Learn365

Welcome to Learn365! This repository is about 365 days of Learning . This repository contains all the information shared during my Learn 365 Challenge.365 Days of Learning is a challenge to stay engaged in learning and personal development for a full year by setting a goal to learn something new every day, it can be anything from infosec.Follow me on LinkedIn for Regular Updates Affan Ahmed . Huge thanks to Anubhav Singh and Harsh Bothra, from whoam I got motivated to start this Learn365 challenge.

Date	DAY	TOPIC
05-01-23	1	Solstice VM Walkthrough
06-01-23	2	Command Injection-By-Harsh-Bothra
07-01-23	3	PG-Play : ICMP BOX Walkthrough by S1Ren
08-01-23	4	Aditya Shende Writeup
09-01-23	5	Subdomain Takeover
10-01-23	6	Beginners Guide to Container Security
11-01-23	7	Json Web Tokens
12-01-23	8	HTB-Seventeen
13-01-23	9	All you need to know about JWT Pt. 2
14-01-23	10	The Ultimate Guide to SQL Injection
15-01-23	11	Infosec Writeup
16-01-23	12	huntr-dev-XSS-Writeup
17-01-23	13	huntr-dev-File-Upload-Writeup
18-01-23	14	huntr-dev-Path-Traversal-Writeup
19-01-23	15	Uploading the Webshell using filename of Content-Disposition Header Story!
20-01-23	16	XSS in Integration URL in linagora/twake
21-01-23	17	Access Control Violation - Sensitive Data Exposure
22-01-23	18	How A Simple IDOR Led Me To Delete Any Account
23-01-23	19	Vulnerable-Code-Snippet:1 WebSockets Security Explained For Security Enthusiasts
24-01-23	20	SecurityExplained S-13: Vulnerable Code Snippet - 2 Exploiting Open Redirect – Whitelist Bypass Using Salesforce Environment
25-01-23	21	Weak password policy : Old password can be set as new password in ikus060/rdiffweb
26-01-23	22	Bypassing application logic to set a blank password in ikus060/rdiffweb
27-01-23	23	XSS in RSS Description Link in glpi-project/glpi
28-01-23	24	Weaponizing self-xss Discovered Reflected Cross-Site Scripting Vulnerable into Shaadi.com
29-01-23	25	Understanding Server Side Template Injection In Flask Apps
30-01-23	26	Exploring SSTI In Flask/Jinja2
31-01-23	27	Find and Exploit NoSQL Injection How to Directory Brute Force Properly
01-02-23	28	Cross-site Scripting (XSS) - Stored in projectsend/projectsend
02-02-23	29	parser bypass and make SSRF attack in ionicabizau/parse-url SSRF in feeds in glpi-project/glpi NahamCon2022EU: Till REcollapse: Fuzzing the Web for Mysterious Bugs by @0xacb
03-02-23	30	Ultimate Guide To SQL Injection – Part I
04-02-23	31	What is DOM-based XSS (cross-site scripting)?
05-02-23	32	Research How can Local File Inclusion lead to RCE
06-02-23	33	RCE in Wordnet Browser in nltk/nltk Bypass All Captchas in the application in thorsten/phpmyfaq
07-02-23	34	What Should You Do After Recon?! Multiple Ways to Crack WordPress login
08-02-23	35	HTTP Query String Injection in unjs/unstorage Open Redirect on "returnUrl=" parameter in btcpayserver/btcpayserver
09-02-23	36	Subdomain Takeover: Proof Creation for Bug Bounties CTF LFI Challenge December
10-02-23	37	Hacking Web Cache - Deep Dive in Web Cache Poisoning Attacks
11-02-23	38	SecurityExplained S-15: Vulnerable Code Snippet - 3 SecurityExplained S-16: Vulnerable Code Snippet - 4 SecurityExplained S-17: Vulnerable Code Snippet - 5
12-02-23	39	SecurityExplained S-18: Vulnerable Code Snippet - 6 SecurityExplained S-19: Vulnerable Code Snippet - 7 SecurityExplained S-20: Vulnerable Code Snippet - 8
13-02-23	40	2 FA Bypassing Methods & Techniques
14-02-23	41	SecurityExplained S-21: Vulnerable Code Snippet - 9 SecurityExplained S-22: Vulnerable Code Snippet - 10 SecurityExplained S-23: Vulnerable Code Snippet - 11
15-02-23	42	SecurityExplained S-24: Vulnerable Code Snippet - 12 SecurityExplained S-25: Vulnerable Code Snippet - 13 SecurityExplained S-26: Vulnerable Code Snippet - 14
16-02-23	43	SecurityExplained S-27: Vulnerable Code Snippet - 15 SecurityExplained S-28: Vulnerable Code Snippet - 16 SecurityExplained S-29: Vulnerable Code Snippet - 17
17-02-23	44	Spot The Vulnerability XSS Challenge Simplified
18-02-23	45	Basics Of HTTP Request Smuggling
19-02-23	46	HTTP REQUEST SMUGGLING PART-2
20-02-23	47	A GUIDE TO SERVER SIDE REQUEST FORGERY(SSRF)
21-02-23	48	Deep Dive Into Android Security
22-02-23	49	Getting Started Into Android Security Part 2
23-02-23	50	Oauth A Feature To Vulnerability
24-02-23	51	Broken Access Control in francoisjacquet/rosariosis
25-02-23	52	Limited LFI via Path Traversal in salesagility/suitecrm
26-02-23	53	Prevent account takeover with proper cookie configuration
27-02-23	54	Arbitrary txt files deletion (authenticated) in nilsteampassnet/teampass
28-02-23	55	How I hacked into a company with 200,000+ users
01-03-23	56	Networking Pivoting via SSH
02-03-23	57	SecurityExplained S-30: Vulnerable Code Snippet - 18
03-03-23	58	Mobile Application Pentesting: Analyzing Common Vulnerabilities
04-03-23	59	SQL Injection in 'core/ajax/ajax_data.php' in unilogies/bumsys
05-03-23	60	A New Vector For “Dirty” Arbitrary File Write to RCE
06-03-23	61	Cross-Site Request Forgery (CSRF) Explained
07-03-23	62	Stored DOM-based Cross-site Scripting in Tags Functionality in answerdev/answer SQL Injection in Custom Fields in phpipam/phpipam
08-03-23	63	XSS via Client Side Template Injection in btcpayserver/btcpayserver
09-03-23	64	How to Write your First Nuclei Template ?
10-03-23	65	Authentication Bypass for users with MD5 password hash in froxlor/froxlor
11-03-23	66	RCE using bad deserialization in builderio/qwik
12-03-23	67	IDOR to delete memo from archives in usememos/memos
13-03-23	68	CSRF leading to delete a domain in modoboa/modoboa CSRF leading to delete a user in modoboa/modoboa
14-03-23	69	Idor disclose other user's appointment in openemr/openemr
15-03-23	70	Unauthenticated OS in stamparm/maltrail in stamparm/maltrail
16-03-23	71	XSS in Document Types module in Settings in pimcore/pimcore
17-03-23	72	IDOR in ilsteampassnet/teampass
18-03-23	73	Phar Deserialization of Untrusted Data in knplabs/snappy
19-03-23	74	Active Directory Series: Active Directory Fundamentals
20-03-23	75	SVG Sanitization Bypass - XSS in imgproxy/imgproxy
21-03-23	76	How I Found Business Logic Vulnerability in Google Pay
22-03-23	77	SQLi in API authorization check in nilsteampassnet/teampass
23-03-23	78	SECURING AD WHEN ANONYMOUS USERS MUST HAVE ACCESS
24-03-23	79	Blind LFI in register-model/get?name= in mlflow/mlflow
25-03-23	80	LFI/RFI in MLflow in mlflow/mlflow
26-03-23	81	mitm6 – compromising IPv4 networks via IPv6
27-03-23	82	Unhandled SWF Tags in MP4Box: in GPAC in gpac/gpac
28-03-23	83	how-to-shut-down-a-plant-remotely
29-03-23	84	Autenticated Stored (XSS) in pluck-cms/pluck
30-03-23	85	token forgery in deepset-ai/haystack
31-03-23	86	XSS @ records in thorsten/phpmyfaq
01-04-23	87	RCE by SSTI Injection in microweber/microweber
02-04-23	88	Captcha Bypass in answerdev/answer
03-04-23	89	SIGSEGV libr/bin/p/bin_ radareorg/radare2
04-04-23	90	SecurityBoat Dynamic Challenge SSRF Solution
05-04-23	91	SQLi at /front/report.dynamic.php in glpi-project/glpi
06-04-23	92	BAC in Vote/Friend Function in pbboard/pbboard-3.0.4
07-04-23	93	Guide to Parameter Enumeration
08-04-23	94	IDOR-leads to account takeover in glpi-project/glpi
09-04-23	95	Formula injection via Full Name in chatwoot/chatwoot
10-04-23	96	CSRF & Bypasses
11-04-23	97	Password reset link not expired in answerdev/answer
12-04-23	98	Exploiting Server Side Request Forgery (SSRF) in an API
13-04-23	99	Stored XSS in nilsteampassnet/teampass
14-04-23	100	RCE-File Write in froxlor/froxlor
15-04-23	101	Restriction-Excessive-Authentication
16-04-23	102	password validation. in limesurvey/limesurvey
17-04-23	103	HTTP Parameter Pollution (English)
18-04-23	104	password validation.in limesurvey/limesurvey
19-04-23	105	A detailed guide to OSINT
20-26	106-112	SQL Injection leads to code execution in unilogies/bumsys
27-04-23	113	Cross site scripting on the login page in pimcore/pimcore
28-04-23	114	Path Traversal in code in unilogies/bumsys
29-04-23	115	Weaponizing Reflected XSS to Account Takeover
30-04-23	116	Reflected xss on login.php leads to account takeover
01-05-23	117	EmailAddress Manipulation Vulnerability in thorsten/phpmyfaq
02-05-23	118	Zero-Click Remote Code Execution in appium/appium-desktop
03-05-23	119	Multiple SQL Injections in salesagility/suitecrm
04-05-23	120	AWS_Cognito_Misconfigurations:The_Silent_Killer
05-05-23	121	Broken Rate Limiting in azuracast/azuracast
06-05-23	122	Stored XSS on items in Folder in nilsteampassnet/teampass
07-05-23	123	How I found XSS via SSRF vulnerability -Adesh Kolte
08-05-23	124	API6 - Mass Assignment-crAPI
09-05-23	125	Solved-lab:Blind SQL Injection with Conditional Responses
10-05-23	126	CSV-Injection-in-pimcore/customer-data-framework
11-05-23	127	Escalating SSRF to RCE
12-05-23	128	Lack of brute force protection in linagora/twake
13-05-23	129	Chaining vulnerabilities leads to account takeover
14-05-23	130	Solved:Stocker From HTB
15-05-23	131	XSS leading to session hijacking in pandorafms/pandorafms
16-05-23	132	XSS to RCE found in Trilium in zadam/trilium
17-05-23	133	Possible URL spoofing on wildcard path in unjs/h3
18-05-23	134	Stored xss leads to doctor / admin account takeover
19-05-23	135	Insecure Temporary File in huggingface/transformers
20-05-23	136	Local File Read Bypass in mlflow/mlflow in mlflow/mlflow
21-05-23	137	Bug Bounty Hunter Mindset - Yassine Aboukir
22-05-23	138	Stored XSS and CSP Bypass in KiwiTCMS in kiwitcms/kiwi
23-05-23	139	XML External Entity (XXE) injection in sympy in sympy/sympy
24-05-23	140	Stored HTML injection in nilsteampassnet/teampass
25-05-23	141	IDOR leading to Privilege Escalation!
26-05-23	142	Building a Password Cracker in Rust
27-05-23	143	HTTP Request Smuggling Basics
28-05-23	144	Blind SQLi
29-05-23	145	How a simple Directory Listing leads to PII Data Leakage,RCE
30-05-23	146	Security source code review expert - Shubham Shah
31-05-23	147	Stored XSS bypass in "FAQ" in thorsten/phpmyfaq
01-06-23	148	5 Ways I Bypassed Your Web Application Firewall (WAF)
02-06-23	149	XSS at User-Agent of Headers in mkucej/i-librarian-free
03-06-23	150	Attacker can turn off 2FA of the Admin in tsolucio/corebos
04-06-23	151	Bypass change password policy in tsolucio/corebos
05-06-23	152	BAC On Item via ID in nilsteampassnet/teampass
06-06-23	153	Stored XSS Via SVG Upload in kiwitcms/kiwi
07-06-23	154	Chaining HTML injection to XSS lead to steal Cookie
08-06-23	155	HTML INJECTION LEADS TO OPEN REDIRECT
09-06-23	156	Web Services And Its Attack Types
10-06-23	157	HTML Injection in Folder Name in nilsteampassnet/teampass
11-06-23	158	File Path Traversal Vulnerability in froxlor/froxlor
12-06-23	159	Session Fixation in froxlor/froxlor
13-06-23	160	Bypassing Firewalls: Going Beyond Source Port Manipulation
14-06-23	161	Userscan order Add-Ons Separately in fossbilling/fossbilling
15-06-23	162	westillcanorderthe product even it is disabled in fossbilling/fossbilling
16-06-23	163	SQLI in the "Users" function of Piwigo in piwigo/piwigo
17-06-23	164	DOM XSS and openredirect in saleor/react-storefront
18-06-23	165	IDOR in message deletion in admidio/admidio
19-06-23	166	The user can delete himself in limesurvey/limesurvey
20-06-23	167	Bypassing Okta SSO=> HTTPS/HTTP
21-06-23	168	Formula Injection in CSV export feature in admidio/admidio
22-06-23	169	Stored XSS in module named in salesagility/suitecrm-core
23-06-23	170	Privilege Escalation Vulnerabilityin fossbilling/fossbilling
24-06-23	171	Session Fixation Vulnerability in fossbilling/fossbilling
25-06-23	172	SSTI leads to RCE in fossbilling/fossbilling
26-06-23	173	Arbitrary Code Execution in Apache BRPC in apache/brpc
27-06-23	174	CSRF Leading to reset Boxes in limesurvey/limesurvey
28-06-23	175	URL Restriction Bypass in plantuml/plantuml
29-06-23	176	Leak Secret tokens by changing baseURL nuxt-api-party
30-06-23	177	wecan still send the photo asthe albums is locked in admidio
01-07-23	178	RCE via File upload in fossbilling/fossbilling
02-07-23	179	SQLI in searchArticles function in fossbilling/fossbilling
03-07-23	180	CSV Injection while export users in fossbilling/fossbilling
04-07-23	181	IncorrectAuthorizationleads-delete-userlimesurvey/limesurvey
05-07-23	182	Stored XSS in kiwitcms/kiwi
06-16	183-193	SQL injection in some Admin Sort functions Cross site scripting in Admidio 4.2.9 via headline parameter Stored XSS on user "Category report" function Cross-Site Request Forgery lead to lock and unlock Album Stored XSS on user "Edit own profile" function Stored XSS on user "Write private message" function Vulnerable CKEditor used on version 4.2.9 Broken Access Control on Private Message Function Exposure version installed on the system Mongoose Prototype Pollution Vulnerability in automattic/mongoose IDOR can make attackers add or close others' unavaiable in alextselegidis/easyappointments
17-07-23	194	BUG BOUNTY: ANDROID APPLICATION PENETRATION TESTING #1 2023
18-07-23	195	Potential-XSS injection in stuff and say attributes in i40west/obfumatic
19-07-23	196	Common mistakes when using permissions in Android
20-07-23	197	Exploiting memory corruption vulnerabilities on Android
21-07-23	198	How i buy a subdomain of Tokopedia’s website
22-07-23	199	SQL injection in Data Objects function in pimcore/pimcore
23-07-23	200	Exploit Writing 101 - Beyond Just Reporting Bugs
24-07-23	201	Confidentialinformation provided to user with no permissions in pimcore/pimcore
25-07-23	202	Account Takeover via Email Confirmation
26-07-23	203	BUG BOUNTY: DEEP RECON INTO THE WEB APPLICATION
27-07-23	204	XSS on Microsoft.com via Angular Js template injection
28-07-23	205	Netflix Party — XSS Vulnerabilities
29-07-23	206	Always escalate! From Self-XSS to Persistent XSS on Login Portal
30-07-23	207	XSS WAF & Character limitation bypass like a boss
31-07-23	208	XSS on Sony subdomain
01-08-23	209	Clickjacking DOM XSS on Google.org
02-08-23	210	My first valid xss(@Hackerone)
03-08-23	211	Instagram/Meta Clickjacking Leads to MakePrivateAccountPublic
04-08-23	212	What I learned from reading 126* Information Disclosure Writeups
05-08-23	213	How did I find information Disclosure on Facebook-Writeup
06-08-23	214	Information Disclosure
07-08-23	215	AEM misconfiguration leads to Information disclosure
08-08-23	216	Misconfigured WordPress takeover to Remote Code Execution
09-08-23	217	Chaining Self XSS with UI Redressing is Leading to Session Hijacking
10-08-23	218	Response manipulation worth 2000$
11-08-23	219	5500$ Bug Story - Ezzy 2FA Bypass
12-08-23	220	Random stuff by yappare
13-08-23	221	From Revealing Emails to Taking Over Accounts (Hacking Telecom)
14-08-23	222	CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover
15-08-23	223	Rate Limit Misconfiguration on tumblr login
16-08-23	224	First Bug Bounty Program found CORS (Cross Origin Resource Sharing ) Misconfiguration
17-08-23	225	Password Reset via OTP BYPASS — response manipulation
18-08-23	226	How to Get Unique Subdomains on Large scope
19-08-23	227	OTP bypass and Account takeover using response manipulation
20-08-23	228	Pivoting Entire Network with Chisel
21-08-23	229	Lateral movement between two domains without abusing Trust Relationships.
22-08-23	230	Bypass Two-Factor Authentication of Facebook Accounts ($25,300)
23-08-23	231	Windows Domains, Pivot & Profit
24-08-23	232	ALL about OSCP Pivoting AD Lateral Movement, ligolo-ng, chisel, sshuttle
25-08-23	233	Enumerating AD users with LDAP
26-08-23	234	Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp
27-08-23	235	Open Directory
28-08-23	236	Found SSRF and LFI in Just 10 minutes of using burp!
29-08-23	237	Uncovering Vulnerabilities: Security Flaws Discovered on the Indian Prime Minister’s Website
30-08-23	238	IDOR in Users Edit screen in omeka/omeka-s
31-08-23	239	SSRF Blind in the image upload module via url in instantsoft/icms2
01-09-23	240	How I found a No Rate Limit bug
02-09-23	241	There is no rate limit for SME REGISTRATION PORTAL
03-09-23	242	Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
04-09-23	243	privilege escalation : Low access user can view Admin PRIVATE POST by using PIN functionality in usememos/memos
05-09-23	244	https://github.com/ctflearner/Learn365/blob/main/Days/Day244.md
06-09-23	245	XSS at file uploading in instantsoft/icms2
07-09-23	246	IDOR Vulnerability Allow Low-Level User change role Everyone Includes Admin in answerdev/answer
08-09-23	247	Leaked Database and SMTP credentials through .env file
09-09-23	248	How I got RXSS from Shodan
10-09-23	249	How I placed into Apple Hall of Fame in 5 Minutes
11-09-23	250	Improver Validation of File Name Causes RCE in tenpi/music-player
12-09-23	251	SQL injection and Authentication bypass in mintplex-labs/anything-llm
13-09-23	252	Account Takeover at https://trello.com
14-09-23	253	SQL Injection Vulnerability in Content Page in instantsoft/icms2
15-09-23	254	HTML Injection in librenms/librenms
16-09-23	255	Exploiting Broken Access Control Vulnerability
17-09-23	256	22.6k+ GitHub Stars Note-Taking App Hit by Critical XSS Vulnerability
18-09-23	257	XSS/CSRF in GetImage Endpoint in usememos/memos
19-09-23	258	How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tab
20-09-23	259	Multiple Self-XSS Vulnerabilites in hestiacp/hestiacp
21-09-23	260	Application allows large characters to insert in the input field "Add new table"... in nocodb/nocodb
22-09-23	261	XML injection vulnerability: Examples, cheatsheet and prevention
23-09-23	262	How I Hacked the Exam Portals of 1000+ Indian Institutions Including LPU, IIT Bombay, IIT Kanpur, VIT, SRM, UPES, GITAM, GNA University, and More, Impacting Over 1 Million Students and 65,000+ Teachers.
24-09-23	263	No rate limit lead to otp brute forcing
25-09-23	264	Stored XSS via user's Username in limesurvey/limesurvey
26-09-23	265	How I Mass hunt for Admin Panel Access…
27-09-23	266	Stored XSS in description of theme in limesurvey/limesurvey
28-09-23	267	Basics of API Security – Part 1
29-09-23	268	No rate limiting on creating access token in ikus060/rdiffweb
30-09-23	269	Secret information exfiltration by hard coding twitter API keys in microweber/microweber
01-10-23	270	Store DOM XSS in Edit configuration in thorsten/phpmyfaq
02-10-23	271	Stored XSS at LOGO+USER menu in instantsoft/icms2
03-10-23	272	Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes in salesagility/suitecrm
04-10-23	273	Stored XSS in the Cases functionality in salesagility/suitecrm
05-10-23	274	Open Redirect in mosparo/mosparo
06-10-23	275	XSS Steal Cookies
07-10-23	276	Stored Cross Site Scripting (XSS) in snipe/snipe-it
08-10-23	277	RXSS in onpremises version of structurizr in structurizr/onpremises
09-10-23	278	Account takeover via leaked session cookie
10-10-23	279	Incorrect Authorization in User role in limesurvey/limesurvey
11-10-23	280	CSRF in Send Reminder in snipe/snipe-it
12-10-23	281	Account takeover due to misconfiguration
13-10-23	282	HTML injection Leads to Open redirection in froxlor/froxlor
14-10-23	283	HackTheBox Business CTF 2023 – Crypto
15-10-23	284	No rate limit on sending magic link to sign-in in vriteio/vrite
16-10-23	285	Time-Based Blind SQL injection leads to database extraction in librenms/librenms
17-10-23	286	Don't Trust the Host Header for Sending Password Reset Emails
18-10-23	287	CSRF in Payment Types in pkp/ojs
19-10-23	288	Android Pentesting 101: A Novice’s Handbook to Getting Started
20-10-23	289	leaked all users names from a user without known permissions in wagtail/wagtail
21-10-23	290	DOM Cross Side Scripting in modoboa/modoboa
22-10-23	291	How I saved 2.8 Million PII of Indian citizens from hackers.
23-10-23	292	Cross-site Scripting (XSS) - Stored in janeczku/calibre-web
24-10-23	293	Cross-site scripting (XSS) stored in href bypasses filter using data wrapper in janeczku/calibre-web
25-10-23	294	Blind Sql Injection in https://█████/qsSearch.aspx
26-10-23	295	An agent without permission has the ability to update, add, or delete FAQ items in osticket/osticket
27-10-23	296	Time-base SQL Injection in Search Users
28-10-23	297	Improper input validation leads to arbitrary file deletion in mintplex-labs/anything-llm
29-10-23	298	Password Reset link hijacking via Host Header Poisoning in linkstackorg/linkstack
30-10-23	299	IDOR - Users can change Administrator information (User ID = 1 ) in limesurvey/limesurvey
31-10-23	300	Store DOM XSS in FAQ in thorsten/phpmyfaq
01-11-23	301	Stored XSS in module named "New Submissions" in pkp/pkp-lib
02-11-23	302	Improper Access Control That Leads to Privilege Escalation / Account Takeover in glpi-project/glpi
03-11-23	303	Theft of Arbitrary Files from non-exported FileProvider via improper implementation of setResult in WelcomeScreen.kt in teamamaze/amazefileutilities
04-11-23	304	$7000 Bounty on a Single Web Application
05-11-23	305	CSRF Delete Navigation Menu Items in pkp/pkp-lib
06-11-23	306	SAML 2.0: A Brief Conceptual Overview
07-11-23	307	How I sent multiple payment requests on PhonePe, Paytm, and Google Pay
08-11-23	308	user can still comment the unpublish blog in microweber/microweber
09-11-23	309	User sends email to group member, while not having general user group permissions in limesurvey/limesurvey
10-11-23	310	How I got Access to a Company’s Auth0 Management API !!
11-11-23	311	CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman
12-11-23	312	Disabled accounts still work normally in pkp/pkp-lib
13-11-23	313	How to Upgrade Your XSS Bugs from Medium to Critical
14-11-23	314	CVE-2023-27537: HSTS double-free
15-11-23	315	First step of IOS Pentesting Approaching IOS application for Pentesting (Beginner Edition )
16-11-23	316	Reflected XSS via Upgrade Wizard in salesagility/suitecrm
17-11-23	317	LFI in Ray API in ray-project/ray
18-11-23	318	Relative path traversal in vertaai/modeldb
19-11-23	319	Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration How a Dumb Frontend Led to 750 $ Bounty
20-11-23	320	Unauthorized Access and Content Modification in h20-r S3 Bucket which is used in .sh and docker file leads to spread of malicious R package which can lead to remote code execution in h2oai/h2o-3
21-11-23	321	Bug Bounty Target Deep Dive
22-11-23	322	Can use csrf to steal/modify block content, artifact content, variables possibly leading to RCE when the dashboard is running on a developers workstation in prefecthq/prefect
23-11-23	323	Code injection in cpu_profile format parameter in ray-project/ray
24-11-23	324	Pentesting Linux Thick Client Applications
25-11-23	325	CVE-2023-23914: HSTS ignored on multiple requests
26-11-23	326	Easy $500 Vulnerabilities! // How To Bug Bounty
27-11-23	327	[Quora Android] Possible to steal arbitrary files from mobile device
28-11-23	328	Passcode Protection in Android Devices Can be Bypassed.
29-11-23	329	Reverse Engineering APK an Android app
30-11-23	330	2 click Remote Code execution in Evernote Android
01-12-23	331	Vulnerabilities in exported activity WebView
02-12-23	332	Cross Site Scripting (XSS) in Layers of Image in viliusle/minipaint
03-12-23	333	Android App Bug Bounty Secrets
04-12-23	334	[Grab Android/iOS Insecure deeplink leads to sensitive information disclosure
05-12-23	335	CVE-2020-8913
06-12-23	336	PDF Upload Leading to Stored XSS
07-12-23	337	DoS via Password Strength Checker Function
08-12-23	338	Identity Aware Proxy for Securing GCP Applications: Part-01
09-12-23	339	Javascript Analysis to SQL injection
10-12-23	340	New payload to exploit Error-based SQL injection - Oracle database
11-12-23	341	Initial access
12-12-23	342	Leaking error content at upload file in microweber/microweber
13-12-23	343	631-burpsuite-101-going-deep-into-intruder
14-12-23	344	Understanding Directory Traversal Vulnerabilities
15-12-23	345	unveiling-mobile-app-security-a-comprehensive-guide
16-12-23	346	how-i-found-130-sub-domain-takeover-vulnerabilities-using-nuclei
17-12-23	347	Updated Beginners Guide to API Bug Bounty
18-12-23	348	Recon in Cybersecurity #11 - The Never Ending JS Files
19-12-23	349	Recon in Cybersecurity #12 - Digging into The Past with WaybackMachine
20-12-23	350	PostgreSQL SELECT only RCE
21-12-23	351	how-can-i-account-take-over-any-account
22-12-23	352	understanding-edr-vs-xdr-differences-and-the-future-outlook
23-12-23	353	Hacking with The Internet Time Machine
24-12-23	354	The ART of Chaining Vulnerabilities
25-12-23	355	How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain
26-12-23	356	From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR
27-12-23	357	How to Bypass Device Verification for Email & Login Forms? — no cookies required!
28-12-23	358	Recon in Cybersecurity #13 - A Primer on Reporting - Don't Sabotage Yourself
29-12-23	359	Store XSS in Notifications Menu in instantsoft/icms2
30-12-23	360	AWS S3 Enumeration Basics
31-12-23	361	DoS via abusing the Upload Function
01-01-24	362	Possible XSS vulnerability without a content security bypass
02-01-24	363	How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports
03-01-24	364	Path traversal to RCE in Android — Mobile Hacking Lab ‘Document Viewer’ write-up
04-01-24	365	CSP Bypass ”script-src” – Detailed Writeup