Learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Anubhav Singh. Huge thanks to Harsh Bothra, from whoam I got motivated to start this Learn365 challenge.

---

Day	Topic
1	Learn Javascript The Tool Box karma v2 and 4-ZERO-3 - Talk Finding and exploiting unintended functionality in main web app APIs - Writeup Workflow for Javascript Recon
2	Learn Javascript Read BugBounty BootCamp - Book Learn Python
3	Learn Javascript AWS Lambda Command Injection - Writeup A tale of zero click account takeover - Writeup
4	Learn CSS Learn Python
5	Learn Javascript [Revision]
6	Solved DOM based XSS Labs on Portswigger
7	Solved DOM based XSS Labs on Portswigger Learn Python
8	A Cool Account Takeover Vulnerability due to lack of Client Side Validation - WriteUp
9	WebSockets not Bound by SOP and CORS? - WriteUp
10	Unauth Cache Purging - WriteUp How I was able to change victim’s password using IDN Homograph Attack - WriteUp
11	Controlling the web message source - Lab JavaScript for Hackers - Video HACKING postMessage() - Video Introduction postmessage vulnerabilities - Writeup Postmessage vulnerability demo -Lab
12	A simple Data Exfiltration! Excel magic - Writeup
13	One Token to leak them all : The story of a $8000 NPM_TOKEN - Writeup Introduction to GraphQL - GraphQL Exploitation Part1 - Video
14	Finding The Origin IP Behind CDNs - Writeup
15	Hunting postMessage Vulnerabilities - White Paper
16	120 Days of High Frequency Hunting - WriteUp Hunting postMessage Vulnerabilities - White Paper
17	How to find new/more domains of a company? - Recon Stuff - Writeup
18	Read BugBounty BootCamp - Book
19	The Tale of a Click leading to RCE - Writeup
20	PostMessage Vulnerabilities - WriteUp
21	DVGA - Damn Vulnerable GraphQL Application Part 2 - Video
22	Chrome DevTools Crash Course - Video
23	Crontab for Linux Admins - Video
24	Template Injection in Action: 2-hour workshop on Template Injection (SSTI) Read BugBounty BootCamp - Book
25	Hacking REST APIs: A beginner's guide - Course
26	Read BugBounty BootCamp - Book Read zseano's methodology - Book
27	Read zseano's methodology - Book
28	Read zseano's methodology - Book Params — Discovering Hidden Treasure in WebApps - Writeup
29	WebSockets and Hacking - Writeup
30	Pentesting API Top 10 - Talk
31	Read BugBounty BootCamp - Book Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite - Writeup
32	Android: Quick History on Smartphones - Video Intro to App Development - Video Top 25 Browser Extensions for Pentesters and Bugbounty Hunters (2022) - Writeup
33	Intro to Android Architecture and Security - Video What is an Android Operating System & Its Features - Writeup Android Internals 101: How Android OS Starts You Application - Writeup Android Security Part 1- Understanding Android Basics - Writeup
34	Mobile Application Penetration Testing - TCM Course
35	Read BugBounty BootCamp - Book
36	Solved 1-10 Challenges of InjuredAndroid Recon methodology of @GodfatherOrwa - Video
37	Read BugBounty BootCamp - Book
38	1,2 Exercises: Android App Reverse Engineering 101
39	3,4 Exercises: Android App Reverse Engineering 101
40	Android App Reverse Engineering LIVE! Part 1 - Workshop
41	Android Architecture + Static Analysis with apktool + gf + jadx Insecure Logging & Storage + Setup Genymotion & pidcat
42	Troubleshooting connection between WSL and android emulator
43	Mobexler : A Mobile Application Penetration Testing Platform - Video
44	Android Pentesting Lab Setup - Writeup
45	Hacking Android Deeplink Issues and Insecure URL Validation - Video
46	SINGLE-SIGN-ON SECURITY ISSUES : BugBounty BootCamp - Book
47	Solved Flag 12 & 13 of Injured Android
48	Android SSL Pinning Bypass for Bug Bounties & Penetration Testing - Video SSL Pinning in Android Part 1 - Writeup SSL Pinning in Android Part 2 - Writeup What is Android Rooting? - Writeup Four Ways to Bypass Android SSL Verification and Certificate Pinning - Writeup
49	Bypassing OkHttp Certificate Pinning - Writeup Disabling SSL Pinning in Android Apps using Frida / Objection - Writeup How To Bypass Apps Root Detection In Android - Writeup Bug Bounty on Android : setup your Genymotion environment for APK analysis - Writeup
50	The Ultimate Guide to Android SSL Pinning Bypass - Guide
51	OAuth terminologies and flows explained - Video OAuth 2.0 Hacking Simplified — Part 1 — Understanding Basics - Writeup OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation - Writeup
52	Bug Bounty — Bypassing Endpoints - Writeup
53	How I made 25000 USD in bug bounties with reverse proxy - Writeup
54	Intercepting Android Emulator SSL traffic with burp using magisk - Writeup
55	Subdomains Tools Review: a full and detailed comparison of subdomain enumeration tools - Writeup
56	Lab: Authentication bypass via OAuth implicit flow
57	Web Authentication and Authorization Zine - Zine
58	Forced OAuth profile linking - Lab OAuth account hijacking via redirect_uri - Lab Stealing OAuth access tokens via an open redirect - Lab
59	ANDROID APP SECURITY BASICS (Static analysis - Part 1) - Video
60	HACKING ANDROID WebViews (Static analysis - Part 2) - Video Getting Started with Android Application Security - Writeup Android Pentest: Automated Analysis using MobSF - Writeup Static Analysis of Android Application & Tools Used - Writeup Complete Android Pentesting Guide - Writeup
61	Android App Security & Testing - Writeup Exploiting Android activity android:exported="true" - Writeup Exploiting Activity in medium android app - Writeup
62	Android Penetration Testing: Drozer - Writeup
63	Android Pentest: Deep Link Exploitation - Writeup
64	Android Applications Pentesting (Static Analysis) - HackTricks
65	OAuth Sign Up AND Log In (1-6 Slides) - Slides
66	Authentication bypass due to weak verification of SAML Token - Writeup
67	Bypassing Google Authentication on Periscope's Administration Panel - Writeup
68	Burp Bounty v2 Documentation Architect: Major Design Decisions - OAuth Classic Web Application: Authorization Code Grant Flow - OAuth
69	Authorizationcode_tester - Tester: Exploit Mistakes
70	Pwning a Server using Markdown - Writeup
71	Critical XSS in chrome extension - Writeup
72	Penetrate the Protected Component in Android Part 1 - Writeup
73	Penetrate the Protected Component in Android Part 2 - Writeup
74	From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password - Writeup
75	How Tapjacking Made a Return with Android Marshmallow and Nobody Noticed - Writeup
76	How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? - Writeup
77	Android Development (1:45 Hrs) - Video
78	Android Development: Java Refresher - Video
79	Android Development: Activities & Layouts - Video
80	Android Development: MultiScreen Apps - Video
81	How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes - Writeup
82	From XSS to RCE (dompdf 0day) - Writeup
83	A Detailed Guide on httpx - Writeup
84	Chapter 24 API Hacking : BugBounty BootCamp - Book
85	Preparing for API Security Testing : Hacking APIs - Book
86	How web applications work : Hacking APIs - Book
87 - 90	The Anatomy of Web APIs : Hacking APIs - Book
91	DIVA Android App: Walkthrough - Writeup
92	The Anatomy of Web APIs : Hacking APIs - Book
93	Android Penetration Testing: Frida - Writeup
94	Diva apk analysis - Writeup
95	API Authentication: Hacking APIs - Book
96	Watch out the links : Account takeover! - Writeup
97	10 things you must do when Pentesting Android Applications - Writeup Dumping Android application memory with fridump - Writeup Mobile Risks: M1 – Improper platform usage - Writeup Mobile Risks: M2 – Insecure data storage - Writeup Mobile Risks: M3 – Insecure communication - Writeup Understanding the OWASP Mobile Top 10 Security Risks: Part Two (M4-M7) - Writeup Understanding the OWASP Mobile Top 10 Security Risks: Part Three (M8-M10) - Writeup
98	Vulnerable Android Broadcast Receivers - Writeup
99	API Insecurities Hacking APIs - Book
100	How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty - Writeup
101	Open Android Security Assessment Methodology - Repo
102	API Insecurities Hacking APIs (page 72 - 81) - Book
103	API Insecurities Hacking APIs (page 84 - 96) - Book
104	How I made $10K in bug bounties from GitHub secret leaks - Writeup
105	Android: How to Bypass Root Check and Certificate Pinning - Writeup Comparison of Different Android Root-Detection Bypass Tools - Writeup
106	Bypassing a WAF by Finding the Origin IP - Video
107	Inspecting Android Traffic using Proxyman + apk-mitm - Writeup
108	NoSQL Injection in Plain Sight - Writeup
109	Configuring an out-of-band callback listener and notification service in under 10 minutes using AWS Lambda function URLs and Discord webhooks - Writeup
110	Supplemental Tools : Hacking APIs - Book
111	Android Root Detection Bypass Using Objection and Frida Scripts - Writeup
112	Configuring Frida with BurpSuite and Genymotion to bypass Android SSL Pinning - Writeup
113	Find new domains of a company using SSL Certificates - Bug Bounty Recon - Writeup
114	Exploiting Android Fingerprint Authentication - Writeup
115	Testing-Local-Authentication - Owasp Guide
116	Bypass of Biometrics & Password Security Functionality For android - Writeup
117	Creating Code for Bypassing Android Security Checks: Frida - Video
118	Sharpening your FRIDA scripting skills with Frida Tool - Writeup
119	Hacking Android Apps with Frida - Video
120	ATO without any interaction : aws cognito misconfiguration - Writeup
121	NahamCon CTF 2022 Write-up: Click Me! Android challenge - Writeup
122	Android Application Security [chapter 0x1] - Introduction to Frida - Writeup
123	Getting started with Frida on Android Apps - Writeup
124	Exploration of Native Modules on Android with Frida - Writeup
125	How to exploit GraphQL endpoint: introspection, query, mutations & tools - Writeup
126	DVGA Batch Query Attack GraphQL Exploitation : Part 3 DVGA - Video
127	The $16,000 Dev Mistake - Writeup
128	FirstBlood : HackEvent BugBountyHunter.com - Reports
129	Exploring Native Functions with Frida on Android - Writeup
130	Add JNI(C/C++) into your existing Android app - Writeup
131	Demystifying Frida - Video
132	How to hook Android Native methods with Frida (Noob Friendly) - Writeup
133	Instrumenting Native Android Functions using Frida - Writeup
134	Forging OAuth tokens using discovered client id and client secret - Writeup
135	Getting started with Android NDK: Android Tutorial - Writeup
136	Can analyzing javascript files lead to remote code execution? - Writeup
137	XML External Entity (XXE) : The Ultimate Guide - Writeup
138	Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application - Video
139	PHP Command Injection ->Time Based SQL $2000 bounty - Writeup
140	How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) - Writeup
141	My Bug Bounty Adventure (Fuzzing + Information Disclosure) - Writeup
142	Exploiting CRLF Injection can lands into a nice bounty - Writeup
143	PayPal IDOR via billing Agreement Token (closed Informative, payment fraud) - Writeup
144	How I Hacked NASA to execute arbitrary commands in their server! - Writeup
145	SQL injection through HTTP headers - Writeup
146	Automate your recon With Censys HOW Pro hacker use Censys - Writeup
147	How I Found a company’s internal S3 Bucket with 41k Files - Writeup
148	Bypassing File Upload Restriction using Magic Bytes - Writeup
149	Story about more than 3.5 million PII leakage in Yahoo!!! (Using an IOS) - Writeup
150	How to find & access Admin Panel by digging into JS files - Writeup
151	Solved Lame Box - HTB
152	Understanding And Identifying Insecure Deserialization - Writeup
153	Dependency Confusion : A Supply Chain Attack - Writeup
154	Solved Lame Box - HTB
155	This is why you shouldn’t trust your Federated Identity Provider - Writeup
156	If It’s a Feature!!! Let’s Abuse It for $750 - Writeup
157	Business Logic Errors - Art of Testing Cards - Writeup
158	Hacking Nginx: Best ways - Writeup
159	Frida hooking android part 1 - Writeup
160	Frida hooking android part 2 - Writeup
161	Frida hooking android part 3 - Writeup
162	Frida hooking android part 4 - Writeup
163	Frida hooking android part 5: Bypassing AES encryption - Writeup
164	Exploiting esoteric android vulnerability - Workshop by Sharan & Sanjay at BSides Ahmedabad 2021 - Video
165	Andromeda- GUI based Dynamic Instrumentation Toolkit powered by Frida - Shivang Desai - Video
166	How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook - Writeup
167	Hacking into WordPress themes for CVEs and Fun - Writeup
168	Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation - Writeup
169 - 177	Android development - Video
178 - 183	Linux 101 - Course
184 - 189	Linux Privilege Escalation for Beginners - Course
190	Admin account takeover via weird Password Reset Functionality - Writeup
191	Access control worth $2000 : everyone missed this IDOR+Access control between two admins - Writeup
192	How I was able edit target website’s AWS files from the file upload function? - Writeup
193	XXE in Public Transport Ticketing Mobile APP - Writeup
194	RCE IN EC2 INSTANCE VIA SSH WITH PRIVATE KEY EXPOSED ON PUBLIC GITHUB REPOSITORY – $XX,000 USD - Writeup
195	How I was able to Regain access to account deleted by Admin leading to $$$ - Writeup
196	OAuth Misconfiguration Leads To Pre-Account Takeover - Writeup
197	How to find Origin IP - Writeup
198	PII Disclosure of Apple Users ($10k) - Writeup
199	Android and Java API : Frida - Documentation
200	Behind the Bug: Password reset poisoning - Writeup
201	Websocket Hijacking to steal Session_ID of victim user - Writeup
202	How to use Burp Suite Like a PRO? PART – 1 - Writeup
203	Ultimate Tips And Tricks To Find More Cross-Site Scripting Vulnerabilities - Writeup
204	Setting iOS App Testing Environment with Burp-suite & Corellium - Writeup
205	How I Test For Web Cache Vulnerabilities + Tips And Tricks - Writeup
206	Information Disclosure to Account Takeover - Writeup
207	You MUST sanitize PHP mail() inputs — or else RCE! - Writeup
208	Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP) for a bounty of $4,913 - Writeup
209	How to prevent hackers from reverse engineering your Android apps - Writeup
210	How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty - Writeup
211 - 212	Linux Privilege Escalation - Pentester acacademy bootcamp
213 - 214	Solve linuxprivesc Room - Tryhackme
215 - 217	Frida Scripting Guide for Java - Writeup
218	Exploring Native Functions with Frida on Android : part 3 - Writeup
219	Exploring Native Functions with Frida on Android : part 4 - Writeup
220	Stored XSS to Account Takeover : Going beyond document.cookie : Stealing Session Data from IndexedDB - Writeup
221	SQL Injection filter bypass to perform blind SQL Injection - Writeup
222	Abusing URL Shortners for fun and profit - Writeup
223	Android WebView Hacking : Enable WebView Debugging - Writeup
224	Defeat the HttpOnly flag to achieve Account Takeover : RXSS - Writeup
225 -230	Android App Hacking - Black Belt Edition - Udemy Course
231	Solving CTF with Frida : Part 1 - Writeup
232	Solving CTF with Frida : Part 2 - Writeup
233	Solving CTF with Frida : Part 3 - Writeup
234	Solving CTF with Frida : Part 4 - Writeup
235 - 240	Watched Android CTF video from Youtube channel Umar_0x01 - Video
241	Bypassing ModSecurity for RCEs - Writeup
242	Bypassing Amazon WAF to pop an alert() - Writeup
243	Exploiting Android’s Task Hijacking - Writeup
244 - 248	Windows Privilege Escalation for Beginners - TCM Course
249	Cool Recon techniques every hacker misses! - Writeup
250	Intruder and CSRF-protected form, without macros - Writeup
251	New technique 403 bypass - Writeup
252	Exploiting XSS with Javascript/JPEG Polyglot - Writeup
253	Hacking Android Foreground Services Escalation Of Privileges by Rony Das - Nullcon Goa Jailbreaking iOS in the post-apocalyptic era by CoolStar & Tihmstar - Nullcon Goa
254	Can write single Exploit payload which can exploit both HTML and JS injection - Tweet
255	A context insensitive sqli payload polyglot - Tweet
256	Find References: The most underrated and underused feature of @Burp_Suite - Tweet
257	Reversing an Android sample which uses Flutter - Writeup
258 - 261	Windows Privilege Escalation for Beginners - TCM Course
262	Escalation Path Executable Files - WindowsPriv Escalation Path Startup Applications - WindowsPriv Escalation Path DLL Hijacking - WindowsPriv
263	Escalation Path Service Permissions (Paths) - WindowsPriv
264	Escalation Path CVE-2019-1388 - WindowsPriv
265-267	Capstone Challenge - WindowsPriv
268-270	Wreath Room - Tryhackme
271	Network Pivoting using Metasploit and Proxychains - Writeup
272	Metasploit: Pivoting - Writeup
273 - 274	Explore Hidden Networks With Double Pivoting - Writeup
275	Pivoting Entire Network with Chisel - Video
276	Deep dive in double network Pivoting with Metasploit and ProxyChains - Video
277	lazyadmin - Tryhackme Room
278	Empline - Tryhackme Room
279	Vulnnetinternal - Tryhackme Room
280	Gatekeeper - Writeup
281	Buffer Overflow for #OSCP and #eCPPT in 20 minutes - Video
282	Pivoting in Metasploit to Hack Deeper into a Network - Writeup
283 - 285	Reading Github Repos on ECPPT - Repo
286	Upgrade Normal Shell To Meterpreter Shell - Writeup
287	Home Lab: ProxyChains, eCPPT prep - Video
288	Pivoting: Metasploit(meterpreter)+Proxychains - Writeup
289	Metasploit: Portproxy(tunneling meterpreter session inside another meterpreter session)+socat+chisel - Writeup
290	How to Implement Pivoting and Relaying Techniques Using Meterpreter - gitbooks
291 - 292	sushant747 - gitbooks
293 - 302	Going through INE PDF Material
303 - 310	ECPPT EXam
311	AWS SSRF to Root on production instance - Writeup
312	Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches - Writeup
313	Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank Asset - Writeup
314	Making API Bug Bounties A Breeze! - Writeup
315	Chaining Cache Poisoning To Stored XSS - Writeup
316	$6000 with Microsoft Hall of Fame, Microsoft Firewall Bypass, CRLF to XSS, Microsoft Bug Bounty - Writeup
317	The Zaheck of Android Deep Links! - Writeup
318	How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags - Writeup
319	All about: CORS Misconfiguration - Writeup
320	Winning QR with DOM-Based XSS - Writeup
321	JSON Deserialitzation Attack - Writeup
322	$250 for Email account enumeration using NameToMail tool - Writeup
323	How i found 8 vulnerabilities in 24h - Writeup
324	Account Takeovers Believe the Unbelievable - Writeup
324	Account Takeovers Believe the Unbelievable - Writeup
325	JSON based XSS - Writeup
326	Domain hacks with unusual Unicode characters - Writeup
327	Deep Link Exploitation: Introduction & Open/unvalidated Redirection - Writeup
328	Exploiting Android WebView Vulnerabilities - Writeup
329	SSRF via DNS Rebinding CVE-2022–4096 - Writeup
330	Unique Rate limit bypass worth 1800$ - Writeup
331	Getting started with Code Review - Security Boat Meetup
332	Firebase Exploit bug bounty - Writeup
333	A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers - Writeup
334	Calculating CVSS - Writeup
335	Multiple Vulnerabilities found in Airtel Android Application - Writeup
336	Remote Command Execution in a Bank Server - Writeup
337	How I made $31500 by submitting a bug to Facebook - Writeup
338	Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys - Writeup
339	Understanding IMAP/SMTP injection - Writeup
340	Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass - Writeup
341	Nuclei v2.8.0 - Fuzz all the way! - Writeup
342	Race Condition vulnerability in Azure Video Indexer allowed trial account users use Advance / Premium feature - Writeup
343	Exploiting Missing HSTS - Writeup
344	Kony Mobile Frameworks Reverse Engineering Write Up Wreck IT 2022 CTF Quals - Writeup
345-346	JavaScript prototype pollution: practice of finding and exploitation - Writeup
347-348	How to Hack WebSockets and Socket.io - Writeup
349	Doing it the researcher’s way: How I Managed to Get SSTI which lead to arbitrary file reading on One of the Leading Payment Systems in Asia - Writeup
350	Unusual Cache Poisoning between Akamai and S3 buckets - Writeup
351 - 352	Infoseccomm event - Event
353	Param Hunting to Injections - Writeup
354	How I was able to steal users credentials via Swagger UI DOM-XSS - Writeup
355	Understanding Memcache Injection - Writeup
356	GraphQL Pentesting for Dummies! Part-1 - Writeup
357 - 359	Gaining Access to Protected Components In Android - Writeup Penetrate the Protected Component in Android Part -1 - Writeup Penetrate the Protected Component in Android Part -2 - Writeup Android Hacking-Exploiting Content Providers
360	Hack crypto secrets from heap memory to exploit Android application - Writeup
361	$350 XSS in 15 minutes - Writeup
362	Command-Line Data-Wrangling by Tomnomnom - Video
363	Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000 - Writeup
364	Exploring the World of ESI Injection - Writeup
365	SSRF vulnerabilities caused by SNI proxy misconfigurations - Writeup