Check the description for the giveaway rules!

This month I learned about how to bypass profile pic upload functionality whenever server checks the content of the image. This functionality is bypassed by bypassing thr gd-php library which is used by the server for validating

amazing, this could be probably one of the biggest information that i have ever been given. we need such playlist more and more in upcoming days. The way how you explain is an amazing.

This month, I learned the importance of building your own methodology, not copying others as well as the need to dig into the tools we use in order to understand how things can be done better.

I found a web cache poisoning attack as of result of your previous web cache video, will def. look out for this... Your videos are great by the way...short but quite explanatory, exactly what I need.

I am beginner in bug bounties thanks for sharing, learned a lot keep making these type of videos.

Another excellent, expertly done video. Thank you. Your uploads are clear, concise, brief and informative. Any time I'm having a problem I always check your videos FIRST to see if you have a demonstration about that topic as I prefer your explanations compared to others

Very information vedio

Very Informative My Dear :) I'm Really impressed , cuz had been searching for a practical use of cache poisoning and dns hijacking all over the internet for like a lot of time, but what I found was only theory , I did manage to perform Dns hijacking from registrar but not cache poisoning until i saw this video thanks a lot.

Yaayyy! You're back! I learned a lot this month thanks to your channel.

Farah, video is great, but if the background music volume reduced little bit that will be better to concentrate on the juicy content you offer us. Thanks for all your efforts to our community.

This was the best Cache poisoning video I have ever seen! Thanks Farah :)

Hey Farah, great video as always! Am learning from them and looking forward to more... And learning about exploiting null byte buffer overflow from one of Sam Currys posts but haven't been able to digest it fully yet. Hope to do so soon... Stay safe and keep making those awesome vids girl... Till then

If you're hitting the cache and the cache is not refreshing. Try replacing GET with PURGE in the request

Thank you for this video. It cleared my most of the doubts regarding web-cache poisoning.

This Month, I learnt more About SSRFs, how to gain RCE through different parameters, more on Reflected XSS and some sprinkle of XXEs :)

El próximo video podría ser sobre IPSec y su Anti Replay para concienciar y cambiar a IPv6? Soy un fan de IPv6, dejar atrás NAT y A record. Abrazar los AAAA récord.

Hi 😆 This month I've learned Public key Cryptosystems The RSA ALGORITHM Diffie Hellman Key exchange Comparison of RSA and DES Elliptic curve Cryptography Number theory Concepts

Short and sweet.. Thanks @farah

I learn Today web cache poisoning, great video, Thank You.

Interesting..I love this video. It's helpful for my career.

A/s as i started web testingas my career so i also always explore types of web vulnerability and you did great job at this time . 👍🏻 keep it up

In this month I learned about redos

This month I studied many vulnerabilities based on the OWASP top 10. I use Burp suite as a tool for penetration testing, starting with solving several web security academy labs (Portswigger), after that I practice doing (ethical) penetration tests on several web applications where I work for. From there I found quite a number of severity level vulnerabilities from LOW to Critical (SQL Injection). BTW, thanks for uploading this video. That has been a huge help in my journey into cybersecurity. Twitter : @muhandipras

Long time no see ❤️

I learned some bypass bypassd mfa 403 2f and many more things:P

In this month i have mainly focused on cashe poisoning...I've read about cashe poisoning earlier but those are not easy to understand but your video is too good and easy to understand...I'm definitely gonna apply your tips mentioned in this video..!! And thanks for creating super video ! @HajareRutvik

Hello Farah ! so in this month i've learned Broken access control and privilege escalation .I 've also submitted a bug report related to privilege escalation(finger crossed) . Hope you have a good day .@ShantoJj

This month i have read 4 chapters (xss - Attacking Access Control - Attacking Application Logic - Attacking Back-End Components ) of The Web Application Hackers Handbook @delox101

i learned qualys app scan, it is really very useful for devsecops

Thanks for your amazing chennal, how we could find blind sqli I know that type of bug but how can find it

Thanks a lot for this video. I definitely learned a lot of things. Geep up the good work

Thanks :) it was very helpful

Welcome back

This week I read an article about exploiting Regular Expressions , which for me was very amusing because I never thought Regular Expressions can be exploited. Basically we can provide certain string to the RE engine and it will cause it to waste it resources thereby creating a kind of a DOS Attack. Your videos are short and to the point. Thanks for sharing the knowledge with the community. Keep Going Girl!!! Twitter Handle: @Phantom80305095

Who all know me I am one of the first giveaway winners 😎😎

can you plzz make a video about IDOR on post request???

Thank you for the insightful video!

This is actually a good video.

Thanks Farah. 👍

Nice work......keep sharing information.....🙂

In this month i learned a lot by doing challenges. I think open redirection is occurs in every page if we spider is correctly. I can across a new open redirect bug in between the url. I hoping a certificate for that bug. Thank

please, could you enable subtitles on the video?

new thing i have discoverd is farah hawa is an indian

Hey great video 😀. To poison the cache response, our task is to find a unkeyed input and poison , So we are using param miner to mine headers that can be reflected in response if used in the request ?? Is this correct ??

Any idea on the tool using here?

How to exploit web cache poisoning with X-timer header?

Great content, neatly presented.

In this mounth iam found in glitch in whatsapp. In read receipt function ..👍 I request you please tell me the from where I star the hacking journey. And sorry iam not using Twitter and some one deserve that giveaway not me because I have not master on pentesting

Thank you very much, keep it up ❤

The coolest thing I learned this month was to use Python to create a simple web server in order to copy files over the Internet from the directory where I start the server. The command is: python -m SimpleHTTPServer 8080 @cts_technology

Great presentation

I am very new in this field jst read web application hacker handbook 2 @1-6 chapters and learn abbout -Host header attack and 2- bussiness logic vulnerability and at last 3 - web cache poisoning bt nt this 1 lab. I am not able or i am not understanding how to apply can someone help me

Awesome

I have learnt more about Graphql and how to make queries. As always great video! @xdms85

Thank you.

Thank you so much Farah, very useful content, I enjoyed learning about this topic that I didn't know so much. Take care, hope you're doing well in University and keep it up. Well done.

Yeah . This month I learnt bash & RCE via Shell upload . Twitter handle @Kg_siddharth

Tried learning some basics of android security and also started solving some ctf's at hackerone. Twitter handle: @psychedelicbyte

I learnt jwt and web chach poisoning this month. Thanks for those videos And Thanks for your amazing content 😊 @AnshBhardwaj999

Hey Farah ! can a web cache poisoning vulnerability be used to get cookies of other users ?

madam im complete beginner... basically im a mechanical engineer... i just know computer fundamentals, linux shell... exactly i dont know from where to start.... which programming language should i chose first??? please kindly suggest me!!!

I learn invest in pentesterlab to get advance stuff otherwise we have lot of "For Begineers" content available. @mt_ins

App ke video bhot late hain Videos weekly basis pa upload kia karain

I am noob to hackthebox and learning pwk. This week worked my way through legacy box.. kept myself away from the writeups and it was a ton of learning. @muralidharan89 -

gud one..

Very Well Explained

was learning basics about buffer overflow and practiced some forensics tools. Twitter handle: @vuld0

beautiful lady with beautiful video ...

This month i learned more about blind ssrf and AD exploitation too, @kr1n1k

I have learned Nuclei & ffuf tool this month. @sunilb77

Learnt how to find bugs this month!!! Twitter Handle: @OH4ul

Correct me if I'm wrong. This isn't poisoning a DNS server cache but rather the web servers cache itself?

I learned react native app webview debugging and this cache poisoning @zaheckmania

This video gave me the much needed perspective on how to use Param Miner. Thanks a ton. As for the giveaway, I recently learnt about HTTP Request Smuggling Attack this month. My twitter handle is @ladysecspeare. Thanks for providing such useful content for beginners :) You're an inspiration

👍👍

One of the things i learned this month is server side template injection, studied james kettle research on it. If i gets pentesterslab it'll help me a lot. Thanks @UsmanMansha420

I learnt about the attacking on the application server(Encoding and Canonicalization) @darshan33871353

Such a nice video about cache poisoning And I am also in list of competition for pentester academy course Luckily if I won till end of my life remember you for giving a free skill through course This month I learned about advanced manual sql injection and xxe attacks Twitter id : @Abhi_koolkarni

I have been learning more and more about Burp Extentions, Right now I am unable to use any hope it will help me in the future. My twitter handle is @6manideep

Can you make video on track phone with phone number

Thanks for the video. This month I learnt so far, and still learning: JWT based attacks and XXE injection Twitter- @ArseneSky

Learning new thing every day thanks to you and this awesome community out there for such content........ I'm glad to have you all ...you people are the one that much us thrive with such great knowledge :) @0x_Mantis

I learnt about how to use burp suite!! Twitter handle : akshaynew2011

Hello mam, I learnt to extract stored chrome browser passwords through my python script. @abhijitastlar

This month I learnt how to hunt for XSS reflective,stored and basics of sast,dast testing of Android app Twitter handle:@adityarpai843

Age is the criteria to find whether the page is being cached or not. Am I right? Or is there any other way?

How can we test this without attacking other users visiting the site ?

This month, I have learnt how an user can exploit a web sever and cache so that harmful response is served to other users. Twitter : @pavanchow_ and last week I wanted to scan an address range but it would take forever to do so with nmap. I came across masscan and ZMap. But I liked masscan as I have learnt that it can scan the whole internet under 10 mins. Masscan might really be useful in CTFs.

I learned different encryption mode in cryptography. Working to solve labs on ECB and CBC. BTW I like your videos. @roze222_sa

really explained well. This month I learned python scripting from Coursera & it's more interesting & I'm choose to go for python automation. Twitter -- n4veenx

Learnt about big-ip vulnerabilities 2020-3452 2020-3187 cve. @fahimmelethil

This month I completed portswiggers challenges and I submitted a bug to bugcrowd which was a duplicate and won't fix as well, Twitter @Hr1chHaxor.

😇😇😇😇😇 super

I learned about FFUF in depth from codingo. Twitter Handler: @binsec01

Saw a mind blowing demo on how you can persist and call back a shell in the container environment where lambda/function as a service execute and this demo was applicable to all the current existing cloud vendors. The attack is very sophisticated and requires you to gain access to the cloud environment first. I am preparing the same demo to actually get a hang of it. Handle:- witherer6

This month i learned about xss,host header injection and url redirection and i also completed the web for pentesters from pentester lab from free and i really want to learn more from it it would be so helpfull if you give me one so that i can complete the badges and gain more and more knowledge. And btw thanks for the giveaway💫✨🤗 twitter id- @prakashaditya_

Noice

I have learned and currently working on Authentication Bypass Attacks and my twitter id is @Archak19 .. Miss I love to see your videos and learns a lot from them Thanks....

1. i learnt Api pentesting this whole month 2 twitter.com/Vsadawari