
Compare virtual hosting options by weighing VirtualBox against VMware, noting VirtualBox's free access but lag risks, and use VMware Workstation or Fusion with a 30-day free trial for Kali Linux.
Learn to use WPScan to enumerate WordPress plugins and themes for vulnerabilities, interpret scan output, and follow best practices by reading entire results before acting.
This is a video from my youtube channel I decided to include here.
Set up juice shop on Kali, install node.js and npm, start the juice shop server on port 3000, configure Burp proxy, and explore its vulnerabilities for bug bounty practice.
Learn to set up juice shop locally, route browser traffic through burp by enabling hijack localhost in about:config, and prepare for the first vulnerability in the next video.
Identify and exploit an idor vulnerability by leaving feedback as another user, intercepting traffic with burp, solving a captcha, and forging a request to submit feedback.
Explore privilege escalation by creating an admin account through role manipulation in a web app. Use intercept and repeater to test changing a customer role to admin, illustrating IDOR risks.
Solve an idor challenge by manipulating the Juice Shop shopping basket, testing for price and quantity overrides with intercept tools, and completing the checkout to trigger a payout.
Practice capture the flag skills on a vulnerable site by exploring pages, viewing the source, and editing a page to access a forbidden page and reveal the flag.
Explore hands-on web security challenges on over the wire, solving level zero by following flags and robots.txt cues. View the page source to locate passwords and advance to next level.
Learn to inspect page source to find hardcoded passwords, usernames, and API keys, understand right-click blocks, and apply critical thinking in bug bounty hunting.
Explores sql injection techniques across Oracle and MySQL, crafting union select payloads, using dual and from dual, intercepting requests, and leveraging sqlmap with TryHackMe or Hack The Box labs.
Analyze a blind sql injection lab targeting a tracking cookie, showing why blind injection is hard and how to detect it with time delays using pg_sleep and union select.
Explore blind time-based SQL injection using sqlmap to identify databases, tables, and user credentials, automate payloads, and bypass login in a practical hacking lab.
Learn to automatically detect directory traversal and path traversal vulnerabilities with a simple tool on a local juice shop web app. Install and run the tool, then interpret the results.
Demonstrate how XML external entity (XXE) attacks exploit XML processing to access restricted data, using payloads, encoding considerations, and a practical file upload workflow to retrieve a password file.
Explore an intermediate xss lab by breaking out of a javascript string and injecting a payload via script tags, using view source and inspect element to trigger an alert.
In this course you will be taken from a beginner who knows little or nothing about cybersecurity to finding your own vulnerabilities! If you are looking to become a certified ethical hacker this is the place to start! This course is applicable if you are seeking to become certified EJPT OSCP GPEN and more! When I started in Cybersecurity I had nowhere to turn. I created this course for the person who wants to take their first step or the next step in becoming a Cyber Security Professional.
Active directory! This is becoming a hot topic within the world of ethical hacking due to the recent change in the OSCP exam. If you are looking to gain the ability to confidently enumerate and exploit active directory this will be the place for you to start. We will exploit three AD systems and cover the most common tools used.
Buffer Overflow! Fear no more. We will cover the buffer overflow with ONLY the information that is need to perform the exploit. Many courses make buffer overflow seem scary by giving WAY more information than what is needed. In this course we will exploit the buffer overflow and it will be easy. Become confident in exploiting buffer overflows!
This course is designed to be highly practical with lots of hands on practice to obtain and become confident in the skills you are learning.
We will start by enumerating and finding vulnerabilities in Web Applications. These skills are very relevant in all areas of cyber security. We will cover all the most common web vulnerabilities including those that lead to Remote Code Execution. Then we will turn to network enumeration. This is when we will begin gaining access to the vulnerable servers. We will learn to gain access to the servers through network enumeration and through vulnerable web applications.