Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.

Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university.

// University //
The Generic University on GitHub: https://github.com/InsiderPhD/Generic-University

// MENU //
00:00 – Coming up
01:16 – Katie’s YouTube channel // Recommended playlists
02:31 – How to hack and change your grades // “Generic University”
03:26 – Generic University demo // Burp Suite
04:25 – API vulnerabilities // Bug bounty
07:50 – Generic University demo (continued)
21:27 – Thinking outside the box // Hackers mindset
25:34 – Katie’s PhD
26:10 – Will AI take over?
29:42 – Advice for getting into cyber-security
34:01 – Recommended YouTube playlists
35:44 – Recommended sites and books
36:48 – Conclusion // Final words

// Videos discussed //
Everything API Hacking: https://www.youtube.com/watch?v=yCUQBc2rY9Y&list=PLbyncTkpno5HqX1h2MnV6Qt4wvTb8Mpol&index=1&t=0s
Hacker Toolkit: https://www.youtube.com/watch?v=aN3Nayvd7FU&list=PLbyncTkpno5FsVJJHELcexexYp7tSSE0N&index=1&t=0s
Burp for Beginners: https://www.youtube.com/watch?v=UgbYozI436M&list=PLbyncTkpno5FwsKpcaiXBvmG2r75RLGo3&index=2
OWASP Top 10 https://owasp.org/

// Books //
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF

// Free API hacking course //
APIsec Certified Expert Course: https://university.apisec.ai/

// Katie’s Social //
Twitter: https://twitter.com/InsiderPhD
YouTube: https://www.youtube.com/c/InsiderPhD
Website: https://insiderphd.dev/
The Generic University on GitHub: https://github.com/InsiderPhD/Generic-University

// David’s SOCIAL //

================
Connect with me:
================
Discord: http://discord.davidbombal.com

Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Channel https://www.youtube.com/davidbombal
YouTube Tech Channel: https://www.youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

================
Support me:
================
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna

Udemy CCNA Course: https://bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// Generic University Challenge //
Vulnerabilities:
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API5:2019 Broken Function Level Authorization
API6:2019 Mass Assignment
API7:2019 Security Misconfiguration

Your Goals:
– Find the emails of the administrator
– Brute force the API to find new endpoints
– Find out what grades everyone got in a class
– Edit someone’s grade
– Make an account
– Access the GraphQL API
– Change another account’s password
– Login to your account
– Access admin API
– Find out what vulnerabilities the IT admins have ignored
– Make your account an admin
– Access the admin control panel
– Fire a blind XSS in the admin control panel and validate with your new admin account
– Delete everything
– Restore everything

hacking university
hacking school
hack school
hack university
hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course
api hacking tools
api hacking alissa knight
api hacking with postman
api hacking for beginners
api hacker
api hacking demo
api hacking kali linux
api hacking course
api hacking insiderphd
hacking an api
hack api
owasp api top 10
bug bounty
hacking apis no starch press
hacking api no starch
hacking apis pdf
hacking api book
hacking apis corey ball
corey ball hacking apis
reverse engineering
private api
apis for beginners
rest api
hacking api with postman
reverse engineering for beginners
hacking api key
what is an api
rest apis with postman for absolute beginners
rest api explained

Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

#api #hack #hacking

subscribe
  • David Bombal