Hacking Techniques

• TOP 7 hacking technique 2021 - JSON interoperability bugs
• Hacking GitHub actions
• Top 10 web hacking techniques of 2021
• 10 address bypass tricks
• Cryptography bugs explained without complex maths
• Bypassing verification with arrays
• Prototype pollution
• Overlooked vulnerability classes
• Get CVEs by hacking Wordpress plugins
• How I found thousands of criticals and all I got was $100
• Examples of dangerous code in Java, .NET, PHP and Ruby
• The best place with open source exploits

Server-side

• Escaping iframe in headless browser for SSRF
• Escaping shell arguments for command injection bugs
• Bypassing URL blocklists in Java
• SQL injection in today’s web
• Web Cache Poisoning - part 2 - examples
• Web Cache Poisoning - part 1 - basics
• Dependency Confusion POC
• WordPress Confusion
• Predicting MongoDB IDs for IDORs
• Race condition RCEs
• gRPC and protobuf - what is this all about?
• A ridiculous way to bypass AWS WAF
• Approaching GraphQL with turned off introspection
• How to access @company.com email address?
• Escalating blind SSRFs
• Exploiting E-Mail Systems
• All you need to know about reverse proxies
• Exploiting differences in parsers
• HTTP/2 request smuggling
• How to Hack APIs in 2021?
• Unicode Normalization Vulnerabilities
• DNS takeover vulnerability
• Everything about 2FA
• Oauth security guide

Client-side

• New XSS vectors
• A surprising quirk of regexes in JavaScript
• Cross-origin does not mean cross-site
• CSRF in GraphQL
• Bypassing SameSite cookies
• Fuzzing WebSockets messages
• Client-side path traversal
• Client-side secret scanner
• Cross-site WebSocket hijacking
• Exploiting CORS in local applications
• Should you stop using alert() in XSS?
• How XSS experts bypass CSP?
• Exploiting X-Forwarded-For XSS by poisoning the cache

Mobile

• Proxying Flutter apps through Burp
• iOS hacking videos

Tools

• Finally, a useful DB with CVEs
• Parsing HTML responses with Python
• TruffleHog V3
• Python as an HTTP client for hacking
• Writing sqlmap tamper scripts
• WebSocket security scanner
• Which CVEs are the hottest?
• How to identify impact of leaked private key?
• Speed-up your dorking
• A few SSH commands that you'll certainly use
• Processing URLs in bash
• Finding bugs in regexes, even if you don't know them well
• A tool to find blind-XSS
• A tool for "grepping the Internet"
• Browsing files from your VPS using Visual Studio Code
• How to identify an unknown secret?
• Finding DOM-XSS with Untrusted Types
• Generating a web application
• Testing iOS apps without physical device
• Test for DNS rebinding and more for free (no server or domain needed)
• Single most time-saving terminal trick
• Live Recon with TomNomNom

Burp

• Burp’s Turbo Intruder
• Nuclei Burp Plugin
• Burp plugin for scanning SSO authentication
• Comparing site maps in Burp
• 10 Burp shortcuts that will help you hack quicker
• Installing Burp Collaborator instance
• Finding postMessage bugs with DOM invader
• Finding DOM-XSS with DOM invader
• Turbo Intruder observedWords
• 8 non-obvious Burp intruder tricks
• How to use Burp Macros
• 10 Burp Repeater tricks
• how to write Burp extension?

Source code analysis

• How to start reviewing code?
• Q&A about source code review and debugging
• Debugging a Java application with decompiled source code
• Finding source code bugs with CodeQL the easy way
• Step-by-step process of writing CodeQL queries
• 10 security pitfalls of Python
• Writing custom semgrep rules
• How to debug source code to find bugs?
• Reverse engineering a CVE
• Using CodeQL to hunt for DOM-XSS (+ idea for a series)
• How to do Code Review and where to find the code?
• CodeQL and bugs in NSA's application

Bug Bounty

• What it takes to be good at bug bounty hunting - DefCamp 2021
• Reading RFCs for bug bounty hunters
• Approaching small scope programs
• How much bounties Google paid in 2021?
• 120 days of hunting
• Is bug bouny hunter lifestyle healthy?
• Dealing with difficulties in bug bounties
• Bug Hunter recorded himself finding $10k SSRF in Google
• Million from bug bounty in 4 Years
• 5-year bug bounty journey
• Strategy for a year of bug bounties
• 10 tips for beginner bug bounty hunters
• Mistakes pentesters do in bug bounty
• How to get started in bug bounty? feat. STÖK and NahamSec
• How zseano approaches a new target?
• Is bug bounty good as a full-time job?
• Thoughts about a triage
• Collaborating in bounties
• From 0 to TOP7 Hackerone in 2 years
• $635,387.47 made in 1590 days from 336 bugs

Labs

• Break into smart contract hacking
• HTTP/2 Request smuggling labs
• AWS security labs

Cheat sheets

• BigQuery SQL Injection Cheat Sheet
• Common ENV variables with sensitive information
• Cloud Security Breaches and Vulnerabilities: 2021 in Review
• Learning path for mastering containers
• Kubernetes security resources
• Session tokens resources
• CI/CD Pipeline threat matrix
• GCP and AWS commands cheat sheet
• SAML security
• API security cheat sheet
• Salesforce Lightning Components Security
• The book of secret knowledge
• IDOR cheat sheet

Writeups

• Finding a Ruby deserialization gadget
• Prototype pollution in an XML-based format
• Several critical vulnerabilities in GitHub Actions
• && instead of || leads to an RCE
• Solving a CTF task by ASCII-only JAR webshell
• OAuth + ../ + postMessage bug = account takeover
• Hacking Google Drive integrations
• Most interesting bugs from Rails’ 18 years of history
• Attacks on CI/CD pipelines
• Tricks used to find SSRFs in Websphere Portal
• Bonus: The best way to prove the impact😂
• Interesting bugs in Hubspot and Instapage
• Grafana path traversal
• Prototype pollution writeups
• Discovery and exploitation of RCE via deserialization
• 50 SSRFs found in ColdFusion
• Many struggled for hours, he did it in 57 minutes
• Over 200 public penetration test reports
• Gitlab RCE via metadata
• GravCMS Arbitrary YAML Write leads to Code Execution (CVE—2021—21425)

Recon

• Finding companies’ AWS attack surface
• Recon roadmap of an experienced hunter
• Extracting words specific to a target
• Creating wordlists

Web3

• Web3 learning corner #4
• Web3 learning corner #3 - preparing a BBRE video
• Finding web2 bugs on NFT websites
• Web3 Learning corner #3 - the first CTFs
• Web3 learning corner #2
• Blockchain learning corner #1

Non-technical

• How to get better at hacking?
• Community vote launched for Top 10 web hacking techniques of 2021
• Strategy to become a pentester
• Abandon an idea as soon as you can
• The best no bulls**t advice for getting into cybersec
• Metaskills
• Meditation
• Hack your resume
• I have no time. Or do I?
• Hotspots
• How I always remember about things to do?
• Do you allow yourself to rest?
• Why you should fail more?
• How to not plan the day?
• Piece of glass, plastic and metal that distracts you
• Hacking and exercising
• Single tasking vs multi tasking
• maybe our times are not that bad after all🤔
• Productivity tip - energy waves
• Something to relax - LEGO