Day 1 - Try Hack Me Room Owasp top 10
Day 2 - Try Hack Me Room Owasp Juice Shop
Day 3 - Try Hack Me Room Windows Fundamentals
Day 4 - Information Disclosure Portswigger Academy
- https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-error-messages
- https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-version-control-history
- https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-authentication-bypass
Day 5 - XSS Portswigger Academy
- https://portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-encoded
- https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded
- https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink
- https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-jquery-href-attribute-sink
Day 6 - Mr r3b0t Vulnhub
Day 7 - Try Hack Me Room Active Directory Attack
Day 8 - XXE Portswigger Academy
- https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files
- https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-perform-ssrf
- https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
Day 9 - SSRF Portswigger Academy
- https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system
- https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost
- https://portswigger.net/web-security/ssrf/lab-ssrf-filter-bypass-via-open-redirection
Day 10 - Rickdiculouslyeasy Vulnhub
Day 11 - Stickyfingers Vulnhub
Day 12 - Kioptrix Level 1.3 Vulnhub
Day 13 - Bellatrix Vulnhub
Day 14 - Try Hack Me Room Buffer Overflow Prep
Day 15 - OS Command Injection Portswigger Academy
- https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-sidetemplate-injection-basic
- https://portswigger.net/web-security/os-command-injection/lab-simple
- https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays
Day 16 - File Upload Vulnerabilities Portswigger Academy
- https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload
- https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-content-type-restriction-bypass
- https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-race-condition
Day 17 - Busqueda Hack The Box
Day 18 - JWT Portswigger Academy
- https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-unverified-signature
- https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-flawed-signature-verification
- https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-weak-signing-key
- https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jwk-header-injection
- https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jku-header-injection
- https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-kid-header-path-traversal
- https://portswigger.net/web-security/jwt/algorithm-confusion/lab-jwt-authentication-bypass-via-algorithm-confusion
Day 19 - Cat Mobile Hack The Box
Day 20 - SuperMarket Hack The Box
Day 21 - Joker Hack The Box
Day 22 - Seattle Lab Buffer Overflow
- https://ys2k-iwnl.medium.com/buffer-overflow-exploiting-seattle-lab-mail-slmail-61b1f659c8dc
- https://github.com/CyberSecurityUP/Buffer-Overflow-Labs
Day 23 - OnlyforYou Hack The Box
Day 24 - Escape Hack The Box
Day 25 - Insecure Deserialization Portswigger Academy
- https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-data-types
- https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-using-application-functionality-to-exploit-insecure-deserialization
- https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-arbitrary-object-injection-in-php
- https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-developing-a-custom-gadget-chain-for-java-deserialization