Cross Site Request Forgery

Welcome to another video in our Bounty Hunter Training series, where I break down web application security concepts to help you in your bug bounty career. Todays topic is CSRF, and while pretty old, it is still not being defended against in some companies today. Enjoy.






Comments

Post a Comment

Popular posts from this blog

Channel Update 6/9/2022

Image
I have not posted cybersecurity videos in a while as I was transitioning roles at my work place and was focused on that. Now that im settled in, i want to resume my normal video cadence, with a focus on Intel Bytes, a playlist dedicated to Threat Intel. I will also make more Pop Pop Pop Another Server Drop videos, and I have also started doiong some videos on my adventures in virtual reality, my new hobby. So, stay tuned for more killer vids!
Read more

These arent the rclones youve been looking for...

Image
I recently came across an interesting technique used by many different ransomware groups that is used for data exfiltration. In this current age of ransomware, it is becoming more common to see double and sometimes triple extortion, where they are exfiltrating the data out before encrypting so as to have some leverage should the company not decide to pay up. One such tool being used is called Rclone https://rclone.org/ What is interesting about this tool, it's a self contained executable and doesnt have to be installed on Windows. You simply download the zip file, unzip it and you can start using it. Its strength lies in being able to communicate and upload to a large number of cloud storages via command line. A list of all the ones they currently support is found here: https://rclone.org/docs/ One of the ones I tested recently was its connection to Mega.io. If a company isnt blocking outbound to these cloud storages, they run the risk of easy data exfil via this tool. To set it
Read more