
n this Video, WE will learn how to #setup #webpentest #lab? lab setup is your first step to do any penetration testing course. We will solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methodology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker.
Timestamps
00:00 Intro
00:40 download and install kali linux
04:30 download and install pycharm IDE
08:29 download and install foxyproxy
11:08 creat portswigger account
12:45 linux terminal shortcuts
In this Video,WE will learn the basic #HTTP #Request #Response #Foundation . how https communications work ? what is Request #methods ? what is Response #status #code ? what is #url structure ? what is http #query #strings? this video will help you while you try to solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methodology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker.
Timestamps
00:00 Intro
00:46 what is http ?
01:55 what is url structure ?
04:11 HTTP Requests and Responses
13:50 http query strings
lab setup, Brute force attack, Command execution, Local file inclusion, File upload, Cross Site Scripting, Injection
In this Video,WE will learn #network #basics #lab . How to setup network lab ? how to #configure #vlan ? what do you need to know as web pentest in network ? what is network #layers ? what is #access #layer ? how to configure #access #ports ? why you should know network #basics?
Timestamps
00:00 Intro
00:38 network lap setup
02:33 how to configure vlan ?
05:16 how to configure access ports ?
18:06 configuration recap
In this Video,WE will learn #network #basics #lab . How to setup network lab ? how to #configure #vlan ? what do you need to know as web pentest in network ? what is network #layers ? what is #access #layer ? how to configure #access #ports ? why you should know network #basics? How to configure #trunk port ? what is #spanningtree ? what is #portchannels? what is #core #switch ? how to #configure core switches ?
Timestamps
00:00 Intro
00:42 lab recap
01:40 how to configure truck ports
05:49 test connectivity and troubleshoot issues
13:10 spanning tree root priorities
14:48 configure port channels
17:07 trouble shooting port channel configuration
25:08 core layer switch configuration
28:50 core layer router configuration
In this Video,WE will learn #network #basics #lab . build a branch network .how to configure #network #device for #remote #SSH #management ? #configure #OSPF for connectivity between branches ?
Timestamps
00:48 Lab recap
02:18 building branch network
04:51 configuration switch for ssh remote management
11:01 branch router configuration
13:30 OSPF configuration dynamic routing
In this video,what is #sql #injection ? how to identify sql injection point ? how to #exploit sql injection vulnerabilities union #attacks? how to exfiltrate data through sql injection ? . How to determine number of columns ? how to get column variable type ? and how you can retrieve information from the database?. We will solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker في هذا الفيديو سوف نتعلم كيف يتم #اختراق المواقع عن طريق #ثغره حقن #قواعد البيانات و كيف تتعرف علي وجودها وكيف يتم استغلالها
contents of video
00:00 Introduction
4:45 Lab: SQL injection UNION attack, determining the number of columns returned by the query
14:00 Lab: SQL injection UNION attack, finding a column containing text
19:55 Lab: SQL injection UNION attack, retrieving data from other tables
25:00 Lab: SQL injection UNION attack, retrieving multiple values in a single column
In this video,what is #sql #injection ? how to identify sql injection point ? how to #exploit sql injection vulnerabilities union #attacks? how to exfiltrate data through sql injection ? . How to determine number of columns ? how to get column variable type ? and how you can retrieve information from the database?. We will solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker في هذا الفيديو سوف نتعلم كيف يتم #اختراق المواقع عن طريق #ثغره حقن #قواعد البيانات و كيف تتعرف علي وجودها وكيف يتم استغلالها
contents of video
00:00 Introduction
00:47 Lab: SQL injection attack, querying the database type and version on Oracle
08:01 Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft
15:52 Lab: SQL injection attack, listing the database contents on non-Oracle databases
31:17 Lab: SQL injection attack, listing the database contents on Oracle
In this video, We will cover the #blind based #SQL #injection how to exploit sql injection by three different ways through #conditional #response? , conditional #error and time #delay . how to automate #burpsuite #intruder through #python #script ?. في هذا الفيديو سوف نقوم #حل و #شرح #تطبيق #عملي علي #ثغره blind sql injection في اختبا #اختراق #المواقع الالكترونيه
contents of video
00:00 Introduction
00:23 Lab: Blind SQL injection with conditional responses
1:08:31 Lab: Blind SQL injection with conditional errors
1:39:50 Lab: Blind SQL injection with time delays and information retrieval
1:35:43 Lab: SQL injection vulnerability allowing login bypass
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
In this video, We will cover an Introduction to #Cross_Site_Scripting XSS to give you an overall idea on what is #XSS? , how to identify XSS #vulnerability entry point ? and some XSS #exploitation #techniques to help build #hacking #methodology . we will solve #portswigger #labs to strengthen your knowledge . في هذا الفيديو سوف نقوم #شرح استغلال #ثغره ال XSS في اختبار #اختراق المواقع الالكترونيه وكيف يمكنك #استغلال هذه الثغره لتحقيق #هجوم ناجح سوف نقوم #بتطبيق #عملي من خلال #حل #لابات portswigger
contents of video
00:00 Introduction to XSS
8:30 Lab: Reflected XSS into HTML context with nothing encoded
14:12 Lab: Reflected XSS into HTML context with most tags and attributes blocked
43:15 Lab: Reflected XSS with event handlers and href attributes blocked
1:11:00 Lab: Reflected XSS with some SVG markup allowed
We will Learn what is #stored #xss? how to #bypass firewall validations to exploit XSS vulnerability ? what to look for when tring xss #attacks? how to check manually for xss and with code ? We will solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methodology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker. #شرح #ثغره XSS وكيف يمكن استغلالها في #اختراق المواقع
Timestamps
00:00 intro
1:28 Lab: Reflected XSS into attribute with angle brackets HTML-encoded
10:04 Lab: Stored XSS into anchor href attribute with double quotes HTML-encoded
21:30 Lab: Reflected XSS in canonical link tag
35:05 Lab: Reflected XSS into a JavaScript string with single quote and backslash escaped
47:49 Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded
54:49 Lab: Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped
1:03:19 Lab: Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped
In this video,We will learn how to identify #Dom #xss #vulnerabilities ? how to #exploit dom xss ? why dom xss is not hard as you think? if you understand the dom variables it will become easy . We will solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker. #شرح #ثغره Dom xss وكيف يمكن #استغلال هذه الثغره لاختراق مواقع الالكترونيه
Timestamps
00:00 Intro
1:02 what is Dom?
03:31 Lab: DOM XSS in innerHTML sink using source location.search
22:14 Lab: DOM XSS in document.write sink using source location.search inside a select element
44:02 Lab: DOM XSS in innerHTML sink using source location.search
53:12 Lab: DOM XSS in jQuery anchor href attribute sink using location.search source
01:03:29 Lab: DOM XSS using web messages
01:29:14 Lab: DOM XSS using web messages and a JavaScript URL
01:41:28 Lab: DOM XSS using web messages and JSON.parse
In this Video, WE will learn what is #CSRF ? how to check for csrf #vulnerability ? #exploitation techniques for csrf ? how to check for valid csrf ? why csrf is high risk vulnerability ? #شرح #ثغره csrf We will solve csrf #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional pen tester or #ethical #hacker . #شرح #ثغره csrf كيف يتم استغلال في #اختراق المواقع لانها تعتبر من اخطر ثغرات المواقع التي تسمح للمخترق بتغيير صلاحياته
Timestamps
00:00 Intro
1:01 what is CSRF? 07:16 CSRF vulnerability with no defenses
20:34 CSRF where token validation depends on request method
26:47 CSRF where token validation depends on token being present
33:30 CSRF where token is not tied to user session
55:13 CSRF where token is tied to user non-session cookie
In this Video,WE will learn what is #CSRF ? how to check for csrf #vulnerability ? #exploitation techniques for csrf ? how to check for valid csrf ? why csrf is high risk vulnerability ? #شرح #ثغره csrf We will solve csrf #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional pen tester or #ethical #hacker . #شرح #ثغره csrf كيف يتم استغلال في #اختراق المواقع لانها تعتبر من اخطر ثغرات المواقع التي تسمح للمخترق بتغيير صلاحياته
Timestamps
00:00 Intro
00:30 CSRF where token is tied to user non-session cookie recap
04:09 CSRF where token is tied to user non-session cookie solution
28:02 CSRF token is duplicated in cookie
40:55 CSRF where referrer validation depends on header being present
In this Video, WE will learn about #Account #takeover #attacks ? And how to #exploit multiple #vulnerabilities and chain the together to perform this attack . We will #chain #CSRF AND #XSS vulnerability together to perform account take over . We will solve csrf #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional pen tester or #ethical #hacker في الفيديو ده هنشرح هجوم اسمه Account takeover و الهجوم ده بيبقي مختلف من موقع اموقع يعني مش حاجه ثابته
Timestamps
00:00 Intro
00:59 Exploiting XSS to Perform CSRF lab Analysis
10:17 What is Ajax?
13:42 Create Change Email function with static token
25:03 Create Extract CSRF Token dynamic Function
35:58 Exploiting XSS to Perform CSRF
39:32 Real Life Account takeover Scenario
44:17 Extracting username
47:54 Create Hacker Controlled Website on Microsoft Azure Cloud
54:56 Create Malicious PHP code to save username
01:00:19 Sending username to my site
In this Video,WE will learn how to exploit #java insecure #deserialization vulnerability? how to use #ysoserial #hacking tool to #exploit java #insecure deserialization #vulnerability? how to identify java #serialized objects? what is #serialization ? what is java #gadgets? how to write #bash and #python script to automate exploitation process? شرح #ثغره java insecure deserialization وكيف يتم استغلال في #اختراق #المواقع لانها تعتبر من اخطر ثغرات المواقع التي تسمح للمخترق بتنفيذ اوامر علي الخادم مباشره .
Timestamps
Intro 00:00
01:03 What is Serialization?
07:30 How to identify java Serialized Objects
11:45 Ysoserial Hacking Tool
14:35 What is java gadgets?
15:35 How to use ysoserial?
22:45 Bash Script For Exploit Automation
37:23 Python Script For Exploit Automation
01:07:30 Real Life Scenario
In this Video,WE will learn how to exploit #php insecure #deserialization vulnerability? how to #exploit php #insecure deserialization #vulnerability? how to identify PHP #serialized objects? what is #serialization ? We will solve #portswigger all related #labs to understand this #vulnerability clearly and build #hacking methodology that you can depend on in your journey in cyber security as a professional pentester or ethical hacker شرح #ثغره PHP insecure deserialization وكيف يتم #استغلال في #اختراق #المواقع لانها تعتبر من اخطر ثغرات المواقع التي تسمح للمخترق بتنفيذ اوامر علي الخادم مباشره .
Timestamps
00:00 Intro
00:35 LAB: Modifying serialized objects
04:04 Analyzing serialized object
9:46 LAB: Modifying serialized data types
17:50 Type juggling attack
25:00 LAB: Using application functionality to exploit insecure deserialization
34:05 LAB: Arbitrary object injections in php
In this Video, We will learn how to exploit #Directory #Traversal Vulnerability ? How to Discover Directory Traversal Vulnerability ? How to use #dotdotpwn kali hacking tool for #attack to be successful ? What to Do when the tool fail? .We will solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker. شرح #ثغره directory traversal وكيف يتم استغلال في #اختراق #المواقع لانها تعتبر من #اخطر ثغرات المواقع التي تسمح للمخترق بقراءه ملفات من علي الخادم مباشره . و تعرف الثغره ايضا باسم #lfi
Timestamps
Intro 00:00
00:49 Lab: File path traversal, simple case
10:20 Lab: File path traversal, traversal sequences blocked with absolute path bypass
13:41 Lab: File path traversal, traversal sequences stripped non-recursively
21:00 Lab: File path traversal, traversal sequences stripped with superfluous URL-decode
33:05 Lab: File path traversal, validation of start of path
39:10 Lab: File path traversal, validation of file extension with null byte bypass
In this Video,WE will learn #OS #command #injection #exploitaion manually and using #commix hacking tool . We will solve #portswigger all related #labs to understand this #vulnerability clearly and build #hacking #methedology that you can depend on in your journey in #cyber_security as a professional pentester or ethical #hacker #شرح#ثغره os command injection وكيف يتم استغلال في #اختراق المواقع لانها تعتبر من اخطر ثغرات المواقع التي تسمح للمخترق بتغيير صلاحياته
Timestamps
00:00 Intro
00:50 what is OS injection ?
03:03 OS command injection, simple case manual exploitation
08:52 OS command injection, simple case using commix hacking tool
15:40 Blind OS command injection with time delays manual exploitation
21:10 Blind OS command injection with time delays using commix hacking tool
30:28 Blind OS command injection with output redirection
39:48 Blind OS command injection with out-of-band interaction
how to #exploit #information #disclosure vulnerability? what is information disclosure? .We will solve #portswigger all related #labs to understand this vulnerability clearly and build #hacking #methodology that you can depend on in your journey in #cyber_security as a professional #pentester or #ethical #hacker. شرح #ثغره Information Disclosure وكيف يتم استغلال في #اختراق #المواقع لانها تعتبر من #اخطر ثغرات المواقع التي تسمح للمخترق بقراءه ملفات من علي الخادم مباشره . و تعرف الثغره ايضا باسم #Information Disclosure
Timestamps
00:00 Intro
00:44 LAB: Information disclosure in error messages
03:29 LAB: Information disclosure on debug page
07:00 LAB: Source code disclosure via backup files
09:30 LAB: Authentication bypass via information disclosure
16:00 LAB: Information disclosure in version control history
Welcome to our Web Application Penetration Testing course!
Are you looking to enhance your cybersecurity skills and learn how to identify and exploit vulnerabilities in web applications? Look no further! Our course is designed to provide hands-on, practical training in web application penetration testing.
Our course will focus on solving real-world challenges and exercises on Portswigger Labs, the leading platform for hands-on web security training. You'll have the opportunity to solve more than 100 labs and practice your skills in a safe, controlled environment.
But we don't just focus on theory - our course puts a strong emphasis on practical application. You'll learn the tools and techniques used by real-world penetration testers and have the opportunity to put your skills to the test by participating in Capture The Flag (CTF) events.
And the best part? Our course is offered in Arabic, so you can learn and practice in your native language.
Don't miss out on this opportunity to become a proficient web application penetration tester. Sign up for our course today!
Portswigger Labs مرحبا بكم في دورة تدريب الاختبارات العملية لاختراف التطبيقات الإلكترونية. في هذه الدورة، سنعمل على محاكاة
للتدريب على فهم وتطبيق مهارات الاختبارات العملية لاختراق المواقع الإلكترونية.
وسوف نقوم أيضًا بحل العديد من التدريبات العملية المتعلقة بCTF
لتعزيز مهاراتنا وتحسين فهمنا للتقنيات المستخدمة في هذا المجال. نركز في هذه الدورة على التدريب العملي أكثر من النظري، ولذلك سنقوم بحل أكثر من 100 محاكاة عملية في اللغة العربية.
إذا كنت مهتمًا بتعلم الاختبارات العملية للتدخل الخاص بالتطبيقات الإلكترونية وترغب في العمل على التدريبات العملية المتعلقة ب في اللغة العربية، فهذه الدورة مناسبة لك. اضغط هنا للتسجيل والاستفادة من هذه الفرصة الرائعة.