Real Bugs - API Information Disclosure
Рет қаралды 33,184
Күн бұрынYou can find my glasses online at GlassesUSA.com. Sign up for a 65% off your first pair:
bit.ly/CyberMentor-GlassesUSA
(Free basic lenses only. Premium and marked-down frames excluded)
👓Glasses Picks👓
Muse M Classic: bit.ly/CyberMentor-Muse
Muse Scholar: bit.ly/CyberMentor-MuseScholar
Ottoto Magnus: bit.ly/CyberMentor-OttotoMagnus
💻Blue light glasses💻
bit.ly/CyberMentor-BlueLight
❓Info❓
___________________________________________
Need a Pentest?: tcm-sec.com
Learn to Hack: academy.tcm-sec.com
🔹The Cyber Mentor Merch🔹
___________________________________________
teespring.com/stores/the-cybe...
📱Social Media📱
___________________________________________
Website: thecybermentor.com
Twitter: / thecybermentor
Twitch: / thecybermentor
Discord: tcm-sec.com/discord
LinkedIn: / heathadams
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
@TCMSecurityAcademy 3 жыл бұрын
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
@InsiderPhD 3 жыл бұрын
Thank you so much for the shoutout! I'm actually working on some new API videos coming real soon including more recon techniques, understanding JSON, API hacking tools like Postman so stay tuned for even more API goodness!
@crassProgrammer 4 жыл бұрын
You are taking out time to make these videos and help people like me to learn more, that's very much great. Thank you very much man and i expect many more videos.
@volatileobj3cts Жыл бұрын
Total side note. This is the first time I've actually ever NEEDED the sponsor of a KZfaq video.
@adityapaithon6499 4 жыл бұрын
Thanks dude, really informative
@SatishSharma-gt5vo 4 жыл бұрын
Like as always, great stuff. Thanks for all the awesome information and resources.
@kishorebolt3065 4 жыл бұрын
Thank you TCM I had 0 idea of api. This helped me a lot
@LTT.Official 4 жыл бұрын
Great stuff as usual Heath, just finished the Udemy course, thoroughly enjoyed it.
@abdulsamad-as 4 жыл бұрын
Did you find any real world bug by using that course info???
@LTT.Official 4 жыл бұрын
@@abdulsamad-as actually yes, it better refined my vulnerability assessment skills I undertake for work, helped me be more efficient.
@theintrovert894 3 жыл бұрын
Can u give me thar course Plzzz❤️
@watchlistsclips3196 3 жыл бұрын
@@theintrovert894 Why can't u just buy the course.It is a gold mine actually.It should be given for 2000$ for what he is teaching.He gives u more content covering all areas.Why can't u just buy it.Just buy the course.No one going to give you this and mr.cybermentor deserve to get some support.
@syedz7805 4 жыл бұрын
TCM - you are really my inspiration
@logmantarig 3 жыл бұрын
Really thanks very much, that's gonna help a lot with API enumeration
@KIRIKTECH 4 жыл бұрын
Informative video sir😍 tq
@rajipandya3574 4 жыл бұрын
You are truly The Cyber Mentor!!
@Z0nd4 Жыл бұрын
Very useful. Thanks!
@virajchoksi7845 4 жыл бұрын
Great! Make this your new series: ' Real bug series'. Add real world bug hunting recon streams as well if possible. Or else just some poc videos.
@aniketpatel8655 4 жыл бұрын
Too much informative video 👍
@damani9060 4 жыл бұрын
legend as always thank you for the content.
@parthasarathidas6217 3 жыл бұрын
Thanks Mentor awesome content as always 😎😎😎
@HackinGeeK 2 жыл бұрын
Thank you man for the insiderPHD
@nadakuditigopikrishna6587 2 жыл бұрын
Thank you for nice content!
@tucanh7781 Жыл бұрын
Thanks mentor, it's very useful!
@TCMSecurityAcademy Жыл бұрын
You are welcome!
@ahmedalsanosi5538 3 жыл бұрын
Thanks for sharing this 🙂
@RashtrwadiHarshitSanatani 3 жыл бұрын
Thank you brother ❤️
@krishnathakur7982 4 жыл бұрын
Hi Heath, Can you create some CTF like stuff related to API testing so we can understand more deeply.
@laurent9255 3 жыл бұрын
burp intruder is just a multithreaded fuzzing script that can be made in pure python . Worth the effort .
@nanocybersec1316 3 жыл бұрын
Again man you on Fire excellent
@yutup509 4 жыл бұрын
Thanks man, you are the best
@AbhishekSingh-qh9df 4 жыл бұрын
Can you please release a course on api pentesting or web application penetration testing
@sachinbhatt4487 4 жыл бұрын
TCM♥️🔥🔥
@infohacking 4 жыл бұрын
Always love you sir😊....love from India 🇮🇳🇮🇳
@MrKarn0007 4 жыл бұрын
thank you forever bro
@didyouknowamazingfacts2790 Ай бұрын
That's really F'ed up that company didn't even acknowledge you or say thank you.
@theoffsecguy9406 4 жыл бұрын
Every time You Nailed with pretty much great resources ! \O/ thenksssssssssss @TheCyberMentor
@vishnuvardhanvanaparthi7002 4 жыл бұрын
Great stuff
@0xsunil 3 жыл бұрын
By fuzzing one can get GET /api-2.0/sms/ But your blurred screenshots shows there was something more than that I mean, GET /api-2.0/sms/blurred-content/ Does that mean you won't get any PII data back in response when you just hit: GET /api-2.0/sms/ Just a noob here. Trying to understand. Thanks for read and/or reply.
@aviralgupta9869 4 жыл бұрын
Any tips if u can share to find vulnerable parameters any tool will be a great help currently I use gf pattern with gau .
@TCMSecurityAcademy 4 жыл бұрын
Ffuf and arjun are good, but I always go back to burp
@aviralgupta9869 4 жыл бұрын
@@TCMSecurityAcademy thnx
@aviralgupta9869 4 жыл бұрын
@@TCMSecurityAcademy I came to know from various people that js files in website contains some juicy content can u tell me a kind of tool which can I used to download all js files without manualy going to burp to see individually
@bobbychase5616 4 жыл бұрын
one on one sounds aweome! i need a mentor
@prtk4055 4 жыл бұрын
Ikr, heath would be such a great mentor to have.
@hilsoville1 2 жыл бұрын
You'll probably find them in the CYBER space
@akshaydeodare6149 4 жыл бұрын
I couldn't have maintained such calmness if that happened to me ⚡️! Cant stand bad programs tbh
@AN0NPH03N1X 4 жыл бұрын
mate, after you found the sms parameter, what did you append to it next , like sms/?(it was blurred in your video) and how did you obtained that parameter after /sms/?
@TCMSecurityAcademy 4 жыл бұрын
It auto-appended stuff at the end, but it could have been an indicator of the platform, so I blurred it. The method I showed was exactly how it was found.
@crassProgrammer 4 жыл бұрын
@@TCMSecurityAcademy Thanks man this helped me a lot.
@joeyalfaro2323 2 жыл бұрын
I remember looking at hacker one bounty selection. I'm not gonna read all this so copy and pasted words to voice. Then made list ones that were paying money. Wasted bunch time learning burp suite what nightmare. I take notes get ideas what learn next. Sometimes you have submerge yourself in topic run with idea. I'm deeply involved in self sabotage. Saying nothing ever panned out why should this be any different. One guy had some great advice to himself if he was just starting find your first bug. Good recon all vulnerabilities. Part learning figuring it out yourself
@tester2619 3 жыл бұрын
so are u fuzzing the parameter of `/sms/` path?
@nareshg7292 2 жыл бұрын
why did d rate limiting not kick u out while fuzzing ?
@iqyou-gw4kd Жыл бұрын
Can you give me requirements for application Android pantest
@jainishpandya4246 3 жыл бұрын
Superb
@balaamuthan6408 4 жыл бұрын
Longtime no see
@saqibarif7144 2 жыл бұрын
Great
@picanzo 4 жыл бұрын
Wow men, what a shitty actitud from that program!! And this video... super pratical and educational.. Its good to have videos where you real situations examples. Much easier to understand!!
@tobypuschmann8639 4 жыл бұрын
Wait, you do 1:1 ?!?!?! Yes please !!!
@cysantosh6530 4 жыл бұрын
Sir after a long time...! Anyways stay safe and give knowledge that safely 😅 . Support from my side always 🇮🇳🔥
@TCMSecurityAcademy 4 жыл бұрын
Much love!
@youfauchiha8531 4 жыл бұрын
That T-shirt should say: Amber is my fuel 😂😂 thanks for your videos man, you're the best
@TCMSecurityAcademy 4 жыл бұрын
Haha she is my fuel!
@V1P3R05 4 жыл бұрын
How can I get a one-on-one with you?🤔🤔
@luismejia857 4 жыл бұрын
tcm-sec.com/one-on-one-tutoring/
@ca7986 4 жыл бұрын
❤️
@debprasadbanerjee5005 3 жыл бұрын
Damn, we don't deserve this quality content
@TheCyberExpert 4 жыл бұрын
It took you so long to post a video
@TCMSecurityAcademy 4 жыл бұрын
I'm a busy guy!
@ndanilo 4 жыл бұрын
sup
@StefanRows 3 жыл бұрын
Like + Comment ofc :)
@AmitSingh-sb5nr 4 жыл бұрын
I am stil not able to join your discord server
@dondoukhan4942 4 жыл бұрын
👾👾👾
@thanoscar7822 4 жыл бұрын
OMG no way do you like listening to Jonathan Young songs ? i would never imagine lol, anyway thanks for the video very helpful !!!
@yosoffmalik9135 3 жыл бұрын
@AN0NPH03N1X 4 жыл бұрын
You are love man
@TCMSecurityAcademy 4 жыл бұрын
Love you more!
超人夫妇
Рет қаралды 25 МЛН
Buy Smart┃Магазин ноутбуков
Рет қаралды 1,2 МЛН
PRO Hi-Tech
Рет қаралды 116 М.