Thank you so much for the shoutout! I'm actually working on some new API videos coming real soon including more recon techniques, understanding JSON, API hacking tools like Postman so stay tuned for even more API goodness!
@@theintrovert894 Why can't u just buy the course.It is a gold mine actually.It should be given for 2000$ for what he is teaching.He gives u more content covering all areas.Why can't u just buy it.Just buy the course.No one going to give you this and mr.cybermentor deserve to get some support.
You are taking out time to make these videos and help people like me to learn more, that's very much great. Thank you very much man and i expect many more videos.
By fuzzing one can get GET /api-2.0/sms/ But your blurred screenshots shows there was something more than that I mean, GET /api-2.0/sms/blurred-content/ Does that mean you won't get any PII data back in response when you just hit: GET /api-2.0/sms/ Just a noob here. Trying to understand. Thanks for read and/or reply.
@@TCMSecurityAcademy I came to know from various people that js files in website contains some juicy content can u tell me a kind of tool which can I used to download all js files without manualy going to burp to see individually
I remember looking at hacker one bounty selection. I'm not gonna read all this so copy and pasted words to voice. Then made list ones that were paying money. Wasted bunch time learning burp suite what nightmare. I take notes get ideas what learn next. Sometimes you have submerge yourself in topic run with idea. I'm deeply involved in self sabotage. Saying nothing ever panned out why should this be any different. One guy had some great advice to himself if he was just starting find your first bug. Good recon all vulnerabilities. Part learning figuring it out yourself
mate, after you found the sms parameter, what did you append to it next , like sms/?(it was blurred in your video) and how did you obtained that parameter after /sms/?
It auto-appended stuff at the end, but it could have been an indicator of the platform, so I blurred it. The method I showed was exactly how it was found.
Wow men, what a shitty actitud from that program!! And this video... super pratical and educational.. Its good to have videos where you real situations examples. Much easier to understand!!
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
Thank you so much for the shoutout! I'm actually working on some new API videos coming real soon including more recon techniques, understanding JSON, API hacking tools like Postman so stay tuned for even more API goodness!
Total side note. This is the first time I've actually ever NEEDED the sponsor of a UA-cam video.
Great stuff as usual Heath, just finished the Udemy course, thoroughly enjoyed it.
Did you find any real world bug by using that course info???
@@abdulsamad-as actually yes, it better refined my vulnerability assessment skills I undertake for work, helped me be more efficient.
Can u give me thar course Plzzz❤️
@@theintrovert894 Why can't u just buy the course.It is a gold mine actually.It should be given for 2000$ for what he is teaching.He gives u more content covering all areas.Why can't u just buy it.Just buy the course.No one going to give you this and mr.cybermentor deserve to get some support.
You are taking out time to make these videos and help people like me to learn more, that's very much great. Thank you very much man and i expect many more videos.
burp intruder is just a multithreaded fuzzing script that can be made in pure python . Worth the effort .
Great! Make this your new series: ' Real bug series'. Add real world bug hunting recon streams as well if possible. Or else just some poc videos.
Thank you man for the insiderPHD
By fuzzing one can get
GET /api-2.0/sms/
But your blurred screenshots shows there was something more than that I mean,
GET /api-2.0/sms/blurred-content/
Does that mean you won't get any PII data back in response when you just hit:
GET /api-2.0/sms/
Just a noob here. Trying to understand. Thanks for read and/or reply.
That's really F'ed up that company didn't even acknowledge you or say thank you.
TCM - you are really my inspiration
Thanks dude, really informative
Thanks mentor, it's very useful!
You are welcome!
Thank you TCM I had 0 idea of api. This helped me a lot
Like as always, great stuff. Thanks for all the awesome information and resources.
Too much informative video 👍
Informative video sir😍 tq
Any tips if u can share to find vulnerable parameters any tool will be a great help currently I use gf pattern with gau .
Ffuf and arjun are good, but I always go back to burp
@@TCMSecurityAcademy thnx
@@TCMSecurityAcademy I came to know from various people that js files in website contains some juicy content can u tell me a kind of tool which can I used to download all js files without manualy going to burp to see individually
You are truly The Cyber Mentor!!
Really thanks very much, that's gonna help a lot with API enumeration
Thanks Mentor awesome content as always 😎😎😎
one on one sounds aweome!
i need a mentor
Ikr, heath would be such a great mentor to have.
You'll probably find them in the CYBER space
Always love you sir😊....love from India 🇮🇳🇮🇳
Very useful. Thanks!
Thank you for nice content!
Again man you on Fire excellent
Can you please release a course on api pentesting or web application penetration testing
Thank you brother ❤️
Hi Heath,
Can you create some CTF like stuff related to API testing so we can understand more deeply.
I remember looking at hacker one bounty selection. I'm not gonna read all this so copy and pasted words to voice. Then made list ones that were paying money. Wasted bunch time learning burp suite what nightmare. I take notes get ideas what learn next. Sometimes you have submerge yourself in topic run with idea. I'm deeply involved in self sabotage. Saying nothing ever panned out why should this be any different. One guy had some great advice to himself if he was just starting find your first bug. Good recon all vulnerabilities. Part learning figuring it out yourself
Thanks for sharing this 🙂
legend as always thank you for the content.
That T-shirt should say: Amber is my fuel 😂😂 thanks for your videos man, you're the best
Haha she is my fuel!
why did d rate limiting not kick u out while fuzzing ?
so are u fuzzing the parameter of `/sms/` path?
TCM♥️🔥🔥
mate, after you found the sms parameter, what did you append to it next , like sms/?(it was blurred in your video) and how did you obtained that parameter after /sms/?
It auto-appended stuff at the end, but it could have been an indicator of the platform, so I blurred it. The method I showed was exactly how it was found.
@@TCMSecurityAcademy Thanks man this helped me a lot.
Wait, you do 1:1 ?!?!?! Yes please !!!
Thanks man, you are the best
Can you give me requirements for application Android pantest
I couldn't have maintained such calmness if that happened to me ⚡️! Cant stand bad programs tbh
Great stuff
thank you forever bro
Damn, we don't deserve this quality content
Sir after a long time...! Anyways stay safe and give knowledge that safely 😅
.
Support from my side always 🇮🇳🔥
Much love!
Wow men, what a shitty actitud from that program!! And this video... super pratical and educational.. Its good to have videos where you real situations examples. Much easier to understand!!
Longtime no see
How can I get a one-on-one with you?🤔🤔
tcm-sec.com/one-on-one-tutoring/
Superb
Every time You Nailed with pretty much great resources ! \O/ thenksssssssssss @TheCyberMentor
I am stil not able to join your discord server
It took you so long to post a video
I'm a busy guy!
You are love man
Love you more!
Great
Like + Comment ofc :)
sup
❤️
OMG no way do you like listening to Jonathan Young songs ? i would never imagine lol, anyway thanks for the video very helpful !!!
👾👾👾