- Видео 18
- Просмотров 37 409
CYBER BYTES
Индия
Добавлен 10 май 2021
Hey there, this is Cyber Bytes on RUclips. On this channel, we provide various educational and instructional videos for professionals, students & enthusiasts various security tool demonstrations and general 'how-tos' on cyber security domain. Educational informational contents relating to Vulnerability assessments, penetration testing, log analysis, security auditing as well as awareness on cyber security will be added to this channel.
Please do interact with us and provide us with suggestions on what tools and other related concepts on cyber security they would like to watch, we will make sure and try our best to create content based on feedback and inputs from our subscribers & viewers.
Please do comment and request for the tool demonstrations that you would like to see on our channel.
Want to learn #networksecurity auditing? check out our course on udemy.com at special price
Link - www.udemy.com/course/network-security-auditing-with-nmap/?couponCode=3F7451A2C5BFB78E53C7
Please do interact with us and provide us with suggestions on what tools and other related concepts on cyber security they would like to watch, we will make sure and try our best to create content based on feedback and inputs from our subscribers & viewers.
Please do comment and request for the tool demonstrations that you would like to see on our channel.
Want to learn #networksecurity auditing? check out our course on udemy.com at special price
Link - www.udemy.com/course/network-security-auditing-with-nmap/?couponCode=3F7451A2C5BFB78E53C7
ASNmap tutorial - #enumerate target using ASNs and expand your #pentesting #bugbounty visibility
In this video of demonstration of the tool ASNmap by projectdiscovery, we take a look at basics of ASNs and their use in the #pentesting #bughunt process.
We start the video by explaining the foundations of Autonomous System Numbers or ASNs and their general architecture and role as one of the important elements in world wide internet interconnectivity. For organizations with huge IP infrastructure, and multiple hosts on the internet, there could be a possibility for a #security researcher to find a host that is 'forgotten' and is not maintained. This can lead to a #security loophole and can be possible for an attacker to enter the infrastructure.
As the information about ASNs is available ...
We start the video by explaining the foundations of Autonomous System Numbers or ASNs and their general architecture and role as one of the important elements in world wide internet interconnectivity. For organizations with huge IP infrastructure, and multiple hosts on the internet, there could be a possibility for a #security researcher to find a host that is 'forgotten' and is not maintained. This can lead to a #security loophole and can be possible for an attacker to enter the infrastructure.
As the information about ASNs is available ...
Просмотров: 1 484
Видео
hakrawler - crawl webpages, discover endpoints & gain visibility in #pentesting & #bugbounty
Просмотров 1,9 тыс.2 года назад
During the initial phase of any #pentesting or #bughunt initial #reconnaissance plays an important role, as during this phase there is high probability that you can find hidden assets or urls. If those discovered assets come under your penetration testing or vulnerability assessment scope, then you can further expand your testing surface and audit the newly discovered endpoints or assets. When ...
Perform fast port #scans using #shodan internetdb API with #SMAP, for better passive recon.
Просмотров 1,3 тыс.2 года назад
In this video of tool of the day, we have a look and demonstration for the tool called SMAP created by Somdev Sangwan. This tool works on principle of passive #recon for #bugbounty and #pentest engagements. Smap relies on #shodan Internetdb API and queries for the targets ports along with the service version detection as well as any associated vulnerabilities that can be associated with the ser...
Securing SSH server - Protect SSH server using Two - Factor Authentication. #SSHsecurity #sshserver
Просмотров 2582 года назад
In this episode of cyber bytes, we will talk, discuss and demonstrate on how to go ahead and enhance security of SSH server by adding multiple layers of security controls. OpenSSH server is a widely used secure protocol for managing & administering devices remotely. However, SSH server can be prone to bruteforce attacks by bad actors. To safeguard our #sshserver we deploy multiple layers of sec...
Knock Subdomain Scan - Speedup #recon for #bugbounty & #pentest with Knockpy - Full tutorial.
Просмотров 3,6 тыс.2 года назад
For any #bugbounty and #pentest engagement, #recon phase forms an important part of the whole process. As in this stage, you are likely to discover important subdomains as well as other endpoints that can be of interest and can be a game changer for you engagement. In this video for subdomain enumeration using the tool - knockpy we will explore the options that tool provides us. We take a look ...
Discover hidden files & directories on a webserver - dirsearch full tutorial.
Просмотров 4,5 тыс.2 года назад
Video Index 00:00 - 00:22 - Channel Intro 00:23 - 01:17 - Intro to dirsearch 01:18 - 01:30 - Channel disclaimer 01:31 - 02:51 - Tool background and concepts 02:52 - 04:01 - Installation notes & guidelines 04:02 - 07:14 - General comparison between tools & note on wordlists 07:15 - 08:26 - Setup details 08:27 - 09:50 - Basic scan demonstration 09:51 - 12:25 - Extension specific scans 12:26 - 17:...
httpx tutorial - fast http probing for #pentest and #bugbounty
Просмотров 6 тыс.2 года назад
In this video on httpx tool created by #projectdiscovery, we will have a look at the most common use cases on how #httpx can be useful in your #pentest and #bugbounty engagements where you have a huge set of enumerated subdomains from #recon stage and now you have to check from this huge list of #subdomains which of these subdomains are responding to your requests and which of these subdomains ...
Apache Security - basic hardening & security for apache web server | Part - 2
Просмотров 4142 года назад
whitelisting file extensions, apache security, clickjacking protection, browser framing, apache logging, apache webserver logs. In this second part, we will be performing more security checks and optimisation & #serverhardening the apache web server. In the first part of this video, we demonstrate how we can whitelist a file extension in our apache web server. This is one of the most thoughtful...
Apache Security - basic hardening & security for apache web server | Part - 1
Просмотров 1,7 тыс.2 года назад
In this first part of the series on securing apache http web server, we will have a look at most basic configuration checks and settings that can be implemented to secure #apache http web server and secure against various attacks that can disclose internal application information. The primary idea behind this video series to reduce the attack surface of apache web server by disabling unwanted a...
Apache Security - basic hardening & security for apache web server | Part - 3
Просмотров 2992 года назад
apache server tokens, disable server banner, apache security, slowloris attack In this final part of the video series, we will take more steps to ensure #serverhardening by disabling apache web server banner and Operating system signature. This ensures that an attacker cannot accurately get information about the base operating system and the version of the web server. This acts as a layer of ob...
Intro to Nuclei scanner - template workflow demos - Part 3
Просмотров 7603 года назад
In this video, we will understand the concept of workflows in nuclei scanner. When you are performing a #pentest or #bugbounty hunting, you can have several different endpoints running on different types of technologies. To speed up testing, you can use the concept of workflows and implement templates that you want to include in your testing. As per the documentation available, you can put seve...
Intro to Nuclei scanner - template demo for network vulnerabilities - Part 2
Просмотров 1,2 тыс.3 года назад
In this video for #nuclei scanner we will learn and understand some #nucleitemplates for detection of service vulnerabilities for a given end point. Many times in your #pentest engagements or #bugbounty programs, you might come across a vulnerable version of a service which can be exploited by bad actors. To counter this, a pentester can use nuclei scanner as vulnerability detection tool by per...
Intro to Nuclei scanner - learn nuclei from basics with template demos - Part 1
Просмотров 10 тыс.3 года назад
In this video of cyber bytes, we will learn to use nuclei - the community powered vulnerability scanner. We will understand and get an introduction to nuclei scanner. Nuclei is a highly effective #vulnerability scanner. It has various community provided test templates powered with its effective nuclei engine that can help #bugbounty hunters, pentesters & security research to assist in their pro...
Intro to Nuclei scanner - create your own test template - Part 4
Просмотров 7213 года назад
When performing a #pentest or #bugbounty program, the community provided templates can help you only upto a certain level. To get more value of your tasks, it is highly recommended to create your own custom test template. In this video, we follow and proceed with step by step procedure to create a custom #nuclei template from scratch. Here, in this case, we will be taking a case for creating a ...
Subfinder - Passive subdomain enumeration tutorial. #subfinder #bugbountytips #pentest #enumeration
Просмотров 1,9 тыс.3 года назад
In this episode of cyber bytes, we bring another interesting tool for gathering sub-domains for a given domain using the tool #subfinder This tool is written in go language and performs passive sub-domain #enumeration from various online sources. By using this tool in your #bugbounty or #pentest engagements, you can quickly and reliably discover various endpoints that you can map with your scop...
Speed up #pentest & #bugbounty with faster host discovery & network scanning with Divide And Scan.
Просмотров 2483 года назад
Speed up #pentest & #bugbounty with faster host discovery & network scanning with Divide And Scan.
Wfuzz - The web application fuzzer.
Просмотров 1,7 тыс.3 года назад
Wfuzz - The web application fuzzer.
Boring lecture not even see commands on the screen
amazing Explainatiom !!!!
What an amazing tutorial. Everything is so detailed, with so much information!
Thank you so much. Stay tuned. Will be posting more videos. Currently occupied in other projects. Regards.
Boss, could you please create a comprehensive video series covering advanced topics such as advanced time based blind SQL injection injection, XSS, LFI, RFI, and RCE, including the process of uploading web shells on Apache and IIS web servers in live website scenarios? Traditional platforms like test.vulner, DVWA, bWapp, PortSwigger, etc., fail to address real-world challenges like identifying origin IPs, DNS brute force attacks, reverse IP lookups, WAF/IDS/IPS circumvention, AWS/CDN/Tor, reverse proxies, and CMS security 🤙. Your unique content would be invaluable in educating the bug bounty hunting community about genuine issues and solutions. Thanks in advance for your contributions to the community.🎉❤
May I ask what OS you used for this?
Thank you sir.
Config .yaml file there is no such directory what to do ?
hello there, the config file at default location - $HOME/.config/subfinder/config.yaml This file is not present on the fresh installation. However, you can create this file as per your requirement and list out the sources as per the documentation and put your keys into the config file. You can then put the config file at any of your preferred location and put the path of configuration file or put that file on the default path and proceed. The reference link for the sample config file - github.com/projectdiscovery/subfinder/blob/main/README.md Hope this helps. Regards.
wow man your videos are amazing . Love 😍
Thank you so much Regards.
Amazing 🤩
Thank you so much for appreciating.
Awesome ❤
what is the use of API keys in subfinder? what it does exactly?
Hello Tony, External services like VirusTotal, Censys, Chaos, Shodan, etc. that help us fetch more information in our information gathering stage need us to have registered with them and get our specific API keys to call the respective services to query and gather information from them. By using the API keys from the respective sources in subfinder, you can get more information and utilise this information suiting your task. In the demonstration, you can see that by using the API keys, we were able to get more subdomains for the same target in contrast to the tool running without any API keys. I hope this clarifies. Regards.
@@cyberbytes6653 Thanks man for your prompt reply. Can you please make a video on waybackurls and also show me what endpoints are really good for penetrate?
@@TonyAsh-rp6fp Most welcome and glad that it helped. Sure, will note it down and work on content for waybackurls.
@@cyberbytes6653 Cheers mate.👍
make video amass and grow more👍👍
Thanks for the input. Noted.
how can we do manually test on website make video on this topic and also how find api
how can i add other search engines like shodan and censys ?
Hello @CodeSaif - As from the project page, i can see that in the config.json file of knockpy, only Google, DuckDuckgo and VirusTotal seems to be supported. i think the code needs further modules to handle the queries from shodan and censys. That will be a good idea. I think this has already been added from your end as a feature request. Regards,
Hey @@cyberbytes6653 thanks for your response "200 OK"
Very nice video sir 👍 How does dirsearch fare against feroxbuster sir ? Which one would you recommend feroxbuster or Dirsearch? Kindly do a video for feroxbuster sir 🙏 You have good teaching skills 🙏
Hey there. Thanks for the inputs and appreciation. I am yet to try out feroxbuster. But i will certainly try it out and put up a video tutorial for feroxbuster. Added to my to-do list Cheers.
Many thanks for taking time reply... Appreciate it sir 😌🙏
thanks.
amazing sir
how to make it run the password security check
Hello there, Thsnks for your query. For checking passwords, there can be 2 ways: 1. The case where you want nuclei to check for default passwords for any web application. Here, you can assume that the web application framework's login panel path (in case you have discovered during the earlier phases of information gathering.) or any other login page, you need to have a list of default credentials that you can use to check for the use of any default accounts/credentials. You can create a scan template for the same based on the behaviour of the web apps request/response cycle and you can check that accordingly. 2. The case where we want to ascertain weather the application has any mechanism to check for password complexity. Here, too first you need to first understand how the application behaves and responds to the password inputs you give. eg. the password length where the application logic limits you to have a minimum password length. Try out with a smallest length password and feed the input to the application and see how the application responds. Based on that you can print out the response using the YAML template and also you can nest the query with regard to the complexity and character lengths and test accordingly. I would request you to try out and create a test template based on the logic flow. Would love to hear from you in this regard. I will also try to see if i can create something similar for testing, but it will take some time, as i am fully occupied in other tasks. I hope that i have answered your query. Regards.
@@cyberbytes6653 thanks for the response sir that was very helpful !i am waiting impatiently for the next video
Thank you so much! Powerful stuff !!!!!!! Please upload new content.
Hello there, thank you. Sure, i will be uploading more content. Regards.
Keep it up
Thank you very much
hi! do you have any idea why it would freeze on starting? I mean it s all good until it has to show the output... the verbose is 0, idk what is happening. can you help me fixing this? I have to say that I used pimpmykali, idk if it has smth to do with dirsearch! I have to mention that the cpu is getting higher, so it means that the tool is working?! I really don t know what to do! thanks in advance
Hey there, upon starting u mean that when you issue the command to start directory search, right? I have not come across such situation till now. I would however recommend you to try to install and run the tool on a fresh kali linux install to set up a baseline and see how it behaves. have a go and see, Let me know the results. I am curious too. Regards.
how can we do passive scanning with nuclei. can u explain it with an example.
Hello there, nuclei supports passive scanning for HTTP based templates and performs scans for HTTP response data. This feature is lesser known, however, i will explore this and try to add a video in nuclei tutorial. Thanks for the input.
perfect...tnx
Excellent
Thanks.
i want to get 404 response also in dirsearch log. can it be done?
Hi Rio. Yes you can filter through status codes, just include the -i option to include the status codes of your choice or use -x to exclude the status codes of your choice (seperate status codes using commas. eg. 200,302,404) I hope this helps. Regards.
please upload more video for bug hunting please sir
Hello Jitu. Thank you for your response. Will certainly create more videos. Just stuck in some tasks. Will create as i get free. Can you please tell what part of web application security testing you are interested in?? Some inputs will help. Thanks.
@@cyberbytes6653 I am Interested in Bug Hunting .
In later version we get type which it is alias or host but this version it didnt show 'type' so how we get conclusion that this subdomain will be takeover
Kindly reply please
@@karthik3913 Let me have a look and get back to you soon.
@Karthik - can you pls tell which options you are running and what is the exact difference you get? As i have just tried out with the recent version of the tool, v5.3.0 the results are consistent. Awaiting your response.
Thank you for such a detailed video sir, much needed such content
Dear Piyush, thank you for your response. I will be adding more of such useful videos soon. Stay tuned. Please do share the channel and content with your circle. Regards.
Sir when i am playing a CTF there i have seen a machine is running netbios and it is running smb also but with workgroup pass, so i can't acess smb, is there any way to acess netbios shares ? By which tool ?
Hello there, have you tried to see if there are any shares available? Enumerate the Netbios shares if available, you can use the tool 'nbtscan' or use nmap's script nbtstat.nse to see if there is anything useful or any specific shares available. For SMB, you can try out nmap's script - smb-brute.nse and see if you can bruteforce your way if you are unable to guess any credentials. Alternately, you can also use the metasploit's auxiliary module - smb_login for the same purpose. you can also use - hydra & ncrack for this task too.
Super keep going 🥰
Thanks a lot, more videos on the way
Excellent content!
Thank you. More videos coming up
Nice explanation brother.
Best overview of HTTPX on YT. Thanks for making this!
Thank you. Stay tuned, more videos coming soon.
Really good work !
Thank you very much.
Shankar raj student ?
Helpful video!!! If I was you I would employ P r o m o s m!!!
Thanks for sharing ♥
Most welcome.
Poderia me dizer como coloco as APIs, estou obtendo erro, seria tipo: chaos: api, estou parada nisso. Parabéns pelo video.
Can you please tell me what is the exact error message you are getting??
@@cyberbytes6653 Oi, Thanks, I found the problem,.
@@TheNikakz Great.
Nice informative video. Keep updating with this types of good videos
Thank a lot. will certainly keep the videos coming. Cheers.
In your knockpy video i have said you to make a video on ettercap, please try to cover it and it is a big tools try to cover almost every important things...
Yes. There are lots of useful security tools that can be demonstrated. The catch is that i have to create videos single-handedly. I also have to look that the tools video does not violate community rules. I create the demonstration in that line. Rest assured, i will be creating educational contents and will upload gradually. Thanks.
Are you system administrator ? Nice information ℹ️👍 thanks
Hello there, I am a Pentester & security consultant. I am glad that you liked the video. Please do share and subscribe the channel. Thanks.
@@cyberbytes6653 already subscribed you channel from 4 months ago. Are u web or network pentester ?
Ok. I do both network and web apps.
@@cyberbytes6653 can you please come up with web pentesting, try too cover owash top 10 and important tools like sqlmap, burpsuite, owash zap, etc...
Yes. I am working on this and will take a bit of time. The tools you have mentioned are already in pipeline and will come up with a proper format. Please stay tuned. I will be putting up videos on this channel. Regards.
Very well put together, keep up the good work.
Thank you very much for the response. Stay tuned, more contents coming soon.
worth watching this video plus the content you have converted to make understanding for the beginner how to use nuclie
Thank you very much for your response. I am glad that the video was helpful to you. Subscribe to channel and please do share the video and channel to your circles. I will be soon uploading more useful educational videos on the channel. Stay tuned.
Please make beginner 2 advance level practical live website bug hunting, live website penetration testing, live website exploitation content video series... 🙏 😊 💯✌❤💚💙💜😍😘🤝
Yes. I will certainly make good quality educational contents. But it will take some time as i am very peculiar about creating detailed videos, i will certainly plan out and create helpful content. Regards.
One more request 😅😅, video on pwncat tool 🔥
Will check the tool out and put on the queue.
How to get the virus total API key ?
you can create free account on virustotal.com and then in in your profile section on top right, you can get your API key by visiting API key section. You can refer - support.virustotal.com/hc/en-us/articles/115002088769-Please-give-me-an-API-key Hope this helps. Regards.
A video on ettercap for man in the middle attack😘😘
Noted! Will create for sure. Thanks a lot.
Sir please immediately a exploitation video on log4j ...
There is a complete step by step TryHackMe room dedicated to this issue. I would highly recommend this. Link: tryhackme.com/room/solar
Every video in a week. 😘
Sure, will try my level best to post videos regularly. Your request is noted.
Honestly saying, you make very detail videos i liked it... But can you recommend me, as much as resources from where I can learn Penitration testing to improve my existing skills.. Love from India 😘😘
Hello Soham, there are various sources from where you can begin. From basics, you can start from tryhackme there are lots of free rooms available to try out. Also you can use portswigger web security academy. Learn the fundamentals of computers, networking. There are lots of amazing learning channels on RUclips. Keep learning and growing. Regards.