660 подписчиков
301 видео
Exploiting NoSQL injection to extract data Lab#03
Stored XSS into HTML context with nothing encoded Lab#02
Reflected XSS into HTML context with nothing encoded Lab#01
SOAP vs REST API
Bagel Hackthebox Walkthrough
Server Side Template Injection (SSTI) Lab#07
Web cache poisoning via Parameter cloaking Lab#09
Web cache poisoning via an unkeyed query parameter Lab#08
Outdated Hackthebox Initial Foothold Part#1
Cache key injection Lab#12
Devzat Hackthebox Walkthrough
Internal cache poisoning Lab#13
Basic server-side template injection (code context) Lab02
Server-side template injection using documentation (SSTI) Lab03
NMAP UDP SCAN
XXE Lab09# Exploiting XXE via image file upload - Web Security Academy
Server Side Template Injection (SSTI) Lab-01
Server-side template injection in an unknown language with a documented exploit Lab04
SQL Injection Lab12# Part02 Blind SQL Injection with Conditional Error - Web Security Academy
Escape Hackthbox Walkthrough
Web cache poisoning via a fat GET request Lab#10
Web Cache Poisoning with an unkeyed header - Lab#01
Reflected XSS in canonical link tag - Lab#17
GraphQL API Vulnerabilities Lab#01
Blind OS Command Injection Lab03 with output redirection
What is Cross-site request forgery?
Exploiting server-side parameter pollution in a query string - Lab#04
Finding and exploiting an unused API endpoint - Lab#02
Web LLM Attacks
Reflected XSS in a JavaScript URL with some characters blocked - Lab#28
Web Security Academy - Authentication - Password reset broken logic - Lab11#
Scrambled Part01 Hackthebox
Shoppy Hackthebox Walkthrough
Blind XXE Lab05# to exfiltrate data using a malicious external DTD - Web Security Academy
Reflected XSS protected by CSP, with CSP bypass - Lab#30
CSRF vulnerability with no defenses - Lab#01
API Endpoints and Documentation
Exploiting LLM APIs with excessive agency - Lab#01
Reflected XSS with event handlers and href attributes blocked - Lab#27
Exploiting an API endpoint using documentation - Lab#01
Reflected XSS with AngularJS sandbox escape without strings - Lab#25
Support Hackthebox Part#01
Exploiting a mass assignment vulnerability - Lab#03
Fuzzing parameter - Lab#04 - Part#02
LLM - Indirect prompt injection
Reflected XSS with AngularJS sandbox escape and CSP - Lab26
Indirect prompt injection - Lab#03
CSRF where token validation depends on token being present - Lab#03
Exploiting insecure output handling in LLMs - Lab#04
CSRF where token validation depends on request method - Lab#02
Exploiting server-side parameter pollution in a REST URL - Lab#05
