How to Show Impact With SSRF (in Under 10 Minutes!) скачать в хорошем качестве

How to Show Impact With SSRF (in Under 10 Minutes!)

https://www.tcm.rocks/advanced-web-ha... - Alex is releasing new modules for his Advanced Web Hacking course every 6 to 8 weeks! Sign up for the Academy to explore this and other Web App courses. Server-side Request Forgery (SSRF) can be a powerful vulnerability to come across during an engagement or while hunting for bug bounties, but it can be a little challenging to demonstrate impact. That is where Alex comes in today with a video on how to show SSRF impact. He explores how you can leverage SSRF in AWS environments, sensitive endpoints you shouldn't be able to access otherwise, and one sneaky technique that can upgrade your SSRF payload to cross-site scripting (XSS) status. Watch to learn for yourself, and don't forget to subscribe if you enjoyed this video! Alex has way more cool stuff up his sleeve. We have two Web App certs created by Alex: The Practical Web Pentest Associate (PWPA) - https://www.tcm.rocks/pwpa-y The Practical Web Pentest Professional (PWPP) - https://www.tcm.rocks/pwpp-y And another one on the way.... #ssrf #vulnerabilities #hacking #infosec #webapp #bugbounty Sponsor a Video: https://www.tcm.rocks/Sponsors Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com 📱Social Media📱 ___________________________________________ X: https://x.com/TCMSecurity Twitch:   / thecybermentor   Instagram:   / tcmsecurity   LinkedIn:   / tcm-security-inc   TikTok:   / tcmsecurity   Discord:   / discord   Facebook:   / tcmsecure   Timestamps: 00:00 Server-side Request Forgery SSRF Intro 00:32 Cloud Metadata 03:09 Sponsor message 03:33 Sensitive endpoints 05:23 Upgrade SSRF to XXS 07:40 Outro 💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon:   / thecybermentor   Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk My Build: lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1 EVGA 2080TI: https://amzn.to/30d2lj7 MSI Z390 MotherBoard: https://amzn.to/30eu5TL Intel 9700K: https://amzn.to/2M7hM2p G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu My Recording Equipment: Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp Aston Origin Microphone: https://amzn.to/2LFtNNE Rode VideoMicro: https://amzn.to/309yLKH Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB Elgato Cam Link 4K: https://amzn.to/2QlicYx Elgate Stream Deck: https://amzn.to/2OlchA5 *We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.