Your VPN won't protect you 😱
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://Brilliant.org/DavidBombal
The machines are already tracking and watching you. And they're influencing you. The future looks bleak. Do you really want to live in a Skynet world?
I interview Rob Braxman - the Internet Privacy Guy. He's a public interest hacker and technologist. He uses his extensive knowledge of cybersecurity and tech to serve the public good. He cares about privacy. He warns you of digital manipulation, disinformation, mass surveillance.
// Rob Braxman's SOCIAL//
YouTube: https://www.youtube.com/@robbraxmantech
Website: https://brax.me/home/rob
GitHub: https://github.com/robbraxman
X: https://x.com/robbraxmantech
// Specific Video REFERENCE //
Is Skynet...
https://www.youtube.com/watch?v=IPLM5P-vYyU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Abuse Zero-Day Exploit for CrushFTP
https://jh.live/flare || You can track down shady sellers, hunt for cybercrime, or manage threat intelligence and your exposed attack surface with Flare! Try a free trial and see what info is out there: https://jh.live/flare
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Read The Hacker Mindset by Garret Gee: https://jh.live/hackermindset
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment,...
https://www.youtube.com/watch?v=etHDJWYElso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Favorite Tool for Web App Security
Come say hi:
X: https://twitter.com/CristiVlad25
IG: https://www.instagram.com/cristivladz
https://www.youtube.com/watch?v=K78hNM6m3Jw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille
My best cybersecurity career advice: Build a network and keep notes | Cyber Work Podcast
Robin Berthier of Network Perception describes the importance of maintaining your professional network — past employers, colleagues, anyone you meet in the field — and gives a lot of great tips for making the strengthening and maintaining of your personal network a part of your weekly routine.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More...
https://www.youtube.com/watch?v=Y-fm73HHgH0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What a CCNA boot camp is like | Cyber Work Hacks
Infosec and Cyber Work Hacks podcast want to help you pass the CCNA exam! So, for today's hack, let's talk boot camps. The CCNA is an intimidating exam, especially if you're trying to go it alone, just you and your self-study book. That's why I'd like to introduce you to Infosec's CCNA boot camp instructor, Wilfredo Lanz! He will explain what the Infosec 5-day CCNA boot camp is like, the learning and memorizing strategies you'll employ and how boot camp training can help you pass on the first try. Lanz helps his students with every networking question, and students who commit to those five intensive days will see significant results.
0:00 - What is a CCNA boot camp like?
1:40 - Boot camp training versus university
6:37 - Do I need to bring anything to CCNA boot camp?
7:23...
https://www.youtube.com/watch?v=uHnLWe3tnpE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 14 - Intruder V
https://www.youtube.com/watch?v=IOczJTYwKBU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2
Patreon 4/24/2024 - Book Club with @endingwithali
Surprise live stream - working on writing Threatwire live. Come Join!
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=jg13QZivlxA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How ChatGPT and AI are changing cybersecurity forever | Live demo
Artificial intelligence (AI) technologies are reshaping how cybersecurity is done and how people learn cybersecurity. In this live demonstration, Infosec's Keatron Evans will demonstrate how you can use ChatGPT to perform cybersecurity functions and teach yourself new skills — right now.
— See Keatron's ChatGPT learning path: https://www.infosecinstitute.com/skills/learning-paths/applied-chatgpt-for-cybersecurity/
— See more Infosec webinars and events: https://www.infosecinstitute.com/events/
In this practical, hands-on approach to how to use AI you'll learn:
0:00 - Intro and agenda
0:58 - Chat GPT 2024 statistics
4:03 - What is ChatGPT?
6:14 - How is ChatGPT different from Google?
6:50 - ChatGPT for social engineering
8:50 - ChatGPT and ransomware
11:07 - Using ChatGPT for...
https://www.youtube.com/watch?v=16iOQiMkCYA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The coolest switch? 😎 #shorts #unifi #iphone #android
#shorts #wifi #android
https://www.youtube.com/watch?v=-KwZgXVVFd0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This File Steals Passwords
https://jh.live/censys || Get started with the leading Internet Intelligence Platform for threat hunting and attack surface management -- find what is exposed out on the open Internet with Censys! https://jh.live/censys
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Read The Hacker Mindset by Garret Gee: https://jh.live/hackermindset
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment,...
https://www.youtube.com/watch?v=21Fz-oit7Q0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Careers in operational technology: What does a security risk assessor do? | Guest Donovan Tindill
Today on Cyber Work, we continue our deep dive into industrial control systems and operational technology security by talking with Donovan Tindill of DeNexus. Now, I'm just going to come out and say it: Tindill's episode is like a cybersecurity career seminar in a box, and a must-not-miss if you're interested in not just ICS and OT security, but specifically the realm of Risk Assessment. Tindill brought slides and literally lays out his entire career for us to see, including the highs and even some of the lows, and what he learned from them. He explains the fuzzy distinctions between ICS security and the act of determining risk for said systems, gives us a 60 year history of the increasing attack surface and number or risk types associated with operational technology, and gives us tons...
https://www.youtube.com/watch?v=dE3ZPAY_ZGA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ICS and infrastructure cyberattacks | Cyber Work Podcast
Robin Berthier of Network Perception explains the scary part of our currently underfunded ICS/infrastructure security apparatus — lots of exposed targets — but also explains why we don't hear about things like SolarWinds happening every 12 hours, and why some basic best practices, universally adopted, would be a very strong start to tightening up these defenses
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness...
https://www.youtube.com/watch?v=bTf37IPFq0o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Use Github For Malware
https://jh.live/keeper || Keeper Security offers a privileged access management solution to deliver enterprise grade protection all in one unified platform -- keep your users, your data, and your environment secure with Keeper! https://jh.live/keeper
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Read The Hacker Mindset by Garret Gee: https://jh.live/hackermindset
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE...
https://www.youtube.com/watch?v=0wduZ3nO848
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to get started in industrial control systems cybersecurity | Guest Robin Berthier
Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today's episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don't mean...
https://www.youtube.com/watch?v=-1EydStgjeg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New PuTTY Vulnerability - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 Sophia d'Antoine
0:36 - Potential T-Mobile Directory Leak
2:32 - Palo Alto Networks Firewall Python Backdoor
4:20 - Twitter Hosted the Phishing Olympics
6:14 - PuTTY Project Vulnerable
7:28 - Outro
LINKS
🔗 Story 1: Potential T-Mobile Directory Leak
https://www.t-mobile.com/support/plans-features/sim-protection
https://www.sciencedaily.com/releases/2016/05/160512085123.htm
https://tmo.report/2024/04/t-mobile-employees-across-the-country-receive-cash-offers-to-illegally-swap-sims/
🔗...
https://www.youtube.com/watch?v=XZSS08ld6vM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Turning a 0 bounty into ,000+
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=-HIwTEp_oMQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Did you know you can program this? 🤯 #shorts #f1 #cybersecurity #linux
Did you know about eBPF? Learn more here: https://youtu.be/vI8eUH8uiMY
Big thank you to Cisco for sponsoring this video and my trip to McLaren.
#linux #cybersecurity #hacker
https://www.youtube.com/watch?v=NTPYgaJUDMI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Finding WEIRD Devices on the Public Internet
https://jh.live/censys || Get started with the leading Internet Intelligence Platform for threat hunting and attack surface management -- find what is exposed out on the open Internet with Censys! https://jh.live/censys
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Read The Hacker Mindset by Garret Gee: https://jh.live/hackermindset
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment,...
https://www.youtube.com/watch?v=QPjeTSFhfP4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The new AI Cyber Defense you need to know about
Is this the beginning of a new type of firewall that will replace or augment traditional firewalls? Is AI now eating firewalls; and will we still be using them in future?
Big thank you to Cisco for sponsoring this video and my trip to McLaren.
// Jeetu Patel's SOCIAL//
LinkedIn: https://linkedin.com/in/jeetupatel
X: https://twitter.com/jpatel41
Cisco Newsroom: https://newsroom.cisco.com/c/r/newsroom/en/us/executives/jeetu-patel.html
// Tom Gillis' SOCIAL //
LinkedIn: https://www.linkedin.com/in/tomgillis1
X: https://x.com/_tomgillis
Cisco Newsroom: https://newsroom.cisco.com/c/r/newsroom/en/us/executives/tom-gillis.html
// Craig Connor's SOCIALS //
LinkedIn: https://www.linkedin.com/in/craigconnors/
X: https://x.com/egregious
Cisco: https://blogs.cisco.com/author/connorsc
//...
https://www.youtube.com/watch?v=vI8eUH8uiMY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Next Gen Hackers protecting our world
A big shoutout to TCM Security for sponsoring this video. Register now to receive a 50% discount on your first month at the TCM Security Academy, potentially making your most significant step toward a career in ethical hacking. Go here: https://davidbombal.wiki/3vQsqWm
Farah works at Meta and shares her amazing story of going from studying mass media, to hacking and now working at Meta. Did you know that Facebook and Meta have a bug bounty program that allows you to legally hack them and get paid? Go here: https://www.facebook.com/whitehat
// Farah Hawa's SOCIAL//
YouTube: https://www.youtube.com/@FarahHawa
LinkedIn: https://www.linkedin.com/in/farah-hawa-a012b8162/
X: https://x.com/farah_hawaa
Instagram: https://www.instagram.com/farah_hawaa/
// Resources REFERENCE //
YouTube videos:...
https://www.youtube.com/watch?v=Y4oUAvTIL3Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Government Unveils Malware Analysis Tool, But...
CISA's Malware Next-Gen: https://www.cisa.gov/resources-tools/services/malware-next-generation-analysis
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
https://www.youtube.com/watch?v=m9uHDNVmqSk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite Certified Professional (BSCP) Review + Tips/Tricks [Portswigger]
Burp Suite Certified Professional (BSCP) review, tips/tricks etc. Hopefully this videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc who might be interested in taking the BSCP exam from Portswigger 🙂 #BSCP #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
Considering taking the HackTheBox CPTS course? You can find my full review for it here: https://youtu.be/UN5fTQtlKCc
Looking for Portswigger lab walkthroughs? I produce videos for the @intigriti channel: https://www.youtube.com/playlist?list=PLmqenIp2RQciV955S2rqGAn2UOrR2NX-v
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit:...
https://www.youtube.com/watch?v=L-3jJTGLAhc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Assembly for Game Hacking
🔥 Learn How Assembly Works For Game Hacking!
👨💻 Buy Our Courses: https://guidedhacking.com/register/
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🏆 Try Malcore for FREE: https://link.malcore.io/redirect/guidedhacking
🔗 Text Tutorial: https://guidedhacking.com/threads/learn-assembly-for-game-hacking.20569/
🔗 Video Creator: https://guidedhacking.com/members/codenulls.272722/
📜 Video Description:
Learn assembly basics in MINUTES. When C++ code is compiled, it results in machine code. This machine code can be disassembled using IDA Pro, which will give you assembly. Learning assembly is essential for reverse engineering games and any windows application, which is why it's recommended to learn the basics of assembly language, such as x86 assembly....
https://www.youtube.com/watch?v=SCGmXBjxo4g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing SmartScreen on Web Browsers
https://jh.live/keeper || Keeper Security offers a privileged access management solution to deliver enterprise grade protection all in one unified platform -- keep your users, your data, and your environment secure with Keeper! https://jh.live/keeper
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
https://www.youtube.com/watch?v=lNNJlu1KB2I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My best cybersecurity career advice: Anticipate what's next | Cyber Work Podcast
Tom Molden, CIO of Global Executive Engagement at Tanium, gives two pieces of career advice: don't ignore the input and possibilities of someone just because they don't immediately “click” with you socially, and always be anticipating what's coming next.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have...
https://www.youtube.com/watch?v=lR0UpFm3hfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattacks in the manufacturing sector | Cyber Work Podcast
Tom Molden, CIO of Global Executive Engagement at Tanium, talks about some of the big challenges and attack vectors in the manufacturing sector. There is a lot of variance of safety precautions.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more...
https://www.youtube.com/watch?v=VqdeePxAOOY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How is VLC doing this? #shorts #internet #wifi #iphone #android
To learn more, watch this video: https://youtu.be/kMxJ3Goo3gI
#shorts #iphone #android #multicast
https://www.youtube.com/watch?v=-Z2fLuTJ61U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Telegram Has Been Hacked
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
https://www.youtube.com/watch?v=6JY3uaLSflk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Use AI in my Pentests - [feat. @BugBountyReportsExplained]
This video is from a discussion with @BugBountyReportsExplained which you can find here: https://www.youtube.com/watch?v=CfE0-GZk4v8
https://www.youtube.com/watch?v=mueAQ0fehSA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Writing Threatwire Live with @endingwithali
Surprise live stream - working on writing Threatwire live. Come Join!
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=iZ-_9cgJKNg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What do you think makes the best hackers? I think passiona & creativity are key! What do you think?
https://www.youtube.com/watch?v=YJ1XEcb7LwY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Pick a Company to Hack On
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=mHXy07g_o5k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New OMG Cable - Woven & Unmarked
Now Available: https://hak5.org/omg
-
-
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=TYXeIBhYZrw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat Bash: Bash Scripting for Hackers and Pentesters (Bonus: GraphQL and Drone hacking)
Big thanks to Brilliant for sponsoring this video! To try everything Brilliant has to offer for free for a full 30 days and 20% discount visit: https://Brilliant.org/DavidBombal
I interview Dolev Farhi and Nick Aleks - the authors of Black Hat Bash and Black Hat GraphQL. Why should you learn either of these? Good reasons including K bug bounties :)
// Books //
Black Hat Bash:
USA: https://amzn.to/3JebZWJ
UK: https://amzn.to/3PXnk1i
Black Hat GraphQL:
USA: https://amzn.to/43Y3Ork
UK: https://amzn.to/3xtle2J
Hacking API's by Corey J Ball: https://amzn.to/3TQnp89 US and https://amzn.to/3vXYQxX UK
// Dolev Farhi's SOCIAL//
GitHub: https://github.com/dolevf
X: https://x.com/dolevfarhi
// Nick Aleks' SOCIAL //
X: https://x.com/nick_aleks
LinkedIn: https://ca.linkedin.com/in/nick-aleks-2b35389
GitHub:...
https://www.youtube.com/watch?v=c1ZCHCwqWls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Working as a CIO and the challenges of endpoint security | Guest Tom Molden
Today on Cyber Work, our deep-dive into manufacturing and operational technology (OT) cybersecurity brings us to the problem of endpoint security. Tom Molden, CIO of Global Executive Engagement at Tanium, has been grappling with these problems for a while. We talk about his early, formative tech experiences (pre-Windows operation system!), his transformational position moving from fiscal strategy and implementation into his first time as chief information officer and talk through the interlocking problems that come from connected manufacturing devices and the specific benefits and challenges to be found in strategizing around the endpoints. All of the endpoints.
0:00 - Manufacturing and endpoint security
1:44 - Tom Molden's early interest in computers
4:06 - Early data usage
6:26 - Becoming...
https://www.youtube.com/watch?v=lEkoT0yYDnQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is AI The Future Of Penetration Testing?
AI has the potential to revolutionize penetration testing by automating many repetitive, rote tasks like exploit development, vulnerability scanning, and report generation, thereby speeding up pen tests and making them more efficient.
However, AI is not yet advanced enough to fully replace human expertise, especially when it comes to testing custom web applications and proprietary systems that require critical thinking and creativity.
There are risks associated with AI, such as false positives/negatives, scope creep, and accidental system crashes, that necessitate skilled human oversight.
As a result, pentesters' roles may evolve to focus more on validating AI tool output, conducting adversary simulations, and formulating high-level strategies rather than executing technical tasks.
Furthermore,...
https://www.youtube.com/watch?v=CvSKuonYsHk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A New Kind of Phishing Attack - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com
→ Please include (1️⃣) the size of your company and (2️⃣) what your company does.
[❗] Join the book club on Patreon→ https://patreon.com/threatwire
0:00 Intro
0:08 - New Kind of Phishing Attack
1:01 - Latrodectus
3:24 - Discord DOS
3:53 - Unsupported NAS devices left Vulnerable
6:03 - OUTRO
LINKS
🔗 Story 1: New Kind of Phishing Attack
- https://lutrasecurity.com/en/articles/kobold-letters/
🔗...
https://www.youtube.com/watch?v=3DxMHGRKJNs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You ever seen these devices? Networking for Hackers and Cybersecurity professionals.
How long did it take you to see something new or learn something new in this video? If you want to be an Ethical Hacker or Cybersecurity Professional, you need to understand networking.
In this video I show you how to capture traffic using Wireshark and Ethereal using different scenarios:
1) Bus topology
2) Hub topology
3) Bridge topology
4) Switched topology
5) Port mirror / port span
6) Network Tap
7) VLANs
and more :)
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal...
https://www.youtube.com/watch?v=N4N3oP2QIOk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FOR585: Smartphone Forensic Analysis In-Depth course overview
To learn more visit www.sans.org/FOR585
FOR585: Smartphone Forensic Analysis In-Depth course provides examiners and investigators with advanced skills to detect, decode, decrypt, and correctly interpret evidence recovered from mobile devices. The course is continuously updated to keep up with the latest file formats, malware, smartphone operating systems, third-party applications, acquisition shortfalls, extraction techniques (how to get full file system or physical access) and encryption. It offers the most unique and current instruction to arm you with mobile device forensic knowledge you can immediately apply to cases you're working on the day you get back to work. 22 labs, bonus labs + CTF
Course Authors: Domenica 'Lee" Crognale & Heather Mahalik Barnhart
https://www.youtube.com/watch?v=LYkK0mQNAcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The role of a cybersecurity evangelist | Cyber Work Podcast
AT&T Cybersecurity's head of evangelism, Theresa Lanowitz, talks about what exactly a cybersecurity evangelist does. Evangelist, as it's used in corporate terms, feels so slippery to me in terms of roles and responsibilities, so I got Lanowitz to nail down exactly who she “Evangelizes” to, and how. It's useful info for anyone looking to move into this type of role in a corporation.
– Learn more about the CISSP: https://www.infosecinstitute.com/training/cissp/
– Get your free ebook, "CISSP exam tips and tricks (to ace your exam on the first try)": https://www.infosecinstitute.com/form/cissp-exam-tips-ebook/
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and...
https://www.youtube.com/watch?v=OnvIfeBd6zY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are you ready for the CCNA exam? Test yourself with these questions | Cyber Work Hacks
Infosec and Cyber Work Hacks are here to help you pass the CCNA exam! For today's Hack, Wilfredo Lanz, Infosec boot camp instructor in charge of Cisco's CCNA certification, walks us through four sample CCNA questions, walking through each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. And the only way you're going to see it is by staying right here for this Cyber Work Hack!
0:00 - CCNA exam sample questions
1:31 - Different types of CCNA exam questions
3:34 - First CCNA exam sample question
8:34 - Second CCNA exam sample question
13:52 - Third CCNA exam sample question
20:47 - Fourth CCNA exam sample question
25:22 - Infosec CCNA boot camp practice exam
27:04 - Advice for CCNA exam day
28:46 - Outro
Learn...
https://www.youtube.com/watch?v=cdCYOkuU_0M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Hacked The Cloud: Azure Managed Identities
https://jh.live/alteredsecurity || Altered Security has just released their new "Advanced Azure Attacks" course and "Certified Azure Red Team Expert" certification -- use code HAMMOND20 for 20% off ALL THREE of their Azure courses! https://jh.live/alteredsecurity
🗨️ "I Hacked The Cloud" -- compromising an Azure website, swiping the access token for the managed identity of the web app, leveraging permissions to gain code execution on a virtual machine, and extracting credentials for further access! 😎 💬
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE...
https://www.youtube.com/watch?v=othiOX9BRAo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Class D? #shorts #internet #wifi #iphone #android
To learn more, watch this video: https://youtu.be/kMxJ3Goo3gI
#shorts #iphone #android #multicast
https://www.youtube.com/watch?v=KlQEJfjyxFE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet OWASP Top 10 for LLM Apps at RSA!
Calling all RSA Pass Holders! Join us at RSA Conference in San Francisco, May 6th-9th.
https://www.rsaconference.com/usa/agenda/session/OWASP%20AI%20Security%20Summit%20Safeguarding%20AI%20with%20Our%20Top%2010%20for%20LLMs%20%20Gen%20AI
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=XrqkrcifOzI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My best cybersecurity career advice: Think | Cyber Work Podcast
AT&T Cybersecurity's head of evangelism, Theresa Lanowitz, talks about her greatest career advice. It's short, but it is valuable.
– Learn more about the CISSP: https://www.infosecinstitute.com/training/cissp/
– Get your free ebook, "CISSP exam tips and tricks (to ace your exam on the first try)": https://www.infosecinstitute.com/form/cissp-exam-tips-ebook/
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide...
https://www.youtube.com/watch?v=KT3aj9tnvo8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Locknote: Conclusions and Key Takeaways from Day 2
At the end of day two, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of Day 2 of the conference and how these trends will impact future InfoSec strategies.
By: Jeff Moss, Ali Abbasi , Jiska Classen , Vandana Verma , Kenneth White
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day--36492
https://www.youtube.com/watch?v=dxAn2DcB7cg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Locknote: Conclusions and Key Takeaways from Day 1
At the end of day one, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of Day 1 of the conference and how these trends will impact future InfoSec strategies.
By: Jeff Moss, Daniel Cuthbert , Meadow Ellis , Marina Krotofil , Saša Zdjelar
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day--36491
https://www.youtube.com/watch?v=IiKobWTnGYQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keynote: My Lessons from the Uber Case
In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him....
Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine Friends. In a candid conversation, Sullivan will share the lessons he hopes security professionals all learn from his case, so that they, their team, and their company don't ever go through anything similar....
By: Joe Sullivan
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#keynote-my-lessons-from-the-uber-case-36399
https://www.youtube.com/watch?v=laitlnhvNHk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What We Love About HackerOne
At HackerOne, our mission is to make world-class security accessible to everyone and work with some of the world's top security-minded teams and organizations.
Hear from HackerOne employees (or Hackeronies) as they explain their favorite things about HackerOne, such as the mission, the people, and the meaningful work.
To learn more about employee culture at HackerOne, visit the HackerOne careers page: https://www.hackerone.com/careers
https://www.youtube.com/watch?v=3XGgW5xP7BE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keynote: Industrialising Cyber Defence in an Asymmetric World
In this keynote, Ollie Whitehouse will outline a future in which we industrialise our approaches to cyber defence against adversaries who are not constrained by the same legal, moral, or ethical frameworks. This talk will begin by exploring the challenge and need before going on to discuss possible approaches and the research challenges which underpin them and continue to remain unanswered.
By: Ollie Whitehouse
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#keynote-industrialising-cyber-defence-in-an-asymmetric-world-36403
https://www.youtube.com/watch?v=d02zUEu7AYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Black Hat Europe Network Operations Center (NOC) Report
Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network.
By: Neil Wyler (Grifter) & Bart Stump
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#the-black-hat-europe-network-operations-center-noc-report-36176
https://www.youtube.com/watch?v=jMguiXBOSjU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why HackerOne Embraces a Digital First Work Model
Our work is optimized for asynchronous collaboration, knowledge management, and decision-making. HackerOne is creating an industry, and to do that, we must employ the most creative, forward-thinking talent in the market. Our digital first work model allows any Hackeronie to actively contribute to our mission while providing time and location flexibility, which are core elements to a healthy relationship between professional and personal pursuits.
Read more about this philosophy on the HackerOne Careers Page: https://www.hackerone.com/careers
https://www.youtube.com/watch?v=1hRcpVWi4hg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Company Values: What is our favorite value?
HackerOne's culture results from our people, values, and strong mission. We set out to create a workplace where everyone is valued and heard. See which values resonate most with our employees.
Click here to learn more about our culture on the HackerOne Culture and Talent Blog. https://www.hackerone.com/culture-and-talent
https://www.youtube.com/watch?v=u6NUkDS8iYY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
pay cheat facts #gamehacking #malwareanalysis #anticheat
for real tho #gamehacking #anticheat #malwareanalysis
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
game hacking
malware analysis
game hacking tutorials
hacking memes
hacker memes
anticheat malware
malware memes
infosec memes
game hacking
game hacker memes
https://www.youtube.com/watch?v=VHo0hep2cAI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scraping Dark Web Sites with Python
https://jh.live/flare || You can track down cybercrime and manage threat intelligence or your own exposed attack surface with Flare! Try a free trial and see what info is out there: https://jh.live/flare
🗨️ Scraping onion sites across Tor hidden services in an automated way -- quick crash course on some of the command-line tools or Python libraries that can help you create your own custom monitoring tools for cybercrime. 💬
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord...
https://www.youtube.com/watch?v=r8JzWoU2_lU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Working in manufacturing security: Top challenges and career advice | Guest Theresa Lanowitz
AT&T Cybersecurity's head of evangelism, Theresa Lanowitz, is today's guest. Lanowitz has amazing and wide-ranging career achievements, from her time with analyst firms Gartner and Voke, work on Java's JBuilder environment and strategic marketing for the Jini Project, which was proto-IoT going back to the late ‘90s! With all of these incredible stories, we talked far and wide about manufacturing security concerns, she breaks down the key pain points around edge computing and talks extensively about her love of both the English language and programming languages of all sorts. They all have grammar, they all have style, and if you're a linguist or a lover of learning new languages, perhaps computer languages are an opportunity you hadn't pursued? All that and a ton more – seriously,...
https://www.youtube.com/watch?v=3vYFQpuuxuA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
,000. OAUTH Bounty with Nagli!
https://www.youtube.com/watch?v=SoU_qYdEHu8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Truth About Bug Bounties
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=qrNtQmjfByo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI and API Security Panel
AI is changing everything...including the API security landscape! What problems can developers and security professionals expect?
Panelists:
Aubrey King
PR Lead, OWASP Top 10 for LLM Apps
Community Evangelist, F5 DevCentral
Cameron Delano
Security Solutions Architect, F5
Corey Ball
Author of "Hacking APIs"
Dan Barahona
Co-Founder, APISec University
-
OWASP Top 10 for LLMs: https://owasp.org/www-project-top-10-for-large-language-model-applications/
OWASP Top 10 API Security Risks: https://owasp.org/API-Security/editions/2023/en/0x00-header/
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=8uXh8_08t14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Demo of the Microsoft Window's Hack developed by the NSA (with OTW)
OTW demonstrates how to use the NSA hack with Metasploit and take control of a Windows computer remotely.
// Occupy The Web Books //
Linux Basics for Hackers: https://amzn.to/3JlAQXe US and https://amzn.to/43PHFev UK
Getting Started Becoming a Master Hacker: https://amzn.to/3qCQbvh US and https://amzn.to/43JG2iA UK
Network Basics for hackers: https://amzn.to/3W1iiCQ US and https://amzn.to/4aInbGK UK
// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/
// Occupy The Web SOCIAL //
X: https://twitter.com/three_cube
// YouTube Video REFERENCE //
Hacker Saves the World. Teaches you Hacking: https://youtu.be/sxCUZFVM8xk
// Playlists REFERENCE //
Linux Basics for Hackers: https://www.youtube.com/watch?v=YJUVNlmIO6E&list=PLhfrWIlLOoKOs-fjCPHdzD2icF2vORfwK&pp=iAQB
Mr...
https://www.youtube.com/watch?v=zExZsLCHp1I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP Oopsies and Calling XZ What It Is - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
@0xTib3rius
Twitter: https://twitter.com/0xTib3rius
Twitch: https://www.twitch.tv/0xTib3rius
YouTube: https://www.youtube.com/Tib3rius
Everywhere else: https://tib3rius.com/
@TracketPacer
Twitter: https://twitter.com/TracketPacer
YouTube: https://www.youtube.com/c/tracketpacer
TikTok: https://www.tiktok.com/@tracketpacer
Everywhere else: https://www.tracketpacer.com/
[❗] Join the book club on Patreon→ https://patreon.com/threatwire
0:00 Intro
0:11 - Backdoor in XZ-Utils
4:46 - OWASP Oopsies
5:30...
https://www.youtube.com/watch?v=oO5oupAaErw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Invisible Adversary: Burnout
It seems that lately, Burnout is an invisible member of every operational security team. Attackers grow more capable every year, the attacks faster and harder, and regulations even more strict about how quickly and completely your team must perform its mission. With the growing complexity of battle and so much on the line in defending users, operational response teams are under more stress than ever. If the response teams fall apart, who will be the last line of defense?...
By: Johan Berggren , Matt Linton
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#my-invisible-adversary-burnout-36073
https://www.youtube.com/watch?v=NA0f5owyoko
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility
...How do you go about fully understanding what cryptography you have, how it is used and if it's good or bad? This was the question we started to ask ourselves and set about trying to answer using static analysis tools such as GitHub's CodeQL.
Given how we all rely heavily on open-source projects, we set about scanning the top 1000 GitHub open-source projects to identify insecure cryptographic algorithms. We used GitHub's CodeQL multi-repository variant analysis to build a cryptographic bill of materials (CBOM) for each project. The CBOM will list all of the cryptographic algorithms that are used in the project, as well as their security status, and more importantly, help us identify all of the places where insecure cryptographic algorithms are used in the projects....
By: Mark Carney...
https://www.youtube.com/watch?v=V_yOHQO-8nI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Cybersecurity Tips For Small Businesses
Small businesses are underserved by the cybersecurity community. Solutions are too complicated, take too long to implement, and are too expensive.
This often leads to do-it-yourself security, which means you're not fully addressing the risk of your organization as many do not have internal expertise.
In addition, requirements, whether vendor, client, insurance, or compliance, typically lead security initiatives. This reactive approach means rushed decisions to fulfill requirements over investing in cybersecurity for the long term.
We interviewed Bruno Aburto and Heather Noggle - two long-time small business security advocates on their top tips for helping organizations navigate the complexities of cybersecurity.
AI & Cybersecurity Newsletter
------------------------------------------------
👋...
https://www.youtube.com/watch?v=xwqO86qwyVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You ever seen one of these? #shorts #iphone #android #windows
#shorts #iphone #android
https://www.youtube.com/watch?v=lbphJDFR_AU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers Can Hide PowerShell in Environment Variables
https://jh.live/snykctf101 || Learn cybersecurity with a FREE Capture the Flag 101 workshop from Snyk on April 18th! https://jh.live/snykctf101
🗨️ Mapping printable characters to positions within Windows environment variables... to slap together silly obfuscated PowerShell code! Masking the original command in a cutesy way that made help evade detection... (or at least be a fun scripting challenge) 💬
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram...
https://www.youtube.com/watch?v=8CiNx4nNqQ0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to get into manufacturing cybersecurity | Cyber Work Podcast
Thomas Pace of NetRise has some advice for people who want to get into manufacturing security. Even if you have to start at the bottom, Pace gives some useful advice on how to move sideways and upwards.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent,...
https://www.youtube.com/watch?v=r0e3rZBuygM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to Enable BCP38
...In this talk we will analyze the global view of spoofing from Cloudflare, to understand IP spoofing on network-layer DoS attacks, and analyze geographic, longitudinal and network-specific characteristics of spoofing sources. We developed and applied IP spoofing detection techniques on three months of network-layer DoS traces, and used the insights to understand where and why BCP38 is most urgently needed.
By: Vasileios Giotsas
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#a-world-view-of-ip-spoofing-in-l-volumetric-dos-attacks---and-a-call-to-enable-bcp-35659
https://www.youtube.com/watch?v=e-Ec5M5cRpE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collide+Power: The Evolution of Software-based Power Side-Channels Attacks
Power side channels exploit leakage that is fundamentally a result of how we build processors. Over the recent years, these attacks evolved to target general-purpose desktop and server CPUs purely from software.
In this talk, we explore this evolution to its most recent addition: Collide+Power, a novel technique to exploit the fundamental way we share components in modern general-purpose CPUs. In contrast to previous work, Collide+Power does not target specific programs or algorithms but the underlying CPU hardware. This advance in software-based power side channels echoes the discovery of Meltdown and Spectre — where similarly, the underlying hardware provided unforeseen attack possibilities....
By: Andreas Kogler
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#collidepower-the-evolution-of-software-based-power-side-channels-attacks-35630...
https://www.youtube.com/watch?v=c2V9VfEDwEg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware & Cybersecurity Threats on the Horizon
https://jh.live/x-force-tii || Join me as I take a deep dive into the IBM Threat Intelligence Index with Malware Reverse Engineer at IBM X-Force, Golo Mühr. In our discussion, Golo shares his perspective on the trends in this year's report, takes a closer look at IBM X-Force's work and provides his predictions for the year ahead in cybersecurity.
You can check out the full IBM X-Force Threat Intelligence Index report here https://jh.live/x-force-tii and learn more about IBM X-Force here: https://jh.live/x-force-info
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE...
https://www.youtube.com/watch?v=WMGJQ7t2Uo8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My best cybersecurity career advice: Pursue what you want to do | Cyber Work Podcast
Thomas Pace gives some practical career advice in this clip: do what you want to do. And if you don't know what that is, that's OK too!
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient...
https://www.youtube.com/watch?v=O0Lbz9Cf91M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Through the Looking Glass: How Open Source Projects See Vulnerability Disclosure
A security researcher submits their vulnerability report to an open source project (when they can find a confidential way to do so!). That launches several events in the affected project. In this talk, Marta will explain the reasons behind typical reactions. The main part will focus on common myths, misunderstandings, and communication errors that arise in these situations. The goal is to foster a better understanding between security researchers and project teams....
By: Marta Rybczynska
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#through-the-looking-glass-how-open-source-projects-see-vulnerability-disclosure-35578
https://www.youtube.com/watch?v=FfMmQyIrmUE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Techniques for Split-Second DNS Rebinding
...In this talk, I will present two new techniques that can be used to achieve reliable, split-second DNS rebinding in Chrome, Edge, and Safari on hosts with IPv6 access, along with a method to bypass Chrome's restrictions on requests to the local network. I will also walk through a real-world attack against a web application resulting in AWS credentials to demonstrate how achievable rebinding attacks can be....
By: Daniel Thatcher
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#new-techniques-for-split-second-dns-rebinding-35619
https://www.youtube.com/watch?v=uVGdZ-i2JeI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Application Penetration Testing: Steps, Methods, & Tools | PurpleSec
Web application penetration testing is comprised of four main steps including:
1. Information gathering.
2. Research and exploitation.
3. Reporting and recommendations.
4. Remediation with ongoing support.
These tests are performed primarily to maintain secure software code development throughout its lifecycle. Coding mistakes, specific requirements, or lack of knowledge of cyber attack vectors are the main purposes of performing this type of penetration test.
In this video, you'll learn the steps on how to perform security testing on a web application and popular tools used during a web application penetration test with real-life examples.
Continue reading... https://purplesec.us/web-application-penetration-testing/
Sample Web Application Report
---------------------------------------------------
https://purplesec.us/wp-content/uploads/2021/10/Web-Application-Penetration-Test-Sample-Report.pdf
Video...
https://www.youtube.com/watch?v=e1DZYIddDrY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kernel Game Hacking #gamehacking
🔥 Learn More About Vulnerable Kernel Drivers Here: https://guidedhacking.com/threads/vulnerable-kernel-drivers-for-exploitation.15979/
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
guidedhacking
reverse engineering
kernel game hacking
hacking games with kernel drivers kernel cheats
vulnerable kernel drivers
kernel
game hacking
kernel drivers
kernel hacks
kernel cheats
https://www.youtube.com/watch?v=unPCHiBdWjI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Something Rotten in the State of Data Centers
...This talk details our findings in the data center device management domain, showcasing the most impactful vulnerabilities and exploits unearthed in our broader effort to investigate the security of critical data center components. Specifically, we will reveal 8 critical vulnerabilities across two common data center appliances: a popular DDI solution and a KVM. Continuing, we delve into the technical details of how these vulnerabilities can be exploited to completely compromise both products and all connected hosts under their jurisdiction....
By: Jesse Chick , Kasimir Schulz
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#something-rotten-in-the-state-of-data-centers-35553
https://www.youtube.com/watch?v=PdOP1IchX6Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When The Front Door Becomes a Backdoor: The Security Paradox of OSDP
Ever imagined that the modern Physical Access Control Systems (PACS) at the front door of your facility could actually serve as an entry point into your internal IP network? Surprisingly, this is not as far-fetched as it seems. In this talk, we will demonstrate how to go through doors, protected with the latest advancements in building access control security - both physically and digitally.
We will delve into modern access control readers located at the front door, and explore their connectivity with access controllers, managed within the internal network of the building...
By: Ariel Harush , Roy Hodir , Eran Jacob
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#when-the-front-door-becomes-a-backdoor-the-security-paradox-of-osdp-35505
https://www.youtube.com/watch?v=0yrHtJY3mww
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Hide with Clever Alternate Data Streams
https://jh.live/crowdsec || Get curated threat intelligence powered by the crowd, and contribute to better cybersecurity defense with CrowdSec: https://jh.live/crowdsec
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
https://www.youtube.com/watch?v=5Bxl6mVSLEk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 DCGVR Village - Allen Baranov -What Is A GRC Hacker
Talks from the DEF CON 31 DEF CON Groups Virtuality Village
https://www.youtube.com/watch?v=oabdIS9PqAc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing the new Threat Wire
Order today at https://Hak5.org
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=T_BqBSX2SE8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools
...In this talk, we will delve into the internals of the Windows user-mode thread pool, a component that seems to have been overlooked by security researchers in the past. Our exploration begins with an introduction to the thread pool architecture, its work item queuing mechanism, and the execution process managed by the scheduler....
By: Alon Leviev
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#the-pool-party-you-will-never-forget-new-process-injection-techniques-using-windows-thread-pools-35446
https://www.youtube.com/watch?v=AvBO4f7blew
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kidnapping Without Hostages: Virtual Kidnapping and the Dark Road Ahead
Kidnap ransoms without kidnapping people? New extortion techniques such as Human Process Compromise (HPC) are gaining popularity with criminals at the edge of emerging technologies and traditional crime. We have identified a growing trend in virtual kidnapping attacks: when a target is taken offline through either technical means or social engineering, and then relatives of the person are contacted by criminal groups asking for a ransom....
By: Craig Gibson , Vladimir Kropotov
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#kidnapping-without-hostages-virtual-kidnapping-and-the-dark-road-ahead-35469
https://www.youtube.com/watch?v=PU-wBneh3sY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Art of Finding Critical Vulnerabilities
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=fk4bFzZfN8A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ultimate Guide to Arsenal Image Mounter
In this episode, we'll take an in-depth look at Arsenal Image Mounter. We'll start with the basics and cover the functionality included in the free version. Then, we'll look at advanced features including the ability to launch VMs from disk images, password bypass and password cracking, and working with BitLocker encrypted disk images.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:57 - Free Mode
07:55 - Professional Mode
08:43 - Launch a VM from a Disk Image
09:28 - Fixing a Common Issue
12:21 - Windows Authentication Bypass
14:55 - About DPAPI
16:36 - DPAPI: Password Attack Functionality
19:49 - Mounting VSCs
22:36 - Launch a VM from a VSC
23:45 - More VSC Options
26:08 - Working with BitLocker Images
🛠...
https://www.youtube.com/watch?v=4eifl8qvqVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mind Blowing 🤯 Reverse Shell Demo with DNS data bouncing exfiltration!
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://Brilliant.org/DavidBombal
The First 200 people that sign up will get a special discount.
Disclaimer: This video is for educational purposes only.
// Jakoby's SOCIAL//
YouTube: https://www.youtube.com/c/IamJakoby
LinkedIn: https://www.linkedin.com/in/i-am-jakoby
X: https://x.com/i_am_jakoby
Instagram: https://www.instagram.com/i_am_jakoby/
GitHub: https://github.com/I-Am-Jakoby
TikTok: https://www.tiktok.com/@i_am_jakoby
// YouTube Video REFERENCE //
Next Gen Hacker?: https://youtu.be/6jqJ7Ga5CoE
The best Hacking Courses & Certs? Your 2024 roadmap to Pentester success: https://youtu.be/10P4aoXdXTI
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb...
https://www.youtube.com/watch?v=JFWnMMte3f0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple's Unfixable Vulnerability - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
Everywhere else: https://links.ali.dev
[❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire
0:00 - Intro
0:13 - US Cyber Trust Mark is Now Official
2:24 - Apple's Unfixable Vulnerability
4:23 - Another Python Supply Chain Attack
5:50 - Outro
LINKS
🔗 Story 1: US Cyber Trust Mark is Now Official
https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/11/fact-sheet-biden-harris-administration-delivers-on-strengthening-americas-cybersecurity/
https://docs.fcc.gov/public/attachments/FCC-24-26A1.pdf
https://www.jdsupra.com/legalnews/fcc-launches-u-s-cyber-trust-mark-4990595/
https://cyberscoop.com/fcc-cyber-trust-mark/
🔗...
https://www.youtube.com/watch?v=OSqlcsAaKB4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's the Best Firewall? #shorts #firewall #cybersecurity #iphone #android
Transparency notice: I was not paid to create this video. But, UniFi gave me the Dream Machine and Cisco are lending me the firewalls used in this video. I purchased the other devices myself.
Hackers hack millions of ISP routers: https://youtu.be/MBj546UptEA?si=wFnBfonjYsf2Ma_D
BT cheerfully admits snooping on customer LANs: https://www.theregister.com/2011/05/24/bt_snooping/
Changes to pfSense Plus Home+Lab: https://www.netgate.com/blog/addressing-changes-to-pfsense-plus-homelab
UK ISP Had 6 Million Routers Vulnerable for a DNS Vulnerability for 18 Months: https://www.bitdefender.co.uk/blog/hotforsecurity/uk-isp-had-6-million-routers-vulnerable-for-a-dns-vulnerability-for-18-months/
Wireless routers: is your router putting your security at risk? https://www.which.co.uk/reviews/wi-fi-routers-and-extenders/article/wireless-routers-is-your-router-putting-your-security-at-risk-a0ZO37L0NTFT
87...
https://www.youtube.com/watch?v=5AyTJRQOVSo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1: SQL Injection (Union + Blind) - Gin and Juice Shop (Portswigger)
SQL Injection - Episode 2 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube:...
https://www.youtube.com/watch?v=4g2a-n4hjfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Apex Legends Hacker: Destroyer2009
All of the information presented in this video is to be considered purely speculation and not to be perceived as fact. Special thanks to SkeletalDemise and foilman for their hard work and allowing me to share this investigative story. Check out their blogs: https://skeletaldemise.github.io || https://www.probablyavir.us/
Learn Cybersecurity with Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE...
https://www.youtube.com/watch?v=pXZ-aVP_n64
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FOR578: Cyber Threat Intelligence Course Overview
Learn more about the course at: https://sans.org/FOR578
Cyber threat intelligence represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary's tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders. During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic...
https://www.youtube.com/watch?v=90q2i97ZPk4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Learn Game Hacking
🔥 How Do You Learn Game Hacking? It's easy - just follow our courses.
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
If you're asking yourself the question "How to learn game hacking?", the answer has always been and will always be GuidedHacking.com. That's been the whole point of Guided Hacking since day one. Learning how to hack games used to be hard. That's why we dedicated the past 10 years to making the best tutorials and courses for learning how to hack games. Searching Google for hundreds of hours looking for the answers to individual questions? That's a huge waste of your time. Follow our courses step by step and you will learn everything...
https://www.youtube.com/watch?v=9RxJmoHk-y8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ColdFusion Local File Read (CVE-2024-20767)
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=G9MhM7jGwrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Github Copilot Made My Code More Vulnerable
https://jh.live/snyk-ai || Try Snyk DeepCode AI to find and fix vulnerabilities, especially from AI generated code: https://jh.live/snyk-ai
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
https://www.youtube.com/watch?v=q35SQzUp3gs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Most Common Vulns I Find in Pentests [feat. @BugBountyReportsExplained]
This video is from a discussion with @BugBountyReportsExplained which you can find here: https://www.youtube.com/watch?v=CfE0-GZk4v8
https://www.youtube.com/watch?v=iBQJ7iSW0vQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supercharging VIM and Your Bug Bounty Recon Using AI
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=qTuXcAJ_WKc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware Analysis & Threat Intel: UAC Bypasses
https://jh.live/anyrun-ti || ANYRUN has just released their latest Threat Intelligence feature set, and it is super cool to track and hunt for malware families or observed tradecraft -- try it out! https://jh.live/anyrun-ti
Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
https://www.youtube.com/watch?v=LKR8cdfKeGw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Truth Behind the Hack: Experts Break Down AI Red Teaming in a Live Q&A
As artificial intelligence becomes increasingly integrated into our digital landscape, it brings a host of new security challenges and ethical considerations. Join this "Ask Me Anything" (AMA) session with three ethical hackers specializing in AI security and safety. They'll answer your pressing questions about the complex world of AI, including generative AI and machine learning, security testing implications, and AI red teaming for organizations with complex AI systems or adopting AI, from customer-facing chatbots to internal LLMs (large language models). Gain hackers' insights into how to protect your AI systems from emerging threats while ensuring AI's safe and responsible use.
https://www.youtube.com/watch?v=EwCC0u5Io5Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We installed RedLine InfoStealer (Malware)
Thank you Flare for sponsoring this video. Get a free trial: https://hi.flare.io/nahamsec-free-trial/
Flare scans billions of different sources including the dark web, shady telegram channels, ransomeware blogs, and malware logs to allow you to track down and manage your attack surface online!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
-...
https://www.youtube.com/watch?v=_nXdWaG1zKA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why take FOR578 OnDemand? with Robert M. Lee
-OnDemand cyber security courses from SANS Institute gives you anytime, anywhere access to world leading cybersecurity training.
-More than 60 of SANS most popular courses are available via OnDemand, and all are taught by SANS top instructors.
-OnDemand courses include the same hands-on labs and exercises used in our instructor led classes while also offering SME support to answer your specific questions.
-All students receive 4 months of access to their course material, which is now also available in the SANS OnDemand App.
-Rewind and revisit material to reinforce and master your skills from anywhere at anytime.
Learn more about this learning modality at https://www.sans.org/ondemand/
https://www.youtube.com/watch?v=XTsagOpF7WM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
,000 In Bounties From Hacking Into A Prison
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=sBr7AU5VIZQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 13 - Intruder IV
https://www.youtube.com/watch?v=6cyc5k-ZcSc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Network Chuck Hacked YouTube! Learn how RIGHT NOW!!
Network Chuck hacked the YouTube algorithm and has one of the best tech YouTube channels! We can all learn so much from him and his journey. From selling toilets to millions of YouTube subscribers. Learn from one of the best!
A big shoutout to Network Chuck Coffee and The Network Chuck Academy for sponsoring this video: https://store.networkchuck.com/ and https://academy.networkchuck.com/
Thanks for the coffee Chuck!
// Network Chuck's SOCIAL//
YouTube: https://www.youtube.com/@NetworkChuck
LinkedIn: https://www.linkedin.com/in/chuckkeith
X: https://x.com/networkchuck
Instagram: https://www.instagram.com/networkchuck
Twitch: https://www.twitch.tv/networkchuck
// Video REFERENCE //
Network Chuck Livestream: How I make videos: https://youtu.be/m1j7RUEb3Z0
// Resources REFERENCE...
https://www.youtube.com/watch?v=C3misTE2ErA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs ARE DYING - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
Everywhere else: https://links.ali.dev
[❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire
0:00 Intro
0:12 - The NVD is MIA
2:09 - Linux Foundation CVE Reporting Changed
4:16 - Cisco Acquires Splunk
4:20 - It's Literally Black Market Extortion
6:06 - Is the AT&T Leak Real?
7:02 - OUTRO
LINKS
🔗 Story 1: The NVD is MIA
https://blog.morphisec.com/national-vulnerability-database-defend-unpatched-vulnerabilities
https://anchore.com/blog/national-vulnerability-database-opaque-changes-and-unanswered-questions/
https://nvd.nist.gov/
https://www.hackread.com/nist-nvd-halt-leaves-vulnerabilities-untagged/
🔗...
https://www.youtube.com/watch?v=7HM_XMP5KwM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why You Should Learn AI In Cybersecurity
Cybersecurity faces a difficult challenge with AI. The speed and complexity at which adversaries use this technology pose a serious risk for organizations.
Defenders are struggling to keep pace with new use cases and the evolution of AI happening every day.
So what's the best way to defend against AI and to enhance your career development in security?
Learn AI.
We interviewed Jonathan Todd and Tom Vazdar, two experts at the forefront of AI security to help address this growing threat and provide practical ways to empower security professionals.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry:
https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video...
https://www.youtube.com/watch?v=4cXM7CG2D90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SANS Threat Analysis Rundown (STAR)
Join SANS Certified Instructor Katie Nickels as she gives the rundown on the latest threats you should know about. Each month, Katie will be joined by various guests to provide different perspectives from across the community on important developments in recent threat news.
Learn more about Katie Nickels:
https://lnkd.in/g7WGak8v
https://lnkd.in/gGD58Rkg
https://lnkd.in/gNVDh2gW
FOR578: Cyber Threat Intelligence
https://lnkd.in/gGBgWiFP
#malware #apt #cyberthreat #cyberthreatintelligence #analysis #OSINT #DFIR
https://www.youtube.com/watch?v=TeBAT71w3qM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anti-Debug with Structured Exception Handling + Trap Flag
🔥 Learn How to Detect Debuggers using a Structured Exception Handler
🕵️♂️Try ANY.RUN Malware Sandbox: https://app.any.run/#register/?utm_source=youtube&utm_medium=video&utm_campaign=guidedhacking&utm_content=register&utm_term=200324/
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Learn more here: https://guidedhacking.com/threads/how-to-use-seh-and-trap-flag-for-antidebug.20398/
📜 Video Description:
In software development, ensuring code stability and protecting it from unauthorized manipulations are crucial goals. Two widely employed techniques to achieve these goals are Structured Exception Handling (SEH) and Antidebug mechanisms....
https://www.youtube.com/watch?v=ww2INI76ydQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Guide: Hacking APIs
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
00:00 Introduction
00:47 Different approaches
2:07 - Approach 1: Browsing the website
04:34 - Objectives
6:20 - Looking at Javascript Files
8:02 - Authentication
10:16 - Content Discovery
11:32 - API Documentation
12:15 - Example...
https://www.youtube.com/watch?v=k5HZI6CfHw4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop these weird addresses #shorts #firewall #iphone #android #starlink
#iphone #android #starlink
https://www.youtube.com/watch?v=pGKUzdSdOU4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This is How You Hunt For Malware
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
Timestamps
-------
00:00 Introduction
00:02 Learning the basics of malware analysis and hunting.
01:56 Malware can be delivered through various methods.
05:48 Exploring the dark web for potential malware sources.
07:48 Exploring...
https://www.youtube.com/watch?v=ulRh8Qq4tbM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Encryption Market Heating Up - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
Everywhere else: https://links.ali.dev
[❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire
0:00 Intro
0:10 - Encryption market is heating up
2:07 - Toddler Aged Malware Found
3:11 - Admitting to human error
4:08 - Outro
LINKS
🔗 Story 1: Encryption market is heating up
https://bughunters.google.com/blog/5108747984306176/google-s-threat-model-for-post-quantum-cryptography
https://www.bleepingcomputer.com/news/security/tuta-mail-adds-new-quantum-resistant-encryption-to-protect-email/
https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/
https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
https://thenextweb.com/news/zama-holy-grail-cryptography-fully-homomorphic-encryption
🔗...
https://www.youtube.com/watch?v=xNgCEqKK4IA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How LLMs Are Being Exploited
Shubham Khichi has been working on cyber AGI for the past 7 years. Before that, he spent nearly a decade as a red team specialist and cybersecurity researcher. In this interview, Shubham shares his insights into how LLMs are being exploited by adversaries and provides practical tips to secure AI.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
------------------------------
00:00 - Introduction
02:16 - What Is An LLM?
03:53 - Common Vulnerabilities With LLMs
09:34 - How LLMs Are Being Exploited
14:50 - Defending Against LLM Exploits
16:57...
https://www.youtube.com/watch?v=91CbW9XWotw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP Spot
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=0UtvKRkfdqE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackTheBox Cyber Apocalypse 2024: Web Challenge Walkthroughs
Video walkthrough for the first 7 web challenges from @HackTheBox Cyber Apocalypse CTF 2024 (Hacker Royale); Flag Command, TimeKORP, KORP Terminal, Labyrinth Linguist, Locktalk, SerialFlow and Testimonial. The challenges involved API testing, command injection, SQL injection (SQLi), server-side template injection (SSTI), 403 bypass (haproxy), JWT attacks, Memcached injection, python pickle deserialization, gRPC hacking and path traversal! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CyberApocalypse #CyberApocalypse24 #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec
Write-ups: https://crypto-cat.gitbook.io/ctf-writeups/2024/cyber_apocalypse_24
Looking for more HTB CA '24 walkthroughs? Check out @SloppyJoePirates video: https://www.youtube.com/watch?v=EGItzKCxTdQ
↢Social...
https://www.youtube.com/watch?v=-vhl8ixthO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Should I report this vulnerability? Will I get a bounty?
It's really exciting to find your first bug BUT it's crushing when you realise it isn't reportable or comes back as NA from a client. Here are my top tips for identifying if you've found something and double checking before getting caught up in excitement! I still get emails about IDORs being NA because you need a victims cookie and hackers who are angry at bug bounty programs or triagers.
https://www.youtube.com/watch?v=T4EhE5f7fQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rob T. Lee - Could LockBit, ransomware provider have been behind Lurie hack?
In what could be a major development in the cyberattack against Lurie Children's Hospital, the FBI and British authorities have taken down what they call the world's most prolific ransomware group.
There is speculation that the group, LockBit, could also be behind the attack and serious outage at the hospital that began back on Jan. 31.
The group's involvement has not been confirmed, but LockBit took credit for a very similar outage at a hospital on the city's West Side.
Meanwhile, cybersecurity experts said the LockBit bust cold potentially give malware victims like Lurie the keys they need.
"There is always the digital trail, and we will find it," said Philip Sellinger, U.S. Attorney for the District of New Jersey.
https://www.youtube.com/watch?v=JmRh8jmAwWw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rob T. Lee Chicago's Lurie Children's Hospital RANSOMWARE ATTACK
CHICAGO (CBS) – Chicago's Lurie Children's Hospital confirmed for the first time on Thursday it experienced a cyberattack from an outside threat, which led the hospital to take its phone, email, and other systems offline on Jan. 31 and caused disruptions to its regular operations since then.
In a statement, hospital officials said their network was accessed by a "known criminal threat actor," although they did not specify who the actor was. They said they had evidence of "suspicious activity" and decided on Jan. 31 to take the systems offline.
The officials also did not give any timeframe for when they would be able to restore the hospital's systems.
"We take this matter very seriously and have been working closely, around the clock, with outside and internal experts and in collaboration...
https://www.youtube.com/watch?v=vxM1_A0lzak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't Make This Recon Mistake // How To Bug Bounty
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=YbIEXJhZxUk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Fuzzing (using ffuf)
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=0v1CTSyRpMU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 11 - Intruder II
https://www.youtube.com/watch?v=3hq97MYINNU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FOR589: Cybercrime Intelligence Overview
Cybercrime intelligence can help organizations effectively anticipate, prevent, and mitigate potential cybercrime threats, while also helping law enforcement agencies and governments combat cybercrime and prosecute criminals. FOR589: Cybercrime Intelligence (http://sans.org/FOR589) provides an in-depth understanding of the cybercrime underground and covers the wide variety of tactics and techniques used by cybercriminals to exploit organizations. By focusing on both conventional intelligence and contemporary cybersecurity methodologies, this course will help you augment any existing intelligence operations, proactively address risks, and enhance an overall cybersecurity posture. The course is ideal for security professionals, law enforcement officers, and anyone interested in the intricacies...
https://www.youtube.com/watch?v=dNdLNadJJ9Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stay Ahead of Cyberthreats with HackerOne
Cyber threats are growing in sophistication and aggression, and rapid technological innovation has inflated the attack surface.
It's a constant race against time and cunning adversaries, and traditional security methods aren't enough to stay ahead. The solution? Human-powered security testing with HackerOne.
Visit our website to learn more and get started: https://www.hackerone.com/
https://www.youtube.com/watch?v=9vkKMOy9YmI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to take notes when you suck at it
This episode of the Bug Bounty course we talk about the importance of developing a personal note taking system that supports both hacking and learning. Emphasizing the differentiation between notes taken during hacking activities and those for learning about vulnerabilities. We look at methods for organizing and accessing your notes whether you are into Notion, Obsidian or Vim or even mind maps we'll look at how to integrate your notes with tools like Burp Suite. Creating your own knowledge base you can refer to every time you hack, tailored to individual needs and preferences and refine your own note-taking strategies for successful hacking and learning.
00:00 Introduction to the Bug Bounty Course
00:14 The Importance of a Personalized Note-Taking System
00:53 Sponsor Shoutout: Bugcrowd
01:45...
https://www.youtube.com/watch?v=uXuMvUPlvd0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cross-Site Request Forgery (CSRF) Explained
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
Timestamp
----
00:00 - Introduction
00:06 - Importance of understanding CSRF in bug bounty hunting and pentesting.
04:50 - Risk of unauthorized access due to lack of CSRF protection and reliance on current password.
07:16 - Testing...
https://www.youtube.com/watch?v=wYazaHJ3l0E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FOR528: Ransomware & Cyber Extortion Course Overview
In this video FOR528: Ransomware & Cyber Extortion course (http://sans.org/FOR528) author Ryan Chapman provides an overview of the hands-on learning included in the course.
The term "Ransomware" no longer refers to a simple encryptor that locks down resources. The advent of Human-Operated Ransomware (HumOR) along with the evolution of Ransomware-as-a-Service (RaaS) have created an entire ecosystem that thrives on hands-on the keyboard, well-planned attack campaigns. It is a rapidly growing threat that has evolved from being a single machine infection following an ill-advised mouse click to becoming a booming enterprise capable of crippling large and small networks alike. Even when extortion actors do not deploy an encryptor, the fallout can be devastating.
Organizations are at risk of losing...
https://www.youtube.com/watch?v=1SlDzQZ5SyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0: Getting Started with Burp Suite - Gin and Juice Shop (Portswigger)
Intro / Setup for new web pentesting series (ft. burp suite crash course) - Episode 1 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:...
https://www.youtube.com/watch?v=FPzoD_nUQYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
White House said to use Rust - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
Everywhere else: https://links.ali.dev
[❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire
0:00 - Intro
0:11 - LockBit Update
1:23 - White House recommends Rust
2:54 - Apple Quantum Safe
4:03 - Outro
LINKS
🔗 Story 1: LockBit Update
https://www.hackread.com/lockbit-ransomware-returns-taunts-fbi-data-leaks/
https://www.hackread.com/nca-lockbit-gang-source-code-arrest-tool-revealed/
https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant
https://therecord.media/lockbit-relaunch-attempt-follwing-takedown
https://www.reuters.com/technology/cybersecurity/us-indicts-two-russian-nationals-lockbit-cybercrime-gang-bust-2024-02-20/
🔗...
https://www.youtube.com/watch?v=gAg9umQv1D0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking DFIRently From Entry to Specialty
For more resources on how to start in DFIR check out "The Ultimate Guide to Getting Started in Digital Forensics & Incident Response" here: https://www.sans.org/white-papers/ultimate-guide-getting-started-digital-forensics-incident-response/
The Digital Forensics and Incident Response world. An incredibly broad sphere. We have people trying to get into this world. We have people that have just entered this world. We have people that work day-to-day in this world. We have people that excel in niche areas of this world. Each group thinks they are unique in this world, but actually, one commonality that pervades everyone and everywhere in this world is that we have questions about, “How do I?”.
How do I get into DFIR? How do I get better at DFIR? How do I specialize? How do I decide what...
https://www.youtube.com/watch?v=ryr0JWHsmMw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Kingpins LockBit Disrupted
In a landmark operation, the notorious LockBit ransomware gang, which has dominated the cybercrime landscape for over three years, faced a significant disruption.
This breakthrough was achieved through a collaborative effort between the National Crime Agency (NCA) and the FBI. But what led to this pivotal moment, and what implications does it hold for the future of LockBit and ransomware operations globally?
Dive into the details with Ryan Chapman, a leading SANS Institute course author, instructor, and an expert on ransomware, along with other guests, as they dissect the recent events and forecast the ramifications for cybersecurity.
#ransomware #LockBit #cybersecurity
https://www.youtube.com/watch?v=Ith3IgY8on8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Where's the 4624? - Logon Events vs. Account Logons
In this episode, we'll learn about the difference between "Logon Events" and "Account Logons" and explore a scenario in which communication occurs between two domain-joined workstations. Where will we find Event ID 4624 and other account-related Event IDs of interest?
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:18 - Win11-Test-VM
02:14 - Win10-Test-VM
03:41 - Win2019-Test-VM
05:28 - Recap
🛠 Resources
Logon/Logoff Events:
https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter5
Account Logon Events:
https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter4
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=EXsKJ9kIc6s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risk of AI Voice Cloning: Q&A With an AI Hacker
In the following Q&A and video, HackerOne Senior Solutions Architect and AI Hacker Dane Sherrets demonstrates how bad actors use AI voice cloning and breaks down the serious risks of this kind of scam.
Check out the full Q&A on our blog: https://bit.ly/4c1UoyH
https://www.youtube.com/watch?v=eQ8iBESo4OQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Value Of A vCISO For Small Business
Greg Schaffer shares his over 33 years of information technology and cybersecurity experience on the value small and mid-sized businesses gain from working with a virtual CISO (vCISO).
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
-------------------------
00:00 - Introduction
02:55 - LinkedIn Poll Results
08:40 - What Are The Responsibilities Of A vCISO?
14:00 - What Are The Benefits Of A vCISO For SMBs?
16:50 - What Are The Risks Of DIY Security?
19:38 - When Should A Small Business Hire A vCISO?
24:27 - What Should SMBs Look For...
https://www.youtube.com/watch?v=YpJPOPfbkLQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I-S00N China File Drop - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
Everywhere else: https://links.ali.dev
[❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire
0:00 Intro
0:11 - What is happening with LockBit?
0:48 - Linux Kernel Added as CNA
1:02 - I-S00N China file drop
2:12 - Using Audio to Generate Fingerprint Attacks
4:02 - ChatGPT Accounts Linked to APTs Deleted
5:51 - Outro
LINKS
🔗 Story 1: What is happening with LockBit?
https://www.inforisktoday.com/lockbit-infrasttructure-seized-by-us-uk-police-a-24395
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupted-by-global-police-operation/
🔗 Story...
https://www.youtube.com/watch?v=rpl-o12Mcp4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 9 - Repeater II
https://www.youtube.com/watch?v=KrpUNg-8LDc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Leverage Cloud Threat Intelligence Without Drowning: The Zero-Noise Approach
Why is Threat intelligence so difficult to effectively utilize in the Cloud? Different Cloud environments share many characteristics, leading attackers to often use the same TTPs in a multitude of attacks. Sounds like an easy case of using TI to detect and investigate malicious activity, until we encounter one problem : noise. The vast amounts of Cloud TI data combined with increasingly high volumes of automated Cloud attacks have created a situation in which most organizations can't effectively handle their TI feeds. Instead of enabling better detections, these feeds often lead to alert fatigue and hinder the identification of true malicious activity. To tackle this problem, we developed a unique methodology for ingesting Cloud TI and detecting malicious activity : The Zero Noise Approach....
https://www.youtube.com/watch?v=Q0cBwuPy-m0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Basics: The Role of LLM in Modern Threat Intelligence
Threat intelligence is replete with challenges, necessitating a large experience, knowledge, and techniques to really understand the threat landscape, the TTPs, and to accurately track threat actors. Given this context, it is crucial to innovate and introduce the tools and techniques to both the current and next generation of analysts who stand to benefit from shared experience. A promising avenue of innovation is the advent of large language models (LLMs). The widespread accessibility of these tools undoubtedly heralds a new era of innovation. However, practical questions arise: How do we effectively harness this technology? How might it address existing challenges? And, most crucially, how can it assist in tracking threat actors and empowering threat analysts? In this presentation, we will...
https://www.youtube.com/watch?v=9PpfYaAxFq4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Applying Threat Intelligence Practically to Meet the Needs of an Evolving Regulatory Environment
Effective and operationalized threat intelligence is required now more than ever. Even as organizations around the world grapple with shifting market conditions, an increasingly complex regulatory environment is also emerging that will impact cybersecurity programs and processes across many sectors. More recent examples such as DORA and the September 2023 SEC ruling concerning material cyber incidents join established frameworks such as those from NIST and the UK's Cyber Assessment Framework (CAF). Threat intelligence can help organizations develop, prioritize, and action plans and strategies as part of threat and risk management, which ultimately informs these regulatory and compliance assessments. However, a universal threat intelligence methodology or crosswalk does not exist, challenging...
https://www.youtube.com/watch?v=ZneUyNceklY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How an Info Sharing Analysis Center Works w/ its Members to Improve Cyber Defenses for Their Sector
As more firms interact with the government agencies and regulators, external partnerships are becoming a priority. An Information Sharing and Analysis Center and one of its members want to give an overview of what ISAC/ISAOs are and how firms can benefit from this partnership and how ISACs are a good place to start when building external partnerships. The talk would start with an overview of ISACs to include how the ISACs provide anonymity to its members when sharing through their organization as well as how the ISACs interact with government entities and other ISACs. The member firm will then talk through why they joined the ISAC and what benefits they have seen for themselves and the sector as a whole. As part of this process, the firm would describe how they developed an internal procedure...
https://www.youtube.com/watch?v=Rx0npcXC-Bo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LA CTF 2024: Web Challenge Walkthroughs (1-4)
Video walkthrough for first 4 web challenges from LA CTF 2024; terms-and-conditions, flaglang, la-housing-portal and new-housing-portal. The challenges involved JS manipulation, cookie tampering, SQL injection and cross-site scripting. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #LACTF #CTF #Pentesting #OffSec #WebSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢LA CTF↣
https://platform.lac.tf/challs
https://lac.tf/discord
https://ctftime.org/event/2102
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility:...
https://www.youtube.com/watch?v=Z4P667ayUsg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON was actually cancelled?! - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
Everywhere else: https://links.ali.dev
[❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire
0:00 Intro
0:12 - Is this app speedrunning getting hacked?
2:07 - Can your Toothbrush be used DDOS someone?
2:20 - FCC finalizes data breach regulations for telecom companies
3:11 - DEFCON was actually canceled?
4:50 - OUTRO
LINKS
🔗 Story 1: Is this app speedrunning getting hacked?
https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/
https://www.hackread.com/stalkerware-app-thetruthspy-hacked-data-stolen/
https://maia.crimew.gay/posts/fuckstalkerware-4/
https://techcrunch.com/2024/02/12/new-thetruthspy-stalkerware-victims-is-your-android-device-compromised/
🔗...
https://www.youtube.com/watch?v=iTsb7OAlN3g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Simple JavaScript Aimbot - HTML5 Game Hacking
🔥 Learn How to Make a Simple JavaScript Aimbot!
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
Learn the basics of HTML5 game hacking with this short and simple tutorial!
🔗 Learn more: https://guidedhacking.com/threads/simple-javascript-aimbot-html5-game-hacking.20517/
📜 Video Description:
This video takes inspiration from the SANS Holiday Hack Challenge 2023. This challenge featured an HTML5 snowball fight game against Santa and his elves. Our objective was to hack this game and introduce cheats for a more engaging experience. We began by altering URL variables to switch the game from a multiplayer to a single-player mode, allowing an AI...
https://www.youtube.com/watch?v=Kbmvy7FpIL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Secure DevOps - Security enables Velocity
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/4b/Final_The%20State%20of%20DevOps%20-%20Security%20Enables%20Velocity%20-%20AppsecUS.pdf
As technology teams continue to accelerate and evolve, so do the quantity and sophistication of security threats. It's easy to emphasize the importance of security and suggest that teams need to prioritize it, but doing so becomes an extensive change management exercise. How can we rise to the challenge without slowing our software delivery velocity?
Our own lived experience combined with a multi-year research program led by the DevOps Research and Assessment (DORA) team can be used to help you and your team move beyond implementation of specific tools to a people-centric approach to organizational transformation.
This talk will...
https://www.youtube.com/watch?v=bV2xZPBTcBo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenCRE.org - Universal Translator for Security
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/7c/2023OpenCRE-at-WashingtonDC.pdf
In security, it is important to understand the whole chain: from regulation to business risk, to requirement, to code example, to vulnerability, to test method, to tool configurations. However, so far there hasn't been a solid way to interconnect standards, documentation, and tooling. Standards writers often work in isolation, and tooling authors rightly focus on quality results instead of comprehensive information about those results. The open source initiative OpenCRE.org connects all these sources of information: It links topics across multiple standards, including the Top 10, ASVS, Pro-active controls, Testing guide, Cheat sheets, SAMM, SSDF, ISO27001, CSA CCMv3, CWE, CAPEC,...
https://www.youtube.com/watch?v=SPC8NATkxqo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Level Up Your Security Champions (and Your Program)
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/d9/Chuck%20Willis%20-%202023%20OWASP%20AppSec%20DC%20-%20Level%20Up%20Your%20Security%20Champions%20%28and%20Your%20Program%29.pdf
Security Champions are a mainstay of current application security programs. A number of great documents and presentations are available to help you get a program started. Datadog security engineers had used those resources to build and maintain programs at a number of organizations – and they had unfortunately seen many of the same problems arise in those different situations. For example, Security Champions may not have the authority needed to prioritize security tasks, they may vary widely in their security knowledge, they may lose interest, they may have different security goals, and...
https://www.youtube.com/watch?v=7gmA9Wthv8Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Avoid Potholes When Scaling Your Application Security Program
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/92/2023-10%20-%20Global%20AppSec%20-%20Building%20a%20Scaled%20Application%20Security%20Program.pdf
Have you ever wondered what it is like to build an Application Security program at a very large organization? Or an organization that had experienced hyper-growth and the security team's growth was not at the same pace as Engineering? What about an organization that had acquired a lot of different companies with vastly different tech stacks?
This talk will go through where you need to focus your energy to build a scaled Application Security program and how to avoid pitfalls along the way. It will deep dive into topics such as:
• The different levels of maturities for Application Security programs
• How to hire...
https://www.youtube.com/watch?v=lHRlNG-z1x8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bootstrap Your Software Security with OWASP SAMM 2.1
Zip file containing slides and other files: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/c4/global%20appsec%20dc%202023.zip
This presentation will provide an overview of the OWASP SAMM 2.1 framework. SAMM stands for Software Assurance Maturity Model. Our mission is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.
In this talk we will explain what SAMM is, and how you use it to bootstrap and improve your secure development journey (will include a demo of the assessment tools). Plus we will introduce the new...
https://www.youtube.com/watch?v=tKvBBSR-Q-c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Shift Left” Isn't What You Expected
Let's address the elephant in the room — “Shift left” hasn't had the impact on our software security as many of us expected it to have. While it has influenced security in an indispensable way, I argue that “shift left” should be viewed as a tactic in a larger management strategy rather than a solution to solve appsec woes. I will review the success and limitations of “shift left” and how we can “restart” the process by applying it a little differently.
Clinton Herget
Enso Security
Field CTO
Clinton Herget is Field CTO at Snyk, the leader in Developer Security, where he focuses on crafting and evangelizing our strategic vision for the evolution of DevSecOps. A seasoned technologist, Clinton spent his 20-year career prior to Snyk as a web software developer, DevOps consultant,...
https://www.youtube.com/watch?v=QzIdRsxQI88
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Moving Forward By Looking Back: Data Collection and Analysis at OWASP
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/1c/Global_AppSec_DC_BGlas_MovingForwardByLookingBack.pdf
We are eternally searching for answers to the questions "How are we doing?", "How do we compare?", "What should we do next?", "Are we improving?". To help answer these questions and move forward, we can leverage data to learn from the past. We will discuss lessons learned from OWASP Top 10 and OWASP SAMM data collection and analysis, and walk through the new data collection project at OWASP. This project provides a centralized service for the data collection needs of almost any OWASP project. Including governance, legal, data collection and processing, and analytics and visualizations. Join us on this merry journey to find the data that can be used in context...
https://www.youtube.com/watch?v=zpu_DzbkF9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Influencing Without Authority: The Foundations of a Successful Security Department of Yes
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/ad/Influencing%20Without%20Authority%20-%20The%20Foundations%20of%20a%20Successful%20Security%20Department%20of%20Yes.pdf
In today's technology and business landscape, security is a critical component of any successful organization. However, driving the goals of a security organization can be challenging, particularly when that organization resides in a separate line of business than the product engineering organization they wish to influence. The speakers will discuss how to leverage several key concepts of “influencing without authority” to successfully partner with non-security stakeholders and drive the strategic objectives of a security organization.
This talk will explore the telltale signs of the security...
https://www.youtube.com/watch?v=BPF18NVKI1A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Get More Pentesting Clients [My Approach] - feat. @BugBountyReportsExplained
This video is from a discussion with @BugBountyReportsExplained which you can find here: https://www.youtube.com/watch?v=CfE0-GZk4v8
https://www.youtube.com/watch?v=Ix7ziBuZDMc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 8 - Repeater I
https://www.youtube.com/watch?v=dzE6gcdyVNk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust-Lang Game Hacking - Internal Cheat on MacOS
🔥 Learn how make internal cheats with Rust and MacOSX
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/rust-lang-game-hacking-internal-cheat-on-macos.20502/
🔗 Previous Video: https://youtu.be/KIqCstRmGpo
❤️ Video Author: Stigward - https://guidedhacking.com/members/stigward.28143/
📜 Video Description:
Rust-Lang Game Hacking on MacOS
Welcome to our tutorial on Rust-Lang game hacking, specifically focusing on creating an internal cheat for MacOS. In this guide, we're building upon our previous knowledge from external trainer tutorials. Our objective is to craft libraries in Rust and...
https://www.youtube.com/watch?v=MrR-NvN_8tI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Experience with Bug Bounty Hunting (feat. @BugBountyReportsExplained)
From a discussion with @BugBountyReportsExplained.
https://www.youtube.com/watch?v=jIF0JovZSzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 7 - Sitemap and Scanner
https://www.youtube.com/watch?v=WcAzmhKuUX4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Better Protect Sensitive Data in the Cloud with Client-Side Application Layer Encryption
Cloud providers have made significant progress in securing their infrastructure and data centers. However, application owners are still responsible for securing their own data. In this talk, we will discuss the benefits of using client-side application layer encryption to bring your own encryption and protect sensitive data in the cloud. We will explain how to use this technique to provide encryption controls and key management, which can reduce the risk of data breaches and ensure that your data is protected when stored within a cloud-hosted environment. We will also share practical tips for implementing client-side application layer encryption, and how to address the challenges that come with this approach.
Wias Issa
Ubiq Security
Wias Issa has twenty years of experience in the cybersecurity...
https://www.youtube.com/watch?v=l4JpGjOTjZk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cutting to the chase: Security Design and Guidance at scale
In 2021, OWASP added A04:2021 – Insecure Design as a new category focusing on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures.
In a cloud-native, agile environment with hundreds of services operating at scale for products, security needs to be proactive, comprehensive, context and data driven with a focus on risk reduction.
Security in such fast paced, engineering heavy organizations need a shared ownership model. In order to do so, application security truly needs to be decentralized by design .
How does a lean team of security engineers achieve this with an emphasis on trust and partnership?
In this talk, I'll cover my learnings as a software security engineer working on security design...
https://www.youtube.com/watch?v=-6sx8HVzVKA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From SBOMs to F-Bombs: Vulnerability Analysis, SCA Tools, and False Positives & Negatives
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/e9/kwwall_notes-OWASP-2023-SBOMs_to_F-Bombs.pdf
Managing vulnerabilities in third party software has become an important application security activity. Vulnerabilities like Log4Shell and various supply chain attacks such as SolarWinds or CodeCov and numerous others have given many of us haunting nightmares resulting us sleeping with one eye open. Fortunately, Software Composition Analysis (SCA) tools coupled with Software Bill of Materials (SBOMs) have done so much to relieve that anxiety. Or not. This talk explores the vulnerability management process through the eyes of a FOSS security library provider and examines what we can do as AppSec engineers and developers to make the whole process a bit less painful.
Kevin...
https://www.youtube.com/watch?v=OF2WluHxQnk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using WebAssembly to run, extend, and secure your application!
Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/55/AppSecDC2023-Wasm.pdf
WebAssembly (WASM) has come a long way since its first release in 2017. As a technology stack running inside the web browser, it even allows products like Adobe Photoshop to run in that context, and with for example Blazor WebAssembly .NET runs inside of the browser as well. Now, WASM is expanding beyond the browser to run in a server-based context. With the introduction of WebAssembly System Interface (WASI), the technology leverages a standardized API that allows it to run on any system that supports it, for example to support cloud-based workloads.
Had WASM and WASI been around in 2009, Docker would not have existed according to one of its founders, Solomon Hykes. WASM has a strong security...
https://www.youtube.com/watch?v=-4pVadK8ru8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 6 - Advanced Scoping
https://www.youtube.com/watch?v=14n3Qgw4L4E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China is able to trace your Airdrops - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → https://patreon.com/threatwire
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
Everywhere else: https://links.ali.dev
If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com
→ Please include (1️⃣) the size of your company (2️⃣) what your role title is and (3️⃣) a little summary of what your job entails.
[❗] ThreatWire Patreon has moved to → https://patreon.com/threatwire
00:00 Intro
0:12 - SEC Twitter (x) Hacked!
1:52 - IT kind of does their job and gets in trouble
3:16 - China is able to trace your Airdrops
4:09 - Outro
LINKS
🔗 Story 1: SEC Twitter (x) Hacked!
https://www.sec.gov/secgov-x-account...
https://www.youtube.com/watch?v=mXTxi6gvb5c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Got Into Cybersecurity - My Journey in 3 Minutes
https://www.youtube.com/watch?v=XhQRlI9fwj4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RDP Authentication vs. Authorization
In this episode, we'll learn about an important RDP scenario involving Network Level Authentication (NLA) and the Windows Event Log entry that is generated as a result. We'll also see what happens when authentication succeeds, but authorization fails, and how that impacts what's logged.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:10 - Demo
🛠 Resources
RDP Flowchart:
https://drive.google.com/file/d/1aNrqL174RulfBa4I0_KlOqOiYChdqrKM/view?usp=share_link
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=OlENso8_u7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 5 - The Basics V
https://www.youtube.com/watch?v=0Vhx-Ybr_uU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI IS HERE, ARE YOU PROTECTED?
https://www.youtube.com/watch?v=cU_ua2vX57Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI CAN'T REPLACE HUMANS
https://www.youtube.com/watch?v=jkCUFJKIGJk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI IS A TOOL HUMANS CAN'T IGNORE
https://www.youtube.com/watch?v=lamJTY7qK1o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
THE FUTURE OF AI NEEDS HACKERS
https://www.youtube.com/watch?v=ZYHkp3I1XOs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI V HUMAN
https://www.youtube.com/watch?v=DxsOXuGy91w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite - Part 4 - The Basics IV
https://www.youtube.com/watch?v=mwbhf4c3FLE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 4 - Efficient Rule Development
In this OALABS Patreon tutorial we cover the foundations of writing efficient YARA rules and provide some tips that can help speed up your YARA hunting.
The full notes for this tutorial are unlocked for everyone on our Patreon
https://www.patreon.com/posts/introduction-to-96638239
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=xKeF_cPKXt0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 3 - Rule Use Cases
In this OALABS Patreon tutorial we cover the three main use cases for YARA rules and how they apply to both BlueTeam/SOC operations and malware analysis.
Fun notes have been unlocked for everyone on our Patreon here
https://www.patreon.com/posts/introduction-to-96637668
The following are links to UnpacMe specific tutorials for developing each type of rule.
Identifying specific malware families (unpacked)
https://support.unpac.me/howto/hunting-with-yara/#identifying-specific-malware-families-unpacked
Identifying malware on disk or in network traffic (packed)
https://support.unpac.me/howto/hunting-with-yara/#identifying-malware-on-disk-or-in-network-traffic-packed
Hunting (malware characteristics)
https://support.unpac.me/howto/hunting-with-yara/#hunting-malware-characteristics
-----
OALABS...
https://www.youtube.com/watch?v=xutDqu_OiH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 2 - Hunting on UnpacMe
In this OALABS Patreon tutorial we demonstrate a simple YARA hunting example using the UnpacMe free YARA scan service: https://www.unpac.me
Full notes have been unlocked on our Patreon here
https://www.patreon.com/posts/introduction-to-96637337
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=Xqvlju9ED1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 1 - What is a YARA Rule
In this OALABS Patreon tutorial we cover the basics of YARA, what is it, how is it used, and how to write your first rule.
Full notes have been unlocked on our Patreon here
https://www.patreon.com/posts/introduction-to-96636471
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=3BpIhbsDR_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MacOS Game Hacking In Rust-Lang
🔥 Learn The Basics of MacOS Game Hacking with RustLang
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/macos-game-hacking-in-rustlang-simple-external-hack.20494/
Video Author: Stigward - https://guidedhacking.com/members/stigward.28143
📜 Video Description:
In our MacOS Game Hacking in Rus-tLang video we begin by introducing the fundamentals of MacOS game hacking using Rust-Lang. We kick off with Bit Slicer, a tool akin to a cheat engine, particularly adept on MacOS and Apple silicon devices. Our initial step involves connecting Bit Slicer to Assault Cube, a game we use as our hacking playground....
https://www.youtube.com/watch?v=KIqCstRmGpo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Investigating Windows Courses
Check out the official 13Cubed Investigating Windows training courses, with 365-day access and a certification/digital badge attempt included! If you're looking for affordable, comprehensive, online, on-demand digital forensics training with 4K video, subtitles, and more, you've come to the right place!
🎉 Enroll today at training.13cubed.com!
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=BYmRdfmJPfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Approaching Large Scope Targets Without Feeling Overwhelmed
In this video, we discuss how beginners can tackle large scope targets in bug bounty hunting. These targets offer more flexibility and potential for bug discovery, making them a great starting point for new hackers. However, they can be overwhelming due to their size and diversity. We suggest focusing on one part of the larger scope, which helps you understand the target's application development process without becoming overwhelmed. We also delve into different reconnaissance techniques, including subdomain enumeration, Google Dorking, API enumeration, OSINT, and more. Lastly, we emphasize that while reconnaissance is critical for large scope targets, it is just a stepping stone to actually hacking and finding vulnerabilities.
This series couldn't happen without the support of our sponsor...
https://www.youtube.com/watch?v=W4pafFxOOwc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New OWASP API Top 10 for Hackers
Blog article isn't done yet but I'll get it up ASAP!
Today we explore the new OWASP API Top 10 in detail, the new version is much more hacker friendly and focuses on bugs we can find rather than defenders but how can we start to study these bugs and actually find them? Let's take a look at some of the changes in the new OWASP API top 10 2023, which ones I recommend for beginners just starting out with API hacking and when to look out for specific bugs
There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when they are lurking in our code…it's not as fun
But that's where our sponsor Snyk comes in - Snyk scans your code, dependencies, containers, and configs, all in...
https://www.youtube.com/watch?v=sl1yqGhuVy4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
E-commerce Flaws and 0-1000 Bounties
We're continuing our stories of bad bugs theme with some business logic flaws. Unfortunately, I couldn't find the link to the whitepaper with the e-commerce flaws, but I remember it being quantity manipulation, price manipulation by changing the currency and guessing giftcards. In today's video we look at a pretty basic authentication issue, a pretty boring price manipulation issue and end with an utterly underwhelming order number adjustment. Each of these bugs got paid a bounty between 0-1000, though some were duplicates that were split between me and other hackers because they were bugs found at live hacking events)
There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when...
https://www.youtube.com/watch?v=IsBgaEWpqro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Writing Exploits for IoT N-Days?? Zyxel CVE-2023-35138
🔥 Firmware Reverse Engineering and CVE-2023-35138 - Zyxel Command Injection
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗Read More: https://guidedhacking.com/threads/writing-exploits-for-iot-n-days-zyxel-cve-2023-35138.20479/
Video Creator: stigward
https://guidedhacking.com/members/stigward.281430/
📜 Video Description:
Introduction to CVE Exploitation
Today, we'll be analyzing some CVEs listed in an advisory published by Zyxel. It showcases a series of command injection vulnerabilities for one of their NAS drives . We'll be doing some CVE analysis and then crafting an exploit for one of these Zyxel network attach storage devices. Our...
https://www.youtube.com/watch?v=3Z7qXcwrY9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OALABS Holiday Variety Show 2023
𝘔𝘦𝘳𝘳𝘺 𝘐𝘋𝘈𝘮𝘢𝘴 𝘢𝘯𝘥 𝘢 𝘏𝘢𝘱𝘱𝘺 𝘉𝘪𝘯𝘫𝘢-𝘠𝘦𝘢𝘳
Join us for our holiday special reverse engineering variety show!
- Guess the prompt AI charades
- Random RE banter
- Suspicious liquids in bottles
We've got it all!
Merry Christmas everyone we will see you in 2024!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=XMVhX29AJbQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe Advent Of Cyber Day 20 - DevSecOps
DevSecOps has enabled developers to be much more efficient, committing code and deploying it automatically, but it's a fantastic tool for us to go exploring and hacking in their pipelines!
Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=wGO2dWVk1oM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Truth Behind the Hack: Elite Pentesters Tell All
Did you miss our Live Q&A? Not to worry, check out a replay of our live discussion from December 7, 2023.
https://www.youtube.com/watch?v=Tkk6RXYnDDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
🔥Resume Roast from our Content Manager Rachel. #shorts #resume #career #hacking
https://www.youtube.com/watch?v=012h_SV0bRs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hyper-V Memory Forensics - MemProcFS to the Rescue!
In this episode, we'll learn how to properly acquire memory from Microsoft Hyper-V guest virtual machines.
🎉 Update
After I recorded this episode, Ulf Frisk, the author of MemProcFS, let me know that he has made some updates that no longer require you to copy the vmsavedstatedumpprovider.dll file to the MemProcFS directory if the SDK is installed in the ***default*** location. If installed to a different location, the file must still be copied. Additionally, the requirement to prepend the Hyper-V checkpoint file with hvsavedstate:// has also been removed. Both changes now make this process even easier!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:43 - Preparation
06:35 - Using MemProcFS
🛠 Resources
MemProcFS:
https://github.com/ufrisk/MemProcFS
MemProcFS...
https://www.youtube.com/watch?v=Wbk6ayF_zaQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated Beginners Guide to API Bug Bounty
If you're just getting started with bug bounty hunting, web APIs are a fantastic place to start, they're easy to approach, can't easily be automated and are full of bugs.
Join the free, API security live class on Zoom webinars https://www.traceable.ai/resources/lp/webinar-api-security-masterclass?utm_medium=org_social&utm_source=org_social&utm_campaign=tb
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you...
https://www.youtube.com/watch?v=85vdKS0vNN0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Partial Return Address Overwrite - Exploit Dev 10
🔥 Learn How to Bypass ASLR using a partial RET overwrite
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/binary-exploit-development-10-partial-ret-overwrites.20401/
🔗 Exploit Education: https://exploit.education/phoenix/stack-six/
📜 Video Description:
Bypassing ASLR without leaking a memory address? By utilizing a partial instruction pointer overwrite this exploitation technique becomes possible. What do we mean by that? We are talking about overwriting a portion of the return address.
So far, the goal every time was to completely overwrite the return address, which led to full control...
https://www.youtube.com/watch?v=fqsSAqbNFfo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is there ageism in #cybersecurity? Matt thinks so! What do you think? #shorts #hacking #ageism
https://www.youtube.com/watch?v=PH9CCcRhUbk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Interview with Alex Hagenah, Head of Cyber Controls at SIX Group
https://www.youtube.com/watch?v=5OqQYQEZ2ZU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Offensive Security Reduces Threat Exposure
https://www.youtube.com/watch?v=Np38qZWpt9Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Panel: What Hackers Can Tell You About AI Security
https://www.youtube.com/watch?v=eoXouUA1raQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Can an Attacker Actually Do With a Bug Anyway?
We explore the significance of understanding and explaining the impact of vulnerabilities in a bug bounty context. Using Flare.io, to peek into the dark web and see what attackers are actually doing with our vulnerabilities. We cover different vulnerabilities, provide guidelines on creating an effective impact statement, and offer three examples of impactful bug bounty reports. Before I give you my tips for explaining impact to triage and avoiding arguments over severity.
Thank you to our sponsor Flare.io. Know your exposed attack surface, track threat intelligence, and set prioritized alerts (that cut out the noise) for your own info leaked on the dark web with Flare! Try a free trial and see what is out there: https://hi.flare.io/katie-paxton-fear-free-trial/.
00:00 Introduction to Impact...
https://www.youtube.com/watch?v=4gjUby6LGFk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips For Analyzing Delphi Binaries in IDA (Danabot)
Reverse Engineering Delphi is a nightmare ... or it can be if you don't have the right setup! In this clip we cover some easy tips that can help make some of the analysis a bit easier.
Full notes with links for tools are available here:
https://research.openanalysis.net/danabot/loader/delphi/2023/12/04/danabot.html
Full stream with analysis of the Danabot loader is available on Patreon here:
https://www.patreon.com/posts/live-stream-vod-94510766
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=04RsqP_P9Ss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe Advent Of Cyber Day 10 - SQL Injection
Today we escalate a SQL injection vulnerability into a RCE, and explore MS SQL Server
Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=25QTczDdRtI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe Advent Of Cyber Day 7 - Log Analysis
Today we abandon our red hats for the day and dive into the blue team, there's a piece of malware on the network, but how can we tell? Well it's time for us to dive into proxy logs and the cut command to find out!
Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=cG8UH8xwmaY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The truth about API hacking...
https://www.youtube.com/watch?v=WnJSf2OZVUE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking when all the bugs have been found?
Finding bugs on the main app is something a lot of people are a little afraid of, a lot of people think that if a program has been out a while that there's no point even looking at it. But actually the majority of my bugs have actually been on the main application and rarely do I write off a program as unhackable. As you all know by now recon is definitely one of my weakest skills, so here are some tips for approaching the main app and actually getting bugs.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program....
https://www.youtube.com/watch?v=S077-waODvc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Recognize Macro Encrypted Strings in Malware
How to identify when a macro is used to encrypt strings in malware... inferring source from disassembly!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=fEAGYjhKzJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vuln Research in VIDEO GAMES?!?!
🔥 Learn How To Do Vuln Research in Video Games With Patch Analysis
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Links:
GH Article: https://guidedhacking.com/threads/bug-hunting-in-video-games.20472/
Freedroid Source: https://gitlab.com/freedroid
Freedroid on Steam: https://store.steampowered.com/app/1979930/FreedroidRPG/
Original Research: https://logicaltrust.net/blog/2020/02/freedroid.html
Video Creator: stigward
📜 Video Description:
Today, we're going to share our findings from a curious journey through the open-source video game, FreeDroid RPG. More significantly, we'll illuminate a skill that has been instrumental in advancing our...
https://www.youtube.com/watch?v=vHocemqpOuo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Approach an OSINT Challenge - "Photographs" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Photographs", an opensource intelligence (OSINT) challenge from the @intigriti 1337UP LIVE CTF 2023. The challenge required players to examine exifdata and then trace back through alt accounts created by the target, exploring social media accounts uncovered using sherlock (and Google), reverse image searching etc. They would eventually find an interesting comment on a blog indicating location data was shared. This was a hint that players need to check the waybackmachine for an archived copy of the page, which contained the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #OSINT
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:...
https://www.youtube.com/watch?v=JpZ9nTx-2PI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Testing e-commerce? Here's what to look for 👌
https://www.youtube.com/watch?v=6DuW9BjWJ6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Giving Yourself the Best Opportunity to Find a Bug
I get asked a lot how do you choose a target you can actually find bugs on and get bounties, so I've compiled a lot of my tips for choosing a target and how to use bugcrowd features (like joinable programs) to make it so you aren't reliant on the right program coming through on luck. So here's how to choose a target on Bugcrowd and some general advice on some of the things I look for in a good program.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications...
https://www.youtube.com/watch?v=r-04ABtu0ZQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Format String Vulnerability - "Floor Mat Store" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Floor Mat Store", a binary exploitation challenge I made for the @intigriti 1337UP LIVE CTF 2023. It was a fairly standard pwn challenge, requiring players to exploit a format string vulnerability (damn you printf *shakes fist at computer*). I tried to add some small twists and give it a theme to keep it interesting! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Pwn #BinaryExploitation #BugBounty
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢INTIGRITI...
https://www.youtube.com/watch?v=Zu32BHwH-sA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WTF is Egg Hunter Shellcode? - Exploit Dev 11
🔥 Don't know where your shellcode went? Use an Egg Hunter.
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article: https://guidedhacking.com/threads/binary-exploit-development-11-egg-hunter-shellcode.20403/
📜 Video Description:
Why search for our shellcode in memory when we can let Windows do it for us? Sometimes the offset to the shellcode on the stack might not be consistent across application restarts or exploit attempts. In other scenarios, the shellcode might not end up on the stack at all but on the Heap which is dynamically allocated. In order to be still able to write reliable exploits that find the shellcode every time egghunters...
https://www.youtube.com/watch?v=rekguOw9_kc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Websocket SQLi and Weak JWT Signing Key - "Bug Report Repo" [INTIGRITI 1337UP LIVE CTF 2023]
Video walkthrough for "Bug Report Repo", a web challenge I made for the @intigriti 1337UP LIVE CTF 2023. The challenge had multiple parts; first you need to use an IDOR to find a hidden bug report from ethical_hacker. Next, you exploit SQL injection over websocket protocol (either with custom script, or modified proxy for SQLMap). Once you find creds in the DB for the hidden endpoint, you login to find only the admin can read the config. Since the server uses JWT-based authentication, you crack the HS256 signing key with a tool like jwt_tool/hashcat/john, and then forge a new token with the username "admin". Now you just need to swap the cookies to find your flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Web #BugBounty
Full writeup: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/intigriti_23/web/bug_report_repo.md
↢Social...
https://www.youtube.com/watch?v=kgndZOkgVxQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Important Change to ShellBags - Windows 11 2023 Update!
In this episode, we'll learn about an important change introduced with the September 26, 2023 Windows 11 Configuration Update, and how that change affects ShellBags!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:07 - Demo
07:34 - Recap
🛠 Resources
September 26, 2023 Windows 11 Configuration Update:
https://support.microsoft.com/en-us/topic/september-26-2023-windows-configuration-update-542780c2-594c-46cb-979d-11116fe164ba#:~:text=Note%20The%20update%20to%20Windows,to%20broaden%20availability%20over%20time
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=M1nyMIu1Y18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Detect Threads & Bypass Anti-Cheat Detection
🔥 Learn How Anti-Cheats Detect CreateRemoteThread, NtCreateThreadEx etc...
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/how-to-detect-createremotethread-ntcreatethreadex.20474/
🔗 GH Injector: https://guidedhacking.com/resources/guided-hacking-dll-injector.4/
📜 Video Description:
In this tutorial, we're addressing a common challenge in DLL injection: the detection of injected DLLs due to suspicious-looking threads. We'll dive into the mechanics of threads, specifically focusing on injected threads, and provide solutions to mitigate detection risks.
The Basics of Thread Creation and Hooking
When...
https://www.youtube.com/watch?v=KzD_nc5B_8w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Squally - The Game That Teaches Assembly
Squally is a puzzle RPG that teaches assembly & game hacking!
🔗Steam Store: https://store.steampowered.com/app/770200/Squally/
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
This is part 2 of the first chapter of the game.
Squally is a 2D puzzle RPG game that teaches video game hacking!
In other words: this game teaches you the "hardest" parts of computer science in the coolest way possible.
After crash landing on a strange planet, Squally must help the inhabitants to fight the evil forces plaguing their lands. Squally can make use of their supernatural powers to manipulate the world around them -- using x86/x64 assembly.
- Who is this game for?...
https://www.youtube.com/watch?v=DK7QDlAF3ug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frida Hooking Tutorial - Android Game Hacking
🔥 Learn How to Hack Android Games with Frida
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/how-to-hack-android-games-with-frida.20465/
❗️ Welcome to our new video author: stigward!
👨💻 https://guidedhacking.com/members/stigward.281430/
📜 Video Description:
In this walkthrough, we're exploring the process of Android game hacking using Frida, a powerful dynamic instrumentation toolkit. Our objective is to reverse engineer an Android game, Assault Cube, to create a God Mode cheat. We'll get into the Java and native components of an APK (Android Package Kit) and use Frida for hooking...
https://www.youtube.com/watch?v=GWgr0xk8DTM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]
Our live discord call-in show debates! Are indirect syscalls even required? What are they and how are they used?! What are EDR vendors doing to detect them and why you might care....
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=W2SeruUxhDs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]
Our live discord call-in show debates! Are red team tools really helping our industry or are they just giving malware operators a free lunch?!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=ur6csODQHKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 Real API Bugs I got a bounty for
This is a series of mildly Halloween-themed hacking stories for October. I'm going to walk you through my most unimpressive, easy, and straightforward vulnerabilities as I tell three stories of real bugs in real production systems. In this video, we take a look at some API flaws. I've (obviously) had to omit a lot of details, even though these bugs are resolved, sometimes clients worry about disclosing, so no permission = no details on client names, programs, platforms or anything else, all screenshots are taken from unrelated and mildly similar products. ANYWAY, I hope you enjoy the slightly shorter videos.
This video is kindly sponsored by Snyk, sign up to their Fetch The Flag CTF on October 27th via my link https://snyk.co/ctf-insiderphd and don't forget about their CTF 101 workshop...
https://www.youtube.com/watch?v=Yr8qhYlIzXA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 12, 2023
https://www.youtube.com/watch?v=1GbAFa_i-bk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware Memory Forensics - Don't Miss This Important Detail!
In this episode, we'll learn how to properly acquire memory from VMware ESXi guest virtual machines.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:45 - VMware ESXi Snapshot Creation
04:57 - Analysis
06:20 - Recap
🛠 Resources
Memory Forensics for Virtualized Hosts:
https://blogs.vmware.com/security/2021/03/memory-forensics-for-virtualized-hosts.html
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=P0yw93GJsYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn
The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
https://www.youtube.com/watch?v=ALPsY7X42o4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Staying Undetected Using the Windows Container Isolation Framework - Daniel Avinoam
The use of containers became an integral part of any resource-efficient and secure environment. Starting from Windows Server 2016, Microsoft released its version of this solution called Windows Containers, which offers either a process or Hyper-V isolation modes.
In both cases, an efficient file system separation should be provided. On one hand, each container should be able to access system files and write changes that will not affect the host. On the other, copying the entire main volume on each container launch will be storage-inefficient and not practical.
In this presentation, we will cover the basics of windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by an actor to bypass...
https://www.youtube.com/watch?v=Cm-zFx6hwzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe Slowik
In March 2023, journalists and investigators released analysis of “the Vulkan files.” Consisting of documents associated with a Russian company working with intelligence and military authorities, the papers revealed a variety of ambitious programs such as “Scan-V” and“Amezit.” Both programs, in the sense that they offer capabilities to acquire, maintain, and task infrastructure for cyber and information operations at scale, are deeply concerning, indicating a significant advancement in Russian-linked network warfare and related actions.
Placing these items in context reveals a far more troubling picture.After reviewing the capabilities of Amezit and Scan-V, we can see glimpses of historical programs in the advertised efficacy of these projects. We will consider other items that...
https://www.youtube.com/watch?v=H7bV_99I7O4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer Attias
Public transportation payment systems have undergone significant changes over the years. Recently, mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using their smartphones or other mobile devices.
The evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation?
In this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app's API, including...
https://www.youtube.com/watch?v=NVnzm-L4a5c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan - byt3bl33d3r
Ever wake up and ask yourself: “Damn, how could I make email security suck even more today”? Tired of your Red Teams phishing emails not landing in your targets inbox?
Do you dislike Boston (the city) and love Satan?
If you answered yes to any of those questions you should come to this talk!
I'll be showing you how to spoof emails from 2 million+ domains (while also “bypassing” SPF & DMARC!) by (ab)using a partnership between Cloudflare and the “biggest transactional email service” on the interwebs. We'll be diving into "edge" serverless applications and the magical world of email security where everything is (still) held up by duct tape, pasta, and marinara sauce. Finally, I'll be dropping code and releasing a tool that demonstrates how to impersonate emails from 2million+...
https://www.youtube.com/watch?v=NwnT15q_PS8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, Jonghyuk Song
Recently, automotive industry is performing USB fuzzing in an inefficient way for automobiles. Usually, fuzzing is performed by commercial media fuzzers, but the fuzzers are not directly connected to the vehicle during fuzzing. So, it requires much manual efforts of testers.
In this talk, we propose efficient way to perform USB fuzzing to actual vehicles. We describe how to perform USB fuzzing to kernel area fuzzing as well as media fuzzing by directly connecting the fuzzer and the car with a USB cable. By this method, we found real-world vulnerabilities in Volkswagen Jetta, Renault Zoe, GM Chevrolet Equinox, and AGL.
https://www.youtube.com/watch?v=W_vQ5s1bB30
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater
It is 60 years since the first publication of the ASCII standard, something we now very much take for granted. ASCII introduced the Escape character; something we still use but maybe don't think about very much. The terminal is a tool all of us use. It's a way to interact with nearly every modern operating system. Underneath it uses escape codes defined in standards, some of which date back to the 1970s.
Like anything which deals with untrusted user input, it has an attack surface. 20 years ago HD Moore wrote a paper on terminal vulnerabilities, finding multiple CVEs in the process. I decided it was time to revisit this class of vulnerability.
In this talk I'll look at the history of terminals and then detail the issues I found in half a dozen different terminals. Even Microsoft who historically...
https://www.youtube.com/watch?v=Y4A7KMQEmfo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Breaking BMC The Forgotten Key to the Kingdom - Alex Tereshkin, Adam Zabrocki
The Baseboard Management Controller (BMC) is a specialized microcontroller embedded on the motherboard, typically used in servers and other enterprise-level hardware. The security of the BMC is critical to the overall security of the system, as it provides a privileged level of access and control over the hardware components of the system, including the ability to perform firmware updates, and even power the system on and off remotely.
When the internal offensive security research team was analyzing one of the NVIDIA hardware, they detected several remotely exploitable bugs in AMI MegaRAC BMC. Moreover, various elevations of privileges and "change of scope" bugs have been identified, many of which may be chained together resulting in a highest severity security issue. During this talk we...
https://www.youtube.com/watch?v=dbJQIQibZQY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep Rodriguez
We conducted a research to assess the current security of NFC payment readers that are present in most of the major ATM brands, portable point of sales, gas stations, vending machines, transportation and other kind of point of sales in the US, Europe and worldwide. In particular, we found code execution vulnerabilities exploitable through NFC when handling a special application protocol data unit (APDU) that affect most NFC payment vendors. The vulnerabilities affect baremetal firmware devices and Android/Linux devices as well.
After waiting more than 1 year and a half once we disclosed it to all the affected vendors, we are ready to disclose all the technical details to the public. This research was covered in the media by wired.com but without the technical details that we can share now...
https://www.youtube.com/watch?v=eV76vObO2IM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - The Art of Compromising C2 Servers A Web App Vulns Perspective - Vangelis Stykas
C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.
While understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.
By exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of...
https://www.youtube.com/watch?v=fMxSRFYXMV0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Defeating VPN Always On - Maxime Clementz
VPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunneled.
We will review the relevant Windows API, the practicalities of this feature, look at popular VPN software; we will then consider ridiculously complex exfil methods and... finally bypass it with unexpectedly trivial tricks. We will exploit design, implementation and configuration issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by...
https://www.youtube.com/watch?v=hUMKg9Xe0Zc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - The GitHub Actions Worm - Asi Greenholts
GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.
In this talk I'll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.
We will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of.
We will then dive down to how GitHub Actions is working under the hood and I'll show you how an attacker...
https://www.youtube.com/watch?v=j8ZiIOd53JU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded Systems - Martin Petran
The CAN bus is a traditional communication standard used (not only) in automotive to allow different components to talk to each other over reliable connection. While one of the primary motivators for CAN bus introduction was to reduce the amount of wiring inside vehicles, it became popular for its robustness, flexibility, and ease of implementation for which it is now used in almost every vehicle.As with any other protocol, it is a well-defined standard that enforces all aspects of the communication from the physical media to the message format and its processing. The formal protocol specifications like this are often seen as the source of the absolute truth when working with various transfer protocols. Such specifications are very strict on the format of the messages that belong to the given...
https://www.youtube.com/watch?v=okrzUNDLgbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Ringhopper - How We Almost Zero day'd the World - Benny Zeltser, Jonathan Lusky
Last year we almost zero-day'd the world with the publication of RingHopper. Now we can finally share some juicy details and invite you for an illuminating journey as we delve into the realm of RingHopper, a method to hop from user-land to SMM.
We will survey the discovery and disclosure of a family of industry-wide vulnerabilities in various UEFI implementations, affecting more than eight major vendors, making billions of devices vulnerable to our attack. Then, we will deep-dive into the innards of SMM exploitation and discuss methods to use and abuse various functionalities and properties of edk2 to gain code execution. We will unveil both our futile and fruitful quests of crafting our way to SMM, and detail both the paths that lead to dead-ends, and the route to success.
We will give...
https://www.youtube.com/watch?v=u8V4ofWpHZk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering With Unicorn Emulation
In this OALABS Patreon tutorial we will learn how to use the Unicorn Emulator to assist with reverse engineering! This is the second part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
Lab Notes
https://gist.github.com/herrcore/1a5af37f91a6f9b263a527c98c7b08bd
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=-CNy4qh08iU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied Ep88: The RISE of the CISO with Merike Kaeo
This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=FklaFGnBEyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old School MS-DOS Commands for DFIR
In this episode, we'll look at numerous old-school MS-DOS commands from the 80's and 90's that are still very valid and useful today -- even in Windows 11! Learn how to perform complex file searches, change file attributes, view Alternate Data Streams, and more - right from the Command Prompt!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:15 - DIR
03:01 - CLS
03:55 - DIR /A
05:07 - DIR /AH
05:47 - DIR /AD
07:21 - DIR /OD
08:12 - DIR /TC
08:34 - DIR /A/TC/OD
09:26 - DIR /W
10:10 - DIR /S [FILENAME]
11:40 - DIR /S/A [FILENAME]
13:16 - DIR /S/A ?.EXE
14:16 - DIR /S/A ??.EXE
15:11 - DIR /P
16:17 - DIR /S/A [PATTERN]*.??
17:49 - DIR /S/AH ?.EXE
18:52 - CD | CHDIR
20:25 - DIR /R
20:44 - DIR /R/A
21:25 - MORE...
https://www.youtube.com/watch?v=SfG25LmNkT0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emulation Fundamentals - Writing A Basic x86 Emulator
In this OALABS Patreon tutorial we will explore how an emulator works by building one ourselves! This is the first part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
The demo Jupyter Lab note can be found on GitHub here...
https://gist.github.com/herrcore/f25bcf55fa10fa8d04effc172eeb63c9
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=HPrqOIdNlrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unity Game Hacking Challenge - "Azusawa's Gacha World" [SekaiCTF]
Video walkthrough for "Azusawa's Gacha World", a [game] reversing challenge from Project SEKAI CTF 2023. The challenge involved memory manipulation with cheat engine (optional), reverse engineering of Unity game code (C#) in dnSpy, some network traffic analysis and HTTP traffic manipulation. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SEKAICTF #ProjectSEKAI #CTF #ReverseEngineering #GameHacking #CheatEngine
You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/sekai_23/rev/azusawas_gacha_world.md 🥰
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b...
https://www.youtube.com/watch?v=R8EnhRDDWFg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 6 | Deconstructing Malware Attacks & Forging a Career in Cybersecurity
In this episode of Intruder Alert, Marcus Hutchins is joined by cybersecurity expert Caitlin Sarian, known for her role as the Global Lead of Cybersecurity Advocacy and Culture at TikTok and her expertise in data protection and privacy compliance. Marcus and Caitlin provide technical insight into the latest US malware attacks and share invaluable advice on breaking into the cybersecurity field.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=2aRgdmTdtK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=my568xKtgLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is your favorite on here?? #favorite #cybersecurity #hacker
https://www.youtube.com/watch?v=KPPH7vJZajQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Protecting Society and the Role of CERT with Tonu
In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=aYCyFDlK7vg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne x Red Team Village
Thank you HackerOne for Sponsoring the Red Team Village!
Additional information about HackerOne can be obtained from https://hackerone.com
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=6XzKgYF3kDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Hack The Box
Additional information about Hack The Box can be found at hackthebox.eu
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DX61G7v3jvw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Meta
Additional information about Meta can be found at meta.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=uizRK9qLsJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 5 | Community Uprising: Unravelling the Reddit Blackout
In the latest episode of Intruder Alert, Marcus Hutchins and Cybrary blue teamer, Marc Balingit, delve into the the uproar around Reddit's blackout. They unravel the intricacies of Reddit's contentious API changes, which have cornered third-party apps like Apollo, sparking a sweeping blackout protest across thousands of subreddits. Furthermore, they explore the impact of Twitch's fresh policy adjustments, which are a threat to streamers' ad revenue, and other news impacting online communities.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=8_CEqpKU8AA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOM Clobbering, Prototype Pollution and XSS - "sanity" Walkthrough [Amateurs CTF 2023]
Video walkthrough for "sanity", a web challenge from Amateurs CTF 2023. The challenge involved DOM clobbering, prototype pollution and XSS. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #AmateursCTF #CTF #Pentesting #OffSec #WebSec
You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/amateurs_23/web/sanity.md 🥰
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Amateurs CTF↣
https://ctf.amateurs.team/challs
https://discord.com/invite/gCX22asy65
↢Resources↣
Ghidra:...
https://www.youtube.com/watch?v=AO7CDquZ690
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Buddobot
Additional information about Buddobot can be found at buddobot.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ubVLiJ17Sd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trying to demo the #hacker side without getting 🤐🤐🤐 by the platform. Oops! #cybersecurity
https://www.youtube.com/watch?v=p_OgaSkmBMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 85 | Key Takeaways from the Verizon DBIR with Tony Goulding
Join host Joseph Carson and guest Tony Goulding as they break down the annual Verizon breach report. With over 16,000 incidents and more than 5,200 data breaches, there's a lot to look at. Tony and Joe have some great takeaways from this critical annual report and share their expert insights on what's new, what's changed, and what we're not doing so bad at (hint: MFA goes a long way!)
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=luXnfWO_U7I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AV Emulation Detection Tricks Used by Malware
Tricks that malware developers use to detect antivirus emulators and how these differ from the sandbox emulators we use from our recent Twitch stream.
Alexie's Windows Defender research with some insights into the emulation engine used...
https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf
https://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf
https://github.com/0xAlexei/WindowsDefenderTools
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=8jckguVRHyI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack you exe's phone? 😂 #podcast #cybersecurity
https://www.youtube.com/watch?v=ufdeWuwsWaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Bishop Fox
Additional information about Bishop Fox can be found at:
https://www.bishopfox.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=aopkRkBfkgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Optiv
Additional information about Optiv can be found at optiv.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RMaH8T6Qx_s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 84 | The Best of RSAC & Cybersecurity Strategies with Bob Burns
RSAC was the place to be for cybersecurity in 2023, and Joe Carson is joined by Bob Burns to talk all about it. From the sessions that really resonated to the incredible human connections and networking, join Joe and Bob to deconstruct this year's most comprehensive conference. Were you at RSAC this year? Join us in the comments to let us know your favorite session!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=qU40Yg7pfbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting PsExec Usage
In this episode, we're going to look at a variety of methods you can use to determine whether or not a system was the recipient of a PsExec connection. While you may already be familiar with some of these detections, there's a good chance you haven't seen them all!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
03:03 - Demo 1
05:09 - Event Log Analysis 1
09:01 - Demo 2
09:56 - Event Log Analysis 2
10:56 - Shimcache Analysis
15:46 - The Key to Identify PsExec
17:55 - Prefetch Analysis
21:38 - Recap
🛠 Resources
The Key to Identify PsExec:
https://aboutdfir.com/the-key-to-identify-psexec/
Prefetch Deep Dive:
https://www.youtube.com/watch?v=f4RAtR_3zcs
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=oVM1nQhDZQc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV Badge Preview - 2023
Pick yours up now!
https://redteamvillage.square.site/
https://www.youtube.com/watch?v=DSHE3wXIkSA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-ai-revolution-with-diana-kelley
Everybody's talking about it - the AI revolution is here. But given the rapid evolution in this field, it's hard to keep up with the sweeping effects this technology is causing. Luckily, Joe Carson is joined by longtime AI expert Diana Kelley to shed light on all of these changes. She addresses the many misconceptions and media misrepresentations surrounding AI, breaks down the different forms of this technology, and emphasizes the need for a better understanding of AI's capabilities and limitations. They also discuss the ethical and legal implications that will only become more potent as AI continues...
https://www.youtube.com/watch?v=ow9JszgoC1M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips to Learn Reverse Engineering: Avoid These Common Pitfalls!
How to maximize the return on your time when learning how to reverse engineer! Just a few thoughts on what worked for me and what to avoid from our recent Twitch stream.
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=JzhpTLe8Vg4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NahamCon CTF 2023: Web Challenge Walkthroughs
Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by @NahamSec ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec
If you're looking for the "Marmalade 5" Web challenge, check the @intigriti channel: https://youtu.be/3LRZsnSyDrQ 🥰
Full write-ups for the challenges: https://github.com/Crypto-Cat/CTF/tree/main/ctf_events/nahamcon_23
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit:...
https://www.youtube.com/watch?v=XHg_sBD0-es
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=hacking-the-government-with-bryan-seely
In this eye-opening episode, dive into the captivating world of cybercrime and social engineering with our host, Joe Carson, and special guest Bryan Seely! Bryan, a keynote speaker and cybersecurity expert best known for his Secret Service exposé, discusses his journey from a young computer enthusiast to a renowned public speaker. Join them as they investigate the mindset and techniques used by hackers, such as the use of aliases to deceive and manipulate their targets, as well as the importance of responsible disclosure and changing cybersecurity laws.
Follow us for exclusive updates:
~https://twitter.com/cybraryIT
~https://www.instagram.com/cybrary.it/
~https://www.facebook.com/cybraryit/
Follow...
https://www.youtube.com/watch?v=aagD2SxYUJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16 - Open Redirect (low/med/high) - Damn Vulnerable Web Application (DVWA)
16 - Open Redirection (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Open Redirects↣
@PwnFunction:...
https://www.youtube.com/watch?v=I5jko9mLNO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c
Fun stream hanging out with @c3rb3ru5d3d53c and trying to reverse engineer her malware challenge! API hashing, stack strings, and rick rolls, we've got it all!
Full workshop samples and solutions:
https://github.com/c3rb3ru5d3d53c/reworkshop
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=amnvrOLRGHA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today!
In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us.
For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is this NEW Generative AI Feature a GAME CHANGER? [Adobe Firefly]
A demo of Adobe Firefly, the new generative AI functionality in Photoshop. We'll explore various applications of the ethical AI-assisted editing feature, including generative fill (beta) to edit a photograph. First, we'll remove the people (and other objects) from the beach. Next, we'll extend/expand the image, generating additional content that seamlessly clicks into the image. We'll also replace the sky, change the sand and add a variety of animals and objects. Finally, we'll play around with a cartoon image (CryptoCat) to see how the AI functionality works with illustrations. During the course of the video, we'll discuss some of the advantages/disadvantages, talk about bugs, design choices (stock images only) and cyber-security implications (deep fakes). Hope you enjoy this video, next...
https://www.youtube.com/watch?v=oLxIrRzWhUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding The PEB for Reverse Engineers
Full Patreon tutorial (with examples):
https://www.patreon.com/posts/understanding-1-83402055
https://www.patreon.com/posts/understanding-2-83402366
Vergilius Project
https://www.vergiliusproject.com/
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=uyisPPTupmA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A File's Life - File Deletion and Recovery
In this episode, we'll look at exactly what happens when you delete a file from an NTFS file system. Then, we'll talk about file "undeletion" versus file carving, and use PhotoRec to perform file carving against a mounted disk image. Lastly, we'll explore techniques to search through that recovered data using an Ubuntu WSL 2 instance.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
13:12 - PhotoRec Demo
19:03 - Searching Recovered Data
🛠 Resources
PhotoRec:
https://www.cgsecurity.org/wiki/PhotoRec
Recycle Bin Forensics:
https://www.youtube.com/watch?v=Gkir-wGqG2c
Let's Talk About NTFS Index Attributes:
https://www.youtube.com/watch?v=x-M-wyq3BXA
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=4zlk9ZSMa-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
15 - Authorisation Bypass (low/med/high) - Damn Vulnerable Web Application (DVWA)
15 - Authorisation Bypass (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Authorisation...
https://www.youtube.com/watch?v=Qcgu34eWQa4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub:...
https://www.youtube.com/watch?v=55jibxjUj3I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management Metrics: Top 10 KPIs To Measure Success
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
In this engaging interview, Walter shares valuable insights on:
🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments.
🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations.
⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs.
📈 Success stories of organizations...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management SOP: Expert Reveals Top Tips
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs!
In this not-to-be-missed session, you'll:
🔑 Learn the essential components of effective vulnerability management SOPs
🛡️ Discover how to prioritize and remediate risks efficiently
🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spinning up the RTV Ship
We are building up the things to bring you up to speed with the latest in Red Team Village activities and DEFCON 31. See you in the network.
https://www.youtube.com/watch?v=RVkXhwIOX6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 10 Vulnerability Management Trends For 2024
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading: https://purplesec.us/learn/vulnerability-management-trends/
Chapters
---------------
00:00 - Introduction
00:20 - Joshua Copeland
02:47 - Automation Is Key
10:30 - Adoption Of Risk-Based Approaches
16:40 - Continuous Monitoring
21:40 - Increased Focus On Cloud Security
28:43 - Increased Use Of Threat Intelligence
35:10 - The Role Of Network Segmentation
43:30 - DevSecOps: Building Security From The Ground Up
50:40...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Two Thumbs Up - Thumbnail Forensics
In this episode, we'll look at Thumbs.db and Thumbcache -- databases used by Windows to store thumbnails (preview images) of pictures, documents, and other file types. Learn how these rather obscure artifacts could potentially be invaluable to your investigations.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:28 - Thumbs.db / Thumbcache artiFACTS
05:13 - Thumbcache Viewer Demo
🛠 Resources
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=5efCp1VXhfQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Techniques To Improve Vulnerability Visibility & Detection
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/
Read the full article: https://purplesec.us/learn/vulnerability-visibility/
Chapters
---------------
00:00 - Introduction
00:45 - Clement Fouque
01:36 - Importance Of Visibility In Vulnerability Management
02:51 - Why Is Poor Visibility An Issue?
04:40 - Common Blind Spots
06:55 - Improving Asset Inventories
09:30 - How Do You Know If You Have Poor Visibility?
13:20 - Techniques For Improving Visibility
15:05 - How To Ensure All Endpoints Are Being Scanned
18:25 - How Network Segmentation Improves Visibility
20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Lesley Carhart (hacks4pancakes)
In this special guest episode, I interview Lesley Carhart (aka hacks4pancakes) of Dragos. We'll cover a variety of topics and provide some career advice along the way!
*** Check out PancakesCon 4 at https://pancakescon.com/ coming March 19, 2023! ***
🎉 Also check out the new 13Cubed Training Course Investigating Windows Endpoints. Affordable, on-line, and on-demand training is here! Enroll now at https://training.13cubed.com/
🛠 Resources
Twitter:
https://twitter.com/hacks4pancakes
Mastodon:
https://infosec.exchange/@hacks4pancakes
TikTok:
https://www.tiktok.com/@UCezvmPw4tfO6n_FMQoN4waw
#forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=aC4jd8hQdYo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It's About Time - Timestamp Changes in Windows 11
In this episode, we'll revisit NTFS MACB timestamps and take a look at how file creations, accesses, modifications, renames, copies, and moves affect them. Then, we'll take a look at how Windows 11 has changed the behavior associated with some of those timestamps.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:24 - File Creation
02:54 - File Access and NtfsDisableLastAccessUpdate
05:12 - File Modification
06:18 - File Rename
07:33 - File Copy
09:50 - File Move
12:53 - Correction
14:02 - Timestamp Changes in Windows 11
🛠 Resources
Windows MACB Timestamps (NTFS Forensics):
https://www.youtube.com/watch?v=OTea54BelTg
Windows 11 Time Rules:
https://www.khyrenz.com/blog/windows-11-time-rules/
#Windows11...
https://www.youtube.com/watch?v=_D2vJZvCW_8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5
Get 0 In Free Linode Credit ►► https://bit.ly/39mrvRM
Get started with Intigriti: https://go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify...
https://www.youtube.com/watch?v=XcIUuwH3S9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 Year Cybersecurity Career Roadmap
In this video, I outline a concise 3-year Cybersecurity career roadmap designed for students or professionals looking to get started with a career in Cybersecurity in 2023 and beyond.
Slides: https://bit.ly/3HlM3aw
Black Hills 5-Year InfoSec Plan: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►►...
https://www.youtube.com/watch?v=oI9aaBpJvoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EZ Tools Manuals Interview with Andrew Rathbun
In this special guest episode, I interview Andrew Rathbun of Kroll to discuss the new EZ Tools Manuals he's written. This documentation provides in-depth coverage of nearly all Windows forensic tools written by Eric Zimmerman. We also discuss a few other DFIR community projects at the end, so don't miss it!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - EZ Tools Manuals
20:40 - DFIR Artifact Museum
25:48 - Digital Forensics Discord Server
🛠 Resources
EZ Tools Manuals:
https://leanpub.com/eztoolsmanuals
Vanilla Windows Reference:
https://github.com/AndrewRathbun/VanillaWindowsReference
DFIR Artifact Museum:
https://github.com/AndrewRathbun/DFIRArtifactMuseum
A Beginner's Guide to the Digital Forensics...
https://www.youtube.com/watch?v=Mz5hin8Wxak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A New Program Execution Artifact - Windows 11 22H2 Update!
In this episode, we'll take a look at a new Windows 11 Pro 22H2 program execution artifact discovered in late December 2022. We'll cover the basics and then look at this new Program Compatibility Assistant (PCA) artifact in action on a Windows 11 system.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:52 - PCA artiFACTS
02:52 - Demo
11:28 - Recap
🛠 Resources
New Windows 11 Pro (22H2) Evidence of Execution Artifact:
https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
Vanilla Windows Reference:
https://github.com/AndrewRathbun/VanillaWindowsReference
DFIR Artifact Museum:
https://github.com/AndrewRathbun/DFIRArtifactMuseum
🙏 Special Thanks for Additional Research and...
https://www.youtube.com/watch?v=rV8aErDj06A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Defense Evasion Techniques - Hiding Linux Processes
In this video, I explore the process of evading defenses on Linux by hiding Linux processes with libprocesshider.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Process Hider GitHub Repository: https://github.com/gianlucaborello/libprocesshider
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER...
https://www.youtube.com/watch?v=GT-ClZAi6rE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Persistence Techniques - SSH Keys, Web Shells & Cron Jobs
In this video, I explore the process of establishing persistence on Linux via SSH keys, local accounts, web shells, and Cron Jobs.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=tNJs8CFj_B8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT For Cybersecurity
In this video, I go over the process of how to use ChatGPT and cover various examples of how to use ChatGPT for Cybersecurity.
ChatGPT is an AI-driven chatbot launched by OpenAI in November 2022.
It is trained using Reinforcement Learning from Human Feedback (RLHF).
It is built on top of OpenAI's GPT-3.5 family of large language models and is fine-tuned with both supervised and reinforcement learning techniques.
OpenAI ChatGPT: https://chat.openai.com/chat
Timestamps:
0:00 Introduction
7:50 ChatGPT usage
10:45 Pentesting examples
13:10 Generating shells
14:25 Fuzzing
17:15 Shellcode
18:00 Custom emails
19:34 Macros
20:56 Buffer overflow
22:15 Automation
25:00 Blue team examples
28:33 ChatGPT impact on cybersecurity
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY...
https://www.youtube.com/watch?v=6PrC4z4tPB0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Privilege Escalation Techniques - Kernel Exploits & SUDO Permissions
In this video, I explore the process of elevating privileges on Linux by leveraging kernel exploits, local accounts, and misconfigured SUDO permissions.
Privilege Escalation consists of techniques adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=w2rElXYV2Fs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LastPass Data Breach - Password Security 101
In this episode of CyberTalk, I discuss the latest LastPass data breach (December 2022) and outline a failsafe password management policy for you, your family, and or your business.
The following is a set of password security and management guidelines you should follow:
1. Generate secure, random, and complex passwords.
2. Use a new and unique password for every account.
3. Store your passwords with an offline password management database/vault like KeePass.
4. Take regular backups of your password database/vault and store them in a secure location (preferably only known to you).
5. Regularly change your passwords.
6. Develop a password handover contingency plan in the event of your death or incapacitation.
7. Remember, online platforms and solutions can go out of business or may not necessarily...
https://www.youtube.com/watch?v=MsxlsGAJ97c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team Lateral Movement Techniques - PsExec & RDP
In this video, I will be exploring the process of performing lateral movement on Windows by leveraging PsExec and RDP.
Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER...
https://www.youtube.com/watch?v=QGkmlsvjMYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team Privilege Escalation Techniques - Bypassing UAC & Kernel Exploits
In this video, I will be exploring the process of privilege escalation on Windows by leveraging various privilege escalation techniques.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
Writeup: https://hackersploit.org/windows-privilege-escalation-fundamentals
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM...
https://www.youtube.com/watch?v=vPTbWnCZ0sg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation
In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts.
Writeup: https://hackersploit.org/windows-red-team-defense-evasion-techniques/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=6xexyQwG7SY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk-Based Vulnerability Management
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read The Full Case Study
----------------------------------------
https://purplesec.us/case-studies/travel-services-provider/
High Level Findings
-------------------------------
PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period:
- 75% MTTR reduction.
- 86% vulnerability risk reduction.
- M average annual savings for the client.
- 1.6k average monthly man-hour savings.
-...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MITRE ATT&CK Framework For Offensive & Defensive Operations
In this live training session, I will introduce you to the MITRE ATT&CK framework and will cover the process of operationalizing it for both offensive and defensive operations.
//LIVE TRAINING AND BOOTCAMPS
Introduction To C2 Frameworks: https://cyberranges.clickmeeting.com/introduction-to-c2-frameworks-3-day-webinar/register
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials...
https://www.youtube.com/watch?v=ujaoOWmkGLY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updates & Content Schedule - Q4 2022 - Q2 2023
This video outlines the latest updates from the HackerSploit team and goes over the content development plan for Q4 2022 - Q2 2023.
//CERTIFICATIONS
Certified Exploitation & Post-Exploitation Professional (CEPP): https://cyberranges.clickmeeting.com/exploitation-post-exploitation-3-day-bootcamp/register
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT...
https://www.youtube.com/watch?v=BnkhIpfc1aU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read the full article... https://purplesec.us/learn/vulnerability-management-program/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/vulnerability-remediation/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users.
The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID.
More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=hd4dy1jZPS0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is Vulnerability Management? (Explained By Experts)
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Ngrok
Additional information can be found at ngrok.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DRIbd9-bXvA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Hackerwares
Additional information can be found at hackerware.io.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ImZPTNDX1L0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - SEKTOR7
Additional information can be found at sektor7.net.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=eqaEunkWTcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Offensive Security
Additional information can be found at www.offensive-security.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=_Hd6p1do7rw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Write A Penetration Testing Report
This video outlines the importance of penetration testing reports and what makes up a good penetration testing report.
//LINKS
Penetration Test Reports: https://pentestreports.com/
SANS Whitepaper: https://www.sans.org/white-papers/33343/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link...
https://www.youtube.com/watch?v=J34DnrX7dTo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - BC Security
Additional information can be found at www.bc-security.org.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RCXMqdr2h5k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Performing Web Searches From Your Terminal
How to perform web searches from your terminal with Oh My Zsh.
Oh My Zsh: https://ohmyz.sh/
How to setup Oh My Zsh: https://www.youtube.com/watch?v=njDuayF9Q6k
Web Search Plugin: https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/web-search/web-search.plugin.zsh
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN...
https://www.youtube.com/watch?v=64TlFUnPiz4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)