- 34
- 2 639
Hacking With Gabe
เข้าร่วมเมื่อ 1 ต.ค. 2023
Permissions | Android Hacking #5
As always thank you for watching!
My Blog Post on this Topic: gaberoy.zip/posts/android-permissions/android-permissions/
Resources:
Free Hextree.io Android Course: app.hextree.io/map/android
Android Studio: developer.android.com/studio
Timestamps:
0:00 Overview and Context?
1:14 Types of Permissions
3:33 Boundaries / Threat Modeling
7:15 Protecting Components with Permissions
9:40 Custom Permissions
11:34 Common Issues / Conclusion
My Blog Post on this Topic: gaberoy.zip/posts/android-permissions/android-permissions/
Resources:
Free Hextree.io Android Course: app.hextree.io/map/android
Android Studio: developer.android.com/studio
Timestamps:
0:00 Overview and Context?
1:14 Types of Permissions
3:33 Boundaries / Threat Modeling
7:15 Protecting Components with Permissions
9:40 Custom Permissions
11:34 Common Issues / Conclusion
มุมมอง: 35
วีดีโอ
Broadcast Receivers | Android Hacking #4
มุมมอง 46วันที่ผ่านมา
As always thank you for watching! My Blog Post on this Topic: gaberoy.zip/posts/android-content/android-content/ Resources: Free Hextree.io Android Course: app.hextree.io/map/android Android Studio: developer.android.com/studio Timestamps: 0:00 What is a Broadcast Receiver? 1:54 Interacting with Receivers 5:00 Intercepting and Redirecting Broadcasts 9:21 Sending and Receiving Broadcasts 11:59 W...
Content and File Providers | Android Hacking #3
มุมมอง 2921 วันที่ผ่านมา
As always thank you for watching! My Blog Post on this Topic: gaberoy.zip/posts/android-content/android-content/ Resources: Free Hextree.io Android Course: app.hextree.io/map/android Android Studio: developer.android.com/studio Timestamps: 0:00 What is a Content Provider? 2:20 Accessing a Provider 5:35 Flaws with Providers 6:01 SQL and SQLi in Content Providers 9:54 Accessing Non-Exported Provi...
Intent Attack Surface | Android Hacking #2
มุมมอง 73หลายเดือนก่อน
As always thank you for watching! The apk from the demo and other resources are below. My Blog Post on this Topic: gaberoy.zip/posts/android-intent/android-intent/ Resources: Free Hextree.io Android Course: app.hextree.io/map/android APK used in the demo portion: github.com/GabeRoy01/Gabe-CTF Android Studio: developer.android.com/studio Timestamps: 0:00 What is an Activity? 2:43 What is an Inte...
Dynamic Instrumentation | Android Hacking #1
มุมมอง 78หลายเดือนก่อน
Thanks for watching me stumble through dynamic instrumentation for almost an hour! (Assuming you finished watching) My Blog Post on this Topic: gaberoy.zip/posts/android-dynamic/android-dynamic/ Resources: Free Hextree.io Android Course: app.hextree.io/map/android Hack The Box Supermarket Challenge: app.hackthebox.com/challenges/Supermarket Frida: frida.re/ Objection: github.com/sensepost/objec...
Burp Suite Certified Practitioner | Exam Review
มุมมอง 3988 หลายเดือนก่อน
Resources: Portswigger Web Academy: portswigger.net/web-security Written Blog Post: gaberoy.zip/posts/burp-suite-certified-practitioner-exam-review/burp-suite-certified-practitioner-exam-review/
Prototype Pollution | Applied Review #28
มุมมอง 10710 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security Timestamps: 0:00 - What is Prototype Pollution? 0:45 - JavaScript Lore 4:35 - Accessing and Modifying Prototypes 6:25 - Why is it dangerous? 9:25 - Finding Sources & Gadgets 14:15 - Other Pollution Vectors 18:25 - Server-Side Pollution 23:05 - Prevention
JWT Attacks | Applied Review #27
มุมมอง 3910 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security Timestamps: 0:00 - What is a JWT 3:00 - JWT Vulnerabilities 12:08 - HTB Cybermonday 20:56 - Prevention
HTTP Host Header Attacks | Applied Review #26
มุมมอง 19210 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security Timestamps: 0:00 What is the host header? 4:36 Identification and Exploitation 9:44 HTB - Forgot 17:25 Prevention
OAuth Vulnerabilities | Applied Review #25
มุมมอง 22710 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security Timestamps: 0:00 What is OAuth? 4:02 Authorization Codes 9:46 Implicit Grant Type 11:08 Identifying and Exploitation 13:40 HTB - Oouch 26:37 Prevention
HTTP Request Smuggling | Applied Review #24
มุมมอง 6710 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security Timestamps: 0:00 What is HTTP Request Smuggling? 3:42 Examples 6:48 Finding and Verifying 9:17 Post-Exploitation Examples 13:42 HTB Sink 29:13 Prevention
Web Cache Poisoning | Applied Review #23
มุมมอง 5311 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security 0:00 What is a web cache? 2:07 Web Cache Poisoning 4:52 High-Level Examples 6:43 Prevention
Server-Side Template Injection | Applied Review #22
มุมมอง 1811 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security 0:00 What is SSTi? 1:27 Detection, Identification, and Exploitation 3:32 HTB RedPanda 11:54 Prevention
GraphQL Vulnerabilities | Applied Review #21
มุมมอง 4611 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security 0:00 What is GraphQL? 2:11 Introspection Queries 3:08 Exploitation 7:09 HTB Passman Challenge 15:20 Prevention
Insecure Deserialization | Applied Review #20
มุมมอง 6211 หลายเดือนก่อน
Resources: HTB (HackTheBox): www.hackthebox.com Portswigger Web Academy: portswigger.net/web-security Timestamps: 0:00 What is serialization? 4:00 Manipulating Serialized Objects 6:14 Magic Methods and Gadget Chains 8:26 HTB Celestial (NodeJS Deserialization) 14:39 Causes, Impact, and Prevention
DOM Based Vulnerabilities | Applied Review #18
มุมมอง 19111 หลายเดือนก่อน
DOM Based Vulnerabilities | Applied Review #18
Cross-Site Request Forgery (CSRF) | Applied Review #16
มุมมอง 71ปีที่แล้ว
Cross-Site Request Forgery (CSRF) | Applied Review #16
Cross-Origin Resource Sharing | Applied Review #14
มุมมอง 41ปีที่แล้ว
Cross-Origin Resource Sharing | Applied Review #14
Cross-Site Scripting (XSS) | Applied Review #13
มุมมอง 38ปีที่แล้ว
Cross-Site Scripting (XSS) | Applied Review #13
File Upload Vulnerabilities | Applied Review #8
มุมมอง 82ปีที่แล้ว
File Upload Vulnerabilities | Applied Review #8
Access Control Vulnerabilities | Applied Review #7
มุมมอง 31ปีที่แล้ว
Access Control Vulnerabilities | Applied Review #7
Information Disclosure | Applied Review #5
มุมมอง 37ปีที่แล้ว
Information Disclosure | Applied Review #5
great vid ❤🔥❤🔥❤🔥❤🔥
Thank you!
provide the apks
It is included as a part of the Hextree.io android course. The link for that course is in the description.
How long does it take to complete the course before taking the exam? Two to three months? I plan on training on the platform for six hours a day, seven days a week.
I studied for 2-4 hours per day after work on weekdays and weekends excluding holidays from October 2023 to March 2024. You don't actually need to complete the labs or coursework to take the exam - you could just buy a voucher and try it. I think it could be done in one to two months of six-hour days like you are describing but it depends on how you feel about your understanding.
@@HackWithGabe Hi, thank you for replying. Wow, the training course is that long?
Is it a prerequisite to fluently understand java and javascript before taking the exam? To me that feels like the biggest hurdle that i've faced when doing the training
I would say a decent understanding of JS is definitely helpful but not required. Most of the time if you have trouble understanding some of the JS being used there is nothing wrong with asking some LLM for clarification. (But be mindful because they tend to mess up complicated ones)
I stamble upon a box in htb that might be vulnerable to this, so I started to google and found this! Thank you
😋 P R O M O S M
cool man keep moving , your channel will be famous
Recent victim of this kind of attack hence why im here. Great content love the way you say "um" so matter of fact. Very useful info 10/10
Sorry to hear you fell victim to an OAuth vulnerability. Thanks for the feedback, I never think about my usage of "um" lol - glad you enjoyed!
Im so sorry but i have to put your subcount from 69 to 70
🎶 *promo sm*
This is soo good.
my race might be the best! + first comment
-rep + based
HACKING IS THE NEW GAMING!
U just got a sub from me i love this explanation keep it up man
Man, your videos are really good. Keep it up
Trending in the north?
Gabe from youtube being more interesting and informative then a degree i pay 9k a year for thats always good
I felt the pain during my time as a student too. I'm happy you find these videos useful!
Whats up with the cats in the thumbnail photo😊 ?
I think cat pictures are funny!
But what bad quality are you talking about bro. It's really clean. Keep it up, it's good content. Looking forward to discovering your next content. Besides, you have any contact or not for the moment ? Looking forward to discussing
pretty good video. I was thinking of doing these type of style videos but overall nice stuff.
Thank you! I am mostly making them to study for a Burp Suite certification bc these are heavily based on their topic categories.
This guy's an idiot!
first!