Ransomware Kingpins LockBit Disrupted
In a landmark operation, the notorious LockBit ransomware gang, which has dominated the cybercrime landscape for over three years, faced a significant disruption. This breakthrough was achieved through a collaborative effort between the National Crime Agency (NCA) and the FBI. But what led to this pivotal moment, and what implications does it hold for the future of LockBit and ransomware operations globally? Dive into the details with Ryan Chapman, a leading SANS Institute course author, instructor, and an expert on ransomware, along with other guests, as they dissect the recent events and forecast the ramifications for cybersecurity. #ransomware #LockBit #cybersecurity
https://www.youtube.com/watch?v=Ith3IgY8on8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Value Of A vCISO For Small Business W/ Greg Schaffer | PurpleSec
Greg Schaffer shares his over 33 years of information technology and cybersecurity experience on the value small and mid-sized businesses gain from working with a virtual CISO (vCISO). AI & Cybersecurity Newsletter ------------------------------------------------ 👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/ Video Chapters ------------------------- 00:00 - Introduction 02:55 - LinkedIn Poll Results 08:40 - What Are The Responsibilities Of A vCISO? 14:00 - What Are The Benefits Of A vCISO For SMBs? 16:50 - What Are The Risks Of DIY Security? 19:38 - When Should A Small Business Hire A vCISO? 24:27 - What Should SMBs Look For...
https://www.youtube.com/watch?v=YpJPOPfbkLQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille

My best cybersecurity career advice: Say no | Cyber Work Podcast
Tom Terronez of Medix Dental, an IT and security provider for the dental industry, talks about the best career advice he received while in the cybersecurity industry. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide...
https://www.youtube.com/watch?v=YP3UMQOrRno
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Renewing your Security+ certification | Cyber Work Hacks
Infosec and Cyber Work Hacks want to help you pass the Security+ exam! We have three separate Hacks on this channel to help you through the process of studying for and taking the exam. But what about in the years after, when it's time to get ready to recertify? Infosec boot camp instructor Tommy Gober walks you through all the different ways you can earn your continuing education units (CEU), how many you need to re-certify your Security+ and some less-known activities that can keep your CEU numbers rising and make ongoing learning an ongoing process, not something you need to “cram” at the end of three years. Wanna know more? Well, it's all here in today's Cyber Work Hack. 0:00 - Security+ certification renewal 1:30 - Why does CompTIA require renewal? 4:37 - How to earn continuing...
https://www.youtube.com/watch?v=Kl1e126tYRQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I-S00N China File Drop - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ Support ThreatWire → https://patreon.com/threatwire @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali Everywhere else: https://links.ali.dev [❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire 0:00 Intro 0:11 - What is happening with LockBit? 0:48 - Linux Kernel Added as CNA 1:02 - I-S00N China file drop 2:12 - Using Audio to Generate Fingerprint Attacks 4:02 - ChatGPT Accounts Linked to APTs Deleted 5:51 - Outro LINKS 🔗 Story 1: What is happening with LockBit? https://www.inforisktoday.com/lockbit-infrasttructure-seized-by-us-uk-police-a-24395 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupted-by-global-police-operation/ 🔗 Story...
https://www.youtube.com/watch?v=rpl-o12Mcp4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 9 - Repeater II

https://www.youtube.com/watch?v=KrpUNg-8LDc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2

Cybersecurity issues the dental industry faces | Cyber Work Podcast
Tom Terronez of Medix Dental, an IT and security provider for the dental industry, talks about the cybersecurity issues facing the dental industry, specifically, very old legacy systems and minuscule resources for security. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their...
https://www.youtube.com/watch?v=jCiT13CS2K8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Answering all of your XSS questions LIVE!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=S_yrxrKiThI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Know Thy Enemy: The Taxonomies That Meta Uses to Map the Offensive Privacy Space
This talk introduces and examines privacy-inclusive taxonomies Meta has developed and uses to track privacy weaknesses, enumerate privacy adversarial TTPs, deconflict privacy and security efforts, and scale detection and remediation efforts. Taxonomies, such as MITRE's CVE, CAPEC, and ATT&CK® frameworks, have long been used to track and understand cybersecurity weaknesses and the tactics of cyber adversaries. These taxonomies help organizations stay abreast of trends, guide software development best practices, and pinpoint the most effective remediation and detection strategies to common cybersecurity issues. As the field of offensive privacy matures, organizations require similar taxonomies to understand privacy threats and align efforts across security and privacy teams.... By: Zach Miller...
https://www.youtube.com/watch?v=dau9plCrwoE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations
Batman once said, "you either die a hero or live long enough to see yourself become the villain." What if there was a way to become a cyber villain for the greater good? For the last 5 years, the MITRE ATT&CK Evaluations team has been improving the industry by "becoming the villain." We study some of the world's most advanced threat actors, develop a scenario, build malware and tools, then execute the operations against major EDR vendors. And the best part? Not only do we get the business justification of becoming a villain to advance defenders, but our code is also open-sourced. Using a Latin American APT as our real-world villain, this talk will showcase how to merge CTI and red development capabilities for adversary emulation.... By: Cat Self, Kate Esprit Full Abstract and Presentation...
https://www.youtube.com/watch?v=ulktZxdN6nA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cross-Site Scripting (XSS) Explained! // How to Bug Bounty
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=ej2O4lOUzRc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why hack in when you can just log in?
So many hacks happening today because of leaked credentials. No need to do something technical when you can just login. Hackers have realized that it's easier to just log in rather than hack. Big thanks to Cisco for sponsoring my trip to Cisco Live and this video. // Tom's SOCIAL // LinkedIn: http://linkedin.com/in/tomgillis1 Forbes: https://www.forbes.com/sites/tomgillis/?sh=e460beb1789c X: https://twitter.com/_TomGillis // Website REFERENCE // https://www.reuters.com/technology/hackers-who-breached-casino-giants-mgm-caesars-also-hit-3-other-firms-okta-says-2023-09-19/ https://fortune.com/2023/08/18/lessons-from-equifax-security-breach/ // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X / Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal...
https://www.youtube.com/watch?v=jmdCArq8Mmc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't Forget This One Hacking Trick
https://jh.live/keeper || Keeper Security offers a privileged access management solution to deliver enterprise grade protection all in one unified platform -- keep your users, your data, and your environment secure with Keeper! https://jh.live/keeper Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=2rqb3YSa1SE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

BingBang: Hacking Bing.com (and much more) with Azure Active Directory
In cloud-managed environments, exposing one of your most sensitive assets to external attackers can be as simple as clicking a checkbox. This was the case for Bing.com with their Azure Active Directory (AAD) integration, where a single misconfiguration enabled us to bypass authentication, alter search results, and launch XSS attacks on its users stealing their Office 365 tokens. However, Bing was not an isolated case. By inventing a new scanning technique to remotely map AAD misconfigurations, we identified thousands of exposed applications across the internet. In this talk, we will present our novel technique for hunting misconfigurations on Azure AD, one of the most common Identity Providers on the internet.... By: Hillai Ben-Sasson Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#bingbang-hacking-bingcom-and-much-more-with-azure-active-directory-33206...
https://www.youtube.com/watch?v=l4hA2eZuMF8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

mTLS: When Certificate Authentication is Done Wrong
Although x509 certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X509 certificates in general, brings advantages compared to passwords or tokens, but you get increased complexity in return. In this talk, we'll deep dive into some novel attacks on mTLS authentication.... By: Michael Stepankin Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#mtls-when-certificate-authentication-is-done-wrong-33203
https://www.youtube.com/watch?v=3zEZ6d9PVZ8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unsafe At Any Speed: CISA's Plan to Foster Tech Ecosystem Security
In 1965, Ralph Nader published "Unsafe at Any Speed", a survey of automobile safety from design, to delivery, to maintenance. The parallels to the safety of modern technology are startling. In this talk, we'll explore how products can be built to be safe by design, and safe by default, including topics ranging from memory safety, open-source security, insurance, and the security poverty line.... By: Jack Cable , Bob Lord Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#unsafe-at-any-speed-cisas-plan-to-foster-tech-ecosystem-security-33154
https://www.youtube.com/watch?v=_n7QRuR_Tck
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malware Analysis Made Easy: Cloud Investigations
https://jh.live/malcore || Try Malcore for fast file analysis and simple malware investigation, with flexibility and privacy in scans and reporting! https://jh.live/malcore Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=ddwhVIGjp4Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Writing Threatwire Live with @endingwithali
Surprise live stream - working on writing Threatwire live. Come Join! -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=iZ-_9cgJKNg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Leverage Cloud Threat Intelligence Without Drowning: The Zero-Noise Approach
Why is Threat intelligence so difficult to effectively utilize in the Cloud? Different Cloud environments share many characteristics, leading attackers to often use the same TTPs in a multitude of attacks. Sounds like an easy case of using TI to detect and investigate malicious activity, until we encounter one problem : noise. The vast amounts of Cloud TI data combined with increasingly high volumes of automated Cloud attacks have created a situation in which most organizations can't effectively handle their TI feeds. Instead of enabling better detections, these feeds often lead to alert fatigue and hinder the identification of true malicious activity. To tackle this problem, we developed a unique methodology for ingesting Cloud TI and detecting malicious activity : The Zero Noise Approach....
https://www.youtube.com/watch?v=Q0cBwuPy-m0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beyond the Basics: The Role of LLM in Modern Threat Intelligence
Threat intelligence is replete with challenges, necessitating a large experience, knowledge, and techniques to really understand the threat landscape, the TTPs, and to accurately track threat actors. Given this context, it is crucial to innovate and introduce the tools and techniques to both the current and next generation of analysts who stand to benefit from shared experience. A promising avenue of innovation is the advent of large language models (LLMs). The widespread accessibility of these tools undoubtedly heralds a new era of innovation. However, practical questions arise: How do we effectively harness this technology? How might it address existing challenges? And, most crucially, how can it assist in tracking threat actors and empowering threat analysts? In this presentation, we will...
https://www.youtube.com/watch?v=9PpfYaAxFq4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Applying Threat Intelligence Practically to Meet the Needs of an Evolving Regulatory Environment
Effective and operationalized threat intelligence is required now more than ever. Even as organizations around the world grapple with shifting market conditions, an increasingly complex regulatory environment is also emerging that will impact cybersecurity programs and processes across many sectors. More recent examples such as DORA and the September 2023 SEC ruling concerning material cyber incidents join established frameworks such as those from NIST and the UK's Cyber Assessment Framework (CAF). Threat intelligence can help organizations develop, prioritize, and action plans and strategies as part of threat and risk management, which ultimately informs these regulatory and compliance assessments. However, a universal threat intelligence methodology or crosswalk does not exist, challenging...
https://www.youtube.com/watch?v=ZneUyNceklY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How an Info Sharing Analysis Center Works w/ its Members to Improve Cyber Defenses for Their Sector
As more firms interact with the government agencies and regulators, external partnerships are becoming a priority. An Information Sharing and Analysis Center and one of its members want to give an overview of what ISAC/ISAOs are and how firms can benefit from this partnership and how ISACs are a good place to start when building external partnerships. The talk would start with an overview of ISACs to include how the ISACs provide anonymity to its members when sharing through their organization as well as how the ISACs interact with government entities and other ISACs. The member firm will then talk through why they joined the ISAC and what benefits they have seen for themselves and the sector as a whole. As part of this process, the firm would describe how they developed an internal procedure...
https://www.youtube.com/watch?v=Rx0npcXC-Bo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bridging the Intelligence Divide: Building CTI Blueprints for Value-Based Production
CTI programs live and die by their own tribal knowledge. There is a large capability gap between new programs with small teams and junior analysts, and mature programs with a large team of senior analysts. Ascending the capabilities ladder is arduous and derailed by one or two key departures. We can bridge this gap. For CTI products to provide better value and sustain analyst attrition, the Center and its partners created a new standard for CTI reports. We share a set of templates with prescriptive instructions on what to include and to whom the report should be focused. This talk will also introduce a publicly available suite of tools that will support best practices, automation, and enable dissemination of human and machine-readable reports. raising These capabilities will accelerate production...
https://www.youtube.com/watch?v=8zuGorPp5R8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Threat Intelligence Helped Us Defend and Respond to a Nation-State-Sponsored Threat Actor
This paper presents a comprehensive analysis of a real-world incident, referred to as "The D.R. Incident," when the Dominican Republic National Computer Security Incident Response Team (CSIRT) we uncovered a sophisticated threat actor compromising a wide spectrum of targets, including governmental, private, and critical infrastructure entities. The core focus of this paper revolves around the instrumental role played by threat intelligence in both defending against and responding to the nation-state-sponsored threat actor. We delve into the utilization of publicly available threat intelligence sources and, critically, the generation of our own threat intelligence tailored to the specific incident. We outline how these sources of threat intelligence were leveraged to gain critical insights...
https://www.youtube.com/watch?v=fBva043j4bw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Clustering Attacker Behavior: Connecting the Dots in the RaaS Ecosystem
As ransomware-as-a-service (RaaS) offerings arose on the scene, the volume and variety of ransomware attacks greatly expanded. Now, dozens of affiliates are deploying the same variant, leading to differing attack chains depending on who's behind the intrusion. This session walks through organizational clustering efforts when it comes to the messy world of ransomware affiliates and highlights how to separate the common tactics from the narrow details that may be indicative of a specific affiliate. Featuring case studies of two Threat Activity Clusters (TACs) tracking ransomware affiliates, this session will demonstrate how identifying unique indicators in attacks can assist in connecting the dots across incidents, thus allowing us to determine a pattern of attacker behavior independent of the...
https://www.youtube.com/watch?v=ZNf0T1yHl8s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Intelligence is a Fallacy, but I May be Biased
As threat intelligence practitioners, we often discuss our biases, mental models, and the common fallacies that impact our analysis and reporting. This talk looks at how we've failed to effectively communicate some of the decisions that we've made consciously and unconsciously during the production and dissemination of threat intelligence, and how that impacts how our stakeholders think about the data. For example, threat profiles and analysis reports often talk about the targeted industry without actually discussing if the industry was specifically targeted, or if a member of that industry was breached as a target-of-opportunity. Without that clarity, organizations in that industry may misunderstand their threat landscape and prioritize defensive projects for lower-priority groups. View...
https://www.youtube.com/watch?v=0gbLJJIAdiY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks
In today's hospitality industry, vacation rental software has shifted from a luxury to a must-have for hotels, resorts, and smaller businesses, simplifying booking, guest interactions, and property management. While vacation rental software may seem focused on booking, it holds valuable data like credit card info, guest preferences, and communications. This data is a prime target for cybercriminals seeking financial gain or unauthorized access. This deep-dive article examines a recent breach targeting a small resort in the United States. The attack was supported by a suite of tailor-made malware, designed by the threat actor to seamlessly integrate with the software's architecture. This underscores the threat actor's intricate understanding of the software's internal workings and highlights...
https://www.youtube.com/watch?v=FQbMicg1Ldg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beyond Cryptojacking: Studying Contemporary Malware in the Cloud
As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have continued to evolve. After observing a shift away from cloud compute and on to serverless environments, containers and other managed services, it's clear that the cloud remains an increasingly attractive target for malware developers pursuing a variety of objectives. Matt will provide technical insight into a new group of contemporary cloud-focused malware campaigns. Specifically, Matt will focus on those that have diversified from the common objective of cryptojacking, and will discuss TTPs unique to these malware families. Attendees can expect to gain knowledge of how these campaigns achieve initial access and evade host and network-based detection mechanisms in cloud environments. Matt will also...
https://www.youtube.com/watch?v=MVwiDcJZTwU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Won't They Listen? – ConnectingYour CTI to Decision Makers
The best cyber threat intelligence in the world may be useless, unless it can help shape decisions at senior leadership levels. A well-written and thoroughly researched report may just end up as another task on an ever-increasing to-do list for executive leadership teams without any good effect. How can CTI better inform the critical security decisions for organizations? There is no easy answer, because organizations differ greatly in structure, knowledge, funding, and strategy. This presentation focuses on how increase the effectiveness of CTI reports, recommendations, and warnings to better inform strategic decision making in organizations. This is through a process of 'credible communication', which aims to build trust, break down barriers, and speed decision-making. Using real-life examples...
https://www.youtube.com/watch?v=LyHSqA3Rons
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity is GeoPolitical: Lessons From the Fight Against Mercenary Spyware Proliferation
Beyond the zero-click exploits and constant stream of spyware scandals, a marathon struggle is unfolding between mercenary spyware developers and the tech & cybersecurity community. Yet progress is elusive. While big companies seek to defend users from the likes of Predator, Pegasus and Quadream with hardening, threat intelligence, and patching, mercenary spyware proliferation as a whole is accelerating. Why? Because mercenary spyware's greatest successes aren't technical, they are political. Mercenary spyware companies navigate gaps in regulation while seeking to align themselves with entrenched interests. This is partly why measures targeting the political, not technical, dimensions of the spyware problem have shown some of the greatest promise for pumping the brakes on spyware proliferation. As...
https://www.youtube.com/watch?v=lByB-GhWRgs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intellimation: Guidance for Integrating Automation in Your Cyber Threat Intelligence Program
In 1983, Prince sang "A-U-T-O-MATIC, just tell me what to do," and discussed parallels between a physical relationship and the predicted brink of destruction set to occur in 1999. While said destruction did not occur, the internet experienced unprecedented growth in the late 90s, only to be upstaged by the maturation of cybercriminals and abuse of internet services. 40 years after the release of "Automatic," cybersecurity practitioners work daily to understand and outpace cybercriminals. Armed with cyber threat intelligence (CTI), cybersecurity teams collect, process, and analyze threat actor motives and tradecraft to detect suspicious activity and disrupt adversarial objectives. However, the number of threats drastically increase as technology continues to advance and more consumers own more...
https://www.youtube.com/watch?v=NhWLVvbR35k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Cyber-Hobbit:There and Back Again in CTI
"The Cyber-Hobbit: There and Back Again in CTI" intertwines the classic tale of "The Hobbit" with the modern challenges and opportunities of the cyber threat intelligence world; providing valuable insights for those embarking on this unexpected journey, and mentors seeking to bring new talent to the field. Highlighted Takeaways: -Embrace the Unexpected: Just as Bilbo's journey began unexpectedly, be open to opportunities that may lead you into the world of cybersecurity and threat intelligence. -Seek Guidance: Mentors and advisors play a critical role in your journey. Reach out for guidance and mentorship in the cybersecurity field. -Adapt to Challenges: Cybersecurity, like Bilbo's adventures, involves facing unforeseen challenges. Be prepared to adapt and learn as you encounter new threats. Specialized...
https://www.youtube.com/watch?v=XrZS87BuTQU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A career in dental cybersecurity? Drilling down into this unique role | Guest Tom Terronez
Tom Terronez joins Cyber Work to discuss security in an industry that doesn't always make the headlines for security news: dentistry. Terronez co-founded Medix Dental, an IT and security provider for the dental industry, 20 years ago, and has the lowdown on some of the specific security issues dentist offices and networks face. It is an uphill battle to get the industry to acknowledge its extreme insecurity, and I find out how a shared love of Hall & Oates got Terronez into this very specific area of the security sphere. And I promise that I tried to avoid overusing the phrase “drill down on this point.” Spoiler: I failed. 0:00 - Dental industry cybersecurity 2:00 - Terronez's interest in tech 3:55 - Dentistry cybersecurity 20 years ago 5:00 - Dentistry cybersecurity dangers and issues 15:55...
https://www.youtube.com/watch?v=iA3htSGWEQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Is How You Setup Your Bug Bounty & Automation Box (Part 1)
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=qlX5jR7Z4uo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Calculating Smart Contract Vulnerability Impact: Low To Critical
In this video, Piotr Cielas of HALBORN showcases a new framework and tool for calculating the risk and impact for different smart contract vulnerabilities across the blockchain. We dig into what aspects of an attack make for more critical exploits or severe vulnerabilities, and how organizations can assess and prioritize potential security weaknesses. Check out the BVSS Calculator here! https://jh.live/bvss If you'd like to learn more about HALBORN and their smart contract auditing services, check out https://jh.live/halborn 00:00 - Blockchain Vulnerability Scoring System use case 00:48 - Intro 02:52 - Is there a blockchain security score? 13:17 - Demo background info 14:10 - Demo start 20:14 - Calculating the score 22:47 - Exploitability metrics 25:21 - Impact metrics 27:49...
https://www.youtube.com/watch?v=KlrtJn34zgo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LA CTF 2024: Web Challenge Walkthroughs (1-4)
Video walkthrough for first 4 web challenges from LA CTF 2024; terms-and-conditions, flaglang, la-housing-portal and new-housing-portal. The challenges involved JS manipulation, cookie tampering, SQL injection and cross-site scripting. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #LACTF #CTF #Pentesting #OffSec #WebSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat/CTF HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢LA CTF↣ https://platform.lac.tf/challs https://lac.tf/discord https://ctftime.org/event/2102 ↢Resources↣ Ghidra: https://ghidra-sre.org/CheatSheet.html Volatility:...
https://www.youtube.com/watch?v=Z4P667ayUsg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is OpenAI's Sora any good? #shorts #ai #sora #youtube #video
#ai #sora #openai
https://www.youtube.com/watch?v=Cb_MLDO5dME
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Week Program: Let's Hack Some Stuff!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=6owmJwQ8s8g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Endoscope: Unpacking Android Apps with VM-Based Obfuscation
Code virtualization has long been used for code protection by both benign and malicious programs. In recent years we have seen an increasing number of mobile apps adopting this technique. The difficulties to reverse-engineer them lie in that one needs to figure out the virtual machine's mechanism of fetching and executing instructions, before one can understand higher-level semantics of virtualized program. Due to the heterogeneity of custom instructions, Common Tools like jadx and IDA cannot recognize VM's instructions like they do with dex/x86/arm instructions... By: Fan Wu , Xuankai Zhang Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#endoscope-unpacking-android-apps-with-vm-based-obfuscation-33137
https://www.youtube.com/watch?v=4Rmc1rEyADU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers' Tradecraft
The Remote Desktop Protocol (RDP) is a critical attack vector used by evil threat actors including in ransomware outbreaks. To study RDP attacks, we created PyRDP, an open-source RDP interception tool with unmatched screen, keyboard, mouse, clipboard and file collection capabilities. Then we built a honeynet that is composed of several RDP Windows servers exposed on the cloud. We ran them for three years and have accumulated over 150 million events including 100 hours of video footage, 570 files collected from threat actors and more than 20,000 RDP captures.... By: Andréanne Bergeron , Olivier Bilodeau Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#i-watched-you-roll-the-die-unparalleled-rdp-monitoring-reveal-attackers-tradecraft-33110
https://www.youtube.com/watch?v=e-Q4pYf9-oE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity issues in higher education | Cyber Work Podcast
Miami University's (in Oxford, Ohio) Farmer School of Business Information Systems and Security researcher Joseph Nwankpa talks about security issues in higher education, ranging from the wide variety of employees (students, faculty and staff) and their relative tech skills, over to the frequent email fatigue that comes when professors might have to receive and read hundreds of emails from students per day. It's easier for a phishing message to sneak through at that volume. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals...
https://www.youtube.com/watch?v=mH2WCYrQyHM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux for Hackers: LINUX commands you need to know (with OTW) // Ep 6
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://Brilliant.org/davidbombal (First 200 people that sign up will get a special discount). // Occupy The Web Books // Linux Basics for Hackers: https://amzn.to/3JlAQXe Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh Network Basics for hackers: https://amzn.to/3W1iiCQ // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://davidbombal.wiki/otw Direct links to courses: Pro Subscriber: https://davidbombal.wiki/otwprosub 3 year deal: https://davidbombal.wiki/otw3year // Occupy The Web SOCIAL // X / Twitter: https://twitter.com/three_cube Website: https://www.hackers-arise.com/ // Playlists REFERENCE // Linux...
https://www.youtube.com/watch?v=DiGangfhJ4g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SMB Shares & Cronjob to Initial Access (Proving Grounds: Dawn)
Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=uHrrgzmFd-Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enterprise security one step at a time
Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=PkWCJiEyOdA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON was actually cancelled?! - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ Support ThreatWire → https://patreon.com/threatwire @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali Everywhere else: https://links.ali.dev [❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire 0:00 Intro 0:12 - Is this app speedrunning getting hacked? 2:07 - Can your Toothbrush be used DDOS someone? 2:20 - FCC finalizes data breach regulations for telecom companies 3:11 - DEFCON was actually canceled? 4:50 - OUTRO LINKS 🔗 Story 1: Is this app speedrunning getting hacked? https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/ https://www.hackread.com/stalkerware-app-thetruthspy-hacked-data-stolen/ https://maia.crimew.gay/posts/fuckstalkerware-4/ https://techcrunch.com/2024/02/12/new-thetruthspy-stalkerware-victims-is-your-android-device-compromised/ 🔗...
https://www.youtube.com/watch?v=iTsb7OAlN3g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security+ Boot Camp: What to expect during your training | Cyber Work Hacks
Infosec and Cyber Work Hacks are here to help you pass the Security+ exam! For today's hack, let's talk boot camps. If you've been piecing your way through the Security+ study guide for six months or more, it's possible that you would learn better in a concentrated, focused environment with expert instruction. I'm talking, of course, about Infosec boot camp instructor Tommy Gober! Gober walks you through what the Infosec five-day Security+ Boot Camp is like, the learning and memorizing strategies you'll employ, and all the ways that boot camp training can make the difference between passing on the first try and endless headaches and heartaches of re-sitting the exam. You don't have to do it alone! But to learn more, you do have to keep it here for another Cyber Work Hack. 0:00...
https://www.youtube.com/watch?v=bYPmCoeyYpU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Simple JavaScript Aimbot - HTML5 Game Hacking
🔥 Learn How to Make a Simple JavaScript Aimbot! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking Learn the basics of HTML5 game hacking with this short and simple tutorial! 🔗 Learn more: https://guidedhacking.com/threads/simple-javascript-aimbot-html5-game-hacking.20517/ 📜 Video Description: This video takes inspiration from the SANS Holiday Hack Challenge 2023. This challenge featured an HTML5 snowball fight game against Santa and his elves. Our objective was to hack this game and introduce cheats for a more engaging experience. We began by altering URL variables to switch the game from a multiplayer to a single-player mode, allowing an AI...
https://www.youtube.com/watch?v=Kbmvy7FpIL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Uncovering Azure's Silent Threats: A Journey into Cloud Vulnerabilities
Cloud service providers offer Machine Learning as a Service platform, enabling companies to leverage the power of scalability and reliability while performing ML operations. However, with the massive adoption of such AI/ML systems worldwide, the security posture of the platform itself often may go unnoticed. We investigated Azure ML, a managed MLaaS from Microsoft. Our findings talk of two broad classes of security issues, namely... By: David Fiser , Magno Logan , Nitesh Surana Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#uncovering-azures-silent-threats-a-journey-into-cloud-vulnerabilities-33073
https://www.youtube.com/watch?v=cCLL5JrDt-M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IRonMAN: InterpRetable Incident Inspector Based ON Large-Scale Language Model and Association miNing
...In this work, we propose the first explainable LLM-based incident inspector. We combine a large-scale language embedding model with a frequent association algorithm to extract significant tokens, providing strong interpretability for incident similarity in feature space representation. Moreover, the contextual comprehension capabilities of the LLM ensure robustness against input variations. We demonstrate the practicality of our method in real-world incidents by applying it to our global visibility platform (200M+ events per day). The significant tokens generated by our model clearly identify the reasons why incidents are believed to stem from the same APT groups. Additionally, compare the results generated by our method to feedback from security analysts and thus provide different analytical...
https://www.youtube.com/watch?v=_Dvjn6DeFFk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automation should help people, not replace them | Cyber Work Podcast | #shorts #podcast #infosec
Leonid Belkind of Torq discusses how AI is the next step in automation and how it should help cybersecurity workers maximize their impact in this clip from the Cyber Work Podcast. About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
https://www.youtube.com/watch?v=lLwDsI5SvUc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I AUTOMATED a Penetration Test!?
https://jh.live/pentest-tools || For a limited time, you can use my code HAMMOND10 to get 10% off any @PentestToolscom plan! Apply the code on the checkout page: https://jh.live/pentest-tools Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=sQTGCs1DmrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The State of Secure DevOps - Security enables Velocity
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/4b/Final_The%20State%20of%20DevOps%20-%20Security%20Enables%20Velocity%20-%20AppsecUS.pdf As technology teams continue to accelerate and evolve, so do the quantity and sophistication of security threats. It's easy to emphasize the importance of security and suggest that teams need to prioritize it, but doing so becomes an extensive change management exercise. How can we rise to the challenge without slowing our software delivery velocity? Our own lived experience combined with a multi-year research program led by the DevOps Research and Assessment (DORA) team can be used to help you and your team move beyond implementation of specific tools to a people-centric approach to organizational transformation. This talk will...
https://www.youtube.com/watch?v=bV2xZPBTcBo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenCRE.org - Universal Translator for Security
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/7c/2023OpenCRE-at-WashingtonDC.pdf In security, it is important to understand the whole chain: from regulation to business risk, to requirement, to code example, to vulnerability, to test method, to tool configurations. However, so far there hasn't been a solid way to interconnect standards, documentation, and tooling. Standards writers often work in isolation, and tooling authors rightly focus on quality results instead of comprehensive information about those results. The open source initiative OpenCRE.org connects all these sources of information: It links topics across multiple standards, including the Top 10, ASVS, Pro-active controls, Testing guide, Cheat sheets, SAMM, SSDF, ISO27001, CSA CCMv3, CWE, CAPEC,...
https://www.youtube.com/watch?v=SPC8NATkxqo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Level Up Your Security Champions (and Your Program)
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/d9/Chuck%20Willis%20-%202023%20OWASP%20AppSec%20DC%20-%20Level%20Up%20Your%20Security%20Champions%20%28and%20Your%20Program%29.pdf Security Champions are a mainstay of current application security programs. A number of great documents and presentations are available to help you get a program started. Datadog security engineers had used those resources to build and maintain programs at a number of organizations – and they had unfortunately seen many of the same problems arise in those different situations. For example, Security Champions may not have the authority needed to prioritize security tasks, they may vary widely in their security knowledge, they may lose interest, they may have different security goals, and...
https://www.youtube.com/watch?v=7gmA9Wthv8Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Avoid Potholes When Scaling Your Application Security Program
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/92/2023-10%20-%20Global%20AppSec%20-%20Building%20a%20Scaled%20Application%20Security%20Program.pdf Have you ever wondered what it is like to build an Application Security program at a very large organization? Or an organization that had experienced hyper-growth and the security team's growth was not at the same pace as Engineering? What about an organization that had acquired a lot of different companies with vastly different tech stacks? This talk will go through where you need to focus your energy to build a scaled Application Security program and how to avoid pitfalls along the way. It will deep dive into topics such as: • The different levels of maturities for Application Security programs • How to hire...
https://www.youtube.com/watch?v=lHRlNG-z1x8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bootstrap Your Software Security with OWASP SAMM 2.1
Zip file containing slides and other files: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/c4/global%20appsec%20dc%202023.zip This presentation will provide an overview of the OWASP SAMM 2.1 framework. SAMM stands for Software Assurance Maturity Model. Our mission is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations. In this talk we will explain what SAMM is, and how you use it to bootstrap and improve your secure development journey (will include a demo of the assessment tools). Plus we will introduce the new...
https://www.youtube.com/watch?v=tKvBBSR-Q-c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“Shift Left” Isn't What You Expected
Let's address the elephant in the room — “Shift left” hasn't had the impact on our software security as many of us expected it to have. While it has influenced security in an indispensable way, I argue that “shift left” should be viewed as a tactic in a larger management strategy rather than a solution to solve appsec woes. I will review the success and limitations of “shift left” and how we can “restart” the process by applying it a little differently. Clinton Herget Enso Security Field CTO Clinton Herget is Field CTO at Snyk, the leader in Developer Security, where he focuses on crafting and evangelizing our strategic vision for the evolution of DevSecOps. A seasoned technologist, Clinton spent his 20-year career prior to Snyk as a web software developer, DevOps consultant,...
https://www.youtube.com/watch?v=QzIdRsxQI88
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Week Program: Picking A Target & Recon
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=r7L_1VX2qIQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BTD: Unleashing the Power of Decompilation for x86 Deep Neural Network Executables
Due to their widespread use on heterogeneous hardware devices, deep learning (DL) models are compiled into executables by DL compilers to fully leverage low-level hardware primitives. This approach allows DL computations to be undertaken at low cost across a variety of computing platforms, including CPUs, GPUs, and various hardware accelerators. In this presentation, we present BTD (Bin to DNN), a decompiler for deep neural network (DNN) executables.... By: Tianxiang Li , Wenqiang Li , Zhibo Liu , Shuai Wang , Xiaofei Xie , Yuanyuan Yuan Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#btd-unleashing-the-power-of-decompilation-for-x-deep-neural-network-executables-33028
https://www.youtube.com/watch?v=NDfj8JiZMX0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Identifying and Reducing Permission Explosion in AWS: A Graph-Based and Analytical Approach
The rapid growth of cloud infrastructure and services in AWS has led to a proliferation of permissions and potential security risks. This talk proposes a graph-based and analytical approach to identify and reduce permission explosion in AWS.... By: Pankaj Moolrajani Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#identifying-and-reducing-permission-explosion-in-aws-a-graph-based-and-analytical-approach-33012
https://www.youtube.com/watch?v=zJwEH67QTQw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Bug Bounty Recon Basics
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=Z9es1_BUXmQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengths of neurodiverse workers Cyber Work Podcast | #shorts #podcast #infosec #business
Ian Campbell of DomainTools discusses the unique viewpoints and benefits neurodiverse employees can bring to your workforce in this clip from the Cyber Work Podcast. About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
https://www.youtube.com/watch?v=XmG_5rax4oc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My best cybersecurity career advice: Keep your love of learning | Cyber Work Podcast
Joseph Nwankpa of Miami University in Ohio shares his best advice for those beginning a career in cybersecurity, advising people to never lose their love of learning. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide...
https://www.youtube.com/watch?v=WRSBoaydSio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Moving Forward By Looking Back: Data Collection and Analysis at OWASP
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/1c/Global_AppSec_DC_BGlas_MovingForwardByLookingBack.pdf We are eternally searching for answers to the questions "How are we doing?", "How do we compare?", "What should we do next?", "Are we improving?". To help answer these questions and move forward, we can leverage data to learn from the past. We will discuss lessons learned from OWASP Top 10 and OWASP SAMM data collection and analysis, and walk through the new data collection project at OWASP. This project provides a centralized service for the data collection needs of almost any OWASP project. Including governance, legal, data collection and processing, and analytics and visualizations. Join us on this merry journey to find the data that can be used in context...
https://www.youtube.com/watch?v=zpu_DzbkF9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Influencing Without Authority: The Foundations of a Successful Security Department of Yes
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/ad/Influencing%20Without%20Authority%20-%20The%20Foundations%20of%20a%20Successful%20Security%20Department%20of%20Yes.pdf In today's technology and business landscape, security is a critical component of any successful organization. However, driving the goals of a security organization can be challenging, particularly when that organization resides in a separate line of business than the product engineering organization they wish to influence. The speakers will discuss how to leverage several key concepts of “influencing without authority” to successfully partner with non-security stakeholders and drive the strategic objectives of a security organization. This talk will explore the telltale signs of the security...
https://www.youtube.com/watch?v=BPF18NVKI1A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are remote workers more cybersecurity-savvy than on-premises? | Guest Joseph Nwanpka
Miami University's (in Oxford, Ohio) Farmer School of Business Information Systems and Security researcher Joseph Nwankpa joins Cyber Work today. Nwankpa recently wrote a report that overturns some huge assumptions: he found that work-from-home employees are, to a large degree, less of a security issue than many on-premises workers. Nwankpa discusses The Peltzman Effect, the persistent struggles to create security awareness that lasts past the initial training sessions and talks about some surprising reasons that the higher education sector has been shown to be less sophisticated in their security awareness than many other industries. Note: This video was re-uploaded on 2/13 to correct a typo. 0:00 - Are remote workers more cyber secure? 2:00 - How did Joseph Nwankpa get into cybersecurity?...
https://www.youtube.com/watch?v=kmbqflGLv2w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengthening your defense: Lessons from Microsoft vs. Midnight Blizzard | Hacker Headlines
In the latest episode of Hacker Headlines, Keatron Evans discusses the Microsoft vs. Midnight Blizzard data breach. The Russian hacker group exploited an old, unused testing account with admin privileges and no multi-factor authentication using password spraying. They gained unauthorized access to Microsoft's corporate emails and created malicious applications. But you're not defenseless! Learn how to protect your data in this episode of Hacker Headlines. Learn more about Hacker Headlines and the Infosec IQ security awareness platform by scheduling your demo today: https://www.infosecinstitute.com/form/iq-demo/ About the Series Cybersecurity is constantly evolving, and continuous training that tackles today's latest threats is needed to keep your organization cyber secure. This is why...
https://www.youtube.com/watch?v=hNux-RVAyrw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM 0-Day Vulnerability
...This presentation maps out various attacks against AWS environments following the MITRE ATTACK Matrix framework, wrapping up with the multiple prevention mechanisms an organization can put in place to protect themselves. The complexity of these attacks details how seemingly innocuous AWS API calls lead to much more daunting activity that is not always traceable. One size does not fit all in cloud security, but these attacks highlight key areas to focus on to make sure you're ready to defend against those attacks when they come. By: Margaret Zimmermann Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#when-a-zero-day-and-access-keys-collide-in-the-cloud-responding-to-the-sugarcrm--day-vulnerability-32997
https://www.youtube.com/watch?v=XDyYTxhIO6s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I Was Tasked With Enrolling Millions of Developers in 2FA - Here's What Happened
...In this presentation, I'll take you behind the scenes of the GitHub 2FA initiative, and what we've learned six months into this multi-year program. I'll take you through the key strategic considerations that needed to be addressed prior to rolling out the initiative, including our operating principles, the challenges of scaling the program, and the ways in which we address them. Next, I'll share my experience leading and empowering a cross-functional team to collaborate, plan, execute, and promote the initiative.... By: John Swanson (@swannysec) Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#i-was-tasked-with-enrolling-millions-of-developers-in-fa---heres-what-happened-32925
https://www.youtube.com/watch?v=kuwoFpBEMuA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Utilizing AI as a cybersecurity tool | Cyber Work Podcast | #shorts
Leonid Belkind of Torq discusses how customers are reacting to the ways AI is able to help cybersecurity teams in this clip from the Cyber Work Podcast. About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
https://www.youtube.com/watch?v=3UMPJCLNpHQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Healthcare Software Exploit: CVE-2023-43208
https://jh.live/vanta || Prove your security compliance with Vanta! Get ,000 off with my link: https://jh.live/vanta Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=BQOwgepGLwQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Does Public Disclosure of Vulnerabilities Affect Hacker Participation in Bug Bounty Programs?
Two questions to all organizations and hackers interested in bug bounty: As an organization, would you prefer to disclose your patched vulnerability reports publicly? As a hacker, do you prefer to find bugs in an organization that discloses vulnerability reports? Public disclosure of vulnerabilities has always been a critical and controversial topic in cybersecurity. In this research, we analyze this topic from a bug bounty perspective and examine how the public disclosure of resolved vulnerability reports affects ethical hackers' success in findings new vulnerabilities in bug bounty programs.... By: Ali Ahmed , Amit Deokar , Brian Lee Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#does-public-disclosure-of-vulnerabilities-affect-hacker-participation-in-bug-bounty-programs-32916...
https://www.youtube.com/watch?v=FoJgrZgLVCQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation
...Our presentation will explore a full-chain Windows kernel post-exploitation scenario, where we discovered and weaponized a Windows 0-day vulnerability to load our kernel rootkit. Once loaded, we will demonstrate how Direct Kernel Object Manipulation (DKOM) can be utilized to dynamically alter OS telemetry/sensor visibility, thereby rendering endpoint security solutions ineffective. Additionally, we will showcase a number of advanced attacks, such as employing Network Driver Interface Specification (NDIS) modules to disrupt EDR cloud telemetry or establish covert persistence channels or directly read memory-resident keyboard states in the Kernel for high-performance global keylogging.... By: Ruben Boonen , Valentina Palmiotti Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#close-encounters-of-the-advanced-persistent-kind-leveraging-rootkits-for-post-exploitation-32913...
https://www.youtube.com/watch?v=t7Rx3crobZU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 5 Week Program (Opportunity To Directly Hack With Me!)
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: http://discord.gg/nahamsec-598608711186907146 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=Z_Kk1zf16l4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Next Gen Cybersecurity - great to see next gen here! #shorts #cybersecurity #cyber
#shorts #cybersecurity #cyber
https://www.youtube.com/watch?v=OA8yeNgluzQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Entra Training
Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=kYxA4hLXv3c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Run this script with Eval
Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=9Aq2ixZZmp0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI superpowered networks? (NVIDIA and Cisco join forces)
A Powerful Partnership: Cisco, with its industry-leading expertise in Ethernet networking and extensive partner ecosystem, together with NVIDIA, the inventor of the GPU that fuelled the AI boom, share a vision and commitment to help customers navigate the transitions for AI with highly secure Ethernet-based infrastructure. “AI is fundamentally changing how we work and live, and history has shown that a shift of this magnitude is going to require enterprises to rethink and re-architect their infrastructures,” said Chuck Robbins, Chair and CEO, Cisco. “Strengthening our great partnership with NVIDIA is going to arm enterprises with the technology and the expertise they need to build, deploy, manage, and secure AI solutions at scale.” “Companies everywhere are racing to transform...
https://www.youtube.com/watch?v=9Iep5v1Mbmo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Get More Pentesting Clients [My Approach] - feat. @BugBountyReportsExplained
This video is from a discussion with @BugBountyReportsExplained which you can find here: https://www.youtube.com/watch?v=CfE0-GZk4v8
https://www.youtube.com/watch?v=Ix7ziBuZDMc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debug with JS-Beautify
Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=H6n1_Gs3zjc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Mother of All Breaches: What you need to know | Hacker Headlines
In this episode of Hacker Headlines, we will discuss the biggest data breach ever found, known as the "Mother of All Breaches." Researchers have discovered a huge open database containing over 26 billion records. This database includes names, passwords, and ID numbers. Many companies like Tencent, Weibo, and Myspace, as well as social media platforms and government records, were severely impacted. But what does this mean for you? Find out on this episode of Hacker Headlines. Learn more about Hacker Headlines and the Infosec IQ security awareness platform by scheduling your demo today: https://www.infosecinstitute.com/form/iq-demo/ About the Series: Cybersecurity is constantly evolving, and continuous training that tackles today's latest threats is needed to keep your organization cyber...
https://www.youtube.com/watch?v=gHp6xVJOiaY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AI Cybersecurity future is here
AI is required to secure networks today. And the future of Cybersecurity is powered by AI. You better be using AI to secure your systems. Big thank you to Cisco for sponsoring this video and my trip to Cisco Live. // Jeetu's SOCIAL // X: https://twitter.com/jpatel41 LinkedIn: https://linkedin.com/in/jeetupatel Company Website: https://www.cisco.com Cisco Newsroom: https://newsroom.cisco.com/c/r/newsroom/en/us/executives/jeetu-patel.html // Youtube Video REFERENCE // Cisco Live 2024 Amsterdam: Live Broadcast – Opening Keynote: https://youtu.be/QWXlvx1GoTY AI Firewalls are here! (Can your firewall do this?): https://youtu.be/n_-QuGvQXso // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X / Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal...
https://www.youtube.com/watch?v=S3QNDSax2IA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debug with Visual Studio
Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=hYQuAPOUKJg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security+ exam questions and answers: What to expect | Cyber Work Hacks
Cyber Work Hacks is here to answer your questions about the CompTIA Security+ exam! Today, Infosec boot camp instructor Tommy Gober reviews Security+ exam sample questions and shares tips to pass your Security+ 701 exam. 0:00 - Security+ exam mechanics 1:15 - The different types of Security+ exam questions 3:55 - How do you see your Security+ exam results? 5:10 - Security+ exam example question 1 9:27 - Security+ exam example question 2 11:32- Security+ exam example question 3 15:08- Security+ practice exam 16:29 - Security+ exam day advice 18:05 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is...
https://www.youtube.com/watch?v=JuS94tAEqXM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A better cybersecurity job interview for neurodiverse candidates | Cyber Work Podcast | #shorts
Anthony Pacilio of CAI shares advice on how his team has rethought the interview process to cater to neurodiverse candidates in this clip from the Cyber Work Podcast. About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
https://www.youtube.com/watch?v=MZg1dC5G5DY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring the BIGGEST SCAMS in the Dark Web
https://jh.live/flare || You can manage threat intelligence and track down scams and cybercrime risks against your own organization with Flare! Try a free trial and see what info is out there: https://jh.live/flare Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=TBmr8iznpWk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 8 - Repeater I

https://www.youtube.com/watch?v=dzE6gcdyVNk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Welcome back, Ryan Chapman
Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=jt72CADBobY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NVIDIA and Cisco AI? #shorts #gpu #ai
Big thank you to Cisco for sponsoring my trip to Cisco Live and this video. #nvidia #gpu #ai
https://www.youtube.com/watch?v=koCdgYxzDxs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learning Entra ID (Azure Active Directory)
Merill Fernando is a Product Manager at Microsoft! Check out all the awesome stuff he is up to: Merill's YouTube channel - https://YouTube.com/@merillx Weekly newsletter on Microsoft Entra - https://entra.news Microsoft Cloud Command Line - https://cmd.ms Microsoft Incident Response lessons on preventing cloud identity compromise - https://microsoft.com/en-us/security/blog/2023/12/05/microsoft-incident-response-lessons-on-preventing-cloud-identity-compromise/ Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin...
https://www.youtube.com/watch?v=5X_GyGxJXss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Network Threat Hunting Made Easy (Finding Hackers)
https://jh.live/pwyc || Jump into Pay What You Can training at whatever cost makes sense for you! https://jh.live/pwyc Free Cybersecurity Education and Ethical Hacking with John Hammond 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe! 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=mTIDoZ7I-Co
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Easiest Way To Get A Critical Bug And Into A Company's Infrastructure?
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=PuvA_9YJJ9M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rust-Lang Game Hacking - Internal Cheat on MacOS
🔥 Learn how make internal cheats with Rust and MacOSX 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/rust-lang-game-hacking-internal-cheat-on-macos.20502/ 🔗 Previous Video: https://youtu.be/KIqCstRmGpo ❤️ Video Author: Stigward - https://guidedhacking.com/members/stigward.28143/ 📜 Video Description: Rust-Lang Game Hacking on MacOS Welcome to our tutorial on Rust-Lang game hacking, specifically focusing on creating an internal cheat for MacOS. In this guide, we're building upon our previous knowledge from external trainer tutorials. Our objective is to craft libraries in Rust and...
https://www.youtube.com/watch?v=MrR-NvN_8tI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Experience with Bug Bounty Hunting (feat. @BugBountyReportsExplained)
From a discussion with @BugBountyReportsExplained.
https://www.youtube.com/watch?v=jIF0JovZSzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Free Complete Course: You need to learn this programming language to be a senior developer!
Do you agree with Dr Chuck? That this is the most important programming language you need to learn, and the language you shouldn't use in the real world (in most cases). You need to learn C if you're serious about becoming a senior developer. // C for Everybody Course // Free C Programming Course https://www.cc4e.com/ Free course on YouTube (freeCodeCamp): https://youtu.be/j-_s8f5K30I // YouTube Videos REFERENCE // Computer Science isn't programming https://youtu.be/z3o6yEzcnLc 2023 Path Master Hacker Programmer (for free): https://youtu.be/OVwJ5EMTSK0 Best Programming Language Ever? (Free course): https://youtu.be/aQ_XTBmCXS8 What is a Master Programmer: https://youtu.be/LZpkgKWzbBQ Building C and Bell Labs: https://youtu.be/v8uLDu7LAEc C and C++ At Bell Labs: https://youtu.be/CtAysS8AlsE The...
https://www.youtube.com/watch?v=6uqgiFhW0Fs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 7 - Sitemap and Scanner

https://www.youtube.com/watch?v=WcAzmhKuUX4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't rely on just your passwords for Online Security! #shorts #android #iphone #2fa #mfa
Make sure you're using 2FA on your accounts in 2024! Options include SMS (not the best); Authenticator apps like Google Authenticator, Authy, Duo and others; and security keys. You'll most likely be seeing more about passkeys in 2024. Learn more about passkeys here: * https://www.yubico.com/blog/passkeys-and-the-future-of-modern-authentication/ * https://developer.apple.com/videos/play/wwdc2021/10106/ * https://www.wired.com/story/fido-alliance-ios-android-password-replacement/ #youtubeshorts #android #iphone
https://www.youtube.com/watch?v=YUpRoTHSof8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

If you're serious about your Online Security: Get Advanced Protection! #shorts #android #iphone
#youtubeshorts #android #iphone
https://www.youtube.com/watch?v=f8_1yBzrh2c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Testing Flipper Zero Long Distance (Flux Capacitor) #shorts #flipperzero #wifi
I was not paid for this video. But, big thanks to Rabbit Labs for sending me some toys: https://www.tindie.com/stores/tehrabbitt/ Previous video: https://youtube.com/shorts/F0UuMv1byJw Disclaimer: This video is for educational purposes only. #shorts #flipperzero #flipper
https://www.youtube.com/watch?v=mmGp79jRcso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is your key Private or Public? #shorts #keys #passwords
#shorts #keys #passwords
https://www.youtube.com/watch?v=X38A_PeTjzM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Better Protect Sensitive Data in the Cloud with Client-Side Application Layer Encryption
Cloud providers have made significant progress in securing their infrastructure and data centers. However, application owners are still responsible for securing their own data. In this talk, we will discuss the benefits of using client-side application layer encryption to bring your own encryption and protect sensitive data in the cloud. We will explain how to use this technique to provide encryption controls and key management, which can reduce the risk of data breaches and ensure that your data is protected when stored within a cloud-hosted environment. We will also share practical tips for implementing client-side application layer encryption, and how to address the challenges that come with this approach. Wias Issa Ubiq Security Wias Issa has twenty years of experience in the cybersecurity...
https://www.youtube.com/watch?v=l4JpGjOTjZk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cutting to the chase: Security Design and Guidance at scale
In 2021, OWASP added A04:2021 – Insecure Design as a new category focusing on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures. In a cloud-native, agile environment with hundreds of services operating at scale for products, security needs to be proactive, comprehensive, context and data driven with a focus on risk reduction. Security in such fast paced, engineering heavy organizations need a shared ownership model. In order to do so, application security truly needs to be decentralized by design . How does a lean team of security engineers achieve this with an emphasis on trust and partnership? In this talk, I'll cover my learnings as a software security engineer working on security design...
https://www.youtube.com/watch?v=-6sx8HVzVKA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From SBOMs to F-Bombs: Vulnerability Analysis, SCA Tools, and False Positives & Negatives
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/e9/kwwall_notes-OWASP-2023-SBOMs_to_F-Bombs.pdf Managing vulnerabilities in third party software has become an important application security activity. Vulnerabilities like Log4Shell and various supply chain attacks such as SolarWinds or CodeCov and numerous others have given many of us haunting nightmares resulting us sleeping with one eye open. Fortunately, Software Composition Analysis (SCA) tools coupled with Software Bill of Materials (SBOMs) have done so much to relieve that anxiety. Or not. This talk explores the vulnerability management process through the eyes of a FOSS security library provider and examines what we can do as AppSec engineers and developers to make the whole process a bit less painful. Kevin...
https://www.youtube.com/watch?v=OF2WluHxQnk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using WebAssembly to run, extend, and secure your application!
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/55/AppSecDC2023-Wasm.pdf WebAssembly (WASM) has come a long way since its first release in 2017. As a technology stack running inside the web browser, it even allows products like Adobe Photoshop to run in that context, and with for example Blazor WebAssembly .NET runs inside of the browser as well. Now, WASM is expanding beyond the browser to run in a server-based context. With the introduction of WebAssembly System Interface (WASI), the technology leverages a standardized API that allows it to run on any system that supports it, for example to support cloud-based workloads. Had WASM and WASI been around in 2009, Docker would not have existed according to one of its founders, Solomon Hykes. WASM has a strong security...
https://www.youtube.com/watch?v=-4pVadK8ru8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Low-Code No-Code Top 10
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/c5/OWASP-Appsec-2023-DC-Amichai%20Shulman.pdf Low-Code/No-Code development platforms provide a development environment used to create application software through a graphical user interface instead of traditional hand-coded computer programming. Such platforms reduce the amount of traditional hand-coding, enabling accelerated delivery of business applications. As Low-Code/No-Code platforms proliferate and become widely used by organizations, there is a clear and immediate need to create awareness around security and privacy risks related to applications developed on such platforms. The primary goal of the "OWASP Low-Code/No-Code Top 10" document is to provide assistance and education for organizations looking to adopt...
https://www.youtube.com/watch?v=wrPyfEHs9GQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is Hashing Encryption? #shorts #encryption #hashing #password
#shorts #youtubeshorts #password
https://www.youtube.com/watch?v=4FsmgvUomVc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

No Code you shall use, malware you shall get
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/c5/OWASP-Appsec-2023-DC-Amichai%20Shulman.pdf Our research explores the possibility of spreading malware and launching supply chain attacks through the marketplace functionality of leading Low Code / No Code application development platforms. Low-Code/No-Code (LCNC) platforms are quickly becoming the go-to technology for building enterprise applications. As the usage of these platforms becomes widespread, they all adopt some type of code reuse and code sharing mechanism using a marketplace approach. Whether it's Forge for Outsystems, AppSource for Microsoft PowerApps or the UiPath Marketplace - all platforms adopted the concept of allowing app developers to get a head start (or completely rely on) by taking content...
https://www.youtube.com/watch?v=anGdfMPyyzI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AppSec Threats Deserve Their Own Incident Response Plan
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/ef/Global%20AppSec%202023%20-%20Fixing%20Broken%20Access%20Control%20-%20Final.pptx We've been hearing a lot about software supply chain attacks over the last two years, and with good reason. The cybersecurity ecosystem and industry at large have been inundated with warnings about this attack vector, with high-profile attacks leading to a stark increase in vendor solutions, and government regulations keep trying to catch up. Yet despite the popularity of AppSec-related incidents, our research has shown that most organizations do not have an incident response plan in place specifically for these attacks. Others that do have an IR playbook, often prepare to respond to infra-related attacks such as ransomware, rather than...
https://www.youtube.com/watch?v=6ceePY2AiDE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Every FREE Resource You Need To Become A Bug Bounty Hunter
Support the channel and learn directly from me by purchasing my Bug Bounty Course here 👉🏼 https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/?couponCode=YOUTUBE1 🆓🆓 0 FREE Digital Ocean Credit🆓🆓 https://m.do.co/c/3236319b9d0b Free Basic Networking Course: https://academy.hackthebox.com/course/preview/introduction-to-networking How The Web Works: https://tryhackme.com/module/how-the-web-works OverTheWire: https://overthewire.org/wargames/ PicoCTF: https://PicoCTF.com HackerOne's Hacker101: https://Hacker101.com HackThisSite: https://hackthissite.org WebSecAcademy: https://portswigger.net/web-security HackingHub: https://hackinghub.io 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty...
https://www.youtube.com/watch?v=RDQs7CpLI-k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

They're watching you 😱 Protect your online PRIVACY!
Is it possible to have Privacy in 2024? I ask Andy Yen (CEO of Proton) this and other very important questions about being anonymous and private on the Internet in 2024. // Books Mentioned // Extreme Privacy: What it takes to disappear by Michael Bazzell: https://amzn.to/3Hcz23m Linux Basics for Hackers by Occupy the Web: https://amzn.to/3RUC69d How to Hack like a Ghost by Sparc Flow: https://amzn.to/3NS8WWY If it's smart, it's vulnerable by Mikko Hypponen: https://amzn.to/4aGV2AK // Proton Affiliate LINKS // Proton Mail: https://go.getproton.me/SHs9 Proton VPN: https://go.getproton.me/SHsA // Andy's SOCIAL // X: https://twitter.com/andyyen Proton Blog: https://proton.me/blog/author/ayen LinkedIn: https://www.linkedin.com/in/andy-yen-03a9676/ // David's SOCIAL // Discord:...
https://www.youtube.com/watch?v=acWkkLaEsrU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How did you do that? Raspberry Pi to Laptop? #shorts #obs #raspberrypi #kalilinux
Previous video: https://youtube.com/shorts/Vin6JIDyZrE?feature=share Papeaso Video / HDMI Capture Card (affiliate link): https://amzn.to/47RxQx1 #shorts #raspberrypi5 #kalilinux
https://www.youtube.com/watch?v=0YiKb5rBQY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 6 - Advanced Scoping

https://www.youtube.com/watch?v=14n3Qgw4L4E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China is able to trace your Airdrops - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ Support ThreatWire → https://patreon.com/threatwire @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali Everywhere else: https://links.ali.dev If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com → Please include (1️⃣) the size of your company (2️⃣) what your role title is and (3️⃣) a little summary of what your job entails. [❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire 00:00 Intro 0:12 - SEC Twitter (x) Hacked! 1:52 - IT kind of does their job and gets in trouble 3:16 - China is able to trace your Airdrops 4:09 - Outro LINKS 🔗 Story 1: SEC Twitter (x) Hacked! https://www.sec.gov/secgov-x-account...
https://www.youtube.com/watch?v=mXTxi6gvb5c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I Got Into Cybersecurity - My Journey in 3 Minutes

https://www.youtube.com/watch?v=XhQRlI9fwj4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I Tried 100+ Hacking Tools. These Are The Best!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #hackingtools #redteam #webapp
https://www.youtube.com/watch?v=4WqymtvuWZQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RDP Authentication vs. Authorization
In this episode, we'll learn about an important RDP scenario involving Network Level Authentication (NLA) and the Windows Event Log entry that is generated as a result. We'll also see what happens when authentication succeeds, but authorization fails, and how that impacts what's logged. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:10 - Demo 🛠 Resources RDP Flowchart: https://drive.google.com/file/d/1aNrqL174RulfBa4I0_KlOqOiYChdqrKM/view?usp=share_link #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=OlENso8_u7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 5 - The Basics V

https://www.youtube.com/watch?v=0Vhx-Ybr_uU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI IS HERE, ARE YOU PROTECTED?

https://www.youtube.com/watch?v=cU_ua2vX57Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI CAN'T REPLACE HUMANS

https://www.youtube.com/watch?v=jkCUFJKIGJk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI IS A TOOL HUMANS CAN'T IGNORE

https://www.youtube.com/watch?v=lamJTY7qK1o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

THE FUTURE OF AI NEEDS HACKERS

https://www.youtube.com/watch?v=ZYHkp3I1XOs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI V HUMAN

https://www.youtube.com/watch?v=DxsOXuGy91w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 4 - The Basics IV

https://www.youtube.com/watch?v=mwbhf4c3FLE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 4 - Efficient Rule Development
In this OALABS Patreon tutorial we cover the foundations of writing efficient YARA rules and provide some tips that can help speed up your YARA hunting. The full notes for this tutorial are unlocked for everyone on our Patreon https://www.patreon.com/posts/introduction-to-96638239 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=xKeF_cPKXt0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 3 - Rule Use Cases
In this OALABS Patreon tutorial we cover the three main use cases for YARA rules and how they apply to both BlueTeam/SOC operations and malware analysis. Fun notes have been unlocked for everyone on our Patreon here https://www.patreon.com/posts/introduction-to-96637668 The following are links to UnpacMe specific tutorials for developing each type of rule. Identifying specific malware families (unpacked) https://support.unpac.me/howto/hunting-with-yara/#identifying-specific-malware-families-unpacked Identifying malware on disk or in network traffic (packed) https://support.unpac.me/howto/hunting-with-yara/#identifying-malware-on-disk-or-in-network-traffic-packed Hunting (malware characteristics) https://support.unpac.me/howto/hunting-with-yara/#hunting-malware-characteristics ----- OALABS...
https://www.youtube.com/watch?v=xutDqu_OiH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 2 - Hunting on UnpacMe
In this OALABS Patreon tutorial we demonstrate a simple YARA hunting example using the UnpacMe free YARA scan service: https://www.unpac.me Full notes have been unlocked on our Patreon here https://www.patreon.com/posts/introduction-to-96637337 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=Xqvlju9ED1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 1 - What is a YARA Rule
In this OALABS Patreon tutorial we cover the basics of YARA, what is it, how is it used, and how to write your first rule. Full notes have been unlocked on our Patreon here https://www.patreon.com/posts/introduction-to-96636471 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=3BpIhbsDR_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

If I Started Bug Bounty Hunting in 2024, I'd Do this
📚 Purchase my Bug Bounty Course here 👇 https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/?couponCode=YOUTUBE This video was inspired by Ali Abdaal's "If I Started a YouTube Channel in 2024, I'd Do This" 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=z6O6McIDYhU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MacOS Game Hacking In Rust-Lang
🔥 Learn The Basics of MacOS Game Hacking with RustLang 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/macos-game-hacking-in-rustlang-simple-external-hack.20494/ Video Author: Stigward - https://guidedhacking.com/members/stigward.28143 📜 Video Description: In our MacOS Game Hacking in Rus-tLang video we begin by introducing the fundamentals of MacOS game hacking using Rust-Lang. We kick off with Bit Slicer, a tool akin to a cheat engine, particularly adept on MacOS and Apple silicon devices. Our initial step involves connecting Bit Slicer to Assault Cube, a game we use as our hacking playground....
https://www.youtube.com/watch?v=KIqCstRmGpo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Kidnapping & Carta's Controversial Cap Table Tactics Exposed! - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ Support ThreatWire → https://patreon.com/threatwire @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali Everywhere else: https://links.ali.dev If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com → Please include (1️⃣) the size of your company (2️⃣) what your role title is and (3️⃣) a little summary of what your job entails. [❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire 0:00 - Intro 0:14 - What is happening with Carta? 2:14 - Cyber Kidnapping? 2:50 - Crypto-hackers are active on Twitter 3:35 - Outro LINKS 🔗 Story 1: What is going on with Carta? https://twitter.com/karrisaarinen/status/1743824345334714587 https://twitter.com/henrysward/status/1743794996732735679...
https://www.youtube.com/watch?v=p4vjBjyArDw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jack into a network with the Shark Jack
#hak5 #cybersecurity #shorts
https://www.youtube.com/watch?v=K1HN_fL67f4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The king of keystroke injection
#hak5 #cybersecurity #shorts
https://www.youtube.com/watch?v=_6HWBksrY14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

,000 👉🏼 ,000+/month With Bug Bounties
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=Yt_UKLDOKRg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Legendary WiFi Pineapple
#hak5 #cybersecurity #shorts
https://www.youtube.com/watch?v=eNLYb0tAV6U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Insane iPhone Exploit & Zombie Cookies Hijack Google Accounts - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ Support ThreatWire → https://patreon.com/threatwire @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali Everywhere else: https://links.ali.dev If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com → Please include (1️⃣) the size of your company (2️⃣) what your role title is and (3️⃣) a little summary of what your job entails. [❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire 00:00 Intro 0:00 - Intro 0:12 - Insane iPhone Exploit Revealed to the World 1:42 - Zombie Cookies Hijack Google Accounts 2:51 - Outro LINKS 🔗 Story 1: Insane iPhone Exploit Revealed to the World https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/2/ https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/ https://www.youtube.com/watch?v=7VWNUUldBEE&ab_channel=auth 🔗...
https://www.youtube.com/watch?v=U_4oAS8i5ZM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 3 - The Basics III

https://www.youtube.com/watch?v=YWSclCeH1tg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Investigating Windows Courses
Check out the official 13Cubed Investigating Windows training courses, with 365-day access and a certification/digital badge attempt included! If you're looking for affordable, comprehensive, online, on-demand digital forensics training with 4K video, subtitles, and more, you've come to the right place! 🎉 Enroll today at training.13cubed.com! #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=BYmRdfmJPfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Approaching Large Scope Targets Without Feeling Overwhelmed
In this video, we discuss how beginners can tackle large scope targets in bug bounty hunting. These targets offer more flexibility and potential for bug discovery, making them a great starting point for new hackers. However, they can be overwhelming due to their size and diversity. We suggest focusing on one part of the larger scope, which helps you understand the target's application development process without becoming overwhelmed. We also delve into different reconnaissance techniques, including subdomain enumeration, Google Dorking, API enumeration, OSINT, and more. Lastly, we emphasize that while reconnaissance is critical for large scope targets, it is just a stepping stone to actually hacking and finding vulnerabilities. This series couldn't happen without the support of our sponsor...
https://www.youtube.com/watch?v=W4pafFxOOwc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I Became A Million Dollar Hacker 😱
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=YUZhRlssFy0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recon in Cybersecurity #14 - Recon is a Door Opener, Not a Goal

https://www.youtube.com/watch?v=lkpJS5DBi3w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New OWASP API Top 10 for Hackers
Blog article isn't done yet but I'll get it up ASAP! Today we explore the new OWASP API Top 10 in detail, the new version is much more hacker friendly and focuses on bugs we can find rather than defenders but how can we start to study these bugs and actually find them? Let's take a look at some of the changes in the new OWASP API top 10 2023, which ones I recommend for beginners just starting out with API hacking and when to look out for specific bugs There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when they are lurking in our code…it's not as fun But that's where our sponsor Snyk comes in - Snyk scans your code, dependencies, containers, and configs, all in...
https://www.youtube.com/watch?v=sl1yqGhuVy4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite - Part 0 - Intro

https://www.youtube.com/watch?v=KTCrRYsGqL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recon in Cybersecurity #13 - A Primer on Reporting - Don't Sabotage Yourself

https://www.youtube.com/watch?v=NA59xENchb4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GTA Hacker Sentenced - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ Support ThreatWire → https://patreon.com/threatwire @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali Everywhere else: https://links.ali.dev If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com → Please include (1️⃣) the size of your company (2️⃣) what your role title is and (3️⃣) a little summary of what your job entails. [❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire 00:00 Intro 0 - PSA: SEC Regulations Are Live 1 - GTA Hacker Sentenced 2 - An Update to the MongoDB story 3 - What is happening with AlphV? 4 - Major Vulnerability Found in SSH 5 - Outro LINKS 🔗Story 1 - PSA: SEC Regulations Are...
https://www.youtube.com/watch?v=4R43206N8RU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

E-commerce Flaws and 0-1000 Bounties
We're continuing our stories of bad bugs theme with some business logic flaws. Unfortunately, I couldn't find the link to the whitepaper with the e-commerce flaws, but I remember it being quantity manipulation, price manipulation by changing the currency and guessing giftcards. In today's video we look at a pretty basic authentication issue, a pretty boring price manipulation issue and end with an utterly underwhelming order number adjustment. Each of these bugs got paid a bounty between 0-1000, though some were duplicates that were split between me and other hackers because they were bugs found at live hacking events) There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when...
https://www.youtube.com/watch?v=IsBgaEWpqro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Writing Exploits for IoT N-Days?? Zyxel CVE-2023-35138
🔥 Firmware Reverse Engineering and CVE-2023-35138 - Zyxel Command Injection 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗Read More: https://guidedhacking.com/threads/writing-exploits-for-iot-n-days-zyxel-cve-2023-35138.20479/ Video Creator: stigward https://guidedhacking.com/members/stigward.281430/ 📜 Video Description: Introduction to CVE Exploitation​ Today, we'll be analyzing some CVEs listed in an advisory published by Zyxel. It showcases a series of command injection vulnerabilities for one of their NAS drives . We'll be doing some CVE analysis and then crafting an exploit for one of these Zyxel network attach storage devices. Our...
https://www.youtube.com/watch?v=3Z7qXcwrY9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OALABS Holiday Variety Show 2023
𝘔𝘦𝘳𝘳𝘺 𝘐𝘋𝘈𝘮𝘢𝘴 𝘢𝘯𝘥 𝘢 𝘏𝘢𝘱𝘱𝘺 𝘉𝘪𝘯𝘫𝘢-𝘠𝘦𝘢𝘳 Join us for our holiday special reverse engineering variety show! - Guess the prompt AI charades - Random RE banter - Suspicious liquids in bottles We've got it all! Merry Christmas everyone we will see you in 2024! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=XMVhX29AJbQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter/X Bug Bounty Blunder - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ Support ThreatWire → https://patreon.com/threatwire @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali Everywhere else: https://links.ali.dev If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com → Please include (1️⃣) the size of your company (2️⃣) what your role title and (3️⃣) a little summary of what your job entails. [❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire 0:00 - Intro 0:15 - Twitter Bug Bounty Program Flop 2:11 - 16 Year Reverse Engineers the iMessage Protocol 3:46 - Still Developing: MongoDB Breach 4:59 - Ledger Supply Chain Attack and A Research Project 6:00 - Outro LINKS 🔗Story...
https://www.youtube.com/watch?v=_nqsShAzhNM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackMe Advent Of Cyber Day 20 - DevSecOps
DevSecOps has enabled developers to be much more efficient, committing code and deploying it automatically, but it's a fantastic tool for us to go exploring and hacking in their pipelines! Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=wGO2dWVk1oM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PAYLOAD: DuckyLogger 2.0 - Keylogger for USB Rubber Ducky [PAYLOAD MINUTE]
Exploring the DuckyLogger 2.0 keylogger payload by drapl0n for the USB Rubber Ducky, this time on [PAYLOAD MINUTE] Payloads → https://payloads.hak5.org ____________________________________________ Hak5: Cyber Security Education, Inspiration & Community since 2005. ____________________________________________ Shop → https://shop.hak5.org/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=OkUACo9VZZc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Truth Behind the Hack: Elite Pentesters Tell All
Did you miss our Live Q&A? Not to worry, check out a replay of our live discussion from December 7, 2023.
https://www.youtube.com/watch?v=Tkk6RXYnDDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking with The Internet Time Machine
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=YqHRBUHAe5I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

🔥Resume Roast from our Content Manager Rachel. #shorts #resume #career #hacking

https://www.youtube.com/watch?v=012h_SV0bRs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recon in Cybersecurity #12 - Digging into The Past with WaybackMachine

https://www.youtube.com/watch?v=iSpqiD7o_pQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyper-V Memory Forensics - MemProcFS to the Rescue!
In this episode, we'll learn how to properly acquire memory from Microsoft Hyper-V guest virtual machines. 🎉 Update After I recorded this episode, Ulf Frisk, the author of MemProcFS, let me know that he has made some updates that no longer require you to copy the vmsavedstatedumpprovider.dll file to the MemProcFS directory if the SDK is installed in the ***default*** location. If installed to a different location, the file must still be copied. Additionally, the requirement to prepend the Hyper-V checkpoint file with hvsavedstate:// has also been removed. Both changes now make this process even easier! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:43 - Preparation 06:35 - Using MemProcFS 🛠 Resources MemProcFS: https://github.com/ufrisk/MemProcFS MemProcFS...
https://www.youtube.com/watch?v=Wbk6ayF_zaQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recon in Cybersecurity #11 - The Never Ending JS Files

https://www.youtube.com/watch?v=13rjABQ07fw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Updated Beginners Guide to API Bug Bounty
If you're just getting started with bug bounty hunting, web APIs are a fantastic place to start, they're easy to approach, can't easily be automated and are full of bugs. Join the free, API security live class on Zoom webinars https://www.traceable.ai/resources/lp/webinar-api-security-masterclass?utm_medium=org_social&utm_source=org_social&utm_campaign=tb This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you...
https://www.youtube.com/watch?v=85vdKS0vNN0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Partial Return Address Overwrite - Exploit Dev 10
🔥 Learn How to Bypass ASLR using a partial RET overwrite 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/binary-exploit-development-10-partial-ret-overwrites.20401/ 🔗 Exploit Education: https://exploit.education/phoenix/stack-six/ 📜 Video Description: Bypassing ASLR without leaking a memory address? By utilizing a partial instruction pointer overwrite this exploitation technique becomes possible. What do we mean by that? We are talking about overwriting a portion of the return address. So far, the goal every time was to completely overwrite the return address, which led to full control...
https://www.youtube.com/watch?v=fqsSAqbNFfo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is there ageism in #cybersecurity? Matt thinks so! What do you think? #shorts #hacking #ageism

https://www.youtube.com/watch?v=PH9CCcRhUbk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PAYLOAD: ICMP Data Exfiltration - USB Rubber Ducky/Exfiltration [PAYLOAD MINUTE]
Delving into the ICMP Data Exfiltration payload by TW-D for the USB Rubber Ducky, this time on [PAYLOAD MINUTE] Payloads → https://payloads.hak5.org ____________________________________________ Hak5: Cyber Security Education, Inspiration & Community since 2005. ____________________________________________ Shop → https://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=yGLDZTF7ZaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Interview with Alex Hagenah, Head of Cyber Controls at SIX Group

https://www.youtube.com/watch?v=5OqQYQEZ2ZU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Offensive Security Reduces Threat Exposure

https://www.youtube.com/watch?v=Np38qZWpt9Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Panel: What Hackers Can Tell You About AI Security

https://www.youtube.com/watch?v=eoXouUA1raQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Interview with Hacker Herman Satkauskas

https://www.youtube.com/watch?v=aMLP7oUytR8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Interview with Hacker Jonathan Bouman

https://www.youtube.com/watch?v=UTZL7gIdJ-s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Three Stages of Continuous Vulnerability Discovery

https://www.youtube.com/watch?v=Sx4xkc5A3WU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Can an Attacker Actually Do With a Bug Anyway?
We explore the significance of understanding and explaining the impact of vulnerabilities in a bug bounty context. Using Flare.io, to peek into the dark web and see what attackers are actually doing with our vulnerabilities. We cover different vulnerabilities, provide guidelines on creating an effective impact statement, and offer three examples of impactful bug bounty reports. Before I give you my tips for explaining impact to triage and avoiding arguments over severity. Thank you to our sponsor Flare.io. Know your exposed attack surface, track threat intelligence, and set prioritized alerts (that cut out the noise) for your own info leaked on the dark web with Flare! Try a free trial and see what is out there: https://hi.flare.io/katie-paxton-fear-free-trial/. 00:00 Introduction to Impact...
https://www.youtube.com/watch?v=4gjUby6LGFk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@2023: Insider Tips for a Productive Bug Bounty Program
Check out these insider tips from our exclusive breakout session at Security@2023. See more here on our YouTube channel or on our website: https://www.hackerone.com/events/security-emea-2023-on-demand
https://www.youtube.com/watch?v=5MUutA8PKLQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SSRF Via Exploiting Parse URL to Read Local Files (CVE-2022-2216)
http://snyk.co/nahamsec 👉🏼 Try Snyk for free and scan your code and applications for vulnerabilities! 🚨🚨🚨PLEASE READ: Turns out I was looking at the wrong CVE while solving this CTF. Looks like there was a newer version of the CVE that I missed that shows the exact solution as intended by the organizers. Read more here: https://security.snyk.io/vuln/SNYK-JS-PARSEURL-2936249 📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬...
https://www.youtube.com/watch?v=_avYi3_Lm9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hax 4 BIOS, WordPress & Counter-Strike, oh my! - ThreatWire
Support ThreatWire → https://www.patreon.com/threatwire @endingwithali Twitch → https://twitch.tv/endingwithali [!!] ThreatWire Patreon has moved to https://www.patreon.com/threatwire 0:00 - Intro 0:27 - All your logos are belong to us 2:08 - Just another Wordpress vulnerability 2:55 - Counter-Strike 2 HTML Injection DOS attack? LINKS Story 1 https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/ https://cyberscoop.com/logofail-vulnerability-boot-process/ https://www.scmagazine.com/news/logofail-vulnerabilities-may-affect-95-of-computers-researchers-say Story...
https://www.youtube.com/watch?v=ofCKZLUPvso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tips For Analyzing Delphi Binaries in IDA (Danabot)
Reverse Engineering Delphi is a nightmare ... or it can be if you don't have the right setup! In this clip we cover some easy tips that can help make some of the analysis a bit easier. Full notes with links for tools are available here: https://research.openanalysis.net/danabot/loader/delphi/2023/12/04/danabot.html Full stream with analysis of the Danabot loader is available on Patreon here: https://www.patreon.com/posts/live-stream-vod-94510766 ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=04RsqP_P9Ss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackMe Advent Of Cyber Day 10 - SQL Injection
Today we escalate a SQL injection vulnerability into a RCE, and explore MS SQL Server Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=25QTczDdRtI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackMe Advent Of Cyber Day 7 - Log Analysis
Today we abandon our red hats for the day and dive into the blue team, there's a piece of malware on the network, but how can we tell? Well it's time for us to dive into proxy logs and the cut command to find out! Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=cG8UH8xwmaY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Fingerprint Sensors Spoofable - ThreatWire
Support ThreatWire → https://www.patreon.com/threatwire @endingwithali Twitch → https://twitch.tv/endingwithali [!!] ThreatWire Patreon has moved to https://www.patreon.com/threatwire - thanks for your support! 0:00 - Intro 0:27 - Windows Fingerprint Sensors are Spoofable 1:41 - Okta oopsie turns into a big mess 2:59 - Citrix Netscaler causing issues across the board 4:00 - Outro LINKS https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/ https://arstechnica.com/gadgets/2023/11/researchers-beat-windows-hello-fingerprint-sensors-with-raspberry-pi-and-linux/ https://www.computerworld.com/article/3244347/what-is-windows-hello-microsofts-biometrics-security-system-explained.html https://www.darkreading.com/application-security/otka-breach-widens-entire-customer-base https://sec.okta.com/harfiles https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause https://www.reuters.com/technology/cybersecurity/okta-says-hackers-stole-data-all-customer-support-users-cyber-breach-2023-11-29/ https://techcrunch.com/2023/11/29/okta-admits-hackers-accessed-data-on-all-customers-during-recent-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAAuidLSeCn9R8nNTjiKKHMgPEcnprYT0tAjYnx4iH7XP2IBiO4Th079erwec0SE5woM5Nl5kCukXt3j0V_GE2q6ty46bv6vUA3h8GcD8mT54hJfZvR1ikotQyAzzjS4bG61jkl8gKAghckJSn-N1tAoo2AJnuHlltxAUFcCGj3I1 https://www.malwarebytes.com/blog/news/2023/11/okta-breach-happened-after-employee-logged-into-personal-google-account https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966 https://www.bleepingcomputer.com/news/security/us-health-dept-urges-hospitals-to-patch-critical-citrix-bleed-bug/ https://siliconangle.com/2023/12/04/new-citrix-bleed-ransomware-threat-hits-many-credit-unions/ https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f https://therecord.media/hhs-warns-of-citrix-bleed-bug https://siliconangle.com/2023/12/04/new-citrix-bleed-ransomware-threat-hits-many-credit-unions/ https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2023-4966%2B&group_by=geo&style=stacked ____________________________________________ Founded...
https://www.youtube.com/watch?v=Wc98pDvFtwg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The truth about API hacking...

https://www.youtube.com/watch?v=WnJSf2OZVUE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking when all the bugs have been found?
Finding bugs on the main app is something a lot of people are a little afraid of, a lot of people think that if a program has been out a while that there's no point even looking at it. But actually the majority of my bugs have actually been on the main application and rarely do I write off a program as unhackable. As you all know by now recon is definitely one of my weakest skills, so here are some tips for approaching the main app and actually getting bugs. This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program....
https://www.youtube.com/watch?v=S077-waODvc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Recognize Macro Encrypted Strings in Malware
How to identify when a macro is used to encrypt strings in malware... inferring source from disassembly! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=fEAGYjhKzJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vuln Research in VIDEO GAMES?!?!
🔥 Learn How To Do Vuln Research in Video Games With Patch Analysis 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Links: GH Article: https://guidedhacking.com/threads/bug-hunting-in-video-games.20472/ Freedroid Source: https://gitlab.com/freedroid Freedroid on Steam: https://store.steampowered.com/app/1979930/FreedroidRPG/ Original Research: https://logicaltrust.net/blog/2020/02/freedroid.html Video Creator: stigward 📜 Video Description: Today, we're going to share our findings from a curious journey through the open-source video game, FreeDroid RPG. More significantly, we'll illuminate a skill that has been instrumental in advancing our...
https://www.youtube.com/watch?v=vHocemqpOuo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Approach an OSINT Challenge - "Photographs" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Photographs", an opensource intelligence (OSINT) challenge from the @intigriti 1337UP LIVE CTF 2023. The challenge required players to examine exifdata and then trace back through alt accounts created by the target, exploring social media accounts uncovered using sherlock (and Google), reverse image searching etc. They would eventually find an interesting comment on a blog indicating location data was shared. This was a hint that players need to check the waybackmachine for an archived copy of the page, which contained the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #OSINT ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat/CTF HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn:...
https://www.youtube.com/watch?v=JpZ9nTx-2PI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Testing e-commerce? Here's what to look for 👌

https://www.youtube.com/watch?v=6DuW9BjWJ6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Giving Yourself the Best Opportunity to Find a Bug
I get asked a lot how do you choose a target you can actually find bugs on and get bounties, so I've compiled a lot of my tips for choosing a target and how to use bugcrowd features (like joinable programs) to make it so you aren't reliant on the right program coming through on luck. So here's how to choose a target on Bugcrowd and some general advice on some of the things I look for in a good program. This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications...
https://www.youtube.com/watch?v=r-04ABtu0ZQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Format String Vulnerability - "Floor Mat Store" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Floor Mat Store", a binary exploitation challenge I made for the @intigriti 1337UP LIVE CTF 2023. It was a fairly standard pwn challenge, requiring players to exploit a format string vulnerability (damn you printf *shakes fist at computer*). I tried to add some small twists and give it a theme to keep it interesting! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Pwn #BinaryExploitation #BugBounty ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat/CTF HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢INTIGRITI...
https://www.youtube.com/watch?v=Zu32BHwH-sA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WTF is Egg Hunter Shellcode? - Exploit Dev 11
🔥 Don't know where your shellcode went? Use an Egg Hunter. 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article: https://guidedhacking.com/threads/binary-exploit-development-11-egg-hunter-shellcode.20403/ 📜 Video Description: Why search for our shellcode in memory when we can let Windows do it for us? Sometimes the offset to the shellcode on the stack might not be consistent across application restarts or exploit attempts. In other scenarios, the shellcode might not end up on the stack at all but on the Heap which is dynamically allocated. In order to be still able to write reliable exploits that find the shellcode every time egghunters...
https://www.youtube.com/watch?v=rekguOw9_kc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Websocket SQLi and Weak JWT Signing Key - "Bug Report Repo" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Bug Report Repo", a web challenge I made for the @intigriti 1337UP LIVE CTF 2023. The challenge had multiple parts; first you need to use an IDOR to find a hidden bug report from ethical_hacker. Next, you exploit SQL injection over websocket protocol (either with custom script, or modified proxy for SQLMap). Once you find creds in the DB for the hidden endpoint, you login to find only the admin can read the config. Since the server uses JWT-based authentication, you crack the HS256 signing key with a tool like jwt_tool/hashcat/john, and then forge a new token with the username "admin". Now you just need to swap the cookies to find your flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Web #BugBounty Full writeup: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/intigriti_23/web/bug_report_repo.md ↢Social...
https://www.youtube.com/watch?v=kgndZOkgVxQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Important Change to ShellBags - Windows 11 2023 Update!
In this episode, we'll learn about an important change introduced with the September 26, 2023 Windows 11 Configuration Update, and how that change affects ShellBags! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:07 - Demo 07:34 - Recap 🛠 Resources September 26, 2023 Windows 11 Configuration Update: https://support.microsoft.com/en-us/topic/september-26-2023-windows-configuration-update-542780c2-594c-46cb-979d-11116fe164ba#:~:text=Note%20The%20update%20to%20Windows,to%20broaden%20availability%20over%20time #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=M1nyMIu1Y18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Detect Threads & Bypass Anti-Cheat Detection
🔥 Learn How Anti-Cheats Detect CreateRemoteThread, NtCreateThreadEx etc... 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/how-to-detect-createremotethread-ntcreatethreadex.20474/ 🔗 GH Injector: https://guidedhacking.com/resources/guided-hacking-dll-injector.4/ 📜 Video Description: In this tutorial, we're addressing a common challenge in DLL injection: the detection of injected DLLs due to suspicious-looking threads. We'll dive into the mechanics of threads, specifically focusing on injected threads, and provide solutions to mitigate detection risks. The Basics of Thread Creation and Hooking When...
https://www.youtube.com/watch?v=KzD_nc5B_8w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Squally - The Game That Teaches Assembly
Squally is a puzzle RPG that teaches assembly & game hacking! 🔗Steam Store: https://store.steampowered.com/app/770200/Squally/ 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking This is part 2 of the first chapter of the game. Squally is a 2D puzzle RPG game that teaches video game hacking! In other words: this game teaches you the "hardest" parts of computer science in the coolest way possible. After crash landing on a strange planet, Squally must help the inhabitants to fight the evil forces plaguing their lands. Squally can make use of their supernatural powers to manipulate the world around them -- using x86/x64 assembly. - Who is this game for?...
https://www.youtube.com/watch?v=DK7QDlAF3ug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: London w/ Salesforce
Hackers gather in London, U.K. to partner with the Salesforce security team as they work to keep their digital landscape and users safe.
https://www.youtube.com/watch?v=MTdt6MUAe18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Frida Hooking Tutorial - Android Game Hacking
🔥 Learn How to Hack Android Games with Frida 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/how-to-hack-android-games-with-frida.20465/ ❗️ Welcome to our new video author: stigward! 👨‍💻 https://guidedhacking.com/members/stigward.281430/ 📜 Video Description: In this walkthrough, we're exploring the process of Android game hacking using Frida, a powerful dynamic instrumentation toolkit. Our objective is to reverse engineer an Android game, Assault Cube, to create a God Mode cheat. We'll get into the Java and native components of an APK (Android Package Kit) and use Frida for hooking...
https://www.youtube.com/watch?v=GWgr0xk8DTM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Buffer Overflow - Exploit Development 9
🔥 Learn the basics of exploit development on Linux. 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Full Course Video: https://guidedhacking.com/threads/binary-exploit-development-9-intro-to-linux-exploitation.20310/ 🔗 Excellent Resource: https://exploit.education/ 📜 Video Description: We've chosen to focus on Linux for our exploit development tutorial series, as most Capture the Flag challenges are Linux-based and the demonstration of certain vulnerabilities is simpler on this platform. To set up our Linux environment, we recommend using gef, an enhanced version of the gdb debugger, as it offers a slew of advanced features. Installing...
https://www.youtube.com/watch?v=d8EQLjKq9Jc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Easy JSON ImGui Config Files for Hack Menus
🔥 Learn How to Easily Save Config Files for ImGui Hack Menus 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/easy-json-imgui-config-files-for-hack-menus.20468/ 📜 Video Description: Learn how to easily save and load config files for your IMGUI cheat using JSON configs. 📝 Timestamps: 0:00 What Are Configs? 0:53 Config Structure 1:19 Refresh Function 1:46 Loading Configs 2:06 Saving Configs 2:21 Deleting Configs 2:28 UI Implementation 7:02 Final Test 8:06 Summary ✏️ Tags: #gamehacking #imgui #gamecheats In exploring the potential of imgui, it's evident that this library facilitates the...
https://www.youtube.com/watch?v=2P7uSx7EA2c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]
Our live discord call-in show debates! Are indirect syscalls even required? What are they and how are they used?! What are EDR vendors doing to detect them and why you might care.... ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=W2SeruUxhDs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]
Our live discord call-in show debates! Are red team tools really helping our industry or are they just giving malware operators a free lunch?! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=ur6csODQHKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Time Based Anti-Debug Techniques
🔥 Learn How to Detect Debuggers with this Class of Anti-Debug Techniques 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/how-to-detect-debuggers-with-time-checks.20402/ 📜 Video Description: In our journey through Anti-debug techniques, we have seen how various factors, including Windows APIs, breakpoints, and internal structures, can be exploited to detect the presence of a debugger. Today, we will focus on time-based anti-debug checks, widely used in protection software, anti-cheat systems, or packers like Themida. Concept Behind Time-Based Antidebug Tricks​ Time-based anti-debugging techniques...
https://www.youtube.com/watch?v=sirFxSNSXDY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Real API Bugs I got a bounty for
This is a series of mildly Halloween-themed hacking stories for October. I'm going to walk you through my most unimpressive, easy, and straightforward vulnerabilities as I tell three stories of real bugs in real production systems. In this video, we take a look at some API flaws. I've (obviously) had to omit a lot of details, even though these bugs are resolved, sometimes clients worry about disclosing, so no permission = no details on client names, programs, platforms or anything else, all screenshots are taken from unrelated and mildly similar products. ANYWAY, I hope you enjoy the slightly shorter videos. This video is kindly sponsored by Snyk, sign up to their Fetch The Flag CTF on October 27th via my link https://snyk.co/ctf-insiderphd and don't forget about their CTF 101 workshop...
https://www.youtube.com/watch?v=Yr8qhYlIzXA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

October 12, 2023

https://www.youtube.com/watch?v=1GbAFa_i-bk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Z3 Explained - Satisfiability Modulo Theories & SMT Solvers
🔥 Learn how the SMT Solver known as Z3 carries out Symbolic Execution to solve SMTs. 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow our Socials: https://linktr.ee/guidedhacking 🔗 Article: https://guidedhacking.com/threads/intro-to-z3-smt-solver-symbolic-execution.20463/ Video Creator: rexir 📜 Description: Today we're learning how the SMT Solver known as Z3 carries out Symbolic Execution to solve Satisfiability Modulo Theories. The Z3 SMT Solver, a tool that transforms seemingly complicated tasks into solvable problems within seconds. Z3 is a powerful SMT solver that can tackle a wide range of problems, especially those that might first seem too complex or intricate. Z3 is a theorem prover...
https://www.youtube.com/watch?v=EacYNe7moSs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

If you want to enter the Jason Haddix Bug Bounty Methodology giveaway use this form!

https://www.youtube.com/watch?v=2dcDAhtUQZw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware Memory Forensics - Don't Miss This Important Detail!
In this episode, we'll learn how to properly acquire memory from VMware ESXi guest virtual machines. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:45 - VMware ESXi Snapshot Creation 04:57 - Analysis 06:20 - Recap 🛠 Resources Memory Forensics for Virtualized Hosts: https://blogs.vmware.com/security/2021/03/memory-forensics-for-virtualized-hosts.html #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=P0yw93GJsYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Here are 3 bugs I've Found with Recon (and how I hacked them)
This is a series of mildly Halloween-themed hacking stories for October. I'm going to walk you through my most unimpressive, easy, and straightforward vulnerabilities as I tell three stories of real bugs in real production systems. In this video, we take a look at WordPress, GitHub recon and API versioning. I've (obviously) had to omit a lot of details, even though these bugs are resolved, sometimes clients worry about disclosing, so no permission = no details on client names, programs, platforms or anything else, all screenshots are taken from unrelated and mildly similar products. ANYWAY, I hope you enjoy the slightly shorter videos. If you'd like to participate in the giveaway for Jason Haddix's course simply tell me a hacking story story, and include your twitter username in the comments,...
https://www.youtube.com/watch?v=_ISp2WGwqHI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Bypass Anti-Cheat for MODERN Game Hacking!
🔥 Learn How to Bypass Anti-Cheats for MODERN Game Hacking! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking Originally presented at SecurityFest 2023 Please subscribe to their channel for more great talks: @securityfest Posted with permission from Peter Magnusson: https://photos.app.goo.gl/DaeChdr9NfMj479H9 🔗 Article Link: https://guidedhacking.com/threads/how-to-bypass-anti-cheat-hack-new-games.20445/ 📜 Video Description: Bypassing anticheats is getting harder every day. I originally presented this talk at SecurityFest 2023 but I wanted to share it with Guided Hacking so it can be included with the anticheat section of the Game Hacking Bible....
https://www.youtube.com/watch?v=Of_JnlMvyzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn
The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
https://www.youtube.com/watch?v=ALPsY7X42o4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - Staying Undetected Using the Windows Container Isolation Framework - Daniel Avinoam
The use of containers became an integral part of any resource-efficient and secure environment. Starting from Windows Server 2016, Microsoft released its version of this solution called Windows Containers, which offers either a process or Hyper-V isolation modes. In both cases, an efficient file system separation should be provided. On one hand, each container should be able to access system files and write changes that will not affect the host. On the other, copying the entire main volume on each container launch will be storage-inefficient and not practical. In this presentation, we will cover the basics of windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by an actor to bypass...
https://www.youtube.com/watch?v=Cm-zFx6hwzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe Slowik
In March 2023, journalists and investigators released analysis of “the Vulkan files.” Consisting of documents associated with a Russian company working with intelligence and military authorities, the papers revealed a variety of ambitious programs such as “Scan-V” and“Amezit.” Both programs, in the sense that they offer capabilities to acquire, maintain, and task infrastructure for cyber and information operations at scale, are deeply concerning, indicating a significant advancement in Russian-linked network warfare and related actions. Placing these items in context reveals a far more troubling picture.After reviewing the capabilities of Amezit and Scan-V, we can see glimpses of historical programs in the advertised efficacy of these projects. We will consider other items that...
https://www.youtube.com/watch?v=H7bV_99I7O4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer Attias
Public transportation payment systems have undergone significant changes over the years. Recently, mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using their smartphones or other mobile devices. The evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation? In this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app's API, including...
https://www.youtube.com/watch?v=NVnzm-L4a5c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan - byt3bl33d3r
Ever wake up and ask yourself: “Damn, how could I make email security suck even more today”? Tired of your Red Teams phishing emails not landing in your targets inbox? Do you dislike Boston (the city) and love Satan? If you answered yes to any of those questions you should come to this talk! I'll be showing you how to spoof emails from 2 million+ domains (while also “bypassing” SPF & DMARC!) by (ab)using a partnership between Cloudflare and the “biggest transactional email service” on the interwebs. We'll be diving into "edge" serverless applications and the magical world of email security where everything is (still) held up by duct tape, pasta, and marinara sauce. Finally, I'll be dropping code and releasing a tool that demonstrates how to impersonate emails from 2million+...
https://www.youtube.com/watch?v=NwnT15q_PS8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, Jonghyuk Song
Recently, automotive industry is performing USB fuzzing in an inefficient way for automobiles. Usually, fuzzing is performed by commercial media fuzzers, but the fuzzers are not directly connected to the vehicle during fuzzing. So, it requires much manual efforts of testers. In this talk, we propose efficient way to perform USB fuzzing to actual vehicles. We describe how to perform USB fuzzing to kernel area fuzzing as well as media fuzzing by directly connecting the fuzzer and the car with a USB cable. By this method, we found real-world vulnerabilities in Volkswagen Jetta, Renault Zoe, GM Chevrolet Equinox, and AGL.
https://www.youtube.com/watch?v=W_vQ5s1bB30
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater
It is 60 years since the first publication of the ASCII standard, something we now very much take for granted. ASCII introduced the Escape character; something we still use but maybe don't think about very much. The terminal is a tool all of us use. It's a way to interact with nearly every modern operating system. Underneath it uses escape codes defined in standards, some of which date back to the 1970s. Like anything which deals with untrusted user input, it has an attack surface. 20 years ago HD Moore wrote a paper on terminal vulnerabilities, finding multiple CVEs in the process. I decided it was time to revisit this class of vulnerability. In this talk I'll look at the history of terminals and then detail the issues I found in half a dozen different terminals. Even Microsoft who historically...
https://www.youtube.com/watch?v=Y4A7KMQEmfo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - Breaking BMC The Forgotten Key to the Kingdom - Alex Tereshkin, Adam Zabrocki
The Baseboard Management Controller (BMC) is a specialized microcontroller embedded on the motherboard, typically used in servers and other enterprise-level hardware. The security of the BMC is critical to the overall security of the system, as it provides a privileged level of access and control over the hardware components of the system, including the ability to perform firmware updates, and even power the system on and off remotely. When the internal offensive security research team was analyzing one of the NVIDIA hardware, they detected several remotely exploitable bugs in AMI MegaRAC BMC. Moreover, various elevations of privileges and "change of scope" bugs have been identified, many of which may be chained together resulting in a highest severity security issue. During this talk we...
https://www.youtube.com/watch?v=dbJQIQibZQY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep Rodriguez
We conducted a research to assess the current security of NFC payment readers that are present in most of the major ATM brands, portable point of sales, gas stations, vending machines, transportation and other kind of point of sales in the US, Europe and worldwide. In particular, we found code execution vulnerabilities exploitable through NFC when handling a special application protocol data unit (APDU) that affect most NFC payment vendors. The vulnerabilities affect baremetal firmware devices and Android/Linux devices as well. After waiting more than 1 year and a half once we disclosed it to all the affected vendors, we are ready to disclose all the technical details to the public. This research was covered in the media by wired.com but without the technical details that we can share now...
https://www.youtube.com/watch?v=eV76vObO2IM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - The Art of Compromising C2 Servers A Web App Vulns Perspective - Vangelis Stykas
C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them. While understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners. By exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of...
https://www.youtube.com/watch?v=fMxSRFYXMV0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - Defeating VPN Always On - Maxime Clementz
VPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunneled. We will review the relevant Windows API, the practicalities of this feature, look at popular VPN software; we will then consider ridiculously complex exfil methods and... finally bypass it with unexpectedly trivial tricks. We will exploit design, implementation and configuration issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by...
https://www.youtube.com/watch?v=hUMKg9Xe0Zc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts
GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers. In this talk I'll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm. We will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of. We will then dive down to how GitHub Actions is working under the hood and I'll show you how an attacker...
https://www.youtube.com/watch?v=j8ZiIOd53JU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded Systems - Martin Petran
The CAN bus is a traditional communication standard used (not only) in automotive to allow different components to talk to each other over reliable connection. While one of the primary motivators for CAN bus introduction was to reduce the amount of wiring inside vehicles, it became popular for its robustness, flexibility, and ease of implementation for which it is now used in almost every vehicle.As with any other protocol, it is a well-defined standard that enforces all aspects of the communication from the physical media to the message format and its processing. The formal protocol specifications like this are often seen as the source of the absolute truth when working with various transfer protocols. Such specifications are very strict on the format of the messages that belong to the given...
https://www.youtube.com/watch?v=okrzUNDLgbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - Ringhopper - How We Almost Zero day'd the World - Benny Zeltser, Jonathan Lusky
Last year we almost zero-day'd the world with the publication of RingHopper. Now we can finally share some juicy details and invite you for an illuminating journey as we delve into the realm of RingHopper, a method to hop from user-land to SMM. We will survey the discovery and disclosure of a family of industry-wide vulnerabilities in various UEFI implementations, affecting more than eight major vendors, making billions of devices vulnerable to our attack. Then, we will deep-dive into the innards of SMM exploitation and discuss methods to use and abuse various functionalities and properties of edk2 to gain code execution. We will unveil both our futile and fruitful quests of crafting our way to SMM, and detail both the paths that lead to dead-ends, and the route to success. We will give...
https://www.youtube.com/watch?v=u8V4ofWpHZk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 31 - There Are No Mushroom Clouds in Cyberwar - Mieke Eoyang
This presentation will discuss the history of cyberwarfare, highlighting the misconceptions between nuclear deterrence and the nature of cyber conflict. It will shed light on this association in popular culture, including in movies like "WarGames," which influenced then President Ronald Reagan and fed his concerns about potential hacking into U.S. weapons systems. These concerns and other influences helped to shape early perceptions about the cyber domain, which immediately became intertwined with notions of strategic weapons and catastrophic effects. In subsequent decades, continued theorizing about cyberwarfare envisioned strategic cyber attacks that could cause decisive effects, stoking fears of a "Cyber Pearl Harbor." However, the reality is that cyber operations are ephemeral and cyber...
https://www.youtube.com/watch?v=xweVuSEC8ZI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reverse Engineering With Unicorn Emulation
In this OALABS Patreon tutorial we will learn how to use the Unicorn Emulator to assist with reverse engineering! This is the second part in a five-part tutorial series that can be found on our Patreon here... https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation Lab Notes https://gist.github.com/herrcore/1a5af37f91a6f9b263a527c98c7b08bd ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=-CNy4qh08iU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied Ep88: The RISE of the CISO with Merike Kaeo
This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=FklaFGnBEyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Old School MS-DOS Commands for DFIR
In this episode, we'll look at numerous old-school MS-DOS commands from the 80's and 90's that are still very valid and useful today -- even in Windows 11! Learn how to perform complex file searches, change file attributes, view Alternate Data Streams, and more - right from the Command Prompt! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:15 - DIR 03:01 - CLS 03:55 - DIR /A 05:07 - DIR /AH 05:47 - DIR /AD 07:21 - DIR /OD 08:12 - DIR /TC 08:34 - DIR /A/TC/OD 09:26 - DIR /W 10:10 - DIR /S [FILENAME] 11:40 - DIR /S/A [FILENAME] 13:16 - DIR /S/A ?.EXE 14:16 - DIR /S/A ??.EXE 15:11 - DIR /P 16:17 - DIR /S/A [PATTERN]*.?? 17:49 - DIR /S/AH ?.EXE 18:52 - CD | CHDIR 20:25 - DIR /R 20:44 - DIR /R/A 21:25 - MORE...
https://www.youtube.com/watch?v=SfG25LmNkT0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Emulation Fundamentals - Writing A Basic x86 Emulator
In this OALABS Patreon tutorial we will explore how an emulator works by building one ourselves! This is the first part in a five-part tutorial series that can be found on our Patreon here... https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation The demo Jupyter Lab note can be found on GitHub here... https://gist.github.com/herrcore/f25bcf55fa10fa8d04effc172eeb63c9 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=HPrqOIdNlrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unity Game Hacking Challenge - "Azusawa's Gacha World" [SekaiCTF]
Video walkthrough for "Azusawa's Gacha World", a [game] reversing challenge from Project SEKAI CTF 2023. The challenge involved memory manipulation with cheat engine (optional), reverse engineering of Unity game code (C#) in dnSpy, some network traffic analysis and HTTP traffic manipulation. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SEKAICTF #ProjectSEKAI #CTF #ReverseEngineering #GameHacking #CheatEngine You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/sekai_23/rev/azusawas_gacha_world.md 🥰 If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b...
https://www.youtube.com/watch?v=R8EnhRDDWFg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 6 | Deconstructing Malware Attacks & Forging a Career in Cybersecurity
In this episode of Intruder Alert, Marcus Hutchins is joined by cybersecurity expert Caitlin Sarian, known for her role as the Global Lead of Cybersecurity Advocacy and Culture at TikTok and her expertise in data protection and privacy compliance. Marcus and Caitlin provide technical insight into the latest US malware attacks and share invaluable advice on breaking into the cybersecurity field. Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=2aRgdmTdtK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=my568xKtgLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is your favorite on here?? #favorite #cybersecurity #hacker

https://www.youtube.com/watch?v=KPPH7vJZajQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Protecting Society and the Role of CERT with Tonu
In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=aYCyFDlK7vg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne x Red Team Village
Thank you HackerOne for Sponsoring the Red Team Village! Additional information about HackerOne can be obtained from https://hackerone.com The Red Team Village Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=6XzKgYF3kDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Hack The Box
Additional information about Hack The Box can be found at hackthebox.eu Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DX61G7v3jvw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Meta
Additional information about Meta can be found at meta.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=uizRK9qLsJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 5 | Community Uprising: Unravelling the Reddit Blackout
In the latest episode of Intruder Alert, Marcus Hutchins and Cybrary blue teamer, Marc Balingit, delve into the the uproar around Reddit's blackout. They unravel the intricacies of Reddit's contentious API changes, which have cornered third-party apps like Apollo, sparking a sweeping blackout protest across thousands of subreddits. Furthermore, they explore the impact of Twitch's fresh policy adjustments, which are a threat to streamers' ad revenue, and other news impacting online communities. Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=8_CEqpKU8AA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DOM Clobbering, Prototype Pollution and XSS - "sanity" Walkthrough [Amateurs CTF 2023]
Video walkthrough for "sanity", a web challenge from Amateurs CTF 2023. The challenge involved DOM clobbering, prototype pollution and XSS. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #AmateursCTF #CTF #Pentesting #OffSec #WebSec You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/amateurs_23/web/sanity.md 🥰 ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat/CTF HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢Amateurs CTF↣ https://ctf.amateurs.team/challs https://discord.com/invite/gCX22asy65 ↢Resources↣ Ghidra:...
https://www.youtube.com/watch?v=AO7CDquZ690
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Buddobot
Additional information about Buddobot can be found at buddobot.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ubVLiJ17Sd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trying to demo the #hacker side without getting 🤐🤐🤐 by the platform. Oops! #cybersecurity

https://www.youtube.com/watch?v=p_OgaSkmBMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Ep. 85 | Key Takeaways from the Verizon DBIR with Tony Goulding
Join host Joseph Carson and guest Tony Goulding as they break down the annual Verizon breach report. With over 16,000 incidents and more than 5,200 data breaches, there's a lot to look at. Tony and Joe have some great takeaways from this critical annual report and share their expert insights on what's new, what's changed, and what we're not doing so bad at (hint: MFA goes a long way!) Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=luXnfWO_U7I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AV Emulation Detection Tricks Used by Malware
Tricks that malware developers use to detect antivirus emulators and how these differ from the sandbox emulators we use from our recent Twitch stream. Alexie's Windows Defender research with some insights into the emulation engine used... https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf https://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf https://github.com/0xAlexei/WindowsDefenderTools ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=8jckguVRHyI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Los Angeles w/ Amazon
Hackers gather in Los Angeles, California, to partner with the Amazon security team as they work to keep their customers safe. ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01 ◇ Instagram → https://www.instagram.com/hacker0x01/ ◇ LinkedIn → https://www.linkedin.com/company/Hack... ◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=Tvt0ILI2uNg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack you exe's phone? 😂 #podcast #cybersecurity

https://www.youtube.com/watch?v=ufdeWuwsWaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Bishop Fox
Additional information about Bishop Fox can be found at: https://www.bishopfox.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=aopkRkBfkgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Optiv
Additional information about Optiv can be found at optiv.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RMaH8T6Qx_s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Ep. 84 | The Best of RSAC & Cybersecurity Strategies with Bob Burns
RSAC was the place to be for cybersecurity in 2023, and Joe Carson is joined by Bob Burns to talk all about it. From the sessions that really resonated to the incredible human connections and networking, join Joe and Bob to deconstruct this year's most comprehensive conference. Were you at RSAC this year? Join us in the comments to let us know your favorite session! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=qU40Yg7pfbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Detecting PsExec Usage
In this episode, we're going to look at a variety of methods you can use to determine whether or not a system was the recipient of a PsExec connection. While you may already be familiar with some of these detections, there's a good chance you haven't seen them all! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 03:03 - Demo 1 05:09 - Event Log Analysis 1 09:01 - Demo 2 09:56 - Event Log Analysis 2 10:56 - Shimcache Analysis 15:46 - The Key to Identify PsExec 17:55 - Prefetch Analysis 21:38 - Recap 🛠 Resources The Key to Identify PsExec: https://aboutdfir.com/the-key-to-identify-psexec/ Prefetch Deep Dive: https://www.youtube.com/watch?v=f4RAtR_3zcs #Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=oVM1nQhDZQc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV Badge Preview - 2023
Pick yours up now! https://redteamvillage.square.site/
https://www.youtube.com/watch?v=DSHE3wXIkSA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-ai-revolution-with-diana-kelley Everybody's talking about it - the AI revolution is here. But given the rapid evolution in this field, it's hard to keep up with the sweeping effects this technology is causing. Luckily, Joe Carson is joined by longtime AI expert Diana Kelley to shed light on all of these changes. She addresses the many misconceptions and media misrepresentations surrounding AI, breaks down the different forms of this technology, and emphasizes the need for a better understanding of AI's capabilities and limitations. They also discuss the ethical and legal implications that will only become more potent as AI continues...
https://www.youtube.com/watch?v=ow9JszgoC1M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tips to Learn Reverse Engineering: Avoid These Common Pitfalls!
How to maximize the return on your time when learning how to reverse engineer! Just a few thoughts on what worked for me and what to avoid from our recent Twitch stream. ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=JzhpTLe8Vg4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NahamCon CTF 2023: Web Challenge Walkthroughs
Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by @NahamSec ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec If you're looking for the "Marmalade 5" Web challenge, check the @intigriti channel: https://youtu.be/3LRZsnSyDrQ 🥰 Full write-ups for the challenges: https://github.com/Crypto-Cat/CTF/tree/main/ctf_events/nahamcon_23 ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat/CTF HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit:...
https://www.youtube.com/watch?v=XHg_sBD0-es
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=hacking-the-government-with-bryan-seely In this eye-opening episode, dive into the captivating world of cybercrime and social engineering with our host, Joe Carson, and special guest Bryan Seely! Bryan, a keynote speaker and cybersecurity expert best known for his Secret Service exposé, discusses his journey from a young computer enthusiast to a renowned public speaker. Join them as they investigate the mindset and techniques used by hackers, such as the use of aliases to deceive and manipulate their targets, as well as the importance of responsible disclosure and changing cybersecurity laws. Follow us for exclusive updates: ~https://twitter.com/cybraryIT ~https://www.instagram.com/cybrary.it/ ~https://www.facebook.com/cybraryit/ Follow...
https://www.youtube.com/watch?v=aagD2SxYUJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16 - Open Redirect (low/med/high) - Damn Vulnerable Web Application (DVWA)
16 - Open Redirection (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂 ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢Damn Vulnerable Web Application (DVWA)↣ https://github.com/digininja/DVWA ↢Open Redirects↣ @PwnFunction: https://www.youtube.com/watch?v=4Jk_I-cw4WE https://learn.snyk.io/lessons/open-redirect/javascript https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect https://cwe.mitre.org/data/definitions/601.html https://portswigger.net/support/using-burp-to-test-for-open-redirections ↢Chapters↣ Start...
https://www.youtube.com/watch?v=I5jko9mLNO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c
Fun stream hanging out with @c3rb3ru5d3d53c and trying to reverse engineer her malware challenge! API hashing, stack strings, and rick rolls, we've got it all! Full workshop samples and solutions: https://github.com/c3rb3ru5d3d53c/reworkshop ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=amnvrOLRGHA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today! In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey! Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is this NEW Generative AI Feature a GAME CHANGER? [Adobe Firefly]
A demo of Adobe Firefly, the new generative AI functionality in Photoshop. We'll explore various applications of the ethical AI-assisted editing feature, including generative fill (beta) to edit a photograph. First, we'll remove the people (and other objects) from the beach. Next, we'll extend/expand the image, generating additional content that seamlessly clicks into the image. We'll also replace the sky, change the sand and add a variety of animals and objects. Finally, we'll play around with a cartoon image (CryptoCat) to see how the AI functionality works with illustrations. During the course of the video, we'll discuss some of the advantages/disadvantages, talk about bugs, design choices (stock images only) and cyber-security implications (deep fakes). Hope you enjoy this video, next...
https://www.youtube.com/watch?v=oLxIrRzWhUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding The PEB for Reverse Engineers
Full Patreon tutorial (with examples): https://www.patreon.com/posts/understanding-1-83402055 https://www.patreon.com/posts/understanding-2-83402366 Vergilius Project https://www.vergiliusproject.com/ ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=uyisPPTupmA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A File's Life - File Deletion and Recovery
In this episode, we'll look at exactly what happens when you delete a file from an NTFS file system. Then, we'll talk about file "undeletion" versus file carving, and use PhotoRec to perform file carving against a mounted disk image. Lastly, we'll explore techniques to search through that recovered data using an Ubuntu WSL 2 instance. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 13:12 - PhotoRec Demo 19:03 - Searching Recovered Data 🛠 Resources PhotoRec: https://www.cgsecurity.org/wiki/PhotoRec Recycle Bin Forensics: https://www.youtube.com/watch?v=Gkir-wGqG2c Let's Talk About NTFS Index Attributes: https://www.youtube.com/watch?v=x-M-wyq3BXA #Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=4zlk9ZSMa-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

15 - Authorisation Bypass (low/med/high) - Damn Vulnerable Web Application (DVWA)
15 - Authorisation Bypass (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂 ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢Damn Vulnerable Web Application (DVWA)↣ https://github.com/digininja/DVWA ↢Authorisation Bypass↣ https://portswigger.net/web-security/access-control https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References ↢Chapters↣ Start...
https://www.youtube.com/watch?v=Qcgu34eWQa4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub:...
https://www.youtube.com/watch?v=55jibxjUj3I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Web Challenges [Space Heroes CTF 2023]
Video walkthrough for some web exploitation challenges from the Space Heroes (CTF) competition 2023. Some topics covered include; HTTP parameter pollution, chatGPT breakout (prompt injection/leakage), insecure file upload, XSS, CSP bypass and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SpaceHeroes #SpaceHeroesCTF #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat/CTF HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢Space Heroes CTF↣ https://ctftime.org/event/1856 https://spaceheroes.ctfd.io/challenges https://discord.gg/BsSyhTDdne ↢Resources↣ Ghidra:...
https://www.youtube.com/watch?v=d2BRicRLMfk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management Metrics: Top 10 KPIs To Measure Success (W/ Walter Haydock)
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide In this engaging interview, Walter shares valuable insights on: 🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments. 🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations. ⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs. 📈 Success stories of organizations...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management SOP: Expert Reveals Top Tips (W/ Kevin Donatelli)
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs! In this not-to-be-missed session, you'll: 🔑 Learn the essential components of effective vulnerability management SOPs 🛡️ Discover how to prioritize and remediate risks efficiently 🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spinning up the RTV Ship
We are building up the things to bring you up to speed with the latest in Red Team Village activities and DEFCON 31. See you in the network.
https://www.youtube.com/watch?v=RVkXhwIOX6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management Trends & Predictions For 2023 (W/ Joshua Copeland) | PurpleSec
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading: https://purplesec.us/learn/vulnerability-management-trends/ Chapters --------------- 00:00 - Introduction 00:20 - Joshua Copeland 02:47 - Automation Is Key 10:30 - Adoption Of Risk-Based Approaches 16:40 - Continuous Monitoring 21:40 - Increased Focus On Cloud Security 28:43 - Increased Use Of Threat Intelligence 35:10 - The Role Of Network Segmentation 43:30 - DevSecOps: Building Security From The Ground Up 50:40...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]
Walkthrough for a Unity game hacking challenge from the Pico Capture The Flag competition 2023 (picoCTF). First, we'll decompile the Assembly.Csharp.dll with DNSpy and patch/re-compile the code to retrieve the flag. In the second solution, we'll use Cheat Engine 7.5 to identify our player position and teleport through the wall, allowing us to recover the flag. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #ReverseEngineering #CTF #CaptureTheFlag #Pico #PicoCTF #PicoCTF2023 #CheatEngine #GameHacking If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b and the gamepwn README: https://github.com/Crypto-Cat/CTF/tree/main/game_hacking#readme ↢Social...
https://www.youtube.com/watch?v=QgF4PQjeG-o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Two Thumbs Up - Thumbnail Forensics
In this episode, we'll look at Thumbs.db and Thumbcache -- databases used by Windows to store thumbnails (preview images) of pictures, documents, and other file types. Learn how these rather obscure artifacts could potentially be invaluable to your investigations. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:28 - Thumbs.db / Thumbcache artiFACTS 05:13 - Thumbcache Viewer Demo 🛠 Resources #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=5efCp1VXhfQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Techniques To Improve Vulnerability Visibility & Detection (W/ Clement Fouque) | PurpleSec
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/ Read the full article: https://purplesec.us/learn/vulnerability-visibility/ Chapters --------------- 00:00 - Introduction 00:45 - Clement Fouque 01:36 - Importance Of Visibility In Vulnerability Management 02:51 - Why Is Poor Visibility An Issue? 04:40 - Common Blind Spots 06:55 - Improving Asset Inventories 09:30 - How Do You Know If You Have Poor Visibility? 13:20 - Techniques For Improving Visibility 15:05 - How To Ensure All Endpoints Are Being Scanned 18:25 - How Network Segmentation Improves Visibility 20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Doublespeak: Jailbreaking ChatGPT-style Sandboxes using Linguistic Hacks
A review of Large Language Model (LLM) vulnerabilities/exploits, e.g. including prompt leakage, prompt injection and other linguistic hacks. We'll run through levels 1-9 of the doublespeak.chat challenges, produced by Forces Unseen. doublespeak.chat is a text-based game that explores LLM pre-prompt contextual sandboxing. The challenges prime an LLM (Chat-GPT) with a secret and a scenario in a pre-prompt hidden from the player. The player's goal is to discover the secret either by playing along or by hacking the conversation to guide the LLM's behavior outside the anticipated parameters. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox:...
https://www.youtube.com/watch?v=au3CRqlbWlQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Interview with Lesley Carhart (hacks4pancakes)
In this special guest episode, I interview Lesley Carhart (aka hacks4pancakes) of Dragos. We'll cover a variety of topics and provide some career advice along the way! *** Check out PancakesCon 4 at https://pancakescon.com/ coming March 19, 2023! *** 🎉 Also check out the new 13Cubed Training Course Investigating Windows Endpoints. Affordable, on-line, and on-demand training is here! Enroll now at https://training.13cubed.com/ 🛠 Resources Twitter: https://twitter.com/hacks4pancakes Mastodon: https://infosec.exchange/@hacks4pancakes TikTok: https://www.tiktok.com/@UCezvmPw4tfO6n_FMQoN4waw #forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=aC4jd8hQdYo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It's About Time - Timestamp Changes in Windows 11
In this episode, we'll revisit NTFS MACB timestamps and take a look at how file creations, accesses, modifications, renames, copies, and moves affect them. Then, we'll take a look at how Windows 11 has changed the behavior associated with some of those timestamps. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:24 - File Creation 02:54 - File Access and NtfsDisableLastAccessUpdate 05:12 - File Modification 06:18 - File Rename 07:33 - File Copy 09:50 - File Move 12:53 - Correction 14:02 - Timestamp Changes in Windows 11 🛠 Resources Windows MACB Timestamps (NTFS Forensics): https://www.youtube.com/watch?v=OTea54BelTg Windows 11 Time Rules: https://www.khyrenz.com/blog/windows-11-time-rules/ #Windows11...
https://www.youtube.com/watch?v=_D2vJZvCW_8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CAN I WIN A GAME OF BATTLEGROUNDS?! [HackTheBox - Server Siege]
3 more practice games of @HackTheBox battlegrounds (server siege) 💜 If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #offsec HackTheBox: https://affiliate.hackthebox.com/cryptocat-htb HTB Academy: https://affiliate.hackthebox.com/cryptocat-academy ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢HackTheBox↣ https://affiliate.hackthebox.com/cryptocat-htb https://twitter.com/hackthebox_eu https://discord.gg/hackthebox ↢Video-Specific...
https://www.youtube.com/watch?v=VX445yn4lQ4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5 Get 0 In Free Linode Credit ►► https://bit.ly/39mrvRM Get started with Intigriti: https://go.intigriti.com/hackersploit //CYBERTALK PODCAST Spotify...
https://www.youtube.com/watch?v=XcIUuwH3S9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Year Cybersecurity Career Roadmap
In this video, I outline a concise 3-year Cybersecurity career roadmap designed for students or professionals looking to get started with a career in Cybersecurity in 2023 and beyond. Slides: https://bit.ly/3HlM3aw Black Hills 5-Year InfoSec Plan: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►►...
https://www.youtube.com/watch?v=oI9aaBpJvoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EZ Tools Manuals Interview with Andrew Rathbun
In this special guest episode, I interview Andrew Rathbun of Kroll to discuss the new EZ Tools Manuals he's written. This documentation provides in-depth coverage of nearly all Windows forensic tools written by Eric Zimmerman. We also discuss a few other DFIR community projects at the end, so don't miss it! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - EZ Tools Manuals 20:40 - DFIR Artifact Museum 25:48 - Digital Forensics Discord Server 🛠 Resources EZ Tools Manuals: https://leanpub.com/eztoolsmanuals Vanilla Windows Reference: https://github.com/AndrewRathbun/VanillaWindowsReference DFIR Artifact Museum: https://github.com/AndrewRathbun/DFIRArtifactMuseum A Beginner's Guide to the Digital Forensics...
https://www.youtube.com/watch?v=Mz5hin8Wxak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A New Program Execution Artifact - Windows 11 22H2 Update!
In this episode, we'll take a look at a new Windows 11 Pro 22H2 program execution artifact discovered in late December 2022. We'll cover the basics and then look at this new Program Compatibility Assistant (PCA) artifact in action on a Windows 11 system. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:52 - PCA artiFACTS 02:52 - Demo 11:28 - Recap 🛠 Resources New Windows 11 Pro (22H2) Evidence of Execution Artifact: https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/ Vanilla Windows Reference: https://github.com/AndrewRathbun/VanillaWindowsReference DFIR Artifact Museum: https://github.com/AndrewRathbun/DFIRArtifactMuseum 🙏 Special Thanks for Additional Research and...
https://www.youtube.com/watch?v=rV8aErDj06A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Red Team Defense Evasion Techniques - Hiding Linux Processes
In this video, I explore the process of evading defenses on Linux by hiding Linux processes with libprocesshider. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses. Process Hider GitHub Repository: https://github.com/gianlucaborello/libprocesshider //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER...
https://www.youtube.com/watch?v=GT-ClZAi6rE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Red Team Persistence Techniques - SSH Keys, Web Shells & Cron Jobs
In this video, I explore the process of establishing persistence on Linux via SSH keys, local accounts, web shells, and Cron Jobs. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=tNJs8CFj_B8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ChatGPT For Cybersecurity
In this video, I go over the process of how to use ChatGPT and cover various examples of how to use ChatGPT for Cybersecurity. ChatGPT is an AI-driven chatbot launched by OpenAI in November 2022. It is trained using Reinforcement Learning from Human Feedback (RLHF). It is built on top of OpenAI's GPT-3.5 family of large language models and is fine-tuned with both supervised and reinforcement learning techniques. OpenAI ChatGPT: https://chat.openai.com/chat Timestamps: 0:00 Introduction 7:50 ChatGPT usage 10:45 Pentesting examples 13:10 Generating shells 14:25 Fuzzing 17:15 Shellcode 18:00 Custom emails 19:34 Macros 20:56 Buffer overflow 22:15 Automation 25:00 Blue team examples 28:33 ChatGPT impact on cybersecurity //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY...
https://www.youtube.com/watch?v=6PrC4z4tPB0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Red Team Privilege Escalation Techniques - Kernel Exploits & SUDO Permissions
In this video, I explore the process of elevating privileges on Linux by leveraging kernel exploits, local accounts, and misconfigured SUDO permissions. Privilege Escalation consists of techniques adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=w2rElXYV2Fs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LastPass Data Breach - Password Security 101
In this episode of CyberTalk, I discuss the latest LastPass data breach (December 2022) and outline a failsafe password management policy for you, your family, and or your business. The following is a set of password security and management guidelines you should follow: 1. Generate secure, random, and complex passwords. 2. Use a new and unique password for every account. 3. Store your passwords with an offline password management database/vault like KeePass. 4. Take regular backups of your password database/vault and store them in a secure location (preferably only known to you). 5. Regularly change your passwords. 6. Develop a password handover contingency plan in the event of your death or incapacitation. 7. Remember, online platforms and solutions can go out of business or may not necessarily...
https://www.youtube.com/watch?v=MsxlsGAJ97c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Red Team Lateral Movement Techniques - PsExec & RDP
In this video, I will be exploring the process of performing lateral movement on Windows by leveraging PsExec and RDP. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER...
https://www.youtube.com/watch?v=QGkmlsvjMYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Red Team Privilege Escalation Techniques - Bypassing UAC & Kernel Exploits
In this video, I will be exploring the process of privilege escalation on Windows by leveraging various privilege escalation techniques. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Writeup: https://hackersploit.org/windows-privilege-escalation-fundamentals //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM...
https://www.youtube.com/watch?v=vPTbWnCZ0sg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation
In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Writeup: https://hackersploit.org/windows-red-team-defense-evasion-techniques/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=6xexyQwG7SY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dissect Effect - An Open Source IR Framework
In this episode, we'll take a look at the recently open sourced Dissect incident response framework from Fox-IT. We'll briefly examine the overall capabilities of the software, then we'll install it within a WSL 2 environment, and lastly, we'll take it for a test drive using a Windows Server 2019 disk image. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:37 - Installation 03:31 - Using target-query 11:01 - Using target-shell 14:33 - Recap 🛠 Resources Dissect Project: https://github.com/fox-it/dissect Dissect Documentation: https://docs.dissect.tools/en/latest/ #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=A2e203LizAM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Risk-Based Vulnerability Management | PurpleSec
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Read The Full Case Study ---------------------------------------- https://purplesec.us/case-studies/travel-services-provider/ High Level Findings ------------------------------- PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period: - 75% MTTR reduction. - 86% vulnerability risk reduction. - M average annual savings for the client. - 1.6k average monthly man-hour savings. -...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Let's Talk About MUICache
In this episode, we'll take an in-depth look at Windows MUICache. We'll start by reviewing the purpose of this Windows feature, the metadata it collects, and its forensic value in showing evidence of program execution. Then, we'll jump into a demo and see it in action. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:54 - Background 03:42 - MUICache artiFACTS 07:20 - Demo 🛠 Resources Forensic Analysis of MUICache Files in Windows https://www.magnetforensics.com/blog/forensic-analysis-of-muicache-files-in-windows/ #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=ea2nvxN878s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MITRE ATT&CK Framework For Offensive & Defensive Operations
In this live training session, I will introduce you to the MITRE ATT&CK framework and will cover the process of operationalizing it for both offensive and defensive operations. //LIVE TRAINING AND BOOTCAMPS Introduction To C2 Frameworks: https://cyberranges.clickmeeting.com/introduction-to-c2-frameworks-3-day-webinar/register //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials...
https://www.youtube.com/watch?v=ujaoOWmkGLY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Updates & Content Schedule - Q4 2022 - Q2 2023
This video outlines the latest updates from the HackerSploit team and goes over the content development plan for Q4 2022 - Q2 2023. //CERTIFICATIONS Certified Exploitation & Post-Exploitation Professional (CEPP): https://cyberranges.clickmeeting.com/exploitation-post-exploitation-3-day-bootcamp/register //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT...
https://www.youtube.com/watch?v=BnkhIpfc1aU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Read the full article... https://purplesec.us/learn/vulnerability-management-program/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz RSS: https://feeds.buzzsprout.com/2137278.rss Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading... https://purplesec.us/learn/vulnerability-remediation/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users. The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings. Chapters --------------- 00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=hd4dy1jZPS0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Vulnerability Management? (Explained By Experts) | PurpleSec
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz RSS: https://feeds.buzzsprout.com/2137278.rss Chapters --------------- 00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Ngrok
Additional information can be found at ngrok.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DRIbd9-bXvA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hertzbleed Attack Impacting Intel & AMD CPUs | Security Insights By PurpleSec
In June 2022, a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, have published an article on their website about a new attack they developed called Hertzbleed. This attack allows attackers to detect variations in the frequency of CPU using something called Dynamic voltage and frequency scaling or DVFS in short, and steal entire cryptographic keys in that way. Intel's security advisory states that all Intel processors are affected. We have experimentally confirmed that several Intel processors are affected, including desktop and laptop models from the 8th to the 11th generation Core microarchitecture. AMD's security advisory states that several of their desktop, mobile and server processors are affected....
https://www.youtube.com/watch?v=ta8aOUEGyLc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PACMAN M1 Chip Attack Explained | Security Insights By PurpleSec
The team at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a way to attack the pointer authentication in Apple's M1 chip to execute arbitrary code on Macintosh systems. The team says that the vulnerability is found in other ARM chips, not just the M1 – but it hasn't yet had the chance to try it against the M2. In order to get a little closer to this attack and what is the main characteristic and basis of the attack, we have to mention the PAC itself. Pointer Authentication is a security feature that adds a cryptographic signature to operating system pointers, named Pointer Authentication Code (PAC). This allows the OS to spot and block unexpected changes that may lead to data leaks. Chapters --------------- 00:00 - Summary Of The Attack 01:00...
https://www.youtube.com/watch?v=qfnV6iwWCY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Hackerwares
Additional information can be found at hackerware.io. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ImZPTNDX1L0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cleartrip Suffers Massive Data Breach | Security Insights By PurpleSec
Cleartrip is a popular travel-booking platform, founded back in 2006 and acquired by Walmart-owned Flipkart in April 2021. Cleartrip has suffered a massive data breach through what they claim was a “security anomaly” of their internal systems. Their confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022. Their current platforms are fully functional and they state that the data breach is being dealt with, technically and legally. It is also worth mentioning that this isn't the first data breach that Cleartrip has dealt with. The company also suffered a data breach in April 2017 when Cleartrip's website was defaced by a hacking group called “Turtle Squad ” after they gained unauthorized...
https://www.youtube.com/watch?v=WNQZBhXNYio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - SEKTOR7
Additional information can be found at sektor7.net. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=eqaEunkWTcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Maui Ransomware Attacking Healthcare | Security Insights By PurpleSec
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which is claimed to have been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. In June 2022, the Stairwell research team investigated one of lesser-known ecosystems of Ransomware-as-a-Service, the Maui ransomware. Maui has been shown to have a lack of several key features which are commonly seen with tooling from RaaS providers, such as an embedded ransom note to provide recovery instructions or automated means of transmitting encryption keys to attackers. Chapters --------------- 00:00...
https://www.youtube.com/watch?v=csswVeGUgEg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Offensive Security
Additional information can be found at www.offensive-security.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=_Hd6p1do7rw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Write A Penetration Testing Report
This video outlines the importance of penetration testing reports and what makes up a good penetration testing report. //LINKS Penetration Test Reports: https://pentestreports.com/ SANS Whitepaper: https://www.sans.org/white-papers/33343/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN Affiliate Link...
https://www.youtube.com/watch?v=J34DnrX7dTo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - BC Security
Additional information can be found at www.bc-security.org. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RCXMqdr2h5k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Conti Costa Rica Ransomware Attack Explained | Security Insights By PurpleSec
On May 8th, 2022 the President of Costa Rica Rodrigo Chaves declared a national emergency due to an ongoing Conti ransomware campaign against several Costa Rican government entities starting in April of this year. Conti is a prolific ransomware-as-a-service operation that has been infecting and damaging systems since it was first observed in 2020. Attributed to the threat group called WizardSpider by CrowdStrike in 2019. The group is also known for TrickBot and the Ryuk ransomware distributed through the ZLoader botnet which we previously reported as shutdown by Microsoft. Chapters --------------- 00:00 - Summary Of The Attack 00:36 - What Happened? 01:13 - New & Novel Techniques 02:06 - The Ransom Demand 02:39 - Impact Of The Breach 03:04 - Preventing Ransomware Attacks 03:52 - Wrapping...
https://www.youtube.com/watch?v=hW3t36YG2s8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Performing Web Searches From Your Terminal
How to perform web searches from your terminal with Oh My Zsh. Oh My Zsh: https://ohmyz.sh/ How to setup Oh My Zsh: https://www.youtube.com/watch?v=njDuayF9Q6k Web Search Plugin: https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/web-search/web-search.plugin.zsh //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN...
https://www.youtube.com/watch?v=64TlFUnPiz4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)