Hack your grades
183.2 هزار بار بازدید -
2 سال پیش
-
Dr Katie Paxton-Fear shows us
Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.
Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university.
// University //
The Generic University on GitHub: https://github.com/InsiderPhD/Generic...
// MENU //
00:00 - Coming up
01:16 - Katie's YouTube channel // Recommended playlists
02:31 - How to hack and change your grades // "Generic University"
03:26 - Generic University demo // Burp Suite
04:25 - API vulnerabilities // Bug bounty
07:50 - Generic University demo (continued)
21:27 - Thinking outside the box // Hackers mindset
25:34 - Katie's PhD
26:10 - Will AI take over?
29:42 - Advice for getting into cyber-security
34:01 - Recommended YouTube playlists
35:44 - Recommended sites and books
36:48 - Conclusion // Final words
// Videos discussed //
Everything API Hacking: Finding Your First Bug: Finding Bugs ...
Hacker Toolkit: How to use ffuf - Hacker Toolbox
Burp for Beginners: Burp for Beginners: Introduction to Burp
OWASP Top 10 https://owasp.org/
// Books //
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF
// Free API hacking course //
APIsec Certified Expert Course: https://university.apisec.ai/
// Katie's Social //
Twitter: Twitter: InsiderPhD
YouTube: insiderphd
Website: https://insiderphd.dev/
The Generic University on GitHub: https://github.com/InsiderPhD/Generic...
// David's SOCIAL //
Discord: Discord: discord
Twitter: Twitter: davidbombal
Instagram: Instagram: davidbombal
LinkedIn: LinkedIn: davidbombal
Facebook: Facebook: davidbombal.co
TikTok: TikTok: davidbombal
YouTube Main Channel: davidbombal
YouTube Tech Channel: @davidbombaltech
YouTube Clips Channel: @davidbombalofficialclips
YouTube Shorts Channel: @davidbombalshorts
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gE...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]
// Generic University Challenge //
Vulnerabilities:
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API5:2019 Broken Function Level Authorization
API6:2019 Mass Assignment
API7:2019 Security Misconfiguration
Your Goals:
- Find the emails of the administrator
- Brute force the API to find new endpoints
- Find out what grades everyone got in a class
- Edit someone's grade
- Make an account
- Access the GraphQL API
- Change another account's password
- Login to your account
- Access admin API
- Find out what vulnerabilities the IT admins have ignored
- Make your account an admin
- Access the admin control panel
- Fire a blind XSS in the admin control panel and validate with your new admin account
- Delete everything
- Restore everything
hacking university
hacking school
hack school
hack university
hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#api #hack #hacking
Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university.
// University //
The Generic University on GitHub: https://github.com/InsiderPhD/Generic...
// MENU //
00:00 - Coming up
01:16 - Katie's YouTube channel // Recommended playlists
02:31 - How to hack and change your grades // "Generic University"
03:26 - Generic University demo // Burp Suite
04:25 - API vulnerabilities // Bug bounty
07:50 - Generic University demo (continued)
21:27 - Thinking outside the box // Hackers mindset
25:34 - Katie's PhD
26:10 - Will AI take over?
29:42 - Advice for getting into cyber-security
34:01 - Recommended YouTube playlists
35:44 - Recommended sites and books
36:48 - Conclusion // Final words
// Videos discussed //
Everything API Hacking: Finding Your First Bug: Finding Bugs ...
Hacker Toolkit: How to use ffuf - Hacker Toolbox
Burp for Beginners: Burp for Beginners: Introduction to Burp
OWASP Top 10 https://owasp.org/
// Books //
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF
// Free API hacking course //
APIsec Certified Expert Course: https://university.apisec.ai/
// Katie's Social //
Twitter: Twitter: InsiderPhD
YouTube: insiderphd
Website: https://insiderphd.dev/
The Generic University on GitHub: https://github.com/InsiderPhD/Generic...
// David's SOCIAL //
Discord: Discord: discord
Twitter: Twitter: davidbombal
Instagram: Instagram: davidbombal
LinkedIn: LinkedIn: davidbombal
Facebook: Facebook: davidbombal.co
TikTok: TikTok: davidbombal
YouTube Main Channel: davidbombal
YouTube Tech Channel: @davidbombaltech
YouTube Clips Channel: @davidbombalofficialclips
YouTube Shorts Channel: @davidbombalshorts
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gE...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]
// Generic University Challenge //
Vulnerabilities:
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API5:2019 Broken Function Level Authorization
API6:2019 Mass Assignment
API7:2019 Security Misconfiguration
Your Goals:
- Find the emails of the administrator
- Brute force the API to find new endpoints
- Find out what grades everyone got in a class
- Edit someone's grade
- Make an account
- Access the GraphQL API
- Change another account's password
- Login to your account
- Access admin API
- Find out what vulnerabilities the IT admins have ignored
- Make your account an admin
- Access the admin control panel
- Fire a blind XSS in the admin control panel and validate with your new admin account
- Delete everything
- Restore everything
hacking university
hacking school
hack school
hack university
hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#api #hack #hacking
2 سال پیش
در تاریخ 1401/09/06 منتشر شده
است.
183,200
بـار بازدید شده