Authentication Vulnerabilities - Lab #10 Offline password cracking | Short Version
In this video, we cover Lab #10 in the Authentication module of the Web Security Academy. This lab stores the user's password hash in a cookie. The lab also contains an XSS vulnerability in the comment functionality. To solve the lab, we obtain Carlos's stay-logged-in cookie and use it to crack his password. Then, we log in as carlos and delete his account from the "My account" page. Your credentials: wiener:peter Victim's username: carlos ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Secur... Web Security Academy Lab Exercise: https://portswigger.net/web-security/... Rana's Twitter account: / rana__khalil
▶︎
Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Short Version
▶︎
Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Short Version
▶︎
Authentication Vulnerabilities - Lab #7 Username enumeration via account lock | Short Version
▶︎
SSRF Lab 3 - Blind SSRF with out-of-band detection (2 Solution Methods)
▶︎
Password Cracker with Notepad!
▶︎
Most Devs Get API Authentication Wrong ?
▶︎
Authentication Vulnerabilities | Complete Guide
▶︎
Hacking Complex Passwords with Rules & Munging
▶︎
Passkeys Explained: Are They Actually Better Than Passwords?
▶︎
THESE Apps Are SPYING on You — Shut Them Off NOW!
▶︎
Passkeys SUCK (here’s why + how I use them)
▶︎
How The FBI Finds Your DELETED Files
▶︎
How To Think SO CLEARLY People Assume You're A Genius
▶︎
Broken Authentication - Offline Password Cracking
▶︎
Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version
▶︎
Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Short Version
▶︎
Authentication Vulnerabilities - Lab #1 Username enumeration via different responses | Short Version
▶︎
Attacking AI - Jason Haddix - NDC Security 2026
▶︎