Example vulnerabilities in real scenario and some resource from https://twitter.com/Alra3ees
- http://rookiehacke.blogspot.com/2014/04/google-hacking-cheat-sheet.html
- https://gist.github.com/stevenswafford/393c6ec7b5375d5e8cdc
- https://gist.github.com/wookiecooking/5950305
- https://webvivant.com/writing-journalism/sample-features/google-hacking-101/
- https://securityonline.info/google-hacking-pentester/
- https://www.alienvault.com/blogs/security-essentials/how-pen-testers-use-google-hacking
- https://speakerdeck.com/pwntester/attacking-net-serialization
- https://github.com/pwntester/ysoserial.net
- https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf
- https://labs.mwrinfosecurity.com/advisories/milestone-xprotect-net-deserialization-vulnerability/
- https://soroush.secproject.com/blog/2018/08/asp-net-resource-files-resx-and-deserialization-issues/
- https://www.gosecure.net/blog/2017/03/22/detecting-deserialization-bugs-with-dns-exfiltration
- https://ionize.com.au/deserialisation-vulnerabilities/
- https://link.medium.com/1lzbelq0dV
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- http://blog.securelayer7.net/thick-client-penetration-testing-3javadeserialization-exploit-rce/
- https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478
- https://techblog.mediaservice.net/2017/05/reliable-discovery-and-exploitation-of-java-deserialization-vulnerabilities/
- https://tint0.com/expanding-java-deserialization-struts/
- https://www.synopsys.com/blogs/software-security/mitigate-java-deserialization-vulnerability-jboss/
- https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
- https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Deserialization_Cheat_Sheet.md
- https://medium.com/@gigacyclecouk/coldfusion-hotfix-resolves-xss-java-deserialization-bugs-3cadc6dc49f9
- https://medium.com/abn-amro-red-team/java-deserialization-from-discovery-to-reverse-shell-on-limited-environments-2e7b4e14fbef
- https://link.medium.com/kf3PLyo1dV
- https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
- https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/
- https://github.com/ticarpi/jwt_tool
- https://hackernoon.com/can-timing-attack-be-a-practical-security-threat-on-jwt-signature-ba3c8340dea9
- https://medium.com/@valeriyshevchenko/brute-forcing-jwt-token-hs256-6f545d24c7c3
- https://blog.websecurify.com/2017/02/hacking-json-web-tokens.html
- https://trustfoundry.net/jwt-hacking-101/
- https://dev.to/antoinette0x53/forging-json-web-tokens-to-win-a-prize
- https://www.slideshare.net/loige/processing-your-pdf-into-slides-cracking-jwt-tokens-a-tale-of-magic-nodejs-and-parallel-computing-code-europe-wroclaw-december-2017
- https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.md
- https://www.moses-security.com/blog/exploiting-json-web-token-vulnerability
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/JSON%20Web%20Token
- https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/january/jwt-attack-walk-through/
- https://blog.compass-security.com/2017/05/jwt-burp-extension/
- https://blog.compass-security.com/2017/01/wrap-up-hack-lab-1-2017/
- https://darkweblinks.org/2018/08/10/bypassing-saml-2-0-sso-with-xml-signature-attacks/
- https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/
- https://blog.compass-security.com/2015/07/saml-burp-extension/
- https://www.redteam-pentesting.de/de/advisories/rt-sa-2017-013/-truncation-of-saml-attributes-in-shibboleth-2
- https://www.okta.com/blog/2018/02/what-you-need-to-know-about-saml-vulnerability-research/
- https://www.bleepingcomputer.com/news/security/saml-vulnerability-lets-attackers-log-in-as-other-users/
- https://jumpcloud.com/blog/security/notice-recently-discovered-saml-authentication-bypass-vulnerabilities/
- https://blog.centrify.com/saml/
- https://pulsesecurity.co.nz/advisories/WebLogic-SAML-Vulnerabilities
- https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/SAML_Security_Cheat_Sheet.md
- Buffer Overflow Practical Examples - ret2libc : http://ow.ly/Zs6B30o8Q6T
- Shellcode Injection and Local Privilege Escalation : http://ow.ly/Vsse30o8Q6U
- Exploiting EIP : http://ow.ly/lfIZ30o8Q6V
- Metasploit , gdb and objdump : http://ow.ly/Bf1V30o8Q6W