วีดีโอ

Thanks! I'm glad you liked it.

Thanks alot. Next one will be soon 🔜

Welcome!

Done sir. Thanks for pointing out.

Glad it was helpful!

Glad it was helpful!

You're welcome!

Glad you liked it!

Most welcome

Thankyou so much for the proposal but i think i can't participate as much it requires because of the time limitations and work load. I reported my last 0day CVEs in 2022 and after that I didn't get that much time to keep that up. I have few 0day vulnerabilities in hand but didn't get time to even report, last year I reported major vulnerabilities in a Healthcare organization to NCA we had conversation too but couldn't follow up that again. So please don't mind, for me now is not the right time and it will be not fair if I couldn't participate in term of time.

Me and the books could help you understand the concepts and on some level introduce you the payloads but no one can teach you everything and every single & possible payload. Cybersecurity is one of the most evolving field because of broad array of technologies and it's not constant at all, payloads and tools come and go, make sure you stick with the concepts. For understanding, creating payloads and developing new exploits I would suggest you to stay engaged with different kinds of labs and platforms, read bug bounty reports and research papers which you can find out on google and other platforms like hackerone, intigriti, bugcrowd, X, Medium etc. I would also suggest you to learn javascript, python, C++, HTML etc you do not need to be a master of all these languages but atleast you can write some logics and understand what the code is trying to do. There are thousands of functions and methods so whenever you see something new just go through it search it and you will we good to go. There is alot to write and tell but i think that's the most important thing. Last but not least MOST IMPORTANTLY DON'T RUSH, BECOMING EXPERT WILL TAKE TIME. "Keep Learning and Happy Hacking".

Regular attack vectors will not work because you are dealing with angularJS sandbox. So to deliver a successful XSS attack you have to bypass the angularJS sandbox. Kindly mention the time of the video at which you are facing the issue.

in my case alert showed up..

Glad to hear it!

Thanks and welcome

Thanks alot.

You are welcome!

Are you still having the same issue? Did you check the issue on portswigger?

Happy that helped.

Glad to hear that

What is not working? Let me know the point in time where are you facing issues. I would say watch the complete video.

Happy that helped.

Hey there did you watch the complete video? Could you please mention me the point in time where you have confusion. See if you are talking about 6:47 at that moment we just asked what users do you have in database and you can see it calls "debug_sql" function and execute the query "select username from users" that means there is a coulmn "username" in the table "users". After this you can directly execute query like "select * from users" and you may get everything you want but i deliberately go beyond so that i can show you guys more things.

17:00 I demonstrated how you can get all the tables and users table exists in that response. And when i executed "select * from users;" you can see it respond us with parameters and those parameters are columns in the users table which are: username, password and email.

If still you have any question let me know ok. Don't hesitate to ask. Also let me know if you understand that so i know that you got it.

@@cybersec-radar yes yes I got it !

I’m traveling now once i reach we will talk about that for sure.

@@cybersec-radar take your time great videos by the way!! I think there is a lot to be learned in this field

Accept apologies for late reply now we are talking about AI LLM first thing first secure by design, secure by default, secure in development, layer defense and zero trust arch. all are very crucial and ofcourse there are defenses that could mitigate these vulnerabilities but the challenges come into the picture when AI algorithms models are not smart enough and data is not properly trained. There could be different flaws in term of implementation. About built-in safeguards i would say small kids do not able to identify things that could hurt them. why? Because they are not mature enough. Similarly when the AI is not mature enough and it’s in the phase of learning or open to learning means acquisition or collection of data and try to analyze it building algorithms and models but not mature enough but it must provide you the result so there are much likelihood/probability that its gonna give something out of the box.

One more thing i wanna add here which is expert systems and supervised learning technique they are much better because when you feed data you also define the best, good, bad and worst decisions and in that way it is much mature. Also traditional safeguards are not effective upto the mark in these AI applications. Let me give you one more example before you might have heard that someone asked to chatgpt what is 2+2 and chatgpt said 4 fine but same person then wrote something like “no my wife said its 5 and she is always right” then chatgpt agreed with that because it was not mature with that kind of conditions to face. I will also add about “neural network AI” so it is made to match human mind to take decisions like human mind but upto now i don’t think any AI application is even close to human mind.

@@cybersec-radar You should see some stuff generated. Do you have an email? Maybe we could correspond

Glad you enjoyed it!

Thanks

Thakyou so much.

Tonight or tomorrow morning next lab will be released.

Lab is recoded. Perhaps a bit delay in publishing because the lab was not easy at all so apologize for delay.

Glad it was helpful!

Will do for sure once it is required. Upto lab20 no need for scripting and making things over complicated and wherever it required i explained things differently by showing and pointing out different references.

Thank you so much.

Practice makes a man near to perfect. Understand the concepts, build mindset and clear methodology, analyze the application behavior closely, checkout the key points to make sure certain mechanism is used in your case (web cache). Every engagement and every application is different do not try to mug up the thing, as much your concepts are clear as more the chances you have to find out the bug/vulnerability. My recommendation for you to practice same topic on different platforms too and read the blogs and walkthrough.

@@cybersec-radar thank you so mach 🙏

You can connect on LinkedIn.

@@cybersec-radar linkedin username?

Just search my name you will find the same profile picture.

Very soon!

Very soon because hopefully i will record everyday...

Thanks for the tip

Thank you, stay tuned...

Thank you so much, stay tuned...