Six years of saved links

Intro

Over six years of studying, and working in technology Ive acquired over 600+ links. Losing these links to me would feel like the burning down of the Library of Alexandria. I use alot of them as references for programming and information security based work.

While scraping all these links I saw the word beginner become less frequent as we got closer to the present day, so I even found a fun way to add a visualization to this post.

Browser based Library of Alexandria

I cant stress the importance of reading enough, it will advance you more than you can imagine.

While writing a brief script to scrape all these links, which I will link shortly, I realized there are actually trends in these links.
We can actually use some python libraries and heuristics to identify these trends amongst the links.

Script I used to harvest my saved links from reddit, frequency data, and simultaneously create a word cloud
The organized and sorted links.

You can find the raw unsorted copy of all of the links here https://pastebin.com/raw/9K5sNfgK

Itll have a good deal of extraneous links that I found interesting, but Ive omitted them from this in order to keep it on topic of security.

Security is more than just knowledge of mechanism or inner-workings of code, its also a mindset. So I have some materials relating to social engineering, and overall thought process mixed in some places.

get_links && make_wordcloud

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79


from __future__ import absolute_import, unicode_literals
import praw
import json 
from wordcloud import WordCloud, STOPWORDS 
import matplotlib.pyplot as plt 

class LinkSave(object):

	def __init__(self, mode=None):
		self.mode=mode

	def load_config(self, data):
		self.config = json.load(open(data))
		return self.config

	def auth_reddit(self):
		try:	
			self.reddit = praw.Reddit(
				client_id = self.config['reddit']['id'],
				client_secret = self.config['reddit']['secret'],
				user_agent = self.config['reddit']['user_agent'],
				username = self.config['reddit']['username'],
				password = self.config['reddit']['password']
			)
			self.me = self.reddit.user.me()
			return self.reddit
		except Exception as exc:
			print('{0} - Unable to auth to reddit, check your creds'.format(exc))	
			exit(0)

	def get_links(self):
		target = open("saved_links.txt", "w")
		self.words = ''
		for link in self.me.saved(limit=None):
			try:
				target.write('{0} -- {1}'.format(link.title, link.url))
				self.words = self.words + ' ' + link.title	
			except Exception as exc: 
				print('{0} - This exception handles saved comments '.format(exc))
		target.close()
		return self.words
		
	def make_cloud(self):
		stopwords = set(STOPWORDS) 
		stopwords.add("using")
		stopwords.add("programming")
		stopwords.add("post")
		stopwords.add("source")
		wordcloud = WordCloud(background_color="white", width=800, height=400, stopwords=stopwords).generate(self.words)
		plt.imshow(wordcloud, interpolation='bilinear')
		plt.axis("off")

		#render a second slightly different wordcloud
		wordcloud = WordCloud(background_color="white", stopwords=stopwords, max_font_size=40).generate(self.words)
		plt.figure()
		plt.imshow(wordcloud, interpolation="bilinear")
		plt.axis("off")
		plt.show()


if __name__ == '__main__':
	driver = LinkSave()
	driver.load_config('user_config.json')
	driver.auth_reddit()
	driver.get_links()
	driver.make_cloud()

''' user_config.json
{
 "reddit": {
   "id": "",
   "secret": "", 
   "user_agent": "",
   "username": "",
   "password": ""
	}
}
'''

Its a pretty succint script, I try to operate under the thought that if its clean enough its fairly self explanatory. Its a little personalized but you could easily edit it to do the same for you.

4 Step Linear flow:
Read in config -> Auth to reddit -> Scrape links into string and save to file -> generate word cloud

So what does this give us?

Word Cloud

Personally I find that pretty neat, its a visualization of all Ive tried to hone in on over the years.The one that stands out most to me is Reverse Engineering, Ive been working on learning for a while. Its definitely one of the more challenging things Ive tried to wrap my mind around.

So Ive decided to throw it at the top of this list. Without delay, here is my best attempt at a sorted list.

Reverse Engineering && Malware

Title	URL
An Introduction to the CAN Bus: How to Programmatically Control a Car	https://news.voyage.auto/an-introduction-to-the-can-bus-how-to-programmatically-control-a-car-f1b18be4f377
DhavalKapil/libdheap: A shared (dynamic) library that can be transparently injected into different processes to detect memory corruption in glibc heap	https://github.com/DhavalKapil/libdheap
Reverse Engineering My Home Security System: Decompiling Firmware Updates	https://markclayton.github.io/reverse-engineering-my-home-security-system-decompiling-firmware-updates.html
Project Zero: Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices	https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html
smashthestack.pdf	https://avicoder.me/papers/pdf/smashthestack.pdf
Where-theres-a-JTAG-theres-a-way Where-theres-a-JTAG-theres-a-way	https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf Where-theres-a-JTAG-theres-a-way.pdf
New emotet hijacks windows api evades sandbox analysis	http://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/
Skeleton in the closet. MS Office vulnerability you didn’t know about	https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about
ROPEmporium: Pivot 32-bit CTF Walkthrough With Radare2	http://radiofreerobotron.net/blog/2017/11/23/ropemporium-pivot-ctf-walkthrough/
ropchain	@kvakil
Escape Docker Container Using waitid()	CVE-2017-5123
ROPEmporium: Pivot 64-bit CTF Walkthrough With Radare2 - Zero State Machine	http://radiofreerobotron.net/blog/2017/12/04/ropemporium-pivot-ctf-walkthrough2/
/lobotomy: Android Reverse Engineering	https://github.com/rotlogix/lobotomy
java-decompiler/jd-gui: A standalone Java Decompiler GUI	https://github.com/java-decompiler/jd-gui
Defusing a Binary Bomb with Binary Ninja	https://kukfa.co/2016/06/05/defusing-a-binary-bomb-with-binary-ninja/
Notepad+++ - Break it, Fix it, Write It Down - Putting stuff together so you dont have to google as hard as I did	https://remotephone.github.io/lab/homelab/budget/testing/2016/12/20/practical-docker.html
SetgidDirectoryPrivilegeEscalation/CreateSetgidBinary.c	http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/CreateSetgidBinary.c
buffer overflow explained	https://www.uperesia.com/buffer-overflow-explained
Vulnerable Security - Reverse Engineering a book cover	https://vulnsec.com/2017/reverse-engineering-a-book-cover/
CVE-2017-5521: Bypassing Authentication on NETGEAR Routers	https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521
C++ DLL Injector Version 2 - BOTH 32-bit and 64-bit - Clean Code! - Multiple Functionalities!	https://www.youtube.com/watch?v=W6HpX85ICh8
An in-depth explanation of how a 10 year old bug in Guitar Hero was reverse-engineered and fixed without using the source code	https://www.youtube.com/watch?v=A9U5wK_boYM
Breaking the x86 Instruction Set	https://www.youtube.com/watch?v=KrksBdWcZgQ
The Wonderful World of MIPS	http://www.ringzerolabs.com/2018/03/the-wonderful-world-of-mips.html
A good two-part lecture on the basics of x86 architecture and system calls in *Nix systems [for beginners]	https://www.youtube.com/watch?v=xHu7qI1gDPA
Linux ASLR and GNU Libc: Address space layout computing and defence, and “stack canary” protection bypass [PDF and Github Sources]	https://github.com/blackzert/aslur/raw/master/offensivecon-talk.pdf
Reverse Engineering a MMORPG Bot to Find Vulnerabilities	https://www.youtube.com/watch?v=irhcfHBkfe0
Reverse Engineering A Mysterious UDP Stream in My Hotel · Gokberk Yaltirakli	https://gkbrk.com/2016/05/hotel-music/
Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain	https://github.com/Plailect/keyshuffling
Reverse Engineering Malware 101	https://securedorg.github.io/RE101/
This channel explains a good deal of C/C++ for malware creation for Windows and lots of low-level fundamentals	https://www.youtube.com/channel/UCDk155eaoariJF2Dn2j5WKA
Cracking Sublime Text 3	http://blog.fernandodominguez.me/cracking-sublime-text-3
Coding A Keylogger - Understand How Actual Keyloggers Work	https://github.com/MinhasKamal/StupidKeyLogger
Docker 0-Day Stopped Cold by SELinux	http://rhelblog.redhat.com/2017/01/13/docker-0-day-stopped-cold-by-selinux/
How Can Drones Be Hacked? The Vulnerable drone and attack tools Compilation	http://medium.com/@swalters/how-can-drones-be-hacked-the-updated-list-of-vulnerable-drones-attack-tools-dd2e006d6809#.o9nyxc3yz
a single byte write opened a root execution exploit on ChromeOS	https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write-opened-a-root-execution-exploit/
Internet Explorer has a URL problem	http://blog.innerht.ml/internet-explorer-has-a-url-problem/
How to crack a totally blurred captcha? (any lead?)	https://www.reddit.com/r/hacking/comments/4v5trz/how_to_crack_a_totally_blurred_captcha_any_lead/
MS16-039 – “Windows 10” 64 bits Integer Overflow exploitation by using GDI objects	https://blog.coresecurity.com/2016/06/28/ms16-039-windows-10-64-bits-integer-overflow-exploitation-by-using-gdi-objects/
Hey guys, Ive gone and put together a github repo containing in-depth tutorials designed to teach binary exploitation from the ground up. Tell me what you think!	https://github.com/bert88sta/how2exploit_binary
Just released the Practical Malware Analysis Starter Kit, a collection of pretty much every binary mentioned in the book.[x-post /r/reverseengineering]	https://bluesoul.me/practical-malware-analysis-starter-kit/
X86 Shellcode Obfuscation - Part 2 - The obfuscception! (source in Python included)	https://breakdev.org/x86-shellcode-obfuscation-part-2/
Practical Reverse Engineering of a Router Part 2: Scouting the Firmware	http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/
Building a Home Lab to Become a Malware Hunter - A Beginner’s Guide	https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide
Lisa.py - An exploit Developers swiss army knife (With ROP gadget support )	https://github.com/ant4g0nist/lisa.py
Android Reverse Engineering using apktool	https://www.youtube.com/watch?v=K35AkvE8ulY
Ghost in the Droid: Reverse Engineering Android Apps	https://pen-testing.sans.org/blog/2016/12/05/ghost-in-the-droid-reverse-engineering-android-apps
Mining Android Secrets (Decoding Android App Resources)	https://pen-testing.sans.org/blog/2016/12/10/mining-android-secrets-decoding-android-app-resources
Reverse engineering a router part 1 - Hunting for hardware debug ports	http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
New self-protecting USB trojan able to avoid detection	http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/
attactics[dot]org: Bypassing Antivirus With Ten Lines of Code or (Yet Again) Why Antivirus is Largely Useless	http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html
AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device (x-post /r/programming)	http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/
Assembly Optimizations I: (Un)Packing Structures	https://haneefmubarak.com/2016/02/25/assembly-optimizations-i-un-packing-structures/
Breaking homegrown crypto	https://kivikakk.ee/cryptography/2016/02/20/breaking-homegrown-crypto.html
Exploiting a Kernel Paged Pool Buffer Overflow in Avast Virtualization Driver	https://www.nettitude.co.uk/exploiting-a-kernel-paged-pool-buffer-overflow-in-avast-virtualization-driver/
glibc getaddrinfo() stack-based buffer overflow	https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
DLL Injection with an old MMO client	http://kukfa.co/2015/12/dll-injection-with-an-old-mmo-client/
Reverse Engineering the Yik Yak Android App	http://randywestergren.com/reverse-engineering-the-yik-yak-android-app/
Hacking the PS4, part 1 - Introduction to PS4s security, and userland ROP	https://cturt.github.io/ps4.html
[VIDEO] Software Hacking - Simple Patching (IDA Pro, C)	https://www.youtube.com/watch?v=Awg4_6d5Nb8
Where do I start with reverse engineering malware?	I recommend “RE for Beginners”, I like the method used to teach reverse engineering. Then you can start doing some challenges.
MacOS X 10.11.1 File System Buffer Overflow	https://cxsecurity.com/issue/WLB-2015100149
Statically Linking a Windows Kernel Driver as an ELF	http://gaasedelen.blogspot.com/2015/10/statically-linking-windows-kernel.html
A closer look at an operating botnet	http://conorpp.com/blog/a-close-look-at-an-operating-botnet/
How to Reverse Engineer Android Applications	http://darkmatters.norsecorp.com/2015/07/15/how-to-reverse-engineer-android-applications/?utm_content=buffer1915a&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
hackme: Deconstructing an ELF File	http://manoharvanga.com/hackme/
Lots of Reversing Tutorials for Newbs	https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/
Meet ‘Tox’: Ransomeware for the Rest of Us	https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us
Code injection – a simple PHP virus carried in a JPEG image	http://php.webtutor.pl/en/2011/05/13/php-code-injection-a-simple-virus-written-in-php-and-carried-in-a-jpeg-image/
Source for malware, backdoors etc for whitehat testing.	https://www.reddit.com/r/AskNetsec/comments/18vymh/source_for_malware_backdoors_etc_for_whitehat/
Building an SSH Botnet C&C Using Python and Fabric	http://raidersec.blogspot.com/2013/07/building-ssh-botnet-c-using-python-and.html
Malware as a service [pdf]	http://blog.checkpoint.com/wp-content/uploads/2016/08/InsideNuclearsCore_UnravelingMalwarewareasaService.pdf

Bug Bounties

Title	URL
How i Hacked into a PayPals Server - Unrestricted File Upload to Remote Code Execution	http://blog.pentestbegins.com/2017/07/21/hacking-into-paypal-server-remote-code-execution-2017/
Yahoo Bug Bounty: Exploiting OAuth Misconfiguration To Takeover Flickr Accounts – MISHRE	https://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/
Slack SAML authentication bypass	http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html
How I hacked Google’s bug tracking system itself for $15,600 in bounties	https://medium.freecodecamp.org/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5
Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read	https://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/
Facebook Bug Bounties	https://www.facebook.com/notes/phwd/facebook-bug-bounties/707217202701640/
Image removal vulnerability in Facebook polling feature	https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
All your Paypal OAuth tokens belong to me - localhost for the win	http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
Authentication bypass on Airbnb via OAuth tokens theft	https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
Bug bounty left over (and rant) Part III (Google and Twitter)	http://blog.intothesymmetry.com/2018/02/bug-bounty-left-over-and-rant-part-iii.html
How I have hacked Facebook again (..and would have stolen a valid access token)	http://blog.intothesymmetry.com/2014/04/oauth-2-how-i-have-hacked-facebook.html OAuth 2
Taking over Facebook accounts using Free Basics partner portal	https://www.josipfranjkovic.com/blog/facebook-partners-portal-account-takeover
How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties	https://medium.freecodecamp.org/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1
Stored XSS, and SSRF in Google using the Dataset Publishing Language	https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html
Authentication bypass on Uber’s Single Sign-On via subdomain takeover – Arne Swinnens Security Blog	https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/
AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2	http://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2/
Piercing the Veil: Server Side Request Forgery to NIPRNet access	https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a
My Public Evernote: 0day writeup: XXE in uber.com	https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1
Advice From A Researcher: Hunting XXE For Fun and Profit	https://blog.bugcrowd.com/advice-from-a-researcher-xxe/
Hunting For Bugs With AFL 101 - A PRIMER	http://research.aurainfosec.io/hunting-for-bugs-101/
Content Injection Vulnerability in WordPress 4.7 and 4.7.1	https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
Slack SAML authentication bypass	http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html
Microsoft didn’t sandbox Windows Defender, so I did	https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/
[WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading	https://lists.debian.org/debian-devel/2017/06/msg00308.html
[Bug Bounty] GitHub Enterprise SQL Injection	http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
Node.js code injection (RCE) on demo.paypal.com	https://artsploit.blogspot.se/2016/08/pprce2.html
Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS	https://thehackerblog.com/poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/
How I Hacked Facebook, and Found Someones Backdoor Script	http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
Google increases bug bounty reward for Chromebook to $100,000	https://www.hackread.com/google-increases-bugs-bounty-reward-chromebook/
Hack The Pentagon: DoD Launches First-Ever Federal Bug Bounty Program	http://www.darkreading.com/threat-intelligence/hack-the-pentagon-dod-launches-first-ever-federal-bug-bounty-program/d/d-id/1324542?_mc=NL_DR_EDT_DR_weekly_20160303&cid=NL_DR_EDT_DR_weekly_20160303&elqTrackId=83ac6139d95e4093b9a2186e03f662cb&elq=fd5fc2039aab426283a3737b96c99471&elqaid=68121&elqat=1&elqCampaignId=19869
Details of eBays JavaScript bug that they refuse to fix.	http://thedailywtf.com/articles/bidding-on-security
PayPal Remote Code Execution Vulnerability using Java Deserialization	http://artsploit.blogspot.com/2016/01/paypal-rce.html
Even the LastPass Will be Stolen Deal with It!	http://www.martinvigo.com/even-the-lastpass-will-be-stolen-deal-with-it/

Penetration Testing (Exploit POCs, vulnerabilities)

Title	URL
Introduction to Manual Backdooring	http://www.abatchy.com/2017/05/introduction-to-manual-backdooring_24.html
CVE-2017-3881 Cisco Catalyst RCE Proof-Of-Concept	https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
Node.fz: fuzzing the server-side event-driven architecture	https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/
Rooting a Printer: From Security Bulletin to Remote Code Execution	https://www.tenable.com/blog/rooting-a-printer-from-security-bulletin-to-remote-code-execution
Escaping a restricted shell – humblesec	https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
The Weak Bug - Exploiting a Heap Overflow in VMware	http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/
Penetration Testing Flash Apps (aka “How to Cheat at Blackjack”) – PrivSec	https://privsec.blog/penetration-testing-flash-apps-aka-how-to-cheat-at-blackjack/
PenTest Tools for your Security Arsenal	http://www.kitploit.com/
Linux privilege escalation using weak NFS permissions	https://haiderm.com/linux-privilege-escalation-using-weak-nfs-permissions/
Using Python To Get A Shell Without A Shell	https://depthsecurity.com/blog/using-python-to-get-a-shell-without-a-shell
86_64 TCP bind shellcode with basic authentication on Linux systems	https://pentesterslife.blog/2017/11/01/x86_64-tcp-bind-shellcode-with-basic-authentication-on-linux-systems/
Building and Attacking an Active Directory lab with PowerShell	https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/
interference-security/icmpsh: Simple reverse ICMP shell	https://github.com/interference-security/icmpsh
Meltdown and Spectre	https://spectreattack.com/
Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic	https://www.peerlyst.com/posts/bypassing-anti-viruses-with-transfer-backdoor-payloads-by-dns-traffic-damon-mohammadbagher
[PentesterLab] Our exercises	https://pentesterlab.com/exercises/
Mount a Raspberry Pi File System Image	https://pen-testing.sans.org/blog/2016/12/07/mount-a-raspberry-pi-file-system-image
IOActive Labs Research: In Flight Hacking System	http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
Shortcuts: another neat phishing trick	https://d.uijn.nl/2016/12/28/shortcuts-another-neat-phishing-trick/
Basics of Making a Rootkit: From syscall to hook!	https://d0hnuts.com/2016/12/21/basics-of-making-a-rootkit-from-syscall-to-hook/
Cracking 12 Character Above Passwords	http://www.netmux.com/blog/cracking-12-character-above-passwords
ImageTragick/PoCs: Proof of Concepts for CVE-2016–3714	https://github.com/ImageTragick/PoCs
ImageTragick Remote Code Execution	http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.htmlFacebooks
A pure python, post-exploitation, data mining tool and remote administration tool for macOS	https://github.com/manwhoami/Bella
Using the Registry to Discover Unix Systems and Jump Boxes	https://www.fireeye.com/blog/threat-research/2017/03/using_the_registryt.html
The most complete open-source tool for Twitter intelligence analysis (With Sources)	https://github.com/vaguileradiaz/tinfoleak
Five Pentesting Tools and Techniques (That Every Sysadmin Should Know)	https://medium.com/@jeremy.trinka/five-pentesting-tools-and-techniques-that-sysadmins-should-know-about-4ceca1488bff
Various Docker Images for Pentesting	https://github.com/ZephrFish/DockerAttack
SharpShooter - a weaponised payload generation framework with anti-sandbox analysis, staged and stageless payload execution and support for evading ingress monitoring [See comment for Sources]	https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/
Any Interest in a Web Application PenTesting Methodology Cheat Sheet?	https://www.reddit.com/r/AskNetsec/comments/7zz80i/any_interest_in_a_web_application_pentesting/
An ICMP reverse shell to bypass TCP firewall rules	https://github.com/interference-security/icmpsh
On a pentesting gig, you pivot from credential harvesting to an authenticated command injection to a privilege escalation for root.	http://1.media.collegehumor.cvcdn.com/84/37/5f290f6d1def6c35fc73777a817f2672.gif
A Review of PentesterLab	https://littlemaninmyhead.wordpress.com/2017/10/29/a-review-of-pentesterlab/
OSCP Survival Guide Cheatsheet	https://github.com/frizb/OSCP-Survival-Guide/blob/master/README.md
Screwdriving BLE devices	https://www.pentestpartners.com/security-blog/screwdriving-locating-and-exploiting-smart-adult-toys/
Operation Luigi: How I hacked my friend without her noticing	https://defaultnamehere.tumblr.com/post/163734466355/operation-luigi-how-i-hacked-my-friend-without
5 severe Vulnerabilities found in IoT smart alarm system that could allow remote execution	http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
rtfm.py	A python cheat sheet program à la red team field manual
Stealing passwords from McDonalds users	https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users
p0wnedShell - PowerShell Runspace Post Exploitation Toolkit	https://github.com/Cn33liz/p0wnedShell
Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited	https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
Truffle Hog: A tool that Searches Entire Commit History in Git Repositories for High Entropy Strings to Find Secrets Accidentally Committed to Version Control	https://github.com/dxa4481/truffleHog
A thorough Guide to Pentesting Tutorials & WalkThroughs	https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZrg
$3 USB Rubber Ducky	https://www.youtube.com/watch?v=_yJWwKO3_Z0
Best 5 Websites to Master Hacking With Kali Linux : For Beginners	http://www.kalitutorials.net/2016/10/best-5-website-to-master-hacking-with.html
Hacking the Hard Way at the DerbyCon CTF	https://labs.signalsciences.com/hacking-the-hard-way-at-the-derbycon-ctf-d35b4dd4c97d
Metasploit Cheat Sheet - a handy quick reference guide with the most useful commands	http://www.tunnelsup.com/metasploit-cheat-sheet/
nmap cheatsheet + examples	https://highon.coffee/docs/nmap/
“Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking	https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
22 Hacking Sites, CTFs and Wargames To Legally Practice Hacking	https://hackerlists.com/hacking-sites/
Pentest Series: The State of Security - What Project Zeros font bug can teach us about engineering workflow, the nature of exploits, and legacy issues	http://sten0.ghost.io/2016/07/06/the-state-of-security/
Building a Brute-Force Zip File Cracking Tool (this is my first truly original cracking script and I just wanted to show it off, ‘cause I’m proud of it. I would love any constructive criticism on the code).	https://www.youtube.com/watch?v=jqpjF5o1SGs
VMware Escapology - Researchers from ZDI release Metasploit modules for VMware Escapes	https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
Random Vulnerable VM Generator!	https://github.com/cliffe/SecGen
A Secure Shell (SSH) scanner / bruteforcer controlled via the Internet Relay Chat (IRC) protocol.	https://github.com/acidvegas/spaggiari
oss-sec: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)	http://seclists.org/oss-sec/2016/q1/645
Getting Domain Admin with Kerberos Unconstrained Delegation	http://www.labofapenetrationtester.com/2016/02/getting-domain-admin-with-kerberos-unconstrained-delegation.html
Pwning CCTV cameras	https://www.pentestpartners.com/blog/pwning-cctv-cameras/
DLL Hijacking Just Won’t Die	http://textslashplain.com/2015/12/18/dll-hijacking-just-wont-die/
How to embed an executable into Outlook, disguised as a .docx	https://medium.com/@networksecurity/oleoutlook-bypass-almost-every-corporate-security-control-with-a-point-n-click-gui-37f4cbc107d0#.luji1r9xf
I created a beginner’s tutorial for performing DoS and DDoS attacks for y’all	https://toastersecurity.blogspot.com/2015/12/dos-101-ping-of-death.html
Useful PHP Exploitation Methods in Metasploit	https://youtu.be/iD9Qm5KtsWk
Breaking 512-bit RSA encryption with Amazon EC2 is so easy novices can do it.	http://arstechnica.com/security/2015/10/breaking-512-bit-rsa-with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/
Attacking Ruby on Rails Applications	http://phrack.org/papers/attacking_ruby_on_rails.html
Kali Linux 2.0 Android phone hack.	https://www.youtube.com/attribution_link?a=PB984nZ6uqw&u=%2Fwatch%3Fv%3DmWcK_E1xujM%26feature%3Dshare
Kali linux 2.0. ~ Wireless Network Hacking ~	https://www.youtube.com/watch?feature=player_embedded&v=-fu5Wtx7K-o
Hack Like the Bad Guys – Using Tor for Firewall Evasion and Anonymous Remote Access	http://foxglovesecurity.com/2015/11/02/hack-like-the-bad-guys-using-tor-for-firewall-evasion-and-anonymous-remote-access/
How I hacked my IP camera, and found this backdoor account	http://jumpespjump.blogspot.com/2015/09/how-i-hacked-my-ip-camera-and-found.html
Here is a quick video series I made on Metasploit (for Beginners)	https://www.reddit.com/r/hacking/comments/3nypx0/here_is_a_quick_video_series_i_made_on_metasploit/
Pupy: a RAT with an embeded Python interpreter. can load python packages from memory and transparently access remote python objects. The payload is a reflective DLL and leaves no trace on disk	https://github.com/n1nj4sec/pupy
Exploiting MS15-100 Vulnerability (CVE-2015-2509)	http://resources.infosecinstitute.com/exploiting-ms15-100-cve-2015-2509/
Twittor, a Python backdoor that uses Twitter as a C&C server	https://github.com/PaulSec/twittor
The Latest on Stagefright: CVE-2015-1538 Exploit is Now Available for Testing Purposes	https://blog.zimperium.com/the-latest-on-stagefright-cve-2015-1538-exploit-is-now-available-for-testing-purposes/
0x00.txt - the write-up/guide from the FinFisher hack	https://www.reddit.com/r/HowToHack/comments/3j2as7/0x00txt_the_writeupguide_from_the_finfisher_hack/
Things you should do after you install Kali Linux/how to fix things	https://www.reddit.com/r/HowToHack/comments/3d7e1c/things_you_should_do_after_you_install_kali/
DLL Injection Resources - more in comments	http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
Help with SLMailv5.5 Buffer Overflow	https://www.reddit.com/r/AskNetsec/comments/3c4i2y/help_with_slmailv55_buffer_overflow/
Security CheatSheets a wealth of knowledge for a pen-tester	https://github.com/Snifer/security-cheatsheets
(My) Introduction to Doxing. Various Sites and (Basic-Advanced) Information Gathering Techniques.	https://www.reddit.com/r/HowToHack/comments/34ges4/my_introduction_to_doxing_various_sites_and/
Pwning a thin client in less than two minutes	http://blog.malerisch.net/2015/04/pwning-hp-thin-client.html
net-creds.py: the most thorough network/pcap credential harvester	https://github.com/DanMcInerney/net-creds
Hacking Oklahoma State University’s Student ID	http://snelling.io/hacking-oklahoma-state-university-student-id
PowerShell: Better phishing for all!	http://d.uijn.nl/?p=116
[Screenshots] LANs.py: catch usernames, passwords, and messages on a network + inject arbitrary HTML into visited pages	https://www.reddit.com/r/hacking/comments/1q70ic/screenshots_lanspy_catch_usernames_passwords_and/
How to Approach Hacking	https://www.reddit.com/r/HowToHack/comments/1mf46x/how_to_approach_hacking/
What do we think about compiling all our social engineering into some easy-to-read guides?	https://www.reddit.com/r/SocialEngineering/comments/18yrff/what_do_we_think_about_compiling_all_our_social/
Tactics to Hack an Enterprise Network	http://blog.strategiccyber.com/2013/01/14/tactics-to-hack-an-enterprise-network/

Web Application Security

Title	URL
Your interpreter isn’t safe anymore — The PHP module rootkit	https://blog.paradoxis.nl/your-interpreter-isnt-safe-anymore-the-php-module-rootkit-c7ca6a1a9af5
On a high level, how does OAuth 2 work? - Stack Overflow	https://stackoverflow.com/questions/4727226/on-a-high-level-how-does-oauth-2-work/32534239#32534239
Inject All the Things - Shut Up and Hack	http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
XSS Contexts and some Chrome XSS Auditor tricks - web 0x03 - YouTube	https://www.youtube.com/watch?v=8GwVBpTgR2c
Basic of SQL for SQL Injection part 3	http://securityidiots.com/Web-Pentest/SQL-Injection/Part-3-Basic-of-SQL-for-SQLi.html
Java Deserialization Security FAQ	https://www.christian-schneider.net/JavaDeserializationSecurityFAQ.html
SAMLRaider/SAMLRaider: SAML2 Burp Extension	https://github.com/SAMLRaider/SAMLRaider
The Grey Corner: CommonCollections deserialization attack payloads from ysoserial failing on JRE 8u72	http://www.thegreycorner.com/2016/05/commoncollections-deserialization.html
Mobile penetration testing on Android using Drozer – Security Café	https://securitycafe.ro/2015/07/08/mobile-penetration-testing-using-drozer/#more-945
An Overview of Deserialization Vulnerabilities in the Java Virtual Machine	https://www.slideshare.net/joaomatosf_/an-overview-of-deserialization-vulnerabilities-in-the-java-virtual-machine-jvm-h2hc-2017
Bypassing SAML 2.0 SSO with XML Signature Attacks	http://research.aurainfosec.io/bypassing-saml20-SSO/
OAuth 2 attacks - Introducing The Devil Wears Prada and Lassie Come Home	http://blog.intothesymmetry.com/2013/05/oauth-2-attacks-introducing-devil-wears.html
Hunting in the Dark - Blind XXE	https://blog.zsec.uk/blind-xxe-learning/
Cracking the Lens: Targeting HTTPs Hidden Attack-Surface	http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
S3 bucket enumerator	https://github.com/bbb31/slurp bbb31/slurp
Extract subdomains with GAN	GETALTNAME
Gaining Domain Admin from Outside Active Directory	https://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html
Dear developers, beware of DNS Rebinding	https://www.twistlock.com/2018/02/28/dear-developers-beware-dns-rebinding/
In-Depth Subdomain Enumeration	https://github.com/caffix/amass caffix/amass
Triggering a DNS lookup using Java Deserialization	https://blog.paranoidsoftware.com/triggering-a-dns-lookup-using-java-deserialization/
mpirnat/lets-be-bad-guys: A deliberately-vulnerable website and exercises for teaching about the OWASP Top 10	https://github.com/mpirnat/lets-be-bad-guys
RIPS - The State of Wordpress Security	https://blog.ripstech.com/2016/the-state-of-wordpress-security/
Infection Monkey - GuardiCore	https://www.guardicore.com/infectionmonkey/
Getting MOAR Value out of PHP Local File Include Vulnerabilities	https://pen-testing.sans.org/blog/2016/12/07/getting-moar-value-out-of-php-local-file-include-vulnerabilities
Location based XSS attacks	http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/
What is DOM Based XSS (Cross-site Scripting)?	https://www.netsparker.com/blog/web-security/dom-based-cross-site-scripting-vulnerability/
Mining Meteor	https://pen-testing.sans.org/blog/2016/12/06/mining-meteor
Tampermonkey	https://tampermonkey.net/
nidem/MeteorMiner	https://github.com/nidem/MeteorMiner
PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass	https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
dns - GitHub pages custom domain infinite redirect loop	http://stackoverflow.com/questions/11382544/github-pages-custom-domain-infinite-redirect-loop
XML External Entity (XXE) Processing	https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
SSRF bible. Cheatsheet	https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit#heading=h.xm4muaotv626
GitHub’s post-CSP journey - GitHub Engineering	https://githubengineering.com/githubs-post-csp-journey/
fWaf – Machine learning driven Web Application Firewall	Fsecurify
Major version release 1.0.0 of amass, the subdomain enumeration tool written in Go. Shown to be more effective than Sublist3r.	https://github.com/caffix/amass/releases
Extract subdomains with GAN	python tool that extract subdomains from HTTPS certificates.
introduction xml external entity attack and exploitation	https://www.youtube.com/attribution_link?a=aGkEjpF2Jrs&u=%2Fwatch%3Fv%3DLkz_98SY-m8%26feature%3Dshare
Lab for Java Deserialization Vulnerabilities	https://github.com/joaomatosf/JavaDeserH2HC
Exposing Server IPs Behind CloudFlare	http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
RESTful DOOM: HTTP/JSON API for classic Doom	http://1amstudios.com/2017/08/01/restful-doom/
Injection Vulnerabilities - or: How I got a free Burger	https://www.youtube.com/watch?v=WWJTsKaJT_g
AWS Security Primer	https://cloudonaut.io/aws-security-primer/
The entire WebGL Insights book is now free: 23 chapters on advanced topics from 42 authors and 25 reviewers!	http://webglinsights.com/
Exploiting PHPMailer	https://hackr.pl/2016/12/27/exploiting-phpmailer-cve-2016-10033/
Bypassing PHP Null Byte Injection protections - Challenge	https://www.securusglobal.com/community/2016/08/15/bypassing-php-null-byte-injection-protections/
Bypassing PHP Null Byte Injection protections - Part II (Challenge Write-up)	https://www.securusglobal.com/community/2016/08/19/abusing-php-wrappers/
XSS Cheat Sheet	SecLists/Fuzzing has some good text file examples of XSS along with a lot more, like password lists.
owasp is great too
another good xss list
the big list of naughty strings is another fun one.
Use good libraries to prevent it whenever you get a chance, because implementing secure sanitization yourself is always going to be a large project on its own, outside the scope of whatever app you’re making.
for real examples, visit /r/xss and check https://www.openbugbounty.org/ (also a good place to disclose them)
SQL cheat sheet	https://zeroturnaround.com/rebellabs/sql-cheat-sheet/
Using Multi-byte Characters to Nullify SQL injection sanitizing	http://howto.hackallthethings.com/2016/06/using-multi-byte-characters-to-nullify.html
Probing to Find XSS	http://brutelogic.com.br/blog/probing-to-find-xss/
The Genesis of an XSS Worm – Part I	http://brutelogic.com.br/blog/genesis-xss-worm-part-i/
Looking for XSS in PHP Source Code	http://brutelogic.com.br/blog/looking-xss-php-source/
How The Hacker that Hacked The Catalan Police Union Did It? He Posted A Video Of The Process	https://tune.pk/video/6528544/hack
Pastejacking: Using JavaScript to override your clipboard contents and trick you into running malicious commands	https://github.com/dxa4481/Pastejacking
XSS on GoDaddy, Match, CalvinKlein, ToysRus, Southwest, Senate.Gov, RuneScape, CNET, DeviantArt and more	http://antincode.com/post/144664272101/xss-on-godaddy-match-calvinklein-toysrus
How I broke a mobile banking application to gain unrestricted access to several Billion Dollars worth of Deposits.	https://boris.in/blog/2016/the-bank-job/
Blind XSS Code	http://brutelogic.com.br/blog/blind-xss-code/
I’m not a human: Breaking the Google reCAPTCHA	https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
Domino’s: Pizza and Payments	http://www.ifc0nfig.com/dominos-pizza-and-payments/
Issue 773 - google-security-research - TrendMicro: A remote Node.js debugger stub is listening in default install	https://bugs.chromium.org/p/project-zero/issues/detail?id=773
SQL Injection Cheat Sheet by Netsparker	https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
XSS without HTML: Client-Side Template Injection with AngularJS	http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption	http://www.nds.rub.de/media/nds/veroeffentlichungen/2015/08/21/Tls13QuicAttacks.pdf
CSS based Attack: Abusing unicode-range of @font-face	http://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html
Security for building modern web apps	http://dadario.com.br/security-for-building-modern-web-apps/

Computer Science && Algorithms

Title	URL
algorithm - Python- Sieve of Eratosthenes	https://stackoverflow.com/questions/6687296/python-sieve-of-eratosthenes-compact-python
Improve Your Python: Python Classes and Object Oriented Programming	https://jeffknupp.com/blog/2014/06/18/improve-your-python-python-classes-and-object-oriented-programming/
Quick Guide To Polymorphism In Java	https://www.sitepoint.com/quick-guide-to-polymorphism-in-java/
Google Infrastructure Security Design Overview Google Cloud Platform	https://cloud.google.com/security/security-design/#secure_service_deployment
Avoid Else, Return Early	http://blog.timoxley.com/post/47041269194/avoid-else-return-early
Genius explanation of Meltdown/Spectre malware	https://www.reddit.com/r/sysadmin/comments/7ot0ke/genius_explanation_of_meltdownspectre_malware/
Pi-Tac 1.0 - A Raspberry Pi Zero W in a Tic-Tac box, with an Adafruit PiOLED display, and a Powerboost 1000C for push-button power, and safe shutdown on low battery.	https://imgur.com/a/UTMGZ
500 Data Structures and Algorithms practice problems and their solutions	https://www.reddit.com/r/learnprogramming/comments/76g2lo/500_data_structures_and_algorithms_practice/
I created a beginners guide to SSH Keys video tutorial	https://www.youtube.com/watch?v=hHs98hLtZJo
I want to practice Python but I have no idea what to make.	https://www.reddit.com/r/learnprogramming/comments/6u218q/i_want_to_practice_python_but_i_have_no_idea_what/
Bootloader and Low-Level Programming Tutorial: How To Develop Your Own Boot Loader	https://www.apriorit.com/dev-blog/66-develop-boot-loader
Things you didn’t know a bunch of Pis can do: Playing a single video on multiple, freely arranged screens (more in a comment)	https://gfycat.com/TheseHighlevelFlyingfox
My journey to getting hired with no CS degree and no professional programming experience	https://www.reddit.com/r/learnprogramming/comments/6ps3lg/my_journey_to_getting_hired_with_no_cs_degree_and/
Free Microsoft e-book giveaway with thousands of books. Grab ‘em.	https://www.reddit.com/r/learnprogramming/comments/6nrsy2/free_microsoft_ebook_giveaway_with_thousands_of/
Maze generation code, inspired by working through Mazes for Programmers	https://github.com/defndaines/meiro
I built a self-driving car!	https://www.reddit.com/r/cars/comments/6dhzvn/i_built_a_selfdriving_car/
Six programming paradigms that will change how you think about coding	http://www.ybrikman.com/writing/2014/04/09/six-programming-paradigms-that-will/
Java/C++ bots playing StarCraft live at Twitch. Commentary each Sunday 11:00 AM PT.	> BWMirror API is a Java wrapper for C++ BWAPI. It wraps all the classes, constants and enums inside Java objects, while providing the exact same interface as the original C++ BWAPI. This is achieved by heavily utilising JNI. http://www.sscaitournament.com/index.php?action=tutorial
500 Data structures and algorithms interview questions and their solutions	https://techiedelight.quora.com/500-Data-structures-programming-interview-questions
Practical Color Theory for People Who Code	https://tallys.github.io/color-theory/
How I Ruined Office Productivity With a Face-Replacing Slack Bot	http://blog.zikes.me/post/how-i-ruined-office-productivity-with-a-slack-bot/
A beginners trick I learned way too late in the game of learning to code: repetition repetition repetition	https://www.reddit.com/r/learnprogramming/comments/5pyx5t/a_beginners_trick_i_learned_way_too_late_in_the/
Google Infrastructure Security Design Overview	https://cloud.google.com/security/security-design/
We’re programming a virtual machine - from scratch!	https://www.reddit.com/r/learnprogramming/comments/59zjcc/were_programming_a_virtual_machine_from_scratch/
Google Interview University - multi-month study plan for going from web developer (self-taught, no CS degree) to Google software engineer	https://github.com/jwasham/google-interview-university
Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections	http://thehackernews.com/2016/10/nsa-crack-encryption.html
Found an interactive game to learn programing	https://www.reddit.com/r/learnprogramming/comments/51lz7z/found_an_interactive_game_to_learn_programing/
How I made over $50,000 in 5 days with a drone (a step-by-step plan).	https://www.reddit.com/r/Entrepreneur/comments/4wzh45/how_i_made_over_50000_in_5_days_with_a_drone_a/
Over 183,000 datasets on Data.gov - if you’re looking for data for a personal project, here you go	http://catalog.data.gov/dataset
Become a GDB power user!	http://undo.io/resources/presentations/accu-2016-become-gdb-power-user/
Detecting cats in images with OpenCV.	http://www.pyimagesearch.com/2016/06/20/detecting-cats-in-images-with-opencv/
Your favorite scripts you have stolen or made	https://www.reddit.com/r/sysadmin/comments/4oxxgv/your_favorite_scripts_you_have_stolen_or_made/
My new Raspberry Pi espresso controller: touchscreen GUI + PID control + Siri	http://hallee.github.io/espresso-arm/
Pi-Hole doing its job!	http://i.imgur.com/vo92mbx.png
For all of you who are starting programming, here is a site that lets you visualise some data structures and algorithms involving them. I wish I had this in college.	https://www.reddit.com/r/learnprogramming/comments/4oi604/for_all_of_you_who_are_starting_programming_here/
A simple stack overflow question becomes an interesting lesson in tech history (ZIP)	http://stackoverflow.com/questions/20762094/how-are-zlib-gzip-and-zip-related-what-are-is-common-and-how-are-they-differen
Taking over 17000 hosts by typosquatting package managers like PyPi or npmjs.com	http://incolumitas.com/2016/06/08/typosquatting-package-managers/
A game about hacking an imaginary device using a real assembly instruction set. It gives you a debugger and a memory dump and you have to figure out how to exploit it. Xpost from r/programming	https://microcorruption.com
Facebook begins tracking non-users around the internet	http://www.theverge.com/2016/5/27/11795248/facebook-ad-network-non-users-cookies-plug-ins
Google just open sourced something called ‘Parsey McParseface,and it could change AI forever	http://thenextweb.com/dd/2016/05/12/google-just-open-sourced-something-called-parsey-mcparseface-change-ai-forever/
Googling is a skill.	How to use Google.
Open Source remake of Red Alert / C&C / Dune with working multiplayer & a really active community!	http://www.openra.net/
Two Google developers have drafted an API for direct USB access via web pages	https://wicg.github.io/webusb/
Building your own GSM station has become the simplest task in the world	http://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/#.VwiZPRSPDjo.reddit
C/C++ Program Memory - Easily the most helpful book I’ve ever read.	https://www.reddit.com/r/learnprogramming/comments/4d1etw/cc_program_memory_easily_the_most_helpful_book/
Why is calculus important for programming, specifically algorithms?	https://www.reddit.com/r/learnprogramming/comments/4cog17/why_is_calculus_important_for_programming/
Markov Chains explained visually	http://setosa.io/ev/markov-chains/
The gloves are off: FBI argues it can force Apple to turn over iPhone source code	http://www.extremetech.com/mobile/224709-the-gloves-are-off-fbi-argues-it-can-force-apple-to-turn-over-iphone-source-code
Surprise! NSA data will soon routinely be used for domestic policing that has nothing to do with terrorism	https://www.washingtonpost.com/news/the-watch/wp/2016/03/10/surprise-nsa-data-will-soon-routinely-be-used-for-domestic-policing-that-has-nothing-to-do-with-terrorism
About SQL Server on Linux	http://turnoff.us/geek/sql-server-on-linux/
activate-power-mode	https://atom.io/packages/activate-power-mode
PSA: Learn Discrete Math	https://www.reddit.com/r/learnprogramming/comments/465wkd/psa_learn_discrete_math/
ELI5: Why do even numbers feel safer and more pleasing than odd numbers?	https://www.reddit.com/r/explainlikeimfive/comments/45zunb/eli5_why_do_even_numbers_feel_safer_and_more/
“An important thing to become better at programming is to read good code”. I agree but where do I find code for my language and skill level and how do I know it’s good?	https://www.reddit.com/r/learnprogramming/comments/45yv6a/an_important_thing_to_become_better_at/
What’s the coolest mathematical fact you know of?	https://www.reddit.com/r/AskReddit/comments/45m1zl/whats_the_coolest_mathematical_fact_you_know_of/
Parsing 10TB of Metadata, 26M Domain Names and 1.4M SSL Certs for $10 on AWS	http://blog.waleson.com/2016/01/parsing-10tb-of-metadata-26m-domains.html
A critique of “How to C in 2016”	https://github.com/Keith-S-Thompson/how-to-c-response
How to C (as of 2016)	https://matt.sh/howto-c
If you are learning Python and want to build system monitoring or data driven web apps, then here is something to get you started	https://www.reddit.com/r/sysadmin/comments/3udqgm/if_you_are_learning_python_and_want_to_build/
15 Sorting Algorithms in 6 Minutes-Visualization	https://www.youtube.com/watch?feature=youtu.be&v=kPRA0W1kECg&app=desktop
How Cello, a library offering high-level functionality to C, implements (portable) garbage collection	http://libcello.org/learn/garbage-collection
CPython internals: A ten-hour codewalk through the Python interpreter source code	http://pgbovine.net/cpython-internals.htm
Learn to make a game in C++!	https://www.reddit.com/r/learnprogramming/comments/3mtvlk/learn_to_make_a_game_in_c/
The Greatest Regex Trick Ever	http://www.rexegg.com/regex-best-trick.html
I created web app for monitoring temperature and humidity, and wanted share it with you.	https://github.com/hawkerpl/damn_hot_pie
The Art of Command Line	https://github.com/jlevy/the-art-of-command-line
Hi, first post ever! I’ve started a blog on fun graphic guides to algorithms. Thoughts?	http://algosaur.us/
NASA’s ten coding commandments	https://jaxenter.com/power-ten-nasas-coding-commandments-114124.html
Computer Systems Security	MIT OpenCourseWare
Here’s a list of 153 free online programming/CS courses (MOOCs) with feedback(i.e. exams/homeworks/assignments) that you can start this month (July 2015)	https://www.reddit.com/r/learnprogramming/comments/3bw634/heres_a_list_of_153_free_online_programmingcs/
The Open-Source Computer Science Degree	https://www.reddit.com/r/learnprogramming/comments/3btnh6/the_opensource_computer_science_degree/
BetterExplained - A fun website that explains programming concepts and tools in a very easy and intuitive way	https://www.reddit.com/r/learnprogramming/comments/3b0rli/betterexplained_a_fun_website_that_explains/
The Technical Interview Cheat Sheet	https://gist.github.com/TSiege/cbb0507082bb18ff7e4b
Goddamn pointers man… It just doesn’t click	https://www.reddit.com/r/learnprogramming/comments/3hycnu/goddamn_pointers_man_it_just_doesnt_click/
Algorithms and Data Structures cheat sheets?	https://www.reddit.com/r/learnprogramming/comments/3gpvyx/algorithms_and_data_structures_cheat_sheets/
The best Git Workflows explanation so far	https://www.atlassian.com/git/tutorials/comparing-workflows
Learning programming beyond the basics	https://www.reddit.com/r/learnprogramming/comments/3er4xo/learning_programming_beyond_the_basics/
The AI Games - Create a bot for Tetris and join the competition!	http://theaigames.com/competitions/ai-block-battle
The Art of Command Line	https://github.com/jlevy/the-art-of-command-line
PSA for people who often do troubleshooting. PSR is relatively unknown, and it’s awesome.	http://windows.microsoft.com/en-us/windows7/how-do-i-use-problem-steps-recorder
Unicode is Kind of Insane	http://www.benfrederickson.com/unicode-insanity/
Top 10 data mining algorithms in plain English	http://rayli.net/blog/data/top-10-data-mining-algorithms-in-plain-english/
Hi r/programming, 4 months ago I released a tiny text-extraction algorithm. After spending the better part of the last 4 months testing/thinking about extraction algo’s for a paper (never again), I think I’ve landed the big one. Well, it’s small actually. 10 lines of code.	http://rodricios.github.io/posts/solving_the_data_extraction_problem.html
How are reddit bots created?	https://www.reddit.com/r/learnprogramming/comments/362ark/how_are_reddit_bots_created/
40 Key Computer Science Concepts Explained In Layman’s Terms (x-post from r/interestingasfuck)	https://www.reddit.com/r/learnprogramming/comments/33i1k2/40_key_computer_science_concepts_explained_in/
Learn Git Interactively	https://www.reddit.com/r/learnprogramming/comments/2xfieg/learn_git_interactively/
Here’s Waldo: Computing the optimal search strategy for finding Waldo [OC]	http://www.randalolson.com/2015/02/03/heres-waldo-computing-the-optimal-search-strategy-for-finding-waldo/
[Resource] Wireshark video course. Most useful packet capture tool every coder should know (100 free coupons)	https://www.reddit.com/r/learnprogramming/comments/2ueowa/resource_wireshark_video_course_most_useful/
Hey everyone! I’m writing a complete beginner’s guide on how to use Git / Source Control. Thought some of you might find this helpful.	https://www.reddit.com/r/learnprogramming/comments/2ubnew/hey_everyone_im_writing_a_complete_beginners/
Main is usually a function. So then when is it not?	https://jroweboy.github.io/c/asm/2015/01/26/when-is-main-not-a-function.html
I taught myself how to program from scratch. Here are my recommendations for newbies starting out.	https://www.reddit.com/r/learnprogramming/comments/2sm65w/i_taught_myself_how_to_program_from_scratch_here/
Learning iOS development by building a Yik Yak Clone	https://www.reddit.com/r/learnprogramming/comments/2sufw2/learning_ios_development_by_building_a_yik_yak/
A github repo that’s actually a game to help you learn git	https://github.com/hgarc014/git-game
14 clever and useful 3D-printable camera accessories	http://makezine.com/2014/05/09/14-clever-and-useful-3d-printable-camera-accessories/
Tutorial on creating a platformer in Python	https://www.reddit.com/r/learnprogramming/comments/20ejkg/tutorial_on_creating_a_platformer_in_python/
Raspberry Pi Class Now Free on Skillshare	https://www.reddit.com/r/raspberry_pi/comments/1yfwnm/raspberry_pi_class_now_free_on_skillshare/
How I learned to develop Android apps in less than a year	https://www.reddit.com/r/learnprogramming/comments/1s347g/how_i_learned_to_develop_android_apps_in_less/
What are some exercises a beginner should do to get better at coding.	https://www.reddit.com/r/learnprogramming/comments/1ixjvt/what_are_some_exercises_a_beginner_should_do_to/
Introduction to C++, a series of 46 videos created by Redditor sarevok9 [x-post /r/UniversityofReddit]	http://ureddit.com/blog/2013/02/25/featured-class-introduction-to-c/
About 4 months ago I posted a fast/simple youtube to mp3 converter. I’ve kept my promise of no ads and continue to fund it from my own pocket. Can you jump start it by pasting 1 youtube url?	http://www.url-to-mp3.com/
How to make a cakeday site using the Reddit api and JavaScript - x-post r/programming	http://stinaq.me/2013/02/21/how-to-make-a-cakeday-site-using-the-reddit-api-and-javascript/
What other abominations can anyone find written in bash? 3D FPS here…	https://github.com/EvilTosha/labirinth/blob/master/lab2.sh
[Java] Tips and tricks for Java development with Eclipse	https://www.reddit.com/r/learnprogramming/comments/18pa1m/java_tips_and_tricks_for_java_development_with/
Detecting a Loop in Singly Linked List - Tortoise & Hare	http://codingfreak.blogspot.com/2012/09/detecting-loop-in-singly-linked-list_22.html
9 of the Best Free C Books	http://www.linuxlinks.com/article/20130202034416464/9oftheBestFreeC-Part1.html
Instacode - Instagram for Code! (yes this is as useful as you think it is)	http://instacode.linology.info
Found a list of legally FREE e-Books pertaining to programming, comp. sci, and engineering over at /r/freebies	https://www.reddit.com/r/learnprogramming/comments/17diit/found_a_list_of_legally_free_ebooks_pertaining_to/
Java Beginners Course, Making a 3D Game, Minecraft 2D Tutorials, Tower Defence Tutorials!	https://www.reddit.com/r/learnprogramming/comments/14srg6/java_beginners_course_making_a_3d_game_minecraft/
You wan’t to learn how to code a game? Here’s a short template for you. Turn this into tetris as a learning experience. Post a screen shot of your success.	https://www.reddit.com/r/learnprogramming/comments/10iya0/you_want_to_learn_how_to_code_a_game_heres_a/
Learning to program from zero to employable: tips and tricks, or recommended resources?	https://www.reddit.com/r/learnprogramming/comments/yay4p/learning_to_program_from_zero_to_employable_tips/
How many of you, if any at all, would be interested in a stream of me going through and programming a 2D game?	https://www.reddit.com/r/learnprogramming/comments/ptdie/how_many_of_you_if_any_at_all_would_be_interested/

CTF

Title	URL
Defcon-ctf-2017-divided-writeup	https://www.securifera.com/blog/2017/06/18/defcon-ctf-2017-divided-writeup/
Warhable - CTF - PEN-TESTING - CODING - RESEARCH - LEARNING	https://warhable.wordpress.com/
Solving a Danish Defense Intelligence Puzzle - Irken Kitties	https://safiire.github.io/blog/2017/08/19/solving-danish-defense-intelligence-puzzle/
Zero Day Initiative — Deconstructing a Winning Webkit Pwn2Own Entry	https://www.zerodayinitiative.com/blog/2017/8/24/deconstructing-a-winning-webkit-pwn2own-entry
Solving the SANS 2016 Holiday Hack Challenge	https://techanarchy.net/2017/01/solving-the-sans-2016-holiday-hack-challenge/
ForAllSecure released their open CTF-style training platform, HackCenter, at Enigma 2017	https://www.reddit.com/r/netsec/comments/5r8rz8/forallsecure_released_their_open_ctfstyle/
HackCenter	https://hackcenter.com/sign-in
Learn buffer overflows, assembly, and read step-by-step walkthroughs on CTF events/challenges	https://www.reddit.com/r/netsecstudents/comments/6f6zm3/learn_buffer_overflows_assembly_and_read/
Pwntools v3.0 Released	https://www.reddit.com/r/netsec/comments/4z3noh/pwntools_v30_released/
CTF challenges and a guide for beginners	https://github.com/kablaa/CTF-Workshop
Holiday Hack Challenge 2015 Complete Writeup	https://medium.com/@jrozner/holiday-hack-challenge-2015-complete-writeup-1c8300cc847a#.pv007155s

Web Development

Title	URL
learnlayout.com is a nice resouce for beginners in CSS	https://www.reddit.com/r/learnprogramming/comments/88pg39/learnlayoutcom_is_a_nice_resouce_for_beginners_in/
Simple single element spinning loader using CSS	https://codepen.io/AllThingsSmitty/pen/BRbgyp
I’ve created a tutorial for creating a module Angular 5 Dashboard from scratch	https://www.reddit.com/r/learnprogramming/comments/7n5zdv/ive_created_a_tutorial_for_creating_a_module/
jq - like sed for JSON data	https://stedolan.github.io/jq/
A Collection & Specification for Exemplary Frontend and Backend Codebases	https://github.com/gothinkster/realworld
Things you probably didn’t know you could do with Chrome’s Developer Console	https://medium.freecodecamp.com/10-tips-to-maximize-your-javascript-debugging-experience-b69a75859329#.8mba7zmqr
Node.js Playbook - A guide to getting started fast	https://github.com/HiFaraz/node-playbook
How to build a responsive parallax scrolling site using only CSS & HTML.	https://css-tricks.com/tour-performant-responsive-css-site/
Implementing Search Into Your React & Redux App w/ Algolia	http://blog.getstream.io/cabin-react-redux-example-app-algolia/
Funky CSS3 Toggle Buttons	http://codepen.io/ashleynolan/pen/wBppKz
Vanilla JS is a fast, lightweight, cross-platform framework for building incredible, powerful JavaScript applications.	http://vanilla-js.com/
I’ve written a 200 page e-book on how to build an Instagram like social network from scratch with Ruby on Rails. It’s yours for free (no sign up required).	https://www.dropbox.com/s/9vq430e9s3q7pu8/Let%27s%20Build%20Instagram%20with%20Ruby%20on%20Rails%20-%20Free%20Edition.pdf?dl=0
How to Not Suck at JavaScript	http://www.slideshare.net/tmont/how-to-not-suck-at-javascript
Share your silly JavaScripts that you created for fun!	https://www.reddit.com/r/learnprogramming/comments/2sl4ce/share_your_silly_javascripts_that_you_created_for/

Defensive Security && Sys Admin

Title	URL
Securing Windows Workstations: Developing a Secure Baseline » Active Directory Security	https://adsecurity.org/?p=3299
Detecting Lateral Movements in Windows Infrastructure	http://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf
IT and Information Security Cheat Sheets	https://zeltser.com/cheat-sheets/
Docker for Automating Honeypots or Malware Sandboxes	https://dadario.com.br/docker-for-automating-honeypots-or-malware-sandboxes/
A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.	https://github.com/Plazmaz/MongoDB-HoneyProxy
White Hats	http://blog.pentestnepal.tech/
Security Resources: Beginner to Advanced.	https://hrushikeshk.github.io/blog/2018/01/15/security-resources/
Leaked Slides Outline What Are Probably Some of the Most State-Of-The-Art Artifical-Intelligence Powered Social Engineering Methods of the Present Day (partial x-post /r/gaming)	https://imgur.com/a/l4yQ5
Windows Admins: Let’s all take a second to thank or think about Nir Sofer for all the help over the years. What a great portfolio of simple, to the point tools.	http://www.nirsoft.net/about_nirsoft_freeware.html
GitHub - avatsaev/touchbar_nyancat: Stupid nyancat animation on your +$2k MacBook Pro’s Touchbar	https://github.com/avatsaev/touchbar_nyancat
Your Social Media Fingerprint	https://robinlinus.github.io/socialmedia-leak/
Malware, malicious charging stations, and rogue cell towers - Oh My! NIST releases the Mobile Threat Catalogue for public comment on Github.	https://pages.nist.gov/mobile-threat-catalogue/
Website enumeration insanity: how our personal data is leaked (xpost r/sysadmin)	https://www.troyhunt.com/website-enumeration-insanity-how-our-personal-data-is-leaked/
PowerShell Security: PowerShell Attack Tools, Mitigation, and Detection	https://adsecurity.org/?p=2921
Awesome Infosec Resources	https://github.com/onlurking/awesome-infosec
I made a website that explains basic network theory	https://www.reddit.com/r/sysadmin/comments/46r5ws/i_made_a_website_that_explains_basic_network/
Excel tricks to impress your boss	http://i.imgur.com/s8neQNJ.jpg
Defending Against Mimikatz	https://jimshaver.net/2016/02/14/defending-against-mimikatz/
Wireshark Workflow - Analyzing Malicious Traffic (Sasser Worm)	http://hackmethod.com/malicious-network-traffic-wireshark/
CryptoWall 4.0 Released - We’ve already seen it with one of our clients	http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/
Portrait of a Sysadmin	https://www.facebook.com/baattinofficial/videos/1190780811044387/
Tron v6.7.0 (2015-09-23) // Disable Windows 10 telemetry; Remove Lenovo spyware; large improvements to OEM de-bloat section	https://www.reddit.com/r/sysadmin/comments/3m71gt/tron_v670_20150923_disable_windows_10_telemetry/
Script that tracks the devices in your network and displays statistics/charts about what is running at which times. (I’m definitely the one spending the most time on my computer in my flat)	https://github.com/phiresky/nmap-log-parse
Great list of sysadmin resources/tools	https://github.com/kahun/awesome-sysadmin
I’ve been sent a clearly malicious bit.ly link by a hacked skype account. What’s the best way to safely analyze where the malice is?	https://www.reddit.com/r/AskNetsec/comments/3fkmiz/ive_been_sent_a_clearly_malicious_bitly_link_by_a/
Awesome tip i learned form a graybeard, the .\	https://www.reddit.com/r/sysadmin/comments/3dmmcl/awesome_tip_i_learned_form_a_graybeard_the/
Free certification practice test engine with thousands of questions for CCNA, CISSP, CEH, Net+, Sec+, PMP, etc.	https://www.skillset.com/certifications?a=m
PSA for people who often do troubleshooting. PSR is relatively unknown, and it’s awesome.	http://windows.microsoft.com/en-us/windows7/how-do-i-use-problem-steps-recorder
HOW TO: Remove yourself from MOST background check sites and people search engines. Thanks to LawyerCT & Pibbman!	https://www.reddit.com/r/technology/comments/31u84n/how_to_remove_yourself_from_most_background_check/
Tron v6.1.0 (2015-03-29) // Add Kaspersky VRT, remove Vipre (speed increase), logging cleanup, preserve LogMeIn sessions	https://www.reddit.com/r/sysadmin/comments/30x1xu/tron_v610_20150329_add_kaspersky_vrt_remove_vipre/
Sad Server: All SysAdmin’s will Love this Twitter Handle [Truly Hilarious]	https://twitter.com/sadserver
I made a free tool for rapidly scanning Cisco routers. [Download link in post] (xpost from /r/netsec)	https://www.reddit.com/r/sysadmin/comments/2suyid/i_made_a_free_tool_for_rapidly_scanning_cisco/
So apparently you need a CAL to obtain an IP address from a Windows DHCP Server..	http://blogs.technet.com/b/volume-licensing/archive/2014/03/10/licensing-how-to-when-do-i-need-a-client-access-license-cal.aspx
I was unhappy with the other subnet calculators out there so I built one myself. I hope you agree it’s better than the rest.	http://www.tunnelsup.com/subnet-calculator
The Best Hidden Features of VLC: downloads YouTube videos, records desktop, converts video files and more	http://lifehacker.com/the-best-hidden-features-of-vlc-1654434241
windows 10 to have a package manager	http://www.howtogeek.com/200334/windows-10-includes-a-linux-style-package-manager-named-oneget/
Found this brilliant guide on StackExchange - how to Hack into a computer through its MAC and IP address (x-post from /r/sysadmin)	http://security.stackexchange.com/questions/56181/hack-into-a-computer-through-mac-and-ip-address
Worked on a completely locked down machine. Time passed quick	https://www.reddit.com/r/excel/comments/2jtd2f/worked_on_a_completely_locked_down_machine_time/
How I made the office IT guy hate me	http://imgur.com/QCBtATV
Just Sysadmin Things… for which I’ve been reprimanded	https://www.reddit.com/r/sysadmin/comments/2gt7x5/just_sysadmin_things_for_which_ive_been/
In honor the 4th of July, I present Tron, who “fights for the User” (automated disinfect/cleanup package)	https://www.reddit.com/r/sysadmin/comments/29u4c3/in_honor_the_4th_of_july_i_present_tron_who/
Happy Hour Virus - How to leave work early (XPost from /r/ProgrammerHumor)	http://happyhourvirus.com/
How do you get new desktop machines ready as soon as possible?	https://www.reddit.com/r/sysadmin/comments/1tj5ob/how_do_you_get_new_desktop_machines_ready_as_soon/
Active Directory Administrators Toolkit	https://www.reddit.com/r/sysadmin/comments/1t3a2a/active_directory_administrators_toolkit/
Why PowerShell?	http://ramblingcookiemonster.wordpress.com/2013/12/07/why-powershell/
So my daughter’s friends thought they would prank her…	https://www.reddit.com/r/sysadmin/comments/1ontpn/so_my_daughters_friends_thought_they_would_prank/
Best security practices for a VMware Workstation sandbox	https://www.reddit.com/r/AskNetsec/comments/17r95x/best_security_practices_for_a_vmware_workstation/

Tech News

Title	URL
Amazon claims another victim: Cisco kills its $1 billion cloud	http://www.businessinsider.in/amazon-claims-another-victim-cisco-kills-its-1-billion-cloud/articleshow/55989213.cms
This Pakistani student has developed a full-blown IDE for Assembly language	https://www.techjuice.pk/pakistani-student-ide-for-assembly-language/
Internet protocols are changing - Future of TCP, DNS, TLS and HTTP	https://blog.apnic.net/2017/12/12/internet-protocols-changing/
Inside the world of Silicon Valley’s ‘coasters’ — the millionaire engineers who get paid gobs of money and barely work	http://www.businessinsider.com/rest-and-vest-millionaire-engineers-who-barely-work-silicon-valley-2017-7
U.S. Senators introduce IoT bill affecting gov. procurement; good-faith research liability protections.	https://www.warner.senate.gov/public/index.cfm/pressreleases?id=06A5E941-FBC3-4A63-B9B4-523E18DADB36
How is NSA breaking so much crypto?	https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/
Comcast’s CEO Wants the End of Unlimited Data	http://www.fool.com/investing/general/2015/12/23/comcasts-ceo-wants-the-end-of-unlimited-data.aspx

Saved Comments

TIL that Doom was so popular in 1995 that it was installed on more PCs than Windows 95. Bill Gates briefly considered buying ID software, but settled for getting a team at Microsoft to port the game to Win95. The team was led by Gabe Newell. > inverse square root
There is no obvious reason why this should work, and how Carmack or any of the previous users of this stunningly elegant hack came across the magic value 0x5f3759df appears to have been lost to history. Beyond3D tried to trace it back through the ages, but after going through Carmack, an x86 assembly hacker called Terje Matheson, NVIDIA and eventually Gary Tarolli who used it in his days at 3dfx, the trail went cold.
It’s a real pity, because finding that constant would have required someone to think in a completely different direction to everyone else, and be convinced enough that such a constant even existed to spend time narrowing it down.
Source: https://blog.dave.io/2011/10/0x5f3759df-true-magic-number/
From a web dev perspective, familiarize yourself with the OWASP rules to prevent it if you want to stay safe. XSS is one of the easiest things to find in the wild. Usually I can find it pretty quickly in a vulnerable site by just looking at the chrome network connections and seeing when requests are made with URL params, and see if changing those gets inserted into bad spots in the page - and that’s just reflected XSS, low hanging fruit. Some people just put URL parameters right into javascript, and something like ', 'z':alert('xss'), 'y': ' can work. Also, it’s not just quotes. alert(/XSS/) will execute too.
Just make sure you track the flow of user input, and never assume obfuscation or an extremely complex javascript file is enough to prevent people from realizing where input goes and how it might be processed. If you check for URL params that are prepended with debug_ and do something special with them, it’s going to be possible for attackers to find that and send their own input. And never assume that it being processed server side is enough to prevent people from finding a vulnerability.
Also, make sure you test with firefox. I’ve found that firefox has a lot of potential XSS that chrome fixes on its own. Chrome might prevent HTML tag injections like

Share on

WRITTEN BY

Anthony Laiuppa

DevSecOps Engineer