- 88
- 45 001
DevSec Hacker
Приєднався 14 кві 2023
Hi guys!
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
Malware Protection for S3 Bucket
🔒 Protect Your S3 Buckets from Malware with AWS GuardDuty! 🚀
Amazon S3 is a powerful storage service, but it’s not immune to security threats like malware. In this video, I’ll show you how to safeguard your S3 buckets using AWS GuardDuty. Learn how to:
✅ Enable GuardDuty for continuous threat detection
✅ Configure malware protection for S3 buckets
✅ Detect and respond to malicious files
✅ Automate remediation actions like quarantining threats
🎥 Demo Highlights:
Step-by-step configuration of GuardDuty in the AWS Management Console
Uploading a test malware file and watching GuardDuty in action
Automating quarantine with Lambda for seamless threat management
🛡️ Whether you're a security professional or cloud enthusiast, this guide will help you level up your cloud security game!
#awssecurity
#cloudsecurity
#s3
#guardduty
#awsservices
#awssecurity
Amazon S3 is a powerful storage service, but it’s not immune to security threats like malware. In this video, I’ll show you how to safeguard your S3 buckets using AWS GuardDuty. Learn how to:
✅ Enable GuardDuty for continuous threat detection
✅ Configure malware protection for S3 buckets
✅ Detect and respond to malicious files
✅ Automate remediation actions like quarantining threats
🎥 Demo Highlights:
Step-by-step configuration of GuardDuty in the AWS Management Console
Uploading a test malware file and watching GuardDuty in action
Automating quarantine with Lambda for seamless threat management
🛡️ Whether you're a security professional or cloud enthusiast, this guide will help you level up your cloud security game!
#awssecurity
#cloudsecurity
#s3
#guardduty
#awsservices
#awssecurity
Переглядів: 45
Відео
Broken Access Control Vulnerability: How Hackers Exploit
Переглядів 14521 день тому
"Learn how broken access control vulnerabilities can expose sensitive data with this demo app! Watch as we explore how users can access admin-only data due to missing role validation and reason behind it. Perfect for understanding real-world security flaws and their solutions. 🚀" #cybersecurity #pentesting #bugbounty #securecoding #appsec
New Burp Suite Feature: Manual Record an Issue - Walkthrough
Переглядів 230Місяць тому
Discover Burp Suite's powerful new feature: *Manual Record an Issue*! 🚀 This tool is a game-changer for pentesters, making it easier to log, document, and organize findings directly within Burp Suite. In this video, I'll walk you through how to use the manual record feature, perfect for enhancing your pentesting journey and simplifying report generation. Whether you're a seasoned security resea...
Protecting Tokens from XSS Attacks: Secure Storage with Web Workers in JavaScript
Переглядів 242Місяць тому
In this video, I dive into a Proof of Concept (PoC) demonstrating how to securely handle and store tokens in browser memory using Web Workers. I’ll walk you through why Web Workers are the best option for protecting sensitive data like JWTs, thanks to their separate global scope that isolates tokens from the rest of the application and safeguards against XSS attacks. Watch to see step-by-step h...
Bugbounty: Host Header Injection to Account Takeover | Hands on | Practical
Переглядів 7682 місяці тому
in this video, I’ll walk you through an exciting bug bounty Host Header Injection to take over user accounts! 🚨 If you’re a pentester, bug bounty hunter, or simply passionate about cybersecurity, this video is for you! Let’s dive into this fascinating account takeover vulnerability. Don’t forget to like, comment, and subscribe for more bug bounty and security-related content. 👍🔔 #bugbounty #Hos...
0.0.0.0 Browser Vulnerability Exploit | Proof of Concept (POC) Made by ME
Переглядів 2844 місяці тому
0.0.0.0 Browser Vulnerability Exploit | Proof of Concept (POC) Made by ME
Bug Bounty: Find sensitive information in JS files | Burp Extension | JS Miner | gmaps scanner
Переглядів 5404 місяці тому
Bug Bounty: Find sensitive information in JS files | Burp Extension | JS Miner | gmaps scanner
My Interview Experience as a Senior Security Engineer | 6+ YOE | Cyber Security Engineer
Переглядів 1995 місяців тому
My Interview Experience as a Senior Security Engineer | 6 YOE | Cyber Security Engineer
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Переглядів 3,6 тис.6 місяців тому
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Переглядів 4596 місяців тому
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Auto Authentication using BurpSuite Extension
Переглядів 5597 місяців тому
Auto Authentication using BurpSuite Extension
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Переглядів 1,1 тис.8 місяців тому
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Episode 02: Security Meet Up | Ft. Security Engineer - II
Переглядів 1399 місяців тому
Episode 02: Security Meet Up | Ft. Security Engineer - II
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Переглядів 4599 місяців тому
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Security Monitoring Tool - Dark Web Exposure
Переглядів 3359 місяців тому
Security Monitoring Tool - Dark Web Exposure
How to access the Dark Web | Introduction
Переглядів 1759 місяців тому
How to access the Dark Web | Introduction
Hacking with AI Tool - WhiteRabbitNeo
Переглядів 5 тис.10 місяців тому
Hacking with AI Tool - WhiteRabbitNeo
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Переглядів 37210 місяців тому
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Bug bounty: Bypass Limits via Race Conditions
Переглядів 54910 місяців тому
Bug bounty: Bypass Limits via Race Conditions
Part 02: Content Security Policy Explained - Practical
Переглядів 13110 місяців тому
Part 02: Content Security Policy Explained - Practical
Content Security Policy Explained - Practical
Переглядів 34811 місяців тому
Content Security Policy Explained - Practical
How to Automate Penetration Test Report Writing
Переглядів 74311 місяців тому
How to Automate Penetration Test Report Writing
How to create static website using aws s3
Переглядів 8611 місяців тому
How to create static website using aws s3
How to implement cloudwatch monitoring for a web server
Переглядів 207Рік тому
How to implement cloudwatch monitoring for a web server
How to setup AWS S3 Replication - Including Cross Region Replication
Переглядів 98Рік тому
How to setup AWS S3 Replication - Including Cross Region Replication
Could you please do a video on the BREACH attack due to HTTP compression?
Sure
Great video brother. Very informative
Thank you
sir your explanation is excellent
Thank you
3:34 how were you able to decode the JWT Token inline without using Decoder tab?
Using keyboard shortcut. Command + shift + B I am using MAC
Great work on your channel! the way you explained it was so clear and easy to follow. Your hands-on videos are really helpful. Keep it up❣
Hey, thank you.
Wow, looks interesting! I'm going to try out this tool. Great video.
Thanks. Please do like and subscribe to get more content like this
Gpt hackers
very cool my new favorite co pilot
👌
great video
Thanks.
Cool :
Bro it would be helpful if you increase the volume in the video. Someone surfing UA-cam over mobile for good cybersecurity content would easily bypass this video b/c even at full volume I am not able to listen it.
Yeah....It was an old video and I changed the volume settings in later/recent videos.
Good content bro keep it up
Thank you. Please do like the video, so that it can reach out to more people.
This payload also works in django means python framework ig
Django doesn't use that syntax, this is ruby on rails
book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
This vulnerability and can we report it if we find it and also please video for check heroku key
You can report it, but whether you receive a bounty depends on the company's policy. Some companies will offer bounties, while others may not consider it based on their guidelines.
Thank you for this video.
Welcome. Stay subscribed to get more videos
Please make a full video once
I have already made it. It's available in the channel. OR here is the link for full video. ua-cam.com/video/CGabe21_148/v-deo.html
Nice explanation 👍🏼
Thanks
Hi bro, I need your help bro, Can you help me please regarding the pen testing only.
Shoot out an e-mail to devsechacker@gmail.com
Thanks, great video and explanation
Welcome 🤗
Do you think this tool is good for future career?
It is good for a career only. Because whatever the tools come into the picture finally a human intelligence should validate the accuracy of threats or findings. The advantage of it is we can make the threat modeling process faster and efficient.
very nice explained simple brother its very simple thanks a lot ya ahhh!
Thank you
thank you very much what name of tools ?
Burpsuite pro
@@DevSecHacker thank you
How to edit the Trust zone?
Right click on trust zone and edit
Do we need to study DSA for code review round ? or if the interviewer gives a code snippet and requests me to complete the incomplete code so how is the complexity of code in those case like is the code related complex DSA topics or some basic code snippet?
No need to study DSA. They won't ask. They will give vulnerable code snippets like below. You just need to identify vulnerabilities based on the code. github.com/yeswehack/vulnerable-code-snippets The above one is an example of vulnerable code snippets which are available in github.
@@DevSecHacker ok thanks for the resources, and if they ask us to complete incomplete code then it would be a basic code like the one you gave on GitHub right?
In general they won't ask us to complete the incomplete code. Since they will only check the understanding levels of code and how we are able to identify the vulnerabilities in it. Secure code review capabilities they will check since we need to do secure code review as a one of the responsibility in day to day work.
Nice video but voice is not clear
Thanks for the comment. I will change the voice setting next time
Voice not clear brother I recommend to adjust it
Sure. Thanks
Nice
Thanks
fdfdf
Let's say i just finished my pentest exam, and i have taken 60 screenshots. Can you explain how to implement them, and what do i have to modify in the report, to be related to what i found during the exam ? Any other explanations are welcome. I am a beginner, and i still don't know how to make a pentest report, after finishing a penetration testing exam.Thank you.
Ok
@@DevSecHacker Please give more details on my question.
Hi bro, Can I have your contact details please, I would like to connect with regarding mobile PT please
Explanation in this video is great. Keep doing good videos like this.
Thanks, will do!
i wish finding these bugs where as easy as this lab
Absolutely yes.
keep it up man, do you have a discord?
Nope
:)
thank you i am new subscriber
Thanks for subscribing! And please do like also, so that it can recommend to more people who want to know.
@@DevSecHacker can u share use more about account takeover bug throw id parameter Sqli in id parameter
Sure. Let me add that into my upcoming list
Never commented on any video love the way you told 😮🎉
Thank you. Then do support by subscribing.
can i get src code pls
github.com/RajuGanapathiraju/VulnerableLabs/blob/main/ssrf_bypass.js
Nice ❤❤
Thanks 🤗
Hey could you make a video regarding XSRF-TOKEN/CSRF?
I will. Please do like and subscribe
Good insights
Bro you didn't show how to get reverse shell? Can we use here bin/bash for reverse connection in net cat? Also how get complete shell like full root shell using SSTI Vulnerability?
This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.
@@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️
@DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...
Nice demo! The question I can’t get out of my head is “why isn’t this called JavaScript injection”. It seems directly analogous to a SQL injection but with JS instead of SQL. The term XSS just doesn’t compute in my head.
Yes. You can call it as a form of javascript injection since malicious script will inject in the web pages. According to owasp top 10 - 2021 even XSS also categorized in injection part. for reference owasp.org/Top10/A03_2021-Injection/
Notable suggestions, keep doing more shorts like this
Sure 😊
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
Thanks mate!
you are welcome.