Hey, can you timestamp the section of the video so I can review? 😁

@@intigriti at 5:15 when you decoded the jwt it shows that there is a "kid" claim in the header , but at 10:24 you embedded the whole "jwk" parameter not just the new "kid"

Thank you! 😊

Thank you! 🙂

Thanks! Can you be more specific on the sound quality? This is the first comment I've seen to say it's bad, most comments talk about how clear and crisp it is 😕

@@intigriti i never said your video is bad nor i meant a bad comment, it’s just when you start most of your sentences the first two-three words get cut, i don’t know if it’s just me ? But thanks for the efforts really appreciate it

No problem! 🥰 I just want to try and confirm if there's an issue.. I haven't noticed that before or had any similar reports. Can you give me timestamp as an example so I can check? Maybe also test with another device if possible 🙏

​@@intigriti Yes you are right i've tried using my phone , only on my laptop, it comes from me, idk why, Thanks anyway for the reply wish you best of luck

Hey, please double check the video - it was recorded recently so unlikely anything has changed!

@@intigriti Could you give me a way to contact you directly, I'll pay!

Awesome! 👏

🙏🥰

Hi there! Best thing is to check CVE databases and vuln scanners e.g. snyk to see what known vulnrabilities exist. Next, look at the specific details for those vulns to find out what the requirements are, and whether they are exploitable in your specific scenarios. Couple of links: www.tenable.com/plugins/nessus/168500 + vulners.com/nessus/WEB_APPLICATION_SCANNING_113581 but bare in mind that newer versions of PHP are less likely to be vulnerable, often you'll be better off focusing on application specific implementation, e.g. look for vulnerabilities in the code/features of the website, rather than the underlying libraries.

@@intigriti thanks 🙏

Added the scripts here, so you can follow along 😉 github.com/Crypto-Cat/CTF/tree/main/web/WebSecurityAcademy/jwt

@@intigriti thanks ❤