Party Cat0%

Resources

🛑 Note: This content is not organized by any means. It is straight up copied from my personal notes. You are free to organize it your way or pass it to an AI tool for better organization if you want. It is not beginner-friendly and assumes baseline security knowledge. If you have some extra good-quality stuff to add, hit me up on discord
Download Markdown File

Research sources

https://www.sonarsource.com/blog/why-code-security-matters-even-in-hardened-environments https://portswigger.net/research https://ajinabraham.com/ https://research.checkpoint.com/ https://blog.pentesteracademy.com/ https://www.elttam.com/blog https://www.ghostccamm.com/blog https://www.synacktiv.com/en/publications/ https://snyk.io/articles pentesterlab
Talks like in Black Hat ... etc
good writeups or article i think: https://positive.security/blog
https://labs.watchtowr.com/
https://www.elttam.com/blog/plorming-your-primsa-orm/

client side

https://aszx87410.github.io/beyond-xss/en/ch2/csp-bypass/
check google ctf

External like Korean or Chinese

https://fushuling.com/ https://rce.moe/2025/09/29/CVE-2025-41243
extra
https://jorianwoltjer.com/blog/p/ctf/openecsc-2025-kittychat-secure
https://mohamedwagdy.notion.site/Researchers-Blogs-1723f09570da8001b5f9eaabe0d13fde
  1. Orange
  2. Adam Caudil
  3. Black Hills InfoSec
  4. Omer Gil
  5. 0day fans
  6. https://mizu.re/
  7. shubs.io
  8. diefunction
  9. https://spaceraccoon.dev/
  10. www.acunetix.com
  11. https://daniel.haxx.se/
  12. https://www.benhayak.com/
https://github.com/0xkalawy/My-CTF-challs
x profiles
https://www.reddit.com/r/websecurityresearch/
https://securityonline.info/
https://blog.huli.tw/2023/12/03/en/xss-and-web-challenges/ mizu blog Beyond xss blog Jorianwoltjer blog Beyond xss Hulis blog cybersecurity browser exploitation hand book -> you can find this on google
https://blog.ryotak.net/post/dom-based-race-condition/
https://dimasc.tf/
SEARCH X, find stuff
xss: https://blog.huli.tw/2022/04/07/en/iframe-and-window-open/
https://ouuan.moe/post/2025/03/tpctf-2025 < 6 ctfs
https://hibwyli.github.io/posts/kitty-chat-secure/
https://blog.arkark.dev/
iframe bypasses and more > https://blog.huli.tw/2021/10/25/en/learn-frontend-from-security-pov/
https://x.com/ryotkak https://arkark.dev/ << this is the one on alpha hack

ParseInt

https://logicalhunter.me/exploiting-number-parsers-in-javascript/
https://www.wizer-training.com/ctf

resources

https://x86re.com/ https://explainshell.com/ https://pwn.college/ https://www.intigriti.com/researchers/blog/bug-bytes/ https://rafa.hashnode.dev/
https://dreamhack.io/lecture/roadmaps -> courses
CTF Upgrading > https://trailofbits.github.io/ctf/
For CTF Writeups: https://github.com/TheMaccabees/ctf-writeups Source Code Review: https://github.com/dub-flow/secure-code-review-challenges
Other People Notes Contains A Lot of things
http://sallam.gitbook.io https://pentestbook.six2dez.com/ https://ahmed-tarek.gitbook.io/0x_xnum https://0xhunterr.gitbook.io/ https://oreobiscuit.gitbook.io/ https://www.notion.so/1-Recon-11652a3d6eb580ccbf5beeb22969033e https://gowsundar.gitbook.io/ brutecat.com >>
gpdr
methodolgy notes https://x.com/40sp3l/status/1936599296037544289 https://www.notion.so/Web-Exploitation-Suite-1f2b2546f47a807ca4d7c908d9c1a3f1
https://siunam321.github.io/ctf/
Crypto: https://cryptohack.org/ https://www.dcode.fr/cipher-identifier
Tricks hacking: https://worst.fit/ blog.orange.tw
https://alpacahack.com/ ^^^ get some chinese and japanese blogs from it too. tips and tricks
Notes: search: *.github.io & *.gitbook.io search: #bugbounty <bug> search: use DeepSeek search search site:hackerone.com to get reports
opensource app? copilot give endpoints
https://aszx87410.github.io/beyond-xss/en/
CSS Injection https://aszx87410.github.io/beyond-xss/en/ch3/css-injection/

RESEARCHES

Portswigger and PentesterLab https://devanshbatham.hashnode.dev/?source=top_nav_blog_home https://thehackerblog.com/

JS

https://thehackerish.com/javascript-enumeration-for-bug-bounty-hunters/ https://oreobiscuit.gitbook.io/introduction/bug-bounty-reports-and-articles/leaks-and-disclosure-pii-api-key-etc dork: javascript bug bounty site:*.github.io
Live Hacker Mentoring: Lets be a dork and read .js (javascript) files with zseano. ^^^ https://www.bugbountyhunter.com/guides/?type=javascript_files
JS Analysis for Pentesters: https://kpwn.de/2023/05/javascript-analysis-for-pentesters/
https://medium.com/cyprox-io/javascript-to-api-bugs-3b5a778e51b7

Some Articles & Videos

https://aditya-narayan.medium.com/easy-bounties-javascript-js-file-analysis-72ba5eb44822 unlisted: Leaked API Keys – ft. PwnFunction, idk useful or not: v https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/recon-and-osint/untitled https://alexvec.github.io/posts/monitoring-js-files/

pwn (binary exploitaiton)

https://github.com/Crypto-Cat/CTF/tree/main/pwn/binary_exploitation_101 https://www.ired.team/ https://dayzerosec.com/blog/2024/07/11/getting-started-2024.html > pretty good!
Pwn Challenges Walk through Playlist: https://www.youtube.com/playlist?list=PLgFGvYaa4gh98DZHYQj1B8t1KpWmAH7AH -> https://snwo.tistory.com/102
https://0xinfection.github.io/reversing/
https://www.youtube.com/watch?v=FpKL2cAlJbM also the series of crypto cat of solving htb
🌹 لا تنسونا من صالح دعائكم بظهر الغيب