mirror of
https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes.git
synced 2024-11-24 11:03:03 +00:00
Update README.md
This commit is contained in:
parent
2ecd1490cd
commit
8776cfea31
1 changed files with 334 additions and 3 deletions
337
README.md
337
README.md
|
@ -24,328 +24,659 @@ History of the Internet - https://www.youtube.com/watch?v=9hIQjrMHTv4
|
|||
Phase 2 – Web and Server Technology
|
||||
|
||||
Basic concepts of web applications, how they work and the HTTP protocol - https://www.youtube.com/watch?v=RsQ1tFLwldY&t=7s
|
||||
|
||||
|
||||
HTML basics part 1 - https://www.youtube.com/watch?v=p6fRBGI_BY0
|
||||
|
||||
HTML basics part 2 - https://www.youtube.com/watch?v=Zs6lzuBVK2w
|
||||
|
||||
Difference between static and dynamic website - https://www.youtube.com/watch?v=hlg6q6OFoxQ
|
||||
|
||||
HTTP protocol Understanding - https://www.youtube.com/watch?v=JFZMyhRTVt0
|
||||
|
||||
Parts of HTTP Request -https://www.youtube.com/watch?v=pHFWGN-upGM
|
||||
|
||||
Parts of HTTP Response - https://www.youtube.com/watch?v=c9sMNc2PrMU
|
||||
|
||||
Various HTTP Methods - https://www.youtube.com/watch?v=PO7D20HsFsY
|
||||
|
||||
Understanding URLS - https://www.youtube.com/watch?v=5Jr-_Za5yQM
|
||||
|
||||
Intro to REST - https://www.youtube.com/watch?v=YCcAE2SCQ6k
|
||||
|
||||
|
||||
HTTP Request & Response Headers - https://www.youtube.com/watch?v=vAuZwirKjWs
|
||||
|
||||
What is a cookie - https://www.youtube.com/watch?v=I01XMRo2ESg
|
||||
|
||||
HTTP Status codes - https://www.youtube.com/watch?v=VLH3FMQ5BIQ
|
||||
|
||||
HTTP Proxy - https://www.youtube.com/watch?v=qU0PVSJCKcs
|
||||
|
||||
Authentication with HTTP - https://www.youtube.com/watch?v=GxiFXUFKo1M
|
||||
|
||||
HTTP basic and digest authentication - https://www.youtube.com/watch?v=GOnhCbDhMzk
|
||||
|
||||
What is “Server-Side” - https://www.youtube.com/watch?v=JnCLmLO9LhA
|
||||
|
||||
Server and client side with example - https://www.youtube.com/watch?v=DcBB2Fp8WNI
|
||||
|
||||
What is a session - https://www.youtube.com/watch?v=WV4DJ6b0jhg&t=202s
|
||||
|
||||
Introduction to UTF-8 and Unicode - https://www.youtube.com/watch?v=sqPTR_v4qFA
|
||||
|
||||
URL encoding - https://www.youtube.com/watch?v=Z3udiqgW1VA
|
||||
|
||||
HTML encoding - https://www.youtube.com/watch?v=IiAfCLWpgII&t=109s
|
||||
|
||||
Base64 encoding - https://www.youtube.com/watch?v=8qkxeZmKmOY
|
||||
|
||||
Hex encoding & ASCII - https://www.youtube.com/watch?v=WW2SaCMnHdU
|
||||
|
||||
|
||||
|
||||
Phase 3 – Setting up the lab with BurpSuite and bWAPP
|
||||
|
||||
|
||||
|
||||
MANISH AGRAWAL
|
||||
|
||||
|
||||
|
||||
Setup lab with bWAPP - https://www.youtube.com/watch?v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
|
||||
|
||||
Set up Burp Suite - https://www.youtube.com/watch?v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2
|
||||
|
||||
Configure Firefox and add certificate - https://www.youtube.com/watch?v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
|
||||
|
||||
Mapping and scoping website - https://www.youtube.com/watch?v=H-_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
|
||||
|
||||
Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
|
||||
|
||||
Active and passive scanning - https://www.youtube.com/watch?v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
|
||||
|
||||
Scanner options and demo - https://www.youtube.com/watch?v=gANi4Kt7-ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
|
||||
|
||||
Introduction to password security - https://www.youtube.com/watch?v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8
|
||||
|
||||
Intruder - https://www.youtube.com/watch?v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9
|
||||
|
||||
Intruder attack types - https://www.youtube.com/watch?v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
|
||||
|
||||
Payload settings - https://www.youtube.com/watch?v=5GpdlbtL-1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
|
||||
|
||||
Intruder settings - https://www.youtube.com/watch?v=B_Mu7jmOYnU&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=12
|
||||
|
||||
|
||||
|
||||
ÆTHER SECURITY LAB
|
||||
|
||||
|
||||
|
||||
No.1 Penetration testing tool - https://www.youtube.com/watch?v=AVzC7ETqpDo&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=1
|
||||
|
||||
Environment Setup - https://www.youtube.com/watch?v=yqnUOdr0eVk&index=2&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA
|
||||
|
||||
General concept - https://www.youtube.com/watch?v=udl4oqr_ylM&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=3
|
||||
|
||||
Proxy module - https://www.youtube.com/watch?v=PDTwYFkjQBE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=4
|
||||
|
||||
Repeater module - https://www.youtube.com/watch?v=9Zh_7s5csCc&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=5
|
||||
|
||||
Target and spider module - https://www.youtube.com/watch?v=dCKPZUSOlr8&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=6
|
||||
|
||||
Sequencer and scanner module - https://www.youtube.com/watch?v=G-v581pXerE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=7
|
||||
|
||||
|
||||
|
||||
Phase 4 – Mapping the application and attack surface
|
||||
|
||||
|
||||
|
||||
Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
|
||||
|
||||
Mapping application using robots.txt - https://www.youtube.com/watch?v=akuzgZ75zrk
|
||||
|
||||
Discover hidden contents using dirbuster - https://www.youtube.com/watch?v=--nu9Jq07gA
|
||||
|
||||
Dirbuster in detail - https://www.youtube.com/watch?v=2tOQC68hAcQ 1
|
||||
|
||||
Discover hidden directories and files with intruder - https://www.youtube.com/watch?v=4Fz9mJeMNkI
|
||||
|
||||
Directory bruteforcing 1 - https://www.youtube.com/watch?v=ch2onB_LFoI
|
||||
|
||||
Directory bruteforcing 2 - https://www.youtube.com/watch?v=ASMW_oLbyIg
|
||||
|
||||
Identify application entry points - https://www.youtube.com/watch?v=IgJWPZ2OKO8&t=34s
|
||||
|
||||
Identify application entry points - https://www.owasp.org/index.php/Identify_application_entry_points_(OTG-INFO-006)
|
||||
|
||||
Identify client and server technology - https://www.youtube.com/watch?v=B8jN_iWjtyM
|
||||
|
||||
Identify server technology using banner grabbing (telnet) - https://www.youtube.com/watch?v=O67M-U2UOAg
|
||||
|
||||
Identify server technology using httprecon - https://www.youtube.com/watch?v=xBBHtS-dwsM
|
||||
|
||||
Pentesting with Google dorks Introduction - https://www.youtube.com/watch?v=NmdrKFwAw9U
|
||||
|
||||
Fingerprinting web server - https://www.youtube.com/watch?v=tw2VdG0t5kc&list=PLxLRoXCDIalcRS5Nb1I_HM_OzS10E6lqp&index=10
|
||||
|
||||
Use Nmap for fingerprinting web server - https://www.youtube.com/watch?v=VQV-y_-AN80
|
||||
|
||||
Review webs servers metafiles for information leakage - https://www.youtube.com/watch?v=sds3Zotf_ZY
|
||||
|
||||
Enumerate applications on web server - https://www.youtube.com/watch?v=lfhvvTLN60E
|
||||
|
||||
Identify application entry points - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLDeogY2Qr-tGR2NL2X1AR5Zz9t1iaWwlM
|
||||
|
||||
Map execution path through application - https://www.youtube.com/watch?v=0I0NPiyo9UI
|
||||
|
||||
Fingerprint web application frameworks - https://www.youtube.com/watch?v=ASzG0kBoE4c
|
||||
|
||||
|
||||
|
||||
Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities
|
||||
|
||||
|
||||
|
||||
A closer look at all owasp top 10 vulnerabilities - https://www.youtube.com/watch?v=avFR_Af0KGk
|
||||
|
||||
|
||||
|
||||
IBM
|
||||
|
||||
|
||||
|
||||
Injection - https://www.youtube.com/watch?v=02mLrFVzIYU&index=1&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
|
||||
|
||||
Broken authentication and session management - https://www.youtube.com/watch?v=iX49fqZ8HGA&index=2&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
|
||||
|
||||
Cross-site scripting - https://www.youtube.com/watch?v=x6I5fCupLLU&index=3&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
|
||||
|
||||
Insecure direct object reference - https://www.youtube.com/watch?v=-iCyp9Qz3CI&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=4
|
||||
|
||||
Security misconfiguration - https://www.youtube.com/watch?v=cIplXL8idyo&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=5
|
||||
|
||||
Sensitive data exposure - https://www.youtube.com/watch?v=rYlzTQlF8Ws&index=6&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
|
||||
|
||||
Missing functional level access controls - https://www.youtube.com/watch?v=VMv_gyCNGpk&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=7
|
||||
|
||||
Cross-site request forgery - https://www.youtube.com/watch?v=_xSFm3KGxh0&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=8
|
||||
|
||||
Using components with known vulnerabilities - https://www.youtube.com/watch?v=bhJmVBJ-F-4&index=9&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
|
||||
|
||||
Unvalidated redirects and forwards - https://www.youtube.com/watch?v=L6bYKiLtSL8&index=10&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
|
||||
|
||||
|
||||
|
||||
F5 CENTRAL
|
||||
|
||||
|
||||
|
||||
Injection - https://www.youtube.com/watch?v=rWHvp7rUka8&index=1&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
Broken authentication and session management - https://www.youtube.com/watch?v=mruO75ONWy8&index=2&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
Insecure deserialisation - https://www.youtube.com/watch?v=nkTBwbnfesQ&index=8&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
Sensitive data exposure - https://www.youtube.com/watch?v=2RKbacrkUBU&index=3&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
Broken access control - https://www.youtube.com/watch?v=P38at6Tp8Ms&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=5
|
||||
|
||||
Insufficient logging and monitoring - https://www.youtube.com/watch?v=IFF3tkUOF5E&index=10&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
XML external entities - https://www.youtube.com/watch?v=g2ey7ry8_CQ&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=4
|
||||
|
||||
Using components with known vulnerabilities - https://www.youtube.com/watch?v=IGsNYVDKRV0&index=9&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
Cross-site scripting - https://www.youtube.com/watch?v=IuzU4y-UjLw&index=7&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
Security misconfiguration - https://www.youtube.com/watch?v=JuGSUMtKTPU&index=6&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
|
||||
|
||||
|
||||
|
||||
LUKE BRINER
|
||||
|
||||
|
||||
|
||||
Injection explained - https://www.youtube.com/watch?v=1qMggPJpRXM&index=1&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
|
||||
|
||||
Broken authentication and session management - https://www.youtube.com/watch?v=fKnG15BL4AY&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=2
|
||||
|
||||
Cross-site scripting - https://www.youtube.com/watch?v=ksM-xXeDUNs&index=3&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
|
||||
|
||||
Insecure direct object reference - https://www.youtube.com/watch?v=ZodA76-CB10&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=4
|
||||
|
||||
Security misconfiguration - https://www.youtube.com/watch?v=DfFPHKPCofY&index=5&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
|
||||
|
||||
Sensitive data exposure - https://www.youtube.com/watch?v=Z7hafbGDVEE&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=6
|
||||
|
||||
Missing functional level access control - https://www.youtube.com/watch?v=RGN3w831Elo&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=7
|
||||
|
||||
Cross-site request forgery - https://www.youtube.com/watch?v=XRW_US5BCxk&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=8
|
||||
|
||||
Components with known vulnerabilities - https://www.youtube.com/watch?v=pbvDW9pJdng&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=9
|
||||
|
||||
Unvalidated redirects and forwards - https://www.youtube.com/watch?v=bHTglpgC5Qg&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=10
|
||||
|
||||
|
||||
|
||||
Phase 6 – Session management testing
|
||||
|
||||
|
||||
|
||||
Bypass authentication using cookie manipulation - https://www.youtube.com/watch?v=mEbmturLljU
|
||||
|
||||
Cookie Security Via httponly and secure Flag - OWASP - https://www.youtube.com/watch?v=3aKA4RkAg78
|
||||
|
||||
Penetration testing Cookies basic - https://www.youtube.com/watch?v=_P7KN8T1boc
|
||||
|
||||
Session fixation 1 - https://www.youtube.com/watch?v=ucmgeHKtxaI
|
||||
|
||||
Session fixation 2 - https://www.youtube.com/watch?v=0Tu1qxysWOk
|
||||
|
||||
Session fixation 3 - https://www.youtube.com/watch?v=jxwgpWvRUSo
|
||||
|
||||
Session fixation 4 - https://www.youtube.com/watch?v=eUbtW0Z0W1g
|
||||
|
||||
CSRF - Cross site request forgery 1 - https://www.youtube.com/watch?v=m0EHlfTgGUU
|
||||
|
||||
CSRF - Cross site request forgery 2 - https://www.youtube.com/watch?v=H3iu0_ltcv4
|
||||
|
||||
CSRF - Cross site request forgery 3 - https://www.youtube.com/watch?v=1NO4I28J-0s
|
||||
|
||||
CSRF - Cross site request forgery 4 - https://www.youtube.com/watch?v=XdEJEUJ0Fr8
|
||||
|
||||
CSRF - Cross site request forgery 5 - https://www.youtube.com/watch?v=TwG0Rd0hr18
|
||||
|
||||
Session puzzling 1 - https://www.youtube.com/watch?v=YEOvmhTb8xA
|
||||
|
||||
Admin bypass using session hijacking - https://www.youtube.com/watch?v=1wp1o-1TfAc
|
||||
|
||||
|
||||
|
||||
Phase 7 – Bypassing client-side controls
|
||||
|
||||
|
||||
|
||||
What is hidden forms in HTML - https://www.youtube.com/watch?v=orUoGsgaYAE
|
||||
|
||||
Bypassing hidden form fields using tamper data - https://www.youtube.com/watch?v=NXkGX2sPw7I
|
||||
|
||||
Bypassing hidden form fields using Burp Suite (Purchase application) - https://www.youtube.com/watch?v=xahvJyUFTfM
|
||||
|
||||
Changing price on eCommerce website using parameter tampering - https://www.youtube.com/watch?v=A-ccNpP06Zg
|
||||
|
||||
Understanding cookie in detail - https://www.youtube.com/watch?v=_P7KN8T1boc&list=PLWPirh4EWFpESKWJmrgQwmsnTrL_K93Wi&index=18
|
||||
|
||||
Cookie tampering with tamper data- https://www.youtube.com/watch?v=NgKXm0lBecc
|
||||
|
||||
Cookie tamper part 2 - https://www.youtube.com/watch?v=dTCt_I2DWgo
|
||||
|
||||
Understanding referer header in depth using Cisco product - https://www.youtube.com/watch?v=GkQnBa3C7WI&t=35s
|
||||
|
||||
Introduction to ASP.NET viewstate - https://www.youtube.com/watch?v=L3p6Uw6SSXs
|
||||
|
||||
ASP.NET viewstate in depth - https://www.youtube.com/watch?v=Fn_08JLsrmY
|
||||
|
||||
Analyse sensitive data in ASP.NET viewstate - https://msdn.microsoft.com/en-us/library/ms972427.aspx?f=255&MSPPError=-2147217396
|
||||
|
||||
Cross-origin-resource-sharing explanation with example - https://www.youtube.com/watch?v=Ka8vG5miErk
|
||||
|
||||
CORS demo 1 - https://www.youtube.com/watch?v=wR8pjTWaEbs
|
||||
|
||||
CORS demo 2 - https://www.youtube.com/watch?v=lg31RYYG-T4
|
||||
|
||||
Security headers - https://www.youtube.com/watch?v=TNlcoYLIGFk
|
||||
|
||||
Security headers 2 - https://www.youtube.com/watch?v=ZZUvmVkkKu4
|
||||
|
||||
|
||||
|
||||
Phase 8 – Attacking authentication/login
|
||||
|
||||
|
||||
|
||||
Attacking login panel with bad password - Guess username password for the website and try different combinations
|
||||
|
||||
Brute-force login panel - https://www.youtube.com/watch?v=25cazx5D_vw
|
||||
|
||||
Username enumeration - https://www.youtube.com/watch?v=WCO7LnSlskE
|
||||
|
||||
Username enumeration with bruteforce password attack - https://www.youtube.com/watch?v=zf3-pYJU1c4
|
||||
|
||||
Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=ueSG7TUqoxk
|
||||
|
||||
Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=WQe36pZ3mA
|
||||
|
||||
Forgot password vulnerability - case 1 - https://www.youtube.com/watch?v=FEUidWWnZwU
|
||||
|
||||
Forgot password vulnerability - case 2 - https://www.youtube.com/watch?v=j7-8YyYdWL4
|
||||
|
||||
Login page autocomplete feature enabled - https://www.youtube.com/watch?v=XNjUfwDmHGc&t=33s
|
||||
|
||||
Testing for weak password policy - https://www.owasp.org/index.php/Testing_for_Weak_password_policy(OTG-AUTHN-007)
|
||||
Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.
|
||||
|
||||
Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the website sends your username and
|
||||
password over the email in cleartext without sending the password reset link, then it is a vulnerability.
|
||||
|
||||
Test for credentials transportation using SSL/TLS certificate - https://www.youtube.com/watch?v=21_IYz4npRs
|
||||
|
||||
Basics of MySQL - https://www.youtube.com/watch?v=yPu6qV5byu4
|
||||
|
||||
Testing browser cache - https://www.youtube.com/watch?v=2T_Xz3Humdc
|
||||
|
||||
Bypassing login panel -case 1 - https://www.youtube.com/watch?v=TSqXkkOt6oM
|
||||
|
||||
Bypass login panel - case 2 - https://www.youtube.com/watch?v=J6v_W-LFK1c
|
||||
|
||||
|
||||
|
||||
Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
|
||||
|
||||
|
||||
|
||||
Completely unprotected functionalities
|
||||
|
||||
Finding admin panel - https://www.youtube.com/watch?v=r1k2lgvK3s0
|
||||
|
||||
Finding admin panel and hidden files and directories - https://www.youtube.com/watch?v=Z0VAPbATy1A
|
||||
|
||||
Finding hidden webpages with dirbusater - https://www.youtube.com/watch?v=--nu9Jq07gA&t=5s
|
||||
|
||||
|
||||
|
||||
Insecure direct object reference
|
||||
|
||||
IDOR case 1 - https://www.youtube.com/watch?v=gci4R9Vkulc
|
||||
|
||||
IDOR case 2 - https://www.youtube.com/watch?v=4DTULwuLFS0
|
||||
|
||||
IDOR case 3 (zomato) - https://www.youtube.com/watch?v=tCJBLG5Mayo
|
||||
|
||||
|
||||
|
||||
Privilege escalation
|
||||
|
||||
What is privilege escalation - https://www.youtube.com/watch?v=80RzLSrczmc
|
||||
|
||||
Privilege escalation - Hackme bank - case 1 - https://www.youtube.com/watch?v=g3lv__87cWM
|
||||
|
||||
Privilege escalation - case 2 - https://www.youtube.com/watch?v=-i4O_hjc87Y
|
||||
|
||||
|
||||
|
||||
Phase 10 – Attacking Input validations (All injections, XSS and mics)
|
||||
|
||||
|
||||
|
||||
HTTP verb tampering
|
||||
|
||||
Introduction HTTP verb tampering - https://www.youtube.com/watch?v=Wl0PrIeAnhs
|
||||
|
||||
HTTP verb tampering demo - https://www.youtube.com/watch?v=bZlkuiUkQzE
|
||||
|
||||
|
||||
|
||||
HTTP parameter pollution
|
||||
|
||||
Introduction HTTP parameter pollution - https://www.youtube.com/watch?v=Tosp-JyWVS4
|
||||
|
||||
HTTP parameter pollution demo 1 - https://www.youtube.com/watch?v=QVZBl8yxVX0&t=11s
|
||||
|
||||
HTTP parameter pollution demo 2 - https://www.youtube.com/watch?v=YRjxdw5BAM0
|
||||
|
||||
HTTP parameter pollution demo 3 - https://www.youtube.com/watch?v=kIVefiDrWUw
|
||||
|
||||
|
||||
|
||||
XSS - Cross site scripting
|
||||
|
||||
Introduction to XSS - https://www.youtube.com/watch?v=gkMl1suyj3M
|
||||
|
||||
What is XSS - https://www.youtube.com/watch?v=cbmBDiR6WaY
|
||||
|
||||
Reflected XSS demo - https://www.youtube.com/watch?v=r79ozjCL7DA
|
||||
|
||||
XSS attack method using burpsuite - https://www.youtube.com/watch?v=OLKBZNw3OjQ
|
||||
|
||||
XSS filter bypass with Xenotix - https://www.youtube.com/watch?v=loZSdedJnqc
|
||||
|
||||
Reflected XSS filter bypass 1 - https://www.youtube.com/watch?v=m5rlLgGrOVA
|
||||
|
||||
Reflected XSS filter bypass 2 - https://www.youtube.com/watch?v=LDiXveqQ0gg
|
||||
|
||||
Reflected XSS filter bypass 3 - https://www.youtube.com/watch?v=hb_qENFUdOk
|
||||
|
||||
Reflected XSS filter bypass 4 - https://www.youtube.com/watch?v=Fg1qqkedGUk
|
||||
|
||||
Reflected XSS filter bypass 5 - https://www.youtube.com/watch?v=NImym71f3Bc
|
||||
|
||||
Reflected XSS filter bypass 6 - https://www.youtube.com/watch?v=9eGzAym2a5Q
|
||||
|
||||
Reflected XSS filter bypass 7 - https://www.youtube.com/watch?v=ObfEI84_MtM
|
||||
|
||||
Reflected XSS filter bypass 8 - https://www.youtube.com/watch?v=2c9xMe3VZ9Q
|
||||
|
||||
Reflected XSS filter bypass 9 - https://www.youtube.com/watch?v=-48zknvo7LM
|
||||
|
||||
Introduction to Stored XSS - https://www.youtube.com/watch?v=SHmQ3sQFeLE
|
||||
|
||||
Stored XSS 1 - https://www.youtube.com/watch?v=oHIl_pCahsQ
|
||||
|
||||
Stored XSS 2 - https://www.youtube.com/watch?v=dBTuWzX8hd0
|
||||
|
||||
Stored XSS 3 - https://www.youtube.com/watch?v=PFG0lkMeYDc
|
||||
|
||||
Stored XSS 4 - https://www.youtube.com/watch?v=YPUBFklUWLc
|
||||
|
||||
Stored XSS 5 - https://www.youtube.com/watch?v=x9Zx44EV-Og
|
||||
|
||||
|
||||
|
||||
SQL injection
|
||||
|
||||
|
||||
|
||||
Part 1 - Install SQLi lab - https://www.youtube.com/watch?v=NJ9AA1_t1Ic&index=23&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 2 - SQL lab series - https://www.youtube.com/watch?v=TA2h_kUqfhU&index=22&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 3 - SQL lab series - https://www.youtube.com/watch?v=N0zAChmZIZU&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=21
|
||||
|
||||
Part 4 - SQL lab series - https://www.youtube.com/watch?v=6pVxm5mWBVU&index=20&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 5 - SQL lab series - https://www.youtube.com/watch?v=0tyerVP9R98&index=19&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 6 - Double query injection - https://www.youtube.com/watch?v=zaRlcPbfX4M&index=18&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 7 - Double query injection cont… - https://www.youtube.com/watch?v=9utdAPxmvaI&index=17&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 8 - Blind injection boolean based - https://www.youtube.com/watch?v=u7Z7AIR6cMI&index=16&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 9 - Blind injection time based - https://www.youtube.com/watch?v=gzU1YBu_838&index=15&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 10 - Dumping DB using outfile - https://www.youtube.com/watch?v=ADW844OA6io&index=14&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 11 - Post parameter injection error based - https://www.youtube.com/watch?v=6sQ23tqiTXY&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=13
|
||||
|
||||
Part 12 - POST parameter injection double query based - https://www.youtube.com/watch?v=tjFXWQY4LuA&index=12&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 13 - POST parameter injection blind boolean and time based - https://www.youtube.com/watch?v=411G-4nH5jE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=10
|
||||
|
||||
Part 14 - Post parameter injection in UPDATE query - https://www.youtube.com/watch?v=2FgLcPuU7Vw&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=11
|
||||
|
||||
Part 15 - Injection in insert query - https://www.youtube.com/watch?v=ZJiPsWxXYZs&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=9
|
||||
|
||||
Part 16 - Cookie based injection - https://www.youtube.com/watch?v=-A3vVqfP8pA&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=8
|
||||
|
||||
Part 17 - Second order injection -https://www.youtube.com/watch?v=e9pbC5BxiAE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=7
|
||||
|
||||
Part 18 - Bypassing blacklist filters - 1 - https://www.youtube.com/watch?v=5P-knuYoDdw&index=6&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 19 - Bypassing blacklist filters - 2 - https://www.youtube.com/watch?v=45BjuQFt55Y&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=5
|
||||
|
||||
Part 20 - Bypassing blacklist filters - 3 - https://www.youtube.com/watch?v=c-Pjb_zLpH0&index=4&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
|
||||
|
||||
Part 21 - Bypassing WAF - https://www.youtube.com/watch?v=uRDuCXFpHXc&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=2
|
||||
|
||||
Part 22 - Bypassing WAF - Impedance mismatch - https://www.youtube.com/watch?v=ygVUebdv_Ws&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=3
|
||||
|
||||
Part 23 - Bypassing addslashes - charset mismatch - https://www.youtube.com/watch?v=du-jkS6-sbo&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=1
|
||||
|
||||
|
||||
|
||||
NoSQL injection
|
||||
|
||||
Introduction to NoSQL injection - https://www.youtube.com/watch?v=h0h37-Dwd_A
|
||||
|
||||
Introduction to SQL vs NoSQL - Difference between MySQL and MongoDB with tutorial - https://www.youtube.com/watch?v=QwevGzVu_zk
|
||||
|
||||
Abusing NoSQL databases - https://www.youtube.com/watch?v=lcO1BTNh8r8
|
||||
|
||||
Making cry - attacking NoSQL for pentesters - https://www.youtube.com/watch?v=NgsesuLpyOg
|
||||
|
||||
|
||||
|
||||
Xpath and XML injection
|
||||
|
||||
Introduction to Xpath injection - https://www.youtube.com/watch?v=2_UyM6Ea0Yk&t=3102s
|
||||
|
||||
Introduction to XML injection - https://www.youtube.com/watch?v=9ZokuRHo-eY
|
||||
|
||||
Practical 1 - bWAPP - https://www.youtube.com/watch?v=6tV8EuaHI9M
|
||||
|
||||
Practical 2 - Mutillidae - https://www.youtube.com/watch?v=fV0qsqcScI4
|
||||
|
||||
Practical 3 - webgoat - https://www.youtube.com/watch?v=5ZDSPVp1TpM
|
||||
|
||||
Hack admin panel using Xpath injection - https://www.youtube.com/watch?v=vvlyYlXuVxI
|
||||
|
||||
XXE demo - https://www.youtube.com/watch?v=3B8QhyrEXlU
|
||||
|
||||
XXE demo 2 - https://www.youtube.com/watch?v=UQjxvEwyUUw
|
||||
|
||||
XXE demo 3 - https://www.youtube.com/watch?v=JI0daBHq6fA
|
||||
|
||||
|
||||
|
||||
LDAP injection
|
||||
|
||||
Introduction and practical 1 - https://www.youtube.com/watch?v=-TXFlg7S9ks
|
||||
|
||||
Practical 2 - https://www.youtube.com/watch?v=wtahzm_R8e4
|
||||
|
||||
|
||||
|
||||
OS command injection
|
||||
|
||||
OS command injection in bWAPP - https://www.youtube.com/watch?v=qLIkGJrMY9k
|
||||
|
||||
bWAAP- OS command injection with Commiux (All levels) - https://www.youtube.com/watch?v=5-1QLbVa8YE
|
||||
|
||||
|
||||
|
||||
Local file inclusion
|
||||
|
||||
Detailed introduction - https://www.youtube.com/watch?v=kcojXEwolIs
|
||||
|
||||
LFI demo 1 - https://www.youtube.com/watch?v=54hSHpVoz7A
|
||||
|
||||
LFI demo 2 - https://www.youtube.com/watch?v=qPq9hIVtitI
|
||||
|
||||
|
||||
|
||||
Remote file inclusion
|
||||
|
||||
Detailed introduction - https://www.youtube.com/watch?v=MZjORTEwpaw
|
||||
|
||||
RFI demo 1 - https://www.youtube.com/watch?v=gWt9A6eOkq0
|
||||
|
||||
RFI introduction and demo 2 - https://www.youtube.com/watch?v=htTEfokaKsM
|
||||
|
||||
|
||||
|
||||
HTTP splitting/smuggling
|
||||
|
||||
Detailed introduction - https://www.youtube.com/watch?v=bVaZWHrfiPw
|
||||
|
||||
Demo 1 - https://www.youtube.com/watch?v=mOf4H1aLiiE
|
||||
|
||||
|
||||
|
||||
Phase 11 – Generating and testing error codes
|
||||
|
||||
Generating normal error codes by visiting files that may not exist on the server - for example visit chintan.php or chintan.aspx file on any website and it may redirect you to 404.php or 404.aspx or their customer error page. Check if an error page is generated by default web server or application framework or a custom page is displayed which does not display any sensitive information.
|
||||
Use BurpSuite fuzzing techniques to generate stack trace error codes - https://www.youtube.com/watch?v=LDF6OkcvBzM
|
||||
|
||||
|
||||
Generating normal error codes by visiting files that may not exist on the server - for example visit chintan.php or chintan.aspx file on any website and it may redirect you to
|
||||
404.php or 404.aspx or their customer error page. Check if an error page is generated by default web server or application framework or a custom page is displayed which does not
|
||||
405.display any sensitive information.
|
||||
Use
|
||||
BurpSuite fuzzing techniques to generate stack trace error codes - https://www.youtube.com/watch?v=LDF6OkcvBzM
|
||||
|
||||
|
||||
|
||||
Phase 12 – Weak cryptography testing
|
||||
|
||||
|
||||
|
||||
SSL/TLS weak configuration explained - https://www.youtube.com/watch?v=Rp3iZUvXWlM
|
||||
|
||||
Testing weak SSL/TLS ciphers - https://www.youtube.com/watch?v=slbwCMHqCkc
|
||||
|
||||
Test SSL/TLS security with Qualys guard - https://www.youtube.com/watch?v=Na8KxqmETnw
|
||||
|
||||
Sensitive information sent via unencrypted channels - https://www.youtube.com/watch?v=21_IYz4npRs
|
||||
|
||||
|
||||
|
||||
Phase 13 – Business logic vulnerability
|
||||
|
||||
|
||||
|
||||
|
||||
What is a business logic flaw - https://www.youtube.com/watch?v=ICbvQzva6lE&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI
|
||||
|
||||
The Difficulties Finding Business Logic Vulnerabilities with Traditional Security Tools - https://www.youtube.com/watch?v=JTMg0bhkUbo&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=2
|
||||
|
||||
How To Identify Business Logic Flaws - https://www.youtube.com/watch?v=FJcgfLM4SAY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=3
|
||||
|
||||
Business Logic Flaws: Attacker Mindset - https://www.youtube.com/watch?v=Svxh9KSTL3Y&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=4
|
||||
|
||||
Business Logic Flaws: Dos Attack On Resource - https://www.youtube.com/watch?v=4S6HWzhmXQk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=5
|
||||
|
||||
Business Logic Flaws: Abuse Cases: Information Disclosure - https://www.youtube.com/watch?v=HrHdUEUwMHk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=6
|
||||
|
||||
Business Logic Flaws: Abuse Cases: iPod Repairman Dupes Apple - https://www.youtube.com/watch?v=8yB_ApVsdhA&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=7
|
||||
|
||||
Business Logic Flaws: Abuse Cases: Online Auction - https://www.youtube.com/watch?v=oa_UICCqfbY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=8
|
||||
|
||||
Business Logic Flaws: How To Navigate Code Using ShiftLeft Ocular - https://www.youtube.com/watch?v=hz7IZu6H6oE&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=9
|
||||
|
||||
Business Logic Security Checks: Data Privacy Compliance - https://www.youtube.com/watch?v=qX2fyniKUIQ&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=10
|
||||
|
||||
Business Logic Security Checks: Encryption Compliance - https://www.youtube.com/watch?v=V8zphJbltDY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=11
|
||||
|
||||
Business Logic Security: Enforcement Checks - https://www.youtube.com/watch?v=5e7qgY_L3UQ&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=12
|
||||
|
||||
Business Logic Exploits: SQL Injection - https://www.youtube.com/watch?v=hcIysfhA9AA&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=13
|
||||
|
||||
Business Logic Exploits: Security Misconfiguration - https://www.youtube.com/watch?v=ppLBtCQcYRk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=15
|
||||
|
||||
Business Logic Exploits: Data Leakage - https://www.youtube.com/watch?v=qe0bEvguvbs&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=16
|
||||
|
||||
Demo 1 - https://www.youtube.com/watch?v=yV7O-QRyOao
|
||||
|
||||
Demo 2 - https://www.youtube.com/watch?v=mzjTG7pKmQI
|
||||
|
||||
Demo 3 - https://www.youtube.com/watch?v=A8V_58QZPMs
|
||||
|
||||
Demo 4 - https://www.youtube.com/watch?v=1pvrEKAFJyk
|
||||
|
||||
Demo 5 - https://hackerone.com/reports/145745
|
||||
|
||||
Demo 6 - https://hackerone.com/reports/430854
|
||||
|
||||
|
||||
|
||||
# ENJOY & HAPPY LEARNING! ♥
|
||||
|
|
Loading…
Reference in a new issue