Hack your grades

Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.

Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university.

// University //
The Generic University on GitHub: https://github.com/InsiderPhD/Generic...

// MENU //
00:00 - Coming up
01:16 - Katie's YouTube channel // Recommended playlists
02:31 - How to hack and change your grades // "Generic University"
03:26 - Generic University demo // Burp Suite
04:25 - API vulnerabilities // Bug bounty
07:50 - Generic University demo (continued)
21:27 - Thinking outside the box // Hackers mindset
25:34 - Katie's PhD
26:10 - Will AI take over?
29:42 - Advice for getting into cyber-security
34:01 - Recommended YouTube playlists
35:44 - Recommended sites and books
36:48 - Conclusion // Final words

// Videos discussed //
Everything API Hacking:    • Finding Your First Bug: Finding Bugs ...  
Hacker Toolkit:    • How to use ffuf - Hacker Toolbox  
Burp for Beginners:    • Burp for Beginners: Introduction to Burp  
OWASP Top 10 https://owasp.org/

// Books //
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF

// Free API hacking course //
APIsec Certified Expert Course: https://university.apisec.ai/

// Katie's Social //
Twitter:   / insiderphd  
YouTube:    / insiderphd  
Website: https://insiderphd.dev/
The Generic University on GitHub: https://github.com/InsiderPhD/Generic...

// David's SOCIAL //
Discord:   / discord  
Twitter:   / davidbombal  
Instagram:   / davidbombal  
LinkedIn:   / davidbombal  
Facebook:   / davidbombal.co  
TikTok:   / davidbombal  
YouTube Main Channel:    / davidbombal  
YouTube Tech Channel:    / @davidbombaltech  
YouTube Clips Channel:    / @davidbombalofficialclips  
YouTube Shorts Channel:    / @davidbombalshorts  
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gE...

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// Generic University Challenge //
Vulnerabilities:
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API5:2019 Broken Function Level Authorization
API6:2019 Mass Assignment
API7:2019 Security Misconfiguration

Your Goals:
Find the emails of the administrator
Brute force the API to find new endpoints
Find out what grades everyone got in a class
Edit someone's grade
Make an account
Access the GraphQL API
Change another account's password
Login to your account
Access admin API
Find out what vulnerabilities the IT admins have ignored
Make your account an admin
Access the admin control panel
Fire a blind XSS in the admin control panel and validate with your new admin account
Delete everything
Restore everything

hacking university
hacking school
hack school
hack university
hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course

Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

#api #hack #hacking