JSON Web Token Flaws - Python AppSec (by Duo Sec) - Veracode Security Labs Community Edition (free)
Video walkthrough for part 6 (Key Flaws in JSON Web Tokens) of the "Python AppSec (by Duo Security)" topic in Veracode Security Labs Community Edition (free) - *Apologies in advance that this lab had major bugs when I was recording this video - I actually went back and manually generated the RSA private/public.pem for user1 but ran in to additional errors after that, hopefully they will fix the bugs soon xD* - Hope you enjoy anyway 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Resources↣
https://www.veracode.com/events/hacker-games
https://securitylabs-ce.veracode.com/
https://snyk.io/blog/python-security-best-practices-cheat-sheet/
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens
https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html
https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a
https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3?gi=bd71d3a3b419
https://www.jsonwebtoken.io/
↢Chapters↣
Start - 0:00
Introduction to JSON Web Tokens - 0:24
The Structure of JWTs - 3:16
Using the "Users" API - 9:06
Bypass by changing "alg" to None - 13:57
Bypass by changing "alg" to HMAC (broken lab) - 19:00
Planning the Fix (super broken) - 26:34
Shifting to PyJWT - 30:18
Видео JSON Web Token Flaws - Python AppSec (by Duo Sec) - Veracode Security Labs Community Edition (free) канала CryptoCat
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Resources↣
https://www.veracode.com/events/hacker-games
https://securitylabs-ce.veracode.com/
https://snyk.io/blog/python-security-best-practices-cheat-sheet/
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens
https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html
https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a
https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3?gi=bd71d3a3b419
https://www.jsonwebtoken.io/
↢Chapters↣
Start - 0:00
Introduction to JSON Web Tokens - 0:24
The Structure of JWTs - 3:16
Using the "Users" API - 9:06
Bypass by changing "alg" to None - 13:57
Bypass by changing "alg" to HMAC (broken lab) - 19:00
Planning the Fix (super broken) - 26:34
Shifting to PyJWT - 30:18
Видео JSON Web Token Flaws - Python AppSec (by Duo Sec) - Veracode Security Labs Community Edition (free) канала CryptoCat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Using My Python Skills To Punish Credit Card ScammersImplementing JWT (JSON Web Tokens) with Spring Security in Springboot AppYou Should Learn How to Hack | Ymir Vigfusson | TEDxReykjavikHow the Best Hackers Learn Their CraftI Hacked Into My Own Car7 Security Risks and Hacking Stories for Web DevelopersHackers Find Missing People For FunSpring Boot + Spring Security + JWT from scratch - Java BrainsWind Turbine Farm Installation From Scratch | Engineering On Another LevelPython for Everybody - Full University Python CourseEmdee Five for Life [easy]: HackTheBox Misc Challenge (BeautifulSoup / Burp Intruder)REST API concepts and examples7: Format String Vulnerabilities (printf) - Buffer Overflows - Intro to Binary Exploitation (Pwn)Fuzzing GET Parameters with ffuf - "Flag in Space" Web Challenge [Space Heroes CTF 2022]What Is JWT and Why Should You Use JWTRansomware Analysis: 1 - WannaCryLinux for Ethical Hackers (Kali Linux Tutorial)Angstrom CTF 2022 - Challenge WalkthroughsNahamConCTF 2022: Web Challenge Walkthroughs