Medusa

23:25

Hacking Blogs on Medium — Hits, Misses & WTF Moments

32:51

Train Your XSS Muscles With Me!

13:04

Exploiting Exact-match Cache Rules for Web Cache Deception | PortSwigger Lab | Explained

14:52

Grafana CVE-2025-4123: How XSS + Open Redirect Led to Full Account Takeover

10:14

Exploiting Cache Server Normalization for Web Cache Deception | PortSwigger Lab | Explained

11:34

How to Exploit Uncommon HTTP Headers for Hacking & Bug Bounties?

29:40

Mastering OAuth 2.0 Flows: Complete Guide + Security Testing Tips (Okta OAuth Playground)

9:43

Why Bug Bounty Hunters Still Check xmlrpc.php in 2025?

10:13

Exploiting Origin Server Normalization For Web Cache Deception | PortSwigger | Explained

9:20

Exploiting Path Delimiters for Web Cache Deception | PortSwigger Lab | Explained

4:28

Exploiting Path Mapping For Web Cache Deception | PortSwigger Lab | Explained

12:55

Web Cache Deception Made Simple – What You Need to Know!

22:04

You Asked, I Answered: Anonymous Q&A And My Reaction 😳

11:19

This Tiny Upload Flaw = Full RCE on Tomcat?! (CVE-2025-24813 Deep Dive)

22:27

GraphQL Attacks in the Wild: IDOR, SQLi & More | PART 2

17:28

How Bug Hunters Map GraphQL APIs? | PART 1

15:25

Bug Bounty Recon: Shadow APIs, Zombie Endpoints & How to Find Them?

4:45

Epic Infosec Week!

37:32

This Web Application is COOKED! Can we fix it?

16:59

Bug Bounty Hunters, Can You Beat This Quiz?

11:59

When 'Access Denied' Fails: Weird Authorization Bugs!

22:19

Explaining Random H1 Reports for 20 Minutes Straight!

12:00

Testing for Password Reset Poisoning in APIs – A Bug Hunter’s Guide

48:15

OWASP API Top 10 Breakdown | Study Session with CTF Challenges (DVAPI)

6:20

Authentication Bypass Via JKU Header Injection | JWT Hacking

9:05

Authentication Bypass Via JWK Header Injection | JWT Hacking

9:36

Subdomain Enumeration ALL KINDS!

7:59

Hunting Open Redirects: A Pathway to Chaining XSS

10:24

Unmasking the Ghost: The CWE-352 Dilemma🎙 Snake Bytes Ep. 4: Web Ghosts

11:24

Web Cache Poisoning: Hunting Methodology & Real-World Examples

9:22

The Danger of CWE-922 🎙 Snake Bytes Ep. 3: Data Dumpster

19:02

Loose Locks: A Podcast with _smile_hacker_ 🎙 : Snake Bytes Ep. 2

7:09

How Missing Keys Leave Your Castle Open🎙 Snake Bytes Ep. 1: Barrier Bypass

9:07

How To Exploit SSRF To Fetch AWS Credentials

8:45

OWASP API Top 10 - Broken Authentication

6:17

XSS Using Indirect Prompt Injection | PART 5

10:10

LLM API Hacking | Indirect Prompt Injection in LLM APIs | PART 4

8:45

LLM API Hacking | OS Command Injection in LLM APIs | PART 3

5:50

LLM API Hacking | Excessive Agency | PART 2

5:04

LLM API Hacking | Introduction | PART 1

8:42

HTTP Parameter Pollution VS Mass Assignment

4:03

IDOR In Shopify GraphQL API | Report Explained

14:29

Server-Side Parameter Pollution in REST APIs

15:17

Exploring Server-Side Parameter Pollution: Real Case Scenario, Parameter Precedence, and More!

13:28

Performing CSRF exploits over GraphQL

11:58

Bypassing GraphQL Brute-Force Protections

9:02

Finding a Hidden GraphQL Endpoint

10:16

Accidental Exposure of Private GraphQL Fields

7:46

Accessing Private GraphQL Fields

5:25

Exploiting Mass Assignment Vulnerability in API | PortSwigger

9:18

How Can Fuzzing Help You Find Hidden API Endpoints?

7:13

How Hackers Exploit API Endpoints Using Documentation?

6:26

How To Perform DOS Attack in GraphQL | Circular Relationship | Prevention

8:51

How Broken Functionality Level Authorization Occurs? | Code Analysis and Prevention

5:26

How to Discover API Subdomains? | Subdomain Enumeration | API Hacking

9:24

How Mass Assignment Gives You Admin Privileges? | APIs | Code Examples |

3:14

JWT authentication bypass via 'X-HTTP-Method-Override' Header

4:38

How BOLA in API Endpoint can lead to Account Takeover | Postman | API Security

6:54

Bypass JWT Authentication By Bruteforcing Secret Key | PortSwigger |

5:57

Bypass JWT Signature via Flawed Authentication | Access Admin Panel |

3:43

Exploiting Stored XSS in GraphQL | DVGA |

5:03

Exploiting Command Injection in GraphQL | DVGA |

7:00

Exploiting SQL Injection in GraphQL | DVGA |

17:21

Graphql Endpoint Analysis | Damn Vulnerable Graphql Application |

18:04

Horror Story but CTF Like! | Steganography | TryHackMe

11:37

Horror Story but CTF Like! | Cryptography | TryHackMe

13:40

TryHackMe: Wireshark Basics | Part 3 |

10:50

TryHackMe: Wireshark Basics | Part 2 |

13:09

TryHackMe: Wireshark Basics | Part 1 |

19:14

Phases of Penetration Testing | WebApp Pentest | Privilege Escalation

13:53

XXE Injection to Database Takeover | CVE-2021-29447 | RCE |

5:24

Exploiting SQL Injection in API Endpoint | API Hacking | crAPI

5:22

Exploiting Mass Assignment Vulnerability | API Hacking | crAPI

7:09

Broken Object Level Authorization | Excessive Data Exposure | crAPI

8:22

Exploiting Rate Limiting to Brute-Force OTP | crAPI |

14:42

Discovering API and Analyzing Endpoints Using Postman and Browser | crAPI |

3:27

How to Install crAPI in Kali Linux | OWASP | API Testing |

15:34

Exploiting File Upload To Get a Root Shell | Hacker vs Hacker | CTF

4:03

PentesterLab Recon Challanges From 16-20 | CTF |

3:11

Installation and Usage of Subjack | Subdomain Takeover | Kali Linux Tool

7:08

Find Hidden Domain, Subdomain or IP addresses through TLS SANs Certificate

5:47

PentesterLab Recon Challanges From 11-15 | CTF |

9:36

Create your Own Hash Cracking Tool Using Python | With Slides | Explained

9:55

Create your Own Port Scanning Tool Using Python | With Slides | Explained

8:10

Create Your Own Subdomain Enumeration Tool Using Python | With Slides | Explained

28:12

Exploiting Stack Buffer Overflow | Step by Step | Immunity Debugger | Explained |

2:34

PROMPT.ML | 0x9 | XSS Challange | Level 9 | Explained

5:30

PROMPT.ML | 0x8 | XSS Challange | Level 8 | Explained

3:47

PROMPT.ML | 0x7 | XSS Challange | Level 7 | Explained

8:03

PROMPT.ML | 0x6 | XSS Challange | Level 6 | Explained

2:38

PROMPT.ML | 0x5 | XSS Challange | Level 5 | Explained

5:34

PROMPT.ML | 0x4 | XSS Challange | Level 4 | Explained

0:52

PROMPT.ML | 0x3 | XSS Challange | Level 3 |

2:58

PROMPT.ML | 0x2 | XSS Challange | Level 2 | Explained

1:58

PROMPT.ML | 0x1 | XSS Challange | Level 1 | Explained

1:16

PROMPT.ML | 0x0 | XSS Challange | Level 0 | Explained

3:23

How to install gau tool and use it | Fetch URLS | Github