I have just entered into cyber security anf its just helping me alot thanks a lot for such type of videos...please dont stop sharing your knowledge to us.😊
I also searched this topic for many days but didn't meet my expectations. There is no detailed video on buffer overflows concepts for newbies and it's a demandable and important topic . I hope mam will make video on this topic
As cool as all time :) Btw will you please make video on your methodology or how do you approach a target.......and some waf bypass techniques...pls !!
Great job make a video about the recon and methodology ,suppose i have a target site for finding bugs so what methodology generally i have to follow for finding bugs
Hey can you tell me that if there are two os in the vm machine..will the two vm machine have the same IP address or different ip address and is there any platform where I can connect to you and ask some doubts ??it will be vey helpful for.. keep the good work up👍❤️
2:32 there is a little error in postMessage origin, the protocol is missing. Fortunetaly, browsers should throw on this, because this a common mistake :)
Thanks for video but to day i found vulnerable page and create an php exploit file but it's don't work when i click the play not do a action (child page not open) can u help me (sorry for my english, engglish is not my main language :))
@@FarahHawa did you learn web developement In your 1st video you have tell you have worked in security field after that you have started bug hunting. In which you have work before bug hunting I hope you will answer this
rizwan khan maybe I haven’t worked in web development. However, I do know PHP, Python and JS which I use to make vulnerable web apps to practise sometimes and that really really helps me!
@@FarahHawa Thank you for your reply. Its great to know that you are doing so much coming from a non-tech background. I have one request for you: Please make a video or write an article about your journey coming to tech from non-tech background, the hurdles you faced and how you overcame them. That will be a guiding post for many like me. Waiting for you reply. May God bless you. EDIT: Just saw your video about your journey into bug bounty. You said that you are into the field of IT security for 2 years. So I think that gave you hands on experience before you came to bug bounty. I wish I could get to know about the experiences of someone coming into this field without any job/education in this filed. Reason I am saying this is because in the back of my mind whenever I am reading something related to security/bug bounty, I always feel that people from IT field/ CS education know things in much more details, so what I am doing is nothing in as compared to that and this is being a big mental block for me.
@Compiled Movie Hey! No, not really. The bug here is that the postMessage() method being used by the target was misconfigured and either allows: 1. Any origin to send a message to it or 2. Any target to receive a message from it. For this reason, the attacker can use these flaws and trick a user into getting XSS-ed. It does require user interaction but not physical access. And the target needs to fix this bug and that's why they pay the bug hunter for bringing this to their attention.
That’s true, any website that uses postMessage without these checks is vulnerable. However, oauth token leak is possible. Check this report out hackerone.com/reports/314814
I always underestimated your videos..But after watching this video i am humbled ..Thanks for sharing the knowledge
Alright. I have been surfing to find a solution for 2 days now. And I'm glad I was able to scroll all the way down to your videos.
Great 👍
Glad I could help!
I have just entered into cyber security anf its just helping me alot thanks a lot for such type of videos...please dont stop sharing your knowledge to us.😊
How did u started doing it ??
Awesome video 🤙
Unique content 💯
Make a detailed video on buffer overflows with crystal clear concepts . It will help a alot.
I also searched this topic for many days but didn't meet my expectations.
There is no detailed video on buffer overflows concepts for newbies and it's a demandable and important topic . I hope mam will make video on this topic
great video. and you blink a lot. 😂😂
😅😂
Is the sister of nullbyte lol
@@kinodertoten9059 just the comment i was looking for
Wtf u noticed Bro😂✌🏻
Nullbyte's sister LOL 🤣
simply and clearly explained. thanks
Thanks for it! Never thought of learning about postMessages this is nice introduction for me start
Great work man
Just one suggestion keep background sound low, so we can here you out clearly.
Now,
I'm kinda start love your videos
would you name some available labs to practice the idea, please. and thanks for the great simplicity.
Clear and concise explanation of the postMessage function and its bugs, Thanks for putting it all together 🙏🏻
Keep up the up good work 🙌🏻
Glad it helped! :)
As cool as all time :)
Btw will you please make video on your methodology or how do you approach a target.......and some waf bypass techniques...pls !!
terimakasih telah membantu saya dalam kesulitan menggunakan postmessage
Which software you use for editing ?
00:45 Same-Origin Policy 01:14 When PostMessage() is used
Thanks @farah and @intigrity. Well explained lesson. plz keep up the good work.
Thanks Miss Farah, I loved what you are doing. I hardly wait for your next video please recommend some resources from where I can learn.
Well done with Videos, keep up the good works, and that vase behind you is beautiful!
Thank You for this Beautiful Video .
Crystal Clear explanation thanks for sharing
Just found your channel from recommended. Are you a software tester? I am learning web development.
Hi Farah As Usual Good Topic And useful Explanation . Thnaks For Your Time . have A Good Day And Stay Safe
Thanx a lot ma'am
You always post crystal clear concept videos and your style is also awesome ....
It leaves no doubt !!
👍👍
I’m so happy to hear that!! Thank you for watching ☺️
Great job make a video about the recon and methodology ,suppose i have a target site for finding bugs so what methodology generally i have to follow for finding bugs
Hey can you tell me that if there are two os in the vm machine..will the two vm machine have the same IP address or different ip address and is there any platform where I can connect to you and ask some doubts ??it will be vey helpful for.. keep the good work up👍❤️
use NAT same IP ....... or bridge ........ for different ip in local network
2:32 there is a little error in postMessage origin, the protocol is missing. Fortunetaly, browsers should throw on this, because this a common mistake :)
Noted. Thanks for pointing it out!
Very well explained Farah, yes and this blinking is with me tooo😉
Amazing! unique content.. keep posting Thank you 😇😊🙌💯
Awesome video, very informative. Thankyou for sharing such valuable info.
Very well explained farah mam. Can you please make videos on bug bounty 🤗🤗.keep it up
Thanks for the video, more content needed with 2 video a week?
Awesome explanation
very informative. good video.
Sounds looks splendid
Good content, It is the Dom based xss?
Yes, all of these attacks are client-side!
Make a video about recon & methodology 🙂
Genius..nice video
Wow farah... Thank you
Very informative and simple!
Such a helpful and great video, keep making...
Farah can you please tell how to set up labs like u to study for eg like in this video, graphql one
I’ve mention the GitHub repo for the lab in the description! I just followed the instructions on that to set it up.
@@FarahHawa Thankyou for your reply, learning a lot from you.
Can u make next video on fuzzing..!
Thanks for video but to day i found vulnerable page and create an php exploit file but it's don't work when i click the play not do a action (child page not open) can u help me (sorry for my english, engglish is not my main language :))
Beautiful & brilliant
Farah please answer my question
Did we require web development knowledge ex javascript etc to hunt bugs
It definitely helps a lot!
@@FarahHawa did you learn web developement
In your 1st video you have tell you have worked in security field after that you have started bug hunting. In which you have work before bug hunting
I hope you will answer this
rizwan khan maybe I haven’t worked in web development. However, I do know PHP, Python and JS which I use to make vulnerable web apps to practise sometimes and that really really helps me!
@@FarahHawa thanks a lots for answering to my questions
Thank you :)
I want to explore Ethelical Hacking but I don't know from where should I start ? Can u guide me?
Make video on endpoints and how to exploit it?
Hello ma'am can you explaines SSRF? Make video?
Great content, keep up the good work,
We need more people like you 👍🏻.
🍰
Thank youuu! Glad you liked it ☺️
A super clear and well referenced video, my congratulations to you ;)
Amazing and unique work! Keep it up Ma'am!
Usefull video thanks farah
Thank you for watching! So happy you found it useful! ☺️
Thank you for the video. Please tell can someone from non tech background enter the field of bug bounty hunting for web apps?
I'm from a "non-tech background" so I would say YES!!! But you have to get your basics right first.
@@FarahHawa Thank you for your reply. Its great to know that you are doing so much coming from a non-tech background. I have one request for you: Please make a video or write an article about your journey coming to tech from non-tech background, the hurdles you faced and how you overcame them. That will be a guiding post for many like me. Waiting for you reply. May God bless you.
EDIT:
Just saw your video about your journey into bug bounty. You said that you are into the field of IT security for 2 years. So I think that gave you hands on experience before you came to bug bounty. I wish I could get to know about the experiences of someone coming into this field without any job/education in this filed. Reason I am saying this is because in the back of my mind whenever I am reading something related to security/bug bounty, I always feel that people from IT field/ CS education know things in much more details, so what I am doing is nothing in as compared to that and this is being a big mental block for me.
Hey farah😚💕
It's a great video
Nice video 👍
Great work!
thanks Farah
Great content! Keep rocking!
you're pretty beauty+brain rare combination of god
It's useless untill we get access any file manager to change the code,,in my opinion
thank you for these videos, you really inspire me :)
Aww, thank you for watching ☺️ glad you like them 🥰
@Compiled Movie Hey! No, not really. The bug here is that the postMessage() method being used by the target was misconfigured and either allows:
1. Any origin to send a message to it or
2. Any target to receive a message from it.
For this reason, the attacker can use these flaws and trick a user into getting XSS-ed. It does require user interaction but not physical access. And the target needs to fix this bug and that's why they pay the bug hunter for bringing this to their attention.
Check the description!
Please make a video on directory transversal attack
@hackR i have already sign up on that. i will take a look. thanks for reply
Well-Done
please make your own slack communitiy ma'am please......slack is a app which you can download it form playstore ma'am please make that ma'am
Thank You so much !!
how many types of bug in bug bounty upload video sister
Great
nice video
If I am not wrong u r the one who cracked oscp at young age..
Heyy!! Uh have good knowledge but please improve your voice quality it's not clear on this video
loved it
Nice
I like to see you
we are in the same age
🌹
We can do same this any website which has login with Google of face book ???
That’s true, any website that uses postMessage without these checks is vulnerable. However, oauth token leak is possible. Check this report out hackerone.com/reports/314814
Mohammad Owais semrush has their own oauth framework :)
Great Video but please reduce the background music
Hello,
Madam
Please create
Playlist
Great content, keep making video👍
And yes you blink a lot, 😀 but still good video
remove music please
Mam pls add English subtitles
She blink 486 time
First to comment >:< Nice video
I'm tired from gdpr cookies
But if you put subtitle is more better
I hack you, you hack me and let's call the end justice.
please make a slack community ma'am......?.
U hav stopped saying ,that "I'm a bug Bounty hunter" in the beginning of the video why so?🤔
Nice catch 🎉
@@FarahHawa tq 😁
Redirecting dom xss
R u Indian ?
Ubuntu 20.04 no😜 me too.
Nice and cute girl🤗😁😂
Your eyes blink so much! And this is distracting me 😂
980th like
Actually impressed ,if u feel comfortable contact me
.
I have messaged you i hope you check it ☺️ i ain’t found your email so i just messaged you at insta .
Ty for the info
Can I contact you