Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.

Disclaimer: We are hacking the Generic University for educational purposes only. Generic University is a GitHub project that Katie has created to learn Cybersecurity and APIs. Do not hack a real university.

// University //
The Generic University on GitHub: https://github.com/InsiderPhD/Generic-University

// MENU //
00:00 - Coming up
01:16 - Katie's YouTube channel // Recommended playlists
02:31 - How to hack and change your grades // "Generic University"
03:26 - Generic University demo // Burp Suite
04:25 - API vulnerabilities // Bug bounty
07:50 - Generic University demo (continued)
21:27 - Thinking outside the box // Hackers mindset
25:34 - Katie's PhD
26:10 - Will AI take over?
29:42 - Advice for getting into cyber-security
34:01 - Recommended YouTube playlists
35:44 - Recommended sites and books
36:48 - Conclusion // Final words

// Videos discussed //
Everything API Hacking: https://www.youtube.com/watch?v=yCUQBc2rY9Y&list=PLbyncTkpno5HqX1h2MnV6Qt4wvTb8Mpol
Hacker Toolkit: https://www.youtube.com/watch?v=aN3Nayvd7FU&list=PLbyncTkpno5FsVJJHELcexexYp7tSSE0N
Burp for Beginners: https://www.youtube.com/watch?v=UgbYozI436M&list=PLbyncTkpno5FwsKpcaiXBvmG2r75RLGo3
OWASP Top 10 https://owasp.org/

// Books //
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF

// Free API hacking course //
APIsec Certified Expert Course: https://university.apisec.ai/

// Katie's Social //
Twitter: https://twitter.com/InsiderPhD
YouTube: https://www.youtube.com/c/InsiderPhD
Website: https://insiderphd.dev/
The Generic University on GitHub: https://github.com/InsiderPhD/Generic-University

// David's SOCIAL //
Discord: https://discord.gg/davidbombal
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Channel: https://www.youtube.com/davidbombal
YouTube Tech Channel: https://youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// Generic University Challenge //
Vulnerabilities:
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API5:2019 Broken Function Level Authorization
API6:2019 Mass Assignment
API7:2019 Security Misconfiguration

Your Goals:
- Find the emails of the administrator
- Brute force the API to find new endpoints
- Find out what grades everyone got in a class
- Edit someone's grade
- Make an account
- Access the GraphQL API
- Change another account's password
- Login to your account
- Access admin API
- Find out what vulnerabilities the IT admins have ignored
- Make your account an admin
- Access the admin control panel
- Fire a blind XSS in the admin control panel and validate with your new admin account
- Delete everything
- Restore everything

hacking university
hacking school
hack school
hack university
hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course

Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

#api #hack #hacking