filmov
tv
Web Exploitation – Full Course (9+ Hours)
Показать описание
Upload of the full Web Exploitation course.
All the material developed for the course is available in the OSCP repository, link down below.
----
REFERENCES
----
CONTACTS
----
TIMESTAMPS
######### Web 00 – Introduction
00:00:00 Web Exploitation Course
######### Web 01 – Introduction to Web Exploitation
00:03:17 Introduction
00:05:37 Clients and Servers
00:07:37 The HTTP Protocol
00:11:47 HTML
00:17:00 CSS
00:18:57 JavaScript and the DOM
00:23:00 Web Applications
00:29:07 Overview so far
00:30:47 HTTP is stateless
00:32:57 On Malicious HTTP requests
00:35:39 Introduction to BurpSuite
00:40:03 Using BurpSuite
00:48:02 A first vulnerability
00:52:42 Conclusion
######### Web 02 – Getting Used to BurpSuite
00:54:32 Introduction
00:55:52 Initial Setup
01:07:57 Installing PortSwigger CA certificate
01:12:12 Starting the web application
01:13:02 Configuring the scope
01:19:22 Proxy interception
01:23:27 Repeater
01:28:12 Decoder
01:30:32 Comparer
01:31:32 Analyzing cookie structure
01:36:32 Intruder
01:40:28 Sequencer
01:41:32 Dashboard
01:43:22 Extensions
01:45:32 Conclusion
######### Web 03 – SQL Injection
01:47:03 Introduction
01:50:18 Databases and Structured Query Language (SQL)
02:03:43 Simple queries
02:09:33 Interpreters
02:14:18 Injections
02:17:45 Example 1 – PHP Snippet
02:25:33 Example 2 – DVWA easy
02:37:13 Example 3 – DVWA medium
02:40:47 Example 4 – SecureBank
######### Web 04 – Directory Traversal
02:48:08 Introduction
02:49:53 Tomcat Setup
02:57:48 Static Web Application
03:02:08 Dynamic Web Application with JSP
03:03:48 Fuzzing with wfuzz to discover parameter
03:07:48 Analyzing the disclosed stacktrace
03:10:53 A simple Directory Traversal
03:16:03 A more complex Directory Traversal
03:20:58 Directory Traversal in SecureBank
03:26:58 Conclusion
######### Web 05 – File Inclusion
03:28:03 Introduction
03:29:55 Example 1 – LFI with JSP
03:46:13 Example 2 – LFI with php
03:57:53 Example 3 – RFI with php
04:03:03 Example 4 – DVWA challenges
04:12:53 Example 5 – Leak source code with php filters
######### Web 06 – File Upload Vulnerabilities
04:17:49 Introduction
04:19:29 Explanation of lab
04:24:11 POST request to upload a file
04:29:29 Reading php code
04:37:49 Solving level 1
04:43:41 Solving level 2
04:47:14 Solving level 3
04:56:31 PortSwigger Academy lab 1
05:00:56 PortSwigger Academy lab 2
05:02:33 PortSwigger Academy lab 3
05:08:27 Conclusion
######### Web 07 – Command Injections
05:09:31 Introduction
05:10:46 Some Intuition on Command Injections
05:16:36 DVWA level low
05:32:06 DVWA level medium
05:38:46 DVWA level high
05:40:34 DVWA level impossible
05:45:26 Port Swigger Lab 1
05:49:26 Port Swigger Lab 2
05:53:26 Port Swigger Lab 3
05:59:06 Conclusion
######### Web 08 – Cross Site Scripting
06:00:07 Introduction
06:03:07 Client-side attacks
06:06:42 Stored XSS – Intuition
06:18:07 Stored XSS – Leaking session cookie
06:25:47 Reflected XSS – Intuition
06:30:27 Reflected XSS – Leaking session cookie
06:33:37 DOM XSS
06:41:32 Review so far
06:43:12 Conclusion
######### Web 09 – Enumeration of Files and Directories
06:45:54 Introduction
06:48:54 Docker lab setup
06:50:34 Intuition on Web Enumeration
06:58:59 Using gobuster
07:02:49 Scenario 1 – Directory Enumeration
07:05:41 Scenario 2 – Files Enumeration
07:09:54 Review so far
07:12:37 Scenario 3 – Custom 404 page
07:18:39 Conclusion
######### Web 10 – Enumeration of Virtual Hosts
07:21:11 Introduction
07:21:56 Docker lab setup
07:24:44 Intuition on virtual hosts
07:30:11 Host header in HTTP requests
07:34:11 Enumeration of virtual hosts
07:38:04 Using gobuster
07:40:21 How to access virtual hosts
07:46:41 Differences between Virtual Hosts and Domain Names
07:49:11 Conclusion
######### Web 11 – Enumeration of Parameters
07:51:16 Introduction
07:53:06 Docker lab
07:56:51 Wfuzz scenario 1 – discovery of parameter name
08:12:26 Wfuzz scenario 2 – discovery of debug parameter
08:15:21 Wfuzz scenario 3 – discovery of parameter value
08:21:46 Insecure Direct Object Reference (IDOR)
08:24:16 Wfuzz scenario 4 – sending requests to burpsuite
08:26:31 Wfuzz scenario 4 – discovery of POST data
08:28:00 Conclusion
######### Web 12 – Brute Force Attacks
08:28:26 Introduction
08:30:50 Scenario 1 – Brute Forcing SSH
08:43:42 Scenario 2 – Brute Forcing FTP
08:48:01 Scenario 3 – Brute Forcing HTTP Basic Auth
08:50:56 Scenario 4 – Brute Forcing DVWA login
08:57:26 Conclusion
######### Web 11 – DNS Zone Transfer Attacks
08:58:16 Introduction
09:01:26 Difference between VHOST and DNS
09:06:11 What is a DNS zone transfer?
09:07:51 DNS zone transfer in practice
09:12:31 Final Overview
09:14:16 Conclusion
All the material developed for the course is available in the OSCP repository, link down below.
----
REFERENCES
----
CONTACTS
----
TIMESTAMPS
######### Web 00 – Introduction
00:00:00 Web Exploitation Course
######### Web 01 – Introduction to Web Exploitation
00:03:17 Introduction
00:05:37 Clients and Servers
00:07:37 The HTTP Protocol
00:11:47 HTML
00:17:00 CSS
00:18:57 JavaScript and the DOM
00:23:00 Web Applications
00:29:07 Overview so far
00:30:47 HTTP is stateless
00:32:57 On Malicious HTTP requests
00:35:39 Introduction to BurpSuite
00:40:03 Using BurpSuite
00:48:02 A first vulnerability
00:52:42 Conclusion
######### Web 02 – Getting Used to BurpSuite
00:54:32 Introduction
00:55:52 Initial Setup
01:07:57 Installing PortSwigger CA certificate
01:12:12 Starting the web application
01:13:02 Configuring the scope
01:19:22 Proxy interception
01:23:27 Repeater
01:28:12 Decoder
01:30:32 Comparer
01:31:32 Analyzing cookie structure
01:36:32 Intruder
01:40:28 Sequencer
01:41:32 Dashboard
01:43:22 Extensions
01:45:32 Conclusion
######### Web 03 – SQL Injection
01:47:03 Introduction
01:50:18 Databases and Structured Query Language (SQL)
02:03:43 Simple queries
02:09:33 Interpreters
02:14:18 Injections
02:17:45 Example 1 – PHP Snippet
02:25:33 Example 2 – DVWA easy
02:37:13 Example 3 – DVWA medium
02:40:47 Example 4 – SecureBank
######### Web 04 – Directory Traversal
02:48:08 Introduction
02:49:53 Tomcat Setup
02:57:48 Static Web Application
03:02:08 Dynamic Web Application with JSP
03:03:48 Fuzzing with wfuzz to discover parameter
03:07:48 Analyzing the disclosed stacktrace
03:10:53 A simple Directory Traversal
03:16:03 A more complex Directory Traversal
03:20:58 Directory Traversal in SecureBank
03:26:58 Conclusion
######### Web 05 – File Inclusion
03:28:03 Introduction
03:29:55 Example 1 – LFI with JSP
03:46:13 Example 2 – LFI with php
03:57:53 Example 3 – RFI with php
04:03:03 Example 4 – DVWA challenges
04:12:53 Example 5 – Leak source code with php filters
######### Web 06 – File Upload Vulnerabilities
04:17:49 Introduction
04:19:29 Explanation of lab
04:24:11 POST request to upload a file
04:29:29 Reading php code
04:37:49 Solving level 1
04:43:41 Solving level 2
04:47:14 Solving level 3
04:56:31 PortSwigger Academy lab 1
05:00:56 PortSwigger Academy lab 2
05:02:33 PortSwigger Academy lab 3
05:08:27 Conclusion
######### Web 07 – Command Injections
05:09:31 Introduction
05:10:46 Some Intuition on Command Injections
05:16:36 DVWA level low
05:32:06 DVWA level medium
05:38:46 DVWA level high
05:40:34 DVWA level impossible
05:45:26 Port Swigger Lab 1
05:49:26 Port Swigger Lab 2
05:53:26 Port Swigger Lab 3
05:59:06 Conclusion
######### Web 08 – Cross Site Scripting
06:00:07 Introduction
06:03:07 Client-side attacks
06:06:42 Stored XSS – Intuition
06:18:07 Stored XSS – Leaking session cookie
06:25:47 Reflected XSS – Intuition
06:30:27 Reflected XSS – Leaking session cookie
06:33:37 DOM XSS
06:41:32 Review so far
06:43:12 Conclusion
######### Web 09 – Enumeration of Files and Directories
06:45:54 Introduction
06:48:54 Docker lab setup
06:50:34 Intuition on Web Enumeration
06:58:59 Using gobuster
07:02:49 Scenario 1 – Directory Enumeration
07:05:41 Scenario 2 – Files Enumeration
07:09:54 Review so far
07:12:37 Scenario 3 – Custom 404 page
07:18:39 Conclusion
######### Web 10 – Enumeration of Virtual Hosts
07:21:11 Introduction
07:21:56 Docker lab setup
07:24:44 Intuition on virtual hosts
07:30:11 Host header in HTTP requests
07:34:11 Enumeration of virtual hosts
07:38:04 Using gobuster
07:40:21 How to access virtual hosts
07:46:41 Differences between Virtual Hosts and Domain Names
07:49:11 Conclusion
######### Web 11 – Enumeration of Parameters
07:51:16 Introduction
07:53:06 Docker lab
07:56:51 Wfuzz scenario 1 – discovery of parameter name
08:12:26 Wfuzz scenario 2 – discovery of debug parameter
08:15:21 Wfuzz scenario 3 – discovery of parameter value
08:21:46 Insecure Direct Object Reference (IDOR)
08:24:16 Wfuzz scenario 4 – sending requests to burpsuite
08:26:31 Wfuzz scenario 4 – discovery of POST data
08:28:00 Conclusion
######### Web 12 – Brute Force Attacks
08:28:26 Introduction
08:30:50 Scenario 1 – Brute Forcing SSH
08:43:42 Scenario 2 – Brute Forcing FTP
08:48:01 Scenario 3 – Brute Forcing HTTP Basic Auth
08:50:56 Scenario 4 – Brute Forcing DVWA login
08:57:26 Conclusion
######### Web 11 – DNS Zone Transfer Attacks
08:58:16 Introduction
09:01:26 Difference between VHOST and DNS
09:06:11 What is a DNS zone transfer?
09:07:51 DNS zone transfer in practice
09:12:31 Final Overview
09:14:16 Conclusion
9:15:59
Web Exploitation – Full Course (9+ Hours)
2:47:57
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
0:15:25
Simple Penetration Testing Tutorial for Beginners!
0:02:56
Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC
1:28:49
Web App Vulnerabilities - DevSecOps Course for Beginners
12:16:54
Ethical Hacking in 12 Hours - Full Course - Learn to Hack!
0:00:24
Binary Exploitation vs. Web Security
0:03:27
Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information
0:59:28
HackerFrogs x BGH - Web App Hacking #5 - Session 18 - SQL Crash Course
0:13:28
SQL Injection For Beginners
0:06:50
How Hackers Login To Any Websites Without Password?!
0:21:31
HACKING WEBSITES!! - picoCTF 2019 Web Exploitation Gameplay!
0:51:15
Introduction to Web Exploitation
0:31:28
Hacking: The Art Of Exploitation | Introduction | Complete Ethical Hacking Course for Beginner
0:17:09
Nmap Tutorial to find Network Vulnerabilities
1:28:46
Beginner Workshop: Intro to Web Exploitation
0:18:54
Offensive Software Exploitation: Part 1 (Free Course)
0:15:56
Scan for Vulnerabilities on Any Website Using Nikto [Tutorial]
0:40:06
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Training | Edureka
0:34:52
Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
1:29:00
Beginner: Intro to Web Exploitation
0:02:26
Web Hacking Expert Full-Stack Exploitation Mastery - Course Overview
1:24:48
Intro to Web Exploitation Workshop
0:09:57
Metasploit Tutorial for Beginners
Комментарии