Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication. Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university. // University // The Generic University on GitHub: github.com/InsiderPhD/Generic-University // MENU // 00:00 - Coming up 01:16 - Katie's KZbin channel // Recommended playlists 02:31 - How to hack and change your grades // "Generic University" 03:26 - Generic University demo // Burp Suite 04:25 - API vulnerabilities // Bug bounty 07:50 - Generic University demo (continued) 21:27 - Thinking outside the box // Hackers mindset 25:34 - Katie's PhD 26:10 - Will AI take over? 29:42 - Advice for getting into cyber-security 34:01 - Recommended KZbin playlists 35:44 - Recommended sites and books 36:48 - Conclusion // Final words // Videos discussed // Everything API Hacking: kzbin.info/www/bejne/r3S4gnWZZ9eMb7s Hacker Toolkit: kzbin.info/www/bejne/l3-Wf5Svq8lqfLc Burp for Beginners: kzbin.info/www/bejne/i5jFiqKwfplmbK8 OWASP Top 10 owasp.org/ // Books // Hacking API’s by Corey J Ball: amzn.to/3JOJG0E Bug Bounty Bootcamp Vickie Li: amzn.to/3SPCtBF // Free API hacking course // APIsec Certified Expert Course: university.apisec.ai/ // Katie's Social // Twitter: twitter.com/InsiderPhD KZbin: kzbin.info Website: insiderphd.dev/ The Generic University on GitHub: github.com/InsiderPhD/Generic-University // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin Main Channel: kzbin.info KZbin Tech Channel: kzbin.info/door/ZTIRrENWr_rjVoA7BcUE_A KZbin Clips Channel: kzbin.info/door/bY5wGxQgIiAeMdNkW5wM6Q KZbin Shorts Channel: kzbin.info/door/EyCubIF0e8MYi1jkgVepKg Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Generic University Challenge // Vulnerabilities: API1:2019 Broken Object Level Authorization API2:2019 Broken User Authentication API3:2019 Excessive Data Exposure API5:2019 Broken Function Level Authorization API6:2019 Mass Assignment API7:2019 Security Misconfiguration Your Goals: - Find the emails of the administrator - Brute force the API to find new endpoints - Find out what grades everyone got in a class - Edit someone's grade - Make an account - Access the GraphQL API - Change another account's password - Login to your account - Access admin API - Find out what vulnerabilities the IT admins have ignored - Make your account an admin - Access the admin control panel - Fire a blind XSS in the admin control panel and validate with your new admin account - Delete everything - Restore everything Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

the fact that you provide all of this for free is truly astounding. Keep it up, it's really cool!

Love how david controls conversations and keeps experts from going to far over people’s heads

Thank you for your channel and thank you Katie for your insight and encouragement.

David B. has done it again! Dr Katie is FEAR-less while hacking those APIs. You are rocking the content and presenting awesome guess. Thank you for being a blessing to the community. 🤓👨‍💻

Great guest as always, David!. Greetings from Mexico City.

Eagerly and literally need this from you Mr David

Everytime David posts a video, my dream of living off hacking and bug bounties becomes stronger

Another great video David ive been binge watching your videos since Tuesday!

Katie seems pretty awesome! Thanks for bringing her on.

Feeling so inspired and positive after this recommendation , thanks!

I didn't know much about BurpSuite before watching this video. I am improving my knowledge because of you. Thank you so much Mr David 🙋‍♂

i saw several video of yours today and realized you are phenomenal interviewer, questions are spot on. thank you David!

In my youth, hacking my grades would have been the only chance I had to get high marks.😂

I’m going to go hard into bug bounties during my winter break in two weeks, thank you David!!!

This is actually how I graduated early. I went to a remedial highschool and we had to take multiple classes online. Well the teacher had to reset our tests/change grades if we didn't pass with his password at our console. Well I saw his password one time and was able to login and change many of my grades to show that I had passed a bunch of tests I didn't to take. I was so done with highschool

At the right time👌. During this week I will pass my first term exams😂😂. Mr.david you're a mind reader 😆

ThankYou David and Dr. Katie.

I can't thank you enough for providing this vid... Actually I was learning IDOR vuln and want to practicing on Generic University but can't find any resource about it...searched and this just got appeared.

It's so amazing how you help people out with your service. Continue the good work

Thanks for sharing, hopefully this will educate schools on what not to do and what to look for and what they should do to secure their systems.

Haven't watch to the end but I'm already loving it.....thanks david

When you realise you need to study to hack your grades just to compensate for what you not done before your exams......

When Katie told the story about her mother being TERRORFIED of Computers, That part HIT HOME!😊

Thanks guys so much great information. Keep up the great work

Great video and an eye opener. Thank you for the information.

Thank you so much David for bringing such a video i hope this will help me. I just want to know is it possible on the real website?

This is 100% true, I also once hacked a voting system website just by replacing /login with /register. It turned out I was able to register as an admin, it was the simplest yet powerful hack I used before.

Great guest as usual. I subscribed to her channel.

Love people, who have the talent to explain. Thank you.

hahahaha 24:24 I was listening so attentively and the B roll and caption killed me!

I HAVENOT BEEN DISAPPOINTED WITH A VIDEO FROM THIS CHANNEL YET!👔🎉

Another great guest! thank you!

my highschool used Aeries software , in 2003 i figured out how to access the master accounts by bypassing the schools user login system that ran across every pc on campus. I made a usb that would boot full version of windows isntead of the schools version between bios and windows level. I was able to bypass all the internet filters and had full access to the pc's. It took the cisco networking teacher/class 2 years to figure it out. All of the Teacher computers were all named uniquely since they were the only ones who were able to name the pc's so it was very easy for us to get into the network and see wich physical devices were the teachers lol. The school used to put black rubber film over the keyboards in typing class and the software would keylog EVERY key stroke and judge typing accuracy. it would dump the logs to a central PC that was setup. we found the economics teacher had logged in to a student pc, and logged into Aeries so we logged into his account and changed a bunch of peoples grades, and also took Aeries down for about 4 months by changing the teachers login and passwords. deleting the excel files that aeries would store etc etc. We got suspended and i didnt get to walk across stage at graduation because of it. I got kicked off the baseball team, water polo team etc. I got in a ton of trouble and wasnt allowed to use any Pc at school for the rest of the time i was there. the teachers could never figure it out, i got ratted on by someone whos grades we changed.

I have attention deficit disorder. All this time I've been saying, look at what Katie's saying, now watch out - now David. Okay, okay, no, don't look at the green creature on the shelf behind Katie. Listen... Very good, I was so proud of myself and then all of a sudden - spongebob speaking spanish ! 🤣🙈

Which course should I do in ethical hacking or cyber security?

I searched this question in the URL out of curiosity. I can't believe there is a video that is so blatant about it. Currently laughing.

I used an system i set up to rewrite excellence (a+) work exemplars supplied by the education system where i live. The system found synonyms for all applicable words. Step two was to put it through a text summarizer. 3 was a stolen text checker. Allways got a plus

Please awaited to hear from you

I like to tell my students who always ask about hacking the best hack I ever done. About ~13 years ago when you would go to the bank and ask for an account and you would ask for internet control of that account (internet was kinda new here so not everyone had it by default) the bank would obviously make an account for you and give you the first time credentials to said account. Now the thing is they gave you the credentials on a sealed piece of paper, most people would take the piece of paper with them home, log in and then change their passwords. But not everyone, some people decided that they'll write down the credentials in their personal notebook for easy memory and just throw the credential paper away. I guess you can see where this is going, I just stood outside the bank, and waited for someone to throw away pieces of paper. Dumpster dive for them and like 1/1000 you're gonna hit the jackpot.

I'm doing my Masters Degree in Computer engineering and I hate it. I want to switch to information security but here in Russia foreigners are not allowed to study infosec for whatever reasons... I'm dying from the inside doing what I don't love... I don't know what to do

I’m already subscribed and I have learned a lot from her she’s great!

do a video of how to stay consistent? i like your consistency of posting new quality content videos.

I hacked into my schools network when I was in middle school. I didnt change a single grade but the school wanted to expel me. They failed in this but still it managed to cause enough trouble to ruin my early hacking career.

Another great video, thank you

David, your video is great. Please make more videos with Katie; I adore the way she explains things.

The movie wargames in the 80s was the first time I seen this practice...he was in high school changing grades

I was fully capable of changing any grade in high school, but never stupid enough to actually do it. They even stored all students locker combinations on a central server, so if I wished, I could open any locker. Good times.

Now I am gonna change my grades. Inspiration: Thank you David sir

Hello Mr. bombal can you please make a video on installing kali Linux on a Samsung galaxy device with android 12

Hello Mr David and Dr Katie, I'll like to ask, what if the website your trying to test does not have an API and you are only able to use burp suite. What will you advice you do in such situation.

my russian exams site still have a leak on the api thing, there is a .js file that shows all API listings on their website, made a script using python, and basically loaded all the answers before the exams using the updated cookie they gave. i finished 10-11 classes this August using the script. i use arch btw

7/11/2022 - At Twitter, as well as at some banks, the answer appears to be lines of code. - Good engineers produce a lot of them.... never mind security which is more considered...

Very interesting, what are the website, tools to start as a beginner please I your help take me through all this

is it still not working😢? iam starting my pentesting course, i have mac m1pro so u think i should seal it and buy windows?beacuse as you say some tools doesnt work?

Finally it's here ❤️

I actually graduated from Generic University. I got a degree in Translating British to English.

Not going to lie this sounds like a good way to get kids into cybersecurity

Love from India sir❤️ Your content is amazing it helps me a lot

Can I contact your team to change my undergraduate grades please

in a prev video you said you will be showing what you can do with the kali nethunter termux but you haven't even mentioned it since, have you forgotten or have u decided it isn't worth making a video about?

Like the people you interview with anyone who will love to teach I want to be an ethical hacker or cybersecurity but don’t know where to learn it

I remember doing this with just social engineering and a Bad USB attack as the college servers were too easy to access

THIS is what blockchain should be used for: Creating an immutable ledger so that entries cannot be changed.

I have used burpsuite but never considered looking at APIs like that.

Massive Respect David sir.. 🙏

HOLY MOLY I NEED IT

Cant wait to add a bit of bruteforce and loads of proxies for deauth countermeasures

very cool! more videos like this)

This is awesome!!

Hi David... I recently watched your video on how to install Kali nethunter on an android phone. After completing all the steps and installing nethunter kex. I'm unable to connect openvpn and network manager is disabled. Do I need to root my phone in order to get it enabled?

Just go to Inspect Element, change the numbers, be so happy that you will want to repeat the year!!

this was a great talk... 👍🏼 will be def looking into more api stuff

Please tell me process to hack write protected sd card to retrieve data

Hi SiR David I'm so sad it's because when i try my router crack my password my linux zsh no such file or directory kali linux can you help to fix this???

Dr Kate Paxton Fear or BLINDSPOT Ashley Johnson ? WOW Amazing lol

Video teaching how to hack grades at school be like 1:13: "The following demonstration is for EDUCATIONAL purposes only"

I miss the old days in the 90s of directory manipulation.

Creativity (art) was the first thing they (AI) replaced.

I think it is a high time for me to gat bater grades.greetings from uganda

It would be nice to having Katie on your KZbin David. Thanks for sharing Katie

Leaving a relationship you’re not happy in is much easier than emotionally damaging someone. But selfish people don’t get that

any smart contract content David??

I subscribed Katie.

What does it mean to have a rabbit in the control system

this sounds silly, but I appreciate her work

is she using mac m1or m2 please answer me

"Be an information Sponge"-Dr. Katie Paxton

Great video, thanks.

the way i see it, if you can hack your university you don't need to hack your grades, you're smart enough you hacked your school.

Katie iam a bad guy ,I think we can be friends since you like playing with bad guys,thank you so much david

is the software open source?

Oh boy, the 12 year old version of me in 1983 doesn’t need to see this ;-)

Hello,can you help me improve my exam result from the website?

You know how to hack your grades? Show up to class, Participate, Do the homework and and do well on quizzes tests and exams

Greating from Ethiopia

Hi David,thank you very much for the great content,I love all your subjects that you bring up to the table I just wana to mention if possible that you talk about decentralized VPN and if you can get some experts to talk about it ( cause I see a very good project called deeper connect) you can search about it of course I see it as very interesting kind of technology in these days. Thanks a lot again for everything I learnd alot from you and your video. All the best

This is something incredible 🌝

How do I get the university to process my student loans

name of software for Mac ?