SUMMARY.md

Table of contents

• 💣 Infosec Corruption

Bug-Bounty/Web-Hacking

• Application & Business Logic
• Command Injection
• CRLF
• CSRF
• HTTP Methods Vulns.
• IDORs / Auth. Bugs
• LFI
• SSRF
• SSTI
• Code Analysis : PHP & grep

Burp Suite

• Autorize
• Burp tips
• Methodology
• Intruder Payload Processing
• Other extensions
• Turbo Intruder

API Penetration Testing

• API attacks
• API/SOAP/WSDL Tricks
• Checklist
• Common endpoints
• JSON testing in APIs
• 31 days of API security tricks

Tools

• Nmap
• Web-scanners
• Recon-ng
• Wfuzz

WAF Bypasses

• General WAF torment
• Cloudflare
• Testing Methodology/Evasion techniques
• Tools and Resources

Enumeration

• Port 139, 445 : SMB/NetBIOS