Hack your grades

Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.
Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university. 
// University //The Generic University on GitHub: https://github.com/InsiderPhD/Generic...
// MENU //00:00 - Coming up01:16 - Katie's YouTube channel // Recommended playlists02:31 - How to hack and change your grades // "Generic University"03:26 - Generic University demo // Burp Suite04:25 - API vulnerabilities // Bug bounty07:50 - Generic University demo (continued)21:27 - Thinking outside the box // Hackers mindset25:34 - Katie's PhD26:10 - Will AI take over?29:42 - Advice for getting into cyber-security34:01 - Recommended YouTube playlists35:44 - Recommended sites and books36:48 - Conclusion // Final words
// Videos discussed //Everything API Hacking: https://www.youtube.com/watch?v=yCUQB...Hacker Toolkit: https://www.youtube.com/watch?v=aN3Na...Burp for Beginners: https://www.youtube.com/watch?v=UgbYo...OWASP Top 10 https://owasp.org/
// Books //Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF
// Free API hacking course //APIsec Certified Expert Course: https://university.apisec.ai/
// Katie's Social //Twitter: https://twitter.com/InsiderPhDYouTube: https://www.youtube.com/c/InsiderPhDWebsite: https://insiderphd.dev/The Generic University on GitHub: https://github.com/InsiderPhD/Generic...
// David's SOCIAL //Discord: https://discord.gg/davidbombalTwitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombalYouTube Main Channel: https://www.youtube.com/davidbombal YouTube Tech Channel: https://youtube.com/channel/UCZTIRrEN...YouTube Clips Channel: https://www.youtube.com/channel/UCbY5...YouTube Shorts Channel: https://www.youtube.com/channel/UCEyC...Apple Podcast: https://davidbombal.wiki/applepodcastSpotify Podcast: https://open.spotify.com/show/3f6k6gE...
// MY STUFF //https://www.amazon.com/shop/davidbombal
// SPONSORS //Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// Generic University Challenge //Vulnerabilities:API1:2019 Broken Object Level AuthorizationAPI2:2019 Broken User AuthenticationAPI3:2019 Excessive Data ExposureAPI5:2019 Broken Function Level AuthorizationAPI6:2019 Mass AssignmentAPI7:2019 Security Misconfiguration
Your Goals:- Find the emails of the administrator- Brute force the API to find new endpoints- Find out what grades everyone got in a class- Edit someone's grade- Make an account- Access the GraphQL API- Change another account's password- Login to your account- Access admin API- Find out what vulnerabilities the IT admins have ignored- Make your account an admin- Access the admin control panel- Fire a blind XSS in the admin control panel and validate with your new admin account- Delete everything- Restore everything
hacking universityhacking schoolhack schoolhack universityhacking apiapiapi hackingapi hacking tutorialapi hacking bug bountyapi hacking 101api hacking full courseapi hacking toolsapi hacking alissa knightapi hacking with postmanapi hacking for beginnersapi hackerapi hacking demoapi hacking kali linuxapi hacking courseapi hacking insiderphdhacking an apihack apiowasp api top 10bug bountyhacking apis no starch presshacking api no starchhacking apis pdfhacking api bookhacking apis corey ballcorey ball hacking apisreverse engineeringprivate apiapis for beginnersrest apihacking api with postmanreverse engineering for beginnershacking api keywhat is an apirest apis with postman for absolute beginnersrest api explained
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! 
#api #hack #hacking