- 79
- 37 859
DevSec Hacker
เข้าร่วมเมื่อ 14 เม.ย. 2023
Hi guys!
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
New Burp Suite Feature: Manual Record an Issue - Walkthrough
Discover Burp Suite's powerful new feature: *Manual Record an Issue*! 🚀 This tool is a game-changer for pentesters, making it easier to log, document, and organize findings directly within Burp Suite. In this video, I'll walk you through how to use the manual record feature, perfect for enhancing your pentesting journey and simplifying report generation. Whether you're a seasoned security researcher or just starting in the field, this feature will help you streamline your workflow. Join me as we explore how to maximize efficiency and clarity in your reports with Burp Suite!
🔔 Don’t forget to subscribe for more tips and insights on the latest in pentesting and AppSec tools!"
#burpsuite
#bugbounty
#appsec
#cybersecurity
#infosec
🔔 Don’t forget to subscribe for more tips and insights on the latest in pentesting and AppSec tools!"
#burpsuite
#bugbounty
#appsec
#cybersecurity
#infosec
มุมมอง: 154
วีดีโอ
Protecting Tokens from XSS Attacks: Secure Storage with Web Workers in JavaScript
มุมมอง 22314 วันที่ผ่านมา
In this video, I dive into a Proof of Concept (PoC) demonstrating how to securely handle and store tokens in browser memory using Web Workers. I’ll walk you through why Web Workers are the best option for protecting sensitive data like JWTs, thanks to their separate global scope that isolates tokens from the rest of the application and safeguards against XSS attacks. Watch to see step-by-step h...
Bugbounty: Host Header Injection to Account Takeover | Hands on | Practical
มุมมอง 44014 วันที่ผ่านมา
in this video, I’ll walk you through an exciting bug bounty Host Header Injection to take over user accounts! 🚨 If you’re a pentester, bug bounty hunter, or simply passionate about cybersecurity, this video is for you! Let’s dive into this fascinating account takeover vulnerability. Don’t forget to like, comment, and subscribe for more bug bounty and security-related content. 👍🔔 #bugbounty #Hos...
0.0.0.0 Browser Vulnerability Exploit | Proof of Concept (POC) Made by ME
มุมมอง 2422 หลายเดือนก่อน
In this video, I showcase my Proof of Concept (POC) on the 0.0.0.0 browser vulnerability. This vulnerability poses a significant security risk, and through this detailed walkthrough, I'll demonstrate how it can be exploited and what makes it so dangerous. #zeroday #pentesting #proofofconcept #vulnerability #exploited #browser
Bug Bounty: Find sensitive information in JS files | Burp Extension | JS Miner | gmaps scanner
มุมมอง 4232 หลายเดือนก่อน
Bug Bounty: Find sensitive information in JS files | Burp Extension | JS Miner | gmaps scanner
My Interview Experience as a Senior Security Engineer | 6+ YOE | Cyber Security Engineer
มุมมอง 1913 หลายเดือนก่อน
My Interview Experience as a Senior Security Engineer | 6 YOE | Cyber Security Engineer
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
มุมมอง 2.7K4 หลายเดือนก่อน
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
มุมมอง 4535 หลายเดือนก่อน
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Auto Authentication using BurpSuite Extension
มุมมอง 4525 หลายเดือนก่อน
Auto Authentication using BurpSuite Extension
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
มุมมอง 1K6 หลายเดือนก่อน
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Episode 02: Security Meet Up | Ft. Security Engineer - II
มุมมอง 1347 หลายเดือนก่อน
Episode 02: Security Meet Up | Ft. Security Engineer - II
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
มุมมอง 4428 หลายเดือนก่อน
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Security Monitoring Tool - Dark Web Exposure
มุมมอง 2928 หลายเดือนก่อน
Security Monitoring Tool - Dark Web Exposure
How to access the Dark Web | Introduction
มุมมอง 1668 หลายเดือนก่อน
How to access the Dark Web | Introduction
Hacking with AI Tool - WhiteRabbitNeo
มุมมอง 4.1K9 หลายเดือนก่อน
Hacking with AI Tool - WhiteRabbitNeo
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
มุมมอง 3679 หลายเดือนก่อน
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Bug bounty: Bypass Limits via Race Conditions
มุมมอง 5129 หลายเดือนก่อน
Bug bounty: Bypass Limits via Race Conditions
Part 02: Content Security Policy Explained - Practical
มุมมอง 1189 หลายเดือนก่อน
Part 02: Content Security Policy Explained - Practical
Content Security Policy Explained - Practical
มุมมอง 3269 หลายเดือนก่อน
Content Security Policy Explained - Practical
How to Automate Penetration Test Report Writing
มุมมอง 66410 หลายเดือนก่อน
How to Automate Penetration Test Report Writing
How to create static website using aws s3
มุมมอง 8610 หลายเดือนก่อน
How to create static website using aws s3
How to implement cloudwatch monitoring for a web server
มุมมอง 19810 หลายเดือนก่อน
How to implement cloudwatch monitoring for a web server
How to setup AWS S3 Replication - Including Cross Region Replication
มุมมอง 9410 หลายเดือนก่อน
How to setup AWS S3 Replication - Including Cross Region Replication
how to automate aws with cloudformation #aws #awslearning #awssecurity #automation
มุมมอง 11611 หลายเดือนก่อน
how to automate aws with cloudformation #aws #awslearning #awssecurity #automation
AWS Secrets Manager and Lambda: How to store and retrieve secrets #aws #awslearning #awssecurity
มุมมอง 11911 หลายเดือนก่อน
AWS Secrets Manager and Lambda: How to store and retrieve secrets #aws #awslearning #awssecurity
very cool my new favorite co pilot
👌
great video
Thanks.
Cool :
Bro it would be helpful if you increase the volume in the video. Someone surfing TH-cam over mobile for good cybersecurity content would easily bypass this video b/c even at full volume I am not able to listen it.
Yeah....It was an old video and I changed the volume settings in later/recent videos.
Good content bro keep it up
Thank you. Please do like the video, so that it can reach out to more people.
This payload also works in django means python framework ig
Django doesn't use that syntax, this is ruby on rails
book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
This vulnerability and can we report it if we find it and also please video for check heroku key
You can report it, but whether you receive a bounty depends on the company's policy. Some companies will offer bounties, while others may not consider it based on their guidelines.
Thank you for this video.
Welcome. Stay subscribed to get more videos
Please make a full video once
I have already made it. It's available in the channel. OR here is the link for full video. th-cam.com/video/CGabe21_148/w-d-xo.html
Nice explanation 👍🏼
Thanks
Hi bro, I need your help bro, Can you help me please regarding the pen testing only.
Shoot out an e-mail to devsechacker@gmail.com
Thanks, great video and explanation
Welcome 🤗
Do you think this tool is good for future career?
It is good for a career only. Because whatever the tools come into the picture finally a human intelligence should validate the accuracy of threats or findings. The advantage of it is we can make the threat modeling process faster and efficient.
very nice explained simple brother its very simple thanks a lot ya ahhh!
Thank you
thank you very much what name of tools ?
Burpsuite pro
@@DevSecHacker thank you
How to edit the Trust zone?
Right click on trust zone and edit
Do we need to study DSA for code review round ? or if the interviewer gives a code snippet and requests me to complete the incomplete code so how is the complexity of code in those case like is the code related complex DSA topics or some basic code snippet?
No need to study DSA. They won't ask. They will give vulnerable code snippets like below. You just need to identify vulnerabilities based on the code. github.com/yeswehack/vulnerable-code-snippets The above one is an example of vulnerable code snippets which are available in github.
@@DevSecHacker ok thanks for the resources, and if they ask us to complete incomplete code then it would be a basic code like the one you gave on GitHub right?
In general they won't ask us to complete the incomplete code. Since they will only check the understanding levels of code and how we are able to identify the vulnerabilities in it. Secure code review capabilities they will check since we need to do secure code review as a one of the responsibility in day to day work.
Nice video but voice is not clear
Thanks for the comment. I will change the voice setting next time
Voice not clear brother I recommend to adjust it
Sure. Thanks
Nice
Thanks
fdfdf
Let's say i just finished my pentest exam, and i have taken 60 screenshots. Can you explain how to implement them, and what do i have to modify in the report, to be related to what i found during the exam ? Any other explanations are welcome. I am a beginner, and i still don't know how to make a pentest report, after finishing a penetration testing exam.Thank you.
Ok
@@DevSecHacker Please give more details on my question.
Hi bro, Can I have your contact details please, I would like to connect with regarding mobile PT please
Explanation in this video is great. Keep doing good videos like this.
Thanks, will do!
i wish finding these bugs where as easy as this lab
Absolutely yes.
keep it up man, do you have a discord?
Nope
:)
thank you i am new subscriber
Thanks for subscribing! And please do like also, so that it can recommend to more people who want to know.
@@DevSecHacker can u share use more about account takeover bug throw id parameter Sqli in id parameter
Sure. Let me add that into my upcoming list
Never commented on any video love the way you told 😮🎉
Thank you. Then do support by subscribing.
can i get src code pls
github.com/RajuGanapathiraju/VulnerableLabs/blob/main/ssrf_bypass.js
Nice ❤❤
Thanks 🤗
Hey could you make a video regarding XSRF-TOKEN/CSRF?
I will. Please do like and subscribe
Good insights
Bro you didn't show how to get reverse shell? Can we use here bin/bash for reverse connection in net cat? Also how get complete shell like full root shell using SSTI Vulnerability?
This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.
@@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️
@DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...
Nice demo! The question I can’t get out of my head is “why isn’t this called JavaScript injection”. It seems directly analogous to a SQL injection but with JS instead of SQL. The term XSS just doesn’t compute in my head.
Yes. You can call it as a form of javascript injection since malicious script will inject in the web pages. According to owasp top 10 - 2021 even XSS also categorized in injection part. for reference owasp.org/Top10/A03_2021-Injection/
Notable suggestions, keep doing more shorts like this
Sure 😊
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
Thanks mate!
you are welcome.
Great Collab🎉
Thanks
Now added few more improvements for this tool like database integration, de-duplications, state management, parsing the html for results and generating a final report. you can see that as a v4.js file in my github.
Great explanation
Thanks and please do support by subscribing to my channel for more videos like these.
hallelujah. you're my savior, man. my own personal jesus christ.
Thank you. Then please do support by clicking the subscribe button 🙂
Great tool. Fantastic. In free version it will only allow 10 uses per 24 hours. Pro version allows 250 uses in 24 hours but it costs $ 20 per month
I appreciate this video! Great work!
Thank you. It pays off all the time that I spent.
Good information
Thanks