Learn365

This repository contains all the information shared during my Learn365 Challenge. This challenge will help me stay consistent and push myself to learn new things in the infosec world 💻. Stay updated with my Learn365 series on Twitter: Bhavesh Harmalkar. Special thanks to Harsh Bothra & Anubhav Singh from whoam I got motivated to start this Learn365 challenge.

Challenge Timeline

Start Date	End Date
1-1-2023	31-12-2023

---

💡 The investment you make in yourself through learning will pay off in the long run.

Day	Topic
1	Recon 00 - Recon 03 exercise on Pentester Lab
2	Recon 04 - Recon 07 exercise on Pentester Lab
3	Recon 08 - Recon 11 exercise on Pentester Lab
4	Recon 12 - Recon 16 exercise on Pentester Lab
5	Recon 17 - Recon 26 exercise on Pentester Lab
6	Read write-ups on Recon
7	Read about Authentication vulnerabilities
8	Solve 3 authentication labs on the portswigger lab
9	Solve 2 authentication labs on the portswigger lab Read blog on Account Takeover
10	Solve 2 authentication labs on the portswigger lab Read blog on Bug Bounty
11	Read write-ups on Authentication Vulnerabilities
12	Read about Access Control vulnerabilities
13	Solve 4 access control labs on the portswigger lab Read blog on Bypassing authorization in Google Cloud Workstations
14	Solve 4 access control labs on the portswigger lab Read reports on IDOR
15	Read blogs on IDOR
16	Solve 5 access control labs on the portswigger lab Read blogs on IDOR
17	Read blog: I Found Information Exposed In GitHub,What Next?
18	Read random blogs
19	Read thread on IDOR
20	Read blogs
21	Read blogs on IDOR
22	Read random blogs
23	Watched videos on Broken Access Control & IDOR
24	Read blog
25	Read thread & blog
26	Read blog
27	Read thread & blog
28	Read thread & blog
29	Read blogs
31	Read blogs
32	Read blog
33	Read thread
34	Read blog
35	Read thread & blog
36	Read blog
37	Watched videos
38	Read thread & blogs
39	Read about Information Disclosure vulnerabilities
40	Solve 2 Information Disclosure labs on the portswigger lab Read blog
41	Solve 3 Information Disclosure labs on the portswigger lab
42	Information Disclosure reports on Hackerone
43	Information Disclosure videos & reports
44	Information Disclosure blogs
45	Tips for finding Information Disclosure vulnerability
46	Video on API Information Disclosure
47	Introduction to LDAP Injection Attack
48	Facebook bug A Journey from Code Execution to S3 Data Leak
49	Hacking the Search Bar The Story of Discovering and Reporting an XSS Vulnerability on Bing
50	Thread on IDOR
51	Thread on finding the real ip of a Cloudflare
52	Hacking with ChatGPT: Ideal Tasks and Use-Cases
53	How I found DOM-Based XSS on Microsoft MSRC and How they fixed it
54	Hacking GraphQL API Using Suggestions
55	Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover
56	How I Used JS files inspection and Fuzzing to do admins/supports stuff
57	How i was able to find Django Misconfiguration using Shodan
58	$10.000 bounty for exposed .git to RCE
59	Business logic vulnerabilities
60	Solved 3 logic flaws labs on the portswigger
61	Solved 3 logic flaws labs on the portswigger
62	User can upload files even after closing his account (Improper Authentication-Generic gives 500$)
63	How I was able to access 2 million user’s data in the web3 domain
64	CORS Misconfig that ended in 120$ bounty
65	Exposing Users Table From a Leaky GraphQL Query
66	Finding Your First Bug: Business Logic Errors
67	How I Found My First Bug (and earned $1k!) - Business Logic Tips
68	Unauthorized access to Codespace secrets in GitHub
69	The Story of Becoming a Super Admin
70	Bugging Out: My Experience of Earning $300 for Reporting an Unexpected Bug
71	I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.
72	I QUIT RECON... and made $10,000 in bounties!
73	How to Bug Bounty in 2023
74	Utilizing The Burp-Suite Pentest Mapper Plugin V1.6.5
75	How I Automate BugBounty Using Chatgp
76	OTP Bypass India’s Biggest Finance Company.
77	Logical Flaw Lead to Changing Price of Any Product
78	Amazon cognito misconfiguration
79	Easy $$$ via API params manipulation leading to bypassing the email verification block
80	Price manipulation vulnerabilities
81	How i found 8 vulnerabilities in 24h
82	Information Disclosure — My First Finding on Hackerone!
83	Unauthorized access to admin setpassword page BY bypassing 403 Forbidden
84	Account takeover vulnerability in OpenAI
85	The way I found Bug LFI
86	The curl quirk that exposed Burp Suite & Google Chrome
87	Hacker Interviews: rez0__
88	How I earned $$$ with simple Privilege escalation
89	Admin Dashboard Access through JavaScript Code $$$
90	CVE-2021–36560: Critical Authentication Bypass Leads to Admin Account Takeover
91	Privilege Escalation via Broken Authentication: A Story of $$
92	How I got my 1st Swag from SIDN
93	Users information disclosure
94	Authentication Bypass Easy P1 in 10 minutes
95	Pawning Half A dozen of Admin Panels & User Management Apps And Reporting 9–10 P1 in a day
96	Uncover the Hidden Web: Discover the Power of Subfinder for Efficient Subdomain Enumeration
97	Revealing my Private tool for Instant Bounties[Find Sensitive Info]
98	Disclosing assigned users of any facebook applications connected to business account
99	How I was able to change password of any corporate user
100	Simple Reconnaissance!!!
101	OTP bypass methods
102	Revealing a Logic Flaw in an E-commerce Website
103	Net-banking OTP bypass in IDFC Bank but got dups
104	Account Takeover By OTP Brute force
105	How I got RCE in + 10 websites…
106	Rukovoditel 3.3.1 — Remote Code Execution
107	LFI to RCE via Log Poisoning
108	A Big company Admin Panel takeover $4500
109	How Deep Recon help me to get critical Bug in Xiaomi
110	How I hacked hackers in Voorivex Hunt Event
111	Bypassing Link Sharing Protection in Messenger Kids Parent’s Control Feature Meta Bug Bounty
112	Bypassing 403s like a PRO! ($2,100): Broken Access control
113	IDOR a Highest Bounty
114	Exploit Privilege Escalation Like a Pro
115	SQLi in the admin login
116	IDOR + PII Leakage
117	How I was able to access a properly Configured S3 Bucket
118	How I accessed the Sensitive document which I had already deleted
119	A Deep Dive on Katana "Field" Extraction
120	Disclosed API key to list user information and complete Exploitation !!
121	Little bug, Big impact. 25k bounty
122	CIDR IN HACKING
123	Extensive Recon Guide For Bug Hunting
124	Accessing Admin Dashboard in 5 seconds: Hall of Fame.
125	What is BOLA? 3-digit bounty from Topcoder ($$$)
126	Simple Account Takeover Worth $9,999
127	How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain
128	How I found my first RCE!
129	RCE due to Dependency Confusion — $5000 bounty!
130	Improper Authorization
131	Subdomain Takeover leading to Full Account Takeover
132	One Bug at a Time: I failed my quiz on purpose to get $1,000!
133	Reconnaissance 104: Expanded Scanning
134	IDOR in session cookie leading to Mass Account Takeover
135	SQL injection on a hidden API endpoint
136	Hardcore RCE via directory name for $3.000
137	Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties!
138	DOS via cache poisoning
139	23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
140	Why You Should Always Check The Audit Log [Medium] — $500
141	Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large Online Media Leader
142	I helped the top Indian health benefits management platform from major PII leak by hacking their SQL Servers, AWS instance, DCs etc.
143	Azure DNS Takeover @ Swisscom
144	I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.
145	How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injection
146	IDOR Vulnerability that exposed 17 Million user data (IDOR Diaries)
147	Utilizing Historical URLs of an Organization to successfully execute SQL queries — Blind SQLi
148	Blind SSRF - The Hide & Seek Game
149	The 30000$ Bounty Affair.
150	Got Access To Server through SQL Injection.
151	How I bypassed Two-Factor Authentication with 3 different methods on the same target
152	Weird Improper Access Control Bug of $$$
153	Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
154	The Tale of a Command Injection by Changing the Logo
155	How a misconfigured Lotus Domino Server can lead to Disclosure of PII Data of Employees, Configuration Details about the Active Directory, etc
156	Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability
157	Rate Limit Bypass Leads to 0 Click ATO
158	How I Found Price Manipulation of Products Vulnerability
159	How I was able to get account takeover via IDOR form JWT
160	The Art of G-mail Hacking! → Secrets of Impersonation!
161	Path traversal to RCE — Openfire — CVE-2023–32315
162	SQL Injection in The HTTP Custom Header
163	IDOR, unpin posts for fun.
164	Pwning Admin Panel To Change Movie Ticket Prices at Disney
165	An interesting 'dependency confusion' attack on
166	PII Data Leakage and US$1500 Bounty
167	Best approach to Error-Based SQL injection
168	How Searching by IP Addresses Can Reveal Hidden Gems
169	How I was able to send Emails Using Anyone’s Email Address via the Contact Us Functionality
170	How I Unveiled a Critical Vulnerability: Exposing All Buyers’ Invoices PII with a Single Trick
171	Hijacking S3 Buckets: New Attack Technique Exploited in the Wild by Supply Chain Attackers
172	The Unexpected “0” Master ID for Account Data Manipulation
173	Get a Feel of JWT ( JSON Web Token )
174	Attacks on JSON Web Token (JWT)
175	Exploiting Exposed Tokens and API Keys: Edition 2023
176	The Power of Shodan - Leveraging Shodan for Critical Vulnerabilities
177	My first two valid and rewarded Web Cache Deceptions, earning $2250
178	How BAC(Broken Access Control) got me a Pre Account Takeover
179	Account Takeover: Unraveling IDOR + Stored XSS Flaws in an NFT Marketplace
180	My First Valid Report and Reward in BugBounty
181	Weakness of Integration
182	How i was able to get Account Takeover via Insecure Data Storage and WebView With Exported Activity
183	I received a bounty of $60 for finding a critical bug in the patient management system.
184	Exploiting Non-Cloud SSRF for More Fun & Profit
185	Story Of My First RCE
186	Account Takeover (ATO) via Manipulation of the Change Password Funcionality
187	A $1,000,000 bounty? The KuCoin User Information Leak
188	Account takeover hidden in Javascript files.
189	10 tips for crushing bug bounties
190	IDOR To Delete Hall Of Fame Page.
191	How I got Two RCE at EPAM-Bounty Program
192	Get All your Clickjacking Vulnerability Triaged with this Exploitation!
193	Exploiting Time-Based SQL Injections: Data Exfiltration
194	An interesting RCE on a Synack Red Team target!
195	Server Side Request Forgery(SSRF){port issue hidden approch }
196	Unveiling Vulnerabilities: How I Earned My First Bounty by Securing my Favorite Cyber Security YouTuber’s Website
197	The Ultimate Recon-book
198	Blind SQL injection with a little WAF
199	Chaining Multiple Website Vulnerabilities: My First Bug Hunt
200	Understanding, Detecting, and Exploiting SSRF
201	How I was Able To Bypass The Admin Panel
202	Breaking Down SSRF on PDF Generation: A Pentesting Guide
203	How a single quote (‘) may potentially destruct one of a biggest public transportation business
204	How I Hacked the Department of Telecommunications?
205	Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2)
206	How I found Subdomain Takeover on Red Bull
207	How I was able to takeover 4000+ users account
208	How I found two api vulnerabilities by analyzing JS source code
209	How I Found a Vulnerability on Google and Earned a Hall of Fame Spot
210	How I was able to cause a DoS via the Application (IP Restriction roles)
211	Bypassing email verification of high-profile tech company ($$$)
212	How I Discovered a Critical PII Info Disclosure Bug: A Journey Through the Wayback Machine
213	Like a pro, navigating 403s! ($2,300): Access Issues
214	HeapDump to account takeover to PII Data Leak
215	Unveiling the Rate Limiting Issue: The Low Hanging Fruits Bounty Bonanza!3k$+
216	Cross-Tenant Information Disclosure: Unraveling Microsoft Connections, Custom Connectors, and OAuth 2.0 in Power Automate
217	Best Approach to LFI
218	Mastering Small Scope Programs: A Comprehensive Guide for Bug Hunting
219	Mastering the Realm of GraphQL Exploitation
220	Attacking Misconfigure Spring Boot Actuators
221	PII-nacles of Discovery: Deep Recon, Fourth-Level Subdomains, and Abusing Exposed .git Repositories
222	Finding “BAC - IDOR -PE” Within a Minute using Autorize Tool
223	Templating the Unthinkable: From Injection to Remote Control
224	Gone in a Click: IDOR Vulnerabilities in Image Upload Function
225	How I Discovered Over 40+ Impactful Vulnerabilities Within 1 Hour, Just for Fun!
226	Special Characters Manipulating in BugBounty
227	Unveiling Vulnerabilities: Host-header injection in OAuth Functionality
228	10 Technical Tips with Hx01
229	Customer account takeover in Shopify stores
230	SQLi - US Gov Datadump
231	An IDOR lead joins any group makes me $2,500
232	My first Bounty Worth $$$$
233	The Ticket Hack: Free travel by hacking the Chennai Metro Rail.
234	Bypass Two-Factor Authentication of Facebook Accounts ($25,300)
235	How to expand your attack surface and avoid duplicates
236	Compromised servers and downloaded source codes of a company
237	I've made $500k+ from SSRF vulnerabilities.
238	Privilege Escalation to Super Admin
239	How i got more than 100 vulnerabilities in just one site?
240	How a Shodan search led to Gold Mine
241	Exploiting Wildcard for Privilege Escalation
242	Stealing Login Credentials using HTTP Request Smuggling
243	I was able to see all user information by manipulating parameters on the website.
244	Leaking File Contents with a Blind File Oracle in Flarum
245	Arbitrary account takeover vulnerability
246	RCE on Application’s Tracking Admin Panel
247	How I Got Free LinkedIn Premium Membership
248	Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places
249	A Comprehensive Approach for Testing for SQL Injection Vulnerabilities
250	My debut with a Critical Bug: How I found my first bug (API misconfiguration)
251	How I got $$$ from my First valid Bug
252	How .js file helped me to find and Exploit AWS Access key and Secret
253	HTTP Request Splitting vulnerabilities exploitation
254	How do I search for Web Cache Deception?
255	Unauthenticated Massive PII Leak
256	Privilege Escalation: How I Earned $500 by Discovering the Ability to Delete Documents as a Student
257	Mastering the Art of SQL Injection: A Comprehensive Guide
258	How to find subdomain takeover using httpx + dig
259	Exploiting Broken Access Control Vulnerability
260	GraphQL APIs & Enumeration Basics
261	How I Hacked JioNews?
262	OAuth Misconfiguration Leading to Unauthorized Admin Access For All Org Product
263	How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tab
264	Account takeover via misconfigured SSO [OIDC] implementation
265	Getting RCE in Chrome with incorrect side effect in the JIT compiler
266	RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)
267	Beyond Base64: The Vulnerability Leaving Millions of Calls Exposed
268	Beyond Error Messages: Super Admin Deletion due to Broken Access Control (€€€)
269	$1000 Bug using simple Graphql Introspection query
270	$1,250 worth of Host Header Injection
271	nOAuth: Account Takeover via Microsoft Oauth
272	Bug Bounty Hunter — Captcha Bypass #Response-to-this-Request
273	403 Forbidden? No Problem, Here’s a POST XSS
274	One Bug at a Time: Admin Panel Access I’m now an Employee!
275	How to build custom scanners for web security research automation
276	XSS Steal Cookies
277	Privilege esclation allow user to delete pending invitation
278	Using cloudflare to bypass cloudflare
279	P1 XSS?
280	Multiple Organization Full account Take-over via privilege escalation
281	$1120: ATO Bug in Twitter’s
282	how to dig deep to found a tricky xss via 0auth redirect in blockchain platform and get $700
283	Uncovering Security Vulnerabilities: A Deep Dive into an Eye-Opening Git Discovery
284	Unauthorized Access to Admin Panel & SQL Injection
285	CVE-2022-4908: SOP bypass in Chrome using Navigation API
286	Here is how I Do my Recon fast automated bug bounty
287	Sensitive Information Leak via Forgotten .DS_Store File on redacted.com
288	Hunting for Hidden Treasures: Unveiling the 403 Bypass Bug Bounty Adventure
289	How I Exposed Instagram's Private Posts by Blocking Users
290	Delving into the Depths of NoSQL Injection: A Research Odyssey
291	The single-packet attack: making remote race-conditions 'local'
292	How I Discovered an Exposed API Access Token in a JavaScript File, Uncovering Sensitive Company’s Internal Data
293	From user to admin gaining admin panel access
294	Account Takeover via Business Logic
295	Bypassing 2FA for Password Reset : By Request Manipulation 500$ Bug
296	Full account takeover — Never give up
297	Security Vulnerabilities in CasaOS
298	A web cache deception chained to a CSRF, the recipe
299	Business Logic Errors Can Be Your First Bug
300	Akamai Bypass! Advanced XSS.
301	Escalating debug mode in Django to RCE, SSRF, SQLi
302	Compromising F5 BIG-IP With Request Smuggling
303	DOM-based race condition: racing in the browser for fun
304	IDOR - how to predict an identifier? Bug bounty case study How to hunt on restricted web applications protected behind a login page?
305	Automating Boolean SQL Injection and Evading Filters
306	Account Takeover via Weak OTP
307	$7000 Bounty on a Single Web Application Blog Post: Bypassing an Admin Panel with SQL Injection
308	How I was able to find BAC on the University website leading to result dumping? Graphql path traversal lead to disclosure of PII How Storing Credentials in the Source Code Can Lead to Account Takeover Uncovering a Vulnerability in Intercom Widget Chat Configuration
309	My $750 Privilege Escalation Bug: How I Prevented Unauthorized Role Changes. How to exploit Self-Stored XSS Issues?
310	Race Conditions with pipelining
311	LFI to RCE — Bug bounty Discovering and Exploiting a XML External Entity (XXE) Vulnerability in a Public Bug Bounty Program
312	Uncovering a Simple Web Cache Deception Vulnerability That Paid Off How can you effectively exploit Windows IIS targets?
313	What types of DoS bugs will get you a bounty?
314	Cloudflare Bypass leads to RXSS in Microsoft Mass hunting vulnerabilities with subdomain database feature of prettyrecon
315	Unlocking Cash: Easy P1 Bug in Grafana Dashboard with Default Credentials = €€€€
316	1200$ IDOR Flaw: Allow Attacker To Approve Project Time Tracking AI Quickly Exposes 2-Minute DOM XSS in JavaScript Translation
317	The Art Of Zendesk Hijacking How I dropped a crit 0day XXE to full read SSRF in less than 6 hours.
318	OwnCloud OAuth Token Steal leading to CRUD Filestore Access
319	Idor That allowed me to get access to sensitive users files and share them HTTP is dead... Long live HTTP?!
320	How I hacked Google’s bug tracking system itself for $15,600 in bounties Uncovering a crazy privilege escalation from Chrome extensions
321	How to Generate Endless Attack Vectors on Web Applications Bug bounty tip for shopping site $1000 Bounty: How I scaled a Self-Redirect to an XSS in a web 3.0 system at Hackenproof
322	Unlocking Important Resources with Email Verification Bypass Takeover other user's accounts using Login with Facebook
323	Okta for Red Teamers — Perimeter Edition
324	Account Hijacking via Invite Flows Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles
325	Chaining CORS by Reflected XSS to Steal Sensitive Data My First IDOR - Hiding in the Header Request Where to hunt for XXE (XML External Entity)
326	Everything about full-time bug bounty
327	Mass Hunting XSS vulnerabilities Semi-Automating IDORs: A Practical Approach to Working Smarter, Not Harder
328	Building a free Burp Collaborator with Cloudflare Workers How to tackle unpredictable IDs in IDOR or RBAC Issues?
329	How I Made $$$ Using Open-Redirect First massive bug: Noise’s AWS Bucket Misconfiguration
330	Critical misconfiguration in Firebase How i get my first Logic Bug and how to find them RCE case study
331	How to approach restricted bug bounty programs with a single site in scope?
332	Navigating Risks: Vulnerability Stemming from a Third-Party Integration Unlocking GraphQL's Hidden Potential
333	PII Disclosure Worth $750 DoS via Password Strength Checker Function
334	CRLF to XSS How to Spot CORS Misconfigurations?
335	Race Condition - A cURL Chaos
336	Where to find SSRF Issues?
337	Business Logic Vulnerability: Payment bypass Tips for Approaching the Main App of a Program
338	Hacking a Payment Processor
339	PDF Upload Leading to Stored XSS
340	How I Discovered SSRF on Hackerone Program
341	Unraveling The Story of Multiple Admin Panel Compromises
342	3 Symfony (RCE): A Peek Behind the Curtain
343	How to not implement payment features - Insights from Bugbounty
344	Bypassing CSRF Protection Like a Pro
345	Easy Admin Access — RVDP
346	Exploiting Django Debug Mode for Unrestricted Access to the Internal Dashboard?
347	Remote Code execution at ws1.aholdusa.com — Compromising logins of Ahold Delhaize USA employees for >3.5 years (or even 18 years?)
348	One port can be a costly mistake Attack The Rsync Service in a Private Program
349	Escalating DOM XSS to Stored XSS
350	Subdomain Takeover in Azure Trafficmanager for Fun & Profit
351	SSTI gave me T-Shirt + € 50 XSSRF : The Matrimony of XSS and SSRF.
352	Self-XSS to Stored XSS
353	This Is The Story Of Making Almost $50,000 In Bounties From Adobe's VIP Bug Bounty Program💰
354	How I Found SQL Injection worth of $4,000 bounty The Ultimate Guide to Uncovering XSS Vulnerabilities at Scale
355	CVE-2023–43837: Two-Factor Authentication (x2FA) Bypass Vulnerability in Roundcube Webmail Plugin
356	The ART of Chaining Vulnerabilities
357	Privilege escalation and arbitrary page tampering in Cloudflare Pages
358	How I Discovered an RCE Vulnerability in Tesla, Securing a $10,000 Bounty
359	Account takeover vulnerability that resulted in $2500 bounty!
360	The Tale Of Insecure Deserialization: A Journey From Serialization To Exploitation
361	How you can escalate XSS Issues to an Account Takeover
362	Bug Bounty: The road to my first $1000 through hacking public websites
363	How to Identify and exploit Akamai Cache Deception/Poisoning Issues?
364	Sudomain Takeover via Shopify(Easy Bounty $$$$) New OWASP API Top 10 for Hackers
365	417$ Simple IDOR: Unauthorized Contact Details Modification From Google Dorking to Unauthorized AWS Account Access and Account Takeover