AmirHossein Soltani
Exploiting LLM APIs with excessive agency - APPRENTICE
4:09
AmirHossein Soltani
Exploiting an API endpoint using documentation - APPRENTICE
4:06
AmirHossein Soltani
Exploiting NoSQL operator injection to bypass authentication - APPRENTICE
2:29
AmirHossein Soltani
Detecting NoSQL injection - APPRENTICE
1:14
AmirHossein Soltani
Limit overrun race conditions - APPRENTICE
6:30
AmirHossein Soltani
Accessing private GraphQL posts - APPRENTICE
3:59
AmirHossein Soltani
Remote code execution via server-side prototype pollution - PRACTITIONER
4:41
AmirHossein Soltani
Bypassing flawed input filters for server-side prototype pollution - PRACTITIONER
1:50
AmirHossein Soltani
Detecting server-side prototype pollution without polluted property reflection - PRACTITIONER
2:07
AmirHossein Soltani
Privilege escalation via server-side prototype pollution - PRACTITIONER
5:57
AmirHossein Soltani
Client-side prototype pollution in third-party libraries - PRACTITIONER
0:52
AmirHossein Soltani
Client-side prototype pollution via flawed sanitization - PRACTITIONER
5:19
AmirHossein Soltani
DOM XSS via an alternative prototype pollution vector - Prototype pollution
4:49
AmirHossein Soltani
DOM XSS via client-side prototype pollution - PRACTITIONER
2:54
AmirHossein Soltani
Client-side prototype pollution via browser APIs - PRACTITIONER
3:29
AmirHossein Soltani
Scanning non-standard data structures - PRACTITIONER
14:27
AmirHossein Soltani
Discovering vulnerabilities quickly with targeted scanning - PRACTITIONER
3:11
AmirHossein Soltani
JWT authentication bypass via flawed signature verification - APPRENTICE
2:47
AmirHossein Soltani
JWT authentication bypass via unverified signature - APPRENTICE
3:51
AmirHossein Soltani
Web shell upload via Content-Type restriction bypass - APPRENTICE
2:37
AmirHossein Soltani
Remote code execution via web shell upload - APPRENTICE
2:18
AmirHossein Soltani
Authentication bypass via OAuth implicit flow - APPRENTICE
1:30
AmirHossein Soltani
Host header authentication bypass - APPRENTICE
1:23
AmirHossein Soltani
Basic password reset poisoning - APPRENTICE
4:55
AmirHossein Soltani
URL normalization - PRACTITIONER
1:17
AmirHossein Soltani
Web cache poisoning via a fat GET request - PRACTITIONER
2:52
AmirHossein Soltani
Parameter cloaking - PRACTITIONER
2:09
AmirHossein Soltani
Web cache poisoning via an unkeyed query parameter - PRACTITIONER
1:45
AmirHossein Soltani
Web cache poisoning via an unkeyed query string - PRACTITIONER
1:25
AmirHossein Soltani
Targeted web cache poisoning using an unknown header - PRACTITIONER
7:16
AmirHossein Soltani
Web cache poisoning with multiple headers - PRACTITIONER
7:32
AmirHossein Soltani
Web cache poisoning with an unkeyed cookie - PRACTITIONER
4:14
AmirHossein Soltani
Web cache poisoning with an unkeyed header - PRACTITIONER
5:26
AmirHossein Soltani
Flawed enforcement of business rules - APPRENTICE
4:10
AmirHossein Soltani
Inconsistent security controls - APPRENTICE
4:33
AmirHossein Soltani
Excessive trust in client-side controls - APPRENTICE
2:13
AmirHossein Soltani
Authentication bypass via information disclosure - APPRENTICE
2:09
AmirHossein Soltani
Source code disclosure via backup files - APPRENTICE
1:18
AmirHossein Soltani
Information disclosure on debug page - APPRENTICE
1:18
AmirHossein Soltani
Information disclosure in error messages - APPRENTICE
0:58
AmirHossein Soltani
Modifying serialized objects - APPRENTICE
2:22
AmirHossein Soltani
Manipulating WebSocket messages to exploit vulnerabilities - APPRENTICE
1:25
AmirHossein Soltani
Password reset broken logic - APPRENTICE
2:56
AmirHossein Soltani
2FA simple bypass - APPRENTICE
1:22
AmirHossein Soltani
Username enumeration via different responses - APPRENTICE
2:17
AmirHossein Soltani
Insecure direct object references - APPRENTICE
2:11
AmirHossein Soltani
User ID controlled by request parameter with password disclosure - APPRENTICE
2:01
AmirHossein Soltani
User ID controlled by request parameter with data leakage in redirect - APPRENTICE
1:44
AmirHossein Soltani
User ID controlled by request parameter, with unpredictable user IDs - APPRENTICE
1:12
AmirHossein Soltani
User ID controlled by request parameter - APPRENTICE
1:53
AmirHossein Soltani
User role can be modified in user profile - APPRENTICE
1:08
AmirHossein Soltani
User role controlled by request parameter - APPRENTICE
0:57
AmirHossein Soltani
Unprotected admin functionality with unpredictable URL - APPRENTICE
0:53
AmirHossein Soltani
Unprotected admin functionality - APPRENTICE
0:24
AmirHossein Soltani
Server-side template injection with information disclosure via user-supplied objects - PRACTITIONER
3:14
AmirHossein Soltani
Server-side template injection in an unknown language with a documented exploit - PRACTITIONER
1:00
AmirHossein Soltani
Server-side template injection using documentation - PRACTITIONER
1:12
AmirHossein Soltani
Basic server-side template injection (code context) - PRACTITIONER
3:07
AmirHossein Soltani
Basic server-side template injection - PRACTITIONER
3:32
AmirHossein Soltani
File path traversal simple case - APPRENTICE
0:47
AmirHossein Soltani
OS command injection, simple case - APPRENTICE
1:19
AmirHossein Soltani
Basic SSRF against another back-end system - APPRENTICE
3:30
AmirHossein Soltani
Basic SSRF against the local server - APPRENTICE
1:24
AmirHossein Soltani
Exploiting XXE to perform SSRF attacks - APPRENTICE
3:06
AmirHossein Soltani
Exploiting XXE using external entities to retrieve files - APPRENTICE
1:58
AmirHossein Soltani
CORS vulnerability with trusted null origin - APPRENTICE
5:27
AmirHossein Soltani
CORS vulnerability with basic origin reflection - APPRENTICE
4:14
AmirHossein Soltani
DOM-based cookie manipulation - PRACTITIONER
2:31
AmirHossein Soltani
DOM-based open redirection - PRACTITIONER
4:17
AmirHossein Soltani
DOM XSS using web messages and JSON.parse - PRACTITIONER
1:42
AmirHossein Soltani
DOM XSS using web messages and a JavaScript URL - PRACTITIONER
1:15
AmirHossein Soltani
DOM XSS using web messages - PRACTITIONER
1:14
AmirHossein Soltani
Clickjacking with a frame buster script - APPRENTICE
4:08
AmirHossein Soltani
Clickjacking with form input data prefilled from a URL parameter - APPRENTICE
2:19
AmirHossein Soltani
Basic clickjacking with CSRF token protection - APPRENTICE
2:38
AmirHossein Soltani
CSRF vulnerability with no defenses - APPRENTICE
2:58
AmirHossein Soltani
Reflected XSS into a JavaScript string with angle brackets HTML encoded - APPRENTICE
0:54
AmirHossein Soltani
Stored XSS into anchor href attribute with double quotes HTML-encoded - APPRENTICE
2:46
AmirHossein Soltani
Reflected XSS into attribute with angle brackets HTML-encoded #7 - APPRENTICE
1:30
AmirHossein Soltani
DOM XSS in jQuery selector sink using a hashchange event #6 - APPRENTICE
2:01
AmirHossein Soltani
DOM XSS in jQuery anchor href attribute sink using location.search source #5 - APPRENTICE
1:32
AmirHossein Soltani
DOM XSS in innerHTML sink using source location.search #4 - APPRENTICE
0:37
AmirHossein Soltani
DOM XSS in document.write sink using source location.search #3 - APPRENTICE
1:28
AmirHossein Soltani
Stored XSS into HTML context with nothing encoded #2 - APPRENTICE
0:55
AmirHossein Soltani
Reflected XSS into HTML context with nothing encoded #1 - APPRENTICE
0:33
AmirHossein Soltani
SQL injection vulnerability allowing login bypass #2 - APPRENTICE
0:23
AmirHossein Soltani
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data #1 - APPRENTICE
0:59