Hacking APIs: Fuzzing 101
Рет қаралды 45,170
Күн бұрын00:00 Intro
00:34 What is Fuzzing?
02:00 Hands-on lab
13:18 Outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
@chipko Жыл бұрын
Oh wow! This is amazing and so quick. Thank you Alex, Heath and TCM!
@endless2333 Жыл бұрын
Thanks for the content, really important and precise. TCM courses helped me a lot in my cybersec journey!
@Z0nd4 Жыл бұрын
Thanks for this videos, I just begin in the API pentest wave, and Its very interesting.
@mridulkumartiwari607 Жыл бұрын
Much needed video 🤠📸
@Mrg-kj5ml 5 ай бұрын
That was super informative. Thanks for thorough explanation.
@faadi4536 Жыл бұрын
Never knew about this up until now. Good job bro.
@TCMSecurityAcademy Жыл бұрын
Thank you
@renatojlopes Жыл бұрын
Thanks for sharing this.
@janekmachnicki2593 8 ай бұрын
Great tutorial mate .Thanks
@BerniesBastelBude Жыл бұрын
useful explanation - thank you!
@skysunset877 3 ай бұрын
Super good! Thank you!
@harrylumsdon6773 Жыл бұрын
Great stuff
@Alaa-kc4rx Жыл бұрын
Nice video, sir, and thanks for sharing this valuable content with us. please share moore videos about api enemuration and pentetst, with just basics
@nonlinearsound-001 Жыл бұрын
Been in the coding game for the past 20 years and made a lot of mistakes and had my successes. But, what I don’t understand at all, is, who on Earth would code a Web-API and include direct file access like this, basically creating a reverse shell? (more or less). Do we really have such a significant amount of software out there, featuring this kind of flaw?
@offsecprep Жыл бұрын
Yes, the main point is the methodology rather than the vulnerability. But, you'd be surprised, I've seen quite a few simple vulns like this in the past when carrying out pentests (granted, usually before the application is released - it's less likely you'll find this in the wild or during BB)
@SmedleyButler1 Жыл бұрын
@@offsecprep a channel showing packet and pentesting of libre apps would be great and you sound like you could do it! To get started a unique and hugely popular video idea would be on hash /checksum app verification ON Android, FOR Android? Hash Droid is the only way I know of and I'm still not sure how to use it often (auto runs, zipped files, playstore vs Foxydroid or neostore) NOBODY has done this and it seems like THE most important thing to do!?...lots of.powershell vids on it but not everyone uses windows....also, is a chromebook really more secure than Linux as one tech (not cyber security) guy claims? He said cyber pros told him to use it or Linux in a virtual machine in windows
@gouravsaha7548 Жыл бұрын
Amazing
@user-fp7fs9xl2t 2 ай бұрын
Great Content ...
@doshamitv5020 24 күн бұрын
IF THE LFI DIDNT WORK ON "ID param" could work on "author param" ? ( like the vulnb could work depend on the param right? ) or it also works on the other params?
@user-gd6vx1ze3i Жыл бұрын
how can i get api dictionary
@varunfoodvlog9215 Жыл бұрын
api endpoint give 404 error then what i do, can anyone give me same tips?
@bitminersouth8845 Жыл бұрын
I have the same chair, I was expecting more confort.
@Tekionemission 10 ай бұрын
(2:02, 5:21) Lab and Fuzz Parameter (7:40) Wfuzz filter out 404 (11:33, 11:51) Wfuzz
@TradeFXCode 6 ай бұрын
I need wordlist txt
@sotecluxan4221 Жыл бұрын
!!
@TheCyberWarriorGuy Жыл бұрын
:)
@_sownther_268 Жыл бұрын
1st comment 😁
@kunwaradarshsingh6436 Жыл бұрын
4th comment 😀
@variXD Жыл бұрын
your volume is too low
@austynstephens9263 Жыл бұрын
🫡
TechRepublic
Рет қаралды 21 М.
Mayur Chavan
Рет қаралды 8 М.
BSides Ahmedabad
Рет қаралды 2,9 М.
Kasim Tech
Рет қаралды 13 МЛН
Ujjawal4u. 120k Views . 4 hours ago
Рет қаралды 1,9 МЛН
Blueberry Lutein
Рет қаралды 178 М.