[MULTI] Offensive Api Exploitation

J

jinkping5

U P L O A D E R

mqdefault.jpg

Offensive Api Exploitation
Published 5/2025
Created by Vikash Chaudhary
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz, 2 Ch
Level: All | Genre: eLearning | Language: English | Duration: 111 Lectures ( 11h 56m ) | Size: 4.53 GB​


Master API Hacking with Real-World Exploits: BOLA, SSRF, Auth Bypass & API Bug Bounty Techniques
What you'll learn
Understand API architecture (REST, GraphQL, WebSockets, SOAP) and common attack surfaces.
Reconnaissance techniques to discover hidden API endpoints and undocumented functions.
Exploit all OWASP API Security Top 10 vulnerabilities with hands-on attack scenarios
Perform API-specific attacks like IDOR, mass assignment, token abuse, and broken session control.
Bypass authentication & authorization using logic flaws, token tampering, and role manipulation.
Abuse misconfigurations like open API docs, CORS issues, verbose errors, and debug modes.
Think like a Red Teamer and understand how attackers chain vulnerabilities for maximum impact.
Prepare for real-world penetration testing engagements targeting APIs of mobile apps, web apps, and cloud services.
Requirements
Before diving into this advanced course, students should ideally have: 1. Completion of the following courses (recommended but not mandatory): Offensive Approach to Hunt Bugs - for a strong foundation in vulnerability research and the hacker mindset. Offensive Bug Bounty Hunter 2.0 - to master recon, asset discovery, and real-world exploitation on bug bounty platforms. 2. Basic understanding of APIs Familiarity with REST, JSON, and HTTP methods (GET, POST, PUT, DELETE) Understanding how API documentation tools like Swagger or Postman are used 3. Hands-on experience with web security fundamentals Knowledge of OWASP Top 10 for web applications Understanding of authentication, authorization, session management, and cookies 4. Comfort using common security tools Tools such as Burp Suite, Postman, FFUF, Nmap, curl, and browser developer tools 5. Basic scripting knowledge (preferred) Ability to write simple scripts in Python or JavaScript for automation, payload crafting, or proof-of-concept development 6. An offensive security mindset A curiosity-driven approach to breaking systems, identifying vulnerabilities, and reporting them ethically
Description
Modern applications are built on APIs - and attackers know it. This advanced course is designed to equip security professionals, ethical hackers, and bug bounty hunters with the offensive skills needed to exploit real-world API vulnerabilities. Whether targeting mobile apps, web services, or third-party integrations, you'll learn how to approach APIs like an attacker and identify flaws that most testers miss.Built on the foundation of your previous training (Offensive Approach to Hunt Bugs and Offensive Bug Bounty Hunter 2.0), this course dives deep into the OWASP API Security Top 10 and beyond. You'll explore misconfigurations, broken authentication, authorization flaws, rate-limit abuse, SSRF, and more - all through a practical, hands-on approach.From reconnaissance and fuzzing to chaining complex vulnerabilities and writing professional-grade reports, this course gives you the skills needed to succeed in real-world assessments, red teaming, and bug bounty programs. You'll also gain insights into how attackers exploit modern technologies like GraphQL, JWT, API Gateways, and cloud-connected APIs. Key Highlights:Offensive exploitation of OWASP API Top 10 vulnerabilitiesReal-world API bug bounty case studies and practical labsTools: Burp Suite, Postman, FFUF, Kiterunner, curl, and custom scriptsHands-on recon, fuzzing, endpoint enumeration, and PoC developmentLearn how to think, act, and report like a professional API pentester
Who this course is for
This course is ideal for individuals who are serious about offensive security and want to master API exploitation in real-world environments. It is specifically tailored for: Bug Bounty Hunters Those aiming to consistently find and report high-impact API vulnerabilities across platforms like HackerOne, Bugcrowd, and private programs. Penetration Testers and Red Teamers Professionals looking to strengthen their skillset by adding advanced API attack techniques to their offensive testing methodology. Security Researchers Individuals exploring modern API attack surfaces such as GraphQL, WebSockets, and undocumented endpoints. Web and Mobile Application Hackers Those already experienced with traditional OWASP Top 10 who want to go deeper into API-specific security issues. Security Engineers and DevSecOps Professionals Developers and security teams who want to understand how attackers think, in order to build more resilient APIs. Students or Self-learners Learners who have completed foundational courses like "Offensive Approach to Hunt Bugs" or "Offensive Bug Bounty Hunter 2.0" and want to advance their skills.


Code:
Bitte Anmelden oder Registrieren um Code Inhalt zu sehen!
 
Kommentar
537368816_que-es-udemy-analisis-opiniones.jpg

4.54 GB | 21min 17s | mp4 | 1280X720 | 16:9
Genre:eLearning |Language:English


Files Included :
1 -About Author.mp4 (50.69 MB)
2 -Course Contents.mp4 (30.23 MB)
3 -Course Prerequists.mp4 (37.83 MB)
4 -Why You Should Learn API Penetration Testing.mp4 (35.55 MB)
1 -Cross Site Scripting in API Context.mp4 (18.51 MB)
2 -Stored Cross Site Scripting.mp4 (52.96 MB)
3 -Reflected XSS in API Endpoints.mp4 (33.86 MB)
4 -Content-Type Cross Scripting in API Endpoints.mp4 (26.77 MB)
5 -Cross Site Scripting Reflected in Users Endpoint.mp4 (21.09 MB)
1 -Basic of Transport Layer Security.mp4 (26.43 MB)
2 -Basic Authorization over HTTP.mp4 (37.14 MB)
3 -Clear Text Password Submission.mp4 (24.92 MB)
4 -SSLTLS Issues.mp4 (56.33 MB)
5 -HSTS Header Missing in API.mp4 (37.01 MB)
1 -Mass Assignment is a Real Thing.mp4 (18.62 MB)
2 -Mass Assignment Preparation.mp4 (24.92 MB)
3 -Mass Assignment Demonstration.mp4 (15.41 MB)
4 -Mass Assignment Demonstration 2.mp4 (22.56 MB)
5 -Mass Assignment Demonstration 3.mp4 (25.24 MB)
1 -BOLA Concept.mp4 (25.44 MB)
2 -BOLA - User Enumeration Through Object IDs.mp4 (19.19 MB)
3 -BOLA - User Enumeration Through Object IDs Part 2.mp4 (40.63 MB)
4 -BOLA Demonstration.mp4 (28.95 MB)
5 -BOLA Demonstration Part 2.mp4 (31.04 MB)
6 -BOLA Demonstration Live.mp4 (41.71 MB)
1 -Background Concept API Perspective.mp4 (6.14 MB)
2 -Path Traversal Demonstration.mp4 (23.48 MB)
1 -User Enumeration Background Concept.mp4 (9.35 MB)
2 -User Demonstration Demonstration.mp4 (34.75 MB)
3 -User Enumeration - Email of the Adminstrator.mp4 (7.36 MB)
1 -Briefing Information Disclosure.mp4 (9.88 MB)
2 -Information Disclosure Demonstration.mp4 (32.17 MB)
3 -Information Disclosure Demonstration Part 2.mp4 (38.45 MB)
1 -JSON WEB TOKEN Concept - Refer Hunter 2 0.mp4 (23.81 MB)
2 -JWT - Make User Admin.mp4 (46.87 MB)
1 -Unauthorized Password Chnage Concept.mp4 (7.06 MB)
2 -Another User Password Chnage Through API Calls.mp4 (39.1 MB)
1 -Background Concept.mp4 (17.31 MB)
2 -Excessive Data Exposure at API Debug Endpoint.mp4 (18.53 MB)
1 -Lab Setup & Postman Document Sharing.mp4 (71.48 MB)
1 -Background Concept.mp4 (18.4 MB)
2 -Demonstration 1.mp4 (60.99 MB)
3 -Resource Exhaustion.mp4 (78.31 MB)
1 -Regex DOS A Real Issue.mp4 (49.43 MB)
2 -Regex DOS on Email Update.mp4 (31.81 MB)
3 -Regex DOS on Register API.mp4 (45.46 MB)
1 -BFLA Background Concept.mp4 (9.77 MB)
2 -Broken Authentication Demonstration.mp4 (57.97 MB)
1 -Billion Laugh Attack Refer XXE Expansion.mp4 (51.25 MB)
2 -Billion Laugh Attack Demonstration.mp4 (42.77 MB)
1 -Hidden API Functionality Exposure.mp4 (17.79 MB)
2 -Dictionary Attack at API Endpoint.mp4 (15.48 MB)
3 -Hidden API.mp4 (15.32 MB)
4 -Hidden API Exposure.mp4 (60.94 MB)
1 -Unserialization Concept.mp4 (26.86 MB)
2 -RCE Demonstration.mp4 (73.13 MB)
1 -Introduction of Postman tool.mp4 (22.63 MB)
2 -Installation of Postman tool.mp4 (63.4 MB)
3 -Postman Navigation.mp4 (39.77 MB)
4 -Postman Basic API Calls.mp4 (98.08 MB)
5 -Authentication in Postman.mp4 (29.46 MB)
6 -Oauth2 0 Authentication in Postman.mp4 (108.29 MB)
7 -JWT Token in Postman.mp4 (62.98 MB)
1 -Simplifying API Pentest with Swagger files.mp4 (35.88 MB)
2 -Postman Json Import and Transformation of API.mp4 (34.69 MB)
3 -OpenAPI Parser in Burpsuite.mp4 (48.27 MB)
4 -Postman Request Intercept in Burpsuite.mp4 (83.67 MB)
5 -WADL XML File Transformation and Capture File in Burpsuite.mp4 (116.56 MB)
6 -Bug Bounty Perspective to Find API Endpoints.mp4 (61.78 MB)
1 -API1 Broken Object Level Authorization.mp4 (55.86 MB)
10 -API10 Insufficient Logging & Monitoring.mp4 (36.82 MB)
2 -API2 Broken Authentication.mp4 (36.2 MB)
3 -API3 Excessive Data Exposure.mp4 (31.62 MB)
4 -API4 Lack of Resources and Rate Limiting.mp4 (48.34 MB)
5 -API5 Broken Function Level Authorization.mp4 (35 MB)
6 -API6 Mass Assignment.mp4 (49.22 MB)
7 -API7 Security Misconfiguration.mp4 (36.8 MB)
8 -API8 Injection.mp4 (37.25 MB)
9 -API9 Improper assets management.mp4 (31.32 MB)
1 -Blind SQL Injection Part 1.mp4 (168.5 MB)
2 -SQL Injection.mp4 (128.72 MB)
3 -Blind SQL Injection Part 2.mp4 (82.74 MB)
4 -Admin Token Bypassing & SQL Injection.mp4 (90.58 MB)
1 -Command Injection.mp4 (47.16 MB)
2 -Approach Towards Command Injection.mp4 (65.65 MB)
1 -XXE Lab Setup.mp4 (9.55 MB)
10 -Data-Exfiltration via Out-of-Band(OOBXXE).mp4 (14.84 MB)
11 -Out-of-Band with FTP Protocol48 Out-of-Band with FTP Protocol.mp4 (106.24 MB)
12 -XXE - Internal Port Scanning.mp4 (37.52 MB)
13 -Blind XXE Background Concept.mp4 (17.03 MB)
14 -Hands-on Blind XXE.mp4 (15.41 MB)
15 -Playing XXE in APIs.mp4 (80.66 MB)
16 -XML External Entity Injection in API Part 1.mp4 (55.36 MB)
17 -XML External Entity Injection in API Part 2.mp4 (59.68 MB)
18 -XML External Entity Injection in API Part 3.mp4 (32.16 MB)
19 -Deep Insight of XML Entity Expansion.mp4 (62.82 MB)
2 -XXE Background Concept.mp4 (19.53 MB)
20 -XML Generic Entity Expansion Attack.mp4 (32.4 MB)
21 -XML Recursive Entity Expansion Attack.mp4 (15.64 MB)
22 -XML Remote Entity Expansion Attack.mp4 (15.64 MB)
3 -XML Essentials Part 1.mp4 (36.44 MB)
4 -XML Esentials part 2.mp4 (63.49 MB)
5 -XML Entities.mp4 (26.16 MB)
6 -Basic XXE.mp4 (102.17 MB)
7 -Basic XXE Exploitation.mp4 (29.46 MB)
8 -XXE Exfiltration with local DTD.mp4 (24.63 MB)
9 -Exfiltration with local DTD on Lab.mp4 (97.9 MB)
1 -Background Concept Minimal - Refer Hunter 2 0 Section.mp4 (21.75 MB)
2 -External Service Interaction (HTTP).mp4 (23.31 MB)
3 -External Service Intercation (DNS).mp4 (14.97 MB)
4 -Access Application Running on Intranet.mp4 (18.48 MB)
]
Screenshot
61DAbWuG_o.jpg


AusFile
Code:
Bitte Anmelden oder Registrieren um Code Inhalt zu sehen!
Code:
Bitte Anmelden oder Registrieren um Code Inhalt zu sehen!
RapidGator
Code:
Bitte Anmelden oder Registrieren um Code Inhalt zu sehen!
Code:
Bitte Anmelden oder Registrieren um Code Inhalt zu sehen!
 
Kommentar
Du musst dich einloggen oder registrieren, um hier zu antworten.

In der Börse ist nur das Erstellen von Download-Angeboten erlaubt! Ignorierst du das, wird dein Beitrag ohne Vorwarnung gelöscht. Ein Eintrag ist offline? Dann nutze bitte den Link  Offline melden . Möchtest du stattdessen etwas zu einem Download schreiben, dann nutze den Link  Kommentieren . Beide Links findest du immer unter jedem Eintrag/Download.

Ähnliche Themen

Udemy - Offensive API Exploitation
Antworten
1
Aufrufe
40
0dayddl
0
[MULTI] Flask: Restful Api Development
Antworten
0
Aufrufe
36
jinkping5
J
[MULTI] Anthropic Api Introduction
Antworten
0
Aufrufe
37
jinkping5
J
[MULTI] Offensive Security Pathway
Antworten
0
Aufrufe
73
jinkping5
J
[MULTI] Learn Playwright: Web & Api Testing With Typescript
Antworten
0
Aufrufe
21
jinkping5
J

Data-Load.me | Data-Load.ing | Data-Load.to | Data-Load.in

Auf Data-Load.me findest du Links zu kostenlosen Downloads für Filme, Serien, Dokumentationen, Anime, Animation & Zeichentrick, Audio / Musik, Software und Dokumente / Ebooks / Zeitschriften. Wir sind deine Boerse für kostenlose Downloads!

Nützliche Links

  • Kino.de
    •
  • IMDb.com
    •
  • TheMovieDB.org
    •
  • xREL.to
    •
  • srrDB.com
    •
  • PreDB.me
    •

    Partner

  • • SzeneBox.org
    •
  • • Moviehunterz.cc
    •

    Ist Data-Load legal?

    Data-Load ist nicht illegal. Es werden keine zum Download angebotene Inhalte auf den Servern von Data-Load gespeichert.
    Oben Unten