Links

View on GitHub

внутренности windows

https://www.geoffchappell.com/index.htm

очень интересный блог

https://blog.didierstevens.com/

колекция техник инжекта)

https://github.com/snovvcrash/DInjector

WMI attack (real sheet)

https://0xinfection.github.io/posts/

COOL XRэнь

https://attackdefense.com/listingnoauth?labtype=windows-post-exploitation&subtype=windows-post-exploitation-metasploit

Malicious Command-Line

https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Windows

Phase 2 – Web and Server Technology

Basic concepts of web applications, how they work and the HTTP protocol - https://www.youtube.com/watch?v=RsQ1tFLwldY&t=7s
HTML basics part 1 - https://www.youtube.com/watch?v=p6fRBGI_BY0
HTML basics part 2 - https://www.youtube.com/watch?v=Zs6lzuBVK2w 
Difference between static and dynamic website - https://www.youtube.com/watch?v=hlg6q6OFoxQ 
HTTP protocol Understanding - https://www.youtube.com/watch?v=JFZMyhRTVt0 
Parts of HTTP Request -https://www.youtube.com/watch?v=pHFWGN-upGM
Parts of HTTP Response - https://www.youtube.com/watch?v=c9sMNc2PrMU 
Various HTTP Methods - https://www.youtube.com/watch?v=PO7D20HsFsY 
Understanding URLS - https://www.youtube.com/watch?v=5Jr-_Za5yQM 
Intro to REST - https://www.youtube.com/watch?v=YCcAE2SCQ6k 
HTTP Request & Response Headers - https://www.youtube.com/watch?v=vAuZwirKjWs 
What is a cookie - https://www.youtube.com/watch?v=I01XMRo2ESg 
HTTP Status codes - https://www.youtube.com/watch?v=VLH3FMQ5BIQ 
HTTP Proxy - https://www.youtube.com/watch?v=qU0PVSJCKcs 
Authentication with HTTP - https://www.youtube.com/watch?v=GxiFXUFKo1M
HTTP basic and digest authentication - https://www.youtube.com/watch?v=GOnhCbDhMzk 
What is “Server-Side” - https://www.youtube.com/watch?v=JnCLmLO9LhA
Server and client side with example - https://www.youtube.com/watch?v=DcBB2Fp8WNI 
What is a session - https://www.youtube.com/watch?v=WV4DJ6b0jhg&t=202s 
Introduction to UTF-8 and Unicode - https://www.youtube.com/watch?v=sqPTR_v4qFA 
URL encoding - https://www.youtube.com/watch?v=Z3udiqgW1VA 
HTML encoding - https://www.youtube.com/watch?v=IiAfCLWpgII&t=109s
Base64 encoding - https://www.youtube.com/watch?v=8qkxeZmKmOY 
Hex encoding & ASCII - https://www.youtube.com/watch?v=WW2SaCMnHdU 





Phase 3 – Setting up the lab with BurpSuite and bWAPP

MANISH AGRAWAL 

Setup lab with bWAPP - https://www.youtube.com/watch?v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
Set up Burp Suite -  https://www.youtube.com/watch?v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2
Configure Firefox and add certificate - https://www.youtube.com/watch?v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV 
Mapping and scoping website - https://www.youtube.com/watch?v=H-_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV 
Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5 
Active and passive scanning - https://www.youtube.com/watch?v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV 
Scanner options and demo - https://www.youtube.com/watch?v=gANi4Kt7-ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV 
Introduction to password security - https://www.youtube.com/watch?v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8 
Intruder - https://www.youtube.com/watch?v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9
Intruder attack types - https://www.youtube.com/watch?v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
Payload settings - https://www.youtube.com/watch?v=5GpdlbtL-1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV 
Intruder settings - https://www.youtube.com/watch?v=B_Mu7jmOYnU&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=12 

ÆTHER SECURITY LAB

No.1 Penetration testing tool - https://www.youtube.com/watch?v=AVzC7ETqpDo&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=1 
Environment Setup - https://www.youtube.com/watch?v=yqnUOdr0eVk&index=2&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA 
General concept - https://www.youtube.com/watch?v=udl4oqr_ylM&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=3
Proxy module - https://www.youtube.com/watch?v=PDTwYFkjQBE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=4
Repeater module - https://www.youtube.com/watch?v=9Zh_7s5csCc&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=5 
Target and spider module - https://www.youtube.com/watch?v=dCKPZUSOlr8&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=6
Sequencer and scanner module - https://www.youtube.com/watch?v=G-v581pXerE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=7

Phase 4 – Mapping the application and attack surface

Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
Mapping application using robots.txt - https://www.youtube.com/watch?v=akuzgZ75zrk 
Discover hidden contents using dirbuster - https://www.youtube.com/watch?v=--nu9Jq07gA
Dirbuster in detail - https://www.youtube.com/watch?v=2tOQC68hAcQ
Discover hidden directories and files with intruder - https://www.youtube.com/watch?v=4Fz9mJeMNkI
Directory bruteforcing 1 - https://www.youtube.com/watch?v=ch2onB_LFoI
Directory bruteforcing 2 - https://www.youtube.com/watch?v=ASMW_oLbyIg
Identify application entry points - https://www.youtube.com/watch?v=IgJWPZ2OKO8&t=34s
Identify application entry points - https://www.owasp.org/index.php/Identify_application_entry_points_(OTG-INFO-006)
Identify client and server technology - https://www.youtube.com/watch?v=B8jN_iWjtyM
Identify server technology using banner grabbing (telnet) - https://www.youtube.com/watch?v=O67M-U2UOAg 
Identify server technology using httprecon - https://www.youtube.com/watch?v=xBBHtS-dwsM
Pentesting with Google dorks Introduction - https://www.youtube.com/watch?v=NmdrKFwAw9U
Fingerprinting web server - https://www.youtube.com/watch?v=tw2VdG0t5kc&list=PLxLRoXCDIalcRS5Nb1I_HM_OzS10E6lqp&index=10
Use Nmap for fingerprinting web server - https://www.youtube.com/watch?v=VQV-y_-AN80
Review webs servers metafiles for information leakage - https://www.youtube.com/watch?v=sds3Zotf_ZY
Enumerate applications on web server - https://www.youtube.com/watch?v=lfhvvTLN60E
Identify application entry points - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLDeogY2Qr-tGR2NL2X1AR5Zz9t1iaWwlM
Map execution path through application - https://www.youtube.com/watch?v=0I0NPiyo9UI
Fingerprint web application frameworks - https://www.youtube.com/watch?v=ASzG0kBoE4c

Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities

A closer look at all owasp top 10 vulnerabilities - https://www.youtube.com/watch?v=avFR_Af0KGk

IBM

Injection  - https://www.youtube.com/watch?v=02mLrFVzIYU&index=1&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
Broken authentication and session management - https://www.youtube.com/watch?v=iX49fqZ8HGA&index=2&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
Cross-site scripting  - https://www.youtube.com/watch?v=x6I5fCupLLU&index=3&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
Insecure direct object reference  - https://www.youtube.com/watch?v=-iCyp9Qz3CI&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=4
Security misconfiguration  - https://www.youtube.com/watch?v=cIplXL8idyo&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=5
Sensitive data exposure  - https://www.youtube.com/watch?v=rYlzTQlF8Ws&index=6&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
Missing functional level access controls  - https://www.youtube.com/watch?v=VMv_gyCNGpk&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=7
Cross-site request forgery  - https://www.youtube.com/watch?v=_xSFm3KGxh0&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=8
Using components with known vulnerabilities   - https://www.youtube.com/watch?v=bhJmVBJ-F-4&index=9&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
Unvalidated redirects and forwards  - https://www.youtube.com/watch?v=L6bYKiLtSL8&index=10&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d


F5 CENTRAL

Injection - https://www.youtube.com/watch?v=rWHvp7rUka8&index=1&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
Broken authentication and session management  - https://www.youtube.com/watch?v=mruO75ONWy8&index=2&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
Insecure deserialisation  - https://www.youtube.com/watch?v=nkTBwbnfesQ&index=8&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
Sensitive data exposure  - https://www.youtube.com/watch?v=2RKbacrkUBU&index=3&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
Broken access control  - https://www.youtube.com/watch?v=P38at6Tp8Ms&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=5
Insufficient logging and monitoring  - https://www.youtube.com/watch?v=IFF3tkUOF5E&index=10&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
XML external entities  - https://www.youtube.com/watch?v=g2ey7ry8_CQ&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=4
Using components with known vulnerabilities  - https://www.youtube.com/watch?v=IGsNYVDKRV0&index=9&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
Cross-site scripting  - https://www.youtube.com/watch?v=IuzU4y-UjLw&index=7&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
Security misconfiguration  - https://www.youtube.com/watch?v=JuGSUMtKTPU&index=6&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

LUKE BRINER

Injection explained - https://www.youtube.com/watch?v=1qMggPJpRXM&index=1&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
Broken authentication and session management - https://www.youtube.com/watch?v=fKnG15BL4AY&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=2
Cross-site scripting - https://www.youtube.com/watch?v=ksM-xXeDUNs&index=3&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
Insecure direct object reference - https://www.youtube.com/watch?v=ZodA76-CB10&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=4
Security misconfiguration - https://www.youtube.com/watch?v=DfFPHKPCofY&index=5&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
Sensitive data exposure - https://www.youtube.com/watch?v=Z7hafbGDVEE&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=6
Missing functional level access control - https://www.youtube.com/watch?v=RGN3w831Elo&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=7
Cross-site request forgery - https://www.youtube.com/watch?v=XRW_US5BCxk&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=8
Components with known vulnerabilities - https://www.youtube.com/watch?v=pbvDW9pJdng&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=9
Unvalidated redirects and forwards - https://www.youtube.com/watch?v=bHTglpgC5Qg&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=10

Phase 6 – Session management testing

Bypass authentication using cookie manipulation - https://www.youtube.com/watch?v=mEbmturLljU 
Cookie Security Via httponly and secure Flag - OWASP - https://www.youtube.com/watch?v=3aKA4RkAg78
Penetration testing Cookies basic - https://www.youtube.com/watch?v=_P7KN8T1boc
Session fixation 1 - https://www.youtube.com/watch?v=ucmgeHKtxaI
Session fixation 2 - https://www.youtube.com/watch?v=0Tu1qxysWOk
Session fixation 3 - https://www.youtube.com/watch?v=jxwgpWvRUSo
Session fixation 4 - https://www.youtube.com/watch?v=eUbtW0Z0W1g
CSRF - Cross site request forgery 1 - https://www.youtube.com/watch?v=m0EHlfTgGUU
CSRF - Cross site request forgery 2 - https://www.youtube.com/watch?v=H3iu0_ltcv4
CSRF - Cross site request forgery 3 - https://www.youtube.com/watch?v=1NO4I28J-0s
CSRF - Cross site request forgery 4 - https://www.youtube.com/watch?v=XdEJEUJ0Fr8
CSRF - Cross site request forgery 5 - https://www.youtube.com/watch?v=TwG0Rd0hr18
Session puzzling 1 - https://www.youtube.com/watch?v=YEOvmhTb8xA
Admin bypass using session hijacking - https://www.youtube.com/watch?v=1wp1o-1TfAc




Phase 7 – Bypassing client-side controls

What is hidden forms in HTML - https://www.youtube.com/watch?v=orUoGsgaYAE 
Bypassing hidden form fields using tamper data - https://www.youtube.com/watch?v=NXkGX2sPw7I
Bypassing hidden form fields using Burp Suite (Purchase application) - https://www.youtube.com/watch?v=xahvJyUFTfM 
Changing price on eCommerce website using parameter tampering - https://www.youtube.com/watch?v=A-ccNpP06Zg
Understanding cookie in detail - https://www.youtube.com/watch?v=_P7KN8T1boc&list=PLWPirh4EWFpESKWJmrgQwmsnTrL_K93Wi&index=18 
Cookie tampering with tamper data- https://www.youtube.com/watch?v=NgKXm0lBecc 
Cookie tamper part 2 - https://www.youtube.com/watch?v=dTCt_I2DWgo 
Understanding referer header in depth using Cisco product - https://www.youtube.com/watch?v=GkQnBa3C7WI&t=35s 
Introduction to ASP.NET viewstate - https://www.youtube.com/watch?v=L3p6Uw6SSXs 
ASP.NET viewstate in depth - https://www.youtube.com/watch?v=Fn_08JLsrmY
Analyse sensitive data in ASP.NET viewstate - https://msdn.microsoft.com/en-us/library/ms972427.aspx?f=255&MSPPError=-2147217396
Cross-origin-resource-sharing explanation with example - https://www.youtube.com/watch?v=Ka8vG5miErk
CORS demo 1 - https://www.youtube.com/watch?v=wR8pjTWaEbs
CORS demo 2 - https://www.youtube.com/watch?v=lg31RYYG-T4
Security headers - https://www.youtube.com/watch?v=TNlcoYLIGFk
Security headers 2 - https://www.youtube.com/watch?v=ZZUvmVkkKu4

Phase 8 – Attacking authentication/login

Attacking login panel with bad password - Guess username password for the website and try different combinations
Brute-force login panel - https://www.youtube.com/watch?v=25cazx5D_vw 
Username enumeration - https://www.youtube.com/watch?v=WCO7LnSlskE
Username enumeration with bruteforce password attack - https://www.youtube.com/watch?v=zf3-pYJU1c4
Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=ueSG7TUqoxk
Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=_WQe36pZ3mA
Forgot password vulnerability - case 1 - https://www.youtube.com/watch?v=FEUidWWnZwU
Forgot password vulnerability - case 2 - https://www.youtube.com/watch?v=j7-8YyYdWL4
Login page autocomplete feature enabled - https://www.youtube.com/watch?v=XNjUfwDmHGc&t=33s
Testing for weak password policy - https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007)
Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.
Test for credentials transportation using SSL/TLS certificate - https://www.youtube.com/watch?v=21_IYz4npRs
Basics of MySQL - https://www.youtube.com/watch?v=yPu6qV5byu4
Testing browser cache - https://www.youtube.com/watch?v=2T_Xz3Humdc
Bypassing login panel -case 1 - https://www.youtube.com/watch?v=TSqXkkOt6oM
Bypass login panel - case 2 - https://www.youtube.com/watch?v=J6v_W-LFK1c







Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)

Completely unprotected functionalities

Finding admin panel - https://www.youtube.com/watch?v=r1k2lgvK3s0
Finding admin panel and hidden files and directories - https://www.youtube.com/watch?v=Z0VAPbATy1A
Finding hidden webpages with dirbusater - https://www.youtube.com/watch?v=--nu9Jq07gA&t=5s

Insecure direct object reference
IDOR case 1 - https://www.youtube.com/watch?v=gci4R9Vkulc
IDOR case 2 - https://www.youtube.com/watch?v=4DTULwuLFS0
IDOR case 3 (zomato) - https://www.youtube.com/watch?v=tCJBLG5Mayo

Privilege escalation
What is privilege escalation - https://www.youtube.com/watch?v=80RzLSrczmc
Privilege escalation - Hackme bank - case 1 - https://www.youtube.com/watch?v=g3lv__87cWM
Privilege escalation - case 2 - https://www.youtube.com/watch?v=-i4O_hjc87Y

Phase 10 – Attacking Input validations (All injections, XSS and mics)

HTTP verb tampering

Introduction HTTP verb tampering - https://www.youtube.com/watch?v=Wl0PrIeAnhs
HTTP verb tampering demo - https://www.youtube.com/watch?v=bZlkuiUkQzE

HTTP parameter pollution

Introduction HTTP parameter pollution - https://www.youtube.com/watch?v=Tosp-JyWVS4
HTTP parameter pollution demo 1 - https://www.youtube.com/watch?v=QVZBl8yxVX0&t=11s
HTTP parameter pollution demo 2 - https://www.youtube.com/watch?v=YRjxdw5BAM0
HTTP parameter pollution demo 3 - https://www.youtube.com/watch?v=kIVefiDrWUw

XSS - Cross site scripting

Introduction to XSS - https://www.youtube.com/watch?v=gkMl1suyj3M
What is XSS - https://www.youtube.com/watch?v=cbmBDiR6WaY
Reflected XSS demo - https://www.youtube.com/watch?v=r79ozjCL7DA
XSS attack method using burpsuite - https://www.youtube.com/watch?v=OLKBZNw3OjQ
XSS filter bypass with Xenotix - https://www.youtube.com/watch?v=loZSdedJnqc
Reflected XSS filter bypass 1 - https://www.youtube.com/watch?v=m5rlLgGrOVA
Reflected XSS filter bypass 2 - https://www.youtube.com/watch?v=LDiXveqQ0gg
Reflected XSS filter bypass 3 - https://www.youtube.com/watch?v=hb_qENFUdOk
Reflected XSS filter bypass 4 - https://www.youtube.com/watch?v=Fg1qqkedGUk
Reflected XSS filter bypass 5 - https://www.youtube.com/watch?v=NImym71f3Bc
Reflected XSS filter bypass 6 - https://www.youtube.com/watch?v=9eGzAym2a5Q
Reflected XSS filter bypass 7 - https://www.youtube.com/watch?v=ObfEI84_MtM
Reflected XSS filter bypass 8 - https://www.youtube.com/watch?v=2c9xMe3VZ9Q
Reflected XSS filter bypass 9 - https://www.youtube.com/watch?v=-48zknvo7LM
Introduction to Stored XSS - https://www.youtube.com/watch?v=SHmQ3sQFeLE
Stored XSS 1 - https://www.youtube.com/watch?v=oHIl_pCahsQ
Stored XSS 2 - https://www.youtube.com/watch?v=dBTuWzX8hd0
Stored XSS 3 - https://www.youtube.com/watch?v=PFG0lkMeYDc
Stored XSS 4 - https://www.youtube.com/watch?v=YPUBFklUWLc
Stored XSS 5 - https://www.youtube.com/watch?v=x9Zx44EV-Og

SQL injection

Part 1 - Install SQLi lab - https://www.youtube.com/watch?v=NJ9AA1_t1Ic&index=23&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 2 - SQL lab series - https://www.youtube.com/watch?v=TA2h_kUqfhU&index=22&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 3 - SQL lab series - https://www.youtube.com/watch?v=N0zAChmZIZU&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=21
Part 4 - SQL lab series - https://www.youtube.com/watch?v=6pVxm5mWBVU&index=20&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 5 - SQL lab series - https://www.youtube.com/watch?v=0tyerVP9R98&index=19&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 6 - Double query injection - https://www.youtube.com/watch?v=zaRlcPbfX4M&index=18&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 7 - Double query injection cont.. - https://www.youtube.com/watch?v=9utdAPxmvaI&index=17&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 8 - Blind injection boolean based - https://www.youtube.com/watch?v=u7Z7AIR6cMI&index=16&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 9 - Blind injection time based - https://www.youtube.com/watch?v=gzU1YBu_838&index=15&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 10 - Dumping DB using outfile - https://www.youtube.com/watch?v=ADW844OA6io&index=14&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 11 - Post parameter injection error based - https://www.youtube.com/watch?v=6sQ23tqiTXY&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=13
Part 12 - POST parameter injection double query based - https://www.youtube.com/watch?v=tjFXWQY4LuA&index=12&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 13 - POST parameter injection blind boolean and time based - https://www.youtube.com/watch?v=411G-4nH5jE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=10
Part 14 - Post parameter injection in UPDATE query - https://www.youtube.com/watch?v=2FgLcPuU7Vw&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=11
Part 15 - Injection in insert query - https://www.youtube.com/watch?v=ZJiPsWxXYZs&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=9
Part 16 - Cookie based injection - https://www.youtube.com/watch?v=-A3vVqfP8pA&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=8
Part 17 - Second order injection  -https://www.youtube.com/watch?v=e9pbC5BxiAE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=7
Part 18 - Bypassing blacklist filters - 1 - https://www.youtube.com/watch?v=5P-knuYoDdw&index=6&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 19 - Bypassing blacklist filters - 2 - https://www.youtube.com/watch?v=45BjuQFt55Y&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=5
Part 20 - Bypassing blacklist filters  - 3 - https://www.youtube.com/watch?v=c-Pjb_zLpH0&index=4&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
Part 21 - Bypassing WAF - https://www.youtube.com/watch?v=uRDuCXFpHXc&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=2
Part 22 - Bypassing WAF - Impedance mismatch - https://www.youtube.com/watch?v=ygVUebdv_Ws&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=3
Part 23 - Bypassing addslashes - charset mismatch - https://www.youtube.com/watch?v=du-jkS6-sbo&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=1 

NoSQL injection
Introduction to NoSQL injection - https://www.youtube.com/watch?v=h0h37-Dwd_A
Introduction to SQL vs NoSQL - Difference between MySQL and MongoDB with tutorial - https://www.youtube.com/watch?v=QwevGzVu_zk
Abusing NoSQL databases - https://www.youtube.com/watch?v=lcO1BTNh8r8
Making cry - attacking NoSQL for pentesters - https://www.youtube.com/watch?v=NgsesuLpyOg

Xpath and XML injection
Introduction to Xpath injection - https://www.youtube.com/watch?v=2_UyM6Ea0Yk&t=3102s
Introduction to XML injection - https://www.youtube.com/watch?v=9ZokuRHo-eY
Practical 1 - bWAPP - https://www.youtube.com/watch?v=6tV8EuaHI9M
Practical 2 - Mutillidae - https://www.youtube.com/watch?v=fV0qsqcScI4
Practical 3 - webgoat - https://www.youtube.com/watch?v=5ZDSPVp1TpM
Hack admin panel using Xpath injection - https://www.youtube.com/watch?v=vvlyYlXuVxI
XXE demo - https://www.youtube.com/watch?v=3B8QhyrEXlU
XXE demo 2 - https://www.youtube.com/watch?v=UQjxvEwyUUw
XXE demo 3 - https://www.youtube.com/watch?v=JI0daBHq6fA

LDAP injection
Introduction and practical 1 - https://www.youtube.com/watch?v=-TXFlg7S9ks
Practical 2 - https://www.youtube.com/watch?v=wtahzm_R8e4

OS command injection
OS command injection in bWAPP - https://www.youtube.com/watch?v=qLIkGJrMY9k
bWAAP- OS command injection with Commiux (All levels) - https://www.youtube.com/watch?v=5-1QLbVa8YE

Local file inclusion
Detailed introduction - https://www.youtube.com/watch?v=kcojXEwolIs
LFI demo 1 - https://www.youtube.com/watch?v=54hSHpVoz7A
LFI demo 2 - https://www.youtube.com/watch?v=qPq9hIVtitI




Remote file inclusion
Detailed introduction - https://www.youtube.com/watch?v=MZjORTEwpaw
RFI demo 1 - https://www.youtube.com/watch?v=gWt9A6eOkq0
RFI introduction and demo 2 - https://www.youtube.com/watch?v=htTEfokaKsM

HTTP splitting/smuggling
Detailed introduction - https://www.youtube.com/watch?v=bVaZWHrfiPw
Demo 1 - https://www.youtube.com/watch?v=mOf4H1aLiiE

Phase 11 – Generating and testing error codes

Generating normal error codes by visiting files that may not exist on the server - for example visit chintan.php or chintan.aspx file on any website and it may redirect you to 404.php or 404.aspx or their customer error page. Check if an error page is generated by default web server or application framework or a custom page is displayed which does not display any sensitive information.
Use BurpSuite fuzzing techniques to generate stack trace error codes - https://www.youtube.com/watch?v=LDF6OkcvBzM

Phase 12 – Weak cryptography testing

SSL/TLS weak configuration explained - https://www.youtube.com/watch?v=Rp3iZUvXWlM
Testing weak SSL/TLS ciphers - https://www.youtube.com/watch?v=slbwCMHqCkc
Test SSL/TLS security with Qualys guard - https://www.youtube.com/watch?v=Na8KxqmETnw
Sensitive information sent via unencrypted channels - https://www.youtube.com/watch?v=21_IYz4npRs


Phase 13 – Business logic vulnerability

What is a business logic flaw - https://www.youtube.com/watch?v=ICbvQzva6lE&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI
The Difficulties Finding Business Logic Vulnerabilities with Traditional Security Tools - https://www.youtube.com/watch?v=JTMg0bhkUbo&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=2
How To Identify Business Logic Flaws - https://www.youtube.com/watch?v=FJcgfLM4SAY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=3
Business Logic Flaws: Attacker Mindset - https://www.youtube.com/watch?v=Svxh9KSTL3Y&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=4
Business Logic Flaws: Dos Attack On Resource - https://www.youtube.com/watch?v=4S6HWzhmXQk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=5
Business Logic Flaws: Abuse Cases: Information Disclosure - https://www.youtube.com/watch?v=HrHdUEUwMHk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=6
Business Logic Flaws: Abuse Cases: iPod Repairman Dupes Apple - https://www.youtube.com/watch?v=8yB_ApVsdhA&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=7
Business Logic Flaws: Abuse Cases: Online Auction - https://www.youtube.com/watch?v=oa_UICCqfbY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=8
Business Logic Flaws: How To Navigate Code Using ShiftLeft Ocular - https://www.youtube.com/watch?v=hz7IZu6H6oE&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=9
Business Logic Security Checks: Data Privacy Compliance - https://www.youtube.com/watch?v=qX2fyniKUIQ&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=10
Business Logic Security Checks: Encryption Compliance - https://www.youtube.com/watch?v=V8zphJbltDY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=11
Business Logic Security: Enforcement Checks - https://www.youtube.com/watch?v=5e7qgY_L3UQ&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=12
Business Logic Exploits: SQL Injection - https://www.youtube.com/watch?v=hcIysfhA9AA&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=13
Business Logic Exploits: Security Misconfiguration - https://www.youtube.com/watch?v=ppLBtCQcYRk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=15
Business Logic Exploits: Data Leakage - https://www.youtube.com/watch?v=qe0bEvguvbs&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=16
Demo 1 - https://www.youtube.com/watch?v=yV7O-QRyOao
Demo 2 - https://www.youtube.com/watch?v=mzjTG7pKmQI
Demo 3 - https://www.youtube.com/watch?v=A8V_58QZPMs
Demo 4 - https://www.youtube.com/watch?v=1pvrEKAFJyk
Demo 5 - https://hackerone.com/reports/145745
Demo 6 - https://hackerone.com/reports/430854

Search tools

https://www.mmnt.net/

https://www.searchftps.net/

https://search-22.com/ftp-search-tools

https://archive.org/

https://the-eye.eu/

https://eyedex.org/

https://odcrawler.xyz/

http://lendx.org/

https://www.filechef.com/

https://ewasion.github.io/opendirectory-finder/

https://lumpysoft.com/

https://www.eyeofjustice.com/od/

https://opendirsearch.abifog.com/

https://doyou.needmorehdd.space/

https://filepursuit.com/

https://www.catfiles.net/

http://www.filesearching.com/

https://open-directory-downloader.herokuapp.com/

https://www.filechef.com/

FREE_for_DEV-ops

PENTESTING-BIBLE

Lockdoor-Framework

!! castom search !!

https://start.me/p/rxRbpo/ti

pastesearch

https://netbootcamp.org/pastesearch.html#gsc.tab=0

Samples malware

https://app.any.run/

Cool Blog`s

https://t43wiu6.github.io/

https://homjxi0e.wordpress.com/

China Pentesters course

hack tricks

https://book.hacktricks.xyz/

OSCP good

https://sushant747.gitbooks.io/total-oscp-guide/cmd.html

https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-windows

Carding/hacking

https://pastebin.com/u/MrRoyosBins/1

Cobalt-Strike AGRESSOR-Scripts

Very nice OSCP resourse