Links
A list of security resources
Web application testing techniques
Security of web applications: vulnerabilities in upload mechanisms
PortSwigger HTTPS hidden attack surface
Exfiltration via CSS injection
SQL injection
PHP
State of the Art Post Exploitation in Hardened PHP Environments
Java
Deserialization
Unexpected Deserialization pt 1 – JMS
Pwning Your Java Messaging With Deserialization Vulnerabilities
Exploiting Node.js deserialization bug for Remote Code Execution
SSL/TLS
Crypto
Recovering ECDSA private keys for reuse of k
Ruby
Helpers/Utilities
Cloud security
Cloudberry Engineering cloud security tools list
Azure
Azure File shares for pentesters - NetSPI
Utilising Azure services for red team engagements - NetSPI
Azure Fundamental for Ethical Hackers and Special Ops Team
Azure Penetration Testing Category at NetSPI Blog
Azure AD Introduction for Red Teamers
Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
Head in the clouds - Microsoft Azure
GCP
Post exploitation and Privilege escalation in GCP
Active Directory/ Windows Enterprise
Networking
Multiple ways of writing an IP address
Bug bounty reads
how-i-made-31500-by-submitting-a-bug-to-facebook
We Hacked Apple for 3 Months: Here’s What We Found
Just another bug bounty recon guide
Vulnerable/challenge apps
SECURITY PRACTICAL CHALLENGES - ONLINE AND LIVE
Red teaming blogs
Red teaming techniques
AmsiScanBuffer Bypass - Part 1
Kerberos
Kerberosity Killed the Domain: An Offensive Kerberos Overview
SMB/MSRPC
Lateral movement with named pipes
Client side protection bypasses
15 ways to bypass the Powershell execution policy