Inspired from Infosec Community from i have started #100daysofhacking to keep myself busy in learning and gain more knowledge in cybersecurity.Everythiing i learned will be kept on this repository.
- Unix Badge Compeleted : https://pentesterlab.com/badges/unix
- Tryhackme : https://tryhackme.com/room/basicpentestingjt
- Learned Bash Basics : https://www.javatpoint.com/bash
- Pentesterlab : Essential Badge[Authentication and Authorization labs] https://pentesterlab.com/badges/essential
- Tryhackme : https://tryhackme.com/room/overpass
- Pentesterlab : Essential Badge(Code and Command Execution)
- Portswigger : 4 CSRF Labs(https://portswigger.net/web-security/all-labs)
- Portswigger : Access Control Vulnerabilities Labs
- Bash Scripting: https://hakin9.org/bash-introduction-for-hackers-part-1/
- Pentesterlab : Essential Badge (Directory Traversal and File Include Labs)
- Continued Learning Bash : https://hakin9.org/bash-introduction-for-hackers-part-1/
- Portswigger: 7 Authentication Labs
- Bash Scripting: https://hakin9.org/bash-introduction-for-hackers-part-2/
- Coded a Python Bot to automatically type on http://typer.io😄
- Portswigger : Authentication Labs Completed(https://portswigger.net/web-security/authentication)
- Read Writeup : https://medium.com/@Sm9l/what-i-learnt-from-reading-220-idor-bug-reports-6efbea44db7
- Read Writeup : https://medium.com/@robert0/how-i-found-broken-access-control-through-out-of-sync-setup-and-got-1000-9143fc5febdd
- Portswigger : Directory traversal labs(https://portswigger.net/web-security/file-path-traversal)
- Read Writeup : https://ryanpickren.com/safari-uxss
- Pentesterlab : Essential Badge(LDAP labs)
- Read Writeup : Facebook Bug(https://www.ash-king.co.uk/blog/abusing-Facebooks-call-to-action-to-launch-internal-deeplinks)
- Tryhackme: Linux Privilege Escalation(https://tryhackme.com/room/linuxprivesc)
- Deep Recon Videos By GodfatherOrwa : https://www.youtube.com/channel/UCUCmz3fKMZpYPDNfHZh3alg
- Portswigger : Host Header Injection Labs(https://portswigger.net/web-security/host-header/exploiting)
- Read Bug Bounty Report : https://hackerone.com/reports/1122513
- Tryhackme : John the Ripper(https://tryhackme.com/room/johntheripper0)
- Portswigger : Host Header Labs(https://portswigger.net/web-security/host-header/exploiting)
- Tryhackme: Pentesting Fundamentals(https://tryhackme.com/room/pentestingfundamentals)
- Tryhackme: Burpsuite(https://tryhackme.com/room/rpburpsuite)
- Portswigger:Password Reset Poisoning(https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning)
- Tryhackme: Web Fundamentals(https://tryhackme.com/room/walkinganapplication)
- Tryhackme : Walking An Application(https://tryhackme.com/room/walkinganapplication)
Feb 13 missed
- Tryhackme: Subdomain Enumeration(https://tryhackme.com/room/subdomainenumeration)
- Portswigger: Password reset poisoning via middleware(https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning-via-middleware)
- Tryhackme : IDOR(https://tryhackme.com/room/idor)
- Portswigger:Password reset poisoning via dangling markup(https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning/lab-host-header-password-reset-poisoning-via-dangling-markup)
- Tryhackme: Authentication Bypass(https://tryhackme.com/room/authenticationbypass)
- Pentesterlab: Essential Badge(MongoDB Injection)
- Tryhackme: File Inclusion(https://tryhackme.com/room/fileinc)
- Pentesterlab: Essential Badge(Open Redirect Labs)
- Tryhackme: SSRF(https://tryhackme.com/room/ssrfqi)
- Pentesterlab: Essential Badge(Server Side Template Injection labs)
- Tryhackme: Cross-Site Scripting(https://tryhackme.com/room/xssgi)
- Portswigger: Exploiting XXE using external entities to retrieve files(https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files)
- Tryhackme : OSI Model( https://tryhackme.com/room/osimodelzi)
- Tryhackme : Extending Your Network(https://tryhackme.com/room/extendingyournetwork)
- Pentesterlab: Essential Badge(Cross Site Scripting)
- Portswigger :IDOR
- Read Writeup : A tale of 0-Click Account Takeover and 2FA Bypass.
- Pentesterlab: Essentail Badge(SQl Injection 1 and 2)
- Portswigger: Authentication bypass via OAuth implicit flow
- Read Writeup: My First Bounty and How Did I Get It?
- Pentesterlab:Pcap Badge Labs
- Read Writeup : How i made 15k$ from Remote Code Execution Vulnerability
- Pentesterlab: 5 Pcap Labs
- Read Writeup: How I could’ve bypassed the 2FA security of Instagram once again?
- Pentesterlab:Log4j RCE
- Tryhackme:Passive Reconnaissance
- Read Writeup: How can I access the members-only video comment?
- Tryhackme:Active Reconnaissance
- Pentesterlab:JSON Web Token
- Tryhackme:Command Injection
- Read Writeup :Order Detail Leakage in Alibaba Mobile
- Tryhackme: Metasploit Introduction
- Tryhackme: Metasploit Exploitation
- Tryhackme: Metasploit Meterpreter
- Pentesterlab:JSON Web Token II
- Tryhackme: What the Shell?
- Pentesterlab: JWT III
- Pentesterlab: JWT IV
- Linux Privilege Escalation: Initial Enumeration videos
- Pentesterlab: JWT V
- Linux Privilege Escalation: Kernel Exploits videos
- Pentesterlab: JWT VI
- Linux Privilege Escalation: Escalation Path Passwords & File Permissions
- Pentesterlab:JWT VII
- Linux Privilege Escalation: Escalation Path Sudo
- Tryhackme: Simple CTF
- Read Writeup: SSRF & LFI In Uploads Feature
- Portswigger: DOM XSS in document.write sink using source location.search
- Linux Privilege Escalation: Escalation Path SUID
- Linux Privilege Escalation: Escalation Path Other SUID Escalation
- Hackthebox: Paper Machine