The Top 3 Web VULNERABILITIES with Nahamsec
HTML-код
- Опубликовано: 2 июн 2024
- In this video, Nahamsec tells us the top 3 vulnerabilities he looks for on hacking engagements or bug bounties. Complete with a war story or two!
Like, share, subscribe if you think this is good content!
// Links and things //
Nahamsec Channel - / @nahamsec
Nahamsec Website - nahamsec.com/
Hacker 101 - www.hacker101.com
TryHackMe - www.tryhackme.com
VulnHub - www.vulnhub.com/
Intro to Bug Bounty - www.udemy.com/course/intro-to...
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywireshark
▶Getting Started with Nmap - bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtualwireshark
== Private Wireshark Training ==
Let's get in touch - packetpioneer.com/product/pri...
Chapters:
0:00 Welcome Nahamsec!
0:32 Top Three Vulns
1:23 How does SSRF work?
4:00 Can we see this in Wireshark?
5:28 How can I learn more?
6:55 What is next?
www.packetpioneer.com - Наука
Chris first of all thanks for sharing your knowledge to us
Your my inspiration Chris
I learned lot of concept from your vedio
The way of your teaching is awesome
❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥❤️🔥
I appreciate that!
Im here Chris Thank for this content !!
i have qst plz need clear answer cuz im new in bug bounty field whats mean (enumeration ) i try in yt but i didn't get it
thanks
Hello Bro..
I am completely new to wireshark and your tutorial help me a lot. Could you please give me some filters to identify UDP packet loss between a source and destination (there are multiple hops in between) . I have end to end PCAP and want to see which hop is limiting or dropping the packets as from source I am sending 500 Mb and in destination I am getting only 120 to 200 Mb
Hi Chris great show. Chris my next passion after CCNA, Will go on prof Wireshark compte on you very much Chris. Because u re explanations are clear and simple thx and keep it up
Thanks! Great to have you here on the channel. Go get that CCNA and keep Wireshark on the roadmap!
@@ChrisGreer thx chrris for the CCNA it's done i get now it's wiresharke for me God blessu
Best expert ever I do have a question if a company has Cisco router and fortgate firewall and windows server which one will be on charge with DHCP server thank you
DHCP is a broadcast, so all three would respond if they’re all on the same broadcast domain. The client would take its pick (usually would take whichever server responded first)
@@uttherkunst3806 I knew this but from your point of view with device will work better for DHCP server
I kinda have a motto… let routers route, let switches switch, let servers serve. DHCP is a service, so I would prob put it on the server and leave the network alone. Or a device like Infoblox…
@@ChrisGreer thank you so much
If company apps all are available via VPN, then how PenTester can access them and test them without VPN Creds ?
Great session! Thanks.
ya packet capturing a ssrf is pretty useless. You might be able confirm the endpoint is not a server. assuming the compromiser don't understand or have a known subdomain and that is not hiding behind anonymous whois. Just Finding out in network in a capture is slim. Seeing what the internal endpoint is doing is your best bet. its pretty late by then and the auditor is being paid.
hello man i love you
That's deep bro
Put us sites, tools, scripts, or to decrypt files .CAP
Are there any payment sites and can I make them for free?
Can I create a Python script or decrypt any file I want
Does unzip files PDF and RAR applies to .CAP
Not sure on the exact question - kinda loaded - for files I always check with virustotal.com. Haven't heard of a python script that does what you are asking. Anyone?
@@ChrisGreer
HELP ME
I want to decrypt .CAP files
There may be sites that provide decryption services or tools for browsers or Linux systems
Second