- https://pentest-ground.com/
- https://websecurity-academy.com/
- https://github.com/pavanw3b/sh00t
- https://github.com/juice-shop/juice-shop
- https://owasp.org/www-project-juice-shop/
- https://github.com/danielmiessler/SecLists
- https://github.com/Igglybuff/awesome-piracy
- https://github.com/payloadbox/xss-payload-list
- https://github.com/Azure/Azure-Network-Security
- https://github.com/0x4D31/awesome-threat-detection
- https://github.com/dafthack/CloudPentestCheatsheets
- https://github.com/swisskyrepo/PayloadsAllTheThings
- https://github.com/Hack-with-Github/Awesome-Hacking
- https://github.com/Lissy93/personal-security-checklist
- https://github.com/OWASP/www-project-top-10-ci-cd-security-risks
- https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
- https://github.com/tadwhitaker/Security_Engineer_Interview_Questions
- https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/
- https://www.darkreading.com/
- https://darknetdiaries.com/
- https://vx-underground.org/
- https://craphound.com/
- guidovranken.files.wordpress.com/2018/07/vrankenfuzz.pdf
- crypto.stanford.edu/~dabo/cryptobook/BonehShoup_0_4.pdf
- https://github.com/FiloSottile/awesome-age
- en.wikipedia.org/wiki/Caesar_cipher
- www.bouncycastle.org/
- https://www.cecurity.com/
- https://www.vaultproject.io/
- https://github.com/hashicorp/vault
- https://github.com/Infisical/infisical
- https://42crunch.com/
- https://securitytxt.org/
- https://www.srihash.org/
- https://www.virustotal.com
- https://securityheaders.com
- https://www.dashlane.com/fr/
- https://guardianproject.info/apps/pixelknot/
- https://security.stackexchange.com/questions/8476/how-difficult-to-crack-keepass-master-password
- https://github.com/edoardottt/awesome-hacker-search-engines
- https://github.com/decalage2/awesome-security-hardening
- https://github.com/Authenticator-Extension/Authenticator
- https://github.com/mgeeky/Penetration-Testing-Tools
- https://github.com/hackerschoice/ssh-key-backdoor
- https://github.com/Orange-Cyberdefense/KeePwn
- https://github.com/th3unkn0n/facebash-termux
- https://github.com/DontPanicO/jwtXploiter
- https://github.com/MCRcortex/nekodetector
- https://github.com/boringtools/git-alerts
- https://github.com/google/csp-evaluator
- https://github.com/chromium/badssl.com
- https://github.com/mitmproxy/mitmproxy
- https://github.com/ndelphit/apkurlgrep
- https://github.com/goodwithtech/dockle
- https://github.com/Infisical/infisical
- https://github.com/Tw1sm/spraycharles
- https://github.com/Lissy93/web-check *
- https://github.com/chenjj/CORScanner
- https://github.com/nextcloud/passman
- https://github.com/hktalent/scan4all
- https://github.com/Z4nzu/hackingtool
- https://github.com/svenstaro/genact
- https://github.com/Teknexx/cerberus
- https://github.com/kdzwinel/betwixt
- https://github.com/ddosify/ddosify
- https://github.com/hashcat/hashcat
- https://github.com/gchq/CyberChef
- https://github.com/CISOfy/lynis
- https://github.com/D3Ext/WEF
- safebrowsing.google.com/safebrowsing/report_phish/?hl=en
- https://github.com/OWASP/www-project-vulnerable-web-applications-directory
- https://github.com/payloadbox/sql-injection-payload-list
- https://kaimi.io/en/2019/03/pentest-101-web-wordlists/
- https://github.com/aleedhillon/7000-Google-Dork-List
- https://github.com/correlatedsecurity/Awesome-SOAR
- https://github.com/kaimi-io/web-fuzz-wordlists
- https://github.com/dloss/python-pentest-tools
- https://github.com/roya0045/Pentest-practice
- https://github.com/onlurking/awesome-infosec
- https://github.com/crowdsecurity/crowdsec
- https://github.com/ivan-sincek/forbidden
- https://github.com/nico3333fr/CSP-useful
- https://github.com/dwmkerr/hacker-laws
- https://github.com/htr-tech/zphisher
- https://github.com/NullArray/DorkNet
- https://github.com/0xffsec/handbook
- https://github.com/B-i-t-K/PwnFox
- https://github.com/m4ll0k/Atlas
- https://github.com/OWASP/Amass
- https://github.com/s0md3v/uro
- https://github.com/f13end
- Same-Origin Policy (SOP)
- Cross-Origin Resource Sharing (CORS)
- Cross-Site Scripting (XSS)
- Content Security Policy (CSP)
- WebSocket Security.
- https://medium.com/@weizmangal/javascript-anti-debugging-some-next-level-sh-t-part-2-abusing-chromium-devtools-scope-pane-b2796c00331d
- https://www.hackers-arise.com/post/wi-fi-hacking-using-wifite-for-multiple-attack-strategies-against-wi-fi-ap-s
- https://www.kitploit.com/2023/06/linkedindumper-tool-to-dump-company.html?m=1
-Cross-origin writes are typically allowed: links, redirects, form submissions, -Cross-origin embedding is typically allowed: scripts, lib, css, images... -Cross-origin reads are typically prohibited: request is executed to the server and received by the browser but then it's blocked by the browser if header is incorrect.
-Implicit is automatically done by the browser at each request (even cross-origin): cookies, http basic auth, tls client certificates -Explicit is done manually by the developer: session token via header/body...
-Write operations via GET, POST or HEAD -Implicit authentification (eg: cookies) and no explicit authentification (no non-standard header) (because a preflight OPTIONS will be used) -Standard HTML form content types: x-www-form-urlencoded or multipart/form-data or text/plain
-Distinguish GET from non-GET on the server side -Use explicit auth or include CSRF token and check it on the server side OR -Only accept a non-standard format (ex JSON) for non GET requests OR -Set a non-standard header ok a combination of these -As defense in depth: set the SameSite cookie attribute
-It allows cross-origin requests in a controlled way