# TL;DR This page does **NOT** pretend to replace [AWAE/OSWE ](https://www.offensive-security.com/awae-oswe/)content, this is a compilation of the best (**public|my own)** **resources** I have come up with. **AWAE LIST**: * [Persistent Cross-Site Scripting](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-vulnerability/xss#stored) * [Session Hijacking](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-vulnerability/xss#session-hijaking) * [.NET Deserialization](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-vulnerability/deserialization/by-language/.net) * [Data Exfiltration](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-vulnerability/xss#data-exfiltration) * [Bypassing File Extension Filters](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-vulnerability/file-upload-restrictions-bypass/file-extension-filters-bypass) * [Magic Hashes](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-language/php/type-juggling) * [Bypassing REGEX restrictions](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/regex#filter-bypass) * [Cross-Site Request Forgery](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/general/pocs/csrf) * [Type Juggling ](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-language/php/type-juggling) * [Blind SQL Injection](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/general/pocs/sql-injection#blind-time-based) * [Bypassing File Upload Restrictions](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-vulnerability/file-upload-restrictions-bypass) * [Loose Comparisons](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-language/php/type-juggling) * [Bypassing Character Restrictions](https://jorgectf.gitbook.io/awae-oswe-preparation-resources/by-vulnerability/sql-injection/bypassing-character-restrictions) **PERSONAL LIST**: * Blind Time-Based & Boolean SQL Injection + Bypassing Character Restrictions * MySQL * PostgreSQL * Deserialization * PHP * Java * .NET * XSS * Reflected * Stored * Data Exfiltration * Filter Bypass * Loose Comparison * Type Juggling * Magic Hashes * REGEX * Filter Bypass * File Upload Restrictions Bypass * File Extension Filters Bypass Great people I have learnt a ton from:\ [@secgus](https://twitter.com/secgus), [@julianjm](https://blog.julianjm.com/), [@cynops](https://twitter.com/cyn0ps), [@devploit](https://twitter.com/devploit), [@oreos](https://twitter.com/oreos_es), [@rmartinsanta](https://twitter.com/rmartinsanta). Mentioned people:\ [@Takito](https://twitter.com/takito1812), [ITasahobby](https://itasahobby.gitlab.io/). (**CTF**) Platforms I have enjoyed (and I'm enjoying) **the most**. {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %}