From b1e1f5c75bdf418db69930d445ff15c385415c2b Mon Sep 17 00:00:00 2001 From: Hakan Altindag Date: Sun, 17 Nov 2019 01:48:35 +0100 Subject: [PATCH 01/15] Added Hakky54/mutual-tls-ssl --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6d8937c..fcf0d3f 100644 --- a/README.md +++ b/README.md @@ -769,6 +769,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Hackxor](http://hackxor.net/) - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax). - [SELinux Game](http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame). - [Portswigger Web Security Academy](https://portswigger.net/web-security) - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/). +- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication ### AWS From 5838408a64610a15e88fae4338d0a055d52fb6b1 Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 29 Feb 2020 15:45:59 +0800 Subject: [PATCH 02/15] Update README.md --- README-jp.md | 3 --- README-zh.md | 3 +-- README.md | 3 --- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/README-jp.md b/README-jp.md index 4b04dd2..874be86 100644 --- a/README-jp.md +++ b/README-jp.md @@ -752,12 +752,9 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [James Kettle](http://albinowax.skeletonscribe.net/) - Head of Research at [PortSwigger Web Security](https://portswigger.net/). - [Broken Browser](https://www.brokenbrowser.com/) - Fun with Browser Vulnerabilities. - [Scrutiny](https://datarift.blogspot.tw/) - Internet Security through Web Browsers by Dhiraj Mishra. -- [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. - [BRETT BUERHAUS](https://buer.haus/) - Vulnerability disclosures and rambles on application security. - [n0tr00t](https://www.n0tr00t.com/) - ~# n0tr00t Security Team. - [OpnSec](https://opnsec.com/) - Open Mind Security! -- [LoRexxar](https://lorexxar.cn/) - 带着对技术的敬畏之心成长,不安于一隅... -- [Wfox](http://sec2hack.com/) - 技术宅,热衷各种方面。 - [RIPS Technologies](https://blog.ripstech.com/tags/security/) - Write-ups for PHP vulnerabilities. - [0Day Labs](http://blog.0daylabs.com/) - Awesome bug-bounty and challenges writeups. - [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. diff --git a/README-zh.md b/README-zh.md index be27986..2720765 100644 --- a/README-zh.md +++ b/README-zh.md @@ -797,15 +797,14 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [James Kettle](http://albinowax.skeletonscribe.net/) - Head of Research at [PortSwigger Web Security](https://portswigger.net/). - [Broken Browser](https://www.brokenbrowser.com/) - Fun with Browser Vulnerabilities. - [Scrutiny](https://datarift.blogspot.tw/) - Internet Security through Web Browsers by Dhiraj Mishra. -- [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. - [BRETT BUERHAUS](https://buer.haus/) - Vulnerability disclosures and rambles on application security. - [n0tr00t](https://www.n0tr00t.com/) - ~# n0tr00t Security Team. - [OpnSec](https://opnsec.com/) - Open Mind Security! - [LoRexxar](https://lorexxar.cn/) - 带着对技术的敬畏之心成长,不安于一隅... -- [Wfox](http://sec2hack.com/) - 技术宅,热衷各种方面。 - [RIPS Technologies](https://blog.ripstech.com/tags/security/) - Write-ups for PHP vulnerabilities. - [0Day Labs](http://blog.0daylabs.com/) - Awesome bug-bounty and challenges writeups. - [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. +- [What is Security?](https://kingx.me/) - Focus on Penetration Testing / Frontend Security / JavaScript Magic / APT Offense & Defense / Java Security. ## Twitter Users diff --git a/README.md b/README.md index 5a16132..f14f2d2 100644 --- a/README.md +++ b/README.md @@ -747,12 +747,9 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [James Kettle](http://albinowax.skeletonscribe.net/) - Head of Research at [PortSwigger Web Security](https://portswigger.net/). - [Broken Browser](https://www.brokenbrowser.com/) - Fun with Browser Vulnerabilities. - [Scrutiny](https://datarift.blogspot.tw/) - Internet Security through Web Browsers by Dhiraj Mishra. -- [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. - [BRETT BUERHAUS](https://buer.haus/) - Vulnerability disclosures and rambles on application security. - [n0tr00t](https://www.n0tr00t.com/) - ~# n0tr00t Security Team. - [OpnSec](https://opnsec.com/) - Open Mind Security! -- [LoRexxar](https://lorexxar.cn/) - 带着对技术的敬畏之心成长,不安于一隅... -- [Wfox](http://sec2hack.com/) - 技术宅,热衷各种方面。 - [RIPS Technologies](https://blog.ripstech.com/tags/security/) - Write-ups for PHP vulnerabilities. - [0Day Labs](http://blog.0daylabs.com/) - Awesome bug-bounty and challenges writeups. - [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. From f7850160c6de47bce5ad57e21530919eb38628e8 Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 29 Feb 2020 15:49:01 +0800 Subject: [PATCH 03/15] Update README.md --- README-zh.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README-zh.md b/README-zh.md index 2720765..c750f34 100644 --- a/README-zh.md +++ b/README-zh.md @@ -805,6 +805,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [0Day Labs](http://blog.0daylabs.com/) - Awesome bug-bounty and challenges writeups. - [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. - [What is Security?](https://kingx.me/) - Focus on Penetration Testing / Frontend Security / JavaScript Magic / APT Offense & Defense / Java Security. +- [l1nk3r's blog](http://www.lmxspace.com/) - Web security. ## Twitter Users From dbda144c740352d212be4b193879493d63f7bedc Mon Sep 17 00:00:00 2001 From: Boik Date: Sun, 22 Mar 2020 15:13:51 +0800 Subject: [PATCH 04/15] Update README.md --- README-jp.md | 1 - README-zh.md | 1 - README.md | 1 - 3 files changed, 3 deletions(-) diff --git a/README-jp.md b/README-jp.md index 874be86..e698054 100644 --- a/README-jp.md +++ b/README-jp.md @@ -523,7 +523,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622](http://www.phrack.org/papers/attacking_javascript_engines.html) - Written by [phrack@saelo.net](phrack@saelo.net). - [Three roads lead to Rome](http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/) - Written by [@holynop](https://twitter.com/holynop). - [Exploiting a V8 OOB write.](https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/) - Written by [@halbecaf](https://twitter.com/halbecaf). -- [FROM CRASH TO EXPLOIT: CVE-2015-6086 – OUT OF BOUND READ/ASLR BYPASS](http://payatu.com/from-crash-to-exploit/) - Written by [payatu](http://payatu.com/). - [SSD Advisory – Chrome Turbofan Remote Code Execution](https://blogs.securiteam.com/index.php/archives/3379) - Written by [SecuriTeam Secure Disclosure (SSD)](https://blogs.securiteam.com/). - [Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11](https://labs.bluefrostsecurity.de/files/Look_Mom_I_Dont_Use_Shellcode-WP.pdf) - Written by [@moritzj](http://twitter.com/moritzj). - [PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT](https://www.zerodayinitiative.com/blog/2018/2/12/pushing-webkits-buttons-with-a-mobile-pwn2own-exploit) - Written by [@wanderingglitch](https://twitter.com/wanderingglitch). diff --git a/README-zh.md b/README-zh.md index c750f34..ad650ce 100644 --- a/README-zh.md +++ b/README-zh.md @@ -565,7 +565,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622](http://www.phrack.org/papers/attacking_javascript_engines.html) - Written by [phrack@saelo.net](phrack@saelo.net). - [Three roads lead to Rome](http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/) - Written by [@holynop](https://twitter.com/holynop). - [Exploiting a V8 OOB write.](https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/) - Written by [@halbecaf](https://twitter.com/halbecaf). -- [FROM CRASH TO EXPLOIT: CVE-2015-6086 – OUT OF BOUND READ/ASLR BYPASS](http://payatu.com/from-crash-to-exploit/) - Written by [payatu](http://payatu.com/). - [SSD Advisory – Chrome Turbofan Remote Code Execution](https://blogs.securiteam.com/index.php/archives/3379) - Written by [SecuriTeam Secure Disclosure (SSD)](https://blogs.securiteam.com/). - [Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11](https://labs.bluefrostsecurity.de/files/Look_Mom_I_Dont_Use_Shellcode-WP.pdf) - Written by [@moritzj](http://twitter.com/moritzj). - [PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT](https://www.zerodayinitiative.com/blog/2018/2/12/pushing-webkits-buttons-with-a-mobile-pwn2own-exploit) - Written by [@wanderingglitch](https://twitter.com/wanderingglitch). diff --git a/README.md b/README.md index f14f2d2..de0851c 100644 --- a/README.md +++ b/README.md @@ -517,7 +517,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622](http://www.phrack.org/papers/attacking_javascript_engines.html) - Written by [phrack@saelo.net](phrack@saelo.net). - [Three roads lead to Rome](http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/) - Written by [@holynop](https://twitter.com/holynop). - [Exploiting a V8 OOB write.](https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/) - Written by [@halbecaf](https://twitter.com/halbecaf). -- [FROM CRASH TO EXPLOIT: CVE-2015-6086 – OUT OF BOUND READ/ASLR BYPASS](http://payatu.com/from-crash-to-exploit/) - Written by [payatu](http://payatu.com/). - [SSD Advisory – Chrome Turbofan Remote Code Execution](https://blogs.securiteam.com/index.php/archives/3379) - Written by [SecuriTeam Secure Disclosure (SSD)](https://blogs.securiteam.com/). - [Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11](https://labs.bluefrostsecurity.de/files/Look_Mom_I_Dont_Use_Shellcode-WP.pdf) - Written by [@moritzj](http://twitter.com/moritzj). - [PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT](https://www.zerodayinitiative.com/blog/2018/2/12/pushing-webkits-buttons-with-a-mobile-pwn2own-exploit) - Written by [@wanderingglitch](https://twitter.com/wanderingglitch). From 148d6a04daff6e8a39c17de7cd97029c06ea1d4d Mon Sep 17 00:00:00 2001 From: Boik Date: Sun, 22 Mar 2020 16:05:46 +0800 Subject: [PATCH 05/15] Update README.md --- README-jp.md | 2 +- README-zh.md | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README-jp.md b/README-jp.md index e698054..7b8c53c 100644 --- a/README-jp.md +++ b/README-jp.md @@ -829,7 +829,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [CSS Is So Overpowered It Can Deanonymize Facebook Users](https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/) - Written by [Ruslan Habalov](https://www.evonide.com/). - [Introduction to Web Application Security](https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018) - Written by [@itsC0rg1](https://twitter.com/itsC0rg1), [@jmkeads](https://twitter.com/jmkeads) and [@matir](https://twitter.com/matir). - [Finding The Real Origin IPs Hiding Behind CloudFlare or TOR](https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/) - Written by [Paul Dannewitz](https://www.secjuice.com/author/paul-dannewitz/). -- [Why Facebook's api starts with a for loop](https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob?fbclid=IwAR0BQ7RmYGzQzsL33IJ2LM7lmlH0OSuIuxKLebUUBi1D51R-9UOnHrW0DQg) - Written by [@AntoGarand](https://twitter.com/AntoGarand). +- [Why Facebook's api starts with a for loop](https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob) - Written by [@AntoGarand](https://twitter.com/AntoGarand). - [How I could have stolen your photos from Google - my first 3 bug bounty writeups](https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/) - Written by [@gergoturcsanyi](https://twitter.com/gergoturcsanyi). - [An example why NAT is NOT security](https://0day.work/an-example-why-nat-is-not-security/) - Written by [@0daywork](https://twitter.com/@0daywork). - [WEB APPLICATION PENETRATION TESTING NOTES](https://techvomit.net/web-application-penetration-testing-notes/) - Written by [Jayson](https://techvomit.net/). diff --git a/README-zh.md b/README-zh.md index ad650ce..a1b5c0b 100644 --- a/README-zh.md +++ b/README-zh.md @@ -880,7 +880,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [CSS Is So Overpowered It Can Deanonymize Facebook Users](https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/) - Written by [Ruslan Habalov](https://www.evonide.com/). - [Introduction to Web Application Security](https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018) - Written by [@itsC0rg1](https://twitter.com/itsC0rg1), [@jmkeads](https://twitter.com/jmkeads) and [@matir](https://twitter.com/matir). - [Finding The Real Origin IPs Hiding Behind CloudFlare or TOR](https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/) - Written by [Paul Dannewitz](https://www.secjuice.com/author/paul-dannewitz/). -- [Why Facebook's api starts with a for loop](https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob?fbclid=IwAR0BQ7RmYGzQzsL33IJ2LM7lmlH0OSuIuxKLebUUBi1D51R-9UOnHrW0DQg) - Written by [@AntoGarand](https://twitter.com/AntoGarand). +- [Why Facebook's api starts with a for loop](https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob) - Written by [@AntoGarand](https://twitter.com/AntoGarand). - [How I could have stolen your photos from Google - my first 3 bug bounty writeups](https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/) - Written by [@gergoturcsanyi](https://twitter.com/gergoturcsanyi). - [An example why NAT is NOT security](https://0day.work/an-example-why-nat-is-not-security/) - Written by [@0daywork](https://twitter.com/@0daywork). - [WEB APPLICATION PENETRATION TESTING NOTES](https://techvomit.net/web-application-penetration-testing-notes/) - Written by [Jayson](https://techvomit.net/). diff --git a/README.md b/README.md index de0851c..81e707e 100644 --- a/README.md +++ b/README.md @@ -824,7 +824,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [CSS Is So Overpowered It Can Deanonymize Facebook Users](https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/) - Written by [Ruslan Habalov](https://www.evonide.com/). - [Introduction to Web Application Security](https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018) - Written by [@itsC0rg1](https://twitter.com/itsC0rg1), [@jmkeads](https://twitter.com/jmkeads) and [@matir](https://twitter.com/matir). - [Finding The Real Origin IPs Hiding Behind CloudFlare or TOR](https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/) - Written by [Paul Dannewitz](https://www.secjuice.com/author/paul-dannewitz/). -- [Why Facebook's api starts with a for loop](https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob?fbclid=IwAR0BQ7RmYGzQzsL33IJ2LM7lmlH0OSuIuxKLebUUBi1D51R-9UOnHrW0DQg) - Written by [@AntoGarand](https://twitter.com/AntoGarand). +- [Why Facebook's api starts with a for loop](https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob) - Written by [@AntoGarand](https://twitter.com/AntoGarand). - [How I could have stolen your photos from Google - my first 3 bug bounty writeups](https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/) - Written by [@gergoturcsanyi](https://twitter.com/gergoturcsanyi). - [An example why NAT is NOT security](https://0day.work/an-example-why-nat-is-not-security/) - Written by [@0daywork](https://twitter.com/@0daywork). - [WEB APPLICATION PENETRATION TESTING NOTES](https://techvomit.net/web-application-penetration-testing-notes/) - Written by [Jayson](https://techvomit.net/). From 0626d00cad7a2db062d9e035b6c87b449c21e26b Mon Sep 17 00:00:00 2001 From: Hakan Altindag Date: Mon, 4 May 2020 10:23:20 +0200 Subject: [PATCH 06/15] Copied references to jp and zh markdown files --- README-jp.md | 1 + README-zh.md | 1 + README.md | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README-jp.md b/README-jp.md index 7b8c53c..189bb90 100644 --- a/README-jp.md +++ b/README-jp.md @@ -780,6 +780,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Hackxor](http://hackxor.net/) - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax). - [SELinux Game](http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame). - [Portswigger Web Security Academy](https://portswigger.net/web-security) - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/). +- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication - Written by [Hakky54](https://github.com/Hakky54). ### AWS diff --git a/README-zh.md b/README-zh.md index a1b5c0b..7e2c345 100644 --- a/README-zh.md +++ b/README-zh.md @@ -828,6 +828,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Hackxor](http://hackxor.net/) - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax). - [SELinux Game](http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame). - [Portswigger Web Security Academy](https://portswigger.net/web-security) - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/). +- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication - Written by [Hakky54](https://github.com/Hakky54). ### AWS diff --git a/README.md b/README.md index ec284b7..71a9203 100644 --- a/README.md +++ b/README.md @@ -775,7 +775,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Hackxor](http://hackxor.net/) - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax). - [SELinux Game](http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame). - [Portswigger Web Security Academy](https://portswigger.net/web-security) - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/). -- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication +- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication - Written by [Hakky54](https://github.com/Hakky54). ### AWS From 6ae9ab9cf5376b373aa71a2e4331f779d71544f0 Mon Sep 17 00:00:00 2001 From: Hakan Altindag Date: Tue, 5 May 2020 18:11:20 +0200 Subject: [PATCH 07/15] Applied feedback and added idea files to gitignore --- .gitignore | 3 +++ README-jp.md | 2 +- README-zh.md | 2 +- README.md | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 63123fb..d73c63e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ .DS_store + +*.iml +.idea \ No newline at end of file diff --git a/README-jp.md b/README-jp.md index 189bb90..3f5f925 100644 --- a/README-jp.md +++ b/README-jp.md @@ -275,6 +275,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ### SSL/TLS - [SSL & TLS Penetration Testing](https://www.aptive.co.uk/blog/tls-ssl-security-testing/) - Written by [APTIVE](https://www.aptive.co.uk/). +- [Practical introduction to SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) - Written by [@Hakky54](https://github.com/Hakky54). ### Webmail @@ -780,7 +781,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Hackxor](http://hackxor.net/) - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax). - [SELinux Game](http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame). - [Portswigger Web Security Academy](https://portswigger.net/web-security) - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/). -- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication - Written by [Hakky54](https://github.com/Hakky54). ### AWS diff --git a/README-zh.md b/README-zh.md index 7e2c345..a71cd7e 100644 --- a/README-zh.md +++ b/README-zh.md @@ -293,6 +293,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ### SSL/TLS - [SSL & TLS Penetration Testing](https://www.aptive.co.uk/blog/tls-ssl-security-testing/) - Written by [APTIVE](https://www.aptive.co.uk/). +- [Practical introduction to SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) - Written by [@Hakky54](https://github.com/Hakky54). ### Webmail @@ -828,7 +829,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Hackxor](http://hackxor.net/) - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax). - [SELinux Game](http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame). - [Portswigger Web Security Academy](https://portswigger.net/web-security) - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/). -- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication - Written by [Hakky54](https://github.com/Hakky54). ### AWS diff --git a/README.md b/README.md index 71a9203..9c73ea1 100644 --- a/README.md +++ b/README.md @@ -272,6 +272,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ### SSL/TLS - [SSL & TLS Penetration Testing](https://www.aptive.co.uk/blog/tls-ssl-security-testing/) - Written by [APTIVE](https://www.aptive.co.uk/). +- [Practical introduction to SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) - Written by [@Hakky54](https://github.com/Hakky54). ### Webmail @@ -775,7 +776,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Hackxor](http://hackxor.net/) - Realistic web application hacking game - Written by [@albinowax](https://twitter.com/albinowax). - [SELinux Game](http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by [@selinuxgame](https://twitter.com/selinuxgame). - [Portswigger Web Security Academy](https://portswigger.net/web-security) - Free trainings and labs - Written by [PortSwigger](https://portswigger.net/). -- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication - Written by [Hakky54](https://github.com/Hakky54). ### AWS From 9ea61e1caa1d44f36173a51e62569cbe9904c6a9 Mon Sep 17 00:00:00 2001 From: Hakan Altindag Date: Thu, 7 May 2020 17:49:24 +0200 Subject: [PATCH 08/15] Reverted changes of gitignore --- .gitignore | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitignore b/.gitignore index d73c63e..63123fb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1 @@ .DS_store - -*.iml -.idea \ No newline at end of file From c401e47030dbd4d91c1ae4f4b4e0f4e6f56d31ec Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 9 May 2020 20:23:26 +0800 Subject: [PATCH 09/15] Reorg --- README-jp.md | 23 +++++++++++------------ README-zh.md | 31 +++++++++++++++---------------- README.md | 23 +++++++++++------------ 3 files changed, 37 insertions(+), 40 deletions(-) diff --git a/README-jp.md b/README-jp.md index 7b8c53c..cc74205 100644 --- a/README-jp.md +++ b/README-jp.md @@ -18,9 +18,9 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents +- [Digests](#digest) - [Forums](#forums) - [Introduction](#intro) - - [Tips](#tips) - [XSS](#xss---cross-site-scripting) - [Prototype Pollution](#prototype-pollution) - [CSV Injection](#csv-injection) @@ -112,6 +112,16 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Community](#community) - [Miscellaneous](#miscellaneous) +## Digests + +- [Hacker101](https://www.hacker101.com/) - Written by [hackerone](https://www.hackerone.com/start-hacking). +- [The Daily Swig - Web security digest](https://portswigger.net/daily-swig) - Written by [PortSwigger](https://portswigger.net/). +- [Web Application Security Zone by Netsparker](https://www.netsparker.com/blog/web-security/) - Written by [Netsparker](https://www.netsparker.com/). +- [Infosec Newbie](https://www.sneakymonkey.net/2017/04/23/infosec-newbie/) - Written by [Mark Robinson](https://www.sneakymonkey.net/). +- [The Magic of Learning](https://bitvijays.github.io/) - Written by [@bitvijays](https://bitvijays.github.io/aboutme.html). +- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Written by [Trail of Bits](https://www.trailofbits.com/). +- [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/) - Written by [@swisskyrepo](https://github.com/swisskyrepo). + ## Forums - [Phrack Magazine](http://www.phrack.org/) - Ezine written by and for hackers. @@ -124,17 +134,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Introduction - -### Tips - -- [Hacker101](https://www.hacker101.com/) - Written by [hackerone](https://www.hackerone.com/start-hacking). -- [The Daily Swig - Web security digest](https://portswigger.net/daily-swig) - Written by [PortSwigger](https://portswigger.net/). -- [Web Application Security Zone by Netsparker](https://www.netsparker.com/blog/web-security/) - Written by [Netsparker](https://www.netsparker.com/). -- [Infosec Newbie](https://www.sneakymonkey.net/2017/04/23/infosec-newbie/) - Written by [Mark Robinson](https://www.sneakymonkey.net/). -- [The Magic of Learning](https://bitvijays.github.io/) - Written by [@bitvijays](https://bitvijays.github.io/aboutme.html). -- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Written by [Trail of Bits](https://www.trailofbits.com/). -- [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/) - Written by [@swisskyrepo](https://github.com/swisskyrepo). - ### XSS - Cross-Site Scripting diff --git a/README-zh.md b/README-zh.md index a1b5c0b..6cf17e6 100644 --- a/README-zh.md +++ b/README-zh.md @@ -18,9 +18,9 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents +- [Digests](#digest) - [Forums](#forums) - [Introduction](#intro) - - [Tips](#tips) - [XSS](#xss---cross-site-scripting) - [Prototype Pollution](#prototype-pollution) - [CSV Injection](#csv-injection) @@ -112,6 +112,20 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Community](#community) - [Miscellaneous](#miscellaneous) +## Digests + +- [梧桐百科 - 碎片化知识学习](https://tricking.io/) - Written by [@phith0n](https://github.com/phith0n). +- [phith0n/Mind-Map](https://github.com/phith0n/Mind-Map) - Written by [@phith0n](https://github.com/phith0n). +- [Hacker101](https://www.hacker101.com/) - Written by [hackerone](https://www.hackerone.com/start-hacking). +- [The Daily Swig - Web security digest](https://portswigger.net/daily-swig) - Written by [PortSwigger](https://portswigger.net/). +- [Web Application Security Zone by Netsparker](https://www.netsparker.com/blog/web-security/) - Written by [Netsparker](https://www.netsparker.com/). +- [腾讯玄武实验室安全动态推送](https://xuanwulab.github.io/cn/secnews/2018/01/01/index.html) - Written by [腾讯玄武实验室](http://xlab.tencent.com/cn/). +- [Infosec Newbie](https://www.sneakymonkey.net/2017/04/23/infosec-newbie/) - Written by [Mark Robinson](https://www.sneakymonkey.net/). +- [The Magic of Learning](https://bitvijays.github.io/) - Written by [@bitvijays](https://bitvijays.github.io/aboutme.html). +- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Written by [Trail of Bits](https://www.trailofbits.com/). +- [Got Your PW](https://gotyour.pw/) - Written by [@s3131212](https://github.com/s3131212). +- [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/) - Written by [@swisskyrepo](https://github.com/swisskyrepo). + ## Forums - [Phrack Magazine](http://www.phrack.org/) - Ezine written by and for hackers. @@ -133,21 +147,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Introduction - -### Tips - -- [梧桐百科 - 碎片化知识学习](https://tricking.io/) - Written by [@phith0n](https://github.com/phith0n). -- [phith0n/Mind-Map](https://github.com/phith0n/Mind-Map) - Written by [@phith0n](https://github.com/phith0n). -- [Hacker101](https://www.hacker101.com/) - Written by [hackerone](https://www.hackerone.com/start-hacking). -- [The Daily Swig - Web security digest](https://portswigger.net/daily-swig) - Written by [PortSwigger](https://portswigger.net/). -- [Web Application Security Zone by Netsparker](https://www.netsparker.com/blog/web-security/) - Written by [Netsparker](https://www.netsparker.com/). -- [腾讯玄武实验室安全动态推送](https://xuanwulab.github.io/cn/secnews/2018/01/01/index.html) - Written by [腾讯玄武实验室](http://xlab.tencent.com/cn/). -- [Infosec Newbie](https://www.sneakymonkey.net/2017/04/23/infosec-newbie/) - Written by [Mark Robinson](https://www.sneakymonkey.net/). -- [The Magic of Learning](https://bitvijays.github.io/) - Written by [@bitvijays](https://bitvijays.github.io/aboutme.html). -- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Written by [Trail of Bits](https://www.trailofbits.com/). -- [Got Your PW](https://gotyour.pw/) - Written by [@s3131212](https://github.com/s3131212). -- [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/) - Written by [@swisskyrepo](https://github.com/swisskyrepo). - ### XSS - Cross-Site Scripting diff --git a/README.md b/README.md index 81e707e..acb6076 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents +- [Digests](#digest) - [Forums](#forums) - [Introduction](#intro) - - [Tips](#tips) - [XSS](#xss---cross-site-scripting) - [Prototype Pollution](#prototype-pollution) - [CSV Injection](#csv-injection) @@ -112,6 +112,16 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Community](#community) - [Miscellaneous](#miscellaneous) +## Digests + +- [Hacker101](https://www.hacker101.com/) - Written by [hackerone](https://www.hackerone.com/start-hacking). +- [The Daily Swig - Web security digest](https://portswigger.net/daily-swig) - Written by [PortSwigger](https://portswigger.net/). +- [Web Application Security Zone by Netsparker](https://www.netsparker.com/blog/web-security/) - Written by [Netsparker](https://www.netsparker.com/). +- [Infosec Newbie](https://www.sneakymonkey.net/2017/04/23/infosec-newbie/) - Written by [Mark Robinson](https://www.sneakymonkey.net/). +- [The Magic of Learning](https://bitvijays.github.io/) - Written by [@bitvijays](https://bitvijays.github.io/aboutme.html). +- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Written by [Trail of Bits](https://www.trailofbits.com/). +- [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/) - Written by [@swisskyrepo](https://github.com/swisskyrepo). + ## Forums - [Phrack Magazine](http://www.phrack.org/) - Ezine written by and for hackers. @@ -124,17 +134,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Introduction - -### Tips - -- [Hacker101](https://www.hacker101.com/) - Written by [hackerone](https://www.hackerone.com/start-hacking). -- [The Daily Swig - Web security digest](https://portswigger.net/daily-swig) - Written by [PortSwigger](https://portswigger.net/). -- [Web Application Security Zone by Netsparker](https://www.netsparker.com/blog/web-security/) - Written by [Netsparker](https://www.netsparker.com/). -- [Infosec Newbie](https://www.sneakymonkey.net/2017/04/23/infosec-newbie/) - Written by [Mark Robinson](https://www.sneakymonkey.net/). -- [The Magic of Learning](https://bitvijays.github.io/) - Written by [@bitvijays](https://bitvijays.github.io/aboutme.html). -- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Written by [Trail of Bits](https://www.trailofbits.com/). -- [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/) - Written by [@swisskyrepo](https://github.com/swisskyrepo). - ### XSS - Cross-Site Scripting From 8710266a043c0809ae72fb2af1a8db8d53f6217e Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 9 May 2020 20:24:53 +0800 Subject: [PATCH 10/15] fix the anchor --- README-jp.md | 2 +- README-zh.md | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README-jp.md b/README-jp.md index cb00e65..2e77d45 100644 --- a/README-jp.md +++ b/README-jp.md @@ -18,7 +18,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents -- [Digests](#digest) +- [Digests](#digests) - [Forums](#forums) - [Introduction](#intro) - [XSS](#xss---cross-site-scripting) diff --git a/README-zh.md b/README-zh.md index 74f0a85..6779540 100644 --- a/README-zh.md +++ b/README-zh.md @@ -18,7 +18,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents -- [Digests](#digest) +- [Digests](#digests) - [Forums](#forums) - [Introduction](#intro) - [XSS](#xss---cross-site-scripting) diff --git a/README.md b/README.md index 3ca0a36..b87bcae 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ## Contents -- [Digests](#digest) +- [Digests](#digests) - [Forums](#forums) - [Introduction](#intro) - [XSS](#xss---cross-site-scripting) From 342b0c4ec3262091c44794d5abf6be2f2e838787 Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 9 May 2020 20:31:36 +0800 Subject: [PATCH 11/15] Reorg --- README-jp.md | 11 +++++------ README-zh.md | 23 +++++++++++------------ README.md | 11 +++++------ 3 files changed, 21 insertions(+), 24 deletions(-) diff --git a/README-jp.md b/README-jp.md index 2e77d45..716cccf 100644 --- a/README-jp.md +++ b/README-jp.md @@ -50,7 +50,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Crypto](#crypto) - [Web Shell](#web-shell) - [OSINT](#osint) - - [Books](#books) - [DNS Rebinding](#dns-rebinding) - [Evasions](#evasions) - [XXE](#evasions-xxe) @@ -75,6 +74,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Browser Exploitation](#browser-exploitation) - [PoCs](#pocs) - [Database](#pocs-database) +- [Cheetsheets](#cheetsheets) - [Tools](#tools) - [Auditing](#tools-auditing) - [Command Injection](#tools-command-injection) @@ -327,11 +327,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [102 Deep Dive in the Dark Web OSINT Style Kirby Plessas](https://www.youtube.com/watch?v=fzd3zkAI_o4) - Presented by [@kirbstr](https://twitter.com/kirbstr). - [The most complete guide to finding anyone’s email](https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email) - Written by [Timur Daudpota](https://www.blurbiz.io/). - -### Books - -- [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). - ### DNS Rebinding @@ -541,6 +536,10 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [SPLOITUS](https://sploitus.com/) - Exploits & Tools Search Engine by [@i_bo0om](https://twitter.com/i_bo0om). - [Exploit Database](https://www.exploit-db.com/) - ultimate archive of Exploits, Shellcode, and Security Papers by [Offensive Security](https://www.offensive-security.com/). +## Cheetsheets + +- [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). + ## Tools diff --git a/README-zh.md b/README-zh.md index 6779540..d0a8096 100644 --- a/README-zh.md +++ b/README-zh.md @@ -50,7 +50,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Crypto](#crypto) - [Web Shell](#web-shell) - [OSINT](#osint) - - [Books](#books) - [DNS Rebinding](#dns-rebinding) - [Evasions](#evasions) - [XXE](#evasions-xxe) @@ -75,6 +74,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Browser Exploitation](#browser-exploitation) - [PoCs](#pocs) - [Database](#pocs-database) +- [Cheetsheets](#cheetsheets) - [Tools](#tools) - [Auditing](#tools-auditing) - [Command Injection](#tools-command-injection) @@ -348,17 +348,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [102 Deep Dive in the Dark Web OSINT Style Kirby Plessas](https://www.youtube.com/watch?v=fzd3zkAI_o4) - Presented by [@kirbstr](https://twitter.com/kirbstr). - [The most complete guide to finding anyone’s email](https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email) - Written by [Timur Daudpota](https://www.blurbiz.io/). - -### Books - -- [Security Geek 2016 - Part. A](http://bobao.360.cn/download/book/security-geek-2016-A.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). -- [Security Geek 2016 - Part. B](http://bobao.360.cn/download/book/security-geek-2016-B.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). -- [Security Geek 2017 - Q1](http://bobao.360.cn/download/book/security-geek-2017-q1.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). -- [Security Geek 2017 - Q2](http://bobao.360.cn/download/book/security-geek-2017-q2.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). -- [Security Geek 2017 - Q3](http://bobao.360.cn/download/book/security-geek-2017-q3.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). -- [Security Geek 2017 - Q4](https://static.anquanke.com/download/b/security-geek-2017-q4.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). -- [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). - ### DNS Rebinding @@ -583,6 +572,16 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [SPLOITUS](https://sploitus.com/) - Exploits & Tools Search Engine by [@i_bo0om](https://twitter.com/i_bo0om). - [Exploit Database](https://www.exploit-db.com/) - ultimate archive of Exploits, Shellcode, and Security Papers by [Offensive Security](https://www.offensive-security.com/). +## Cheetsheets + +- [Security Geek 2016 - Part. A](http://bobao.360.cn/download/book/security-geek-2016-A.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). +- [Security Geek 2016 - Part. B](http://bobao.360.cn/download/book/security-geek-2016-B.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). +- [Security Geek 2017 - Q1](http://bobao.360.cn/download/book/security-geek-2017-q1.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). +- [Security Geek 2017 - Q2](http://bobao.360.cn/download/book/security-geek-2017-q2.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). +- [Security Geek 2017 - Q3](http://bobao.360.cn/download/book/security-geek-2017-q3.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). +- [Security Geek 2017 - Q4](https://static.anquanke.com/download/b/security-geek-2017-q4.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). +- [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). + ## Tools diff --git a/README.md b/README.md index b87bcae..146c165 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Crypto](#crypto) - [Web Shell](#web-shell) - [OSINT](#osint) - - [Books](#books) - [DNS Rebinding](#dns-rebinding) - [Evasions](#evasions) - [XXE](#evasions-xxe) @@ -75,6 +74,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Browser Exploitation](#browser-exploitation) - [PoCs](#pocs) - [Database](#pocs-database) +- [Cheetsheets](#cheetsheets) - [Tools](#tools) - [Auditing](#tools-auditing) - [Command Injection](#tools-command-injection) @@ -324,11 +324,6 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [102 Deep Dive in the Dark Web OSINT Style Kirby Plessas](https://www.youtube.com/watch?v=fzd3zkAI_o4) - Presented by [@kirbstr](https://twitter.com/kirbstr). - [The most complete guide to finding anyone’s email](https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email) - Written by [Timur Daudpota](https://www.blurbiz.io/). - -### Books - -- [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). - ### DNS Rebinding @@ -535,6 +530,10 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [SPLOITUS](https://sploitus.com/) - Exploits & Tools Search Engine by [@i_bo0om](https://twitter.com/i_bo0om). - [Exploit Database](https://www.exploit-db.com/) - ultimate archive of Exploits, Shellcode, and Security Papers by [Offensive Security](https://www.offensive-security.com/). +## Cheetsheets + +- [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). + ## Tools From 610a6fc26c288857aaa2eab0622d83f5126ac222 Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 9 May 2020 20:55:13 +0800 Subject: [PATCH 12/15] add 'Deserialization' section --- README-jp.md | 6 ++++++ README-zh.md | 6 ++++++ README.md | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/README-jp.md b/README-jp.md index 716cccf..5131005 100644 --- a/README-jp.md +++ b/README-jp.md @@ -51,6 +51,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Shell](#web-shell) - [OSINT](#osint) - [DNS Rebinding](#dns-rebinding) + - [Deserialization](#deserialization) - [Evasions](#evasions) - [XXE](#evasions-xxe) - [CSP](#evasions-csp) @@ -333,6 +334,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Attacking Private Networks from the Internet with DNS Rebinding](https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by [@brannondorsey](https://medium.com/@brannondorsey) - [Hacking home routers from the Internet](https://medium.com/@radekk/hackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by [@radekk](https://medium.com/@radekk) + +### Deserialization + +- [What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.](https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) - Written by [@breenmachine](https://twitter.com/breenmachine). + ## Evasions diff --git a/README-zh.md b/README-zh.md index d0a8096..c02690b 100644 --- a/README-zh.md +++ b/README-zh.md @@ -51,6 +51,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Shell](#web-shell) - [OSINT](#osint) - [DNS Rebinding](#dns-rebinding) + - [Deserialization](#deserialization) - [Evasions](#evasions) - [XXE](#evasions-xxe) - [CSP](#evasions-csp) @@ -354,6 +355,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Attacking Private Networks from the Internet with DNS Rebinding](https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by [@brannondorsey](https://medium.com/@brannondorsey) - [Hacking home routers from the Internet](https://medium.com/@radekk/hackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by [@radekk](https://medium.com/@radekk) + +### Deserialization + +- [What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.](https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) - Written by [@breenmachine](https://twitter.com/breenmachine). + ## Evasions diff --git a/README.md b/README.md index 146c165..98a0955 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Shell](#web-shell) - [OSINT](#osint) - [DNS Rebinding](#dns-rebinding) + - [Deserialization](#deserialization) - [Evasions](#evasions) - [XXE](#evasions-xxe) - [CSP](#evasions-csp) @@ -330,6 +331,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Attacking Private Networks from the Internet with DNS Rebinding](https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by [@brannondorsey](https://medium.com/@brannondorsey) - [Hacking home routers from the Internet](https://medium.com/@radekk/hackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by [@radekk](https://medium.com/@radekk) + +### Deserialization + +- [What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.](https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) - Written by [@breenmachine](https://twitter.com/breenmachine). + ## Evasions From 22ce6e5cd633650b688db3731f4ee1b0b2a76f13 Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 9 May 2020 21:57:57 +0800 Subject: [PATCH 13/15] add 'Tricks of Deserialization' section --- README-jp.md | 6 ++++++ README-zh.md | 6 ++++++ README.md | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/README-jp.md b/README-jp.md index 5131005..a8e64c6 100644 --- a/README-jp.md +++ b/README-jp.md @@ -71,6 +71,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Cache Poisoning](#tricks-web-cache-poisoning) - [Header Injection](#tricks-header-injection) - [URL](#tricks-url) + - [Deserialization](#tricks-deserialization) - [Others](#tricks-others) - [Browser Exploitation](#browser-exploitation) - [PoCs](#pocs) @@ -492,6 +493,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Unicode Domains are bad and you should feel bad for supporting them](https://www.vgrsec.com/post20170219.html) - Written by [VRGSEC](https://www.vgrsec.com/). - [[dev.twitter.com] XSS](http://blog.blackfan.ru/2017/09/devtwittercom-xss.html) - Written by [Sergey Bobrov](http://blog.blackfan.ru/). + +### Deserialization + +- [ASP.NET resource files (.RESX) and deserialisation issues](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/) - Written by [@irsdl](https://twitter.com/irsdl). + ### Others diff --git a/README-zh.md b/README-zh.md index c02690b..0d24b57 100644 --- a/README-zh.md +++ b/README-zh.md @@ -71,6 +71,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Cache Poisoning](#tricks-web-cache-poisoning) - [Header Injection](#tricks-header-injection) - [URL](#tricks-url) + - [Deserialization](#tricks-deserialization) - [Others](#tricks-others) - [Browser Exploitation](#browser-exploitation) - [PoCs](#pocs) @@ -523,6 +524,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Unicode Domains are bad and you should feel bad for supporting them](https://www.vgrsec.com/post20170219.html) - Written by [VRGSEC](https://www.vgrsec.com/). - [[dev.twitter.com] XSS](http://blog.blackfan.ru/2017/09/devtwittercom-xss.html) - Written by [Sergey Bobrov](http://blog.blackfan.ru/). + +### Deserialization + +- [ASP.NET resource files (.RESX) and deserialisation issues](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/) - Written by [@irsdl](https://twitter.com/irsdl). + ### Others diff --git a/README.md b/README.md index 98a0955..82c695b 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Cache Poisoning](#tricks-web-cache-poisoning) - [Header Injection](#tricks-header-injection) - [URL](#tricks-url) + - [Deserialization](#tricks-deserialization) - [Others](#tricks-others) - [Browser Exploitation](#browser-exploitation) - [PoCs](#pocs) @@ -488,6 +489,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Unicode Domains are bad and you should feel bad for supporting them](https://www.vgrsec.com/post20170219.html) - Written by [VRGSEC](https://www.vgrsec.com/). - [[dev.twitter.com] XSS](http://blog.blackfan.ru/2017/09/devtwittercom-xss.html) - Written by [Sergey Bobrov](http://blog.blackfan.ru/). + +### Deserialization + +- [ASP.NET resource files (.RESX) and deserialisation issues](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/) - Written by [@irsdl](https://twitter.com/irsdl). + ### Others From f8ba02ec6ef8d234e6e17f39e492e51af1e2683b Mon Sep 17 00:00:00 2001 From: Boik Date: Sat, 9 May 2020 22:05:52 +0800 Subject: [PATCH 14/15] add an article --- README-jp.md | 1 + README-zh.md | 1 + README.md | 1 + 3 files changed, 3 insertions(+) diff --git a/README-jp.md b/README-jp.md index a8e64c6..b894725 100644 --- a/README-jp.md +++ b/README-jp.md @@ -848,6 +848,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Alexa Top 1 Million Security - Hacking the Big Ones](https://slashcrypto.org/data/itsecx2018.pdf) - Written by [@slashcrypto](https://twitter.com/slashcrypto). - [The bug bounty program that changed my life](http://10degres.net/the-bug-bounty-program-that-changed-my-life/) - Written by [Gwen](http://10degres.net/). - [List of bug bounty writeups](https://pentester.land/list-of-bug-bounty-writeups.html) - Written by [Mariem](https://pentester.land/). +- [Implications of Loading .NET Assemblies](https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html) - Written by [Brian Wallace](https://threatvector.cylance.com/en_us/contributors/brian-wallace.html). ## Code of Conduct diff --git a/README-zh.md b/README-zh.md index 0d24b57..22fa530 100644 --- a/README-zh.md +++ b/README-zh.md @@ -899,6 +899,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Alexa Top 1 Million Security - Hacking the Big Ones](https://slashcrypto.org/data/itsecx2018.pdf) - Written by [@slashcrypto](https://twitter.com/slashcrypto). - [The bug bounty program that changed my life](http://10degres.net/the-bug-bounty-program-that-changed-my-life/) - Written by [Gwen](http://10degres.net/). - [List of bug bounty writeups](https://pentester.land/list-of-bug-bounty-writeups.html) - Written by [Mariem](https://pentester.land/). +- [Implications of Loading .NET Assemblies](https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html) - Written by [Brian Wallace](https://threatvector.cylance.com/en_us/contributors/brian-wallace.html). ## Code of Conduct diff --git a/README.md b/README.md index 82c695b..57eb2ce 100644 --- a/README.md +++ b/README.md @@ -843,6 +843,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Alexa Top 1 Million Security - Hacking the Big Ones](https://slashcrypto.org/data/itsecx2018.pdf) - Written by [@slashcrypto](https://twitter.com/slashcrypto). - [The bug bounty program that changed my life](http://10degres.net/the-bug-bounty-program-that-changed-my-life/) - Written by [Gwen](http://10degres.net/). - [List of bug bounty writeups](https://pentester.land/list-of-bug-bounty-writeups.html) - Written by [Mariem](https://pentester.land/). +- [Implications of Loading .NET Assemblies](https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html) - Written by [Brian Wallace](https://threatvector.cylance.com/en_us/contributors/brian-wallace.html). ## Code of Conduct From d30865ea9d38309fa8d1e6f68e11930628549b1f Mon Sep 17 00:00:00 2001 From: Saikiran Uppu Date: Sat, 9 May 2020 10:48:33 -0400 Subject: [PATCH 15/15] Update README-jp.md --- README-jp.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README-jp.md b/README-jp.md index b894725..32874a5 100644 --- a/README-jp.md +++ b/README-jp.md @@ -105,6 +105,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Others](#tools-others) - [Social Engineering Database](#social-engineering-database) - [Blogs](#blogs) +- [CheatSheets](#cheatsheets) - [Twitter Users](#twitter-users) - [Practices](#practices) - [Application](#practices-application) @@ -769,6 +770,10 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [0Day Labs](http://blog.0daylabs.com/) - Awesome bug-bounty and challenges writeups. - [Blog of Osanda](https://osandamalith.com/) - Security Researching and Reverse Engineering. +## CheatSheets + +- [Capture the Flag CheatSheet](https://github.com/uppusaikiran/awesome-ctf-cheatsheet#awesome-ctf-cheatsheet-) - Security Cheatsheet. + ## Twitter Users - [@HackwithGitHub](https://twitter.com/HackwithGithub) - Initiative to showcase open source hacking tools for hackers and pentesters