660 подписчиков
301 видео
Exploiting NoSQL injection to extract data Lab#03
XXE Lab09# Exploiting XXE via image file upload - Web Security Academy
Server Side Template Injection (SSTI) Lab-01
Server-side template injection in an unknown language with a documented exploit Lab04
SQL Injection Lab12# Part02 Blind SQL Injection with Conditional Error - Web Security Academy
Escape Hackthbox Walkthrough
Web cache poisoning via a fat GET request Lab#10
Web Cache Poisoning with an unkeyed header - Lab#01
Reflected XSS in canonical link tag - Lab#17
CSRF vulnerability with no defenses - Lab#01
API Endpoints and Documentation
Exploiting LLM APIs with excessive agency - Lab#01
Reflected XSS with event handlers and href attributes blocked - Lab#27
Exploiting an API endpoint using documentation - Lab#01
Reflected XSS with AngularJS sandbox escape without strings - Lab#25
Support Hackthebox Part#01
Exploiting a mass assignment vulnerability - Lab#03
Fuzzing parameter - Lab#04 - Part#02
LLM - Indirect prompt injection
Reflected XSS with AngularJS sandbox escape and CSP - Lab26
Indirect prompt injection - Lab#03
CSRF where token validation depends on token being present - Lab#03
Exploiting insecure output handling in LLMs - Lab#04
CSRF where token validation depends on request method - Lab#02
Exploiting server-side parameter pollution in a REST URL - Lab#05
Expert System and Machine Learning
What is an Application Programming Interface (API)?
Stored XSS into HTML context with nothing encoded Lab#02
SOAP vs REST API
Web cache poisoning via Parameter cloaking Lab#09
Reflected XSS into HTML context with nothing encoded Lab#01
Web cache poisoning via an unkeyed query string-Lab#07
SQL Injection Lab 03# Web Security Academy
JWT Attack Lab07# authentication bypass via algorithm confusion - Web Security Academy
Cache key injection Lab#12
SQL Injection Lab07# - Web Security Academy
SQL Injection Lab06# - Web Security Academy
SQL Injection Lab09# - Web Security Academy
SQL Injection - Lab 01# - Web Security Academy
SQL Injection Lab 04# Web Security Academy
SQL Injection Lab13# Blind SQL Injection with Time Delay - Web Security Academy
SQL Injection Lab 05# - Web Security Academy
Devzat Hackthebox Walkthrough
Reflected XSS into HTML context with most tags and attributes blocked - Lab#14
Server Side Template Injection (SSTI) Lab#07
Basic server-side template injection (code context) Lab02
OAuth2.0 Authorization code vs Implicit grant types
NMAP UDP SCAN
Server-side template injection using documentation (SSTI) Lab03
Internal cache poisoning Lab#13
