Comprehensive Guide on Unrestricted File Upload

"Upload Here” or “Drag Your File To Upload” you might have seen these two phrases almost everywhere, whether you are se􀆫ng up your profile picture or you are simply applying for a job. Developers noscripts up File Upload HTML forms, which thus allows its users to upload files over onto the web-server. However, this ease might bring up the danger, if he does not validate what files are being uploaded.

Atackers exploit file upload vulnerabili􀆟es, which are major problems within web-based applica􀆟ons. In many web servers, this vulnerability relies en􀆟rely on inten􀆟on, enabling an atacker to upload a file containing malicious code that can then execute on the server.

#web

SOC TIER 1 – Technical Interview Preparation Guide by Shya Kaplan, 2025

As I’ve been getting ready for my own cybersecurity interviews, I put together a document full of realistic questions and key topics that are likely to come up in a SOC Analyst Tier 1 interview.

Topics covered include:
📌Basic cybersecurity concepts every analyst should know
📌Key differences between IDS, IPS, Firewalls, and EDR
📌Common Web and network attacks
📌Essential tools and protocols used in a SOC
📌 Practical log analysis tips

I created this based on my own study journey, hands-on training, and valuable insights gained from previous interviews for SOC positions. If you're preparing to break into the cybersecurity field, especially for a SOC role, this can be a valuable resource.

#job

AWS CSPM Playbook by Hadess, 2025

Core CSPM Concepts:
📌 Security Posture: The overall security status of your cloud environment, including configurations, policies, and compliance states.
📌 Continuous Monitoring: Real-time assessment of cloud resources for security misconfigurations and policy violations.
📌 Policy as Code: Security policies defined as code for consistent, repeatable enforcement across environments.
📌 Automated Remediation: Immediate response to security violations through automated corrective actions.
📌 Compliance Frameworks: Industry standards and regulations mapped to cloud security controls (CIS, SOC2, PCI-DSS, etc.).

❗️Wiki + web version

#AWS

Grokking Web Application Security, Malcolm McDonald, Foreword by Stuart McClure, 2024

Trying to teach yourself about web security from the internet can feel like walking into a huge disorganized library—one where you can never find what you need, and the wrong advice might endanger your application! You need a single, all-in-one guide to securing your apps against all the attacks they can and will face. You need Grokking Web Application Security.

The book teaches you how to build web apps that are ready and resilient to any attack. It’s laser-focused on what the working programmer needs to know about web security. In it, you’ll find practical recommendations for both common and not-so-common vulnerabilities—everything from SQL injection to cross-site noscripting inclusion attacks.

You’ll learn what motivates hackers, discover the latest tools for identifying issues, and set up a development lifecycle that catches problems early. Read it cover to cover for a comprehensive overview of web security, and dip in as a reference whenever you need to tackle a specific vulnerability.

❗️ MEAP edition (2023)

#book #web

From Day Zero to Zero Day. A Hands-On Guide to Vulnerability Research by Eugene Lim, 2025 (Early Access edition)

In this hands-on guide, award-winning white-hat hacker Eugene “Spaceraccoon” Lim breaks down the real-world process of vulnerability discovery. You’ll retrace the steps behind past CVEs, analyze open source and embedded targets, and build a repeatable workflow for uncovering critical flaws in code.

Whether you’re new to vulnerability research or sharpening an existing skill set, this book will show you how to think—and work—like a bug hunter.

Eugene Lim (aka “Spaceraccoon”) is a security researcher and white-hat hacker who has reported hundreds of vulnerabilities across enterprise software, hardware, and cloud services. In 2021, he was one of five researchers selected from a pool of over one million for HackerOne’s H1-Elite Hall of Fame. His research has been featured at Black Hat and DEF CON and in WIRED and The Register.

❗️GitHub

#book