Ethical Hacking Tutorials

2021-04-27 18:55:29 - 3 -


197. Part 21 - Bypassing WAF -


198. Part 22 - Bypassing WAF - Impedance mismatch -



199. Part 23 - Bypassing addslashes - charset mismatch -



NoSQL injection
200. Introduction to NoSQL injection -


201. Introduction to SQL vs NoSQL - Difference between MySQL and MongoDB with tutorial -


202. Abusing NoSQL databases -


203. Making cry - attacking NoSQL for pentesters -


Xpath and XML injection
204. Introduction to Xpath injection -


205. Introduction to XML injection -


206. Practical 1 - bWAPP -


207. Practical 2 - Mutillidae -


208. Practical 3 - webgoat -


209. Hack admin panel using Xpath injection -


210. XXE demo -


211. XXE demo 2 -


212. XXE demo 3 -


LDAP injection
213. Introduction and practical 1 -


214. Practical 2 -


OS command injection
215. OS command injection in bWAPP -


216. bWAAP- OS command injection with Commiux (All levels) -


Local file inclusion
217. Detailed introduction -


218. LFI demo 1 -



219. LFI demo 2 -



Remote file inclusion
220. Detailed introduction -


221. RFI demo 1 -


222. RFI introduction and demo 2 -


HTTP splitting/smuggling
223. Detailed introduction -


224. Demo 1 -


Phase 11 – Generating and testing error codes
225. Generating normal error codes by visiting files that may not exist on the server - for example visit chintan.php or chintan.aspx file on any website
and it may redirect you to 404.php or 404.aspx or their customer error page. Check if an error page is generated by default web server or application
framework or a custom page is displayed which does not display any sensitive information.
226. Use BurpSuite fuzzing techniques to generate stack trace error codes -


Phase 12 – Weak cryptography testing
227. SSL/TLS weak configuration explained -


228. Testing weak SSL/TLS ciphers -


229. Test SSL/TLS security with Qualys guard -


230. Sensitive information sent via unencrypted channels -



Phase 12 – Business logic vulnerability
231. What is a business logic flaw -


232. The Difficulties Finding Business Logic Vulnerabilities with Traditional Security Tools -



233. How To Identify Business Logic Flaws -


234. Business Logic Flaws: Attacker Mindset - https://www.youtube.com Open / Comment

2021-04-27 18:55:29 kMl1suyj3M

158. What is XSS -


159. Reflected XSS demo -


160. XSS attack method using burpsuite -


161. XSS filter bypass with Xenotix -


162. Reflected XSS filter bypass 1 -


163. Reflected XSS filter bypass 2 -


164. Reflected XSS filter bypass 3 -


165. Reflected XSS filter bypass 4 -


166. Reflected XSS filter bypass 5 -


167. Reflected XSS filter bypass 6 -


168. Reflected XSS filter bypass 7 -


169. Reflected XSS filter bypass 8 -


170. Reflected XSS filter bypass 9 -


171. Introduction to Stored XSS -


172. Stored XSS 1 -


173. Stored XSS 2 -


174. Stored XSS 3 -


175. Stored XSS 4 -


176. Stored XSS 5 -


SQL injection
177. Part 1 - Install SQLi lab -


178. Part 2 - SQL lab series -


179. Part 3 - SQL lab series -


180. Part 4 - SQL lab series -


181. Part 5 - SQL lab series -


182. Part 6 - Double query injection -


183. Part 7 - Double query injection cont.. -


184. Part 8 - Blind injection boolean based -


185. Part 9 - Blind injection time based -


186. Part 10 - Dumping DB using outfile -


187. Part 11 - Post parameter injection error based -



188. Part 12 - POST parameter injection double query based -



189. Part 13 - POST parameter injection blind boolean and time based -



190. Part 14 - Post parameter injection in UPDATE query -




191. Part 15 - Injection in insert query -


192. Part 16 - Cookie based injection -


193. Part 17 - Second order injection -


194. Part 18 - Bypassing blacklist filters - 1 -


195. Part 19 - Bypassing blacklist filters - 2 -


196. Part 20 - Bypassing blacklist filters Open / Comment

2021-04-27 18:55:28 _I2DWgo
117. Understanding referer header in depth using Cisco product -


118. Introduction to ASP.NET viewstate -


119. ASP.NET viewstate in depth -


120. Analyse sensitive data in ASP.NET viewstate - https://msdn.microsoft.com/en-us/library/ms972427.aspx?f=255&MSPPError=-2147217396
121. Cross-origin-resource-sharing explanation with example -


122. CORS demo 1 -


123. CORS demo 2 -


124. Security headers -


125. Security headers 2 -


Phase 8 – Attacking authentication/login
126. Attacking login panel with bad password - Guess username password for the website and try different combinations
127. Brute-force login panel -


128. Username enumeration -


129. Username enumeration with bruteforce password attack -


130. Authentication over insecure HTTP protocol -


131. Authentication over insecure HTTP protocol -


132. Forgot password vulnerability - case 1 -


133. Forgot password vulnerability - case 2 -


134. Login page autocomplete feature enabled -


135. Testing for weak password policy - https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007)
136. Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the
website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.
137. Test for credentials transportation using SSL/TLS certificate -


138. Basics of MySQL -


139. Testing browser cache -


140. Bypassing login panel -case 1 -


141. Bypass login panel - case 2 -



Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
Completely unprotected functionalities
142. Finding admin panel -


143. Finding admin panel and hidden files and directories -


144. Finding hidden webpages with dirbusater -


Insecure direct object reference
145. IDOR case 1 -


146. IDOR case 2 -


147. IDOR case 3 (zomato) -


Privilege escalation
148. What is privilege escalation -


149. Privilege escalation - Hackme bank - case 1 -


150. Privilege escalation - case 2 -


Phase 10 – Attacking Input validations (All injections, XSS and mics)
HTTP verb tampering
151. Introduction HTTP verb tampering -


152. HTTP verb tampering demo -


HTTP parameter pollution
153. Introduction HTTP parameter pollution -


154. HTTP parameter pollution demo 1 -


155. HTTP parameter pollution demo 2 -


156. HTTP parameter pollution demo 3 -


XSS - Cross site scripting
157. Introduction to XSS -

Open / Comment

2021-04-27 18:55:28 ata exposure -


80. Broken access control -


81. Insufficient logging and monitoring -



82. XML external entities -


83. Using components with known vulnerabilities -



84. Cross-site scripting -


85. Security misconfiguration -


LUKE BRINER
86. Injection explained -


87. Broken authentication and session management -



88. Cross-site scripting -


89. Insecure direct object reference -


90. Security misconfiguration -


91. Sensitive data exposure -


92. Missing functional level access control -


93. Cross-site request forgery -


94. Components with known vulnerabilities -


95. Unvalidated redirects and forwards -


Phase 6 – Session management testing
96. Bypass authentication using cookie manipulation -


97. Cookie Security Via httponly and secure Flag - OWASP -


98. Penetration testing Cookies basic -


99. Session fixation 1 -


100. Session fixation 2 -


101. Session fixation 3 -


102. Session fixation 4 -


103. CSRF - Cross site request forgery 1 -


104. CSRF - Cross site request forgery 2 -


105. CSRF - Cross site request forgery 3 -


106. CSRF - Cross site request forgery 4 -


107. CSRF - Cross site request forgery 5 -


108. Session puzzling 1 -


109. Admin bypass using session hijacking -



Phase 7 – Bypassing client-side controls
110. What is hidden forms in HTML -


111. Bypassing hidden form fields using tamper data -


112. Bypassing hidden form fields using Burp Suite (Purchase application) -


113. Changing price on eCommerce website using parameter tampering -


114. Understanding cookie in detail -


115. Cookie tampering with tamper data-


116. Cookie tamper part 2 -

Open / Comment

2021-04-27 15:53:35 How to analyze mobile malware: a Cabassous/FluBot Case study

https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/ Open / Comment

2021-04-27 10:30:02 https://github.com/Th3l0newolf/GoogleDorks
Basic Dorks for beginners Open / Comment

2021-04-27 09:48:56 Hello everyone just shared my eJPT exam review and tips to pass eJPT. A huge thanks to @Gabb4r for mentoring me through out my journey and all members of @Ethicalhackx

-- @Ry0_saeba

https://anonymousyogi.medium.com/how-i-cracked-ejpt-successfully-ejpt-review-d9e3c34bae8a Open / Comment

2021-04-26 19:48:56 Easter XSS by terjanq

https://easterxss.terjanq.me/writeup.html Open / Comment

2021-04-26 06:24:36 Hey everyone, my name is @illucist, and I'm the co-founder of Hacklido owned by @admiralarjun. I wanted to take a minute to say hello, and inform about our New Cyber-Sec Forum for aspiring Cyber sec enthusiasts.

On behalf of myself and the entire Hacklido team, I want you to know that we have launched The Hacklido Forum at https://www.Hacklido.com/, which is a next generation Community for Beginners to Experienced Cyber sec humans.

The enormous difference of hacklido from other forums is that it is not restricted to one area – it can cover literally anything under cybersecurity but that doesn’t mean that’s where the conversations start and stop. Hacklido is designed to bring people together with a view of creating something unique – a place where everyone can discuss the technical topics and issues. In addition, there's no minimal entry requirement - for example, you can be a complete novice/beginner, seasoned veteran, or even battle hardened expert. We make no distinction here.
Sign up, Lets connect Open / Comment

2021-04-26 04:15:20 A Brief Introduction to Prototype Pollution

More at @EthicalHackxCom

https://mikekitckchan.medium.com/a-brief-introduction-to-prototype-pollution-b154c23b40c5 Open / Comment