TIMESTAMPS ######### Web 00 - Introduction 00:00:00 Web Exploitation Course ######### Web 01 - Introduction to Web Exploitation 00:03:17 Introduction 00:05:37 Clients and Servers 00:07:37 The HTTP Protocol 00:11:47 HTML 00:17:00 CSS 00:18:57 JavaScript and the DOM 00:23:00 Web Applications 00:29:07 Overview so far 00:30:47 HTTP is stateless 00:32:57 On Malicious HTTP requests 00:35:39 Introduction to BurpSuite 00:40:03 Using BurpSuite 00:48:02 A first vulnerability 00:52:42 Conclusion ######### Web 02 - Getting Used to BurpSuite 00:54:32 Introduction 00:55:52 Initial Setup 01:07:57 Installing PortSwigger CA certificate 01:12:12 Starting the web application 01:13:02 Configuring the scope 01:19:22 Proxy interception 01:23:27 Repeater 01:28:12 Decoder 01:30:32 Comparer 01:31:32 Analyzing cookie structure 01:36:32 Intruder 01:40:28 Sequencer 01:41:32 Dashboard 01:43:22 Extensions 01:45:32 Conclusion ######### Web 03 - SQL Injection 01:47:03 Introduction 01:50:18 Databases and Structured Query Language (SQL) 02:03:43 Simple queries 02:09:33 Interpreters 02:14:18 Injections 02:17:45 Example 1 - PHP Snippet 02:25:33 Example 2 - DVWA easy 02:37:13 Example 3 - DVWA medium 02:40:47 Example 4 - SecureBank ######### Web 04 - Directory Traversal 02:48:08 Introduction 02:49:53 Tomcat Setup 02:57:48 Static Web Application 03:02:08 Dynamic Web Application with JSP 03:03:48 Fuzzing with wfuzz to discover parameter 03:07:48 Analyzing the disclosed stacktrace 03:10:53 A simple Directory Traversal 03:16:03 A more complex Directory Traversal 03:20:58 Directory Traversal in SecureBank 03:26:58 Conclusion ######### Web 05 - File Inclusion 03:28:03 Introduction 03:29:55 Example 1 - LFI with JSP 03:46:13 Example 2 - LFI with php 03:57:53 Example 3 - RFI with php 04:03:03 Example 4 - DVWA challenges 04:12:53 Example 5 - Leak source code with php filters ######### Web 06 - File Upload Vulnerabilities 04:17:49 Introduction 04:19:29 Explanation of lab 04:24:11 POST request to upload a file 04:29:29 Reading php code 04:37:49 Solving level 1 04:43:41 Solving level 2 04:47:14 Solving level 3 04:56:31 PortSwigger Academy lab 1 05:00:56 PortSwigger Academy lab 2 05:02:33 PortSwigger Academy lab 3 05:08:27 Conclusion ######### Web 07 - Command Injections 05:09:31 Introduction 05:10:46 Some Intuition on Command Injections 05:16:36 DVWA level low 05:32:06 DVWA level medium 05:38:46 DVWA level high 05:40:34 DVWA level impossible 05:45:26 Port Swigger Lab 1 05:49:26 Port Swigger Lab 2 05:53:26 Port Swigger Lab 3 05:59:06 Conclusion ######### Web 08 - Cross Site Scripting 06:00:07 Introduction 06:03:07 Client-side attacks 06:06:42 Stored XSS - Intuition 06:18:07 Stored XSS - Leaking session cookie 06:25:47 Reflected XSS - Intuition 06:30:27 Reflected XSS - Leaking session cookie 06:33:37 DOM XSS 06:41:32 Review so far 06:43:12 Conclusion ######### Web 09 - Enumeration of Files and Directories 06:45:54 Introduction 06:48:54 Docker lab setup 06:50:34 Intuition on Web Enumeration 06:58:59 Using gobuster 07:02:49 Scenario 1 - Directory Enumeration 07:05:41 Scenario 2 - Files Enumeration 07:09:54 Review so far 07:12:37 Scenario 3 - Custom 404 page 07:18:39 Conclusion ######### Web 10 - Enumeration of Virtual Hosts 07:21:11 Introduction 07:21:56 Docker lab setup 07:24:44 Intuition on virtual hosts 07:30:11 Host header in HTTP requests 07:34:11 Enumeration of virtual hosts 07:38:04 Using gobuster 07:40:21 How to access virtual hosts 07:46:41 Differences between Virtual Hosts and Domain Names 07:49:11 Conclusion ######### Web 11 - Enumeration of Parameters 07:51:16 Introduction 07:53:06 Docker lab 07:56:51 Wfuzz scenario 1 - discovery of parameter name 08:12:26 Wfuzz scenario 2 - discovery of debug parameter 08:15:21 Wfuzz scenario 3 - discovery of parameter value 08:21:46 Insecure Direct Object Reference (IDOR) 08:24:16 Wfuzz scenario 4 - sending requests to burpsuite 08:26:31 Wfuzz scenario 4 - discovery of POST data 08:28:00 Conclusion ######### Web 12 - Brute Force Attacks 08:28:26 Introduction 08:30:50 Scenario 1 - Brute Forcing SSH 08:43:42 Scenario 2 - Brute Forcing FTP 08:48:01 Scenario 3 - Brute Forcing HTTP Basic Auth 08:50:56 Scenario 4 - Brute Forcing DVWA login 08:57:26 Conclusion ######### Web 11 - DNS Zone Transfer Attacks 08:58:16 Introduction 09:01:26 Difference between VHOST and DNS 09:06:11 What is a DNS zone transfer? 09:07:51 DNS zone transfer in practice 09:12:31 Final Overview 09:14:16 Conclusion copied from description for ease of use!

Never stop doing these videos because i learn so much from you. Thank you

Sir, im only 35minutes in and you officially are my first mentor... the way you explain things so simply to beginners is MAGICAL ... although i already knew some things before but you reintroduced them to me in a new amazing way.... please never stop teaching us ur ways we need people like you !!

This is what I NEED, a real pentest on a test website. NOT those long 2hours live then they're just doing recon.

The world is better place with people like you, thank you for sharing this informative course

Quality video -- This will be my summer study plan!

The hero we needed

A thousand and one likes man. I love the pace if your teaching. I'm a complete newbie, but your coverage of the concepts, has drawn me to study with this course. +1 Sub

I haven't watched it but I subscribed and liked this vid. Hoping to watch this on my free time. Thank you for this stuff 😊

It's a gold mine! Amazing content as always.

GODDDD THANKYOU I WILL WATCH IT ALLL !

just getting started with this course. i will let keep you updated

bro 9 hours this is a goldmine

loved it .. learned a lot ... thank you !

Woh woh woh, wait a sec, this is so awesome. Thank you soo soo much.

Terrific , amazing, hats off to your efforts 💢❤💥💫

I always enjoy your content. They all amazing. I wish you could make a video on how to create a custom wordlist for directory and file brute-forcing.

I love the video so much. Thanks a lot for sharing

Rly nice content, you are very good teacher, very clear and concise explanations. I learn a lot. Thank You for your work.

Very good presentation my man! You are a superb teacher

why this video have only 21K views.....very awesome lecture bro pls keep doing

Great stuff mate. Cheers for some nice videos!

This is great man, thanks a lot. You have a new follow now 💚

Great video man

Lavoro erculeo. Congratulazioni e saluti dal Brasile!

nice video, learned docker thanks to you !, suggest best free cyber security certification.

Amazing stuff, many thanks, keep going, best regards

@hexdump do you have videos on webshells, convering samurai & mutillidae among other tools used for webshell detection, mitigation and prevention?

Sick content brah! Keep it coming

Great video! Keep up the good work. Subscribed.

Simply amazing ❤

Thanks this was really helpful.

great work..Thank you

Bro this is gold 🥇🥇🥇🥇🥇🥇🥇🥇🥇

what are the pre-requites for this video? I don't have knowledge in networking

Hey Leo, awesome video!! What is your terminal setup? Is this like a terminal emulator extension of Emacs or something?

thanks for education sir🙏

Love your video

Amazign content Pr Leonardo ! Thank you so much for what you do :)

i can't find the repo of the securebank to clone and run localy , any help ?

I can't able see localhost in http history in burpsuite

Great great great 🔥🔥😍

Cool one

Thank you.

Thank you for the video I have a question, please Are these topics cover some certifications content? Like what you did with OSCP?!

Its just amazing

what os are you using, and how you move between workspace ❤ love your videos 😊

3:29:57 Hi I am not able to find the php dir in your repo 3:30:27 Also couldn't find app dir

thumpsup! 😃

Perfect video for advance dev

sir is this course for complete beginners? is this an web exploitation same as web penetration testing ?

Hi hexdump I really want to setup my tomcat like yours but I can't and files are different coz you are using tomcat version 8 and it's version 10 can you make video of how to setup version 10

started today

I need my certification please

Let's see how it goes i've just started the video

I wish you could do one on how to create custom wordlist

What app using to show this notes in terminal please answer

keep it up

well I am here just for your accent !

when will u upload the notes on ur github?

cheers!

Is this beginner-friendly?

Man i love your accent am trying to concentrate but the accent i love it 🤣🤣🤣🤣🤣🤣🤣🤣

Gold

Parli inglese da dio! Ce l hai anche in ita il corso?

2:05:18

be regular

porcoddio se si sente l’accento 😂

Sir i am not abel to understand your voice please talk slowly