How I found (and fixed) a vulnerability in Python
https://tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/

https://youst.in/posts/cache-poisoning-at-scale/

Cache Poisoning at Scale

Identifying and Exploiting over 70 Cache Poisoning vulnerabilities

The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
https://www.reddit.com/r/netsec/comments/rxpcjk/the_jndi_strikes_back_unauthenticated_rce_in_h2/?utm_medium=android_app&utm_source=share

📮Vulnerable Web Applications for Practice📮


BadStore http://www.badstore.net/
BodgeIt Store http://code.google.com/p/bodgeit/
Butterfly Security Project http://thebutterflytmp.sourceforge.net/
bWAPP http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
Commix https://github.com/stasinopoulos/commix-testbed
CryptOMG https://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA) https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOver http://sourceforge.net/projects/null-gameover/
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazon https://github.com/rapid7/hackazon
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
Moth http://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
OWASP BWA http://code.google.com/p/owaspbwa/
OWASP Hackademic http://hackademic1.teilar.gr/
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLab https://pentesterlab.com/
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBench http://suif.stanford.edu/~livshits/securibench/
SentinelTestbed https://github.com/dobin/SentinelTestbed
SocketToMe http://digi.ninja/projects/sockettome.php
sqli-labs https://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow) https://github.com/SpiderLabs/MCIR
sqlilabs https://github.com/himadriganguly/sqlilabs
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMall http://code.google.com/p/puzzlemall/
WackoPicko https://github.com/adamdoupe/WackoPicko
WAED http://www.waed.info
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
XVWA https://github.com/s4n7h0/xvwa
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip


●▬۩❁ @geeekgirls ❁۩▬●

🔰 Best websites to test your hacking skills 🔰


https://pwnable.kr/
https://hack.me/
https://ctflearn.com/
https://google-gruyere.appspot.com/
https://www.root-me.org/en/
https://www.hackthebox.eu/
https://www.hacking-lab.com/
http://www.gameofhacks.com/
https://overthewire.org/
https://microcorruption.com/
https://xss-game.appspot.com/
https://www.hackthissite.org/pages/index/index.php
https://crackmes.one/
https://pentest.training/
https://www.hellboundhackers.org/
http://hax.tor.hu/
https://thisislegal.com/
https://tryhackme.com/

●▬۩❁ @geeekgirls ❁۩▬●

🔖 Хорошая подборка материала по информационной безопасности и этичному хикингу (тулзы, мануалы и другая информация): https://github.com/thelikes/ownlist

https://github.com/thelikes/ownlist/blob/master/2021/ownlist_024.md

#ИБ #Red_Team

https://kmb.cybber.ru/
КМБ (Курс молодого бойца) CTF - ресурс, посвященный соревнованиям в области информационной безопасности

Проблема в KCodes NetUSB угрожает множеству домашних роутеров

https://xakep.ru/2022/01/11/kcodes-netusb/

​Список Bug Bounty сайтов.

Ресурсы, где багхантеры могут помочь компаниям, выявить проблемы безопасности и заработать на этом деньги.

▫️ https://hackerone.com
▫️ https://yeswehack.com/programs
▫️ https://bugcrowd.com
▫️ https://bugbounty.jp
▫️ https://bugbounty.ch
▫️ https://yogosha.com
▫️ https://immunefi.com
▫️ https://firebounty.com
▫️ https://bugv.io
▫️ https://intigriti.com
▫️ https://huntr.dev
▫️ https://hckrt.com
▫️ https://safehats.com
▫️ https://bugsbounty.com
▫️ https://plugbounty.com
▫️ https://openbugbounty.org
▫️ https://zerodayinitiative.com

#cybersecurity #infosec #infosecurity #pentesting #bugbounty #hacking #hackers

https://mobile-security.gitbook.io/
Mobile Security Testing Guide

​MindAPI

Mindmap, объединяющий многолетний опыт тестирования безопасности API. Она состоит из двух разделов:

▫️ Разведка
▫️ Тестирование (охватывает большую часть OWASP API Security Top 10 и других ресурсов по безопасности).

https://github.com/dsopas/MindAPI

#API #cybersecurity #infosec #infosecurity #pentesting #bugbounty #hacking