that's why most framework today sanitize user input
@Cybrcom4 күн бұрын
Absolutely! Another reason why it's recommended to use frameworks over rolling out custom code. Of course users can still make mistakes when implementing, and/or frameworks can still have vulnerabilities, but it helps a lot!
@ZeinotGaming4 күн бұрын
@@Cybrcom yeah but everyone in 2024 uses a frameworks... i personally use Laravel <3
@theminester78979 күн бұрын
Very useful to get an idea of what the product offers, thanks.
@mrdkaaa10 күн бұрын
Why a **scan** actually **does** privilege escalation. That's stupid.
@Cybrcom9 күн бұрын
What? Some scans are read only, others can perform write operations. That’s fairly common with automated tooling. Why is that stupid
@NadembeBabrah13 күн бұрын
Am doing bit bachelors second year but just do teach slowly
@tgsoon200217 күн бұрын
This is no full tutorial. just a basic one.
@Cybrcom17 күн бұрын
What did it not include that you would have like to see?
@tgsoon200217 күн бұрын
@@Cybrcom If it is full tutorial. I want to see you go to detail on each part of the process. and example on those. Not just mention. What you used are just using prebuilt or existing rule. you didn't go through the custom rule. you haven't show the CLI version of this service. So in my oppinion, it not worth to be called "Full Tutorial"
@Cybrcom17 күн бұрын
Thanks for your feedback
@Cybrcom19 күн бұрын
Sorry, I put the wrong link to the cheat sheet at the end of the video and missed the error before uploading. Click on the link in the info card instead!
@monique900323 күн бұрын
How do you get Prowler to work on Azure?
@Cybrcom23 күн бұрын
Are you encountering issues? It should work the same, just using Azure credentials instead of AWS. More details here: docs.prowler.com/projects/prowler-open-source/en/latest/#azure
@monique900323 күн бұрын
@@Cybrcom I keep trying to apply the service principal instructions and there's nothing that tells me how to enter it in it keeps giving me an error
@AzizGuesmi-kb9dk24 күн бұрын
bro do u have insta i wanna talk to u about something important
@MaryBecken24 күн бұрын
great explanation- would love a full course!
@EduPrepApoc29 күн бұрын
This is awesome. Need more :)
@Cybrcom27 күн бұрын
Glad you liked it! We just released a free cheat sheet you can download here: cybr.com/terraform-cheat-sheet And we released a Terraform course last week: cybr.com/courses/terraform-on-aws-from-zero-to-cloud-infrastructure/
@anand1448Ай бұрын
IBM Concert would be its competitor soon
@CybrcomАй бұрын
Interesting to see what it does
@DGOODIN2024Ай бұрын
All of them I’m new to cybersecurity trying to break into the field
@AndrewMarhefkaАй бұрын
Thank you for the acronym list !
@sauarbhdiwanАй бұрын
For starting docker service in kali sudo /etc/init.d/docker start
@khadiii60Ай бұрын
The installer has detected an unsupported architecture. VirtualBox only runs on the amd64 architecture. I get this error
@CybrcomАй бұрын
Are you running on Apple silicon? If so, this is a known issue. VirtualBox and Apple silicon don’t mix well together
@Allie19863Ай бұрын
I'll be writing my Security + Exam on Wednesday. I came on YT to look for a good explanation of XSS and your video delivered. TY! New subscriber!
@CybrcomАй бұрын
That’s awesome! Glad the video helped. Please let us know how your exam goes 😁
@sandeeptripathi4352Ай бұрын
Thank you for posting the recording for the study group session 🤩🤩
@catsNcodeАй бұрын
you forgot the third option :)
@CybrcomАй бұрын
Sorry not sure what you are referring to :)
@pablogonzalezrobles803Ай бұрын
Thanks 😊
@mesutoezdilАй бұрын
Thanks for the video!
@nates92112 ай бұрын
@Cybr Appreciate the honest assessment.
@valisherxolbekov2 ай бұрын
rm -rf / -no-preserve
@Cybrcom2 ай бұрын
💀💀
@valisherxolbekov2 ай бұрын
@@Cybrcom help me kali is not working
@ManInTee2 ай бұрын
But if I'm an attacker targeting a popular website that isn't escaping script tags, won't I have to take lots of additional steps to get the response page with the malicious script sent to another web application user that isn't me? I assume if I wanted to do this with Google (and if Google was vulnerable), I would send the script in the search bar, then Google would respond to MY machine with the page with malicious payload. Not seeing how that would be dangerous to anyone but the attacker.
@Cybrcom2 ай бұрын
Yes and no. What you've described is basically a form of Self-XSS. Some apps may only be vulnerable to that degree and nothing more, in which case the impact is minimal (but not non-existent -- look up Self-XSS examples), but a lot of times it's just the starting point. If an attacker finds a vulnerability like that, they will have to take extra steps (sometimes many extra steps) to find a way to exploit it at a larger/more impactful scale. But, some XSS can be submitted via URLs (think phishing), while other XSS (like stored XSS) would be permanently added to a web page (think comments like this one or other permanent user-submitted inputs) where my XSS gets loaded for every user viewing this comment, as an example.
@rlsn-kali2 ай бұрын
great video bro
@Cwhitlock-StudyGRC2 ай бұрын
🔥 Thank you for sharing!
@oluwagbohunmiajani24572 ай бұрын
Awesome. I look forward to another session. Thanks for putting up this guide.
@Cybrcom2 ай бұрын
See you there!
@lsik231l2 ай бұрын
This compliments htb's sqlmap course. Cheers for this
@abhinavs032 ай бұрын
Descriptive and easy to follow content, awesome work Cybr team!
@Cybrcom2 ай бұрын
Appreciate it!
@DommageCollateral2 ай бұрын
techbro no1
@Cybrcom2 ай бұрын
🤔
@anonim0912 ай бұрын
too much info, not understandable, not direct
@Cybrcom2 ай бұрын
👍
@kwiatriot61902 ай бұрын
Great lab to demonstrate AWS Secrets Manager enumeration. Awesome you guys are putting this up as free content too!
@Cybrcom2 ай бұрын
Thanks for the comment! I’m glad it’s helpful and we’ll keep putting out!
@exploreThe_2 ай бұрын
✅
@farhanishraq58122 ай бұрын
thank you sooooo much can not thank you enough for this lesson <3
@PreduringR63 ай бұрын
My docker won’t install it says “waiting for cache lock: could not get lock”
@Cybrcom3 ай бұрын
I would try restarted the VM/computer. Seems like something in apt is locking up for some reason
@profesurtom3 ай бұрын
isn't the scaning a target is a 2nd phase for pentesting?? while not Info Gathering?
@profesurtom3 ай бұрын
Hey if we shut down our system or close the docker seession do we need to download them again . and btw i love your videos and content you provide . THANKS FOR THEM , you are just helping us more than you think.!!!
@Cybrcom3 ай бұрын
You don't need to re-download the docker images, you can just re-launch a new container with the same image(s). But if you take actions in the container, those actions will get wiped every time you shut down the system or destroy the container. You can get around this if you need to by setting up persistent storage though: docs.docker.com/guides/docker-concepts/running-containers/persisting-container-data/
@santiagocardonahenao76473 ай бұрын
Thank you so much for the video, I'm studying a Master's of Science in Cybersecurity and it was really helpful for a class. ✌
@Cybrcom3 ай бұрын
Awesome! Glad it helped
@Free.Education7863 ай бұрын
parameters do not appear to be injectable
@DhanBdrKarki3 ай бұрын
i'm getting issues like "The security score cannot be calculated until AWS Config is enabled and resource recording is configured."
@Cybrcom3 ай бұрын
Some parts of Security Hub rely on AWS Config to be enabled and running with resource recording to work, which is why you're getting that error
@DhanBdrKarki3 ай бұрын
@@Cybrcom thank you
@LEKIPE13 ай бұрын
Where is the full course
@Cybrcom3 ай бұрын
Not created yet :) It has been getting more and more requested recently though so I might bump it up in priority!
@milangerloff52523 ай бұрын
i am following the exact steps except sqlmap is not doing anything it just stopped : sqlmap -u 127.0.0.1/vulnerabilities/sqli/?id=212&Submit=Submit# --cookie="v09fjlf03mjchvfgi9rceelrs1;security=low" --tables [INFO] testing connection to the target URL got a 302 redirect to '127.0.0.1/login.php'. Do you want to follow? [Y/n] [6]+ Stopped sudo sqlmap -u 127.0.0.1/vulnerabilities/sqli/?id=212
@moonlightsoldier84433 ай бұрын
Full course
@EVAVALENCIA-e3l3 ай бұрын
You are going too fast . I am a beginner and You lost me
@Cybrcom3 ай бұрын
Thanks for the feedback. At what point did you get lost?
@EVAVALENCIA-e3l3 ай бұрын
I will review the video over and over to catch up. Thank You
@Cybrcom3 ай бұрын
Sounds good, let me know if I can help clear something up
@NavjotSingh-s5i4 ай бұрын
why you said S not AWS
@Cybrcom4 ай бұрын
??
@Scott7694 ай бұрын
Also a very shit tool hahaha linux is shit
@abelchigombetatenda47574 ай бұрын
Hi there, I would like to know if when I purchase your courses on your website, is it full-time access or...?
@abelchigombetatenda47574 ай бұрын
i see
@Cybrcom4 ай бұрын
What do you mean by full time access? If you purchase a membership, you’ll have access to all of our training materials. If you purchase single courses, you’ll only have access to that course’s materials but access will never expire
@PloddingDream-px3fz4 ай бұрын
You were able to explain this topic as if someone has never scene it, yet leaving them with a solid understanding of a high-level view.