- 72
- 30 765
DevSec Hacker
Приєднався 14 кві 2023
Hi guys!
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
0.0.0.0 Browser Vulnerability Exploit | Proof of Concept (POC) Made by ME
In this video, I showcase my Proof of Concept (POC) on the 0.0.0.0 browser vulnerability. This vulnerability poses a significant security risk, and through this detailed walkthrough, I'll demonstrate how it can be exploited and what makes it so dangerous.
#zeroday
#pentesting
#proofofconcept
#vulnerability
#exploited
#browser
#zeroday
#pentesting
#proofofconcept
#vulnerability
#exploited
#browser
Переглядів: 178
Відео
Bug Bounty: Find sensitive information in JS files | Burp Extension | JS Miner | gmaps scanner
Переглядів 253Місяць тому
In this video, we'll explore how to identify and extract sensitive information hidden within JavaScript (JS) files. Whether you're a developer aiming to secure your web applications or a pentester hunting for vulnerabilities, understanding how to spot sensitive data in JS files is crucial. #bugbounty #hackingorsecurity #appsec #securityengineer #cybersecurity
My Interview Experience as a Senior Security Engineer | 6+ YOE | Cyber Security Engineer
Переглядів 1772 місяці тому
Curious about what it's like to interview for a Senior Security Engineer role? In this video, I share my experiences with five companies, covering everything from technical challenges to strategic discussions. Learn about the key takeaways and get some tips to ace your own interviews. Don't miss out on this insider's perspective! #cybersecurity #interviewtips #techcareers #pentesting #appsec #c...
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Переглядів 1,9 тис.3 місяці тому
In this video, I dive into one of the most critical vulnerabilities in web applications: Remote Code Execution (RCE) through file upload. This type of attack can allow an adversary to gain complete control over a server by uploading a malicious file. #file #pentest #bugcrowd #bugbounty #hackerone #portswigger #burpsuite
Who Am I ?
Переглядів 1663 місяці тому
Hi guys! 🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐 This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security. 🚀 What to Expect: 1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API 2. Security Automation & 🛠️ Tool ...
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Переглядів 4464 місяці тому
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Auto Authentication using BurpSuite Extension
Переглядів 3824 місяці тому
Auto Authentication using BurpSuite Extension
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Переглядів 9535 місяців тому
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Episode 02: Security Meet Up | Ft. Security Engineer - II
Переглядів 1326 місяців тому
Episode 02: Security Meet Up | Ft. Security Engineer - II
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Переглядів 4346 місяців тому
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Security Monitoring Tool - Dark Web Exposure
Переглядів 2616 місяців тому
Security Monitoring Tool - Dark Web Exposure
How to access the Dark Web | Introduction
Переглядів 1657 місяців тому
How to access the Dark Web | Introduction
Hacking with AI Tool - WhiteRabbitNeo
Переглядів 3,1 тис.7 місяців тому
Hacking with AI Tool - WhiteRabbitNeo
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Переглядів 3578 місяців тому
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Bug bounty: Bypass Limits via Race Conditions
Переглядів 4898 місяців тому
Bug bounty: Bypass Limits via Race Conditions
Part 02: Content Security Policy Explained - Practical
Переглядів 1098 місяців тому
Part 02: Content Security Policy Explained - Practical
Content Security Policy Explained - Practical
Переглядів 3068 місяців тому
Content Security Policy Explained - Practical
How to Automate Penetration Test Report Writing
Переглядів 6098 місяців тому
How to Automate Penetration Test Report Writing
How to create static website using aws s3
Переглядів 849 місяців тому
How to create static website using aws s3
How to implement cloudwatch monitoring for a web server
Переглядів 1959 місяців тому
How to implement cloudwatch monitoring for a web server
How to setup AWS S3 Replication - Including Cross Region Replication
Переглядів 939 місяців тому
How to setup AWS S3 Replication - Including Cross Region Replication
how to automate aws with cloudformation #aws #awslearning #awssecurity #automation
Переглядів 1169 місяців тому
how to automate aws with cloudformation #aws #awslearning #awssecurity #automation
AWS Secrets Manager and Lambda: How to store and retrieve secrets #aws #awslearning #awssecurity
Переглядів 1189 місяців тому
AWS Secrets Manager and Lambda: How to store and retrieve secrets #aws #awslearning #awssecurity
Get location details from photos || EXIF Tool || Python Script
Переглядів 18210 місяців тому
Get location details from photos || EXIF Tool || Python Script
Unlocking the secrets: How chrome extension access local storage without storage permission
Переглядів 21410 місяців тому
Unlocking the secrets: How chrome extension access local storage without storage permission
Cool :
Bro it would be helpful if you increase the volume in the video. Someone surfing UA-cam over mobile for good cybersecurity content would easily bypass this video b/c even at full volume I am not able to listen it.
Yeah....It was an old video and I changed the volume settings in later/recent videos.
Good content bro keep it up
Thank you. Please do like the video, so that it can reach out to more people.
This payload also works in django means python framework ig
Django doesn't use that syntax, this is ruby on rails
book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
This vulnerability and can we report it if we find it and also please video for check heroku key
You can report it, but whether you receive a bounty depends on the company's policy. Some companies will offer bounties, while others may not consider it based on their guidelines.
Thank you for this video.
Welcome. Stay subscribed to get more videos
Please make a full video once
I have already made it. It's available in the channel. OR here is the link for full video. ua-cam.com/video/CGabe21_148/v-deo.html
Nice explanation 👍🏼
Thanks
Hi bro, I need your help bro, Can you help me please regarding the pen testing only.
Shoot out an e-mail to devsechacker@gmail.com
Thanks, great video and explanation
Welcome 🤗
Do you think this tool is good for future career?
It is good for a career only. Because whatever the tools come into the picture finally a human intelligence should validate the accuracy of threats or findings. The advantage of it is we can make the threat modeling process faster and efficient.
very nice explained simple brother its very simple thanks a lot ya ahhh!
Thank you
thank you very much what name of tools ?
Burpsuite pro
@@DevSecHacker thank you
How to edit the Trust zone?
Right click on trust zone and edit
Do we need to study DSA for code review round ? or if the interviewer gives a code snippet and requests me to complete the incomplete code so how is the complexity of code in those case like is the code related complex DSA topics or some basic code snippet?
No need to study DSA. They won't ask. They will give vulnerable code snippets like below. You just need to identify vulnerabilities based on the code. github.com/yeswehack/vulnerable-code-snippets The above one is an example of vulnerable code snippets which are available in github.
@@DevSecHacker ok thanks for the resources, and if they ask us to complete incomplete code then it would be a basic code like the one you gave on GitHub right?
In general they won't ask us to complete the incomplete code. Since they will only check the understanding levels of code and how we are able to identify the vulnerabilities in it. Secure code review capabilities they will check since we need to do secure code review as a one of the responsibility in day to day work.
Nice video but voice is not clear
Thanks for the comment. I will change the voice setting next time
Voice not clear brother I recommend to adjust it
Sure. Thanks
Nice
Thanks
fdfdf
Let's say i just finished my pentest exam, and i have taken 60 screenshots. Can you explain how to implement them, and what do i have to modify in the report, to be related to what i found during the exam ? Any other explanations are welcome. I am a beginner, and i still don't know how to make a pentest report, after finishing a penetration testing exam.Thank you.
Ok
@@DevSecHacker Please give more details on my question.
Hi bro, Can I have your contact details please, I would like to connect with regarding mobile PT please
Explanation in this video is great. Keep doing good videos like this.
Thanks, will do!
i wish finding these bugs where as easy as this lab
Absolutely yes.
keep it up man, do you have a discord?
Nope
:)
thank you i am new subscriber
Thanks for subscribing! And please do like also, so that it can recommend to more people who want to know.
@@DevSecHacker can u share use more about account takeover bug throw id parameter Sqli in id parameter
Sure. Let me add that into my upcoming list
Never commented on any video love the way you told 😮🎉
Thank you. Then do support by subscribing.
can i get src code pls
github.com/RajuGanapathiraju/VulnerableLabs/blob/main/ssrf_bypass.js
Nice ❤❤
Thanks 🤗
Hey could you make a video regarding XSRF-TOKEN/CSRF?
I will. Please do like and subscribe
Good insights
Bro you didn't show how to get reverse shell? Can we use here bin/bash for reverse connection in net cat? Also how get complete shell like full root shell using SSTI Vulnerability?
This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.
@@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️
@DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...
Nice demo! The question I can’t get out of my head is “why isn’t this called JavaScript injection”. It seems directly analogous to a SQL injection but with JS instead of SQL. The term XSS just doesn’t compute in my head.
Yes. You can call it as a form of javascript injection since malicious script will inject in the web pages. According to owasp top 10 - 2021 even XSS also categorized in injection part. for reference owasp.org/Top10/A03_2021-Injection/
Notable suggestions, keep doing more shorts like this
Sure 😊
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
Thanks mate!
you are welcome.
Great Collab🎉
Thanks
Now added few more improvements for this tool like database integration, de-duplications, state management, parsing the html for results and generating a final report. you can see that as a v4.js file in my github.
Great explanation
Thanks and please do support by subscribing to my channel for more videos like these.
hallelujah. you're my savior, man. my own personal jesus christ.
Thank you. Then please do support by clicking the subscribe button 🙂
Great tool. Fantastic. In free version it will only allow 10 uses per 24 hours. Pro version allows 250 uses in 24 hours but it costs $ 20 per month
I appreciate this video! Great work!
Thank you. It pays off all the time that I spent.
Good information
Thanks
Is it Legal to use the Dark Web?
It is not illegal but buying illegal products and watching illegal content in the dark web is punishable offense.
Ok but how can a attacker change dns settings of a company make make local host point to some other ip ?? Please help 🙏
In this bypass no need to change company settings, just bind two ip addresses(one is not restricted ip address like google ip and other is restricted ip address like localhost) for the same domain and pass the domain as a user input. For binding two ips to same domain you can use the dns rebinder service that i shown in the video.
@@DevSecHacker ok thanks 🙏