RTV x Flare - An Introduction to Flare
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xXulBDmkxsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille
DC32 - Red Team Village x Core Team
Check out our amazing core team!
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DXklOoiJXVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Horizon3.ai
Thank you for being one of our platinum sponsors!
Additional information about Horizon3.ai can be obtained from https://www.horizon3.ai.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=kuviZ77aUB8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How did he use OSINT to find them?
Big thank you to Brilliant for sponsoring this video! To try Brilliant for free (for 30 days) and to get a 20% discount, visit: https://Brilliant.org/davidbombal
// Gary Ruddell's SOCIALS //
Twitter / X: https://x.com/thegaryruddell
LinkedIn: https://www.linkedin.com/in/thegaryruddell/
YouTube: https://www.youtube.com/@theGaryRuddell
Newsletter: https://www.switchfire.co/newsletter
Instagram: https://www.instagram.com/theGaryRuddell/
// YouTube Playlist REFERENCE //
Three Minute Thursday: https://www.youtube.com/watch?v=9BQAk72Lz8M&list=PLGVRVoFJSLuUtPxdMV862WdHn6Jv_Bi-f&pp=iAQB
// YouTube video REFERENCE //
Top 10 Free OSINT Tools: https://youtu.be/PRqOj5qM1ic
// David SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram:...
https://www.youtube.com/watch?v=rIBJedYtz68
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2
Creating a career roadmap for the cybersecurity beginner
Today's Cyber Work Hacks is for security novices, people just getting started in learning cybersecurity and looking for their career path. Professor Robert McMillen is an Infosec Skills path author, and he gives you some fantastic advice for making the decisions at the very beginning to help you steer your career to all the places you want to go! To get your cybersecurity career started, make sure to check out today's Cyber Work Hack.
0:00 - First starting out in cybersecurity
1:28 - Cybersecurity career map
5:41 - Advice for career road mapping
9:11 - Leaning into your interests via education
12:28 - Advancing your cybersecurity career
15:56 - Cybersecurity skills to learn
17:21 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View...
https://www.youtube.com/watch?v=S7CedOsDK74
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unknown & Hidden Cameras on the network? #shorts #airbnb #wifi #camera #spy #iphone #android
Big thank you to Fing for sponsoring this video.
You can easily find devices on your home network (WiFi and Wired) using Fing and then you can scan for open ports on those devices. You can also block them using the Fing desktop app.
Get a 25% discount for 6 months on a Fing Premium plan (expires 31 Dec 2024) using my link: https://davidbombal.wiki/4bn5HAH
#android #iphone #wifi
https://www.youtube.com/watch?v=ErfktdGLlhg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
CrowdStrike Global Outage (Crowd Struck) - ThreatWire
DESCRIPTION BOX
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
00:08 1 - Scattered Spider Arrest
00:28 2 - Furry Hacker Are Back
01:21 3 - CVE Of the Week
01:38 4 - CrowdStrike
07:29 - Outro
LINKS
🔗 Story 1: Scattered Spider Arrest
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/alphv-hackers-reveal-details-of-mgm-cyber-attack/
https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html
🔗...
https://www.youtube.com/watch?v=N8iOe5NwIAo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Own your cybersecurity mistakes | Cyber Work Podcast
Jonathan Gill, CEO of Panaseer, recounts a story from a past job that taught him a valuable business lesson that's stuck with him ever since: if you make a mistake, don't avoid it, point fingers or deny it. Own it, and make it good. Having the strength to say, “We made a mistake, and we'll do what we can to make it right for you,” ended up forging stronger business bonds than if the project had simply gone successfully the first time.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills...
https://www.youtube.com/watch?v=aj4HfNXyr7E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Straight or Cross Over? #shorts #ccna #ethernet #internet #wifi
#shorts #ccna #ethernet #internet #wifi
https://www.youtube.com/watch?v=2DCcEyPzVKk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Permission to Hack You: Illicit Consent Grant Attack
https://jh.live/alteredsecurity || Learn on-premise Active Directory & Azure Active Directory penetration testing and get certified with Altered Security! https://jh.live/alteredsecurity
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter...
https://www.youtube.com/watch?v=Bd3Tv_n9Kh4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 Trailer
DEF CON 32! The most influential hacker convention in the world. August 8-11, Las Vegas Convention Center. Online registration available until August 1 at shop.defcon.org. Otherwise, tickets can be purchased for cash at the door.
https://www.youtube.com/watch?v=_0kKEPLbLds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My best cybersecurity career advice: Jonathan Gill | Cyber Work Podcast
Jonathan Gill, CEO of Panaseer, has a whole bunch of different career advice, like determining your four types of talents — things you like doing, things you're good at, things that the world needs, and things that you can get paid to do — to more industry-specific advice from thought leaders.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home....
https://www.youtube.com/watch?v=9Z47K6p9p5w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why do C-suites instinctively fire the CISO when a breach happens? | Guest Jonathan Gill
Today on Cyber Work, Jonathan Gill, CEO of Panaseer, joins me to talk about the stress-filled role of the Chief Information Security Officer. Jonathan notes that the most challenging parts of a CISO's role, especially the CISO of a large, complex company, is the lack of full-view of the organization's assets and points of vulnerability. Jonathan tells us how Panaseer is working to create a trusted and validated system of record to ensure accurate and good faith recording of actions, strategies, and decisions to accept or mitigate business risks. All this, and a discussion of the CISO as one of the story-makers in the C-suite, today on Cyber Work!
0:00 - Firing CISO's after cybersecurity breaches
4:23 - First interest in cybersecurity and tech
7:41 - Working with cybersecurity leaders...
https://www.youtube.com/watch?v=bnrzVrQWImw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Hacked Who? PsExec Forensic Artifacts
https://jh.live/vanta || Prove your security compliance with Vanta! Get ,000 off with my link: https://jh.live/vanta
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram...
https://www.youtube.com/watch?v=VNacQn2XKLA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This is The Fastest Hacking & Recon Tool
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=7v6t6O0LMiY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Planning Red Team Operations | Scope, ROE & Reporting
Hey guys, HackerSploit here back again with another video. This video outlines the process of planning and orchestrating Red Team operations.
This video also outlines various Red Team resources, guides, and templates to plan and orchestrate a successful Red Team Operation.
//LINKS & RESOURCES
REDTEAM.GUIDE: https://redteam.guide/
The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/introduction-to-the-mitre-att-ck-framework/9127
//HACKERSPLOIT PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE...
https://www.youtube.com/watch?v=usDt-s2sACI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of AI: Hacking with AI and Exploiting AI Security Flaws
Big Thank You to Cisco for sponsoring my trip to Cisco Live and this video!
// Omar's SOCIALS //
LinkedIn: https://www.linkedin.com/in/santosomar/
X: https://x.com/santosomar
Cisco Blogs: https://blogs.cisco.com/author/omarsantos
Website: https://omarsantos.io/
// Books by Omar REFERENCE //
The AI Revolution in Networking, CyberSecurity, and Emerging Technologies, Edition 1:
US: https://amzn.to/3xHFaPT
UK: https://amzn.to/3VN5zDP
Beyond the Algorithm:
US: https://amzn.to/3W85fkw
UK: https://amzn.to/3VJcbDg
// Specific Blog ARTICLES //
https://blogs.cisco.com/security/enhancing-ai-security-incident-response-through-collaborative-exercises
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal...
https://www.youtube.com/watch?v=YZqiWFyq-OE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrowdStrike Outage Recovery with BitLocker
Watch the CrowdStrike incident video: https://youtu.be/E8RQVx2gBFc
https://www.youtube.com/watch?v=S-_jRSguUAo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrowdStrike Blew Up The Internet
Command to help fix: del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"
The CrowdStrike Reddit Thread: https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/
My Twitter Thread: https://x.com/_JohnHammond/status/1814178288220479565
CyFi10's Thread: https://x.com/CyFi10/status/1814188996471493050
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT...
https://www.youtube.com/watch?v=E8RQVx2gBFc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python input? #shorts #python #linux
#shorts #python #linux
https://www.youtube.com/watch?v=fR921dy8Ujk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mapping APT TTPs With MITRE ATT&CK Navigator
Hey guys, HackerSploit here back again with another video. This video will introduce you to the MITRE ATT&CK Navigator and will illustrate how it can be operationalized for planning and orchestrating Red Team operations.
MITRE ATT&CK Framework: https://attack.mitre.org/
MITRE ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker...
https://www.youtube.com/watch?v=hN_r3JW6xsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction To The MITRE ATT&CK Framework
Hey guys, HackerSploit here back again with another video. This video will introduce you to the MITRE ATT&CK framework and will illustrate how it can be operationalized for Red Team and Blue Team operations.
The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/introduction-to-the-mitre-att-ck-framework/9127
MITRE ATT&CK Framework: https://attack.mitre.org/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege...
https://www.youtube.com/watch?v=LCec9K0aAkM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Red Team Frameworks & Methodologies
Hey guys, HackerSploit here back again with another video. This video will introduce you to the various industry-standard frameworks and methodologies used by Red Teamers to plan and orchestrate successful Red Team operations.
The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/red-team-frameworks-methodologies/9126
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques...
https://www.youtube.com/watch?v=UafxorrS3mQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Flare
Thank you for being a Diamond sponsor! For additional information about Flare, please visit https://flare.io.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=7AON2imxy24
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My best cybersecurity career advice: George Shea | Cyber Work Podcast
Dr. Georgianna, or “George” Shea, is the chief technologist at the Foundation for Defense of Democracies' Center on Cyber and Technology Innovation. Shea's advice for young cybersecurity professionals: start learning to network early! And not just for job opportunities but to learn, grow, bounce ideas back and forth and more.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay...
https://www.youtube.com/watch?v=_jvM-r-QeVU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security@: Connect, Network, Share Ideas, and Collaborate
Security@ is coming to a location near you this year. Join us to learn how to take your cybersecurity program to the next level with HackerOne.
Learn More at https://www.hackerone.com/2024-security-global
https://www.youtube.com/watch?v=2kI4n-v9SE8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Retail Under Attack: HackerOne Customer Insights on Outsmarting Cybercriminals
For retail, a security breach costs .96M on average—and traditional security measures can't keep up with evolving threats. To protect your customer data and your reputation, proactive, always-on testing powered by ethical hackers is the way forward. Join this live Q&A with Swiss sportswear brand On and HackerOne to learn the real-world benefits and practicalities of a human-powered security testing program for retail and e-commerce.
You'll walk away knowing:
- The most significant threats facing retail and e-commerce—and how those threats are evolving.
- How to reduce risk by identifying and quickly remediating your most critical vulnerabilities—more signal, less noise.
- How human-powered security helps you keep pace with your rapidly expanding attack surface.
- How ethical...
https://www.youtube.com/watch?v=34IFNwOYMNs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
All AT&T Users Affected - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
00:11 1 - GitLab CI/CD Vulnerability
00:48 2 - Signal Plain Text Encryption Key
02:23 3 - SeigedSec is Shutting Down
03:36 4 - AT&T Data Breach
06:54 5 - Outro
LINKS
🔗 Story 1: GitLab CI/CD Vulnerability
https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/
https://www.darkreading.com/application-security/-gitlab-sends-users-scrambling-again-with-new-ci-cd-pipeline-takeover-vuln
🔗 Story 2: Signal...
https://www.youtube.com/watch?v=8jQ0k_ERM6Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Optiv
Thank you for being one of our sponsors!
Additional information about Optiv can be obtained from https://optiv.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=mbM3KEk8vxQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is cyber resiliency? | Cyber Work Podcast
Dr. Georgianna, or “George” Shea, is the chief technologist at the Foundation for Defense of Democracies' Center on Cyber and Technology Innovation. Shea describes the concept of cyber resiliency and how it's coming to augment and improve on the concept of cyber risk, as well as understanding the contingency plans if your system is breached and bad actors begin to attack.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with...
https://www.youtube.com/watch?v=EMtz0_gtRK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do you know your layers? #shorts #ccna #ethernet #internet
#shorts #ccna #internet
https://www.youtube.com/watch?v=Q42uMl4SH0o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
He Sent Me Minecraft Malware (Java Deobfuscation)
https://jh.live/snyk
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE...
https://www.youtube.com/watch?v=zsFVJCWOpb8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber resiliency and national defense | Guest Georgianna "George" Shea
Today on Cyber Work, I'm introducing you to Dr. Georgianna, or “George” Shea, the chief technologist at the Foundation for Defense of Democracies' Center on Cyber and Technology Innovation. Shea finds new and developing technologies and develops pilot programs for implementation in a variety of locales, including DoD, the government sector and critical infrastructure. We talk about Shea's first taste of security, learn what it's like to be knowledgeable in several dozen connected security spaces rather than being the all-knowing authority in one (and the knowledge that outside of the dozens you know, there are hundreds more to learn) and we answer the burning question: “Why don't any of my interns know what NIST is?” All this, and some more talk about the security of the U.S....
https://www.youtube.com/watch?v=xPsDzcjI2Vo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking Windows TrustedInstaller (GOD MODE)
https://jh.live/pwyc || Jump into Pay What You Can training at whatever cost makes sense for you! https://jh.live/pwyc
James Forshaw's blog post: https://www.tiraniddo.dev/2017/08/the-art-of-becoming-trustedinstaller.html
Reddit delirium: https://www.reddit.com/r/Windows10/comments/17m3cyr/how_does_one_become_trustedinstaller/
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT...
https://www.youtube.com/watch?v=Vj1uh89v-Sc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mounting Linux Disk Images in Windows
Learn how to mount Linux disk images in Windows using the Windows Subsystem for Linux (WSL). We'll tackle common issues and their fixes.
⌨️ Command used in the video:
sudo mount -o ro,loop,offset=[OFFSET],noload [IMAGE] /mnt/[MOUNTPOINT]
If you're mounting images containing Logical Volume Management (LVM) volumes, additional steps are required:
✅ Create a loop device from the disk image:
sudo losetup -f -P testimage.dd
Here, "-f" tells losetup to find the next available loop device, and "-P" forces the kernel to scan the partition table on the newly created loop device.
✅ Refresh LVM so that the new device appears:
sudo pvscan --cache
This command clears all existing physical volume online records first, then scans all devices on the system, adding physical volume online records...
https://www.youtube.com/watch?v=W_youhia4dU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to be Invisible Online using Expert OSINT techniques
Big shoutout to KASM for sponsoring this video. KASM workspaces supports the OSINT Community Efforts by providing the following products:
Kasm Community Edition: https://kasmweb.com/community-edition
Kasm Cloud OSINT: https://kasmweb.com/cloud-personal
Kasm Workspaces OSINT Platform for Professionals/: https://kasmweb.com/osint
Kasm Infrastructure/Apps for OSINT Collection: https://registry.kasmweb.com/1.0/
// MJ Banias' SOCIALS //
LinkedIn: https://www.linkedin.com/in/mjbanias
Cloak and Dagger Podcast (Spotify): https://open.spotify.com/show/6mT8zDMBq5gOfAVZi47pT3
The Debrief: https://thedebrief.org/podcasts/
Instagram: https://www.instagram.com/mjbanias/
X: https://x.com/mjbanias
Website: https://www.bullshithunting.com/
// Ritu Gill' SOCIALS //
LinkedIn: https://www.linkedin.com/in/ritugill-osinttechniques/
OSINT...
https://www.youtube.com/watch?v=QzmWzslT6QM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
They took his computer. That didn't stop him from hacking Rockstar Games and leaking GTA 6
Big thank you to Hostinger for sponsoring this video! Go here to sign up: https://hostinger.com/davidbombal
To receive an additional 10% discount on a Hostinger VPS, use my coupon code: DAVIDBOMBAL
// Amazon Firestick Hostinger PDF //
https://davidbombal.wiki/firestick
// David SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// MENU //
00:00...
https://www.youtube.com/watch?v=U5uTRZIEeY0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI Insecure Storage - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
1 - OpenAI Pulled A Recall
2 - Twilio MFA Compromised
3 - Outro
LINKS
🔗 Story 1: OpenAI Pulled A Recall
https://www.threads.net/@pvieito/post/C85NVV6hvF6?xmt=AQGz0o3JtBOwk1nfUgk8lvxQoIV8E92xz1vK1IP8VC6zhA
https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text
🔗 Story 2: Twilio MFA Compromised
https://www.techradar.com/pro/security/twilio-data-breach-gets-a-whole-lot-worse-as-it-confirms-hackers-accessed-authy-user-phone-numbers
https://techcrunch.com/2024/07/03/twilio-says-hackers-identified-cell-phone-numbers-of-two-factor-app-authy-users/
https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS
https://www.twilio.com/en-us/changelog/end-of-life--eol--of-twilio-authy-desktop-apps
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our...
https://www.youtube.com/watch?v=L0IBbmmaMiU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using the CEH to create an ethical hacker career path
Infosec and Cyber Work Hacks are helping train the red teamers and blue teamers of tomorrow with our boot camps and study materials for the CEH exam. But how does ethical hacking proficiency translate into a satisfying career? Infosec's CEH boot camp instructor Akyl Phillips has plenty of strategies to help you get focused and stay focused on your studies, some excellent tips for keeping on top of the latest security changes and innovations, and how you're going to push past uncertainty and into the work of putting one foot in front of another in your quest to become a bona-fide, in-demand ethical hacker! Keep the enthusiasm up when you check out today's Cyber Work Hack.
0:00 - Ethical hacker career
1:57 - Testing for the CEH certification
2:55 - Career paths to pursue with CEH certification
5:08...
https://www.youtube.com/watch?v=bQqpCnjtz0A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP API Security Project - Paulo Silva & Erez Yalon
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=hn4mgTu5izg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting cybersecurity vulnerabilities on legacy systems | Cyber Work Podcast
Etay Maor, chief security strategist with Cato Networks, describes his company's new way to detect vulnerability exploitations on legacy systems that can't be taken offline and patched, such as certain key healthcare systems.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop...
https://www.youtube.com/watch?v=BtGSatP1t6Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud-Squatting: The Never-ending Misery Of Deleted & Forgotten Cloud Assets - Abdullah Al-Sultani
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=Q6cjhc7SszA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Growing A Security Champion Program Into A Security Powerhouse - Bonnie Viteri
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=Y0mJuAdi9DY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP SAMM: Interactive Introduction And Update - Seba Deleersnyder & Bart De Win
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=YHGrInrptPQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP Coraza Web Application Firewalls Revisited - José Carlos Chávez
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=cTnStYlDII4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dawn Of The Dead: The Tale Of The Resurrected Domains - Pedro Fortuna
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=fon4GR38f0s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP SamuraiWTF - Kevin Johnson
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=gorm_CTI-2w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 AppSec Stories, And What We Can Learn From Them - Paul Molin
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=kwmcOeCkYc0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Can Traditional Web App Security Learn From Browser Wallet Extensions? - Gal Weizman
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=v-kPsabcrQc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Closing Ceremony - OWASP Board
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=vPbpekMj63Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Theory To Practice: Navigating The Challenges Of Vulnerability Research - Raphael Silva
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=ztCqvSraC78
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Assessing 3rd Party Libraries More Easily With Security Scorecards - Niels Tanis
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=BZy5UaiAMDY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XZ Backdoor: Navigating The Complexities Of Supply Chain Attacks Detected By Accident - Yoad Fekete
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=CrhVXicHZJk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP Developer Guide - Shruti Kulkarni
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=EV8bwXQNnfI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing The Gateway And Mitigating Risks In LLM API Integration - Ayush Agarwal & Avneesh Hota
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=EskNEyszu90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Connect to a Cisco Switch and Router Using Putty (CCNA) #shorts #ccna #cisco #console
#shorts #ccna #cisco
https://www.youtube.com/watch?v=PJLOZIAeZR8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My best cybersecurity career advice: Etay Maor | Cyber Work Podcast
Etay Maor, chief security strategist with Cato Networks, shares his two pieces of career advice.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness...
https://www.youtube.com/watch?v=jnMoQKZtEP0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Did you know this about Mac Windows? #shorts #windows #apple #tricks
#shorts #apple #tricks
https://www.youtube.com/watch?v=4dK3XHDBYc0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live Recon: Hacking With STOK
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
👨🏼💻 Access the Trickest public data 👉🏼 https://trickest.io/dashboard/solutions
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023...
https://www.youtube.com/watch?v=-U1yTtCsnZY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x White Knight Labs
Thank you for being one of our platinum sponsors!
Additional information about White Knight Labs can be obtained from https://whiteknightlabs.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=QQD0SJwJG8A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why is Log4J still so successful? | Guest Etay Maor
Today on Cyber Work, I talked with Etay Maor, Chief Security Strategist with Cato Networks. Etay is a founding member of the Cato Cyber Threats Research Lab, or CTRL — see what they did there? — and he joins me to talk about their first CTRL report on attack patterns and methods. We're going to talk about the most common attack vectors, why Log4J still rules the roost even against newer and flashier exploits, and we go deep into the many paths you can take to become a threat researcher, threat analyst, reverse engineer, and lots more. That's all on today's episode of Cyber Work!
0:00 - Intro
4:10 - First interest in cybersecurity and tech
5:15 - Becoming chief security strategist
8:15 - Working in cybersecurity project management
12:07 - Hacker targets and AI
15:04 - The dark web...
https://www.youtube.com/watch?v=hKIjQAGKIsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do you know what a Python variable is? #shorts #python #linux
#shorts #python #linux
https://www.youtube.com/watch?v=xvl3Ll1wvG4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live Recon: Hacking Tinder's Bug Bounty Program (with @Rhynorater)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
👨🏼💻 Access the Trickest public data 👉🏼 https://trickest.io/dashboard/solutions
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023...
https://www.youtube.com/watch?v=IWIchfPJUGo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live Recon: Hacking Dell's Bug Bounty Program
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
👨🏼💻 Access the Trickest public data 👉🏼 https://trickest.io/dashboard/solutions
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023...
https://www.youtube.com/watch?v=9mdLNRD0IEI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Policy Preview
Here is quick read ahead of what you can expect to see at this year's Policy @ DEF CON event. Harley Geiger takes us through what to expect and how “ AI will quantum all of your blockchains.” Come and hang out after the days events on Friday and Saturday night for our policy mixer event starting at 6:30pm in Room 237!
https://www.youtube.com/watch?v=98XKZc-X15A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Game Hacking With Squally #gamehacking
Buy Squally & Learn Game Hacking at https://guidedhacking.com/squally
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#reverseengineering #gamehacking
squally game hacking tutorials
game hacking bible
squally game hacking course
game hacking courses
guidedhacking squally
guided hacking
squally game hacking
guidedhacking.com
game hacking website
game hacking websites
squally game hacking tutorials
squally game hacking bible
https://www.youtube.com/watch?v=sYCjQQkKIJs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How do you do that? Diagrams #shorts #ccna #iphone #kalilinux
#ccna #iphone #wifi
https://www.youtube.com/watch?v=LeDXhqNnfAw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Update your OpenSSH ASAP - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
00:00 0 - INTRO
00:12 1 - Rabbits vs Hackers
04:57 2 - Polyfill Supply Chain Attack
07:16 3 - OpenSSH RCE Found
09:08 4 - OUTRO
LINKS
🔗 Story 1: Rabbits vs Hackers
https://rabbitu.de/articles
https://x.com/xyz3va/status/1801201370843750708
https://www.rabbit.tech/security-investigation-062524
🔗 Story 2: Polyfill Supply Chain Attack
https://sansec.io/research/polyfill-supply-chain-attack
https://x.com/triblondon/status/1761852117579427975
https://web.archive.org/web/20240625212549/https://github.com/formatjs/formatjs/issues/4363
https://web.archive.org/web/20240229113710/https://github.com/polyfillpolyfill/polyfill-service/issues/2834
🔗...
https://www.youtube.com/watch?v=3X5a_mNynDw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You seen these before? #shorts #ccna #ethernet #internet
#shorts #ccna #internet
https://www.youtube.com/watch?v=arLfv7j6N6I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Restrictions in cybersecurity for Black people | Cyber Work Podcast
David Lee, the Identity Jedi, drops a bunch of knowledge about the unspoken restrictions, financial and access-driven, that keep Black candidates from getting into cybersecurity, or even having the wherewithal to apply for jobs. Hint: I don't want to say it's about paying for Wi-Fi, but… it's about paying for Wi-Fi.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe...
https://www.youtube.com/watch?v=CT29TaI8YxI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My best cybersecurity career advice: David Lee | Cyber Work Podcast
David Lee, the Identity Jedi, has some career advice: always make sure you're running toward something rather than away from something.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient...
https://www.youtube.com/watch?v=TDubqXm2TN8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Panel | Going Dark: DOS'ing Yourself for the Better
SANS Ransomware Summit 2024
Panel | Going Dark: DOS'ing Yourself for the Better
Ryan Chapman, Certified Instructor, SANS Institute
Stephanie Regan, Principal Cybersecurity Incident Response Consultant, Unit 42 by Palo Alto Networks
Michael Rogers, Senior Director Technical Advisory Services, MOXFIVE
Jim Walter, Senior Threat Researcher, SentinelLabs, SentinelOne
Aaron Walton, Threat Intel Analyst, ExpelJohn Hammond, Research & Development Threat Operations, Huntress
This panel discussion is designed to equip attendees with effective strategies for ransomware defense while emphasizing the importance of mastering the basics.
Commencing with the crucial role of employee education, the session guides participants in cultivating a security-conscious culture for vigilant employees. The discussion...
https://www.youtube.com/watch?v=TA4Tr-08QZs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Atomic Ransomware Emulation
Being able to replicate ransomware TTPs is a critical component of a security operations continual training program. Often, access to tools to emulate these TTPs are not readily available, and the time necessary to deploy can eat up what little training time the team has. In this presentation, Gerard will walk attendees through leveraging the open-source threat emulation tool Atomic Red Team to simulate ransomware threat actors TTPs and provide a construct for continual training and drilling. The major topics will include: - An overview of Atomic Red Team: This will include how to quickly set up a test harness and begin testing on a Windows endpoint. - Using threat intelligence: Open source intelligence such as CISA or theDFIRreport.com provide comprehensive analysis of ransomware attack TTPs....
https://www.youtube.com/watch?v=x4F55KLhD5Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keynote | Behind the Screens: Decrypting the Ransomware Diaries
In this talk, I will discuss the process behind creating the Ransomware Diaries. I will share the methods and strategies I use in my research, which often involve encounters with criminals. Expect to hear previously undisclosed details about my adventures!
Additionally, I'll outline how to build trust with threat actors and how to use the information obtained, including falsehoods, in combination with Cyber Threat Intelligence (CTI) to uncover the truth.
Threat actors, like us, are human, flawed, and have vulnerabilities. I will share how to identify these weaknesses and manipulate criminals to disclose details that would otherwise remain hidden. Lastly, I'll explain how to correlate and discover unique insights by using the information gathered from these criminal interactions.
View upcoming...
https://www.youtube.com/watch?v=qRu4QeYKDZE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Data Leak Sites: The Uncomfortable Truths
Openly available ‘data leak sites' are standard operating procedures for modern ransomware/extortion threat actors. Hosting huge swaths of accessible and searchable data brings about many uncomfortable challenges. This includes organizations (or employees within) being exposed possessing illicit (unlawful) data and imagery. Downstream customer data is frequently compromised in the case of IAM targeting. Victims of these attacks have a seriously compounded problem once their data is presented for all to see. Not to mention, the threat actors use these opportunities as extra points of leverage. What are the legal issues that arise when companies are unwantedly hosting unlawful material (which is subsequently exposed on a DLS)? Just how complex do things get when IAMs are compromised, and...
https://www.youtube.com/watch?v=3aCXW7KF2Mk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strategies for Active Defense against Pre-Ransomware and Ransomware Attacks
SANS Ransomware Summit 2024
Defending Against the Cyber Siege: Strategies for Active Defense against Pre-Ransomware and Ransomware Attacks
Syed Zaidi, Senior Incident Response Analyst, Sophos
As the threat landscape continues to evolve, organizations face an ever-growing risk of falling victim to ransomware attacks. These malicious attacks not only jeopardize sensitive data but also threaten business continuity and financial stability. In this talk, we delve into the proactive strategies essential for defending against both pre-ransomware and active ransomware attacks. This presentation has 2 sections. In the face of an imminent ransomware attack, organizations are thrust into a race against time to enact swift and decisive measures within the critical first 24 hours. This section of the...
https://www.youtube.com/watch?v=Rp17CqifxW4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evolution of Ransomware Tactics in 2023: Insights from The DFIR Report
Ransomware goals and objectives have largely remained unchanged, but the underpinning tradecraft has been evolving to counter defensive measures. Throughout 2023, The DFIR Report investigated and analyzed numerous ransomware attacks, uncovering a wealth of valuable insights. In this presentation, we delve into the intriguing tools and techniques that emerged over the past year, from access, lateral movement to methods of concealment. Our discussion will not only highlight these advancements but also shed light on proactive detection methodologies aimed at identifying malicious activity in the early stages of the attack lifecycle.
Join us as we explore the evolving landscape of ransomware tactics and strategies, providing actionable insights for bolstering cybersecurity defenses.
- Lateral...
https://www.youtube.com/watch?v=NDBAuXnFGBM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Running Wild in the Cloud
Threat actors evolved their methods conducting ransomware attacks in the cloud and on-premise during 2023 and show no signs of stopping. This discussion addresses initial access factors and threat actor trends associated with cloud ransomware attacks, including a shift to server-side exploits and prioritization of data exfiltration over data encryption. Content also includes notable incidents, attack models, and examples of how threat actors are adapting their methods to conduct ransomware attacks in the cloud. This presentation is based on technical research and analysis derived from multiple sources, including Google Cloud teams and the cybersecurity industry. Attendees will gain increased awareness of threat actor activity used to conduct ransomware attacks in the cloud along with multiple...
https://www.youtube.com/watch?v=TJukruHjMJg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking Cyber Shadows: A Tactical Approach to Hunting Ransomware TTPs
2023 was another record breaking year for ransomware. We saw many notable attacks this year. The ransomware attack on the City of Dallas in May orchestrated by the Royal ransomware group led to shutdown and disruption of many services in the city and data exfiltration that impacted approximately 26000 people. The MOVEit exploitation by Cl0p in May turned out to be the biggest cyberattack story of the year that affected more than 600 organizations worldwide. We then saw ransomware attacks on the two biggest names on the Las Vegas Strip in September followed by the fallout of a ransomware attack on ICBC, China's largest bank. Research suggests that there is a significant dwell time before ransomware is deployed. Although the dwell time has reduced over the last couple of years from months to...
https://www.youtube.com/watch?v=076viDteyjk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Never store your passwords & keys like this! #shorts #passwords #cybersecurity
#shorts #passwords #cybersecurity
https://www.youtube.com/watch?v=4S5qIklNCRc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
All about identity access management with the Identity Jedi | Guest David Lee
How does a childhood curiosity turn into a groundbreaking career in identity and access management? Join us for an engaging conversation with David Lee, the Identity Jedi, as he recounts his fascinating journey from tinkering with computers as a child to becoming a sought-after expert in IAM. Lee shares the pivotal moments and unexpected opportunities that transformed his career, providing invaluable insights for anyone looking to break into the cybersecurity field. We explore the essential technical and soft skills that have propelled Lee to the forefront of his industry, along with his unique strategies for navigating complex IAM landscapes.
0:00 - Identity Access Management (IAM)
3:04 - First interest in cybersecurity
8:32 - Identity and access management cybersecurity
13:38 - Computer...
https://www.youtube.com/watch?v=sWc2m5OnsVc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nmap basic scan with HackerD #shorts #nmap #kalilinx
Learn a lot more in this video: https://youtu.be/F2PXe_o7KqM
#shorts #nmap #kalilinx
https://www.youtube.com/watch?v=qzRW3O7JIVM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I SCANNED EVERY BUG BOUNTY PROGRAM
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=Se_eYMSPMEU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction To Red Teaming
Hey guys, HackerSploit here back again with another video. This video will introduce you to red teaming, and explain its origins and adoption in offensive cybersecurity. You will also learn about the key differences between Red Teaming and Penetration Testing. You will also be introduced to the various roles and responsibilities within a red team, including the red team operator and red team lead. Whether you're a beginner or looking to deepen your knowledge, this video provides a comprehensive overview to get you started on your red teaming journey.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN...
https://www.youtube.com/watch?v=rHxYZwMz-DY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Job search scams and how to avoid them | Hacker Headlines
Job hunting can be stressful: the dozens or even hundreds of applications, the interviews, the waiting for updates. And then there's the possibility that the job posting isn't even legitimate. Hackers and scammers can use fake job ads to steal your personal information and your money.
In this episode of Hacker Headlines, Infosec's VP of Portfolio Product Strategy, Keatron Evans, will cover common job search scams and security tips to avoid them.
Learn more about Hacker Headlines and the Infosec IQ security awareness platform by scheduling your demo today: https://www.infosecinstitute.com/form/iq-demo/
About the Series:
Cybersecurity is constantly evolving, and continuous training that tackles today's latest threats is needed to keep your organization cyber secure. This is...
https://www.youtube.com/watch?v=XUGNNv16Q9o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Speed Up Pentest Report Writing
https://jh.live/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://jh.live/plextrac 😎
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter...
https://www.youtube.com/watch?v=0mH6JngtNoM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ELF File Format Explained
🔥 Learn How The ELF File Format Works
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Learn More: https://guidedhacking.com/threads/elf-file-format-explained.20619/
❤️ Thank You to Malcore: https://link.malcore.io/redirect/guidedhacking
👨💻 Script & Visuals by rexir: https://guidedhacking.com/members/280340/
👩💻 Narration by wahsami: https://guidedhacking.com/members/wahsami.278740/
📜 Video Description:
What is the ELF File Format?
The ELF (Executable and Linkable Format) is a standard file format used in Unix-like operating systems for executables, object code, shared libraries, and core dumps. It is designed to support...
https://www.youtube.com/watch?v=9uWMr3wdadM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kaspersky is the New Tiktok - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
00:09 1 - Major ASUS Vulnerabilities Found
01:09 2 - Cryptocurrency Bug Bounty Program
03:56 3 - Your Password is Vulnerable
05:43 4 - US Bans Foreign Software
09:25 5 - Outro
LINKS
🔗 Story 1: Major ASUS Vulnerabilities Found
https://arstechnica.com/security/2024/06/high-severity-vulnerabilities-affect-a-wide-range-of-asus-router-models/
https://censys.com/june-20-improper-authentication-vulnerability-in-asus-routers/
https://thehackernews.com/2024/06/asus-patches-critical-authentication.html
https://www.asus.com/content/asus-product-security-advisory/
🔗...
https://www.youtube.com/watch?v=-rN5woh_Ey0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking Large Corporations (Recon)
Use code NahamSec10 to get 10% off from Pentest-Tools ⚒️ https://shorturl.at/GQGBH
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
hakrevdns by hakluke | https://github.com/hakluke/hakrevdns
tlsx by Project Discovery | https://github.com/projectdiscovery/tlsx
Use UPDATE50OFF to get 50% off of my beginner bug bounty course + labs bugbounty.nahamsec.training
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking...
https://www.youtube.com/watch?v=oMTO4hAZPl0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
So Hack The Box Made a Web Cert?
https://jh.live/htb-cwee || Try the Certified Web Exploitation Expert from HackTheBox. https://jh.live/htb-cwee
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram...
https://www.youtube.com/watch?v=z-vSj9iuK_U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continuous Security with HackerOne Bug Bounty: Cyber Defense Done Right
Relying solely on internal teams and automated tools can leave crucial vulnerabilities overlooked. Traditional methods struggle to keep up with limited resources, evolving threats, and complex systems.
Enter HackerOne Bounty: Leveraging the expertise of the world's largest ethical hacker community, we offer proactive, continuous testing of your digital assets. Our custom-tailored bug bounty programs connect you with top-tier security researchers—and offer financial rewards to incentivize these creative minds to uncover novel and elusive vulnerabilities in your systems.
Visit https://www.hackerone.com/solutions/continuous-security-testing for more information.
https://www.youtube.com/watch?v=zwDo2b4Oa5g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop Scammers from Controlling Your Computer
https://jh.live/xforce || Learn more about threat intelligence and bolster your security posture with IBM X-Force! https://jh.live/xforce
Read their Threat Intelligence Index: https://jh.live/xforce-tii
Learn more about X-Force: https://jh.live/xforce-info
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW...
https://www.youtube.com/watch?v=eqYsffgrl1g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Favorite API Hacking Vulnerabilities & Tips
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://app.hackinghub.io/hubs/nahamsec-bug-bounty-course
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting Full Time - https://youtu.be/watch?v=ukb79vAgRiY
Hacking An Online Casino...
https://www.youtube.com/watch?v=3Z2STZGqvc4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What was it like? #gamehacking
He's right you know 👆
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#reverseengineering #gamehacking
game hacking tutorials
game hacking bible
game hacking course
game hacking courses
guidedhacking
guided hacking
game hacking
guidedhacking.com
game hacking website
game hacking websites
game hacking tutorials
game hacking bible
https://www.youtube.com/watch?v=a1fDB0rSaxs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentesting Diaries 0x1 - SQL Injection 101
Hey guys, HackerSploit here back again with another video, Welcome to the all-new pentesting diaries series. Pentesting Diaries is a weekly video series, where I will be exploring various pentesting techniques and tools, with the primary objective of demystifying them to provide you with a deeper, more holistic understanding of how specific attack techniques work, what tools to use and how to correctly use these tools to optimize your efficiency.
The lab used in this video can be accessed for free on the CYBER RANGES platform. The links to the platform and lab are listed below:
// CYBER RANGES
CYBER RANGES: https://app.cyberranges.com
SQL Injection Lab: https://app.cyberranges.com/scenario/59bb8cec8b68ef17d2962512
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY...
https://www.youtube.com/watch?v=fwXRVeIjs-w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Leader Arrested - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
00:12 1 - Two Final Updates
02:26 2 - 💻📄➡️👾👹
04:24 3 - Scattered Spider Is Scattered No More
05:18 4 - Outro
LINKS
🔗 Story 1: Two Final Updates
https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/
🔗 Story 2: 💻📄➡️👾👹
https://www.techworm.net/2024/06/hackers-discord-emojis-command-linux-malware.html
https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/
🔗...
https://www.youtube.com/watch?v=4Wwq4xXlZ1A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Tokyo w/ Paypal
https://www.youtube.com/watch?v=qSGzVytzJc4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2024: Sluicing Scripts | @TomNomNomDotCom@TomNomNomDotCom
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
Hacking the web often means you need data. A lot of that data is in JavaScript, but JavaScript is a hot mess. Let's take a look at some tools and tricks to make some sense of that mess, build hyper-focused wordlists, and find the deepest, darkest nooks and crannies of web applications without reading megabytes of source code.
📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
💻 If you want to practice soem of my free labs and challenges: app.hacking.hub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black...
https://www.youtube.com/watch?v=6zgMglfSZkI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Favorite Ethical Hacking Books
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📖 MY FAVORITE BOOKS:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - https://amzn.to/3KNFrns
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Real-World Bug Hunting: A Field Guide to Web Hacking - https://amzn.to/4cmYKQ3
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
Black Hat Python - https://amzn.to/3XpXW8Y
The Hacker Playbook: Practical Guide To Penetration Testing
- https://amzn.to/3zcRl7y
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some...
https://www.youtube.com/watch?v=SWXDST3arF0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Course! Investigating Linux Devices
Check out Investigating Linux Devices, a comprehensive Linux forensics training course from 13Cubed! Starting with fundamental principles, Investigating Linux Devices rapidly progresses to encompass log analysis, file systems, persistence mechanisms, memory forensics, live response, and more! This course offers extensive hands-on practice and a capstone involving the analysis of a compromised system. Tailored for both beginners and seasoned professionals, it serves as an ideal resource for mastering Linux forensics!
🎉 Enroll today at training.13cubed.com!
#Forensics #DigitalForensics #DFIR #LinuxForensics
https://www.youtube.com/watch?v=4sRFu_QTkXM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV x BC Security - An Introduction to CTFs
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=t5X8ONopEVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
APT Malware (advanced persistent threat)
https://jh.live/snyk || Try Snyk for free and find vulnerabilities in your code and applications! ➡ https://jh.live/snyk
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔...
https://www.youtube.com/watch?v=dtZaXP6W3fA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2024: Practical AI for Bounty Hunters | @jhaddix
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
There's a lot of hype around AI at the moment. Join Jason Haddix (@jhaddix) as he cuts through all the BS to show you 5 practical ways to use AI to supercharge your bounty hunting RIGHT NOW. Jason will cover AI for Recon, JavaScript analysis, Vulnerabilty Discovery, Payload Generation, and Reporting.
📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
💻 If you want to practice soem of my free labs and challenges: app.hacking.hub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next...
https://www.youtube.com/watch?v=DqgterfPHzg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Recall got Recalled - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
00:12 1 - PHP is Vulnerable - Again!
01:21 2 - What is Happening with Snowflake?
05:24 3 - Jakoby
06:19 4 - Recall Update
08:04 5 - Outro
LINKS
🔗 Story 1: PHP is Vulnerable - Again!
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
https://www.securityweek.com/php-patches-critical-remote-code-execution-vulnerability
🔗 Story 2: What is Happening with Snowflake?
https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
https://techcrunch.com/2024/06/07/snowflake-ticketmaster-lendingtree-customer-data-breach/
https://techcrunch.com/2024/05/31/live-nation-confirms-ticketmaster-was-hacked-says-personal-information-stolen-in-data-breach/
https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-breach-selling-data-for-30m-customers/
https://www.theverge.com/2024/6/3/24170876/snowflake-ticketmaster-santander-data-breach-details
https://www.securityweek.com/snowflake-attacks-mandiant-links-data-breaches-to-infostealer-infections/
🔗...
https://www.youtube.com/watch?v=xy14cXRbpG0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Day in the Life of an Ethical Hacker/Penetration Tester
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
Ever wondered what a day in life of a pentester looks like? What are some of the parts of the jobs that are fun and what isn't as fun or enjoyable? Well don't worry, I got you!
Check out Astra for yourself here: https://www.getastra.com/continuous-pentest-and-dast
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs -...
https://www.youtube.com/watch?v=PNcqD52hs7Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealing Computer Passwords on Login
https://jh.live/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://jh.live/plextrac 😎
https://www.linkedin.com/pulse/getting-windows-passwords-cleartext-aleem-ladha/
https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝...
https://www.youtube.com/watch?v=FYpsHwkuQiw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2024: .js Files Are Your Friends | @zseano
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
I am a big fan of sticking to one program and learning as much as possible and diving in deep, so in this talk I will discuss the importance of hunting through .js files to look for more endpoints and interesting code which can potentially help you discover even more bugs.
📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
💻 If you want to practice soem of my free labs and challenges: app.hackinghub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿...
https://www.youtube.com/watch?v=fQoxjBwQZUA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XSS in PDF.js (CVE-2024-4367) - "Upload" [Akasec CTF 2024]
Video walkthrough for the "Upload" web challenge from Akasec CTF 2024. The challenge involved server-side XSS (dynamic PDF) using a recent exploit (CVE-2024-4367) and SSRF! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Akasec #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec
Write-ups: https://crypto-cat.gitbook.io/ctf-writeups/2024/akasec_24/web/upload
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
GitBook: https://crypto-cat.gitbook.io
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Akasec CTF 2024↣
https://ctf.akasec.club
https://ctftime.org/event/2222
https://discord.gg/6yyzBnZP2e
https://twitter.com/akasec_1337
https://www.linkedin.com/company/akasec-1337
↢Resources↣
Ghidra:...
https://www.youtube.com/watch?v=XrSOaHoeJCo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This 'Realistic' Web CTF Was Impossible!
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
This video is a walkthrough of the #NahamCon2024 Mission which includes some cool JWT and recon tricks, API hacking, SSRF, and SQLi!
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice soem of my free labs and challenges: https://app.hackinghub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023...
https://www.youtube.com/watch?v=E2p1iLIR9Cw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Recall (was) a Security Nightmare
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
AmperageKit - Unlock Recall: https://github.com/thebookisclosed/AmperageKit?tab=readme-ov-file
ARM VM on Azure: https://learn.microsoft.com/en-us/windows/arm/create-arm-vm
Total Recall: https://github.com/xaitax/TotalRecall
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔...
https://www.youtube.com/watch?v=JujkOmvbgGw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2: XML External Entity Injection (XXE) - Gin and Juice Shop (Portswigger)
XML External Entity Injection (XXE) - Episode 3 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit:...
https://www.youtube.com/watch?v=hixTxzYDuDg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2024: OAuth Secret | @BugBountyReportsExplained
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
For many hackers, changing the redirect_uri to an attacker-controlled host is the only attack they know. But in 2024 it won't work. We have to work harder - exploit and chain multiple smaller bugs together to get the account takeover. Those chains will be the topic of this talk.
📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
💻 If you want to practice soem of my free labs and challenges: app.hacking.hub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs -...
https://www.youtube.com/watch?v=n9x7_J_a_7Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware Analysts can now EASILY Debloat Malware
Check out Debloat: https://github.com/Squiblydoo/debloat
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE...
https://www.youtube.com/watch?v=q4Y5rqGnvE4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - Jayson Street - Keynote
Keynote presentation from DEF CON 31 DCGVR Village
https://www.youtube.com/watch?v=PGxV_bmpe-E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - Abhijeet Singh - Taking Down Applications With Logic
Presentation from DEF CON 31 DCGVR Village
https://www.youtube.com/watch?v=fRxsKouHqPE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - JBO - The Curse Of The Ncurses
Presentation from DEF CON 31 DCGVR Village
https://www.youtube.com/watch?v=M0kevYIclXc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - Joe Mast - Bootsquad
Presentation from DEF CON 31 DCGVR Village
https://www.youtube.com/watch?v=EFqVFnE94Yw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - datalocaltmp - VR Workspaces
presentation from DEF CON 31 DCGVR Village
https://www.youtube.com/watch?v=5y9HhDp3MHQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - Squiddy - Gender Inclusive Health Information System
Presentation from DEF CON 31 DCGVR Village
https://www.youtube.com/watch?v=1GhjlFnRnHk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - Sam Colaizzi - Hey Crypto Bro
Presentation from the DEF CON 31 DCGVR Village
https://www.youtube.com/watch?v=u3-wQbYve3A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - hoodiepony - Ghost On The Wire
Talks from the DEF CON 31 DEF CON Groups Virtuality Village
https://www.youtube.com/watch?v=6ATtAmOhdE0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
privacy 🤣 #protonmail #vpn #privacy
Buy Our Courses 👨💻 https://guidedhacking.com/register/
Donate on Patreon 💰 https://patreon.com/guidedhacking
Follow us on Social Media ❤️ https://linktr.ee/guidedhacking
✏️ Tags:
#protonmail #protonvpn #privacy
protonmail meme
proton mail meme
protonvpn
proton vpn
I use protonmail to that the feds can't track! meanwhile the feds meme
protonmail memes
vpn memes
privacy obsessed people are mentally ill
privacy tools
https://www.youtube.com/watch?v=q4F0kdZSA10
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2024: Deep Dive Into AWS Instance Metadata | @congon4tor
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
This talk will deep dive into instance metadata in a variety of AWS services (EC2, ECS, EKS). From the most basic to more advanced scenarios in container environments allowing you to increase the impact of your bugs.
📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
💻 If you want to practice soem of my free labs and challenges: app.hacking.hub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty...
https://www.youtube.com/watch?v=pa0wYm2sJbs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI Stops World's Largest Botnet
https://jh.live/flare || Track down shady sellers, hunt for cybercrime, or manage threat intelligence and your exposed attack surface with Flare! Start a free trial and see what info is out there: https://jh.live/flare
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin...
https://www.youtube.com/watch?v=uaerAkMaltQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Recall is a Bad Idea - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
00:11 1 - What is Happening with Ticketmaster
01:19 2 - Security Breakdown Of Microsoft AI
04:21 3 - Bricked Routers Source Discovered
05:53 4 - Outro
LINKS
🔗 Story 1: What is Happening with Ticketmaster
https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
https://itwire.com/business-it-news/security/not-us-snowflake-wrongly-implicated-in-ticketmaster-leak.html
https://www.securityweek.com/hackers-boast-ticketmaster-breach-on-relaunched-breachforums/
https://x.com/vxunderground/status/1796063116574314642...
https://www.youtube.com/watch?v=_32wmVR06WY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fileless Malware Analysis & PowerShell Deobfuscation
Integrate ANY.RUN solutions into your company: https://jh.live/anyrun-demo ||
Make security research and dynamic malware analysis a breeze with ANY.RUN! Try their online interactive cloud sandbox for free: https://jh.live/anyrun
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter...
https://www.youtube.com/watch?v=1-FyyhpW-t8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rob T. Lee - Federal officials warn of attacks on water utilities
Hacker groups from Russia, China, and Iran have taken credit for recent water utility hacks, and the federal government has urged even smaller communities to take action. CBS 2's Charlie De Mar reports.
https://www.youtube.com/watch?v=6b998slN4Uo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple's Accidental Stalkerware - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 Intro
00:10 1 - GitHub Enterprise Authentication Bypass
01:10 2 - Apple's Accidental Stalkerware
03:55 3 - New DNSBomb Attack
06:16 4 - Outro
LINKS
🔗 Story 1:
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15
https://www.darkreading.com/vulnerabilities-threats/github-authentication-bypass-opens-enterprise-server-attackers
🔗 Story 2: Apple's Accidental Stalkerware
https://www.theregister.com/2024/05/23/apple_wifi_positioning_system/
https://www.govinfosecurity.com/surveillance-risk-apples-wifi-based-positioning-system-a-25330
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/
https://cybersecuritynews.com/apples-wi-fi-positioning-system/
https://www.cs.umd.edu/~dml/papers/wifi-surveillance-sp24.pdf
🔗...
https://www.youtube.com/watch?v=ZPc9XFvKIPA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Game Hacking Bible FTW #gamehacking #guidedhacking
🔥 Guided Hacking FTW
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#reverseengineering #malwareanalysis #gamehacking
game hacking tutorials
game hacking bible
game hacking course
game hacking courses
guidedhacking
guided hacking
game hacking
guidedhacking.com
guidedhacking rake
guided hacking rake
game hacking rake
game hackers
game hacking tutorials
game hacking bible
https://www.youtube.com/watch?v=zNwmo5ka-WE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Fuzzing Tutorial with AFL Fuzzer
🔥 Learn How To Fuzz Linux Binaries with AFL++
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Full Video: https://guidedhacking.com/threads/linux-fuzzing-with-afl-xpdf-cve-2019-13288.20567/
❤️ Try Malcore For FREE : https://link.malcore.io/redirect/guidedhacking
Credits to Antonio Morales and Fuzzing101
First and foremost a huge thank you to Antonio Morales for setting up the Fuzzing101 repository containing various fuzzing challenges to re-discover known vulnerabilities. This is a free and open source repository that we'll be using to walk you through all the fuzzing techniques required to be an expert. Needless to say, we could not...
https://www.youtube.com/watch?v=g6BQ-Ae_E4Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slack AI is Reading Your Chats - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Ali's New Video: https://www.youtube.com/watch?v=NIpOeHFYZrM
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
00:00 Intro
00:09 Fluent Bit Memory Corruption Catastrophe
01:22 Slack Training AI Using User Data
02:42 Cybersecurity Fear Mongering on Twitter
04:37 Outro
LINKS
🔗 Story 1: Fluent Bit Memory Corruption Catastrophe
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
https://www.darkreading.com/cloud-security/critical-bug-dos-rce-data-leaks-in-all-major-cloud-platforms
🔗...
https://www.youtube.com/watch?v=w-7eS2UfDvM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerSploit Channel Update 2024
Hey guys, HackerSploit here back again with another video. Just wanted to provide you with an update on where I have been and what the content plan is for the channel. Lots of exciting content ahead, and I look forward to continuing the journey we started.
I would also like to thank everyone for their support during my absence and for checking in on me. It is greatly appreciated.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques...
https://www.youtube.com/watch?v=s1Hl9_stdqk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ida Pro FTW #reverseengineering #malwareanalysis #gamehacking
🔥 Become an IDA Pro Expert Here: https://www.youtube.com/watch?v=fgMl0Uqiey8&list=PLt9cUwGw6CYG2kmL5n6dFgi4wKMhgLNd7&index=1
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#reverseengineering #malwareanalysis #gamehacking
hex rays ida pro meme
f5 ida pro
game hacking
hexrays
ida pro tutorial
malware analysis
reverse engineering
ida pro
malware analysis tools
malware analysis tutorial
ida pro malware analysis
ida pro reverse engineering
ida pro plugin
ida plugins
ida pro plugins
best ida pro plugin
best ida plugins
best ida pro plugins
ida
ida pro game hacking
ida pro tutorial
ida plugin
https://www.youtube.com/watch?v=Lk3pRuecrFA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Weird Windows Feature You've Never Heard Of
In this episode, we'll explore File System Tunneling, a lesser-known legacy feature of Windows. We'll uncover the fascinating behind-the-scenes functionality and discuss the potential implications for forensic examinations of compromised systems.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
05:06 - File System Tunneling Demo
🛠 Resources
The Apocryphal History of File System Tunnelling:
https://devblogs.microsoft.com/oldnewthing/20050715-14/?p=34923
File System Tunneling in Windows (Jason Hale):
https://df-stream.com/2012/02/file-system-tunneling-in-windows/
File System Tunneling (Harlan Carvey):
https://windowsir.blogspot.com/2010/04/linksand-whatnot.html
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=D5lQVdYYF4I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Algorithm: AI Developers' AMA
Artificial intelligence and machine learning technologies are becoming increasingly integral to the software development landscape, introducing groundbreaking opportunities and significant challenges for developers and engineers. Join the Beyond the Algorithm: AI Developers' Ask-Me-Anything (AMA) session featuring seasoned AI engineers ready to tackle your questions. They'll dive into the nitty-gritty of applied AI/ML, focusing on the technical challenges, opportunities for innovation, trustworthiness, and ethical considerations, and identifying and mitigating algorithmic flaws based on their professional experiences.
To learn more about our products and offerings as we embrace the transformative potential of AI safety and security, click here: https://www.hackerone.com/ai.
https://www.youtube.com/watch?v=pUxmBmHeja4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat Asia 2024 Highlights
https://www.youtube.com/watch?v=oBv46CXOv6U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows PE File Format Explained
🔥 Learn How The PE File Format Works
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/pe-header-explained-dissecting-windows-binaries.20512/
❤️ Try Malcore For FREE : https://link.malcore.io/redirect/guidedhacking
📜 Video Description:
After learning the basics of game hacking and reverse engineering you will have a very vague understanding of the PE File Format and the Windows Loader. After 6-12 months of learning you will want to take some time to get a better understanding of these things as they will be important for dealing with anticheat and antidebug.
Why You Need To Understand The...
https://www.youtube.com/watch?v=OkX2lIf9YEM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Elon Musk a Security Expert? - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 Intro
00:10 1 - NextJS Vulnerabilities Discovered
02:06 2 - New Technique Allows VPN Bypass
04:31 3 - FIDO2 Flaw Exposes MITM Attack
05:51 4 - Signal Vs Telegram
08:24 5 - Outro
LINKS
🔗 Story 1: NextJS Vulnerabilities Discovered
https://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning
https://github.com/advisories/GHSA-77r5-gw3j-2mpf
https://github.com/advisories/GHSA-fr5h-rqp8-mj6g
https://cybersecuritynews.com/next-js-server-compromise/
🔗...
https://www.youtube.com/watch?v=-sfqJx5FWqg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Cable Detector by O.MG
Get O.MG gear:
https://hak5.org/omg
https://o.mg.lol
Music by KANGA (https://kanga.bandcamp.com/)
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=Jj3Vod2cjvI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Hack or Pentest Mobile Apps [feat @BugBountyReportsExplained]
From a podcast with @BugBountyReportsExplained.
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=tMMFx1JzEek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBitSupp Revealed? - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 Intro
00:00:08 1 - CISA and FBI Release New Developer Warning
00:01:42 2 - GitLab Vuln is Leading to Account Takeovers
00:03:02 3 - Ministry of Defence Hacked
00:04:08 4 - LockBit Troll
00:05:52 Outro
LINKS
🔗 Story 1: CISA and FBI Release New Developer Warning
https://www.cisa.gov/sites/default/files/2024-05/Secure_by_Design_Alert_Eliminating_Directory_Traversal_Vulnerabilities_in_Software_508c%20%283%29.pdf
https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-path-traversal-vulnerabilities/
🔗...
https://www.youtube.com/watch?v=b-4Is8v3eTE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live at the RSA expo hall!
https://www.youtube.com/watch?v=y7-J8g3_9l8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ida Pro Gang #reverseengineering #malwareanalysis #gamehacking
🔥 Become an IDA Pro Expert Here: https://www.youtube.com/watch?v=fgMl0Uqiey8&list=PLt9cUwGw6CYG2kmL5n6dFgi4wKMhgLNd7&index=1
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#reverseengineering #malwareanalysis #gamehacking
hex rays ida pro meme
f5 ida pro
game hacking
hexrays
ida pro tutorial
malware analysis
reverse engineering
ida pro
malware analysis tools
malware analysis tutorial
ida pro malware analysis
ida pro reverse engineering
ida pro plugin
ida plugins
ida pro plugins
best ida pro plugin
best ida plugins
best ida pro plugins
ida
ida pro game hacking
ida pro tutorial
ida plugin
https://www.youtube.com/watch?v=2ynP1PdxUvg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zombieware
Self-replicating malware, long abandoned by its operators, continues to contribute significant volume and noise to malware feeds. We investigate this trend, which we refer to as Zombieware!
Join us on Patreon for Part 2 where we reverse engineer a popular file infector and write an extractor to recover the infected files!
https://www.patreon.com/posts/zombieware-part-103656376
Full Zombieware blog post can be found on our UnpacMe blog here: https://blog.unpac.me/2024/04/25/zombieware/
Ladislav Zezula's excellent talk from BSides Prague can be found here:
https://www.youtube.com/watch?v=OgXvd-Wce9o
-----
OALABS DISCORD
https://discord.gg/oalabs
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED...
https://www.youtube.com/watch?v=NNLZmB6_aGA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 15 - Intruder VI
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=yUfmictGMDQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Las Vegas w/ Amazon
https://www.youtube.com/watch?v=iIguwAIYDKQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Calling Conventions For Reverse Engineering
🔥 Learn How Calling Conventions Work For Reverse Engineering & Game Hacking
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Learn More: https://guidedhacking.com/threads/calling-conventions-for-reverse-engineering.20586/
❤️ Thank You to Malcore: https://link.malcore.io/redirect/guidedhacking
👨💻 Script & Visuals by rexir: https://guidedhacking.com/members/280340/
👩💻 Narration by wahsami: https://guidedhacking.com/members/wahsami.278740/
📜 Video Description:
Today we're going to explore the low level world of calling conventions, which are essentially the guidelines that dictate how function arguments are passed. Understanding...
https://www.youtube.com/watch?v=VKp4FvLWjbk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AntiVirus is a Virus - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 Intro
00:07 1 - Net Neutrality is BACK
01:12 2 - Ivanti Connect Secure Zero Days Still Hitting Hard
02:32 3 - AntiVirus is A Virus
04:13 4 - UK has outlawed Passwords
05:22. 5 - Outro
LINKS
🔗 Story 1: Net Neutrality is BACK
https://docs.fcc.gov/public/attachments/DOC-402091A1.pdf
https://www.pbs.org/newshour/politics/net-neutrality-reinstated-as-fcc-passes-measure-to-regulate-internet-providers
https://www.kvpr.org/npr-news/2024-04-29/net-neutrality-is-back-u-s-promises-fast-safe-and-reliable-internet-for-all
https://www.fcc.gov/net-neutrality...
https://www.youtube.com/watch?v=ekA7dQs9jyc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Favorite Burp Suite Extensions and How I use Them [feat @BugBountyReportsExplained]
From a podcast with @BugBountyReportsExplained.
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=P-8Qg5GkbbI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Startup Spotlight Competition at Black Hat
The Startup Spotlight Competition at Black Hat returns for 2024. Submit your 5-minute video pitch by June 12 to enter for the chance to exhibit in Startup City at Black Hat USA and present your product/service to Black Hat Judges and our live audience. Learn more here: https://www.blackhat.com/us-24/spotlight.html
#cybersecurity #infosec #blackhat #bhusa #startup
https://www.youtube.com/watch?v=-hgl1SymZZI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kernel Driver Meme #kernel #anticheat #gamehacking
🔥 Bypass Kernel Anti-Cheat Here: https://guidedhacking.com/threads/how-to-bypass-kernel-anticheat-develop-drivers.11325/
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
kernel hacks
kernelmode anticheat
guidedhacking
Bypass Kernel Anti-Cheat
reverse engineering
kernel game hacking
hacking games with kernel drivers kernel cheats
vulnerable kernel drivers
kernel
game hacking
bypass kernel drivers
kernel cheats
#gamehacking #kernel #anticheat
Kernel Anti-Cheat Bypass
https://www.youtube.com/watch?v=_5uiAXuYaXk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Favorite Tool for Web App Security
Come say hi:
X: https://twitter.com/CristiVlad25
IG: https://www.instagram.com/cristivladz
https://www.youtube.com/watch?v=K78hNM6m3Jw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 14 - Intruder V
https://www.youtube.com/watch?v=IOczJTYwKBU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New PuTTY Vulnerability - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 Sophia d'Antoine
0:36 - Potential T-Mobile Directory Leak
2:32 - Palo Alto Networks Firewall Python Backdoor
4:20 - Twitter Hosted the Phishing Olympics
6:14 - PuTTY Project Vulnerable
7:28 - Outro
LINKS
🔗 Story 1: Potential T-Mobile Directory Leak
https://www.t-mobile.com/support/plans-features/sim-protection
https://www.sciencedaily.com/releases/2016/05/160512085123.htm
https://tmo.report/2024/04/t-mobile-employees-across-the-country-receive-cash-offers-to-illegally-swap-sims/
🔗...
https://www.youtube.com/watch?v=XZSS08ld6vM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite Certified Professional (BSCP) Review + Tips/Tricks [Portswigger]
Burp Suite Certified Professional (BSCP) review, tips/tricks etc. Hopefully this videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc who might be interested in taking the BSCP exam from Portswigger 🙂 #BSCP #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
Considering taking the HackTheBox CPTS course? You can find my full review for it here: https://youtu.be/UN5fTQtlKCc
Looking for Portswigger lab walkthroughs? I produce videos for the @intigriti channel: https://www.youtube.com/playlist?list=PLmqenIp2RQciV955S2rqGAn2UOrR2NX-v
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit:...
https://www.youtube.com/watch?v=L-3jJTGLAhc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Assembly for Game Hacking
🔥 Learn How Assembly Works For Game Hacking!
👨💻 Buy Our Courses: https://guidedhacking.com/register/
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🏆 Try Malcore for FREE: https://link.malcore.io/redirect/guidedhacking
🔗 Text Tutorial: https://guidedhacking.com/threads/learn-assembly-for-game-hacking.20569/
🔗 Video Creator: https://guidedhacking.com/members/codenulls.272722/
📜 Video Description:
Learn assembly basics in MINUTES. When C++ code is compiled, it results in machine code. This machine code can be disassembled using IDA Pro, which will give you assembly. Learning assembly is essential for reverse engineering games and any windows application, which is why it's recommended to learn the basics of assembly language, such as x86 assembly....
https://www.youtube.com/watch?v=SCGmXBjxo4g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Use AI in my Pentests - [feat. @BugBountyReportsExplained]
This video is from a discussion with @BugBountyReportsExplained which you can find here: https://www.youtube.com/watch?v=CfE0-GZk4v8
https://www.youtube.com/watch?v=mueAQ0fehSA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is AI The Future Of Penetration Testing?
AI has the potential to revolutionize penetration testing by automating many repetitive, rote tasks like exploit development, vulnerability scanning, and report generation, thereby speeding up pen tests and making them more efficient.
However, AI is not yet advanced enough to fully replace human expertise, especially when it comes to testing custom web applications and proprietary systems that require critical thinking and creativity.
There are risks associated with AI, such as false positives/negatives, scope creep, and accidental system crashes, that necessitate skilled human oversight.
As a result, pentesters' roles may evolve to focus more on validating AI tool output, conducting adversary simulations, and formulating high-level strategies rather than executing technical tasks.
Furthermore,...
https://www.youtube.com/watch?v=CvSKuonYsHk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FOR585: Smartphone Forensic Analysis In-Depth course overview
To learn more visit www.sans.org/FOR585
FOR585: Smartphone Forensic Analysis In-Depth course provides examiners and investigators with advanced skills to detect, decode, decrypt, and correctly interpret evidence recovered from mobile devices. The course is continuously updated to keep up with the latest file formats, malware, smartphone operating systems, third-party applications, acquisition shortfalls, extraction techniques (how to get full file system or physical access) and encryption. It offers the most unique and current instruction to arm you with mobile device forensic knowledge you can immediately apply to cases you're working on the day you get back to work. 22 labs, bonus labs + CTF
Course Authors: Domenica 'Lee" Crognale & Heather Mahalik Barnhart
https://www.youtube.com/watch?v=LYkK0mQNAcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Locknote: Conclusions and Key Takeaways from Day 2
At the end of day two, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of Day 2 of the conference and how these trends will impact future InfoSec strategies.
By: Jeff Moss, Ali Abbasi , Jiska Classen , Vandana Verma , Kenneth White
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day--36492
https://www.youtube.com/watch?v=dxAn2DcB7cg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Locknote: Conclusions and Key Takeaways from Day 1
At the end of day one, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of Day 1 of the conference and how these trends will impact future InfoSec strategies.
By: Jeff Moss, Daniel Cuthbert , Meadow Ellis , Marina Krotofil , Saša Zdjelar
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day--36491
https://www.youtube.com/watch?v=IiKobWTnGYQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keynote: My Lessons from the Uber Case
In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him....
Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine Friends. In a candid conversation, Sullivan will share the lessons he hopes security professionals all learn from his case, so that they, their team, and their company don't ever go through anything similar....
By: Joe Sullivan
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#keynote-my-lessons-from-the-uber-case-36399
https://www.youtube.com/watch?v=laitlnhvNHk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What We Love About HackerOne
At HackerOne, our mission is to make world-class security accessible to everyone and work with some of the world's top security-minded teams and organizations.
Hear from HackerOne employees (or Hackeronies) as they explain their favorite things about HackerOne, such as the mission, the people, and the meaningful work.
To learn more about employee culture at HackerOne, visit the HackerOne careers page: https://www.hackerone.com/careers
https://www.youtube.com/watch?v=3XGgW5xP7BE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keynote: Industrialising Cyber Defence in an Asymmetric World
In this keynote, Ollie Whitehouse will outline a future in which we industrialise our approaches to cyber defence against adversaries who are not constrained by the same legal, moral, or ethical frameworks. This talk will begin by exploring the challenge and need before going on to discuss possible approaches and the research challenges which underpin them and continue to remain unanswered.
By: Ollie Whitehouse
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#keynote-industrialising-cyber-defence-in-an-asymmetric-world-36403
https://www.youtube.com/watch?v=d02zUEu7AYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Black Hat Europe Network Operations Center (NOC) Report
Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network.
By: Neil Wyler (Grifter) & Bart Stump
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#the-black-hat-europe-network-operations-center-noc-report-36176
https://www.youtube.com/watch?v=jMguiXBOSjU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why HackerOne Embraces a Digital First Work Model
Our work is optimized for asynchronous collaboration, knowledge management, and decision-making. HackerOne is creating an industry, and to do that, we must employ the most creative, forward-thinking talent in the market. Our digital first work model allows any Hackeronie to actively contribute to our mission while providing time and location flexibility, which are core elements to a healthy relationship between professional and personal pursuits.
Read more about this philosophy on the HackerOne Careers Page: https://www.hackerone.com/careers
https://www.youtube.com/watch?v=1hRcpVWi4hg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Company Values: What is our favorite value?
HackerOne's culture results from our people, values, and strong mission. We set out to create a workplace where everyone is valued and heard. See which values resonate most with our employees.
Click here to learn more about our culture on the HackerOne Culture and Talent Blog. https://www.hackerone.com/culture-and-talent
https://www.youtube.com/watch?v=u6NUkDS8iYY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
pay cheat facts #gamehacking #malwareanalysis #anticheat
for real tho #gamehacking #anticheat #malwareanalysis
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
game hacking
malware analysis
game hacking tutorials
hacking memes
hacker memes
anticheat malware
malware memes
infosec memes
game hacking
game hacker memes
https://www.youtube.com/watch?v=VHo0hep2cAI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Invisible Adversary: Burnout
It seems that lately, Burnout is an invisible member of every operational security team. Attackers grow more capable every year, the attacks faster and harder, and regulations even more strict about how quickly and completely your team must perform its mission. With the growing complexity of battle and so much on the line in defending users, operational response teams are under more stress than ever. If the response teams fall apart, who will be the last line of defense?...
By: Johan Berggren , Matt Linton
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#my-invisible-adversary-burnout-36073
https://www.youtube.com/watch?v=NA0f5owyoko
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility
...How do you go about fully understanding what cryptography you have, how it is used and if it's good or bad? This was the question we started to ask ourselves and set about trying to answer using static analysis tools such as GitHub's CodeQL.
Given how we all rely heavily on open-source projects, we set about scanning the top 1000 GitHub open-source projects to identify insecure cryptographic algorithms. We used GitHub's CodeQL multi-repository variant analysis to build a cryptographic bill of materials (CBOM) for each project. The CBOM will list all of the cryptographic algorithms that are used in the project, as well as their security status, and more importantly, help us identify all of the places where insecure cryptographic algorithms are used in the projects....
By: Mark Carney...
https://www.youtube.com/watch?v=V_yOHQO-8nI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Cybersecurity Tips For Small Businesses
Small businesses are underserved by the cybersecurity community. Solutions are too complicated, take too long to implement, and are too expensive.
This often leads to do-it-yourself security, which means you're not fully addressing the risk of your organization as many do not have internal expertise.
In addition, requirements, whether vendor, client, insurance, or compliance, typically lead security initiatives. This reactive approach means rushed decisions to fulfill requirements over investing in cybersecurity for the long term.
We interviewed Bruno Aburto and Heather Noggle - two long-time small business security advocates on their top tips for helping organizations navigate the complexities of cybersecurity.
AI & Cybersecurity Newsletter
------------------------------------------------
👋...
https://www.youtube.com/watch?v=xwqO86qwyVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to Enable BCP38
...In this talk we will analyze the global view of spoofing from Cloudflare, to understand IP spoofing on network-layer DoS attacks, and analyze geographic, longitudinal and network-specific characteristics of spoofing sources. We developed and applied IP spoofing detection techniques on three months of network-layer DoS traces, and used the insights to understand where and why BCP38 is most urgently needed.
By: Vasileios Giotsas
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#a-world-view-of-ip-spoofing-in-l-volumetric-dos-attacks---and-a-call-to-enable-bcp-35659
https://www.youtube.com/watch?v=e-Ec5M5cRpE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collide+Power: The Evolution of Software-based Power Side-Channels Attacks
Power side channels exploit leakage that is fundamentally a result of how we build processors. Over the recent years, these attacks evolved to target general-purpose desktop and server CPUs purely from software.
In this talk, we explore this evolution to its most recent addition: Collide+Power, a novel technique to exploit the fundamental way we share components in modern general-purpose CPUs. In contrast to previous work, Collide+Power does not target specific programs or algorithms but the underlying CPU hardware. This advance in software-based power side channels echoes the discovery of Meltdown and Spectre — where similarly, the underlying hardware provided unforeseen attack possibilities....
By: Andreas Kogler
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#collidepower-the-evolution-of-software-based-power-side-channels-attacks-35630...
https://www.youtube.com/watch?v=c2V9VfEDwEg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Through the Looking Glass: How Open Source Projects See Vulnerability Disclosure
A security researcher submits their vulnerability report to an open source project (when they can find a confidential way to do so!). That launches several events in the affected project. In this talk, Marta will explain the reasons behind typical reactions. The main part will focus on common myths, misunderstandings, and communication errors that arise in these situations. The goal is to foster a better understanding between security researchers and project teams....
By: Marta Rybczynska
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#through-the-looking-glass-how-open-source-projects-see-vulnerability-disclosure-35578
https://www.youtube.com/watch?v=FfMmQyIrmUE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Techniques for Split-Second DNS Rebinding
...In this talk, I will present two new techniques that can be used to achieve reliable, split-second DNS rebinding in Chrome, Edge, and Safari on hosts with IPv6 access, along with a method to bypass Chrome's restrictions on requests to the local network. I will also walk through a real-world attack against a web application resulting in AWS credentials to demonstrate how achievable rebinding attacks can be....
By: Daniel Thatcher
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#new-techniques-for-split-second-dns-rebinding-35619
https://www.youtube.com/watch?v=uVGdZ-i2JeI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Application Penetration Testing: Steps, Methods, & Tools | PurpleSec
Web application penetration testing is comprised of four main steps including:
1. Information gathering.
2. Research and exploitation.
3. Reporting and recommendations.
4. Remediation with ongoing support.
These tests are performed primarily to maintain secure software code development throughout its lifecycle. Coding mistakes, specific requirements, or lack of knowledge of cyber attack vectors are the main purposes of performing this type of penetration test.
In this video, you'll learn the steps on how to perform security testing on a web application and popular tools used during a web application penetration test with real-life examples.
Continue reading... https://purplesec.us/web-application-penetration-testing/
Sample Web Application Report
---------------------------------------------------
https://purplesec.us/wp-content/uploads/2021/10/Web-Application-Penetration-Test-Sample-Report.pdf
Video...
https://www.youtube.com/watch?v=e1DZYIddDrY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kernel Game Hacking #gamehacking
🔥 Learn More About Vulnerable Kernel Drivers Here: https://guidedhacking.com/threads/vulnerable-kernel-drivers-for-exploitation.15979/
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
guidedhacking
reverse engineering
kernel game hacking
hacking games with kernel drivers kernel cheats
vulnerable kernel drivers
kernel
game hacking
kernel drivers
kernel hacks
kernel cheats
https://www.youtube.com/watch?v=unPCHiBdWjI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Something Rotten in the State of Data Centers
...This talk details our findings in the data center device management domain, showcasing the most impactful vulnerabilities and exploits unearthed in our broader effort to investigate the security of critical data center components. Specifically, we will reveal 8 critical vulnerabilities across two common data center appliances: a popular DDI solution and a KVM. Continuing, we delve into the technical details of how these vulnerabilities can be exploited to completely compromise both products and all connected hosts under their jurisdiction....
By: Jesse Chick , Kasimir Schulz
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#something-rotten-in-the-state-of-data-centers-35553
https://www.youtube.com/watch?v=PdOP1IchX6Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When The Front Door Becomes a Backdoor: The Security Paradox of OSDP
Ever imagined that the modern Physical Access Control Systems (PACS) at the front door of your facility could actually serve as an entry point into your internal IP network? Surprisingly, this is not as far-fetched as it seems. In this talk, we will demonstrate how to go through doors, protected with the latest advancements in building access control security - both physically and digitally.
We will delve into modern access control readers located at the front door, and explore their connectivity with access controllers, managed within the internal network of the building...
By: Ariel Harush , Roy Hodir , Eran Jacob
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#when-the-front-door-becomes-a-backdoor-the-security-paradox-of-osdp-35505
https://www.youtube.com/watch?v=0yrHtJY3mww
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - Allen Baranov -What Is A GRC Hacker
Talks from the DEF CON 31 DEF CON Groups Virtuality Village
https://www.youtube.com/watch?v=oabdIS9PqAc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ultimate Guide to Arsenal Image Mounter
In this episode, we'll take an in-depth look at Arsenal Image Mounter. We'll start with the basics and cover the functionality included in the free version. Then, we'll look at advanced features including the ability to launch VMs from disk images, password bypass and password cracking, and working with BitLocker encrypted disk images.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:57 - Free Mode
07:55 - Professional Mode
08:43 - Launch a VM from a Disk Image
09:28 - Fixing a Common Issue
12:21 - Windows Authentication Bypass
14:55 - About DPAPI
16:36 - DPAPI: Password Attack Functionality
19:49 - Mounting VSCs
22:36 - Launch a VM from a VSC
23:45 - More VSC Options
26:08 - Working with BitLocker Images
🛠...
https://www.youtube.com/watch?v=4eifl8qvqVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1: SQL Injection (Union + Blind) - Gin and Juice Shop (Portswigger)
SQL Injection - Episode 2 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube:...
https://www.youtube.com/watch?v=4g2a-n4hjfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FOR578: Cyber Threat Intelligence Course Overview
Learn more about the course at: https://sans.org/FOR578
Cyber threat intelligence represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary's tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders. During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic...
https://www.youtube.com/watch?v=90q2i97ZPk4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Learn Game Hacking
🔥 How Do You Learn Game Hacking? It's easy - just follow our courses.
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
If you're asking yourself the question "How to learn game hacking?", the answer has always been and will always be GuidedHacking.com. That's been the whole point of Guided Hacking since day one. Learning how to hack games used to be hard. That's why we dedicated the past 10 years to making the best tutorials and courses for learning how to hack games. Searching Google for hundreds of hours looking for the answers to individual questions? That's a huge waste of your time. Follow our courses step by step and you will learn everything...
https://www.youtube.com/watch?v=9RxJmoHk-y8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Most Common Vulns I Find in Pentests [feat. @BugBountyReportsExplained]
This video is from a discussion with @BugBountyReportsExplained which you can find here: https://www.youtube.com/watch?v=CfE0-GZk4v8
https://www.youtube.com/watch?v=iBQJ7iSW0vQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Truth Behind the Hack: Experts Break Down AI Red Teaming in a Live Q&A
As artificial intelligence becomes increasingly integrated into our digital landscape, it brings a host of new security challenges and ethical considerations. Join this "Ask Me Anything" (AMA) session with three ethical hackers specializing in AI security and safety. They'll answer your pressing questions about the complex world of AI, including generative AI and machine learning, security testing implications, and AI red teaming for organizations with complex AI systems or adopting AI, from customer-facing chatbots to internal LLMs (large language models). Gain hackers' insights into how to protect your AI systems from emerging threats while ensuring AI's safe and responsible use.
https://www.youtube.com/watch?v=EwCC0u5Io5Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why take FOR578 OnDemand? with Robert M. Lee
-OnDemand cyber security courses from SANS Institute gives you anytime, anywhere access to world leading cybersecurity training.
-More than 60 of SANS most popular courses are available via OnDemand, and all are taught by SANS top instructors.
-OnDemand courses include the same hands-on labs and exercises used in our instructor led classes while also offering SME support to answer your specific questions.
-All students receive 4 months of access to their course material, which is now also available in the SANS OnDemand App.
-Rewind and revisit material to reinforce and master your skills from anywhere at anytime.
Learn more about this learning modality at https://www.sans.org/ondemand/
https://www.youtube.com/watch?v=XTsagOpF7WM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 13 - Intruder IV
https://www.youtube.com/watch?v=6cyc5k-ZcSc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why You Should Learn AI In Cybersecurity
Cybersecurity faces a difficult challenge with AI. The speed and complexity at which adversaries use this technology pose a serious risk for organizations.
Defenders are struggling to keep pace with new use cases and the evolution of AI happening every day.
So what's the best way to defend against AI and to enhance your career development in security?
Learn AI.
We interviewed Jonathan Todd and Tom Vazdar, two experts at the forefront of AI security to help address this growing threat and provide practical ways to empower security professionals.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry:
https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video...
https://www.youtube.com/watch?v=4cXM7CG2D90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SANS Threat Analysis Rundown (STAR)
Join SANS Certified Instructor Katie Nickels as she gives the rundown on the latest threats you should know about. Each month, Katie will be joined by various guests to provide different perspectives from across the community on important developments in recent threat news.
Learn more about Katie Nickels:
https://lnkd.in/g7WGak8v
https://lnkd.in/gGD58Rkg
https://lnkd.in/gNVDh2gW
FOR578: Cyber Threat Intelligence
https://lnkd.in/gGBgWiFP
#malware #apt #cyberthreat #cyberthreatintelligence #analysis #OSINT #DFIR
https://www.youtube.com/watch?v=UoNnnDi0jmE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How LLMs Are Being Exploited
Shubham Khichi has been working on cyber AGI for the past 7 years. Before that, he spent nearly a decade as a red team specialist and cybersecurity researcher. In this interview, Shubham shares his insights into how LLMs are being exploited by adversaries and provides practical tips to secure AI.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
------------------------------
00:00 - Introduction
02:16 - What Is An LLM?
03:53 - Common Vulnerabilities With LLMs
09:34 - How LLMs Are Being Exploited
14:50 - Defending Against LLM Exploits
16:57...
https://www.youtube.com/watch?v=91CbW9XWotw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackTheBox Cyber Apocalypse 2024: Web Challenge Walkthroughs
Video walkthrough for the first 7 web challenges from @HackTheBox Cyber Apocalypse CTF 2024 (Hacker Royale); Flag Command, TimeKORP, KORP Terminal, Labyrinth Linguist, Locktalk, SerialFlow and Testimonial. The challenges involved API testing, command injection, SQL injection (SQLi), server-side template injection (SSTI), 403 bypass (haproxy), JWT attacks, Memcached injection, python pickle deserialization, gRPC hacking and path traversal! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CyberApocalypse #CyberApocalypse24 #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec
Write-ups: https://crypto-cat.gitbook.io/ctf-writeups/2024/cyber_apocalypse_24
Looking for more HTB CA '24 walkthroughs? Check out @SloppyJoePirates video: https://www.youtube.com/watch?v=EGItzKCxTdQ
Sign...
https://www.youtube.com/watch?v=-vhl8ixthO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Should I report this vulnerability? Will I get a bounty?
It's really exciting to find your first bug BUT it's crushing when you realise it isn't reportable or comes back as NA from a client. Here are my top tips for identifying if you've found something and double checking before getting caught up in excitement! I still get emails about IDORs being NA because you need a victims cookie and hackers who are angry at bug bounty programs or triagers.
https://www.youtube.com/watch?v=T4EhE5f7fQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rob T. Lee - Could LockBit, ransomware provider have been behind Lurie hack?
In what could be a major development in the cyberattack against Lurie Children's Hospital, the FBI and British authorities have taken down what they call the world's most prolific ransomware group.
There is speculation that the group, LockBit, could also be behind the attack and serious outage at the hospital that began back on Jan. 31.
The group's involvement has not been confirmed, but LockBit took credit for a very similar outage at a hospital on the city's West Side.
Meanwhile, cybersecurity experts said the LockBit bust cold potentially give malware victims like Lurie the keys they need.
"There is always the digital trail, and we will find it," said Philip Sellinger, U.S. Attorney for the District of New Jersey.
https://www.youtube.com/watch?v=JmRh8jmAwWw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rob T. Lee Chicago's Lurie Children's Hospital RANSOMWARE ATTACK
CHICAGO (CBS) – Chicago's Lurie Children's Hospital confirmed for the first time on Thursday it experienced a cyberattack from an outside threat, which led the hospital to take its phone, email, and other systems offline on Jan. 31 and caused disruptions to its regular operations since then.
In a statement, hospital officials said their network was accessed by a "known criminal threat actor," although they did not specify who the actor was. They said they had evidence of "suspicious activity" and decided on Jan. 31 to take the systems offline.
The officials also did not give any timeframe for when they would be able to restore the hospital's systems.
"We take this matter very seriously and have been working closely, around the clock, with outside and internal experts and in collaboration...
https://www.youtube.com/watch?v=vxM1_A0lzak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 11 - Intruder II
https://www.youtube.com/watch?v=3hq97MYINNU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stay Ahead of Cyberthreats with HackerOne
Cyber threats are growing in sophistication and aggression, and rapid technological innovation has inflated the attack surface.
It's a constant race against time and cunning adversaries, and traditional security methods aren't enough to stay ahead. The solution? Human-powered security testing with HackerOne.
Visit our website to learn more and get started: https://www.hackerone.com/
https://www.youtube.com/watch?v=9vkKMOy9YmI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to take notes when you suck at it
This episode of the Bug Bounty course we talk about the importance of developing a personal note taking system that supports both hacking and learning. Emphasizing the differentiation between notes taken during hacking activities and those for learning about vulnerabilities. We look at methods for organizing and accessing your notes whether you are into Notion, Obsidian or Vim or even mind maps we'll look at how to integrate your notes with tools like Burp Suite. Creating your own knowledge base you can refer to every time you hack, tailored to individual needs and preferences and refine your own note-taking strategies for successful hacking and learning.
00:00 Introduction to the Bug Bounty Course
00:14 The Importance of a Personalized Note-Taking System
00:53 Sponsor Shoutout: Bugcrowd
01:45...
https://www.youtube.com/watch?v=uXuMvUPlvd0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0: Getting Started with Burp Suite - Gin and Juice Shop (Portswigger)
Intro / Setup for new web pentesting series (ft. burp suite crash course) - Episode 1 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:...
https://www.youtube.com/watch?v=FPzoD_nUQYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Where's the 4624? - Logon Events vs. Account Logons
In this episode, we'll learn about the difference between "Logon Events" and "Account Logons" and explore a scenario in which communication occurs between two domain-joined workstations. Where will we find Event ID 4624 and other account-related Event IDs of interest?
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:18 - Win11-Test-VM
02:14 - Win10-Test-VM
03:41 - Win2019-Test-VM
05:28 - Recap
🛠 Resources
Logon/Logoff Events:
https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter5
Account Logon Events:
https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter4
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=EXsKJ9kIc6s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risk of AI Voice Cloning: Q&A With an AI Hacker
In the following Q&A and video, HackerOne Senior Solutions Architect and AI Hacker Dane Sherrets demonstrates how bad actors use AI voice cloning and breaks down the serious risks of this kind of scam.
Check out the full Q&A on our blog: https://bit.ly/4c1UoyH
https://www.youtube.com/watch?v=eQ8iBESo4OQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Value Of A vCISO For Small Business
Greg Schaffer shares his over 33 years of information technology and cybersecurity experience on the value small and mid-sized businesses gain from working with a virtual CISO (vCISO).
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
-------------------------
00:00 - Introduction
02:55 - LinkedIn Poll Results
08:40 - What Are The Responsibilities Of A vCISO?
14:00 - What Are The Benefits Of A vCISO For SMBs?
16:50 - What Are The Risks Of DIY Security?
19:38 - When Should A Small Business Hire A vCISO?
24:27 - What Should SMBs Look For...
https://www.youtube.com/watch?v=YpJPOPfbkLQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 9 - Repeater II
https://www.youtube.com/watch?v=KrpUNg-8LDc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LA CTF 2024: Web Challenge Walkthroughs (1-4)
Video walkthrough for first 4 web challenges from LA CTF 2024; terms-and-conditions, flaglang, la-housing-portal and new-housing-portal. The challenges involved JS manipulation, cookie tampering, SQL injection and cross-site scripting. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #LACTF #CTF #Pentesting #OffSec #WebSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢LA CTF↣
https://platform.lac.tf/challs
https://lac.tf/discord
https://ctftime.org/event/2102
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility:...
https://www.youtube.com/watch?v=Z4P667ayUsg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Get More Pentesting Clients [My Approach] - feat. @BugBountyReportsExplained
This video is from a discussion with @BugBountyReportsExplained which you can find here: https://www.youtube.com/watch?v=CfE0-GZk4v8
https://www.youtube.com/watch?v=Ix7ziBuZDMc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 8 - Repeater I
https://www.youtube.com/watch?v=dzE6gcdyVNk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Experience with Bug Bounty Hunting (feat. @BugBountyReportsExplained)
From a discussion with @BugBountyReportsExplained.
https://www.youtube.com/watch?v=jIF0JovZSzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 7 - Sitemap and Scanner
https://www.youtube.com/watch?v=WcAzmhKuUX4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 6 - Advanced Scoping
https://www.youtube.com/watch?v=14n3Qgw4L4E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RDP Authentication vs. Authorization
In this episode, we'll learn about an important RDP scenario involving Network Level Authentication (NLA) and the Windows Event Log entry that is generated as a result. We'll also see what happens when authentication succeeds, but authorization fails, and how that impacts what's logged.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:10 - Demo
🛠 Resources
RDP Flowchart:
https://drive.google.com/file/d/1aNrqL174RulfBa4I0_KlOqOiYChdqrKM/view?usp=share_link
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=OlENso8_u7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI IS HERE, ARE YOU PROTECTED?
https://www.youtube.com/watch?v=cU_ua2vX57Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI CAN'T REPLACE HUMANS
https://www.youtube.com/watch?v=jkCUFJKIGJk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI IS A TOOL HUMANS CAN'T IGNORE
https://www.youtube.com/watch?v=lamJTY7qK1o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 4 - Efficient Rule Development
In this OALABS Patreon tutorial we cover the foundations of writing efficient YARA rules and provide some tips that can help speed up your YARA hunting.
The full notes for this tutorial are unlocked for everyone on our Patreon
https://www.patreon.com/posts/introduction-to-96638239
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=xKeF_cPKXt0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 3 - Rule Use Cases
In this OALABS Patreon tutorial we cover the three main use cases for YARA rules and how they apply to both BlueTeam/SOC operations and malware analysis.
Fun notes have been unlocked for everyone on our Patreon here
https://www.patreon.com/posts/introduction-to-96637668
The following are links to UnpacMe specific tutorials for developing each type of rule.
Identifying specific malware families (unpacked)
https://support.unpac.me/howto/hunting-with-yara/#identifying-specific-malware-families-unpacked
Identifying malware on disk or in network traffic (packed)
https://support.unpac.me/howto/hunting-with-yara/#identifying-malware-on-disk-or-in-network-traffic-packed
Hunting (malware characteristics)
https://support.unpac.me/howto/hunting-with-yara/#hunting-malware-characteristics
-----
OALABS...
https://www.youtube.com/watch?v=xutDqu_OiH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 2 - Hunting on UnpacMe
In this OALABS Patreon tutorial we demonstrate a simple YARA hunting example using the UnpacMe free YARA scan service: https://www.unpac.me
Full notes have been unlocked on our Patreon here
https://www.patreon.com/posts/introduction-to-96637337
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=Xqvlju9ED1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 1 - What is a YARA Rule
In this OALABS Patreon tutorial we cover the basics of YARA, what is it, how is it used, and how to write your first rule.
Full notes have been unlocked on our Patreon here
https://www.patreon.com/posts/introduction-to-96636471
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=3BpIhbsDR_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Windows Courses
Check out the official 13Cubed Investigating Windows training courses, with 365-day access and a certification/digital badge attempt included! If you're looking for affordable, comprehensive, online, on-demand digital forensics training with 4K video, subtitles, and more, you've come to the right place!
🎉 Enroll today at training.13cubed.com!
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=BYmRdfmJPfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Approaching Large Scope Targets Without Feeling Overwhelmed
In this video, we discuss how beginners can tackle large scope targets in bug bounty hunting. These targets offer more flexibility and potential for bug discovery, making them a great starting point for new hackers. However, they can be overwhelming due to their size and diversity. We suggest focusing on one part of the larger scope, which helps you understand the target's application development process without becoming overwhelmed. We also delve into different reconnaissance techniques, including subdomain enumeration, Google Dorking, API enumeration, OSINT, and more. Lastly, we emphasize that while reconnaissance is critical for large scope targets, it is just a stepping stone to actually hacking and finding vulnerabilities.
This series couldn't happen without the support of our sponsor...
https://www.youtube.com/watch?v=W4pafFxOOwc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New OWASP API Top 10 for Hackers
Blog article isn't done yet but I'll get it up ASAP!
Today we explore the new OWASP API Top 10 in detail, the new version is much more hacker friendly and focuses on bugs we can find rather than defenders but how can we start to study these bugs and actually find them? Let's take a look at some of the changes in the new OWASP API top 10 2023, which ones I recommend for beginners just starting out with API hacking and when to look out for specific bugs
There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when they are lurking in our code…it's not as fun
But that's where our sponsor Snyk comes in - Snyk scans your code, dependencies, containers, and configs, all in...
https://www.youtube.com/watch?v=sl1yqGhuVy4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
E-commerce Flaws and 0-1000 Bounties
We're continuing our stories of bad bugs theme with some business logic flaws. Unfortunately, I couldn't find the link to the whitepaper with the e-commerce flaws, but I remember it being quantity manipulation, price manipulation by changing the currency and guessing giftcards. In today's video we look at a pretty basic authentication issue, a pretty boring price manipulation issue and end with an utterly underwhelming order number adjustment. Each of these bugs got paid a bounty between 0-1000, though some were duplicates that were split between me and other hackers because they were bugs found at live hacking events)
There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when...
https://www.youtube.com/watch?v=IsBgaEWpqro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OALABS Holiday Variety Show 2023
𝘔𝘦𝘳𝘳𝘺 𝘐𝘋𝘈𝘮𝘢𝘴 𝘢𝘯𝘥 𝘢 𝘏𝘢𝘱𝘱𝘺 𝘉𝘪𝘯𝘫𝘢-𝘠𝘦𝘢𝘳
Join us for our holiday special reverse engineering variety show!
- Guess the prompt AI charades
- Random RE banter
- Suspicious liquids in bottles
We've got it all!
Merry Christmas everyone we will see you in 2024!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=XMVhX29AJbQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe Advent Of Cyber Day 20 - DevSecOps
DevSecOps has enabled developers to be much more efficient, committing code and deploying it automatically, but it's a fantastic tool for us to go exploring and hacking in their pipelines!
Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=wGO2dWVk1oM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
🔥Resume Roast from our Content Manager Rachel. #shorts #resume #career #hacking
https://www.youtube.com/watch?v=012h_SV0bRs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hyper-V Memory Forensics - MemProcFS to the Rescue!
In this episode, we'll learn how to properly acquire memory from Microsoft Hyper-V guest virtual machines.
🎉 Update
After I recorded this episode, Ulf Frisk, the author of MemProcFS, let me know that he has made some updates that no longer require you to copy the vmsavedstatedumpprovider.dll file to the MemProcFS directory if the SDK is installed in the ***default*** location. If installed to a different location, the file must still be copied. Additionally, the requirement to prepend the Hyper-V checkpoint file with hvsavedstate:// has also been removed. Both changes now make this process even easier!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:43 - Preparation
06:35 - Using MemProcFS
🛠 Resources
MemProcFS:
https://github.com/ufrisk/MemProcFS
MemProcFS...
https://www.youtube.com/watch?v=Wbk6ayF_zaQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated Beginners Guide to API Bug Bounty
If you're just getting started with bug bounty hunting, web APIs are a fantastic place to start, they're easy to approach, can't easily be automated and are full of bugs.
Join the free, API security live class on Zoom webinars https://www.traceable.ai/resources/lp/webinar-api-security-masterclass?utm_medium=org_social&utm_source=org_social&utm_campaign=tb
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you...
https://www.youtube.com/watch?v=85vdKS0vNN0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is there ageism in #cybersecurity? Matt thinks so! What do you think? #shorts #hacking #ageism
https://www.youtube.com/watch?v=PH9CCcRhUbk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Can an Attacker Actually Do With a Bug Anyway?
We explore the significance of understanding and explaining the impact of vulnerabilities in a bug bounty context. Using Flare.io, to peek into the dark web and see what attackers are actually doing with our vulnerabilities. We cover different vulnerabilities, provide guidelines on creating an effective impact statement, and offer three examples of impactful bug bounty reports. Before I give you my tips for explaining impact to triage and avoiding arguments over severity.
Thank you to our sponsor Flare.io. Know your exposed attack surface, track threat intelligence, and set prioritized alerts (that cut out the noise) for your own info leaked on the dark web with Flare! Try a free trial and see what is out there: https://hi.flare.io/katie-paxton-fear-free-trial/.
00:00 Introduction to Impact...
https://www.youtube.com/watch?v=4gjUby6LGFk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips For Analyzing Delphi Binaries in IDA (Danabot)
Reverse Engineering Delphi is a nightmare ... or it can be if you don't have the right setup! In this clip we cover some easy tips that can help make some of the analysis a bit easier.
Full notes with links for tools are available here:
https://research.openanalysis.net/danabot/loader/delphi/2023/12/04/danabot.html
Full stream with analysis of the Danabot loader is available on Patreon here:
https://www.patreon.com/posts/live-stream-vod-94510766
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=04RsqP_P9Ss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe Advent Of Cyber Day 10 - SQL Injection
Today we escalate a SQL injection vulnerability into a RCE, and explore MS SQL Server
Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=25QTczDdRtI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe Advent Of Cyber Day 7 - Log Analysis
Today we abandon our red hats for the day and dive into the blue team, there's a piece of malware on the network, but how can we tell? Well it's time for us to dive into proxy logs and the cut command to find out!
Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=cG8UH8xwmaY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The truth about API hacking...
https://www.youtube.com/watch?v=WnJSf2OZVUE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking when all the bugs have been found?
Finding bugs on the main app is something a lot of people are a little afraid of, a lot of people think that if a program has been out a while that there's no point even looking at it. But actually the majority of my bugs have actually been on the main application and rarely do I write off a program as unhackable. As you all know by now recon is definitely one of my weakest skills, so here are some tips for approaching the main app and actually getting bugs.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program....
https://www.youtube.com/watch?v=S077-waODvc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Recognize Macro Encrypted Strings in Malware
How to identify when a macro is used to encrypt strings in malware... inferring source from disassembly!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=fEAGYjhKzJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Approach an OSINT Challenge - "Photographs" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Photographs", an opensource intelligence (OSINT) challenge from the @intigriti 1337UP LIVE CTF 2023. The challenge required players to examine exifdata and then trace back through alt accounts created by the target, exploring social media accounts uncovered using sherlock (and Google), reverse image searching etc. They would eventually find an interesting comment on a blog indicating location data was shared. This was a hint that players need to check the waybackmachine for an archived copy of the page, which contained the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #OSINT
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:...
https://www.youtube.com/watch?v=JpZ9nTx-2PI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Testing e-commerce? Here's what to look for 👌
https://www.youtube.com/watch?v=6DuW9BjWJ6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Giving Yourself the Best Opportunity to Find a Bug
I get asked a lot how do you choose a target you can actually find bugs on and get bounties, so I've compiled a lot of my tips for choosing a target and how to use bugcrowd features (like joinable programs) to make it so you aren't reliant on the right program coming through on luck. So here's how to choose a target on Bugcrowd and some general advice on some of the things I look for in a good program.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications...
https://www.youtube.com/watch?v=r-04ABtu0ZQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Format String Vulnerability - "Floor Mat Store" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Floor Mat Store", a binary exploitation challenge I made for the @intigriti 1337UP LIVE CTF 2023. It was a fairly standard pwn challenge, requiring players to exploit a format string vulnerability (damn you printf *shakes fist at computer*). I tried to add some small twists and give it a theme to keep it interesting! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Pwn #BinaryExploitation #BugBounty
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢INTIGRITI...
https://www.youtube.com/watch?v=Zu32BHwH-sA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Websocket SQLi and Weak JWT Signing Key - "Bug Report Repo" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Bug Report Repo", a web challenge I made for the @intigriti 1337UP LIVE CTF 2023. The challenge had multiple parts; first you need to use an IDOR to find a hidden bug report from ethical_hacker. Next, you exploit SQL injection over websocket protocol (either with custom script, or modified proxy for SQLMap). Once you find creds in the DB for the hidden endpoint, you login to find only the admin can read the config. Since the server uses JWT-based authentication, you crack the HS256 signing key with a tool like jwt_tool/hashcat/john, and then forge a new token with the username "admin". Now you just need to swap the cookies to find your flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Web #BugBounty
Full writeup: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/intigriti_23/web/bug_report_repo.md
↢Social...
https://www.youtube.com/watch?v=kgndZOkgVxQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Important Change to ShellBags - Windows 11 2023 Update!
In this episode, we'll learn about an important change introduced with the September 26, 2023 Windows 11 Configuration Update, and how that change affects ShellBags!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:07 - Demo
07:34 - Recap
🛠 Resources
September 26, 2023 Windows 11 Configuration Update:
https://support.microsoft.com/en-us/topic/september-26-2023-windows-configuration-update-542780c2-594c-46cb-979d-11116fe164ba#:~:text=Note%20The%20update%20to%20Windows,to%20broaden%20availability%20over%20time
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=M1nyMIu1Y18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]
Our live discord call-in show debates! Are indirect syscalls even required? What are they and how are they used?! What are EDR vendors doing to detect them and why you might care....
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=W2SeruUxhDs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]
Our live discord call-in show debates! Are red team tools really helping our industry or are they just giving malware operators a free lunch?!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=ur6csODQHKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 12, 2023
https://www.youtube.com/watch?v=1GbAFa_i-bk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware Memory Forensics - Don't Miss This Important Detail!
In this episode, we'll learn how to properly acquire memory from VMware ESXi guest virtual machines.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:45 - VMware ESXi Snapshot Creation
04:57 - Analysis
06:20 - Recap
🛠 Resources
Memory Forensics for Virtualized Hosts:
https://blogs.vmware.com/security/2021/03/memory-forensics-for-virtualized-hosts.html
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=P0yw93GJsYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn
The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
https://www.youtube.com/watch?v=ALPsY7X42o4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Staying Undetected Using the Windows Container Isolation Framework - Daniel Avinoam
The use of containers became an integral part of any resource-efficient and secure environment. Starting from Windows Server 2016, Microsoft released its version of this solution called Windows Containers, which offers either a process or Hyper-V isolation modes.
In both cases, an efficient file system separation should be provided. On one hand, each container should be able to access system files and write changes that will not affect the host. On the other, copying the entire main volume on each container launch will be storage-inefficient and not practical.
In this presentation, we will cover the basics of windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by an actor to bypass...
https://www.youtube.com/watch?v=Cm-zFx6hwzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe Slowik
In March 2023, journalists and investigators released analysis of “the Vulkan files.” Consisting of documents associated with a Russian company working with intelligence and military authorities, the papers revealed a variety of ambitious programs such as “Scan-V” and“Amezit.” Both programs, in the sense that they offer capabilities to acquire, maintain, and task infrastructure for cyber and information operations at scale, are deeply concerning, indicating a significant advancement in Russian-linked network warfare and related actions.
Placing these items in context reveals a far more troubling picture.After reviewing the capabilities of Amezit and Scan-V, we can see glimpses of historical programs in the advertised efficacy of these projects. We will consider other items that...
https://www.youtube.com/watch?v=H7bV_99I7O4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer Attias
Public transportation payment systems have undergone significant changes over the years. Recently, mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using their smartphones or other mobile devices.
The evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation?
In this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app's API, including...
https://www.youtube.com/watch?v=NVnzm-L4a5c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering With Unicorn Emulation
In this OALABS Patreon tutorial we will learn how to use the Unicorn Emulator to assist with reverse engineering! This is the second part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
Lab Notes
https://gist.github.com/herrcore/1a5af37f91a6f9b263a527c98c7b08bd
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=-CNy4qh08iU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied Ep88: The RISE of the CISO with Merike Kaeo
This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=FklaFGnBEyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old School MS-DOS Commands for DFIR
In this episode, we'll look at numerous old-school MS-DOS commands from the 80's and 90's that are still very valid and useful today -- even in Windows 11! Learn how to perform complex file searches, change file attributes, view Alternate Data Streams, and more - right from the Command Prompt!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:15 - DIR
03:01 - CLS
03:55 - DIR /A
05:07 - DIR /AH
05:47 - DIR /AD
07:21 - DIR /OD
08:12 - DIR /TC
08:34 - DIR /A/TC/OD
09:26 - DIR /W
10:10 - DIR /S [FILENAME]
11:40 - DIR /S/A [FILENAME]
13:16 - DIR /S/A ?.EXE
14:16 - DIR /S/A ??.EXE
15:11 - DIR /P
16:17 - DIR /S/A [PATTERN]*.??
17:49 - DIR /S/AH ?.EXE
18:52 - CD | CHDIR
20:25 - DIR /R
20:44 - DIR /R/A
21:25 - MORE...
https://www.youtube.com/watch?v=SfG25LmNkT0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emulation Fundamentals - Writing A Basic x86 Emulator
In this OALABS Patreon tutorial we will explore how an emulator works by building one ourselves! This is the first part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
The demo Jupyter Lab note can be found on GitHub here...
https://gist.github.com/herrcore/f25bcf55fa10fa8d04effc172eeb63c9
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=HPrqOIdNlrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unity Game Hacking Challenge - "Azusawa's Gacha World" [SekaiCTF]
Video walkthrough for "Azusawa's Gacha World", a [game] reversing challenge from Project SEKAI CTF 2023. The challenge involved memory manipulation with cheat engine (optional), reverse engineering of Unity game code (C#) in dnSpy, some network traffic analysis and HTTP traffic manipulation. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SEKAICTF #ProjectSEKAI #CTF #ReverseEngineering #GameHacking #CheatEngine
You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/sekai_23/rev/azusawas_gacha_world.md 🥰
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b...
https://www.youtube.com/watch?v=R8EnhRDDWFg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 6 | Deconstructing Malware Attacks & Forging a Career in Cybersecurity
In this episode of Intruder Alert, Marcus Hutchins is joined by cybersecurity expert Caitlin Sarian, known for her role as the Global Lead of Cybersecurity Advocacy and Culture at TikTok and her expertise in data protection and privacy compliance. Marcus and Caitlin provide technical insight into the latest US malware attacks and share invaluable advice on breaking into the cybersecurity field.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=2aRgdmTdtK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=my568xKtgLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is your favorite on here?? #favorite #cybersecurity #hacker
https://www.youtube.com/watch?v=KPPH7vJZajQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Protecting Society and the Role of CERT with Tonu
In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=aYCyFDlK7vg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne x Red Team Village
Thank you HackerOne for Sponsoring the Red Team Village!
Additional information about HackerOne can be obtained from https://hackerone.com
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=6XzKgYF3kDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Hack The Box
Additional information about Hack The Box can be found at hackthebox.eu
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DX61G7v3jvw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Meta
Additional information about Meta can be found at meta.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=uizRK9qLsJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 5 | Community Uprising: Unravelling the Reddit Blackout
In the latest episode of Intruder Alert, Marcus Hutchins and Cybrary blue teamer, Marc Balingit, delve into the the uproar around Reddit's blackout. They unravel the intricacies of Reddit's contentious API changes, which have cornered third-party apps like Apollo, sparking a sweeping blackout protest across thousands of subreddits. Furthermore, they explore the impact of Twitch's fresh policy adjustments, which are a threat to streamers' ad revenue, and other news impacting online communities.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=8_CEqpKU8AA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOM Clobbering, Prototype Pollution and XSS - "sanity" Walkthrough [Amateurs CTF 2023]
Video walkthrough for "sanity", a web challenge from Amateurs CTF 2023. The challenge involved DOM clobbering, prototype pollution and XSS. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #AmateursCTF #CTF #Pentesting #OffSec #WebSec
You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/amateurs_23/web/sanity.md 🥰
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Amateurs CTF↣
https://ctf.amateurs.team/challs
https://discord.com/invite/gCX22asy65
↢Resources↣
Ghidra:...
https://www.youtube.com/watch?v=AO7CDquZ690
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Buddobot
Additional information about Buddobot can be found at buddobot.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ubVLiJ17Sd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trying to demo the #hacker side without getting 🤐🤐🤐 by the platform. Oops! #cybersecurity
https://www.youtube.com/watch?v=p_OgaSkmBMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 85 | Key Takeaways from the Verizon DBIR with Tony Goulding
Join host Joseph Carson and guest Tony Goulding as they break down the annual Verizon breach report. With over 16,000 incidents and more than 5,200 data breaches, there's a lot to look at. Tony and Joe have some great takeaways from this critical annual report and share their expert insights on what's new, what's changed, and what we're not doing so bad at (hint: MFA goes a long way!)
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=luXnfWO_U7I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AV Emulation Detection Tricks Used by Malware
Tricks that malware developers use to detect antivirus emulators and how these differ from the sandbox emulators we use from our recent Twitch stream.
Alexie's Windows Defender research with some insights into the emulation engine used...
https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf
https://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf
https://github.com/0xAlexei/WindowsDefenderTools
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=8jckguVRHyI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack you exe's phone? 😂 #podcast #cybersecurity
https://www.youtube.com/watch?v=ufdeWuwsWaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Bishop Fox
Additional information about Bishop Fox can be found at:
https://www.bishopfox.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=aopkRkBfkgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Optiv
Additional information about Optiv can be found at optiv.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RMaH8T6Qx_s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 84 | The Best of RSAC & Cybersecurity Strategies with Bob Burns
RSAC was the place to be for cybersecurity in 2023, and Joe Carson is joined by Bob Burns to talk all about it. From the sessions that really resonated to the incredible human connections and networking, join Joe and Bob to deconstruct this year's most comprehensive conference. Were you at RSAC this year? Join us in the comments to let us know your favorite session!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=qU40Yg7pfbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting PsExec Usage
In this episode, we're going to look at a variety of methods you can use to determine whether or not a system was the recipient of a PsExec connection. While you may already be familiar with some of these detections, there's a good chance you haven't seen them all!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
03:03 - Demo 1
05:09 - Event Log Analysis 1
09:01 - Demo 2
09:56 - Event Log Analysis 2
10:56 - Shimcache Analysis
15:46 - The Key to Identify PsExec
17:55 - Prefetch Analysis
21:38 - Recap
🛠 Resources
The Key to Identify PsExec:
https://aboutdfir.com/the-key-to-identify-psexec/
Prefetch Deep Dive:
https://www.youtube.com/watch?v=f4RAtR_3zcs
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=oVM1nQhDZQc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV Badge Preview - 2023
Pick yours up now!
https://redteamvillage.square.site/
https://www.youtube.com/watch?v=DSHE3wXIkSA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-ai-revolution-with-diana-kelley
Everybody's talking about it - the AI revolution is here. But given the rapid evolution in this field, it's hard to keep up with the sweeping effects this technology is causing. Luckily, Joe Carson is joined by longtime AI expert Diana Kelley to shed light on all of these changes. She addresses the many misconceptions and media misrepresentations surrounding AI, breaks down the different forms of this technology, and emphasizes the need for a better understanding of AI's capabilities and limitations. They also discuss the ethical and legal implications that will only become more potent as AI continues...
https://www.youtube.com/watch?v=ow9JszgoC1M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips to Learn Reverse Engineering: Avoid These Common Pitfalls!
How to maximize the return on your time when learning how to reverse engineer! Just a few thoughts on what worked for me and what to avoid from our recent Twitch stream.
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=JzhpTLe8Vg4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NahamCon CTF 2023: Web Challenge Walkthroughs
Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by @NahamSec ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec
If you're looking for the "Marmalade 5" Web challenge, check the @intigriti channel: https://youtu.be/3LRZsnSyDrQ 🥰
Full write-ups for the challenges: https://github.com/Crypto-Cat/CTF/tree/main/ctf_events/nahamcon_23
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit:...
https://www.youtube.com/watch?v=XHg_sBD0-es
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=hacking-the-government-with-bryan-seely
In this eye-opening episode, dive into the captivating world of cybercrime and social engineering with our host, Joe Carson, and special guest Bryan Seely! Bryan, a keynote speaker and cybersecurity expert best known for his Secret Service exposé, discusses his journey from a young computer enthusiast to a renowned public speaker. Join them as they investigate the mindset and techniques used by hackers, such as the use of aliases to deceive and manipulate their targets, as well as the importance of responsible disclosure and changing cybersecurity laws.
Follow us for exclusive updates:
~https://twitter.com/cybraryIT
~https://www.instagram.com/cybrary.it/
~https://www.facebook.com/cybraryit/
Follow...
https://www.youtube.com/watch?v=aagD2SxYUJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16 - Open Redirect (low/med/high) - Damn Vulnerable Web Application (DVWA)
16 - Open Redirection (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Open Redirects↣
@PwnFunction:...
https://www.youtube.com/watch?v=I5jko9mLNO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c
Fun stream hanging out with @c3rb3ru5d3d53c and trying to reverse engineer her malware challenge! API hashing, stack strings, and rick rolls, we've got it all!
Full workshop samples and solutions:
https://github.com/c3rb3ru5d3d53c/reworkshop
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=amnvrOLRGHA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today!
In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us.
For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is this NEW Generative AI Feature a GAME CHANGER? [Adobe Firefly]
A demo of Adobe Firefly, the new generative AI functionality in Photoshop. We'll explore various applications of the ethical AI-assisted editing feature, including generative fill (beta) to edit a photograph. First, we'll remove the people (and other objects) from the beach. Next, we'll extend/expand the image, generating additional content that seamlessly clicks into the image. We'll also replace the sky, change the sand and add a variety of animals and objects. Finally, we'll play around with a cartoon image (CryptoCat) to see how the AI functionality works with illustrations. During the course of the video, we'll discuss some of the advantages/disadvantages, talk about bugs, design choices (stock images only) and cyber-security implications (deep fakes). Hope you enjoy this video, next...
https://www.youtube.com/watch?v=oLxIrRzWhUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A File's Life - File Deletion and Recovery
In this episode, we'll look at exactly what happens when you delete a file from an NTFS file system. Then, we'll talk about file "undeletion" versus file carving, and use PhotoRec to perform file carving against a mounted disk image. Lastly, we'll explore techniques to search through that recovered data using an Ubuntu WSL 2 instance.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
13:12 - PhotoRec Demo
19:03 - Searching Recovered Data
🛠 Resources
PhotoRec:
https://www.cgsecurity.org/wiki/PhotoRec
Recycle Bin Forensics:
https://www.youtube.com/watch?v=Gkir-wGqG2c
Let's Talk About NTFS Index Attributes:
https://www.youtube.com/watch?v=x-M-wyq3BXA
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=4zlk9ZSMa-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management Metrics: Top 10 KPIs To Measure Success
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
In this engaging interview, Walter shares valuable insights on:
🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments.
🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations.
⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs.
📈 Success stories of organizations...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management SOP: Expert Reveals Top Tips
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs!
In this not-to-be-missed session, you'll:
🔑 Learn the essential components of effective vulnerability management SOPs
🛡️ Discover how to prioritize and remediate risks efficiently
🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 10 Vulnerability Management Trends For 2024
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading: https://purplesec.us/learn/vulnerability-management-trends/
Chapters
---------------
00:00 - Introduction
00:20 - Joshua Copeland
02:47 - Automation Is Key
10:30 - Adoption Of Risk-Based Approaches
16:40 - Continuous Monitoring
21:40 - Increased Focus On Cloud Security
28:43 - Increased Use Of Threat Intelligence
35:10 - The Role Of Network Segmentation
43:30 - DevSecOps: Building Security From The Ground Up
50:40...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Two Thumbs Up - Thumbnail Forensics
In this episode, we'll look at Thumbs.db and Thumbcache -- databases used by Windows to store thumbnails (preview images) of pictures, documents, and other file types. Learn how these rather obscure artifacts could potentially be invaluable to your investigations.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:28 - Thumbs.db / Thumbcache artiFACTS
05:13 - Thumbcache Viewer Demo
🛠 Resources
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=5efCp1VXhfQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Techniques To Improve Vulnerability Visibility & Detection
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/
Read the full article: https://purplesec.us/learn/vulnerability-visibility/
Chapters
---------------
00:00 - Introduction
00:45 - Clement Fouque
01:36 - Importance Of Visibility In Vulnerability Management
02:51 - Why Is Poor Visibility An Issue?
04:40 - Common Blind Spots
06:55 - Improving Asset Inventories
09:30 - How Do You Know If You Have Poor Visibility?
13:20 - Techniques For Improving Visibility
15:05 - How To Ensure All Endpoints Are Being Scanned
18:25 - How Network Segmentation Improves Visibility
20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Lesley Carhart (hacks4pancakes)
In this special guest episode, I interview Lesley Carhart (aka hacks4pancakes) of Dragos. We'll cover a variety of topics and provide some career advice along the way!
*** Check out PancakesCon 4 at https://pancakescon.com/ coming March 19, 2023! ***
🎉 Also check out the new 13Cubed Training Course Investigating Windows Endpoints. Affordable, on-line, and on-demand training is here! Enroll now at https://training.13cubed.com/
🛠 Resources
Twitter:
https://twitter.com/hacks4pancakes
Mastodon:
https://infosec.exchange/@hacks4pancakes
TikTok:
https://www.tiktok.com/@UCezvmPw4tfO6n_FMQoN4waw
#forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=aC4jd8hQdYo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5
Get 0 In Free Linode Credit ►► https://bit.ly/39mrvRM
Get started with Intigriti: https://go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify...
https://www.youtube.com/watch?v=XcIUuwH3S9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 Year Cybersecurity Career Roadmap
In this video, I outline a concise 3-year Cybersecurity career roadmap designed for students or professionals looking to get started with a career in Cybersecurity in 2023 and beyond.
Slides: https://bit.ly/3HlM3aw
Black Hills 5-Year InfoSec Plan: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►►...
https://www.youtube.com/watch?v=oI9aaBpJvoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Defense Evasion Techniques - Hiding Linux Processes
In this video, I explore the process of evading defenses on Linux by hiding Linux processes with libprocesshider.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Process Hider GitHub Repository: https://github.com/gianlucaborello/libprocesshider
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER...
https://www.youtube.com/watch?v=GT-ClZAi6rE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Persistence Techniques - SSH Keys, Web Shells & Cron Jobs
In this video, I explore the process of establishing persistence on Linux via SSH keys, local accounts, web shells, and Cron Jobs.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=tNJs8CFj_B8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT For Cybersecurity
In this video, I go over the process of how to use ChatGPT and cover various examples of how to use ChatGPT for Cybersecurity.
ChatGPT is an AI-driven chatbot launched by OpenAI in November 2022.
It is trained using Reinforcement Learning from Human Feedback (RLHF).
It is built on top of OpenAI's GPT-3.5 family of large language models and is fine-tuned with both supervised and reinforcement learning techniques.
OpenAI ChatGPT: https://chat.openai.com/chat
Timestamps:
0:00 Introduction
7:50 ChatGPT usage
10:45 Pentesting examples
13:10 Generating shells
14:25 Fuzzing
17:15 Shellcode
18:00 Custom emails
19:34 Macros
20:56 Buffer overflow
22:15 Automation
25:00 Blue team examples
28:33 ChatGPT impact on cybersecurity
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY...
https://www.youtube.com/watch?v=6PrC4z4tPB0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Privilege Escalation Techniques - Kernel Exploits & SUDO Permissions
In this video, I explore the process of elevating privileges on Linux by leveraging kernel exploits, local accounts, and misconfigured SUDO permissions.
Privilege Escalation consists of techniques adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=w2rElXYV2Fs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LastPass Data Breach - Password Security 101
In this episode of CyberTalk, I discuss the latest LastPass data breach (December 2022) and outline a failsafe password management policy for you, your family, and or your business.
The following is a set of password security and management guidelines you should follow:
1. Generate secure, random, and complex passwords.
2. Use a new and unique password for every account.
3. Store your passwords with an offline password management database/vault like KeePass.
4. Take regular backups of your password database/vault and store them in a secure location (preferably only known to you).
5. Regularly change your passwords.
6. Develop a password handover contingency plan in the event of your death or incapacitation.
7. Remember, online platforms and solutions can go out of business or may not necessarily...
https://www.youtube.com/watch?v=MsxlsGAJ97c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk-Based Vulnerability Management
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read The Full Case Study
----------------------------------------
https://purplesec.us/case-studies/travel-services-provider/
High Level Findings
-------------------------------
PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period:
- 75% MTTR reduction.
- 86% vulnerability risk reduction.
- M average annual savings for the client.
- 1.6k average monthly man-hour savings.
-...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read the full article... https://purplesec.us/learn/vulnerability-management-program/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/vulnerability-remediation/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users.
The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID.
More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is Vulnerability Management? (Explained By Experts)
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)