![DevSec Hacker](/img/default-banner.jpg)
- Видео 63
- Просмотров 22 969
DevSec Hacker
Добавлен 14 апр 2023
Hi guys!
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐
This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security.
🚀 What to Expect:
1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API
2. Security Automation & 🛠️ Tool Development
3. AWS Cloud Security and 🕵️♂️ Security Monitoring
4. Application Development & 🌐 Web Exploit Development
5. Ethical Hacking & Threat Intelligence
6. Interviews with experienced security folks
🛡️ Stay Secure, Stay Informed, Stay Subscribed! 🛡️
Note:*
For any engagements, shoot out an email to devsechacker@gmail.com
My Interview Experience as a Senior Security Engineer | 6+ YOE | Cyber Security Engineer
Curious about what it's like to interview for a Senior Security Engineer role? In this video, I share my experiences with five companies, covering everything from technical challenges to strategic discussions. Learn about the key takeaways and get some tips to ace your own interviews. Don't miss out on this insider's perspective! #cybersecurity #interviewtips #techcareers #pentesting #appsec #cloudsecurity
Просмотров: 145
Видео
Remote Code Execution via File Upload | RCE | Unrestricted File Upload
Просмотров 1 тыс.Месяц назад
In this video, I dive into one of the most critical vulnerabilities in web applications: Remote Code Execution (RCE) through file upload. This type of attack can allow an adversary to gain complete control over a server by uploading a malicious file. #file #pentest #bugcrowd #bugbounty #hackerone #portswigger #burpsuite
Who Am I ?
Просмотров 137Месяц назад
Hi guys! 🔐 Welcome to DevSec Hacker - Your Gateway to Full Stack Cyber Security! 🔐 This is Raju, currently working as a Senior Security Engineer. I am here to share my knowledge, experience and learnings to the community in the space of Full Stack Cyber Security. 🚀 What to Expect: 1. Penetration Testing, Secure Code Review, Threat Modeling 🔍 - Web, Mobile & API 2. Security Automation & 🛠️ Tool ...
Episode 03: Security Meet-up | Ft. Security Engineer at Bugcrowd
Просмотров 4242 месяца назад
In this podcast we will cover below topics 00:41 who am i ? 01:30 Bsides Goa Conference - Key Takeaways 04:32 Bugcrowd - Hiring Process 07:15 Roles and Responsibilities of Security Engineer at Bugcrowd 09:31 Size of Security Team in Bugcrowd 10:23 Bug bounty - How to choose target ? 15:53 Commonly reported vulnerabilities 18:54 First bug bounty received by guest 20:35 Favourite security tool of...
Auto Authentication using BurpSuite Extension
Просмотров 3002 месяца назад
in this video we will see how we can avoid the auto expiry or auto session log out problem during the active scan of burpsuite. #burpsuite #tipsandtricks #ator #webapp #appsec #cybersecuritysolutions
Bug Bounty: how to find & exploit Server Side Template Injection || SSTI to RCE
Просмотров 7493 месяца назад
In this video, we will see how we can find & exploit Server Side Template Injection. We can see SSTI to RCE. #bugbounty #vulnerability #pentest #cybersecurity
Vulnerability Scanning with OpenVAS
Просмотров 944 месяца назад
In this video, we will see how we can do vulnerability scanning using angry ip scanner and openvas. #vulnerabilityassessment #pentest #securitymonitoring #securityanalysis
Episode 02: Security Meet Up | Ft. Security Engineer - II
Просмотров 1314 месяца назад
In this episode, I have met the SECURITY ENGINEER - II who is currently working in Fintech Domain Guest linkedin profile: www.linkedin.com/in/naveenyagati/ #meetup #podcast #security #cybersecurity
Bug Bounty: Automated Web Asset Scanner and Vulnerability Analyzer | Security Automation
Просмотров 4204 месяца назад
This script is designed to automate the process of identifying subdomains, discovering web assets associated with a given domain, and performing vulnerability scanning on these web assets. The identified information is stored in a MongoDB database for further analysis. Support my work: www.buymeacoffee.com/devsechacker #vulnerability #cybersecurity #bugbounty #pentesting #appsec
Security Monitoring Tool - Dark Web Exposure
Просмотров 2104 месяца назад
In this video we will learn how to install and use the dark web exposure tool which finds valuable piece of information which is being leaked in dark web about your assets. github url: github.com/RajuGanapathiraju/Dark_Web_Exposure #cybersecurity #securitymonitoring #securityanalysis #threathunting #pentesting
How to access the Dark Web | Introduction
Просмотров 1615 месяцев назад
How to access the Dark Web | Introduction
Hacking with AI Tool - WhiteRabbitNeo
Просмотров 2,1 тыс.5 месяцев назад
Hacking with AI Tool - WhiteRabbitNeo
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Просмотров 3476 месяцев назад
Episode 01: Meet up with Security Folks | Ft. Lead Security Engineer
Bug bounty: Bypass Limits via Race Conditions
Просмотров 4436 месяцев назад
Bug bounty: Bypass Limits via Race Conditions
Part 02: Content Security Policy Explained - Practical
Просмотров 986 месяцев назад
Part 02: Content Security Policy Explained - Practical
Content Security Policy Explained - Practical
Просмотров 2526 месяцев назад
Content Security Policy Explained - Practical
How to Automate Penetration Test Report Writing
Просмотров 5256 месяцев назад
How to Automate Penetration Test Report Writing
How to create static website using aws s3
Просмотров 827 месяцев назад
How to create static website using aws s3
How to implement cloudwatch monitoring for a web server
Просмотров 1957 месяцев назад
How to implement cloudwatch monitoring for a web server
How to setup AWS S3 Replication - Including Cross Region Replication
Просмотров 897 месяцев назад
How to setup AWS S3 Replication - Including Cross Region Replication
how to automate aws with cloudformation #aws #awslearning #awssecurity #automation
Просмотров 1147 месяцев назад
how to automate aws with cloudformation #aws #awslearning #awssecurity #automation
AWS Secrets Manager and Lambda: How to store and retrieve secrets #aws #awslearning #awssecurity
Просмотров 1177 месяцев назад
AWS Secrets Manager and Lambda: How to store and retrieve secrets #aws #awslearning #awssecurity
Get location details from photos || EXIF Tool || Python Script
Просмотров 1768 месяцев назад
Get location details from photos || EXIF Tool || Python Script
Unlocking the secrets: How chrome extension access local storage without storage permission
Просмотров 1878 месяцев назад
Unlocking the secrets: How chrome extension access local storage without storage permission
Security Review made easy with Iriusrisk + Chatgpt
Просмотров 28310 месяцев назад
Security Review made easy with Iriusrisk Chatgpt
Automated Threat Modeling using IRIUSRISK
Просмотров 2,2 тыс.Год назад
Automated Threat Modeling using IRIUSRISK
How to edit the Trust zone?
Do we need to study DSA for code review round ? or if the interviewer gives a code snippet and requests me to complete the incomplete code so how is the complexity of code in those case like is the code related complex DSA topics or some basic code snippet?
No need to study DSA. They won't ask. They will give vulnerable code snippets like below. You just need to identify vulnerabilities based on the code. github.com/yeswehack/vulnerable-code-snippets The above one is an example of vulnerable code snippets which are available in github.
@@DevSecHacker ok thanks for the resources, and if they ask us to complete incomplete code then it would be a basic code like the one you gave on GitHub right?
In general they won't ask us to complete the incomplete code. Since they will only check the understanding levels of code and how we are able to identify the vulnerabilities in it. Secure code review capabilities they will check since we need to do secure code review as a one of the responsibility in day to day work.
Nice video but voice is not clear
Thanks for the comment. I will change the voice setting next time
Voice not clear brother I recommend to adjust it
Sure. Thanks
Nice
Thanks
fdfdf
Let's say i just finished my pentest exam, and i have taken 60 screenshots. Can you explain how to implement them, and what do i have to modify in the report, to be related to what i found during the exam ? Any other explanations are welcome. I am a beginner, and i still don't know how to make a pentest report, after finishing a penetration testing exam.Thank you.
Ok
@@DevSecHacker Please give more details on my question.
Hi bro, Can I have your contact details please, I would like to connect with regarding mobile PT please
Explanation in this video is great. Keep doing good videos like this.
Thanks, will do!
i wish finding these bugs where as easy as this lab
Absolutely yes.
keep it up man, do you have a discord?
Nope
:)
thank you i am new subscriber
Thanks for subscribing! And please do like also, so that it can recommend to more people who want to know.
@@DevSecHacker can u share use more about account takeover bug throw id parameter Sqli in id parameter
Sure. Let me add that into my upcoming list
Never commented on any video love the way you told 😮🎉
Thank you. Then do support by subscribing.
can i get src code pls
github.com/RajuGanapathiraju/VulnerableLabs/blob/main/ssrf_bypass.js
Nice ❤❤
Thanks 🤗
Hey could you make a video regarding XSRF-TOKEN/CSRF?
I will. Please do like and subscribe
Good insights
Bro you didn't show how to get reverse shell? Can we use here bin/bash for reverse connection in net cat? Also how get complete shell like full root shell using SSTI Vulnerability?
This video is intended to show SSTI detection method and exploitation (SSTI to RCE). If you are interested to know more, I will make a part 02 video on it.
@@DevSecHacker Thanks bro make interesting tutorials on topics like these such as Deeply understanding all types SQL injections on live target in simple Url, Hackbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of shells in different ways to get reverse shell. Command injections in new ways by bypassing restrictions of Clouflare and getting reverse connections. These are very important topics of cybersecurity and interesting for everyone who are interested in cybersecurity/hacking/pentesing. These were my bonus tips 😉 for your next tutorials. People are mostly interested in these topics even I am too...i believe you will bring and present such all tutorials in nice way and new ways...Keep growing 💗 thank you❣️❣️❣️
@DevSecHacker Thanks bro make interesting tutorials like these such as deeply understanding all types sql injecti*ns on target in url, h*ckbar, through intruder mode(burpsuite),sqlmap bypassing of cloudflare, lite speed server then getting databases without error. SSTI in different ways on live target you can hide url of the target if you want for youtube polices. How to scan SSTI using advance tools. LFI, RFi on live target and uploading of she*lls in different ways to get r*verse sh*ll. C*mmand injections in new ways by byp*ssing restrictions of Cloudflare and getting r*verse connection. These were my bonus tips for you to upload such interesting topics because people are mostly interested in these topics and even I am too...I hope you will upload such nice contents thank you...
Nice demo! The question I can’t get out of my head is “why isn’t this called JavaScript injection”. It seems directly analogous to a SQL injection but with JS instead of SQL. The term XSS just doesn’t compute in my head.
Yes. You can call it as a form of javascript injection since malicious script will inject in the web pages. According to owasp top 10 - 2021 even XSS also categorized in injection part. for reference owasp.org/Top10/A03_2021-Injection/
Notable suggestions, keep doing more shorts like this
Sure 😊
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
if you want to support my work: www.buymeacoffee.com/devsechacker
Thanks mate!
you are welcome.
Great Collab🎉
Thanks
Now added few more improvements for this tool like database integration, de-duplications, state management, parsing the html for results and generating a final report. you can see that as a v4.js file in my github.
Great explanation
Thanks and please do support by subscribing to my channel for more videos like these.
hallelujah. you're my savior, man. my own personal jesus christ.
Thank you. Then please do support by clicking the subscribe button 🙂
Great tool. Fantastic. In free version it will only allow 10 uses per 24 hours. Pro version allows 250 uses in 24 hours but it costs $ 20 per month
I appreciate this video! Great work!
Thank you. It pays off all the time that I spent.
Good information
Thanks
Is it Legal to use the Dark Web?
It is not illegal but buying illegal products and watching illegal content in the dark web is punishable offense.
Ok but how can a attacker change dns settings of a company make make local host point to some other ip ?? Please help 🙏
In this bypass no need to change company settings, just bind two ip addresses(one is not restricted ip address like google ip and other is restricted ip address like localhost) for the same domain and pass the domain as a user input. For binding two ips to same domain you can use the dns rebinder service that i shown in the video.
@@DevSecHacker ok thanks 🙏
Yeah ive already found 2 bugs with this and submitted them to intigriti. This cut the time for me almost in half it feels like. Im so glad i founad this. Like i stuck gold, lol. Great vid. Im just worridd about the bad guys using it for the wrong reasons.
How u able to find bugs with this
Excellent .. Bro .mastu chepinav
Thank you. Do subscribe and you will get more content.
I thought you are using downloaded model from hangingface site
We can do that as well. But I didn't do it in the video.
How much size to download I'm using mobile data only
You can directly use it on the web by login either using github or gmail account. Visit whiterabbitneo.com as shown in video
Great content 👏
Thank you 🙌
What a Vision.. What a Thought... Pichollu aypoyaru andaru.
I’ve found this when I ran nuclei on my target and didn’t know the exploit. So it is necessary to find ssrf first to chain with dns rebinding?
If there is an SSRF issue and if target is restricted to do internal ip scanning then you can use dns rebinding to bypass the restrictions. Even if they restricted aws metadata ip address also you can bypass it using dns rebinding.
@@DevSecHacker nuclei shows dns rebinding and the severity was high but I didn’t find ssrf yet.
What template did you used for this?
As a beginner in the Security space, this video was a goldmine of information on security practices. Your expertise shines through - keep these videos coming!
Good to hear. It gives me a kick.
Nice initiative and good information
Thanks dude for regularly following my videos.
What's the remedy to the situation?
we need to implement proper synchronization mechanisms to ensure the correct and secure execution of code in multi-threaded or concurrent environments. For achieving it 1. we need to implement atomic operations designed to be executed as a single, uninterruptible unit, preventing race conditions. 2. locking mechanisms which Locks ensure that only one thread can access a shared resource at a time. In our case, findOneAndUpdate mongo query will help to prevent this. refer this for detailed understanding medium.com/@codersauthority/handling-race-conditions-and-concurrent-resource-updates-in-node-and-mongodb-by-performing-atomic-9f1a902bd5fa
Thanks for the video now I got the clarity on race conditions.
Thanks for making part 2
You're welcome 😊
Thanks for making Part2 Video