z3nsh3ll

Freelance hacker bringing you the absolute coolest whitehat cyber security and webdev tutorials.

OAuth Hacking - Forced OAuth Profile Linking
OAuth Hacking - Forced OAuth Profile Linking
OAuth Hacking - Authentication Bypass via OAuth Implicit Flow
OAuth Hacking - Authentication Bypass via OAuth Implicit Flow
CSRF - CSRF with Broken Referer Validation
CSRF - CSRF with Broken Referer Validation
CSRF - CSRF Where Referer Validation Depends on Header Being Present
CSRF - CSRF Where Referer Validation Depends on Header Being Present
CSRF - Samesite Lax Bypass via Cookie Refresh (Learn about OAuth)
CSRF - Samesite Lax Bypass via Cookie Refresh (Learn about OAuth)
Variables in JavaScript - Webdev JavaScript Course - Part 5
Variables in JavaScript - Webdev JavaScript Course - Part 5
WebSockets - Manipulating WebSocket Messages to Exploit Vulnerabilities
WebSockets - Manipulating WebSocket Messages to Exploit Vulnerabilities
CSRF - SameSite Strict Bypass via Client-Side Redirect
CSRF - SameSite Strict Bypass via Client-Side Redirect
CSRF - SameSite Lax Bypass via Method Override
CSRF - SameSite Lax Bypass via Method Override
CSRF - CSRF where Token is Duplicated in Cookie
CSRF - CSRF where Token is Duplicated in Cookie
Troubleshooting JavaScript - Webdev JavaScript Course Part 4
Troubleshooting JavaScript - Webdev JavaScript Course Part 4
CSRF - CSRF where token is tied to non-session cookie
CSRF - CSRF where token is tied to non-session cookie
Webdev JavaScript Part 3 - A First Splash into JavaScript
Webdev JavaScript Part 3 - A First Splash into JavaScript
Webdev Javascript Course with z3nsh3ll - Part 1 - Intro
Webdev Javascript Course with z3nsh3ll - Part 1 - Intro
What is JavaScript? - Webdev Javascript Course Part 2
What is JavaScript? - Webdev Javascript Course Part 2
CSRF Where Token is Not Tied to User Session
CSRF Where Token is Not Tied to User Session
CSRF Where Token Validation Depends on Token Being Present
CSRF Where Token Validation Depends on Token Being Present
CSRF Where Token Validation Depends on Request Method
CSRF Where Token Validation Depends on Request Method
Business Logic Vulnerability - Authentication Bypass via Encryption Oracle
Business Logic Vulnerability - Authentication Bypass via Encryption Oracle
Business Logic Vulnerability - Infinite Money Logic Flaw
Business Logic Vulnerability - Infinite Money Logic Flaw
Business Logic - Authentication Bypass via Flawed State Machine
Business Logic - Authentication Bypass via Flawed State Machine
Business Logic - Insufficient Workflow Validation
Business Logic - Insufficient Workflow Validation
Business Logic Vulnerabilities - Weak Isolation on Dual-Use Endpoint
Business Logic Vulnerabilities - Weak Isolation on Dual-Use Endpoint
Business Logic Vulnerability - Inconsistent Handling of Exceptional Input
Business Logic Vulnerability - Inconsistent Handling of Exceptional Input
Business Logic Vulnerability - Low-level Logic Flaw
Business Logic Vulnerability - Low-level Logic Flaw
Business Logic Vulnerability - Flawed Enforcement of Business Rules
Business Logic Vulnerability - Flawed Enforcement of Business Rules
Business Logic Vulnerability - Inconsistent Security Controls
Business Logic Vulnerability - Inconsistent Security Controls
Business Logic Vulnerability - High Level Logic Vulnerability
Business Logic Vulnerability - High Level Logic Vulnerability
Business Logic - Excessive Trust in Client Side Controls
Business Logic - Excessive Trust in Client Side Controls
Information Disclosure in Version Control History
Information Disclosure in Version Control History