Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Authentication Vulnerabilities
Introduction
Course Introduction (2:31)
Course Slides and Scripts
Getting Help
Answering Your Questions (3:11)
Join the Discord Server
Authentication Vulnerabilities - Technical Deep Dive
Agenda (0:55)
What are Authentication Vulnerabilities (14:32)
How to Find & Exploit Authentication Vulnerabilities (8:58)
How to Prevent Authentication Vulnerabilities (4:18)
Additional Resources (0:45)
Lab Environment Setup
Lab Environment Setup (7:21)
Step-by-Step Guide
Hands-On Authentication Vulnerabilities Labs
Lab #1 Username enumeration via different responses (6:02)
Lab #2 2FA simple bypass (11:46)
Lab #3 Password reset broken logic (13:10)
Lab #4 Username enumeration via subtly different responses (9:23)
Lab #5 Username enumeration via response timing (13:58)
Lab #6 Broken brute-force protection, IP block (14:20)
Lab #7 Username enumeration via account lock (9:41)
Lab #8 2FA broken logic (9:36)
Lab #9 Brute-forcing a stay-logged-in cookie (17:13)
Lab #10 Offline password cracking (11:59)
Lab #11 Password reset poisoning via middleware (8:28)
Lab #12 Password brute-force via password change (25:08)
Lab #13 Broken brute-force protection, multiple credentials per request (16:46)
Lab #14 2FA bypass using a brute-force attack (9:54)
Thank you!
Thank you!
Course Introduction
Complete and Continue