PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Jeremy Druin's Web App Pen-testing Videos (@webpwnized)

From: Adrian Crenshaw <irongeek () irongeek com>
Date: Wed, 14 Mar 2012 13:05:23 -0400
I knew when my homie Jeremy Druin's took over
Mutillidae<http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10>that
he was doing more work on it than I ever did, but I did not realize
the number of videos and subjects he has covered with it! I hope the list
below comes out ok in your email viewer. If not, here is the index:
http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae




   1.

   Determine Http Methods Using
Netcat<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-http-methods-using-netcat>
   2.

   Determine Server Banners Using Netcat Nikto And
W3af<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-server-banners-using-netcat-nikto-and-w3af>
   3.

   Bypass Authentication Using SQL
Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-using-sql-injection>
   4.

   Using 
Menus<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-menus>
   5.

   Bypass Authentication Via Authentication Token
Manipulation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-via-authentication-token-manipulation>
   6.

   Explanation Of HTTPonly Cookies In Presense Of Cross Site Scripting
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#explanation-of-httponly-cookies-in-presense-of-cross-site-scripting>
   7.

   Closer Look At Cache Control And Pragma No Cache
Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#closer-look-at-cache-control-and-pragma-no-cache-headers>
   8.

   Demonstration Of Frame Busting Javascript And X-Frame Options
Header<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demonstration-of-frame-busting-javascript-and-x-frame-options-header>
   9.

   How To Install And Configure Burp Suite With
Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-install-and-configure-burp-suite-with-firefox>
   10.

   Basics Of Web Request And Response Interception Using Burp
Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-web-request-and-response-interception-using-burp-suite>
   11.

   Brute Force Authentication Using Burp
Intruder<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-authentication-using-burp-intruder>
   12.

   Automate SQL Injection Using SQLMap To Dump Credit Cards
Table<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#automate-sql-injection-using-sqlmap-to-dump-credit-cards-table>
   13.

   Command Injection To Dump Files Start Services Disable
Firewall<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#command-injection-to-dump-files-start-services-disable-firewall>
   14.

   How To Exploit Local File Inclusion Vulnerability Using Burp
Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-exploit-local-file-inclusion-vulnerability-using-burp-suite>
   15.

   HTML Injection To Popup Fake Login Form And Capture
Credentials<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#html-injection-to-popup-fake-login-form-and-capture-credentials>
   16.

   Two Methods To Steal Session Tokens Using Cross Site
Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-steal-session-tokens-using-cross-site-scripting>
   17.

   How To Bypass Maxlength Restrictions On HTML Input
Fields<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-bypass-maxlength-restrictions-on-html-input-fields>
   18.

   Two Methods To Bypass Javascript
Validation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-bypass-javascript-validation>
   19.

   Three Methods For Viewing Http Request And Response
Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-http-request-and-response-headers>
   20.

   Basics Of SQL Injection Timing Attacks
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-timing-attacks>
   21.

   Basics Of SQL Injection Using
Union<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-using-union>
   22.

   Basics Of Inserting Data With SQL
Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-inserting-data-with-sql-injection>
   23.

   Inject Root Web Shell Backdoor Via SQL Injection
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#inject-root-web-shell-backdoor-via-sql-injection>
   24.

   Basics Of Using SQL Injection To Read Files From Operating
System<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-using-sql-injection-to-read-files-from-operating-system>
   25.

   How To Locate The Easter Egg File Using Command Injection
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-locate-the-easter-egg-file-using-command-injection>
   26.

   Injecting Cross Site Script Into Stylesheet Context
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#injecting-cross-site-script-into-stylesheet-context>
   27.

   Introduction To Http Parameter Pollution
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#introduction-to-http-parameter-pollution>
   28.

   Basics Of Injecting Cross Site Script Into HTML Onclick Event
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-injecting-cross-site-script-into-HTML-onclick-event>
   29.

   Basics Of Finding Reflected Cross Site Scripting
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-finding-reflected-cross-site-scripting>
   30.

   Analyze Session Token Randomness Using Burp Suite Sequencer
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#analyze-session-token-randomness-using-burp-suite-sequencer>
   31.

   Using Nmap To Fingerprint Http Servers And Web Applications
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-nmap-to-fingerprint-http-servers-and-web-applications>
   32.

   Spidering Web Applications With Burp Suite
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#spidering-web-applications-with-burp-suite>
   33.

   Basics Of Burp Suite Targets Tab And Scope Settings
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-burp-suite-targets-tab-and-scope-settings>
   34.

   Brute Force Page Names Using Burp Intruder Sniper
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-page-names-using-burp-intruder-sniper>
   35.

   Using Burp Intruder Sniper To Fuzz
Parameters<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-burp-intruder-sniper-to-fuzz-parameters>
   36.

   Comparing Burp Intruder Modes Sniper Battering RAM Pitchfork Cluster
   Bomb
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#comparing-burp-intruder-modes-sniper-battering-ram-pitchfork-cluster-bomb>
   37.

   Demo Usage Of Burp Suite Comparer Tool
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demo-usage-of-burp-suite-comparer-tool>
   38.

   Import Custom Nmap Scans Into Metasploit Community
Edition<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#import-custom-nmap-scans-into-metasploit-community-edition>
   39.

   Using Metasploit Community Edition To Locate Web Servers
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-metasploit-community-edition-to-locate-web-servers>
   40.

   XSS DNS Lookup Page Bypassing Javascript Validation
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#xss-dns-lookup-page-bypassing-javascript-validation>
   41.

   Use Burp Suite Sequencer To Compare Csrf Token
Strengths<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#use-burp-suite-sequencer-to-compare-csrf-token-strengths>
   42.

   How To Remove PHP Errors After Installing On Windows
Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-remove-php-errors-after-installing-on-windows-xampp>
   43.

   Quickstart Guide To Installing On Windows With
Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quickstart-guide-to-installing-on-windows-with-xampp>
   44.

   Basics Of Running Nessus Scan On Backtrack 5 R1
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-running-nessus-scan-on-backtrack-5-r1>
   45.

   How To Import Nessus Scans Into Metasploit Community Edition
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-import-nessus-scans-into-metasploit-community-edition>
   46.

   Basics Of Exploiting Vulnerabilities With Metasploit Community Edition
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-exploiting-vulnerabilities-with-metasploit-community-edition>
   47.

   Sending Persistent Cross Site Scripts Into Web Logs To Snag Web Admin
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#sending-persistent-cross-site-scripts-into-web-logs-to-snag-web-admin>
   48.

   Quick Start Overview Of Useful Pen-Testing Addons For
Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quick-start-overview-of-useful-pen-testing-addons-for-firefox>
   49.

   Three Methods For Viewing Javascript Include Files
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-javascript-include-files>
   50.

   Reading Hidden Values From HTML5 Dom Storage
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#reading-hidden-values-from-html5-dom-storage>
   51.

   How To Execute Javascript On The Urlbar In Modern Browsers
   
<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-execute-javascript-on-the-urlbar-in-modern-browsers>
   52.

   Adding Values To Dom Storage Using Cross Site
Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#adding-values-to-dom-storage-using-cross-site-scripting>



-- 
"The ability to quote is a serviceable substitute for wit." ~ W. Somerset
Maugham
"The ability to Google can be a serviceable substitute for technical
knowledge." ~ Adrian D. Crenshaw




-- 
"The ability to quote is a serviceable substitute for wit." ~ W. Somerset
Maugham
"The ability to Google can be a serviceable substitute for technical
knowledge." ~ Adrian D. Crenshaw

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: