Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication. Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university. // University // The Generic University on GitHub: github.com/InsiderPhD/Generic-University // MENU // 00:00 - Coming up 01:16 - Katie's KZbin channel // Recommended playlists 02:31 - How to hack and change your grades // "Generic University" 03:26 - Generic University demo // Burp Suite 04:25 - API vulnerabilities // Bug bounty 07:50 - Generic University demo (continued) 21:27 - Thinking outside the box // Hackers mindset 25:34 - Katie's PhD 26:10 - Will AI take over? 29:42 - Advice for getting into cyber-security 34:01 - Recommended KZbin playlists 35:44 - Recommended sites and books 36:48 - Conclusion // Final words // Videos discussed // Everything API Hacking: kzbin.info/www/bejne/r3S4gnWZZ9eMb7s Hacker Toolkit: kzbin.info/www/bejne/l3-Wf5Svq8lqfLc Burp for Beginners: kzbin.info/www/bejne/i5jFiqKwfplmbK8 OWASP Top 10 owasp.org/ // Books // Hacking API’s by Corey J Ball: amzn.to/3JOJG0E Bug Bounty Bootcamp Vickie Li: amzn.to/3SPCtBF // Free API hacking course // APIsec Certified Expert Course: university.apisec.ai/ // Katie's Social // Twitter: twitter.com/InsiderPhD KZbin: kzbin.info Website: insiderphd.dev/ The Generic University on GitHub: github.com/InsiderPhD/Generic-University // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin Main Channel: kzbin.info KZbin Tech Channel: kzbin.info/door/ZTIRrENWr_rjVoA7BcUE_A KZbin Clips Channel: kzbin.info/door/bY5wGxQgIiAeMdNkW5wM6Q KZbin Shorts Channel: kzbin.info/door/EyCubIF0e8MYi1jkgVepKg Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Generic University Challenge // Vulnerabilities: API1:2019 Broken Object Level Authorization API2:2019 Broken User Authentication API3:2019 Excessive Data Exposure API5:2019 Broken Function Level Authorization API6:2019 Mass Assignment API7:2019 Security Misconfiguration Your Goals: - Find the emails of the administrator - Brute force the API to find new endpoints - Find out what grades everyone got in a class - Edit someone's grade - Make an account - Access the GraphQL API - Change another account's password - Login to your account - Access admin API - Find out what vulnerabilities the IT admins have ignored - Make your account an admin - Access the admin control panel - Fire a blind XSS in the admin control panel and validate with your new admin account - Delete everything - Restore everything Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

the fact that you provide all of this for free is truly astounding. Keep it up, it's really cool!

Thank you for your channel and thank you Katie for your insight and encouragement.

Another great video David ive been binge watching your videos since Tuesday!

David B. has done it again! Dr Katie is FEAR-less while hacking those APIs. You are rocking the content and presenting awesome guess. Thank you for being a blessing to the community. 🤓👨‍💻

I didn't know much about BurpSuite before watching this video. I am improving my knowledge because of you. Thank you so much Mr David 🙋‍♂

i saw several video of yours today and realized you are phenomenal interviewer, questions are spot on. thank you David!

Great guest as always, David!. Greetings from Mexico City.

Love how david controls conversations and keeps experts from going to far over people’s heads

Another great guest! thank you!

Great video and an eye opener. Thank you for the information.

Thanks guys so much great information. Keep up the great work

Haven't watch to the end but I'm already loving it.....thanks david

ThankYou David and Dr. Katie.

Katie seems pretty awesome! Thanks for bringing her on.

I can't thank you enough for providing this vid... Actually I was learning IDOR vuln and want to practicing on Generic University but can't find any resource about it...searched and this just got appeared.

Love people, who have the talent to explain. Thank you.

Everytime David posts a video, my dream of living off hacking and bug bounties becomes stronger

Eagerly and literally need this from you Mr David

It's so amazing how you help people out with your service. Continue the good work

When Katie told the story about her mother being TERRORFIED of Computers, That part HIT HOME!😊

I’m going to go hard into bug bounties during my winter break in two weeks, thank you David!!!

Another great video, thank you

Feeling so inspired and positive after this recommendation , thanks!

In my youth, hacking my grades would have been the only chance I had to get high marks.😂

Thanks for sharing, hopefully this will educate schools on what not to do and what to look for and what they should do to secure their systems.

Finally it's here ❤️

Love from India sir❤️ Your content is amazing it helps me a lot

do a video of how to stay consistent? i like your consistency of posting new quality content videos.

At the right time👌. During this week I will pass my first term exams😂😂. Mr.david you're a mind reader 😆

I HAVENOT BEEN DISAPPOINTED WITH A VIDEO FROM THIS CHANNEL YET!👔🎉

Please awaited to hear from you

This is actually how I graduated early. I went to a remedial highschool and we had to take multiple classes online. Well the teacher had to reset our tests/change grades if we didn't pass with his password at our console. Well I saw his password one time and was able to login and change many of my grades to show that I had passed a bunch of tests I didn't to take. I was so done with highschool

very cool! more videos like this)

Massive Respect David sir.. 🙏

HOLY MOLY I NEED IT

Thank you so much David for bringing such a video i hope this will help me. I just want to know is it possible on the real website?

Great video, thanks.

Great guest as usual. I subscribed to her channel.

Hello Mr David and Dr Katie, I'll like to ask, what if the website your trying to test does not have an API and you are only able to use burp suite. What will you advice you do in such situation.

David, your video is great. Please make more videos with Katie; I adore the way she explains things.

is it still not working😢? iam starting my pentesting course, i have mac m1pro so u think i should seal it and buy windows?beacuse as you say some tools doesnt work?

I’m already subscribed and I have learned a lot from her she’s great!

When you realise you need to study to hack your grades just to compensate for what you not done before your exams......

in a prev video you said you will be showing what you can do with the kali nethunter termux but you haven't even mentioned it since, have you forgotten or have u decided it isn't worth making a video about?

Hi David... I recently watched your video on how to install Kali nethunter on an android phone. After completing all the steps and installing nethunter kex. I'm unable to connect openvpn and network manager is disabled. Do I need to root my phone in order to get it enabled?

my highschool used Aeries software , in 2003 i figured out how to access the master accounts by bypassing the schools user login system that ran across every pc on campus. I made a usb that would boot full version of windows isntead of the schools version between bios and windows level. I was able to bypass all the internet filters and had full access to the pc's. It took the cisco networking teacher/class 2 years to figure it out. All of the Teacher computers were all named uniquely since they were the only ones who were able to name the pc's so it was very easy for us to get into the network and see wich physical devices were the teachers lol. The school used to put black rubber film over the keyboards in typing class and the software would keylog EVERY key stroke and judge typing accuracy. it would dump the logs to a central PC that was setup. we found the economics teacher had logged in to a student pc, and logged into Aeries so we logged into his account and changed a bunch of peoples grades, and also took Aeries down for about 4 months by changing the teachers login and passwords. deleting the excel files that aeries would store etc etc. We got suspended and i didnt get to walk across stage at graduation because of it. I got kicked off the baseball team, water polo team etc. I got in a ton of trouble and wasnt allowed to use any Pc at school for the rest of the time i was there. the teachers could never figure it out, i got ratted on by someone whos grades we changed.

Very interesting, what are the website, tools to start as a beginner please I your help take me through all this

I subscribed Katie.

I used an system i set up to rewrite excellence (a+) work exemplars supplied by the education system where i live. The system found synonyms for all applicable words. Step two was to put it through a text summarizer. 3 was a stolen text checker. Allways got a plus

Hi David,thank you very much for the great content,I love all your subjects that you bring up to the table I just wana to mention if possible that you talk about decentralized VPN and if you can get some experts to talk about it ( cause I see a very good project called deeper connect) you can search about it of course I see it as very interesting kind of technology in these days. Thanks a lot again for everything I learnd alot from you and your video. All the best

love it

I was fully capable of changing any grade in high school, but never stupid enough to actually do it. They even stored all students locker combinations on a central server, so if I wished, I could open any locker. Good times.

Can I contact your team to change my undergraduate grades please

It would be nice to having Katie on your KZbin David. Thanks for sharing Katie

Hi SiR David I'm so sad it's because when i try my router crack my password my linux zsh no such file or directory kali linux can you help to fix this???

loved it

Like the people you interview with anyone who will love to teach I want to be an ethical hacker or cybersecurity but don’t know where to learn it

hahahaha 24:24 I was listening so attentively and the B roll and caption killed me!

I'm doing my Masters Degree in Computer engineering and I hate it. I want to switch to information security but here in Russia foreigners are not allowed to study infosec for whatever reasons... I'm dying from the inside doing what I don't love... I don't know what to do

is she using mac m1or m2 please answer me

I hacked into my schools network when I was in middle school. I didnt change a single grade but the school wanted to expel me. They failed in this but still it managed to cause enough trouble to ruin my early hacking career.

I like to tell my students who always ask about hacking the best hack I ever done. About ~13 years ago when you would go to the bank and ask for an account and you would ask for internet control of that account (internet was kinda new here so not everyone had it by default) the bank would obviously make an account for you and give you the first time credentials to said account. Now the thing is they gave you the credentials on a sealed piece of paper, most people would take the piece of paper with them home, log in and then change their passwords. But not everyone, some people decided that they'll write down the credentials in their personal notebook for easy memory and just throw the credential paper away. I guess you can see where this is going, I just stood outside the bank, and waited for someone to throw away pieces of paper. Dumpster dive for them and like 1/1000 you're gonna hit the jackpot.

The movie wargames in the 80s was the first time I seen this practice...he was in high school changing grades

How do I get the university to process my student loans

Please help me 😭

this was a great talk... 👍🏼 will be def looking into more api stuff

This is 100% true, I also once hacked a voting system website just by replacing /login with /register. It turned out I was able to register as an admin, it was the simplest yet powerful hack I used before.

Great video. I'm a network engineer trying to become a little more broad and I'm definitely subbing to insiderphd

I remember doing this with just social engineering and a Bad USB attack as the college servers were too easy to access

Is it possible to hack radio FM

Please tell me process to hack write protected sd card to retrieve data

name of software for Mac ?

what if i didn't find the api ?

Cant wait to add a bit of bruteforce and loads of proxies for deauth countermeasures

Just subbed to her channel

I have attention deficit disorder. All this time I've been saying, look at what Katie's saying, now watch out - now David. Okay, okay, no, don't look at the green creature on the shelf behind Katie. Listen... Very good, I was so proud of myself and then all of a sudden - spongebob speaking spanish ! 🤣🙈

How to bypass iphone 6splus hello sreen

Which course should I do in ethical hacking or cyber security?

this sounds silly, but I appreciate her work

Hello Mr. bombal can you please make a video on installing kali Linux on a Samsung galaxy device with android 12

I have used burpsuite but never considered looking at APIs like that.

book pdf link?

This is something incredible 🌝

What is this debugging app ??

any smart contract content David??

Not going to lie this sounds like a good way to get kids into cybersecurity

What does it mean to have a rabbit in the control system

"Be an information Sponge"-Dr. Katie Paxton

Greating from Ethiopia

7/11/2022 - At Twitter, as well as at some banks, the answer appears to be lines of code. - Good engineers produce a lot of them.... never mind security which is more considered...

THIS is what blockchain should be used for: Creating an immutable ledger so that entries cannot be changed.

I actually graduated from Generic University. I got a degree in Translating British to English.

Now I am gonna change my grades. Inspiration: Thank you David sir

Sir, I am from a non-IT background, but I wish to start my career in ethical hacking I want to learn everything which is essential to become an ethical hacker and it is also my desire that you could like to be my mentor?

What's her yt channel name again?

my russian exams site still have a leak on the api thing, there is a .js file that shows all API listings on their website, made a script using python, and basically loaded all the answers before the exams using the updated cookie they gave. i finished 10-11 classes this August using the script. i use arch btw

Please can you help to hacky results

But Would the school actually notice if one student out of 1000 changed there results though?

❤