.csaw.io/team/336 | CSAW 365
https://pbs.twimg.com/media/DbMSmYqWsAEy3_L.jpg | DbMSmYqWsAEy3_L.jpg (1200×928)
https://coursehunters.net/course/programmirovanie-na-c-si-dlya-nachinayushchih | Программирование на C (си) для начинающих - Видеоуроки
https://www.empirehacking.nyc/archive/ | Empire Hacking
https://www.nyc-infosec.com/ | NYC Infosec Community
https://365.csaw.io/challenges | CSAW 365
https://ubuntuforums.org/showthread.php?t=1323712 | Any good tutorial on Glibc?
https://c.developpez.com/cours/20-heures/ | C in 20 hours

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://twitter.com/0v_hell | ĐɆ₳Đ Ɽ₳฿฿ł₮ (@0v_hell) | Twitter
https://www.youtube.com/watch?v=BslKjxaP4Ik | (74) BJP IT Cell Part 2: Money offered after the Interview! | Dhruv Rathee - YouTube

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://coursehunters.net/course/programmirovanie-na-c-si-dlya-nachinayushchih | Программирование на C (си) для начинающих - Видеоуроки
https://www.youtube.com/ | (73) YouTube

https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
http://0xc0ffee.io/blog/OSCP-Goldmine | OSCP Goldmine (not clickbait) | 0xc0ffee☕
http://0xc0ffee.io/blog/OSCP-Goldmine | OSCP Goldmine (not clickbait) | 0xc0ffee☕
http://justpentest.blogspot.com/2015/07/minishare1.4.1-bufferoverflow.html | Minishare 1.4.1 Bufferoverflow
https://samsclass.info/127/proj/vuln-server.htm | Exploiting "Vulnerable Server" for Windows 7
http://0xc0ffee.io/blog/tu-ctf2017-worth-a-thousand-words | TU-CTF 2017 - Steganography 100 | 0xc0ffee☕

https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | Основы JavaScript для начинающих - Видеоуроки
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson3/solutions.md | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://mail.google.com/mail/u/0/#search/zell/FMfcgxvwzvJFqDsnqmHhqNcqrBXgWFsq | 15 sample lessons - shivam.goyal397@gmail.com - Gmail
https://zellwk.com/blog/js-in-dom/?ck_subscriber_id=168610568 | Altering the DOM with JavaScript | Zell Liew
https://zellwk.com/blog/looping-through-js-objects/ | Looping through objects in JavaScript | Zell Liew
https://zellwk.com/blog/looping-through-js-objects/ | Looping through objects in JavaScript | Zell Liew
https://medium.com/@nickbalestra/javascripts-lexical-scope-hoisting-and-closures-without-mystery-c2324681d4be | Javascript’s lexical scope, hoisting and closures without mystery.
https://scotch.io/tutorials/understanding-scope-in-javascript | Understanding Scope in JavaScript ― Scotch
https://courses.learncodeonline.in/learn//Javascript-for-2018-developer/25328/114621?section=25331 | Free Javascript tutorials
http://127.0.0.1:5500/index.html | Learning Javascript
https://vanillajstoolkit.com/code-snippets/#selectors | Code Snippets | The Vanilla JS Toolkit

https://www.youtube.com/watch?v=ztqxSdG6HCU | (58) 4 Reasons You're Not Losing Weight - YouTube
https://www.youtube.com/watch?v=bw2OpssObmg | Can You Turn Fat Into Muscle? - YouTube

https://www.youtube.com/watch?v=bweEXpJ0Hk8 | 5 Fitness MISTAKES You Should Avoid - YouTube
https://www.youtube.com/watch?v=kxCdXia2oJw | Light Weights Vs Heavy Weights - YouTube
https://www.youtube.com/watch?v=1snkU1LFwLM | 5 Muscle Building Tips For BEGINNERS - YouTube
https://www.youtube.com/watch?v=IXjHG7Z7k5g | How Long Should You REST Between SETS? (The Current Research) - YouTube
https://www.youtube.com/watch?v=ZH_NGgzijBw | Is Training to FAILURE Necessary? - YouTube
https://www.youtube.com/watch?v=MJOD71YWz1Q | How Much Protein Can Your Body Absorb Per Meal? - YouTube
https://www.youtube.com/watch?v=HKfcAnlMueg | Multivitamins - The Industry's Biggest Lie - YouTube
https://www.youtube.com/watch?v=7f8ybrwqxww | Why You Should Consider CALISTHENICS (Especially BEGINNERS) - YouTube
https://www.youtube.com/watch?v=jMObYA0n6As | Should You Take COLD SHOWERS For MUSCLE and STRENGTH? - YouTube
https://www.youtube.com/watch?v=xJG_3kz8gl4 | Do Cardio or Weights First? - YouTube
https://www.youtube.com/watch?v=WTVsVIjlpH8 | What is Carb Cycling? - YouTube
https://www.youtube.com/watch?v=FY5O607L08k | How Many Times a Week Should I Workout? - YouTube
https://www.youtube.com/watch?v=GH5-HHxeIe4 | Weight Training VS Low Intensity Cardio - Best Way to Burn Fat? - YouTube

https://www.youtube.com/results?search_query=webpwnized+web+goat | (41) webpwnized web goat - YouTube
https://www.sniferl4bs.com/2014/01/burpuite-i-primeros-pasos.html | Burp Suite I - Primeros Pasos - Snifer@L4b's
https://www.youtube.com/watch?v=KHuEspNyAsM | (41) Web Authentication Hacking Tutorial: Burpsuite and WebGoat - YouTube
https://www.youtube.com/watch?v=h2duGBZLEek | (41) Bugcrowd University - Introduction to Burp Suite - YouTube
https://coursehunters.net/ | Учитесь, Блеать! - Видеокурсы для разработчиков

https://medium.com/cyberdefenders/burp-suite-webpage-enumeration-and-vulnerability-testing-cfd0b140570d | Burp Suite: Webpage Enumeration and Vulnerability Testing
https://medium.com/@d0znpp/the-best-burp-plugin-ive-ever-seen-2d17780342 | The best Burp plugin I’ve ever seen – Ivan Novikov – Medium

https://www.youtube.com/watch?v=YeOLwZJDJgg | Best Camera for Vlogging| Independence day Special 🇮🇳 - YouTube
https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=cL9NsXpUqYI&t=2s | (35) Web App Penetration Testing - #3 - Brute Force Attacks With Burp Suite - YouTube

https://www.netflix.com/browse/genre/83 | Netflix
https://twitter.com/g33kyshivam | Shivam Goyal (@g33kyshivam) | Twitter
https://pentester.land/conference-notes/2018/08/02/levelup-2018-the-bug-hunters-methodology-v3.html | Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018) · Pentester Land
https://pentester.land/conference-notes | Conference notes · Pentester Land
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://pentester.land/list-of-bug-bounty-writeups.html | List of bug bounty writeups · Pentester Land
https://pentester.land/conference-notes | Conference notes · Pentester Land
https://pentester.land/challenge | Challenges · Pentester Land
https://bugbountyforum.com/tools/recon/ | Bug Bounty Forum - tools - Recon
https://2000.shodan.io/#/ | Shodan 2000
https://twitter.com/0v_hell | (1) ĐɆ₳Đ Ɽ₳฿฿ł₮@Defcon (@0v_hell) | Twitter
https://guif.re/ | Guifre Home
https://www.sploitspren.com/SLAE/ | SLAE WriteUps
https://twitter.com/HanseSecure | (1) Florian Hansemann (@HanseSecure) | Twitter

https://www.youtube.com/watch?v=718DNxSWPe4 | (26) Reduce Belly fat in 1 week | FASTEST WAY - YouTube
https://twitter.com/i/notifications | Twitter / Notifications
https://twitter.com/Johnsy13067365 | Johnsy (@Johnsy13067365) | Twitter
https://docs.google.com/document/d/101EsKlu41ICdeE7mEv189SS8wMtcdXfRtua0ClYjP1M/edit#heading=h.y6e8l083walm | Web Application Penetration Testing Course URLs.docx - Google Docs

https://mail.google.com/mail/u/0/#inbox | Inbox (1,359) - shivam.goyal397@gmail.com - Gmail
https://www.youtube.com/watch?v=7_7bR8P4UQA | (3) BEST and FASTEST Fat Loss Exercise | BeerBiceps Hindi - YouTube
https://www.youtube.com/watch?v=7_7bR8P4UQA | BEST and FASTEST Fat Loss Exercise | BeerBiceps Hindi - YouTube
https://www.youtube.com/watch?v=AWkClbrkvEs | Jyada Handsome Kaise Dikhe! Men's Grooming Basics Explained in Hindi | BeerBiceps Male Grooming Tips - YouTube
https://www.youtube.com/watch?v=VaHbHXfH4A4 | What Girls Like In Men - TOP 10 MOST ATTRACTIVE Men's Traits BeerBiceps Hindi - YouTube
https://www.youtube.com/watch?v=0_ts04nAWao | (4) Our upcoming Website with forum, New youtube channels and a lot more ! - YouTube

https://samsclass.info/129S/lec/ch3.pdf | ch3.key
https://www.youtube.com/results?search_query=CNIT+129S%3A+Ch+3%3A+Web+Application+Technologies | CNIT 129S: Ch 3: Web Application Technologies - YouTube
https://www.youtube.com/watch?v=sj5SP5q4uM4 | (19) CNIT 129S - Securing Web Applications, January 31, 2018 Lecture - YouTube

http://www.crypto-textbook.com/ | Cryptography Textbook
http://wiki.crypto.rub.de/Buch/en/projects_further_information.php | Understanding Cryptography, A Textbook for Students and Practitioners - with a Foreword by Bart Preneel
https://www.cryptool.org/en | Home EN - CrypTool Portal
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week2-cryptography.pdf | Cyber Security Week 2
https://www.youtube.com/watch?v=2aHkqB2-46k | (10) Lecture 1: Introduction to Cryptography by Christof Paar - YouTube
https://www.cs.rit.edu/~ark/462/module01/notes.shtml | CSCI 462—Introduction to Cryptography
https://www.cs.rit.edu/~ark/462/module01/notes.shtml | CSCI 462—Introduction to Cryptography
https://wiki.gnome.org/Internships | Internships - GNOME Wiki!

https://linuxhandbook.com/category/linux-commands/page/2/ | Linux Commands – Page 2
https://linuxhandbook.com/sed-reference-guide/ | Complete Sed Command Guide [Explained with Practical Examples]

https://samsclass.info/129S/129S_F16.shtml#lecture | CNIT 129S: Securing Web Applications -- Sam Bowne
https://www.youtube.com/watch?time_continue=3&v=Wa6lf9LdgNE | (35) CNIT 129S: Ch 3: Web Application Technologies Part 1 - YouTube
https://www.pentesteracademy.com/course?id=40 | Reverse Engineering Linux 32-bit Applications
https://www.pentesteracademy.com/course?id=41 | Reverse Engineering Win32 Applications
https://www.tunnelbear.com/account#/signup?v=c2.0.3 | TunnelBear: Simple and Secure Privacy Apps

https://coursehunters.net/archive | Архив СourseHunters.net
https://coursehunters.net/course/osnovy-javascript-dlya-nachinayushchih | The Basics of JavaScript for Beginners - Video Tutorials
https://github.com/s-castillo/js-course-example/blob/master/course-examples/_js/simple-js.js | js-course-example/simple-js.js at master · s-castillo/js-course-example
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md#27-functions | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://github.com/chiangs/jsf-solutions/blob/master/solutions/lesson2/solutions.md#29-scopes-closures | jsf-solutions/solutions.md at master · chiangs/jsf-solutions
https://learnjavascript.today/?ck_subscriber_id=168610568 | Build 20 real components from scratch | Learn JavaScript with Zell
https://www.udemy.com/modern-javascript-from-the-beginning/ | Modern JavaScript From The Beginning | Udemy
https://www.udemy.com/modern-javascript/ | The Modern JavaScript Bootcamp (2018) | Udemy
https://mail.google.com/mail/u/0/#search/zell/FMfcgxvwzvJFqDsnqmHhqNcqrBXgWFsq | 15 sample lessons - shivam.goyal397@gmail.com - Gmail
https://scotch.io/tutorials/understanding-scope-in-javascript | Understanding Scope in JavaScript ― Scotch

https://www.flipkart.com/computers/printers-inks/printers/single-function-printers/pr?sid=6bo%2Cffn%2Ct64%2C1pr&q=printer&otracker=categorytree&p%5B%5D=facets.brand%255B%255D%3DSamsung | Online Shopping Site for Mobiles, Fashion, Books, Electronics, Home Appliances and More
https://www.amazon.in/s/ref=sr_nr_n_0?fst=as%3Aoff&rh=n%3A976392031%2Cn%3A14784019031%2Cn%3A1375443031%2Cn%3A1375444031%2Ck%3Aprinter%2Cp_n_feature_browse-bin%3A1464470031&keywords=printer&ie=UTF8&qid=1532836071&rnid=976393031 | Amazon.in: printer - Monochrome / All-In-One Printers / Printers: Computers & Accessories
https://www.amazon.in/Canon-MF3010-Digital-Multifunction-Printer/dp/B009LJKURO/ref=sr_1_16?s=computers&ie=UTF8&qid=1532837066&sr=1-16&keywords=printer&refinements=p_n_feature_browse-bin%3A1464470031 | Amazon.in: Buy Canon MF3010 Digital Multifunction Laser Printer Online at Low Prices in India | Canon Reviews & Ratings
https://www.youtube.com/ | YouTube

http://securityidiots.com/ | Welcome to Security Idiots!!
https://evilzone.org/ | Evilzone - Hacking and Security Network
https://greysec.net/forumdisplay.php?fid=9 | GreySec Forums - Web Application Security
https://greysec.net/showthread.php?tid=3370 | We are a group of Canada hackers,We will share with you all what we have and you too.
https://0x00sec.org/t/the-pentesterlab-bootcamp/1241 | The Pentesterlab Bootcamp - Web Hacking - 0x00sec - The Home of the Hacker
https://0x00sec.org/t/hackthebox-gr-virtual-lab-free/2030/24 | Hackthebox.gr Virtual Lab (FREE) - Web Hacking - 0x00sec - The Home of the Hacker
https://gbhackers.com/category/webapp/ | Webapp Pentesting Archives - GBHackers On Security

https://www.youtube.com/results?search_query=leetwood+Mac | (97) leetwood Mac - YouTube
https://github.com/tuftsdev/DefenseAgainstTheDarkArts/tree/gh-pages/labs | DefenseAgainstTheDarkArts/labs at gh-pages · tuftsdev/DefenseAgainstTheDarkArts
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week1-networks.pdf | Cyber Security Week 1
https://www.facebook.com/ | Facebook
https://www.youtube.com/watch?v=hwSxDvLRcsI&t=829s | (97) Mount Your Friends in 3D (CLIMB GREATNESS MOUNTAIN!) - YouTube

https://www.facebook.com/ | Facebook
https://academy.silesiasecuritylab.com/p/how-hackers-find-sql-injections-in-minutes-with-sqlmap | How Hackers Find SQL Injections in Minutes with Sqlmap | Dawid Czagan
https://spyclub.tech/#blog | SpyClub
https://spyclub.tech/resume.pdf | Tarunkant Gupta – Curriculum Vitae
https://www.youtube.com/watch?v=8vhnzAvXMGM&index=5&list=PLtr9ezc61PUb3iQMlvnicIC3BIra2BZId | (22) 4- Essential Tools - netcat - YouTube
https://www.youtube.com/watch?v=OaXEDgW8SUE&index=25&list=PLv7cogHXoVhXvHPzIl1dWtBiYUAL8baHj | (22) 25- BurpSuite Tabs part 1 - YouTube
http://www.hackingarticles.in/setup-dns-penetration-testing-lab-on-windows-server-2012/ | Setup DNS Penetration Testing Lab on Windows Server 2012
https://www.waterstones.com/book/learning-kali-linux/ric-messier/9781492028697 | Learning Kali Linux by Ric Messier | Waterstones
http://shop.oreilly.com/product/0636920063568.do | Ethical Hacking - O'Reilly Media
https://www.oreilly.com/library/view/security-testing-and/9781492029328/ | Security Testing and Ethical Hacking with Kali Linux [Video]
chrome://downloads/ | Downloads

https://www.udemy.com/website-application-penetration-testing-using-burp-suite/ | Web Application Penetration Testing Using Burp Suite | Udemy
https://www.google.co.in/search?q=metasplot+pentester+academt&oq=metasplot+pentester+academt&aqs=chrome..69i57j0.8244j0j4&sourceid=chrome&ie=UTF-8 | metasplot pentester academt - Google Search
https://www.pentesteracademy.com/course?id=10 | Pentesting with Metasploit
https://main.immersivelabs.online/cyber-skills/tools/skill-set/scanning | Immersive Labs
https://main.immersivelabs.online/cyber-skills/tools/skill-set/metasploit-028124de-8e24-4754-9d14-8dc1f1bfc1bf | Immersive Labs
https://main.immersivelabs.online/cyber-skills/tools/skill-set/common-tool-sets | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/ethical-web-hacking | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/databases | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/wireless | Immersive Labs
https://main.immersivelabs.online/cyber-skills/techniques/skill-set/enumeration | Immersive Labs
https://main.immersivelabs.online/cyber-skills/tools/skill-set/security-engineering | Immersive Labs

https://docs.google.com/document/d/17cpPLdUb6NeuDXK3shVK1fFMHWxYVQSFbvL3bw3eG6Q/edit | Website Performance - Google Docs
https://github.com/webcompat/webcompat.com | GitHub - webcompat/webcompat.com: Source code for
https://webcompat.com/ | Web Compatibility | webcompat.com
https://github.com/webcompat/webcompat.com/wiki/Architecture | Architecture · webcompat/webcompat.com Wiki · GitHub
https://www.facebook.com/ | Facebook

https://www.facebook.com/ | (1) Facebook
https://github.com/mike-works/sql-fundamentals | GitHub - mike-works/sql-fundamentals: 👨‍🏫 Mike's SQL Fundamentals and Professional SQL Courses
https://drive.google.com/file/d/17DckYclE6PJ2b42dMO-zVB_5WAk-bYYj/view | SQL Fundamentals.pdf - Google Drive
https://www.youtube.com/feed/subscriptions | (12) Subscriptions - YouTube
https://www.youtube.com/watch?v=kF2OWLdvWtk&list=PLUhdoQx6gMwJIgBZJ2i0PfJp4IB2U0eY1 | (12) Burp Suite - Configuring all browsers and Windows ! Fix Errors ! Basic Concepts and working - YouTube
https://www.youtube.com/watch?v=_Yw7QWbk9Vs&list=PLUhdoQx6gMwI94DteZyxKdfLN_lFGegsi | (12) Cryptography ( Encryption ) and its types - the backbone of security of networks and computers - YouTube
https://www.youtube.com/watch?v=ISVAQhwU7Ag&list=PLUhdoQx6gMwJojPb3f2BzRzCa1jIF6JBT | (12) Cryptocurrencies - price calculations , market caps , manipulations and more - YouTube
https://www.youtube.com/ | (12) YouTube

https://main.immersivelabs.online/cyber-skills/techniques/skill-set/databases | Immersive Labs
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/index-summer.html | COMP 116: Introduction to Computer Security
https://tuftsdev.github.io/DefenseAgainstTheDarkArts/slides/week3-websecurity.pdf | Cyber Security Week 3
https://github.com/sectalks/sectalks | GitHub - sectalks/sectalks: CTFs, solutions and presentations
https://www.peerlyst.com/posts/the-how-to-use-nmap-wiki-peerlyst?utm_campaign=peerlyst_shared_post&utm_content=peerlyst_post&utm_medium=social&utm_source=twitter | The "how to use NMAP" wiki by Peerlyst - training, course, nmap scripting engine
https://pentester.land/conference-notes/2018/10/17/levelup-2018-practical-recon-techniques-for-bug-hunters-and-pentesters.html | Conference notes: Practical recon techniques for bug hunters & pen testers (LevelUp 0x02 / 2018) · Pentester Land
https://pentester.land/conference-notes | Conference notes · Pentester Land
https://pentester.land/tips-and-tricks | Tips & Tricks · Pentester Land
https://pentester.land/newsletter | The 5 Hacking NewsLetter · Pentester Land
https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/search?query=bug+hunt | (8) Cooper - YouTube
https://bugid.skylined.nl/20181017001.html | Fuzz in sixty seconds
https://us17.campaign-archive.com/home/?u=5cc7586e74a1b2f77a7c647a0&id=f84c40c1cc | Pranav Hivarekar's Security Thursday via Peritus InfoSec
http://kmb.ufoctf.ru/bash/main.html | Основные команды Bash · Курс молодого CTF бойца v 1.5
https://www.hacksplaining.com/lessons | Pick a Vulnerability to Learn About
https://www.hacksplaining.com/lessons | Pick a Vulnerability to Learn About

https://mike.works/courses | Courses | Mike.Works Developer Training
https://frontendmasters.com/workshops/web-security/ | Web Security with Mike North
https://frontendmasters.com/courses/web-security/ | Learn Web Application Security for Web Developers Course by Mike North
https://frontendmasters.com/teachers/mike-north/ | Learn from Mike North's courses on Frontend Masters
https://github.com/mike-works/modern-javascript | GitHub - mike-works/modern-javascript: 👨‍🏫 Mike's Modern JavaScript course
https://drive.google.com/file/d/0B7LIdu29tPZROU9tMGR5WjlGZDA/view | Modern JavaScript.pdf - Google Drive
https://www.facebook.com/ | (1) Facebook
https://www.facebook.com/groups/crackzoneguru/search/?query=NETFLIX | (1) ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://websiteforstudents.com/how-to-install-foxit-reader-on-ubuntu-16-04-17-10-18-04-desktop/ | How to Install Foxit Reader on Ubuntu 16.04 / 17.10 / 18.04 Desktop | Website for Students

https://www.peerlyst.com/posts/video-3-5-hours-of-free-appsec-training-from-sunny-wear-via-brakeing-down-security-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post | [Video] 3,5 hours of free AppSec training from Sunny Wear via Brakeing Down Security by Peerlyst - web application security training
https://www.facebook.com/groups/crackzoneguru/?fref=nf | ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://mega.nz/?fbclid=IwAR2N_8FsXH8H53kXz45vnzJmbtiKitLHMxgwQc2yvdCRuiv26eSpIhsG3Ck#F!PJoR0LjD!SiNo4g78sKAIhoTWO-7xgQ | MEGA
https://temp-mail.org/ | Temp Mail - Disposable Temporary Email
https://www.facebook.com/saved/?cref=28 | Saved
https://www.facebook.com/groups/crackzoneguru/permalink/2385798268313804/ | ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://www.google.co.in/search?q=llevar+a+la+fuerza&oq=llevar+a+la+fuerza&aqs=chrome..69i57&sourceid=chrome&ie=UTF-8 | llevar a la fuerza - Google Search
https://g-otaku.xyz/cgi-sys/suspendedpage.cgi | Account Suspended
chrome://bookmarks/?q=gene | Bookmarks
https://g-otaku.xyz/cgi-sys/suspendedpage.cgi | Account Suspended
https://www.google.co.in/search?q=cc+generator&oq=cc+geenrat&aqs=chrome.1.69i57j0l5.2750j0j7&sourceid=chrome&ie=UTF-8 | cc generator - Google Search
https://namso-gen.com/ | Namso Gen - Credit card numbers generator based on your own BIN pattern
https://elders-c0de.xyz/card/ccn1/ | https://elders-c0de.xyz/card/ccn1/

https://www.facebook.com/groups/crackzoneguru/search/?query=mega%20accounts | (1) ✅ Account Netflix, beIN Sports, Spotify, PayPal, Bin, Sqli Combos ✅
https://www.facebook.com/pg/NineHackers/posts/?ref=page_internal | (1) Nine Hackers - Posts
https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking | Advanced Web App Penetration Testing Training | SANS SEC642
https://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/ | Advanced Web Attacks, Exploitation, Vulnerabilities Live Security Training
https://www.pentesteracademy.com/course?id=5 | Web Application Pentesting
https://drive.google.com/drive/folders/0BwyWDQ59jRVGMFp3UnBfeUEzanM | Sprp77 Awesome OSINT - Google Drive
https://drive.google.com/drive/folders/0B9h6Z88xmpyKNk5TSjVhVElnRHc | Pentester Academy - Google Drive
chrome://history/?q=mega | History
https://drive.google.com/drive/folders/0B9h6Z88xmpyKOFYwd2RWWHViZXc | Courses - Google Drive
https://certcollection.org/forum/topic/319079-sec642-advanced-web-app-penetration/page__p__1208865__hl__+sans%20+642#entry1208865 | [Offer] SEC642 Advanced Web App Penetration - SECURITY SHARES - IT Certification Forum
https://certcollection.org/forum/index.php?app=core&module=search&do=search&fromMainBar=1 | Search Results - IT Certification Forum
https://certcollection.org/forum/topic/318916-sans-sec642-advanced-web-app-penetration-on-demandmp3tools/page__st__28__p__1211429__hl__+642#entry1211429 | [Offer] SANS SEC642: Advanced Web App Penetration. On Demand,MP3,Tools - SECURITY SHARES - IT Certification Forum - Page 3
https://www.watchmetech.com/mega-bandwidth-limit-quota-exceeded/ | Bypass Mega Bandwidth Limit Quota Exceeded Error [100% Working] ⚡
https://www.youtube.com/watch?time_continue=163&v=TsMlYS6RmdI | (100) Bypass Mega Download Limit Bandwidth Exceeded Error and Download using IDM ⚡ - YouTube
https://www.reddit.com/r/Piracy/comments/98sbr0/bypass_mega_download_limit_bandwidth_exceeded/ | Bypass Mega Download Limit Bandwidth Exceeded Error and Download using IDM : Piracy
https://mega.nz/sync | MEGAsync - Download
https://www.reddit.com/r/MEGA/comments/59onj3/what_is_the_bandwidth_for_free_users/ | what is the bandwidth for free users? : MEGA

https://addons.mozilla.org/en-US/firefox/addon/onetab/ | OneTab – Get this Extension for 🦊 Firefox (en-US)