Learn Offensive JavaScript TODAY
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- 00:00 Intro
00:20 JS primer
02:09 Keylogger
05:16 Exfiltrating data
07:00 Stealing autofill passwords
10:40 Bypassing CSRF
12:00 Outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. - วิทยาศาสตร์และเทคโนโลยี
I think no music is better for educational videos. Allows better concentration. Great video nonetheless
agree
Great video CyberMentor! Just as a heads up, if you can convince an end-user to install a browser plugin, you can use the same exact script to exfiltrate data without worrying about needing a pre-existing XSS vulnerability in the page. I have a few videos on my channel that cover similar exploits if you are ever interested in collaborating.
Man!! This is an AMAZING Video!! Thanks you Alex! That incredible! I love JavaScript more than ever
This is realy cool ,I need more
You are great Sir 👍🏻💯
Now I can get on Twitter with my offenssve skillset and thrive
This was really great and easy to understand, yeah we would love to learn more advance web exploitation topics that can be used in real life pentest :)
I loved it.
Can you drop a course on js
You can watch this amazing 3-part stream about JavaScript for hackers: th-cam.com/play/PLlfDtLAF5S2RQtfb5eaxMxcfdOeswVVk2.html
awsome , do more xss alex
can you please create a full course on this in tcm academy ?
No need to, Taggart made an awesome 3-part stream where he teaches you everything you need to know: th-cam.com/play/PLlfDtLAF5S2RQtfb5eaxMxcfdOeswVVk2.html
So, in what real-life situation would you be able to deploy this? I mean how could you get the JS code to run on the website you want to keylog?
XSS
Hey, What can I do with Python
🙌
Hi, have found stored xss through img tag but when i try escalate with above code are blacklisted , any idea how to specify code without scripts() tag
I was a little disappointed to learn that this was not a "how to name your variables mildly offensive slurs" video.
....so how do we prevent this?
London Town
Excuse me sir....I'm a victim of a scam...can my money still be saved? And who can I turn to for help? 🙏🏻🥺
Your bank account, maybe.
I tried all of them but didn't get the csrf token in the form