#### File Was Downloaded From https://Mushroom.Cat/resources #### Note: when you browse in some blogs, you will find some references to other blogs, articles, writeups, etc, save and check them as well, they might have some juicy stuff, this is how you create your own resources ## Research sources https://www.sonarsource.com/blog/why-code-security-matters-even-in-hardened-environments https://portswigger.net/research https://ajinabraham.com/ https://research.checkpoint.com/ https://blog.pentesteracademy.com/ https://www.elttam.com/blog https://www.ghostccamm.com/blog https://www.synacktiv.com/en/publications/ https://snyk.io/articles pentesterlab Talks like in Black Hat ... etc good writeups or article i think: https://positive.security/blog https://labs.watchtowr.com/ https://www.elttam.com/blog/plorming-your-primsa-orm/ ## client side https://aszx87410.github.io/beyond-xss/en/ch2/csp-bypass/ https://github.com/zomasec/client-side-bugs-resources check google ctf ## External like Korean or Chinese https://fushuling.com/ https://rce.moe/2025/09/29/CVE-2025-41243 extra https://jorianwoltjer.com/blog/p/ctf/openecsc-2025-kittychat-secure https://mohamedwagdy.notion.site/Researchers-Blogs-1723f09570da8001b5f9eaabe0d13fde 1. [Orange](https://blog.orange.tw/) 2. [Adam Caudil](https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/) 3. [Black Hills InfoSec](https://www.blackhillsinfosec.com/) 4. [Omer Gil](https://omergil.blogspot.com/) 5. [0day fans](https://0dayfans.com/) 6. [https://mizu.re/](https://mizu.re/) 7. [shubs.io](http://shubs.io/) 8. [diefunction](http://blog.diefunction.io/) 9. [https://spaceraccoon.dev/](https://spaceraccoon.dev/) 10. [www.acunetix.com](http://www.acunetix.com/) 11. [https://daniel.haxx.se/](https://daniel.haxx.se/) 12. [https://www.benhayak.com/](https://www.benhayak.com/) https://github.com/0xkalawy/My-CTF-challs ![x profiles](/images/resources/image.png) https://www.reddit.com/r/websecurityresearch/ https://securityonline.info/ https://blog.huli.tw/2023/12/03/en/xss-and-web-challenges/ mizu blog Beyond xss blog Jorianwoltjer blog Beyond xss Hulis blog cybersecurity browser exploitation hand book `->` you can find this on google https://blog.ryotak.net/post/dom-based-race-condition/ https://dimasc.tf/ SEARCH X, find stuff xss: https://blog.huli.tw/2022/04/07/en/iframe-and-window-open/ https://ouuan.moe/post/2025/03/tpctf-2025 `<` 6 ctfs https://hibwyli.github.io/posts/kitty-chat-secure/ https://blog.arkark.dev/ iframe bypasses and more `>` https://blog.huli.tw/2021/10/25/en/learn-frontend-from-security-pov/ https://x.com/ryotkak https://arkark.dev/ `<<` this is the one on alpha hack ## ParseInt https://logicalhunter.me/exploiting-number-parsers-in-javascript/ https://www.wizer-training.com/ctf --- ## resources https://x86re.com/ https://explainshell.com/ https://pwn.college/ https://www.intigriti.com/researchers/blog/bug-bytes/ https://rafa.hashnode.dev/ https://dreamhack.io/lecture/roadmaps `->` courses CTF Upgrading `>` https://trailofbits.github.io/ctf/ For CTF Writeups: https://github.com/TheMaccabees/ctf-writeups Source Code Review: https://github.com/dub-flow/secure-code-review-challenges **Other People Notes Contains A Lot of things** http://sallam.gitbook.io https://pentestbook.six2dez.com/ https://ahmed-tarek.gitbook.io/0x_xnum https://0xhunterr.gitbook.io/ https://oreobiscuit.gitbook.io/ https://www.notion.so/1-Recon-11652a3d6eb580ccbf5beeb22969033e https://gowsundar.gitbook.io/ brutecat.com `>>` gpdr methodolgy notes https://x.com/40sp3l/status/1936599296037544289 https://www.notion.so/Web-Exploitation-Suite-1f2b2546f47a807ca4d7c908d9c1a3f1 https://siunam321.github.io/ctf/ Crypto: https://cryptohack.org/ https://www.dcode.fr/cipher-identifier Tricks hacking: https://worst.fit/ blog.orange.tw https://alpacahack.com/ ^^^ get some chinese and japanese blogs from it too. tips and tricks Notes: search: \*.github.io & \*.gitbook.io search: \#bugbounty `` search: use DeepSeek search search site:hackerone.com to get reports opensource app? copilot give endpoints https://aszx87410.github.io/beyond-xss/en/ CSS Injection https://aszx87410.github.io/beyond-xss/en/ch3/css-injection/ ### RESEARCHES Portswigger and PentesterLab https://devanshbatham.hashnode.dev/?source=top_nav_blog_home https://thehackerblog.com/ --- ## JS https://thehackerish.com/javascript-enumeration-for-bug-bounty-hunters/ https://oreobiscuit.gitbook.io/introduction/bug-bounty-reports-and-articles/leaks-and-disclosure-pii-api-key-etc dork: `javascript bug bounty site:*.github.io` [Live Hacker Mentoring: Lets be a dork and read .js (javascript) files with zseano.](https://www.youtube.com/watch?v=0jM8dDVifaI) ^^^ https://www.bugbountyhunter.com/guides/?type=javascript_files JS Analysis for Pentesters: https://kpwn.de/2023/05/javascript-analysis-for-pentesters/ https://medium.com/cyprox-io/javascript-to-api-bugs-3b5a778e51b7 ### Some Articles & Videos https://aditya-narayan.medium.com/easy-bounties-javascript-js-file-analysis-72ba5eb44822 unlisted: [Leaked API Keys – ft. PwnFunction](https://www.youtube.com/watch?v=4enjKo2hQMY), idk useful or not: [v](https://www.youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-) https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/recon-and-osint/untitled https://alexvec.github.io/posts/monitoring-js-files/ --- ## pwn (binary exploitaiton) https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101 https://www.ired.team/ https://dayzerosec.com/blog/2024/07/11/getting-started-2024.html `>` pretty good! Pwn Challenges Walk through Playlist: https://www.youtube.com/playlist?list=PLgFGvYaa4gh98DZHYQj1B8t1KpWmAH7AH `->` https://snwo.tistory.com/102 https://0xinfection.github.io/reversing/ https://www.youtube.com/watch?v=FpKL2cAlJbM also the series of crypto cat of solving htb ---