| Day 1 |
SSRF,RedTeam |
| Day 2 |
SSRF,RedTeam,THM Room |
| Day 3 |
SSRF,RedTeam,THM Room |
| Day 4 |
Broken Link Hijacking, THM Room |
| Day 5 |
Blind XSS,THM Room |
| Day 6 |
log4j, THM Room |
| Day 7 |
Password Reset link not expire, THM Room |
| Day 8 |
DMARC, THM Room |
| Day 9 |
CSRF, Linux PrivEsc |
| Day 10 |
Clickjacking, Linux PrivEsc |
| Day 11 |
Live Bug Hunting, Linux PrivEsc |
| Day 12 |
Bug Bounty Wordlist, Linux PrivEsc |
| Day 13 |
OWASP Web Application Security Testing, THM Room |
| Day 14 |
4.1.2 OWASP Fingerprint Web Server, THM Room |
| Day 15 |
4.1.3 OWASP Review Webserver Metafiles for Information Leakage, THM Room |
| Day 16 |
4.1.4 Enumerate Applications on Webserver |
| Day 17 |
4.1.5 Review Webpage Content for Information Leakage, THM Room |
| Day 18 |
4.1.6 Identify Application Entry Points |
| Day 19 |
4.1.7 Map Execution Paths Through Application, Github Recon |
| Day 20 |
4.1.8 Fingerprint Web Application Framework, Recon Techniques |
| Day 21 |
4.1.9,10 Map Application Architecture, THM Room |
| Day 22 |
4.2 Configuration and Deployment Management Testing, THM Room |
| Day 23 |
4.2.2 Test Application Platform Configuration, THM Room |
| Day 24 |
4.2.3 Test File Extensions Handling for Sensitive Information, THM Room |
| Day 25 |
4.2.4 Review Old Backup and Unreferenced Files for Sensitive Information, THM Room |
| Day 26 |
4.2.5 Enumerate Infrastructure and Application Admin Interfaces, THM Room |
| Day 27 |
4.2.6 Test HTTP Methods (with Video), THM Room |
| Day 28 |
4.2.7 Test HTTP Strict Transport Security (HSTS), THM Room |
| Day 29 |
4.2.8 Test RIA Cross Domain Policy, THM Room |
| Day 30 |
4.2.9 Test File Permission, THM Room |
| Day 31 |
4.2.10 Test for Subdomain Takeover, THM Room |
| Day 32 |
4.2.11 Test Cloud Storage, THM Room, eJPT |
| Day 33 |
4.2.12 Test for Content Security Policy, THM Room, eJPT |
| Day 34 |
4.3.1 Test Role Definitions, THM Room, eJPT |
| Day 35 |
4.3.2 Test User Registration Process |
| Day 36 |
4.3.3 Test Account Provisioning Process |
| Day 37 |
4.3.4 Testing for Account Enumeration and Guessable User Account |
| Day 38 |
4.3.5 Testing for Weak or Unenforced Username Policy, THM Room |
| Day 39 |
4.4.1 Testing for Credentials Transported over an Encrypted Channel |
| Day 40 |
4.4.2 Testing for Default Credentials |
| Day 41 |
CSRF |
| Day 42 |
Open Redirect |
| Day 43 |
log4j |
| Day 44 |
JWT attacks |
| Day 45 |
Content Discovery |
| Day 46 |
Idor |
| Day 47 |
Account takeover |
| Day 48 |
RCE on a Java Web Application |
| Day 49 |
Dependency Confusion |
| Day 50 |
Automate Blind XSS |
| Day 51 |
Finding And Exploiting S3 Amazon Buckets For Bug Bounties |
| Day 52 |
Web Cache Poisioning attack |
| Day 53 |
Unique Case for Price Manipulation |
| Day 54 |
Account takeover via the Password Reset Functionality |
| Day 55 |
API Token Hijacking Through Clickjacking, THM Room |
| Day 56 |
API Exploitation --→ Business Logic Bug |
| Day 57 |
Attended Infosec Community Conference on : Android Static Analysis |
| Day 58 |
Finding bugs on NFT website for fun & Profit by zseano |
| Day 59 |
EXIF Geolocation Data Not Stripped From Uploaded Images |
| Day 60 |
Thick Client Pentesting |
| Day 61 |
Conduct a Penetration Test Like a Pro in 6 Phases |
| Day 62 |
Firewall Penetration Testing |
| Day 63 |
Host Discovery & Vulnerability Scanning With Nessus |
| Day 64 |
AWS Web Application Firewall (WAF), 5 Exercise Pentesterlabs |
| Day 65 |
Introduction To Pentesting - Enumeration, 6 Pentesterlab Exercise |
| Day 66 |
Bypassing CSRF Protection, 5 Pentesterlab Exercise |
| Day 67 |
HTML Injection |
| Day 68 |
Exploiting SQL Injection, Completed Pentesterlab Unix Badge |
| Day 69 |
A Weird Price Tampering Vulnerability, Security Operations Center (SOC) |
| Day 70 |
A Summary of OAuth 2.0 Attack Methods |
| Day 71 |
6 Methods to bypass CSRF protection on a web application |
| Day 72 |
Two-factor authentication security testing and possible bypasses |
| Day 73 |
10 Types of Web Vulnerabilities that are Often Missed, Understanding BOLA |
| Day 74 |
My First Bug Bounty: SQL Injection, SQL INJECTION VULNERABILITY |
| Day 75 |
Dank Writeup On Broken Access Control, Bug bounty tips for broken access control on BurpSuite Part 1 |
| Day 76 |
SSRF in PDF Renderer using SVG, Bypassing 2FA using OpenID Misconfiguration |
| Day 77 |
Easy IDOR hunting with Autorize?, HOW I hacked thousand of subdomains |
| Day 78 |
A business logic error bug worth 600$, 5 Methods to bypass Authentication (OTP) |
| Day 79 |
How did I earn €€€€ by breaking the back-end logic of the server, How to find IDOR Privilege escalation |
| Day 80 |
Account Takeover via Web Cache Poisoning based Reflected XSS, A Pentester's Guide to Server Side Template Injection |
| Day 81 |
Account Takeover: From zero to System Admin using basic skills, Apache Example Servlet leads to $$$$ |
| Day 82 |
The easiest $2500 I got it from bug bounty program, A Pentester’s Guide to File Inclusion |
| Day 83 |
How I bypassed disable_functions in php to get a remote shell, JWTs - Patterns & Anti-patterns |
| Day 84 |
Finding Your Next Bug: GraphQL, No Rate Limit - 2K$ Bounty |
| Day 85 |
Facebook email disclosure and account takeover, How to learn anything in Computer Science or Cybersecurity |
| Day 86 |
Hacking banks with race conditions, Exploiting a Race Condition Vulnerability |
| Day 87 |
A Comprehensive Guide to Broken Access Control, Never leave this tip while you hunting Broken Access Control, POC |
| Day 88 |
A Journey from IDOR to Account Takeover, Exploiting open redirect - Whitelist bypass using Salesforce environment |
| Day 89 |
Union Based SQL Injection — Bug Hunting, Bypass confirmation to add payment method |
| Day 90 |
Exploiting cross-site scripting in Referer header, XSS via X-Forwarded-Host header |
| Day 91 |
How I bypassed 403 forbidden domain using a simple trick, Deleting account via support ticket |
| Day 92 |
Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite, WordPress < 5.8.3 - Object Injection Vulnerability |
| Day 93 |
0-day Cross Origin Request Forgery vulnerability in Grafana 8.x |
| Day 94 |
GOT ACCESS TO DOTA 2 ADMIN PANEL BY EXPLOITING IN-GAME FEATURE |
| Day 95 |
How I escalated RFI into LFI |
| Day 96 |
Stumbling upon a new way to exploit authorization bypass in Jira |
| Day 97 |
Clickjacking on Google MyAccount Worth 7,500$ |
| Day 98 |
Info Disclosure and SQLi Writeup |
| Day 99 |
CSRF to HTML INJECTION which results in USER CREDENTIALS Stealing |
| Day 100 |
RCE with Flask Jinja Template Injection |
| Day 101 |
How I could have hacked your Uber account |
| Day 102 |
Bug Bounty Live Recon - Linked / JS Discovery! |
| Day 103 |
HTTP Request Smuggling on business.apple.com and Others |
| Day 104 |
SVG SSRFs and saga of bypasses, A Detailed Guide on Cewl |
| Day 105 |
How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty |
| Day 106 |
XSS , HTML Injection and File Upload Bypass in HUAWEI Subdomain |
| Day 107 |
How Token Misconfiguration can lead to takeover account |
| Day 108 |
How to hack any Payment Gateway? |
| Day 109 |
Race Condition bypassing team limit |
| Day 110 |
Bypass Apple Corp SSO on Apple Admin Panel |
| Day 111 |
The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise |
| Day 112 |
Find security bugs while you sleep! Using nuclei templates, and more.. |
| Day 113 |
Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings |
| Day 114 |
Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044) |
| Day 115 |
How I chained two vulnerabilities to steal credit card details? |
| Day 116 |
How I Made The BBC Hall Of Fame 3 Times |
| Day 117 |
Improper cookie not expiring after logged out! |
| Day 118 |
Open-Redirects, What you doing wrong when you fail at bug bounties? |
| Day 119 |
Bypassing WAF for $2222 |
| Day 120 |
Subdomain Takeover using Mobile?? |
| Day 121 |
Fuzzing and credentials leakage..awesome bug hunting writeup |
| Day 122 |
OTP bypass with response manipulation. |
| Day 123 |
There is no task Today Enjoy Eid Festival 🥳😊😃 |
| Day 124 |
An Bug Bounty Hunter’s Guide to IDOR Vulnerabilities |
| Day 125 |
How I got a lousyT-Shirt from the Dutch Government. |
| Day 126 |
Hack the HAckers |
| Day 127 |
The $16,000 Dev Mistake |
| Day 128 |
Denial of Service through … |
| Day 129 |
How i found a vulnerability that leads to access any users’ sensitive data and got $500 |
| Day 130 |
ToolTime - Cloud Recon 1 |
| Day 131 |
A Fun SSRF through a Headless Browser |
| Day 132 |
2FA Bypass in PickMyCareer.in |
| Day 133 |
Exploiting Google Maps API keys for profit |
| Day 134 |
Creator Studio’s api endpoint is vulnerable to IDOR, exposes “p40_earnings_usd”:$$$ |
| Day 135 |
I have 1% chance to hack this company |
| Day 136 |
HTTP Request Smuggling: Part-1 (Concepts) |
| Day 137 |
Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1) |
| Day 138 |
Can analyzing javascript files lead to remote code execution? |
| Day 139 |
My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information's & In Some cases Passwords At More Than 1000 Companies |
| Day 140 |
Origin IP found, WAF Cloudflare Bypass |
| Day 141 |
MFA (Multi-Factor Authentication) |
| Day 142 |
Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click |
| Day 143 |
Does ms15–034 still exist today ? |
| Day 144 |
How I managed to take over any account visits my profile with Stored XSS |
| Day 145 |
The Bucket’s Got a Hole in it |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent
