About
This page contains all the resources related to application security and penetration testing shared by Harsh Bothra. There are some additional resources and references added that one can follow to expand their knoweldge & learning curve.
Note: All the information listed here is for educational purpose and any sort of misuse is not endorsed by the author. Additional resources are sourced from different authors and original rights remain to them and kudos to everyone for sharing valuable knowledge.
DO YOU WANT TO GET YOU APPLICATIONS PENTESTED OR NEED SOME AMAZING CONTENT FOR YOUR BLOG?
- Reach out at hbothra22@gmail.com
Resources
SecurityStories Series
-
SecurityStories - 52 Weeks, 52 Stories is a new initiative to share stories of cyber security professionals who are spread across the globe to tell the world about how they started, what were the blockers in their journey, where they were vs where they are now and likewise, interesting stuff. This is to inspire the world and share the less-known stories of cyber security professionals.
-
Repository Link: https://github.com/harsh-bothra/SecurityStories
SecurityExplained Series
-
SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
-
Repository Link: https://github.com/harsh-bothra/SecurityExplained
MindMaps
S.NO | Mindmaps | Category |
---|---|---|
1 | 2FA Bypass Techniques | Bypass Techniques |
2 | Scope Based Recon | Methodology & Workflow |
3 | Cookie Based Authentication Vulnerabilities | Attacks Checklist |
4 | Unauthenticated JIRA CVEs | CVEs List |
5 | Android Application Penetration Testing Checklist | Attacks Checklist |
6 | XML Attacks | Attacks Checklist |
7 | Common Vulnerabilities on Forget Password | Attacks Checklist |
8 | Vulnerability Checklist for SAML | Attacks Checklist |
9 | Account Takeover Methodologies | Attacks Checklist |
Blog Written for Organizations:
Security Talks
All Security Talks Playlist: https://www.youtube.com/playlist?list=PLYn5_MxRvV-fxPL90I-uebXQzQBXfIaY0
Security Blogs
Learn365
-
Learn365 repository contains all the information shared during Harsh’s Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life.
-
Repository Link: https://github.com/harsh-bothra/learn365
Talk Slides
S.NO | Slides | Category |
---|---|---|
1 | Got Cookies? Cookie Based Authentication Vulnerabilities | Cookie Based Attacks |
2 | Bug Hunting Tactics | Methodology & Workflow |
3 | Application Testing Methodology & Scope Based Recon | Methodology & Workflow |
4 | Pathway to AppSec - DC9140 | Pathway to AppSec |
5 | Broken Cryptography & Account Takeovers | Broken Cryptgraphy, Account Takeover |
6 | Having Fun with RegEx | Regular Expressions |
7 | Scope Based Recon for Mundane {Bug Bounty Hunters} | Recon |
8 | Offensive Recon for Bug Bounty Hunters | Recon |
9 | Offensive Recon - Bug Hunter’s Playbook | Recon |
10 | Weaponizing Recon - Smashing Applications for Security Vulnerabilities & Profit | Recon |
11 | Bug Hunting Tactics & Wins for 2021 | Methodology & Workflow |
12 | Exploiting Misconfigured Jira Instances for $$$ | Exploiting Known Vulnerabilities |
13 | Trending Vulnerabilities with Insights to OWASP TOP 10 | Vulnerability Trends, OWASP TOP 10, Application Security |
Tools
- Project Bheem: A Simple Recon Wrapper around different tools written in Bash
- Project Link: https://github.com/harsh-bothra/Bheem
Other Resources
Below are my go to resources that I follow when doing Bug Bounty & Penetration Testing:
S.NO | Resources | Category |
---|---|---|
1 | PayloadsAllTheThings | Payloads |
2 | HackTricks | Learning Guide |
3 | Cobalt Vulnerability Wiki | Vulnerability Wiki |
4 | Portswigger Research | Portswigger Research |
5 | Intigriti BugBytes | Weekly Collection of Trending Topics |
6 | OWASP Testing Guide | Testing Guide |
7 | Mobile Security Guide | Mobile Security Testing Guide |
8 | Infosec Writeups | Writeups |
9 | Awesome Repository | Huge Collection of Resources |
There are tons of resources to be added and I’ll keep on updating this.
Contact
Keep in touch:
Side Notes
Thank you for taking out time to visit and follow above-mentioned resources. If they helped you, do share on Twitter, LinkedIn and on other platforms.