swisskyrepo
diff --git a/‎Google Web Toolkit/README.md‎
Lines changed: 4 additions & 4 deletions b/‎Google Web Toolkit/README.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎GraphQL Injection/README.md‎
Lines changed: 16 additions & 2 deletions b/‎GraphQL Injection/README.md‎
Lines changed: 16 additions & 2 deletions
diff --git a/‎Headless Browser/README.md‎
Lines changed: 13 additions & 2 deletions b/‎Headless Browser/README.md‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎Hidden Parameters/README.md‎
Lines changed: 7 additions & 6 deletions b/‎Hidden Parameters/README.md‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎Insecure Deserialization/DotNET.md‎
Lines changed: 4 additions & 1 deletion b/‎Insecure Deserialization/DotNET.md‎
Lines changed: 4 additions & 1 deletion
@@ -6,17 +6,17 @@
 ## Summary
 
 * [Tools](#tools)
-* [Enumerate](#enumerate)
+* [Methodology](#methodology)
 * [References](#references)
 
 
 ## Tools
 
-* [FSecureLABS/GWTMap](https://github.com/FSecureLABS/GWTMap)
-* [GDSSecurity/GWT-Penetration-Testing-Toolset](https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset)
+* [FSecureLABS/GWTMap](https://github.com/FSecureLABS/GWTMap) - GWTMap is a tool to help map the attack surface of Google Web Toolkit (GWT) based applications. 
+* [GDSSecurity/GWT-Penetration-Testing-Toolset](https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset) - A set of tools made to assist in penetration testing GWT applications. 
 
 
-## Enumerate
+## Methodology
 
 * Enumerate the methods of a remote application via it's bootstrap file and create a local backup of the code (selects permutation at random):
     ```ps1
 
@@ -13,7 +13,7 @@
   - [Enumerate Database Schema via Suggestions](#enumerate-database-schema-via-suggestions)
   - [Enumerate the types' definition](#enumerate-the-types-definition)
   - [List path to reach a type](#list-path-to-reach-a-type)
-- [Exploit](#exploit)
+- [Methodology](#methodology)
   - [Extract data](#extract-data)
   - [Extract data using edges/nodes](#extract-data-using-edgesnodes)
   - [Extract data using projections](#extract-data-using-projections)
@@ -24,6 +24,7 @@
 - [Injections](#injections)
   - [NOSQL injection](#nosql-injection)
   - [SQL injection](#sql-injection)
+- [Labs](#labs)
 - [References](#references)
 
 
@@ -243,7 +244,7 @@ Found 27 ways to reach the "Skill" node from the "Query" node:
 ```
 
 
-## Exploit
+## Methodology
 
 ### Extract data
 
@@ -384,6 +385,19 @@ curl -X POST http://localhost:8080/graphql\?embedded_submission_form_uuid\=1%27%
 ```
 
 
+## Labs
+
+* [PortSwigger - Accessing private GraphQL posts](https://portswigger.net/web-security/graphql/lab-graphql-reading-private-posts)
+* [PortSwigger - Accidental exposure of private GraphQL fields](https://portswigger.net/web-security/graphql/lab-graphql-accidental-field-exposure)
+* [PortSwigger - Finding a hidden GraphQL endpoint](https://portswigger.net/web-security/graphql/lab-graphql-find-the-endpoint)
+* [PortSwigger - Bypassing GraphQL brute force protections](https://portswigger.net/web-security/graphql/lab-graphql-brute-force-protection-bypass)
+* [PortSwigger - Performing CSRF exploits over GraphQL](https://portswigger.net/web-security/graphql/lab-graphql-csrf-via-graphql-api)
+* [Root Me - GraphQL - Introspection](https://www.root-me.org/fr/Challenges/Web-Serveur/GraphQL-Introspection)
+* [Root Me - GraphQL - Injection](https://www.root-me.org/fr/Challenges/Web-Serveur/GraphQL-Injection)
+* [Root Me - GraphQL - Backend injection](https://www.root-me.org/fr/Challenges/Web-Serveur/GraphQL-Backend-injection)
+* [Root Me - GraphQL - Mutation](https://www.root-me.org/fr/Challenges/Web-Serveur/GraphQL-Mutation)
+
+
 ## References
 
 - [Building a free open source GraphQL wordlist for penetration testing - Nohé Hinniger-Foray - August 17, 2023](https://escape.tech/blog/graphql-security-wordlist/)
 
@@ -1,8 +1,19 @@
 # Headless Browser
 
-A headless browser is a web browser without a graphical user interface. It works just like a regular browser, such as Chrome or Firefox, by interpreting HTML, CSS, and JavaScript, but it does so in the background, without displaying any visuals.
+> A headless browser is a web browser without a graphical user interface. It works just like a regular browser, such as Chrome or Firefox, by interpreting HTML, CSS, and JavaScript, but it does so in the background, without displaying any visuals.
 
-Headless browsers are primarily used for automated tasks, such as web scraping, testing, and running scripts. They are particularly useful in situations where a full-fledged browser is not needed, or where resources (like memory or CPU) are limited.
+> Headless browsers are primarily used for automated tasks, such as web scraping, testing, and running scripts. They are particularly useful in situations where a full-fledged browser is not needed, or where resources (like memory or CPU) are limited.
+
+
+## Summary
+
+* [Headless Commands](#headless-commands)
+* [Local File Read](#local-file-read)
+* [Debugging Port ](#debugging-port)
+* [Network](#network)
+    * [Port Scanning](#port-scanning)
+    * [DNS Rebinding](#dns-rebinding)
+* [References](#references)
 
 
 ## Headless Commands
 
@@ -2,12 +2,13 @@
 
 > Web applications often have hidden or undocumented parameters that are not exposed in the user interface. Fuzzing can help discover these parameters, which might be vulnerable to various attacks.
 
+
 ## Summary
 
 * [Tools](#tools)
-* [Exploit](#exploit)
-    * [Bruteforce parameters](#bruteforce-parameters)
-    * [Old parameters](#old-parameters)
+* [Methodology](#methodology)
+    * [Bruteforce Parameters](#bruteforce-parameters)
+    * [Old Parameters](#old-parameters)
 * [References](#references)
 
 
@@ -20,9 +21,9 @@
 * [devanshbatham/ParamSpider](https://github.com/devanshbatham/ParamSpider) - Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
 
 
-## Exploit
+## Methodology
 
-### Bruteforce parameters
+### Bruteforce Parameters
 
 * Use wordlists of common parameters and send them, look for unexpected behavior from the backend. 
     ```ps1
@@ -39,7 +40,7 @@ Wordlist examples:
 - [samlists/sam-cc-parameters-mixedcase-all.txt](https://github.com/the-xentropy/samlists/blob/main/sam-cc-parameters-mixedcase-all.txt)
 
 
-### Old parameters
+### Old Parameters
 
 Explore all the URL from your targets to find old parameters.
 
 
@@ -1,4 +1,7 @@
-# .NET Serialization
+# .NET Deserialization
+
+> .NET serialization is the process of converting an object’s state into a format that can be easily stored or transmitted, such as XML, JSON, or binary. This serialized data can then be saved to a file, sent over a network, or stored in a database. Later, it can be deserialized to reconstruct the original object with its data intact. Serialization is widely used in .NET for tasks like caching, data transfer between applications, and session state management.
+
 
 ## Summary