Hack your grades

Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.
Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university.
// University //
The Generic University on GitHub: github.com/InsiderPhD/Generic-University
// MENU //
00:00 - Coming up
01:16 - Katie's RUclips channel // Recommended playlists
02:31 - How to hack and change your grades // "Generic University"
03:26 - Generic University demo // Burp Suite
04:25 - API vulnerabilities // Bug bounty
07:50 - Generic University demo (continued)
21:27 - Thinking outside the box // Hackers mindset
25:34 - Katie's PhD
26:10 - Will AI take over?
29:42 - Advice for getting into cyber-security
34:01 - Recommended RUclips playlists
35:44 - Recommended sites and books
36:48 - Conclusion // Final words
// Videos discussed //
Everything API Hacking: ruclips.net/video/yCUQBc2rY9Y/видео.html
Hacker Toolkit: ruclips.net/video/aN3Nayvd7FU/видео.html
Burp for Beginners: ruclips.net/video/UgbYozI436M/видео.html
OWASP Top 10 owasp.org/
// Books //
Hacking API’s by Corey J Ball: amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: amzn.to/3SPCtBF
// Free API hacking course //
APIsec Certified Expert Course: university.apisec.ai/
// Katie's Social //
Twitter: twitter.com/InsiderPhD
RUclips: ruclips.net/user/InsiderPhD
Website: insiderphd.dev/
The Generic University on GitHub: github.com/InsiderPhD/Generic-University
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips Main Channel: ruclips.net/user/davidbombal
RUclips Tech Channel: ruclips.net/channel/UCZTIRrENWr_rjVoA7BcUE_A
RUclips Clips Channel: ruclips.net/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
RUclips Shorts Channel: ruclips.net/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// Generic University Challenge //
Vulnerabilities:
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API5:2019 Broken Function Level Authorization
API6:2019 Mass Assignment
API7:2019 Security Misconfiguration
Your Goals:
- Find the emails of the administrator
- Brute force the API to find new endpoints
- Find out what grades everyone got in a class
- Edit someone's grade
- Make an account
- Access the GraphQL API
- Change another account's password
- Login to your account
- Access admin API
- Find out what vulnerabilities the IT admins have ignored
- Make your account an admin
- Access the admin control panel
- Fire a blind XSS in the admin control panel and validate with your new admin account
- Delete everything
- Restore everything
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

the fact that you provide all of this for free is truly astounding. Keep it up, it's really cool!

Love how david controls conversations and keeps experts from going to far over people’s heads

Thank you for your channel and thank you Katie for your insight and encouragement.

Everytime David posts a video, my dream of living off hacking and bug bounties becomes stronger

At the right time👌.
During this week I will pass my first term exams😂😂.
Mr.david you're a mind reader 😆

Katie seems pretty awesome! Thanks for bringing her on.

This is actually how I graduated early. I went to a remedial highschool and we had to take multiple classes online. Well the teacher had to reset our tests/change grades if we didn't pass with his password at our console. Well I saw his password one time and was able to login and change many of my grades to show that I had passed a bunch of tests I didn't to take. I was so done with highschool

David B. has done it again! Dr Katie is FEAR-less while hacking those APIs. You are rocking the content and presenting awesome guess. Thank you for being a blessing to the community. 🤓👨‍💻

Eagerly and literally need this from you Mr David

i saw several video of yours today and realized you are phenomenal interviewer, questions are spot on. thank you David!

Thanks for sharing, hopefully this will educate schools on what not to do and what to look for and what they should do to secure their systems.

When you realise you need to study to hack your grades just to compensate for what you not done before your exams......

Great guest as always, David!. Greetings from Mexico City.

Another great video David ive been binge watching your videos since Tuesday!

Feeling so inspired and positive after this recommendation , thanks!

ThankYou David and Dr. Katie.

Thank you so much David for bringing such a video i hope this will help me. I just want to know is it possible on the real website?

I can't thank you enough for providing this vid... Actually I was learning IDOR vuln and want to practicing on Generic University but can't find any resource about it...searched and this just got appeared.

I HAVENOT BEEN DISAPPOINTED WITH A VIDEO FROM THIS CHANNEL YET!👔🎉

I’m going to go hard into bug bounties during my winter break in two weeks, thank you David!!!

Just go to Inspect Element, change the numbers, be so happy that you will want to repeat the year!!

I didn't know much about BurpSuite before watching this video. I am improving my knowledge because of you. Thank you so much Mr David 🙋‍♂

Thanks guys so much great information. Keep up the great work

When Katie told the story about her mother being TERRORFIED of Computers, That part HIT HOME!😊

my russian exams site still have a leak on the api thing, there is a .js file that shows all API listings on their website, made a script using python, and basically loaded all the answers before the exams using the updated cookie they gave. i finished 10-11 classes this August using the script. i use arch btw

Great video and an eye opener. Thank you for the information.

Another great guest! thank you!

This is 100% true, I also once hacked a voting system website just by replacing /login with /register. It turned out I was able to register as an admin, it was the simplest yet powerful hack I used before.

In my youth, hacking my grades would have been the only chance I had to get high marks.😂

I'm doing my Masters Degree in Computer engineering and I hate it. I want to switch to information security but here in Russia foreigners are not allowed to study infosec for whatever reasons... I'm dying from the inside doing what I don't love... I don't know what to do

It's so amazing how you help people out with your service. Continue the good work

I’m already subscribed and I have learned a lot from her she’s great!

Haven't watch to the end but I'm already loving it.....thanks david

Not going to lie this sounds like a good way to get kids into cybersecurity

Love people, who have the talent to explain. Thank you.

THIS is what blockchain should be used for: Creating an immutable ledger so that entries cannot be changed.

my highschool used Aeries software , in 2003 i figured out how to access the master accounts by bypassing the schools user login system that ran across every pc on campus. I made a usb that would boot full version of windows isntead of the schools version between bios and windows level. I was able to bypass all the internet filters and had full access to the pc's. It took the cisco networking teacher/class 2 years to figure it out. All of the Teacher computers were all named uniquely since they were the only ones who were able to name the pc's so it was very easy for us to get into the network and see wich physical devices were the teachers lol. The school used to put black rubber film over the keyboards in typing class and the software would keylog EVERY key stroke and judge typing accuracy. it would dump the logs to a central PC that was setup. we found the economics teacher had logged in to a student pc, and logged into Aeries so we logged into his account and changed a bunch of peoples grades, and also took Aeries down for about 4 months by changing the teachers login and passwords. deleting the excel files that aeries would store etc etc. We got suspended and i didnt get to walk across stage at graduation because of it. I got kicked off the baseball team, water polo team etc. I got in a ton of trouble and wasnt allowed to use any Pc at school for the rest of the time i was there. the teachers could never figure it out, i got ratted on by someone whos grades we changed.

do a video of how to stay consistent? i like your consistency of posting new quality content videos.

Now I am gonna change my grades.
Inspiration: Thank you David sir

Can I contact your team to change my undergraduate grades please

Which course should I do in ethical hacking or cyber security?

The movie wargames in the 80s was the first time I seen this practice...he was in high school changing grades

David, your video is great. Please make more videos with Katie; I adore the way she explains things.

Please awaited to hear from you

I like to tell my students who always ask about hacking the best hack I ever done. About ~13 years ago when you would go to the bank and ask for an account and you would ask for internet control of that account (internet was kinda new here so not everyone had it by default) the bank would obviously make an account for you and give you the first time credentials to said account. Now the thing is they gave you the credentials on a sealed piece of paper, most people would take the piece of paper with them home, log in and then change their passwords. But not everyone, some people decided that they'll write down the credentials in their personal notebook for easy memory and just throw the credential paper away. I guess you can see where this is going, I just stood outside the bank, and waited for someone to throw away pieces of paper. Dumpster dive for them and like 1/1000 you're gonna hit the jackpot.

this was a great talk... 👍🏼 will be def looking into more api stuff

Finally it's here ❤️

I hacked into my schools network when I was in middle school. I didnt change a single grade but the school wanted to expel me. They failed in this but still it managed to cause enough trouble to ruin my early hacking career.

is it still not working😢?
iam starting my pentesting course,
i have mac m1pro
so u think i should seal it and buy windows?beacuse as you say some tools doesnt work?

Great guest as usual. I subscribed to her channel.

I used an system i set up to rewrite excellence (a+) work exemplars supplied by the education system where i live. The system found synonyms for all applicable words. Step two was to put it through a text summarizer. 3 was a stolen text checker. Allways got a plus

Hello Mr David and Dr Katie, I'll like to ask, what if the website your trying to test does not have an API and you are only able to use burp suite. What will you advice you do in such situation.

Creativity (art) was the first thing they (AI) replaced.

I searched this question in the URL out of curiosity. I can't believe there is a video that is so blatant about it. Currently laughing.

Another great video, thank you

Very interesting, what are the website, tools to start as a beginner please I your help take me through all this

Like the people you interview with anyone who will love to teach I want to be an ethical hacker or cybersecurity but don’t know where to learn it

I was fully capable of changing any grade in high school, but never stupid enough to actually do it. They even stored all students locker combinations on a central server, so if I wished, I could open any locker. Good times.

hahahaha 24:24 I was listening so attentively and the B roll and caption killed me!

in a prev video you said you will be showing what you can do with the kali nethunter termux but you haven't even mentioned it since, have you forgotten or have u decided it isn't worth making a video about?

Leaving a relationship you’re not happy in is much easier than emotionally damaging someone. But selfish people don’t get that

HOLY MOLY I NEED IT

Love from India sir❤️
Your content is amazing it helps me a lot

I have attention deficit disorder. All this time I've been saying, look at what Katie's saying, now watch out - now David. Okay, okay, no, don't look at the green creature on the shelf behind Katie. Listen... Very good, I was so proud of myself and then all of a sudden - spongebob speaking spanish ! 🤣🙈

I have used burpsuite but never considered looking at APIs like that.

It would be nice to having Katie on your RUclips David. Thanks for sharing Katie

Great video. I'm a network engineer trying to become a little more broad and I'm definitely subbing to insiderphd

This is awesome!!

I miss the old days in the 90s of directory manipulation.

this sounds silly, but I appreciate her work

7/11/2022 - At Twitter, as well as at some banks, the answer appears to be lines of code. - Good engineers produce a lot of them.... never mind security which is more considered...

Video teaching how to hack grades at school be like 1:13:
"The following demonstration is for EDUCATIONAL purposes only"

You know how to hack your grades? Show up to class, Participate, Do the homework and and do well on quizzes tests and exams

Massive Respect David sir.. 🙏

Hi David... I recently watched your video on how to install Kali nethunter on an android phone. After completing all the steps and installing nethunter kex. I'm unable to connect openvpn and network manager is disabled. Do I need to root my phone in order to get it enabled?

Hello Mr. bombal can you please make a video on installing kali Linux on a Samsung galaxy device with android 12

I actually graduated from Generic University. I got a degree in Translating British to English.

the way i see it, if you can hack your university you don't need to hack your grades, you're smart enough you hacked your school.

Cant wait to add a bit of bruteforce and loads of proxies for deauth countermeasures

any smart contract content David??

Greating from Ethiopia

Great video, thanks.

is she using mac m1or m2
please answer me

very cool! more videos like this)

"Be an information Sponge"-Dr. Katie Paxton

I remember doing this with just social engineering and a Bad USB attack as the college servers were too easy to access

Hi SiR David I'm so sad it's because when i try my router crack my password my linux zsh no such file or directory kali linux can you help to fix this???

Please tell me process to hack write protected sd card to retrieve data

Dr Kate Paxton Fear or BLINDSPOT Ashley Johnson ? WOW Amazing lol

What does it mean to have a rabbit in the control system

Please help me 😭

Mendosanonymoushack is such a blessing to all. When you follow the steps below, you attain educational freedom.

How do I get the university to process my student loans

how cam i get this software?

Please can you help to hacky results

what if i didn't find the api ?

name of software for Mac ?

Is it possible to hack radio FM

What is this debugging app ??