Light

ktzgraph / security-research-tutorials Goto Github PK

View Code? Open in Web Editor NEW

This project forked from danieldizzy/security-research-tutorials

0.0 0.0 0.0 11 KB

Personal collection of tutorial resources

security-research-tutorials's Introduction

Security-Research-Tutorials

Personal collection of tutorial resources that can be helpful in my quest to security research and web application hacking. Credit to BugCroud, most resources were from thier blog posts. Please let me know if you have any suggestions for resources that i should add to this list.

##Web applications:

XSS

Tutorial on cross-site scripting A comprehensive tutorial on cross-site scripting
Attacks using XSS Filters/IDS Favorite XSS Filters/IDS and how to attack them- PDF
XSS Introduction Introduction to cross-site scripting Google

Cross-Site Request Forgery Finding and Preventing CSRF- PDF
[Exploiting CSRF Vulnerabilities] (http://tipstrickshack.blogspot.jp/2012/10/how-to-exploit-csfr-vulnerabilitycsrf.html) How to exploit CSRF Vulnerabilities

### SQL Injection

SQL InjectionIntroduction to SQL Injection
[MSSQL Injection PWNage] (https://www.exploit-db.com/papers/12975/)Full MSSQL Injection PWNage
[Everything SQL injection] (http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html)Everything you wanted to know about SQL injection

### Remote Code/Command Execution

[Finding RCE] (http://exploit-db.com/papers/12885/)How to find RCE in scripts with examples
[Yahoo LFI Converted to RCE] (https://soroush.secproject.com/blog/2013/10/yahoo-bug-bounty-program-lfi-reported-and-patched/) Yahoo LFI Converted to RCE
[Remote Code Execution in Elasticsearch] (http://jordan-wright.com/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/) Remote Code Execution in Elasticsearch - CVE-2015-1427

XXE Detection Generic XXE Detection
[XML Out-Of-Band Data Retrieval] (https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf)
SSRF vs XXE tunneling in SAP SSRF vs. Business-critical applications: XXE tunneling in SAP
About XXE What you don't know about XXE

SSRF Attacks
[How to steal and modify data using Business Logic flaws] (https://www.youtube.com/watch?v=mQjTgDuLsp4)
[Exploiting CVE-2011-2461 on google.com] (http://blog.mindedsecurity.com/2015/03/exploiting-cve-2011-2461-on-googlecom.html)
InjectX to find XSS

### Mobile Applications: #### Android

Debugging Java Applications Debugging Java Applications Using JDB and how to use CMD
Hacking Android Apps Hacking Android Apps Using Backup Techniques

[Setting Up a Mobile Pentesting Platform]
[iOS Application Security]

###Tutorials * [PentesterLab - PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities] * [Exploit Database](https://www.exploit-db.com/papers/)Papers on Newly Updated Exploits * [Hunting for Top Bounties] * ###Tools * [Burp Suite](https://portswigger.net/burp/) An integrated platform for performing security testing of web applications * [SQL Map](http://sqlmap.org/) An open source penetration tool that automates the process of detecting and exploiting SQL injection flaws and taing over of database servers [Tutorial] (http://www.binarytides.com/sqlmap-hacking-tutorial/) * [SQL Ninja] (http://sqlninja.sourceforge.net/) Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end [How To] (http://www.jedge.com/wordpress/sqlninja-sql-injection/) * [Hack Bar](https://addons.mozilla.org/en-us/firefox/addon/hackbar/)This Firefox toolbar will help you in testing sql injections, XSS holes and site security. * [Knock](https://github.com/guelfoweb/knock ) Enumerates subdomains on a target domain through a wordlist [How To] (http://www.securitytube.net/video/6549) * [The ZED Attack Proxy ZAP] (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) * [Ratproxy by Google ] (https://code.google.com/p/ratproxy/) [How To](http://www.daveperrett.com/articles/2010/09/24/security-testing-with-googles-ratproxy/) * [OWASP SKANDA Exploitation Framework] (http://www.chmag.in/owasp-skanda-ssrf-exploitation-framework/) * [man ascii] (unixhelp.ed.ac.uk/CGI/man-cgi?ascii+7) On most unices gives you the ASCII table with decimal, octal and hex codes for each character * [DNS Discovery](https://github.com/m0nad/DNS-Discovery) A multithreaded subdomain bruteforcer. * [Iron WASP](https://ironwasp.org/) free & open source security scanner * [WebSlayer](www.edge-security.com/webslayer.php) One of the best free tools available" ###Video Channels *[hacktivity](https://www.youtube.com/channel/UC71Pa-YHA32hYPKTRjZgbXw)

security-research-tutorials's People

Contributors

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs