Канал: Medusa

LLM API Hacking | Indirect Prompt Injection in LLM APIs | PART 4

LLM API Hacking | Indirect Prompt Injection in LLM APIs | PART 4

LLM API Hacking | OS Command Injection in LLM APIs | PART 3

LLM API Hacking | OS Command Injection in LLM APIs | PART 3

LLM API Hacking | Excessive Agency | PART 2

LLM API Hacking | Excessive Agency | PART 2

LLM API Hacking | Introduction | PART 1

LLM API Hacking | Introduction | PART 1

HTTP Parameter Pollution VS Mass Assignment

HTTP Parameter Pollution VS Mass Assignment

IDOR In Shopify GraphQL API | Report Explained

IDOR In Shopify GraphQL API | Report Explained

Server-Side Parameter Pollution in REST APIs

Server-Side Parameter Pollution in REST APIs

Exploring Server-Side Parameter Pollution: Real Case Scenario, Parameter Precedence, and More!

Exploring Server-Side Parameter Pollution: Real Case Scenario, Parameter Precedence, and More!

Performing CSRF exploits over GraphQL

Performing CSRF exploits over GraphQL

Bypassing GraphQL Brute-Force Protections

Bypassing GraphQL Brute-Force Protections

Finding a Hidden GraphQL Endpoint

Finding a Hidden GraphQL Endpoint

Accidental Exposure of Private GraphQL Fields

Accidental Exposure of Private GraphQL Fields

Accessing Private GraphQL Fields

Accessing Private GraphQL Fields

Exploiting Mass Assignment Vulnerability in API | PortSwigger

Exploiting Mass Assignment Vulnerability in API | PortSwigger

How Can Fuzzing Help You Find Hidden API Endpoints?

How Can Fuzzing Help You Find Hidden API Endpoints?

How Hackers Exploit API Endpoints Using Documentation?

How Hackers Exploit API Endpoints Using Documentation?

How To Perform DOS Attack in GraphQL | Circular Relationship | Prevention

How To Perform DOS Attack in GraphQL | Circular Relationship | Prevention

How Broken Functionality Level Authorization Occurs? | Code Analysis and Prevention

How Broken Functionality Level Authorization Occurs? | Code Analysis and Prevention

How to Discover API Subdomains? | Subdomain Enumeration | API Hacking

How to Discover API Subdomains? | Subdomain Enumeration | API Hacking

How Mass Assignment Gives You Admin Privileges? | APIs | Code Examples |

How Mass Assignment Gives You Admin Privileges? | APIs | Code Examples |

JWT authentication bypass via 'X-HTTP-Method-Override' Header

JWT authentication bypass via 'X-HTTP-Method-Override' Header

How BOLA in API Endpoint can lead to Account Takeover | Postman | API Security

How BOLA in API Endpoint can lead to Account Takeover | Postman | API Security

Bypass JWT Authentication By Bruteforcing Secret Key | PortSwigger |

Bypass JWT Authentication By Bruteforcing Secret Key | PortSwigger |

Bypass JWT Signature via Flawed Authentication | Access Admin Panel |

Bypass JWT Signature via Flawed Authentication | Access Admin Panel |

Exploiting Stored XSS in GraphQL | DVGA |

Exploiting Stored XSS in GraphQL | DVGA |

Exploiting Command Injection in GraphQL | DVGA |

Exploiting Command Injection in GraphQL | DVGA |

Exploiting SQL Injection in GraphQL | DVGA |

Exploiting SQL Injection in GraphQL | DVGA |

Graphql Endpoint Analysis | Damn Vulnerable Graphql Application |

Graphql Endpoint Analysis | Damn Vulnerable Graphql Application |

Horror Story but CTF Like! | Steganography | TryHackMe

Horror Story but CTF Like! | Steganography | TryHackMe

Horror Story but CTF Like! | Cryptography | TryHackMe

Horror Story but CTF Like! | Cryptography | TryHackMe

TryHackMe: Wireshark Basics | Part 3 |

TryHackMe: Wireshark Basics | Part 3 |

TryHackMe: Wireshark Basics | Part 2 |

TryHackMe: Wireshark Basics | Part 2 |

TryHackMe: Wireshark Basics | Part 1 |

TryHackMe: Wireshark Basics | Part 1 |

Phases of Penetration Testing | WebApp Pentest | Privilege Escalation

Phases of Penetration Testing | WebApp Pentest | Privilege Escalation

XXE Injection to Database Takeover | CVE-2021-29447 | RCE |

XXE Injection to Database Takeover | CVE-2021-29447 | RCE |

Exploiting SQL Injection in API Endpoint | API Hacking | crAPI

Exploiting SQL Injection in API Endpoint | API Hacking | crAPI

Exploiting Mass Assignment Vulnerability | API Hacking | crAPI

Exploiting Mass Assignment Vulnerability | API Hacking | crAPI

Broken Object Level Authorization | Excessive Data Exposure | crAPI

Broken Object Level Authorization | Excessive Data Exposure | crAPI

Exploiting Rate Limiting to Brute-Force OTP | crAPI |

Exploiting Rate Limiting to Brute-Force OTP | crAPI |

Discovering API and Analyzing Endpoints Using Postman and Browser | crAPI |

Discovering API and Analyzing Endpoints Using Postman and Browser | crAPI |

How to Install crAPI in Kali Linux | OWASP | API Testing |

How to Install crAPI in Kali Linux | OWASP | API Testing |

Exploiting File Upload To Get a Root Shell | Hacker vs Hacker | CTF

Exploiting File Upload To Get a Root Shell | Hacker vs Hacker | CTF

Hijacking account with Open Redirect in OAuth 2.0 | Stealing Access Tokens |

Hijacking account with Open Redirect in OAuth 2.0 | Stealing Access Tokens |

Account Takeover via Implicit flow | Explained | Practical |

Account Takeover via Implicit flow | Explained | Practical |

PentesterLab Recon Challanges From 16-20 | CTF |

PentesterLab Recon Challanges From 16-20 | CTF |

Installation and Usage of Subjack | Subdomain Takeover | Kali Linux Tool

Installation and Usage of Subjack | Subdomain Takeover | Kali Linux Tool

Find Hidden Domain, Subdomain or IP addresses through TLS SANs Certificate

Find Hidden Domain, Subdomain or IP addresses through TLS SANs Certificate

PentesterLab Recon Challanges From 11-15 | CTF |

PentesterLab Recon Challanges From 11-15 | CTF |

Create your Own Hash Cracking Tool Using Python | With Slides | Explained

Create your Own Hash Cracking Tool Using Python | With Slides | Explained

Create your Own Port Scanning Tool Using Python | With Slides | Explained

Create your Own Port Scanning Tool Using Python | With Slides | Explained

Create Your Own Subdomain Enumeration Tool Using Python | With Slides | Explained

Create Your Own Subdomain Enumeration Tool Using Python | With Slides | Explained

Exploiting Stack Buffer Overflow | Step by Step | Immunity Debugger | Explained |

Exploiting Stack Buffer Overflow | Step by Step | Immunity Debugger | Explained |

PROMPT.ML | 0x9 | XSS Challange | Level 9 | Explained

PROMPT.ML | 0x9 | XSS Challange | Level 9 | Explained

PROMPT.ML | 0x8 | XSS Challange | Level 8 | Explained

PROMPT.ML | 0x8 | XSS Challange | Level 8 | Explained

PROMPT.ML | 0x7 | XSS Challange | Level 7 | Explained

PROMPT.ML | 0x7 | XSS Challange | Level 7 | Explained

PROMPT.ML | 0x6 | XSS Challange | Level 6 | Explained

PROMPT.ML | 0x6 | XSS Challange | Level 6 | Explained

PROMPT.ML | 0x5 | XSS Challange | Level 5 | Explained

PROMPT.ML | 0x5 | XSS Challange | Level 5 | Explained

PROMPT.ML | 0x4 | XSS Challange | Level 4 | Explained

PROMPT.ML | 0x4 | XSS Challange | Level 4 | Explained

PROMPT.ML | 0x3 | XSS Challange | Level 3 |

PROMPT.ML | 0x3 | XSS Challange | Level 3 |

PROMPT.ML | 0x2 | XSS Challange | Level 2 | Explained

PROMPT.ML | 0x2 | XSS Challange | Level 2 | Explained

PROMPT.ML | 0x1 | XSS Challange | Level 1 | Explained

PROMPT.ML | 0x1 | XSS Challange | Level 1 | Explained

PROMPT.ML | 0x0 | XSS Challange | Level 0 | Explained

PROMPT.ML | 0x0 | XSS Challange | Level 0 | Explained

How to install gau tool and use it | Fetch URLS | Github

How to install gau tool and use it | Fetch URLS | Github