DevSec Hacker
DevSec Hacker
  • 88
  • 45 001
Malware Protection for S3 Bucket
🔒 Protect Your S3 Buckets from Malware with AWS GuardDuty! 🚀
Amazon S3 is a powerful storage service, but it’s not immune to security threats like malware. In this video, I’ll show you how to safeguard your S3 buckets using AWS GuardDuty. Learn how to:
✅ Enable GuardDuty for continuous threat detection
✅ Configure malware protection for S3 buckets
✅ Detect and respond to malicious files
✅ Automate remediation actions like quarantining threats
🎥 Demo Highlights:
Step-by-step configuration of GuardDuty in the AWS Management Console
Uploading a test malware file and watching GuardDuty in action
Automating quarantine with Lambda for seamless threat management
🛡️ Whether you're a security professional or cloud enthusiast, this guide will help you level up your cloud security game!
#awssecurity
#cloudsecurity
#s3
#guardduty
#awsservices
#awssecurity
Переглядів: 45

Відео

Broken Access Control Vulnerability: How Hackers Exploit
Переглядів 14521 день тому
"Learn how broken access control vulnerabilities can expose sensitive data with this demo app! Watch as we explore how users can access admin-only data due to missing role validation and reason behind it. Perfect for understanding real-world security flaws and their solutions. 🚀" #cybersecurity #pentesting #bugbounty #securecoding #appsec
New Burp Suite Feature: Manual Record an Issue - Walkthrough
Переглядів 230Місяць тому
Discover Burp Suite's powerful new feature: *Manual Record an Issue*! 🚀 This tool is a game-changer for pentesters, making it easier to log, document, and organize findings directly within Burp Suite. In this video, I'll walk you through how to use the manual record feature, perfect for enhancing your pentesting journey and simplifying report generation. Whether you're a seasoned security resea...
Protecting Tokens from XSS Attacks: Secure Storage with Web Workers in JavaScript
Переглядів 242Місяць тому
In this video, I dive into a Proof of Concept (PoC) demonstrating how to securely handle and store tokens in browser memory using Web Workers. I’ll walk you through why Web Workers are the best option for protecting sensitive data like JWTs, thanks to their separate global scope that isolates tokens from the rest of the application and safeguards against XSS attacks. Watch to see step-by-step h...
Bugbounty: Host Header Injection to Account Takeover | Hands on | Practical
Переглядів 7682 місяці тому
in this video, I’ll walk you through an exciting bug bounty Host Header Injection to take over user accounts! 🚨 If you’re a pentester, bug bounty hunter, or simply passionate about cybersecurity, this video is for you! Let’s dive into this fascinating account takeover vulnerability. Don’t forget to like, comment, and subscribe for more bug bounty and security-related content. 👍🔔 #bugbounty #Hos...
0.0.0.0 Browser Vulnerability Exploit | Proof of Concept (POC) Made by ME
Переглядів 2844 місяці тому
0.0.0.0 Browser Vulnerability Exploit | Proof of Concept (POC) Made by ME
Bug Bounty: Find sensitive information in JS files | Burp Extension | JS Miner | gmaps scanner
Переглядів 5404 місяці тому
Bug Bounty: Find sensitive information in JS files | Burp Extension | JS Miner | gmaps scanner
My Interview Experience as a Senior Security Engineer | 6+ YOE | Cyber Security Engineer
Переглядів 1995 місяців тому
My Interview Experience as a Senior Security Engineer | 6 YOE | Cyber Security Engineer
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Переглядів 3,6 тис.6 місяців тому
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Who Am I ?
Переглядів 2166 місяців тому
Who Am I ?
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Переглядів 4596 місяців тому
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Auto Authentication using BurpSuite Extension
Переглядів 5597 місяців тому
Auto Authentication using BurpSuite Extension
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Переглядів 1,1 тис.8 місяців тому
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Vulnerability Scanning with OpenVAS
Переглядів 1128 місяців тому
Vulnerability Scanning with OpenVAS
Episode 02: Security Meet Up | Ft. Security Engineer - II
Переглядів 1399 місяців тому
Episode 02: Security Meet Up | Ft. Security Engineer - II
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Переглядів 4599 місяців тому
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Security Monitoring Tool - Dark Web Exposure
Переглядів 3359 місяців тому
Security Monitoring Tool - Dark Web Exposure
How to access the Dark Web | Introduction
Переглядів 1759 місяців тому
How to access the Dark Web | Introduction
Hacking with AI Tool - WhiteRabbitNeo
Переглядів 5 тис.10 місяців тому
Hacking with AI Tool - WhiteRabbitNeo
How to create and configure AWS WAF
Переглядів 11610 місяців тому
How to create and configure AWS WAF
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Переглядів 37210 місяців тому
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Bug bounty: Bypass Limits via Race Conditions
Переглядів 54910 місяців тому
Bug bounty: Bypass Limits via Race Conditions
Part 02: Content Security Policy Explained - Practical
Переглядів 13110 місяців тому
Part 02: Content Security Policy Explained - Practical
SSRF bypass using DNS rebinding
Переглядів 3,3 тис.11 місяців тому
SSRF bypass using DNS rebinding
Content Security Policy Explained - Practical
Переглядів 34811 місяців тому
Content Security Policy Explained - Practical
How to Automate Penetration Test Report Writing
Переглядів 74311 місяців тому
How to Automate Penetration Test Report Writing
Fuzzing with FFUF | Web Fuzzing
Переглядів 32811 місяців тому
Fuzzing with FFUF | Web Fuzzing
How to create static website using aws s3
Переглядів 8611 місяців тому
How to create static website using aws s3
How to implement cloudwatch monitoring for a web server
Переглядів 207Рік тому
How to implement cloudwatch monitoring for a web server
How to setup AWS S3 Replication - Including Cross Region Replication
Переглядів 98Рік тому
How to setup AWS S3 Replication - Including Cross Region Replication

КОМЕНТАРІ

  • @prudhvirajsampathirao4307
    @prudhvirajsampathirao4307 День тому

    Could you please do a video on the BREACH attack due to HTTP compression?

  • @prudhvirajsampathirao4307
    @prudhvirajsampathirao4307 День тому

    Great video brother. Very informative

  • @unknowncontent328___________
    @unknowncontent328___________ 6 днів тому

    sir your explanation is excellent

  • @bhumiputra6108
    @bhumiputra6108 21 день тому

    3:34 how were you able to decode the JWT Token inline without using Decoder tab?

    • @DevSecHacker
      @DevSecHacker 21 день тому

      Using keyboard shortcut. Command + shift + B I am using MAC

  • @anishkusunuri9010
    @anishkusunuri9010 21 день тому

    Great work on your channel! the way you explained it was so clear and easy to follow. Your hands-on videos are really helpful. Keep it up❣

  • @ritz94m
    @ritz94m 29 днів тому

    Wow, looks interesting! I'm going to try out this tool. Great video.

    • @DevSecHacker
      @DevSecHacker 29 днів тому

      Thanks. Please do like and subscribe to get more content like this

  • @reserseAI
    @reserseAI Місяць тому

    Gpt hackers

  • @OttoLeeProductions
    @OttoLeeProductions 2 місяці тому

    very cool my new favorite co pilot

  • @musabsk
    @musabsk 2 місяці тому

    great video

  • @SankalpaBaral1337
    @SankalpaBaral1337 3 місяці тому

    Cool :

  • @ashish_gupta307
    @ashish_gupta307 3 місяці тому

    Bro it would be helpful if you increase the volume in the video. Someone surfing UA-cam over mobile for good cybersecurity content would easily bypass this video b/c even at full volume I am not able to listen it.

    • @DevSecHacker
      @DevSecHacker 3 місяці тому

      Yeah....It was an old video and I changed the volume settings in later/recent videos.

  • @karthikmahadevan6758
    @karthikmahadevan6758 3 місяці тому

    Good content bro keep it up

    • @DevSecHacker
      @DevSecHacker 3 місяці тому

      Thank you. Please do like the video, so that it can reach out to more people.

  • @DeepGopalSaha
    @DeepGopalSaha 3 місяці тому

    This payload also works in django means python framework ig

    • @georgiostsakoumakis7754
      @georgiostsakoumakis7754 3 місяці тому

      Django doesn't use that syntax, this is ruby on rails

    • @DevSecHacker
      @DevSecHacker 3 місяці тому

      book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection

  • @musababdelmoneim4842
    @musababdelmoneim4842 3 місяці тому

    This vulnerability and can we report it if we find it and also please video for check heroku key

    • @DevSecHacker
      @DevSecHacker 3 місяці тому

      You can report it, but whether you receive a bounty depends on the company's policy. Some companies will offer bounties, while others may not consider it based on their guidelines.

  • @ferasalfarsi897
    @ferasalfarsi897 3 місяці тому

    Thank you for this video.

    • @DevSecHacker
      @DevSecHacker 3 місяці тому

      Welcome. Stay subscribed to get more videos

  • @pulkitsrivastava9e-389
    @pulkitsrivastava9e-389 3 місяці тому

    Please make a full video once

    • @DevSecHacker
      @DevSecHacker 3 місяці тому

      I have already made it. It's available in the channel. OR here is the link for full video. ua-cam.com/video/CGabe21_148/v-deo.html

  • @insomaniac8995
    @insomaniac8995 4 місяці тому

    Nice explanation 👍🏼

  • @RamaraoInfo
    @RamaraoInfo 4 місяці тому

    Hi bro, I need your help bro, Can you help me please regarding the pen testing only.

    • @DevSecHacker
      @DevSecHacker 4 місяці тому

      Shoot out an e-mail to devsechacker@gmail.com

  • @elbrayan_507
    @elbrayan_507 4 місяці тому

    Thanks, great video and explanation

  • @flowersareyellow
    @flowersareyellow 4 місяці тому

    Do you think this tool is good for future career?

    • @DevSecHacker
      @DevSecHacker 4 місяці тому

      It is good for a career only. Because whatever the tools come into the picture finally a human intelligence should validate the accuracy of threats or findings. The advantage of it is we can make the threat modeling process faster and efficient.

  • @creative_man-n3f
    @creative_man-n3f 4 місяці тому

    very nice explained simple brother its very simple thanks a lot ya ahhh!

  • @kirindev
    @kirindev 4 місяці тому

    thank you very much what name of tools ?

  • @binaynayak1720
    @binaynayak1720 5 місяців тому

    How to edit the Trust zone?

    • @DevSecHacker
      @DevSecHacker 4 місяці тому

      Right click on trust zone and edit

  • @souravchakraborty3872
    @souravchakraborty3872 5 місяців тому

    Do we need to study DSA for code review round ? or if the interviewer gives a code snippet and requests me to complete the incomplete code so how is the complexity of code in those case like is the code related complex DSA topics or some basic code snippet?

    • @DevSecHacker
      @DevSecHacker 5 місяців тому

      No need to study DSA. They won't ask. They will give vulnerable code snippets like below. You just need to identify vulnerabilities based on the code. github.com/yeswehack/vulnerable-code-snippets The above one is an example of vulnerable code snippets which are available in github.

    • @souravchakraborty3872
      @souravchakraborty3872 5 місяців тому

      @@DevSecHacker ok thanks for the resources, and if they ask us to complete incomplete code then it would be a basic code like the one you gave on GitHub right?

    • @DevSecHacker
      @DevSecHacker 5 місяців тому

      In general they won't ask us to complete the incomplete code. Since they will only check the understanding levels of code and how we are able to identify the vulnerabilities in it. Secure code review capabilities they will check since we need to do secure code review as a one of the responsibility in day to day work.

  • @newuser2474
    @newuser2474 5 місяців тому

    Nice video but voice is not clear

    • @DevSecHacker
      @DevSecHacker 5 місяців тому

      Thanks for the comment. I will change the voice setting next time

  • @cutehack99yt.
    @cutehack99yt. 5 місяців тому

    Voice not clear brother I recommend to adjust it

  • @cutehack99yt.
    @cutehack99yt. 5 місяців тому

    Nice

  • @sybex200
    @sybex200 5 місяців тому

    fdfdf

  • @sybex200
    @sybex200 5 місяців тому

    Let's say i just finished my pentest exam, and i have taken 60 screenshots. Can you explain how to implement them, and what do i have to modify in the report, to be related to what i found during the exam ? Any other explanations are welcome. I am a beginner, and i still don't know how to make a pentest report, after finishing a penetration testing exam.Thank you.

    • @DevSecHacker
      @DevSecHacker 5 місяців тому

      Ok

    • @sybex200
      @sybex200 5 місяців тому

      @@DevSecHacker Please give more details on my question.

  • @RamaraoInfo
    @RamaraoInfo 6 місяців тому

    Hi bro, Can I have your contact details please, I would like to connect with regarding mobile PT please

  • @cherrycherry-zs7qj
    @cherrycherry-zs7qj 6 місяців тому

    Explanation in this video is great. Keep doing good videos like this.

  • @eyezikandexploits
    @eyezikandexploits 6 місяців тому

    i wish finding these bugs where as easy as this lab

  • @eyezikandexploits
    @eyezikandexploits 6 місяців тому

    keep it up man, do you have a discord?

  • @TheCyberWarriorGuy
    @TheCyberWarriorGuy 6 місяців тому

    :)

  • @uttarkhandcooltech1237
    @uttarkhandcooltech1237 7 місяців тому

    thank you i am new subscriber

    • @DevSecHacker
      @DevSecHacker 7 місяців тому

      Thanks for subscribing! And please do like also, so that it can recommend to more people who want to know.

    • @uttarkhandcooltech1237
      @uttarkhandcooltech1237 7 місяців тому

      @@DevSecHacker can u share use more about account takeover bug throw id parameter Sqli in id parameter

    • @DevSecHacker
      @DevSecHacker 7 місяців тому

      Sure. Let me add that into my upcoming list

  • @Anonymous-cx7ht
    @Anonymous-cx7ht 7 місяців тому

    Never commented on any video love the way you told 😮🎉

    • @DevSecHacker
      @DevSecHacker 7 місяців тому

      Thank you. Then do support by subscribing.

  • @wnheieowz
    @wnheieowz 7 місяців тому

    can i get src code pls

    • @DevSecHacker
      @DevSecHacker 7 місяців тому

      github.com/RajuGanapathiraju/VulnerableLabs/blob/main/ssrf_bypass.js

  • @BanglarPranChitra
    @BanglarPranChitra 7 місяців тому

    Nice ❤❤

  • @SushantMaliwhy
    @SushantMaliwhy 8 місяців тому

    Hey could you make a video regarding XSRF-TOKEN/CSRF?

    • @DevSecHacker
      @DevSecHacker 8 місяців тому

      I will. Please do like and subscribe

  • @kuttuconnect
    @kuttuconnect 8 місяців тому

    Good insights

  • @_ArfatFarooq
    @_ArfatFarooq 8 місяців тому

    Bro you didn't show how to get reverse shell? Can we use here bin/bash for reverse connection in net cat? Also how get complete shell like full root shell using SSTI Vulnerability?

    • @DevSecHacker
      @DevSecHacker 8 місяців тому

      This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.

    • @_ArfatFarooq
      @_ArfatFarooq 8 місяців тому

      @@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️

    • @_ArfatFarooq
      @_ArfatFarooq 8 місяців тому

      @DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...

  • @Zach8877
    @Zach8877 8 місяців тому

    Nice demo! The question I can’t get out of my head is “why isn’t this called JavaScript injection”. It seems directly analogous to a SQL injection but with JS instead of SQL. The term XSS just doesn’t compute in my head.

    • @DevSecHacker
      @DevSecHacker 8 місяців тому

      Yes. You can call it as a form of javascript injection since malicious script will inject in the web pages. According to owasp top 10 - 2021 even XSS also categorized in injection part. for reference owasp.org/Top10/A03_2021-Injection/

  • @cherrycherry-zs7qj
    @cherrycherry-zs7qj 8 місяців тому

    Notable suggestions, keep doing more shorts like this

  • @DevSecHacker
    @DevSecHacker 8 місяців тому

    if you want to support my work: www.buymeacoffee.com/devsechacker

  • @DevSecHacker
    @DevSecHacker 8 місяців тому

    if you want to support my work: www.buymeacoffee.com/devsechacker

  • @DevSecHacker
    @DevSecHacker 8 місяців тому

    if you want to support my work: www.buymeacoffee.com/devsechacker

  • @DevSecHacker
    @DevSecHacker 8 місяців тому

    if you want to support my work: www.buymeacoffee.com/devsechacker

  • @DevSecHacker
    @DevSecHacker 8 місяців тому

    if you want to support my work: www.buymeacoffee.com/devsechacker

  • @DevSecHacker
    @DevSecHacker 8 місяців тому

    if you want to support my work: www.buymeacoffee.com/devsechacker

  • @briansans-souci9083
    @briansans-souci9083 8 місяців тому

    Thanks mate!