14 күн бұрын
3 ай бұрын
3 ай бұрын
4 ай бұрын
5 ай бұрын
5 ай бұрын
5 ай бұрын
9 ай бұрын
10 ай бұрын
10 ай бұрын
10 ай бұрын
10 ай бұрын
11 ай бұрын
Пікірлер
@thechannelofmine Күн бұрын
Are you active on HackerOne?
@halfman.halfamazing3113 Күн бұрын
Love thos ghibli style and loft stuff
@5s4l1p1fcw Күн бұрын
Good one, thank you
@user-st7dot Күн бұрын
🎉🎉🎉
@EmmanuelAwuzie Күн бұрын
hello medusa, thank you for sharing im interested but im having issues joining the discord group. due to verification
@kashif_ali6919 Күн бұрын
Everyone facing same thing I have completed verification but I don't have access of anything
@Medusa0xf Күн бұрын
Try Again?
@ShehanGgga 5 күн бұрын
Hello your telegram or what's app?
@kashif_ali6919 10 күн бұрын
voice + guidence i love that
@Medusa0xf Күн бұрын
Thank you!
@mohadjermohamed3439 14 күн бұрын
8 MINUTES FOR ONE SINGLE PAYLOAD WHICH EXISTS IN THE INTERNET FROM 2000
@Medusa0xf 11 күн бұрын
That's great that you understand, but not everyone does.
@testauthoritytes9917 16 күн бұрын
Why did you check "Remeber Me". Bad People may want to look into BITB😁
@Dxrk.24 18 күн бұрын
Expecting more of these! ❤︎
@kittoh_ 18 күн бұрын
Question: If the user clicks the forgot password link to reset the password, then gets redirected to a malicious site, given that the user forgot the password thus will not be able to provide login credentials so is the user safe from this kind of attack? And also most reset passwords links only requires email which is not so sensitive info.
@Medusa0xf 18 күн бұрын
Yes, in the case of password resets, most web applications ask for only the email address or username. However, since an email address is considered PII (Personally Identifiable Information), it’s a security vulnerability if it gets leaked in the response or URL. It’s still worth noting that if an attacker gains access to the email, they can chain multiple vulnerabilities together to launch further attacks. For example, if the web application lacks rate limiting and the attacker already has the username/email, they could perform a brute-force attack to guess the password. Another scenario could involve chaining an XSS vulnerability: if the user is already logged in, the attacker could exploit the reset password redirect. Even though the redirect is intended for password reset, it doesn’t matter-by using a JavaScript payload, the attacker could exfiltrate the user’s cookies, as I discussed in the video. I hope this clears up your doubt.
@AsilentWolf-c2c 18 күн бұрын
By the way, your voice is so pretty.
@MianGG-c 14 күн бұрын
this is not real, its an text-speech-gen , her real voice is in the snake-bites podcast.
@SumitYadav-lr5vy 18 күн бұрын
Can you create a long video on how you hunt for bugs(manually hunting bac related bugs) on real world target?
@Medusa0xf 18 күн бұрын
I'll consider about that.
@Code_x_876 18 күн бұрын
Please@@Medusa0xf
@amoh96 18 күн бұрын
yes good idea
@SumitYadav-lr5vy 18 күн бұрын
amazing video
@Medusa0xf 18 күн бұрын
Thank you!
@RareVampire-c6s 20 күн бұрын
The voice is ❤
@rajmaharjan5437 21 күн бұрын
glad I found this gem :)
@Medusa0xf 19 күн бұрын
Thanks!
@bambastala7446 21 күн бұрын
Don't use anime it's distracting
@alfonzo7822 24 күн бұрын
Hi! Loved this, you have some good content. It's always good to find someone new to sub to.
@Medusa0xf 21 күн бұрын
Thank you so much!!
@T3chnocr4t 25 күн бұрын
well explain and concise
@T3chnocr4t 25 күн бұрын
Love the video, well explained
@Medusa0xf 21 күн бұрын
Glad you liked it!
@Dxrk.24 27 күн бұрын
Awesome as usual!
@Medusa0xf 21 күн бұрын
Thanks!
@Aquax1000 27 күн бұрын
We want to see 😢 videos but I'm using it for sleeping 💤😴
@alfonzo7822 24 күн бұрын
Such a soothing voice I can't blame you!
@wmpdx7 27 күн бұрын
Love you 😘👌
@aechapark4299 27 күн бұрын
Welcome back, pls make a video on how to bypass cloudflare
@T3chnocr4t 27 күн бұрын
thanks for explaining i really understand
@Medusa0xf 21 күн бұрын
Glad to hear that
@SinergiasHolisticas 27 күн бұрын
Love 🎉it
@H4ckerNafeed 28 күн бұрын
The tiny note name? where u using to save payloads?
@senlin9414 Ай бұрын
Great Content, but the background shouldn't be flickering.
@Medusa0xf 19 күн бұрын
Thanks for the tip
@halfman.halfamazing3113 Ай бұрын
Unable to focus while stuff running on the background with distracting music, it would be better if the video is some calm or lofi stuff.
@Medusa0xf Күн бұрын
Yeah i've been experimenting with editing. Check out the new video, you will love it!
@asfdfuck Ай бұрын
xoss crush 😁
@user-tr3sh8tp9p Ай бұрын
Great explanation. Thanks
@comosaycomosah Ай бұрын
well put together
@Medusa0xf Ай бұрын
Glad you liked it!
@testauthoritytes9917 Ай бұрын
Medusa reminds me modlishka. Anyway great explanation. Some more points - you have worked on lazy loading cache hit and cache miss architecture that has a condition that this type if cache poisioning is only real of cache is updated. There are some more architecture you may want to explore, its write through and session storing. For write through architecture , cache cant be poisoned or updated to be delivered to multiple users for same content if you are not writing to DB. For session storing cached architecture mechanisms xss will fall short and you may want to try csrf.
@Medusa0xf Ай бұрын
How about you share some articles for this on my server?
@nishantdalvi9470 Ай бұрын
Please make this sort of video for Oauth misconfiguration as well
@Medusa0xf Ай бұрын
Noted
@Bluesurfer-w8g Ай бұрын
Ps : don't use glitch screen background when explaining something, it's uncomfortable
@testauthoritytes9917 Ай бұрын
How comfortable is that when you have your website hosting different image or probably your user poset is changed or someone rides csrf and transfer legit amount from your digital wallet to some of your friend that you don't know. Get used it if you are blue 🔵, life will be less stressful 😊
@pratiksawant8119 Ай бұрын
Agree
@shouvikkundu8289 Ай бұрын
Yup it's kinda make us distract
@Medusa0xf Ай бұрын
Okay
@mysteriousministar2481 Ай бұрын
Nice video
@Medusa0xf Ай бұрын
Thank you!
@dittonachan Ай бұрын
great explaination, loved it.
@Medusa0xf Ай бұрын
Thank you!
@OXIESEC Ай бұрын
Nice informative,+1 subscriber
@Medusa0xf 21 күн бұрын
Awesome, thank you!
@smilehackermax Ай бұрын
Nice one!
@Medusa0xf Ай бұрын
Thanks!
@Aquax1000 Ай бұрын
Yo man hook me up with some BAC resources (not basics)
@Medusa0xf Ай бұрын
You should hear this podcast. kzbin.info/www/bejne/rWWQkKqalLeYjpYsi=hnBOCR2AioksJdFH
@Aquax1000 Ай бұрын
@@Medusa0xf I hate that smile do you have any other resources where you are the only one like same as this video. I love your blog but it's very nice to see any video on that. If you don't mind Medusa I'm doing fully manual testing now including BAC,Auth and OAuth so can you tell me am I missing out on something here ?
@RareVampire-c6s 2 ай бұрын
Voice 😍
@maxautism6602 2 ай бұрын
Love the animation and the informative video - thanks a bunch!
@Medusa0xf Ай бұрын
i'm glad!
@AfarTech 2 ай бұрын
I don't know how can i say thank you, it's just an amazing lesson and a very clear speech, especially your voice😍 and I want to tell you my heart See My Profile i want Response Am Just kidding You are the first person who helped me to learn Penetration Testing easily thank you very much Medusa .💖🤗😬😄
@jxkz7 2 ай бұрын
Nice explanation
@Medusa0xf Ай бұрын
Thank you!
@cocoonkid4321 2 ай бұрын
really good!
@Medusa0xf Ай бұрын
glad you enjoyed it!
@smilehackermax 2 ай бұрын
So good!💥
@Medusa0xf Ай бұрын
Thanks!