16 - Open Redirect (low/med/high) - Damn Vulnerable Web Application (DVWA)
16 - Open Redirection (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂 ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢Damn Vulnerable Web Application (DVWA)↣ https://github.com/digininja/DVWA ↢Open Redirects↣ @PwnFunction: https://www.youtube.com/watch?v=4Jk_I-cw4WE https://learn.snyk.io/lessons/open-redirect/javascript https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect https://cwe.mitre.org/data/definitions/601.html https://portswigger.net/support/using-burp-to-test-for-open-redirections ↢Chapters↣ Start...
https://www.youtube.com/watch?v=I5jko9mLNO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille

N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c
Fun stream hanging out with @c3rb3ru5d3d53c and trying to reverse engineer her malware challenge! API hashing, stack strings, and rick rolls, we've got it all! Full workshop samples and solutions: https://github.com/c3rb3ru5d3d53c/reworkshop ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=amnvrOLRGHA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting the Cloud from Ransomware | Host: Ryan Chapman | June 20, 2023
Ransomware continues to pose a serious threat to organizations, and the threat is only growing as ransomware attacks increase in sophistication and number. This episode of Wait Just an Infosec is hosted by ransomware subject-matter expert Ryan Chapman, who invites on cloud DFIR SME Megan Roddie and other special guests for a lively discussion aimed at helping arm our community with actionable tactics to combat ransomware attacks in cloud environments. Receive an overview of what is actually happening in the cloud with ransomware, and get your questions answered in a live Q&A with the experts. #WJAI #WaitJustanInfosec #Infosec #Cybersecurity #InformationSecurity #Ransomware #CloudSecurity #RansomwareTraining #RansomwareCourse #RansomwareSummit
https://www.youtube.com/watch?v=oP81aSassNo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is PowerShell the root of all Hacking evil? (Cybersecurity needs a solution!)
Why are hackers winning the ransomware war? A very big thank you to Cisco for sponsoring my Cisco Live trip and this video. In this video I interview Tom Gillis about why hackers are winning and how to protect ourselves against the attacks. Go here for more information about the announcements: https://newsroom.cisco.com Cisco Talos Video: https://youtu.be/SyaP9GDNIug // Tom's Socials// Twitter: https://twitter.com/_tomgillis LinkedIn: https://www.linkedin.com/in/tomgillis1 Cisco Newsroom: https://newsroom.cisco.com/c/r/newsroom/en/us/executives/tom-gillis.html // David's Social // Discord: https://discord.gg/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co...
https://www.youtube.com/watch?v=OXRWk4jWMJs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Now Scammers Can RENT Email Addresses for Cybercrime
https://j-h.io/snyk || Try Snyk to find vulnerabilities in your own code and applications FOR FREE ➡ https://j-h.io/snyk Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble Bundle ➡ https://j-h.io/humblebundle 🐶Snyk...
https://www.youtube.com/watch?v=O36COhOWFg0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2

How to do asset detection at home — and for free | Cyber Work Hacks
Huxley Barbee, security evangelist at runZero, talks about the nuts and bolts of asset detection on a large scale, specifically around the U.S. federal government's current directive. Here, we will shrink the playing field and tell newcomers to security how to do your home asset detection! 0:00 - Asset detection at home 1:18 - What is asset detection? 2:44 - Is asset detection difficult? 3:39 - Do asset detection on your network 4:45 - Asset detection on a school network 6:50 - How to put asset detection on your resume 9:44 - What to study for asset detection roles 10:31 - Learn more about runZero 11:15 - Outro About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications...
https://www.youtube.com/watch?v=96-TKk2BwSk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FAKE Microsoft Login to Hacked Charity Scam
https://j-h.io/proton || Get privacy by default with Proton, and stop other companies from exploiting your data! You can get started with Proton for free at https://j-h.io/proton Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble...
https://www.youtube.com/watch?v=3Vy2l1kv7Cc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Bug Bounty Hunting with These Resources!
I made this video a few years ago but as you can imagine the bug bounty community moves quickly, so here is a new list of resources for 2023 and some of my favourite newsletters, YouTube channels, blogs, write ups, books and more that I recommend if you're just getting started!
https://www.youtube.com/watch?v=guh96GpGWx8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Return Address Spoofing Tutorial
🔥 Hide From Anti-Cheats by Using Return Address Spoofing 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗GH Article: https://guidedhacking.com/threads/return-address-spoofing.20390/ Full Credits to namazso - we are just explaining how his code works 🔗 https://www.unknowncheats.me/forum/anti-cheat-bypass/268039-x64-return-address-spoofing-source-explanation.html 📜 Video Description: Return address spoofing is a technique frequently utilized in numerous exploits, including buffer overflow attacks. Understanding how to spoof return addresses can provide insight into this often-used trick in the world of reverse engineering and video game...
https://www.youtube.com/watch?v=bSQau-PaCTE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity and Networking just changed!
Cybersecurity and Networking just changed with major announcements from Cisco. Cisco have announced new platforms and solutions that integrate AI and native telemetry to stop cyber attacks and better manage networks. This includes the major goal of simplification. A very big thank you to Cisco for sponsoring my Cisco Live trip and this video. In this video I interview Jeetu Patel and Jonathan Davidson about the future of networking and cybersecurity (and the effects of AI on all of us). Go here for more information about the announcements: https://newsroom.cisco.com // Jeetu's Social // Twitter: https://twitter.com/jpatel41 LinkedIn: https://www.linkedin.com/in/jeetupatel //Jonathan's Social // Twitter: https://twitter.com/jonathandavidsn LinkedIn: https://www.linkedin.com/in/jonathandavidson1...
https://www.youtube.com/watch?v=hNHsYgLQsg0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Amazon FINED For Privacy Violations - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links This MacOS flaw can bypass security protections, Russia Accuses the US of hacking iphones, and Amazon is hit with a fine for privacy violations! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: xxx Chapters: 00:00 MacOS Flaw Bypasses Security Protection 03:44 Russia Accuses US of iOS Hacking 06:44 Amazon Fined...
https://www.youtube.com/watch?v=0XyODke1vt4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What it's like to work in asset discovery? | Cyber Work Podcast
Tech evangelist Huxley Barbee from runZero talks about some of the basic day-to-day work that goes into asset discovery and asset inventory, including the challenges of using conventional security tools like port scanners and fuzzing, which could disrupt network operations. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune...
https://www.youtube.com/watch?v=_-U95cXvB-M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The importance of assets in cybersecurity | Cyber Work Podcast
Tech evangelist Huxley Barbee from runZero talks about some of the basic day-to-day work that goes into asset discovery and asset inventory, including the challenges of using conventional security tools like port scanners and fuzzing, which could disrupt network operations. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune...
https://www.youtube.com/watch?v=XKCc2aHpQbs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Importance of a full asset inventory | Cyber Work Podcast | #shorts
Tech evangelist Huxley Barbee from runZero talks about a practical reason why companies should across the board be working on a full asset inventory of their network; when a breach inevitably happens, there's nothing worse than finding out it came from an asset you didn't even know was still on the system. About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security...
https://www.youtube.com/watch?v=djUHxVkqoOc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is the FOR528: Ransomware for Incident Responders course all about?
Listen to FOR528: Ransomware for Incident Responders course author Ryan Chapman as he provides a detailed description of what the course is all about and how the course's extensive hands-on labs make this class a must take for all DFIR practitioners. For more information about the course visit: https://www.sans.org/cyber-security-courses/ransomware-incident-responders/
https://www.youtube.com/watch?v=wWZ6bo5Fjk8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The nuts and bolts of asset detecting and asset mapping | Guest Huxley Barbee
Tech evangelist Huxley Barbee from runZero talks about asset detection, the day-to-day work of asset detection and asset mapping. Go beyond the theory and speculation about whether the U.S. federal government will implement it on time and join Barbee as he walks you through how it's all done and what you need in order to do it well. 0:00 - Asset detection and asset mapping 2:56 - Getting into cybersecurity 4:12 - Shifting roles in cybersecurity to evangelist 6:02 - What does a security evangelist do? 8:30 - What is BSides NYC? 14:41 - Planning in cybersecurity assets 22:50 - Tools and techniques of asset inventory 32:13 - The importance of asset discovery 34:25 - Skills needed to work in asset detection 37:32 - Cybersecurity starts and ends with assets 42:22 - What does runZero do? 44:44...
https://www.youtube.com/watch?v=taUE5u_cTdE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers exploit new top-level domains: Are your employees ready? | Hacker Headlines
Google recently published two top-level domains that could spell trouble if you're not practicing cyber-safe behaviors. In this episode of Hacker Headline, Keatron Evans, VP of Portfolio and Product Strategy at Infosec, covers how to stay vigilant against hackers who are taking advantage of two file-type domains in hopes of stealing your data and exploiting your device. Watch this training module and explore related resources in our security awareness training platform, Infosec IQ! Don't have an account, meet with a member of our team to get started! Learn more here: https://www.infosecinstitute.com/form/infosec-iq-demo-google-domains/ About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills...
https://www.youtube.com/watch?v=Im7jNrLJ-uA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BECOME AN ETHICAL HACKER!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training Comptia A+ Full Course: - CompTIA A+ Full Course - https://www.youtube.com/watch?v=1CZXXNKAY5o&pp=ygUWY29tcHRpYSBhKyBmdWxsIGNvdXJzZQ%3D%3D - How to Pass your 220-1101 and 220-1102 A+ Exams - https://www.youtube.com/watch?v=87t6P5ZHTP0&list=PLG49S3nxzAnnOmvg5UGVenB_qQgsh01uC Comptia Network+ Full Course: - CompTIA Network+ Full Course - https://www.youtube.com/watch?v=xmpYfyNmWbw - How to Pass Your N10-008 Network+ Exam - https://www.youtube.com/watch?v=As6g6IXcVa4&list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G Learn Python: - Learn Python in ONE Hour - https://www.youtube.com/watch?v=kqtD5dpn9C8 - Learn Python - Full Course for Beginners - https://www.youtube.com/watch?v=rfscVS0vtbw - Codecademy Python: https://try.codecademy.com/learn-python-3...
https://www.youtube.com/watch?v=GyktHRmkBWU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hands-on Ransomware: Exploring Cybercrime
Check out what Ryan is up to: https://twitter.com/rj_chap My Lockbit tweet: https://twitter.com/_JohnHammond/status/1572562824878239745 00:00 - Ryan Chapman, Malware Analyst 00:30 - Introduction 04:29 - First Demo 07:29 - Configuring RAASNet 15:58 - Building RAASNet 18:17 - Detonating RAASNet 21:41 - Builder Archive 23:37 - Second Demo 26:20 - Building Yashma 27:54 - Third Demo 30:08 - Configuring Lockbit 35:01 - Building Lockbit 37:50 - Final Thoughts Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point...
https://www.youtube.com/watch?v=9zEXov_L0os
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reverse Engineering Skid Malware
🔥 Analyzing an unknown malware we found on Triage 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗Article Link: https://guidedhacking.com/threads/reverse-engineering-skid-malware.20375/ 📜 Video Description: Finding and studying intriguing malware is something I frequently do by scrolling through the public reports of the Triage sandbox website, where users execute their samples. On one such occasion, I stumbled across a rather interesting piece of skid malware. This skid malware caught my attention because it had a high score but no family detected, meaning the employees at Triage had not yet written a detection for it. This indicated that...
https://www.youtube.com/watch?v=0BASO4I7XhU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I got Pwned ... and so did you! (you're likely in the 12 Billion)
Our data is out there! Have I Been Pwned. Yes, and so have you (most likely) because of all the data breaches taking place every day. 12 Billion accounts have been compromised. This is a security nightmare! Check if your data was found in a data breach: E-mail address: https://haveibeenpwned.com/ Password: https://haveibeenpwned.com/Passwords Pwned Websites: https://haveibeenpwned.com/PwnedWebsites // Troy's SOCIAL // Youtube: https://www.youtube.com/user/troyhuntdotcom Website: https://www.troyhunt.com/ Website: https://haveibeenpwned.com/ Twitter: https://twitter.com/troyhunt Facebook: https://www.facebook.com/troyahunt LinkedIn: https://www.linkedin.com/in/troyhunt // David's SOCIAL // Discord: https://discord.gg/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram:...
https://www.youtube.com/watch?v=4sQ1teIVXw0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today! In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey! Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Pentest Tutorial (Active Directory Game Over!)
Get your 10% discount here: https://www.offsec.com/review/david-pwk-2023/ Disclaimer: I was NOT paid for this interview. I wanted to make this video because it affects many of you watching and is a major topic on the OSCP exam. However, OffSec did give me access to Learn One for one year so I could see the course content. This has helped me prepare for the interview. Hopefully I'll be able to make more content covering what is in the PEN 200 course in future :) // Documentation // Changes: https://www.offsec.com/offsec/pen-200-2023/ Course: https://www.offsec.com/courses/pen-200/ // Offsec // Twitter: https://twitter.com/offsectraining Website: https://www.offsec.com/ LinkedIn: https://www.linkedin.com/company/offsec-training/ // Remi's SOCIAL // LinkedIn: https://no.linkedin.com/in/remi-solberg-8991b910a //...
https://www.youtube.com/watch?v=f8jGhLwCa28
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat Asia 2023 Highlights
Check out all the highlights from Black Hat Asia 2023 at the Marina Bay Sands Singapore. Visit our Flickr page for the event photos: https://www.flickr.com/photos/blackhatevents/albums/ . #cybersecurity #infosec #blackhat
https://www.youtube.com/watch?v=mR39R68BmyA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Emulation & Purple Teaming (with PlexTrac Runbooks)
This is a fully featured and dedicated video for our sponsor PlexTrac. https://j-h.io/plextrac || Perform adversary emulation all inside of PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://j-h.io/plextrac 😎 00:00 - Plextrack Runbooks 00:57 - Introduction 02:47 - Demo Begin 07:47 - Quick Q&A Session 10:33 - Final Thoughts Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development...
https://www.youtube.com/watch?v=jSIybWI4DzA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Catch me if you can! #shorts
Big thanks to NetAlly for sponsoring this video and supporting the channel! Full video here: https://youtu.be/zZR0mycMksU Learn more about the CyberScope here: https://davidbombal.wiki/netally #wifi #nmap #hacking
https://www.youtube.com/watch?v=AK6eop6lupo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cheat Engine Movement Speed Hack Tutorial 🔥 GHS211
🔥 Learn How to Make a Cheat Engine Movement Speed Hack! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗Article: https://guidedhacking.com/threads/cheat-engine-movement-speed-hack-tutorial-ghs211.20389/ 🔗Beginner Tutorials: https://guidedhacking.com/forums/game-hacking-shenanigans/ 🔗How to Find Coordinates: https://guidedhacking.com/threads/how-to-find-position-coordinates-with-cheat-engine.14000/ 📜 Description: Cheat Engine Movement Speed Hack in Sekiro: A Step-by-Step Walkthrough Welcome to our comprehensive walkthrough on creating a super speed mod for the mountainous world of Sekiro! We'll be delving deep into the mechanics of...
https://www.youtube.com/watch?v=7xQYOUUwznI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is this NEW Generative AI Feature a GAME CHANGER? [Adobe Firefly]
A demo of Adobe Firefly, the new generative AI functionality in Photoshop. We'll explore various applications of the ethical AI-assisted editing feature, including generative fill (beta) to edit a photograph. First, we'll remove the people (and other objects) from the beach. Next, we'll extend/expand the image, generating additional content that seamlessly clicks into the image. We'll also replace the sky, change the sand and add a variety of animals and objects. Finally, we'll play around with a cartoon image (CryptoCat) to see how the AI functionality works with illustrations. During the course of the video, we'll discuss some of the advantages/disadvantages, talk about bugs, design choices (stock images only) and cyber-security implications (deep fakes). Hope you enjoy this video, next...
https://www.youtube.com/watch?v=oLxIrRzWhUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Can CI/CD Go Horribly Wrong?
In this video we'll learn the basics of Continuous Integration and Continuous Deployment (CI/CD) and what security implications it has – with a live demo example, showcasing how we can perform direct pipeline poisoning to execute code and ultimately leak sensitive production info like AWS credentials! You can learn more about Carlos Polop, Ignacio Dominguez or the security audits and assessments that HALBORN performs at https://j-h.io/halborn 00:00 - How Can CI/CD Go Horribly Wrong? 01:19 - What is CI/CD? 03:47 - Common Misconfigurations 06:19 - Start of Demonstration 10:16 - Pipeline Poisoning Explanation 12:00 - Showcasing Direct Pipeline Poisoning 17:04 - Security Takeaways Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔...
https://www.youtube.com/watch?v=IzdWk6nA_Ho
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Open Source Intelligence with The Grugq | 401 Access Denied Podcast Ep. 81
Open Source Intelligence with The Grugq | 401 Access Denied Podcast Ep. 81 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=open-source-intelligence-with-the-grugq Given the complex and evolving nature of security, how do different countries approach cyber strategy on a global scale? In this episode of 401 Access Denied, Joe Carson is joined by the one and only Thaddeus E. Grugq (“The Grugq”), who brings along decades of security research and operational security experience. They explore various countries' approaches to cyber operations, including the US, UK and EU, India, Russia, and China. The Grugq also touches on the importance of legal frameworks, cooperation between different government entities, and the dynamic relationships between intelligence...
https://www.youtube.com/watch?v=pTzFpaVT8Us
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapid Windows Memory Analysis with Volatility 3
https://j-h.io/cysec || Find your next cybersecurity career! CySec Careers is the premiere platform designed to connect candidates and companies. Try it for free! https://j-h.io/cysec Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble...
https://www.youtube.com/watch?v=EqGoGwVCVwM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring the Latest Dark Web Onion Sites
https://j-h.io/flare-systems || Track down any information leaks or cyber threat intelligence with Flare Systems, try a free trial and uncover your exposed attack surface! https://j-h.io/flare-systems Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training...
https://www.youtube.com/watch?v=OGqgGwFFQ3o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's the Future of AI in Cybersecurity and Hacking (are we doomed)?
Is AI going to end the world? No more jobs in Cybersecurity? Are we going to survive the attacks? Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal // Mr Robot Playlist // https://www.youtube.com/playlist?list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Occupy The Web social // Twitter: https://twitter.com/three_cube // OTW classes // Hacker's Arise Pro Subscription: https://hackers-arise.com/online-store/Member-PRO-p444073646/?afmc=1d Get...
https://www.youtube.com/watch?v=OJxRruHrSow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Dark Web URL Shortener Sucks

https://www.youtube.com/watch?v=xpvUZJNhMTw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It's DNS again 😢 Did you know this Malware Hack?
Chris Greer is back to show us Malware that Hackers could use to attack you (in this case using DNS). Chris is the man I talk to about Wireshark! Did you learn something new in this video? Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal // Chris SOCIAL // YouTube: https://www.youtube.com/c/ChrisGreer Wireshark course: https://davidbombal.wiki/chriswireshark Nmap course: https://davidbombal.wiki/chrisnmap LinkedIn: https://www.linkedin.com/in/cgreer/ Twitter: https://twitter.com/packetpioneer // David SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal...
https://www.youtube.com/watch?v=slNe6z9gFv0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Raspberry Pi Malware uses IRC Remote Access Trojan (RAT)
https://j-h.io/snyk || Try Snyk to find vulnerabilities in your own code and applications FOR FREE ➡ https://j-h.io/snyk Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble Bundle ➡ https://j-h.io/humblebundle 🐶Snyk...
https://www.youtube.com/watch?v=DmJSLGaJBiw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS Threat Analysis Rundown | Katie Nickels
Join SANS Certified Instructor Katie Nickels as she gives the rundown on the latest cyber threat topics you should know about. This month, Katie will be joined by Jamie Collier and Shanyn Ronis of Mandiant to discuss a foundation of cyber threat intelligence: requirements. Jamie and Shanyn will share findings from their recent work on what it means to be requirements-driven in practice. Attendees will hear actionable advice on how intelligence functions can implement requirements within their organizations. Katie Nickels, @likethecoins, https://www.linkedin.com/in/katie-nickels/ Jamie Collier, @TheCollierJam, https://www.linkedin.com/in/collierjs/ Shanyn Ronis, @SRRonis, https://www.linkedin.com/in/shanyn-ronis/ FOR578: Cyber Threat Intelligence https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/...
https://www.youtube.com/watch?v=wgigBNZLZ1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding The PEB for Reverse Engineers
Full Patreon tutorial (with examples): https://www.patreon.com/posts/understanding-1-83402055 https://www.patreon.com/posts/understanding-2-83402366 Vergilius Project https://www.vergiliusproject.com/ ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=uyisPPTupmA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beginner Malware Analysis CTF ⭐️ CyberDefenders RE101
🔥 Learn How To Complete This Beginner Malware Analysis CTF 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/cyberdefenders-re101-malware-ctf-walkthrough.20367/ 🔗 CyberDefenders RE101: https://cyberdefenders.org/blueteam-ctf-challenges/36#nav-questions 🔗 CyberDefenders Twitter https://twitter.com/cyberdefenders 📜 Video Description: Malware analysts, particularly those at a beginner malware analysis stage, need to constantly practice and use their skills so that they can improve and be prepared for any situation. In this video, we look at the challenges offered by CyberDefenders (CyberDefenders...
https://www.youtube.com/watch?v=_lzPubejr4U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#osint #doxxing #cybersecurity #shorts

https://www.youtube.com/watch?v=L5sin2dTY_w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn about crypto crime working for the federal government | Cyber Work Podcast | #shorts
CAT Labs CEO and founder Lili Infante says one way to learn how to work in crypto crime, dark web investigating and crypto fraud is to work for the federal government right out of college. The work is mission-driven and not business driven so you don't have to worry about “making your numbers” for the month. And because of the amount of intelligence available, you'll get an immersive amount of context around the current threat agents. About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec...
https://www.youtube.com/watch?v=2vdL6xzEp3s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

KeePass Master Passwords Could Be Stolen - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links TP-Link home routers are being targeted in attacks, stealing master passwords from KeePass, and these end of life smart plugs can get hacked! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/CCYVeRPDx94 Chapters: 00:00 TP-Link Home Routers Targeted 02:34 Stealing KeePass Master Passwords 04:32...
https://www.youtube.com/watch?v=CCYVeRPDx94
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What it's like to investigate dark web markets | Cyber Work Podcast
CAT Labs CEO and founder Lili Infante explains her background investigating Dark Web markets, as well as the harder and easier things about fighting these criminals. On one hand, they don't need to go undercover, because everyone is undercover here. On the other hand, it's harder for criminals to “flip” on their bosses since they don't always know who they're working for. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees...
https://www.youtube.com/watch?v=alRXf8AgPcY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to work with crypto scams | Cyber Work Podcast
CAT Labs CEO and founder Lili Infante gives advice to students or individuals who want to get into work with crypto scams. Some of her tips are to be a self-directed learner, learn by doing and work toward a job in the government. Those two things will kick-start your career faster than anything. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More...
https://www.youtube.com/watch?v=6NG7rVCU1Cw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kali NetHunter Pro in 6 minutes
You can easily install Kali Linux NetHunter on a Pine Phone in only a few minutes! If you are new to this, watch this video which shows you how to install Kali NetHunter on most Android phones: https://youtu.be/KxOGyuGq0Ts // MENU // 00:00 - Intro 00:35 - Downloading and Installing Required Software 02:43 - Flashing and Starting up Tow-Boot Bootloader 04:42 - Flashing and Installing Kali NetHunter 06:15 - Booting the Pine Phone with Kali NetHunter installed // Equipment used // Pine Phone: https://pine64.com/product/pinephone-beta-edition-with-convergence-package/ // David SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co...
https://www.youtube.com/watch?v=i1bDofmvhNw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The current state of crypto crime | Guest Lili Infante
CAT Labs CEO and founder Lili Infante worked as a special agent for the U.S. Department of Justice for 10 years specializing in cryptocurrency's use in dark web investigations. Infante gives us the insider's view of dark web investigations, why it's so difficult to prosecute dark web actors when anonymity extends all up and down the hierarchy, the current state of dark web markets, and the rise of state-sponsored crypto crime organizations like North Korea's Lazarus Group. Plus, Infante gives you some expert advice on getting started in crypto crime investigation and forensics research! You don't need a Tor browser for this info. 0:00 - Crypto crime in 2023 2:46 - How Lili Infante began in cybersecurity 4:50 - Economics, bitcoin and crypto 9:20 - Liberal arts education and cybersecurity 14:05...
https://www.youtube.com/watch?v=hs6Qs3pKf7c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Finding Your First Bug
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=F9dV5lH8nvo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A File's Life - File Deletion and Recovery
In this episode, we'll look at exactly what happens when you delete a file from an NTFS file system. Then, we'll talk about file "undeletion" versus file carving, and use PhotoRec to perform file carving against a mounted disk image. Lastly, we'll explore techniques to search through that recovered data using an Ubuntu WSL 2 instance. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 13:12 - PhotoRec Demo 19:03 - Searching Recovered Data 🛠 Resources PhotoRec: https://www.cgsecurity.org/wiki/PhotoRec Recycle Bin Forensics: https://www.youtube.com/watch?v=Gkir-wGqG2c Let's Talk About NTFS Index Attributes: https://www.youtube.com/watch?v=x-M-wyq3BXA #Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=4zlk9ZSMa-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

C++ IMGUI Menu Tutorial - MEGA GUIDE
🔥 Learn How to Make a C++ IMGUI Menu In This 7 Chapter MEGA GUIDE 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking What You Will Learn: 1) How to Add Images 2) Custom Fonts 3) Custom Icons 4) Change ImGui Styling 5) Use Separators 6) Animated Borders 7) Animated Text 🔗 Article Link: https://guidedhacking.com/threads/c-imgui-menu-tutorial-mega-guide.20371/ 📜 Video Description: C++ IMGUI Menu Tutorial Welcome to this comprehensive imgui tutorial focusing on C++ IMGUI menus. The primary target audience here are reverse engineers like us, who develop imgui cheat menus. Our mission today is to discuss several essential aspects, including images,...
https://www.youtube.com/watch?v=2B_qzPHV4MQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

His new gadget any good at catching rogue devices?
What tools and gadgets does Chris Greer use for packet analysis, device discovery and threat hunting? Here's one of his newest tools! What is it and is it any good? I trust Chris. When Chris tells me he uses a product in the real world, I listen to him. What do you think? Like this or not? A big thank you to NetAlly for supporting my channel so I can create more free content! Huge thank you to all of you who watch my videos and support me! 😀 Learn more about the CyberScope here: https://davidbombal.wiki/netally // Chris SOCIAL // Wireshark course: https://davidbombal.wiki/chriswireshark Nmap course: https://davidbombal.wiki/chrisnmap LinkedIn: https://www.linkedin.com/in/cgreer/ YouTube: https://www.youtube.com/c/ChrisGreer Twitter: https://twitter.com/packetpioneer // David SOCIAL...
https://www.youtube.com/watch?v=zZR0mycMksU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

15 - Authorisation Bypass (low/med/high) - Damn Vulnerable Web Application (DVWA)
15 - Authorisation Bypass (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂 ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢Damn Vulnerable Web Application (DVWA)↣ https://github.com/digininja/DVWA ↢Authorisation Bypass↣ https://portswigger.net/web-security/access-control https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References ↢Chapters↣ Start...
https://www.youtube.com/watch?v=Qcgu34eWQa4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stay Ahead of Ransomware Livestream Series - Episode 2
Stay Ahead of Ransomware Livestream Series with Ryan Chapman and Mari DeGrazia Episode 2: Ransomware Gangs Continue to Evolve Attend this SANS LIVE session to learn about how ransomware gangs are evolving to maintain their edge. In 2019, the industry saw change from single to double extortion. The second stage of extortion, data exfiltration, has now become the primary means by which several groups extort their victims. Did you know that some "ransomware" groups are no longer encrypting their victim's environments? Why is this happening? How can this affect you and YOUR organization? We'll provide an overview of what's truly happening with ransomware and end with a Q&A session so that YOU can ask us questions.
https://www.youtube.com/watch?v=UIbmwHUQxTc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Revealing Secrets with Information Disclosure Bugs
Information disclosure is really broad, ranging from technical things like finding API keys or code review, to that webpage is displaying my address publicly! So they can be great bugs particularly if you don't have access to a regular computer or you're not familiar with This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your...
https://www.youtube.com/watch?v=l5GKb8UDSq0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ChatGPT Analyzes Fake ChatGPT Malware
https://j-h.io/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://j-h.io/plextrac 😎 Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble...
https://www.youtube.com/watch?v=poIZDuAWrOo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Flaw in Ruckus WiFi APs - Update Firmware ASAP - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links Update your Ruckus, GitHub improves open source repo security, and Discord discloses a data breach! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/TKfxOTvt27o Chapters: 00:00 Ruckus WiFi AP Flaw 02:19 GitHub Pushes Protection 03:57 Discord Data Breach Links: Resources for stories are available...
https://www.youtube.com/watch?v=TKfxOTvt27o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity in the Boardroom with Art Gilliland | 401 Access Denied Ep. 80
Cybersecurity in the Boardroom with Art Gilliland | 401 Access Denied Ep. 80 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=cybersecurity-in-the-boardroom-with-art-gilliland On paper, the board of a company should serve to protect the security of their business. But what functions are actually involved in that process? In this episode of 401 Access Denied, Joe Carson is joined by Delinea's own CEO, Art Gilliland. Hear straight from the source what exactly goes into leading a company from the security practitioner's perspective. This inside scoop will demystify what goes on in corporate board rooms, and the big decisions that trickle down through the rest of the company. Tune in to learn more from this unique vantage point! Follow Art: ~https://twitter.com/artgilliland ~https://www.linkedin.com/in/artgilliland...
https://www.youtube.com/watch?v=51GcW-2wu1Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Don't People Want Security?
This is a fully dedicated video for our sponsor Passbolt. https://j-h.io/passbolt || Use a password manager to keep all your credentials secure -- my code JOHN-HAMMOND will save 20% off!! https://j-h.io/passbolt 00:00 - Background 00:39 - Begin interview 01:00 - Abnormal reservations? 03:50 - How do we combat that confusion? 07:48 - Open Source Open Audit? 09:08 - Centralized Database Woes. 13:52 - New folder feature! 18:03 - Wrap up Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified...
https://www.youtube.com/watch?v=bwc8r9LaLLw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

0,000 in two months with #bugbounty! #infosec #ethicalhacking #cybersecurity

https://www.youtube.com/watch?v=Da_bHZnDPkA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Changed My Life!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=Rvz8cIilxfI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

👨‍💻 How to Find Malware C2 Panels 🔎 Skid Hunting 👀
🔥 Learn How to Find C2 Panels and Laugh at Cyber Criminals 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/how-to-find-malware-c2-panels-threat-hunting.20358/ 🔗 ViriBack C2 Tracker: https://tracker.viriback.com/ 🔗Censys: https://search.censys.io/ 🔗Shodan: https://malware-hunter.shodan.io/ 🔗 ThreatFox: https://threatfox.abuse.ch/ 🔗URLScan.io: https://urlscan.io/ 📜 Video Description: How to Find C2 Panels Understanding and Locating Malware Command and Control Web Panels In the world of malware, command and control web panels are the real puppet masters. They're the platforms where...
https://www.youtube.com/watch?v=5a-wajRy-jc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to be Invisible Online (and the hard truth about it)...
Don't be fooled ... Occupy The Web (OTW) tells us the hard truth about being anonymous online. The brutal truth: Will using your neigbors wifi keep you anonymous? Can you hide from the NSA? Can you hide from Google and other companies? Will Tor help you? Will Proxy Chains help? Which phone do you need to use - Android or iPhone or something else? Which operating system - Windows, macOS or Linux? What is the truth? What do you need to use? // Mr Robot Playlist // https://www.youtube.com/playlist?list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co...
https://www.youtube.com/watch?v=LEbAxsYRMcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Intruder Alert Podcast - Ep. 3 - Hacktivism and Bug Bounties with Nahamsec
Join host Marcus Hutchins, world-renowned hacker, and hacker NahamSec as they discuss hacktivism, learning how to hack online, and bug bounties. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey! Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=sSBi5VsseWY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Raspberry Pi Chip Shortage Update (Eben Upton Interview)
I ask Eben Upton the difficult questions in this interview. Why is there no stock available? When will there be stock? Why is the hobbyist community not able to buy Raspberry Pi's? Eben explains how he has had to make some of the most painful and difficult decisions in his life. // Raspberry Pi // Twitter: https://twitter.com/Raspberry_Pi YouTube: https://www.youtube.com/raspberrypi LinkedIn: https://www.linkedin.com/company/raspberrypi/ Facebook: https://www.facebook.com/raspberrypi Instagram: https://www.instagram.com/raspberrypi/ // Raspberry Pi Foundation // YouTube: https://www.youtube.com/c/RaspberryPiFoundation Twitter: https://twitter.com/Raspberry_Pi Raspberry Pi Foundation: https://www.raspberrypi.org/ Facebook: https://www.facebook.com/RaspberryPiFoundation Instagram: https://www.instagram.com/raspberrypifoundation/ //...
https://www.youtube.com/watch?v=6HrbU2G6fU4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hide a Hacker's Reverse Shell in ONE Command
https://j-h.io/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://j-h.io/plextrac 😎 Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble...
https://www.youtube.com/watch?v=gzv3d7rvjKA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is CompTIA's Cloud+ certification right for you? | Cyber Work Hacks
James Stanger, chief technology evangelist at CompTIA, talks about CompTIA's Cloud+ certification and why security professionals really need to consider adding it to the certification toolbox. 0:00 - CompTIA Cloud+ certification 1:06 - Benefits of Cloud+ 3:24 - Cloud+ is vendor agnostic 6:27 - Preparing for Cloud+ 8:43 - Cloud+'s future 11:18 - Good Cloud+ training 12:50 - How to study for Cloud+ 14:26 - Outro About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their...
https://www.youtube.com/watch?v=jfndZ03b0do
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

🛠️ Windows Virtual Memory Explained 📚 Windows Internals 💻
🔥 Learn How Virtual Memory Works on Windows Operating System 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/windows-virtual-memory-explained-windows-internals.20362/ 📜 Video Description: Virtual memory is an essential concept in computer science that allows an operating system to create the illusion of having more memory than what is physically available. This Virtual Memory tutorial' explains how Windows uses this system, giving a glimpse into the Windows Internals. At the core of virtual memory is the concept of paging. Both virtual and physical memory are divided into four-kilobyte chunks,...
https://www.youtube.com/watch?v=CdQ2EYKfB8g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Getting Started in Firmware Analysis & IoT Reverse Engineering
https://j-h.io/bugprove || For blazing-fast automated IoT firmware analysis and zero-day discovery, you can use BugProve FOR FREE: https://j-h.io/bugprove Kavishka Gihan's original Medium article: https://kavigihan.medium.com/iot-hacking-reversing-a-router-firmware-df6e06cc0dc9 Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee 📗Humble Bundle ➡ https://j-h.io/humblebundle 🌎Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin ↔ https://j-h.io/instagram ↔ https://j-h.io/tiktok 📧Contact me! (I may be very slow to respond or completely unable to) 🤝Sponsorship Inquiries ➡ https://j-h.io/sponsorship 🚩 CTF Hosting Requests...
https://www.youtube.com/watch?v=zs86OYea8Wk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Memory Forensics Acquisition Cloud
For webcast slides , please visit here: https://www.sans.org/webcasts/memory-forensics-acquisition-in-the-cloud/ As more and more organizations begin moving their resources to the cloud, analysts and responders must be prepared to operate in this new landscape. One aspect of traditional forensics that we must learn to implement in the cloud is memory forensics. In this webcast, Mat Fuchs (author and instructor for FOR532: Enterprise Memory Forensics In-Depth) and Megan Roddie (co-author and instructor for FOR509: Enterprise Cloud Forensics and Incident Response) look at how to approach memory forensics when responding to incidents in cloud environments. First, we'll explain what cloud services fall in scope when discussing memory forensics. Next we'll discuss the tools, services, and...
https://www.youtube.com/watch?v=5Nb_iZBiUVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Adds Passkey Support - Upgrade Now! - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links Stopping Bluetooth Stalking, MSI was hacked, and Google adds Passkey support! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/fBCdq6gdJAE Chapters: 00:00 Stopping Bluetooth Stalking 02:20 MSI Hacked 04:31 Upgrade to Passkeys Links: Resources for stories are available on Patreon exclusively,...
https://www.youtube.com/watch?v=fBCdq6gdJAE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity
https://j-h.io/pwyc || Jump into Pay What You Can training -- at whatever cost makes sense for you! https://j-h.io/pwyc Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble Bundle ➡ https://j-h.io/humblebundle 🐶Snyk...
https://www.youtube.com/watch?v=wiQ8U5mFncw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Thinking ahead for cybersecurity customers | Cyber Work Podcast | #shorts
Leonid Belkind, Torq's chief technology officer (CTO), says that while it is important to listen to your customers when they tell you what they need, a good company needs to think ahead to new ways of giving the customer something they need but don't even know exists yet. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune...
https://www.youtube.com/watch?v=jW0HkZ55xGY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Utilizing AI as a cybersecurity tool | Cyber Work Podcast
Leonid Belkind, Torq's chief technology officer (CTO), explains how processes of AI-based automation aren't about replacing cybersecurity professionals or developing a replica of human thought but using automation as a tool to augment human thought and decision-making processes. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the...
https://www.youtube.com/watch?v=M_LK09_5iog
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google To Add E2EE To 2FA Authenticator Cloud Backups - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links Flaws in a DNA Sequencer could lead to hacks, Magecart is back with some shiny upgrades, and Cloud backups of 2FA codes? Better make sure they're encrypted! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/flNka1HWGhM Chapters: 00:00 DNA Sequencing Flaws 02:19 Magecart's Shiny Upgrades 04:10...
https://www.youtube.com/watch?v=flNka1HWGhM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The importance of endpoint security in 2023 | Cyber Work Podcast
Leonid Belkind is Torq's chief technology officer (CTO). Here he talks about how endpoint security has become a primary area of focus in dealing with ways to defend organizations now that the traditional method of “protecting the network and the building” gives way to “protect a small series of independent work environments.” – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to...
https://www.youtube.com/watch?v=f-VQ9WrUUY4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PowerShell CRYPTOSTEALER through DNS
https://j-h.io/snyk || Try Snyk to find vulnerabilities in your own code and applications FOR FREE ➡ https://j-h.io/snyk Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble Bundle ➡ https://j-h.io/humblebundle 🐶Snyk...
https://www.youtube.com/watch?v=GguO_Oc0h5A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Intruder Alert podcast - Episode 1
Join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins as they dive into the dark side of social media, and how ChatGPT has entered the world of cyber. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey! Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=gPU3_gB2hb8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne at RSAC 2023
HackerOne CEO, Marten Mickos, and CTO and co-founder, Alex Rice, speak to ISMG about transparency and trust as a competitive differentiator and how ethical hackers and continuous testing provide more impactful results for less spend than traditional solutions.
https://www.youtube.com/watch?v=5rNF4tiGd0Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I MADE 0,000 IN TWO MONTHS!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee: https://www.buymeacoffee.com/nahamsec JOIN DISCORD: https://discordapp.com/invite/ucCz7uh 🆓 🆓 🆓 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 💬 Social Media - https://twitter.com/nahamsec - https://instagram.com/nahamsec - https://twitch.com/nahamsec - https://facebook.com/nahamsec1 00:00 - Introduction 01:35 - Luck 2:14 - Stats 3:09 - Program Selection 4:03 - Approach 7:00 - Attention to Details 8:00 - Burnout 9:04 - Outro #bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=TKIEXwOcbfc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#soc #cybersecurity #hacking #shorts

https://www.youtube.com/watch?v=F0_WzFzt_Rk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

👨‍💻 North Korean Malware Analysis 🚨 ROKRAT KillChain 📡
🔥 Learn How North Korea infects victims 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 🔗 Visit Checkpoint: https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 GH Article Link: https://guidedhacking.com/threads/north-korean-malware-analysis-rokrat-killchain.20349/ 📜 North Korean Malware Video Description: In this walkthrough, we will analyze a North Korean malware campaign targeting individuals in South Korea. This coverage was inspired by a blog recently released by Checkpoint Research they outline many of these different lures which then drops the ROKRAT malware which is a signature of North Korean attacks. Some...
https://www.youtube.com/watch?v=d-PfZJ16SWc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Eben Upton Interview (Raspberry Pi Behind the Scenes)
We go behind the scenes with Eben Upton to talk about the birthplace and home of the Raspberry Pi, how St John's college played such an important role in the creation of the Raspberry Pi and why it all started. I hope you enjoy this interview with Eben Upton! Chip Shortage video here: https://youtu.be/6HrbU2G6fU4 Lots more Raspberry Pi content coming! What do you want to see? // Raspberry Pi // Twitter: https://twitter.com/Raspberry_Pi YouTube: https://www.youtube.com/raspberrypi LinkedIn: https://www.linkedin.com/company/raspberrypi/ Facebook: https://www.facebook.com/raspberrypi Instagram: https://www.instagram.com/raspberrypi/ // Raspberry Pi Foundation // YouTube: https://www.youtube.com/c/RaspberryPiFoundation Twitter: https://twitter.com/Raspberry_Pi Raspberry Pi Foundation: https://www.raspberrypi.org/ Facebook:...
https://www.youtube.com/watch?v=a5ijfjgp9r8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ChatGPT: How to use AI tools securely | Hacker Headlines
AI is a valuable business tool that can make your job easier — but it's also a huge cybersecurity risk. In this episode of Hacker Headlines, Keatron Evans, Principal Cybersecurity Advisor at Infosec, will provide an overview of common AI tools, what they are and how to use them safely. Learn more about Hacker Headlines and the Infosec IQ security awareness platform: https://www.infosecinstitute.com/form/infosec-iq-demo-chatgpt/ About the Series: Cybersecurity is constantly evolving, and continuous training that tackles today's latest threats is needed to keep your organization cyber secure. This is why we recently created our free training series: Hacker Headlines. Hacker Headlines features Infosec's Principal Cybersecurity Advisor, Keatron Evans, who breaks down current cybersecurity...
https://www.youtube.com/watch?v=PqjDPBBuqVE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stored, Blind, Reflected and DOM - Everything Cross--Site Scripting (XSS)
I'll be honest, XSS are not my favourite kinds of bugs to hunt for, even now and I don't think they are great for beginners. BUT I have been outvoted by the community on this one so here's how to find your first bug, XSS edition. I'm going to talk about each type of XSS and show you how I actually approach a target when I'm looking for XSS bugs. I will be the first to admit I've found 1 XSS in the wild and it was a DOM based XSS! This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your...
https://www.youtube.com/watch?v=hQEQ-KJh06M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#shorts #pentester #hacker #cybersecurity

https://www.youtube.com/watch?v=zosg0BJ04Tc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kali Linux TP-Link TL-WN722N install (1 command fix)
It's now very easy to fix the TP-Link TL-WN722N WiFi Adapter in Kali Linux so you can use it for monitoring WiFi networks. You can get the adapter to inject packets and set monitor mode once you update the drivers as I demonstrate in this video. // MENU // 00:00 - Installing drivers for TP-Link TL-WN722N v2/v3 00:37 - Intro 00:51 - Installing drivers // Enabling monitor mode 05:28 - Summary 06:08 - Conclusion // Command // sudo apt install -y realtek-rtl8188eus-dkms // Recommended Adapters // Alfa AWUS036NHA: https://amzn.to/3wnyVen Alfa AWUS036ACM: https://amzn.to/3fCL4WT Alfa AWUS036ACH: https://amzn.to/3rLAjny or https://amzn.to/2PxkkMV Others: Alfa AWUS1900: https://amzn.to/31E0AtH Alfa Long-Range Dual-Band AC1200: https://amzn.to/34UUCEL Alfa AWUS036NEH: https://amzn.to/3sK2iW8 Panda...
https://www.youtube.com/watch?v=-xkpgvjuEy0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What happens when I remove the hard drive? #shorts
#youtubeshorts #raid #synology
https://www.youtube.com/watch?v=9Ubv_FXNJkQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#cybersecurity #shorts #hacking #podcast #cybrary

https://www.youtube.com/watch?v=xT3_EN8oxqM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

👨‍💻 PolyGlot Malware Analysis​ - IcedID Stager 💾
🔥 Learn how polyglot malware stagers are evolving 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/analyzing-polygot-malware.20346/ 📜 Video Description: Threat actors consistently innovate in their efforts to infect victims and avoid those conducting malware analysis and reverse engineering on their creations. In this malware analysis tutorial, we'll explore the concept of polyglot malware and how to analyze it, particularly for beginners. We start by examining a file posted on Twitter that appears as an image, instructing viewers to download and change its file extension. Upon downloading and...
https://www.youtube.com/watch?v=4j8t9kFLFIY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The State of Passwords with Dustin Heywood (aka Evil Mog) | 401 Access Denied Ep. 79
The State of Passwords with Dustin Heywood (aka Evil Mog) | 401 Access Denied Ep. 79 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-state-of-passwords-with-evil-mog Did you know that May 4th is World Password Day? To celebrate, we invited top hacker Dustin Heywood (aka Evil Mog) to the 401 Access Denied Podcast to discuss the state of passwords! He and Joe Carson take a close look at where passwords currently stand in our rapidly evolving cyber climate, as well as what the future holds. Together, they answer the increasingly asked question, “Are passwords really dead?” Tune in to find out! Follow Evil Mog: ~https://twitter.com/Evil_Mog ~https://www.linkedin.com/in/evilmog
https://www.youtube.com/watch?v=9O8uCKXW1PQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Here are 3 FREE web hacking resources to learn web hacking! #bugbounty #hackers #cybersecurity

https://www.youtube.com/watch?v=Butgz49BBWs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Managed vs Unmanaged Switch? #shorts
#youtubeshorts #switch #router
https://www.youtube.com/watch?v=SX9foVa7z_k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Asset Discovery Using Shodan + Giveaway! // Bug Bounty Recon
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training Buy Me Coffee: https://www.buymeacoffee.com/nahamsec Live Every Sunday on Twitch: https://twitch.tv/nahamsec Free 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Github: https://github.com/nahamsec Nahamsec's Discord: https://discordapp.com/invite/ucCz7uh #offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=4CL_8GRNVTE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#podcast #cybersecurity #hacking Marcus Hutchins hosting the new Intruder Alert podcast for Cybrary

https://www.youtube.com/watch?v=Ft1b6afdtB8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Intruder Alert Podcast - Episode 2
Join host Marcus Hutchins, world-renowned hacker, and Will Carlson as they discuss red teaming and blue teaming on this episode of Intruder Alert. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey! Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=RcETH0rJ61s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub:...
https://www.youtube.com/watch?v=55jibxjUj3I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious OAuth Apps Hide Themselves In Plain Sight - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links What is a double supply chain attack? Cisco routers are being hit with attacks, and hiding malicious apps from view! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/i_2mG6dLuEI Chapters: 00:00 Double Supply Chain Attack 03:29 Cisco Routers Attacked 04:56 GhostToken Links: Resources for stories...
https://www.youtube.com/watch?v=i_2mG6dLuEI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Hacking: Google Cloud Platform (GCP)
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training Buy Me Coffee: https://www.buymeacoffee.com/nahamsec Live Every Sunday on Twitch: https://twitch.tv/nahamsec Free 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Github: https://github.com/nahamsec Nahamsec's Discord: https://discordapp.com/invite/ucCz7uh #offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=BemIxEaS4kI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WhiteSnake Stealer Malware Analysis
A new and interesting malware, WhiteSnake Stealer has a few unique properties. Support us on GH: https://guidedhacking.com/register/ Support us on Patreon: https://patreon.com/guidedhacking Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join Learn more here: https://guidedhacking.com/threads/whitesnake-stealer-malware-analysis.20340/ Today we carry out some malware analysis on WhiteSnake Stealer. Whitenake stealer has recently hit the market selling multiple commonly found functionalities that are found in other stealers. Some of the functionalities offered by WhiteSnake stealer is that it will steal from browsers, wallets and has a file grabber. WhiteSnake stealer will then send out this information through Telegram which is becoming a very common method of C2...
https://www.youtube.com/watch?v=-pHHGE2MwUg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Five resources to learn hacking, pentesting or get started with #cybersecurity!

https://www.youtube.com/watch?v=1u425TZnTMA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Not Suck at Hacking // How To Bug Bounty
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training Buy Me Coffee: https://www.buymeacoffee.com/nahamsec Live Every Sunday on Twitch: https://twitch.tv/nahamsec Free 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Github: https://github.com/nahamsec Nahamsec's Discord: https://discordapp.com/invite/ucCz7uh #offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=Ddr2__qImZ0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Web Challenges [Space Heroes CTF 2023]
Video walkthrough for some web exploitation challenges from the Space Heroes (CTF) competition 2023. Some topics covered include; HTTP parameter pollution, chatGPT breakout (prompt injection/leakage), insecure file upload, XSS, CSP bypass and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SpaceHeroes #SpaceHeroesCTF #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat/CTF HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢Space Heroes CTF↣ https://ctftime.org/event/1856 https://spaceheroes.ctfd.io/challenges https://discord.gg/BsSyhTDdne ↢Resources↣ Ghidra:...
https://www.youtube.com/watch?v=d2BRicRLMfk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Well it finally happened... infected myself with Emotet lel
Come hang out with us for some live digital forensics as we hunt down the persistence mechanism for this malware and clean up my host 😆 ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=6U0obWnOYO0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Interviews: @ArchAngelDDay
👨‍💻📚Purchase my Bug Bounty Course here: bugbounty.nahamsec.training Signup for the Snyk CTF workshop here 👉🏼 snyk.co/nahamsec101 Wanna watch a live interview? Come join me on Twitch every Sunday! Buy Me Coffee: https://www.buymeacoffee.com/nahamsec Live Every Sunday on Twitch: https://twitch.tv/nahamsec Free 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Github: https://github.com/nahamsec Nahamsec's Discord: https://discordapp.com/invite/ucCz7uh #offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=W93oH_bTgmE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

"Easiest" Beginner Bugs? Access Control and IDORs
Whenever someone asks what bug they should look for I always say IDORs/access control issues particularly across large enterprise level apps (think Atlassian), where you have complex access control rules. While these bugs don't requite advanced technical skills they do require a lot of manual testing, but when you're still looking for your first bug you have a lot of time. This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll...
https://www.youtube.com/watch?v=cV0uoZTLVVY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management Metrics: Top 10 KPIs To Measure Success (W/ Walter Haydock)
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide In this engaging interview, Walter shares valuable insights on: 🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments. 🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations. ⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs. 📈 Success stories of organizations...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Internals - Special Process Types Explained
Not all processes are created equally. Find out why! Support us on GH: https://guidedhacking.com/register/ Support us on Patreon: https://patreon.com/guidedhacking Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join Learn more here: https://guidedhacking.com/threads/windows-internals-special-process-types.20342/ Video Creator: rexir Video Narrator: Mewspaper You may also like: Processes and Threads Explained https://www.youtube.com/watch?v=1t9PrSOlNPk -- Windows Internals - Special Processes Summary -- Windows processes can be classified into several types based on their unique characteristics. Key types include: Protected Processes: Introduced for DRM purposes, they have limited access to other processes and require a special Windows Media Certificate for...
https://www.youtube.com/watch?v=GhG6Fc__HEE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Hacking: Hacking Amazon AWS
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training Buy Me Coffee: https://www.buymeacoffee.com/nahamsec Live Every Sunday on Twitch: https://twitch.tv/nahamsec Free 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Github: https://github.com/nahamsec Nahamsec's Discord: https://discordapp.com/invite/ucCz7uh #offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=Gq4QLy1-jcc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Real Adversaries with Dan Card | 401 Access Denied Ep. 78
The Real Adversaries with Dan Card | 401 Access Denied Ep. 78 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-real-adversaries-with-dan-card Over the years, we've all seen a lot of the same cybersecurity-centric messaging. But realistically, how many of these talking points are still potent and relevant? Luckily, Joe Carson is joined by CISO and security consultant Dan Card to help answer that question! This humorous yet informative discussion takes a critical look at established “truths” in security to see if they still hold up. Tune in to learn about the communication disconnect between security practitioners and the average person. Follow Dan: ~https://www.linkedin.com/in/dancard/ ~https://twitter.com/UK_Daniel_Card
https://www.youtube.com/watch?v=SK--RAMJUtw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The RESTRICT Act: TLDR? Watch This - ThreatWire
In depth video about the RESTRICT Act: https://www.youtube.com/watch?v=DcONTg8rYjY ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links The Restrict Act: TLDR? What this. Kodi Forum PMs were stolen, and the military using geofencing to target teens with ads! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/REb0Ya_6AWI Chapters: 00:00 TLDR: The...
https://www.youtube.com/watch?v=REb0Ya_6AWI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Books to get into bug bounty and web hacking #infosec #hacking #bugbounty #redteam #hackers

https://www.youtube.com/watch?v=GF7dDJDSV5g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking SQHell from TryHackMe (SQL Injection Guide!)
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training Buy Me Coffee: https://www.buymeacoffee.com/nahamsec Live Every Sunday on Twitch: https://twitch.tv/nahamsec Free 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Github: https://github.com/nahamsec Nahamsec's Discord: https://discordapp.com/invite/ucCz7uh #offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=_WXQKpyxbGM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WHY YOU SUCK AT HACKING // How To Bug Bounty
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training Buy Me Coffee: https://www.buymeacoffee.com/nahamsec Live Every Sunday on Twitch: https://twitch.tv/nahamsec Free 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Github: https://github.com/nahamsec Nahamsec's Discord: https://discordapp.com/invite/ucCz7uh #offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=Mys8E5ar8Ko
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

🕵️ Binary Refinery Tutorial 🛠️ Command Line CyberChef
🔥 Learn How To Use Binary Refinery for malware analysis and binary manipulation 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Links: https://guidedhacking.com/threads/binary-refinery-tutorial.20338/ https://github.com/binref/refinery https://binref.github.io/ 📜 Video Description: After posting our coverage on CyberChef and how to use complex recipes with some new functions on DCRat to decrypt it we were quoted on Twitter by Jesko Huttenheim who is the creator of Binary Refinery. Within his reply he provided a Binary Refinery one liner that could do what we had accomplished within the video in only a few actions. This of course was incredibly...
https://www.youtube.com/watch?v=wsfGOW8eGu8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management SOP: Expert Reveals Top Tips (W/ Kevin Donatelli)
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs! In this not-to-be-missed session, you'll: 🔑 Learn the essential components of effective vulnerability management SOPs 🛡️ Discover how to prioritize and remediate risks efficiently 🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spinning up the RTV Ship
We are building up the things to bring you up to speed with the latest in Red Team Village activities and DEFCON 31. See you in the network.
https://www.youtube.com/watch?v=RVkXhwIOX6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Intruder Alert Podcast - Episode 1

https://www.youtube.com/watch?v=Og2FkvLwqL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FOR498 - New Course Name, New Content & A Whole Lot of Actionable Intelligence in 90 min or less
As the digital media world expands, SANS DFIR course FOR498 has continually evolved to keep up with the investigation demands posed by more digital devices, repositories, and colossal data sets. After four years of instructing, the course authors have decided to rebrand it from FOR498: “Battlefield Forensics & Data Acquisition” to “Digital Acquisition & Rapid Triage” to accurately reflect the newly revised content and to better reflect the content students can expect to receive. The FOR498: Digital Acquisition and Rapid Triage course is designed to provide first responders, investigators, and digital forensics teams with the advanced skills to quickly and properly identify, collect, preserve, and respond to data from a wide range of storage devices and repositories. Learn more about...
https://www.youtube.com/watch?v=XCX6QnMCftM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PE File Unmapping Explained aka Lazy Process Dumping
Just a quick twitch clip where we talk about PE dumping and unmapping... we get asked about this a lot 😅 ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=mrIHSmUlKv0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Las Vegas 2022 (H1-702)
Live Hacking Events are the ultimate voyage for hackers selected to test their skills. Hackers crushed previous payouts in our largest LHE of the year! Check out the recap of this unforgettable event. Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01 ◇ Instagram → https://www.instagram.com/hacker0x01/ ◇ LinkedIn → https://www.linkedin.com/company/Hack... ◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=t8d0Q8YZhiQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Hacking Setup and How to Use It (Firefox/Burp Community)
This is probably one of the most common question I get asked about Bug Bounty, right next to "do you take mentors" and "how to find a bug". There are a ton of 3rd party awesome community tools that can take your pen testing and hacking to the next level, but it's important to not rush to try out new tools when you're still learning the basics. With that in mind I take you around the basic toolkit I use and show you some of the fundamental tools that help me get bounties! This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted...
https://www.youtube.com/watch?v=wNqaLalaNE0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beginner Malware Traffic Analysis Challenge
Beginner Introduction to Malware Traffic Analysis with Wireshark Support us on GH: https://guidedhacking.com/register/ Support us on Patreon: https://patreon.com/guidedhacking Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join Malware-Traffic-Analysis.net recommended a beginner Wireshark Challenge from PaloAlto, so we thought we'd make a video for those of you just getting into traffic analysis. Malware-Traffic-Analysis Exercises https://www.malware-traffic-analysis.net/training-exercises.html Palo Alto unit 42 January exercise https://unit42.paloaltonetworks.com/january-wireshark-quiz/ Chapters 0:00 Malware-Traffic-Analysis.net 1:00 Intro to The Challenge 3:05 The Wireshark Challenge 4:48 Join GuidedHacking.com! 5:22 The Wireshark Challenge Continued 10:17...
https://www.youtube.com/watch?v=6ebXr7nqr6o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud-Powered DFIR: Harnessing the cloud to improve investigator efficiency
While the move to the cloud brings forth many challenges and changes to the field of digital forensics and incident response, it also presents responders with numerous benefits. Whether it's using functions-as-a-service for automation, deploying cloud-hosted lab environments, or benefiting from scalable resources, there are many ways in which we can leverage the cloud to improve our investigations. Join SANS FOR509 course instructors Terrence Williams and Megan Roddie as they present some of the new possibilities that exist for DFIR practitioners thanks to cloud technology. Read the associated blog post for this livestream here: https://www.sans.org/blog/cloud-powered-dfir-harnessing-the-cloud-to-improve-investigator-efficiency/ About our speakers Megan Roddie Megan Roddie is currently...
https://www.youtube.com/watch?v=C8VnDSjPHr8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management Trends & Predictions For 2023 (W/ Joshua Copeland) | PurpleSec
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading: https://purplesec.us/learn/vulnerability-management-trends/ Chapters --------------- 00:00 - Introduction 00:20 - Joshua Copeland 02:47 - Automation Is Key 10:30 - Adoption Of Risk-Based Approaches 16:40 - Continuous Monitoring 21:40 - Increased Focus On Cloud Security 28:43 - Increased Use Of Threat Intelligence 35:10 - The Role Of Network Segmentation 43:30 - DevSecOps: Building Security From The Ground Up 50:40...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Internals - Processes and Threads Explained
🔥 Nothing is as simple as it looks, join us on this deep dive into processes & threads. 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking Windows Processes and Threads form the backbone of the Windows Operating System, enabling the simultaneous execution of various applications while efficiently allocating system resources. In this this video and accompanying text, we will dive into the intricacies processes and threads, their distinguishing factors, and their management techniques. Furthermore, we will examine the art of synchronization and methods of inter-thread communication to ensure seamless operation. 🔗 Article Link: https://guidedhacking.com/threads/windows-internals-processes-and-threads.20333/ 📜...
https://www.youtube.com/watch?v=1t9PrSOlNPk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Hacker Interviews: Miguel (@Fisher)
Hear from Miguel (@Fisher) on his experience at HackerOne's live hacking event in Barcelona H1-3439! Follow our Community Blog to keep with more info about events, hacker stories, and more! Here's an infographic for the recent event: https://www.hackerone.com/hackerone-community-blog/h1-hackers-walk-streets-barcelona-h1-3493 ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01 ◇ Instagram → https://www.instagram.com/hacker0x01/ ◇ LinkedIn → https://www.linkedin.com/company/Hack... ◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=OxOXIbpe_7Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Should AI Training Be Paused? - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links This new attack bypasses wifi encryption, the popular app 3CX is backdoored, and AI's risks and rewards! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/3XKvOaVQX-8 Chapters: 00:00 New Wi-Fi Encryption Bypass 02:44 3CX Backdoored 04:44 AI Risks vs Rewards Links: Resources for stories are...
https://www.youtube.com/watch?v=3XKvOaVQX-8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Unicorns with Bryson Bort | 401 Access Denied Ep. 77
Cybersecurity Unicorns with Bryson Bort | 401 Access Denied Ep. 77 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=cybersecurity-unicorns-with-bryson-bort Does your business have the infrastructure, tools, and people to stay ahead of cyber attacks? In this episode of 401 Access Denied, Joe Carson is joined by the one and only cyber unicorn - Bryson Bort! When it comes to building a company with the necessary foundation to maximize security, Bryson has you covered. As the founder of organizations including SCYTHE and GRIMM Cyber, he comes with a wealth of knowledge on how to protect your business from the ground up with stronger purple teaming. Join the fun in this exciting conversation! Follow Bryson: ~https://www.linkedin.com/in/brysonbort/ ~https://twitter.com/brysonbort...
https://www.youtube.com/watch?v=U5n_jni0nTg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2022 Global AppSec San Francisco: Swathi Joshi Keynote
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=5p2tw5sIrwg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2022 Global AppSec San Francisco: Opening Remarks and Anna Westelius Keynote
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=VuXVX0q_yE4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2022 Global AppSec San Francisco: Jim Manico Keynote
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=DPJtv-E8SlM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2022 Global AppSec San Francisco: Closing Remarks and Giveaway
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=ftJJJe03fMU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2022 Global AppSec San Francisco: Simon Bennetts Keynote
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=t77aKVJQKzY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: Squeezing The Last Drop Out Of OWASP Juice Shop - Bjoern Kimminich
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=m1f2fPC8hLU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking the Ransomware Tool Set: When a Threat Actor Opsec
SANS Cyber Threat Intelligence Summit 2023 Breaking the Ransomware Tool Set: When a Threat Actor Opsec FailureBecame a Threat Intelligence Gold Mine Nicklas Keijser During a recent incident response engagement I was assigned to reverse engineer the RAT that the threat actor had deployed in the environment. During the malware analysis a suspicious string was found in the memory, https://ipnumber/list.txt. The list contained a not only a complete inventory that the threat actor had, but also a link to the full repository of all their tools, almost 5 GB / over 100 files and scripts of content covering every part for an intrusion -from reconnaissance to impact and everything in between. This led to an interesting labyrinth of research on all the aspects of this tooling. This presentation goes...
https://www.youtube.com/watch?v=uQQxduIIqAA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Way to a Stakeholder's Heart is by Providing Value: Measuring Success of Your CTI Program
SANS Cyber Threat Intelligence Summit 2023 The Way to a Stakeholder's Heart is by Providing Value: Measuring Success of Your CTI Program Freddy Murstad, Senior Threat IntelligenceAnalyst, Nordic Financial CERT Here the presenter will lead you through the anatomy of success by illustrating that knowledge about your stakeholders and what they really want (=value) is the recipe for success. In this talk I will provide * A process for identifying and understanding who you stakeholders really are and what they really want * An overview of how you can convert that understanding into activities for your CTI team * A suggestion for how you can then deliver on those requirements and measure if you have successfully met them Basically, this will be a suggestion for a process for how your CTI program...
https://www.youtube.com/watch?v=5agsRg6-L4o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Report Writer's Grimoire
SANS Cyber Threat Intelligence Summit 2023 The Report Writer's Grimoire John Grim, Director, Cyber Threat Intelligence, Experian A grimoire is a book of magic; specifically, one on how to use spells, create objects, or invoke entities. We're certainly not looking to conjure up new APT ghouls. And in no way are we saying that threat intelligence is magical, although some would argue intelligence is more art than science. As threat intelligence practitioners, we need grimoire or codex. We need a refence guide to help us with the 'how-tos' for effective writing and proper annotation. A Report Writer's Grimoire. Join this session and learn how to summon the good faeries associated with reporting outlines, clear communication, source reliability, confidence levels, severity ratings, and product...
https://www.youtube.com/watch?v=Lnw_VSf-znI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lessons Learned From Over a Decade in OSINT
SANS Cyber Threat Intelligence Summit 2023 Lessons Learned From Over a Decade in OSINT Matt Edmondson, Certified Instructor, SANS Institute Most organizations now realize that OSINT skills aren't just nice to have; they're mandatory. In this talk we'll discuss lessons learned from doing OSINT professionally for over a decade and starting up multiple OSINT units within the government. It's always more fun to hear about others' mistakes than to make your own. We'll end by discussing how these concepts relate to CTI teams. View upcoming Summits: http://www.sans.org/u/DuS Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
https://www.youtube.com/watch?v=2IaNN6iOOMo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unmasking the IranianAPT COBALT MIRAGE
SANS Cyber Threat Intelligence Summit 2023 Unmasking the IranianAPT COBALT MIRAGE Lina Lau, Principal Incident ResponseConsultant - APJ South, Secureworks From operational security failures to a Department of Justice (DOJ) indictment, COBALT MIRAGE likes to blur the lines between espionage and revenue generation. This talk uncovers the tactics, techniques and procedures deployed by COBALT MIRAGE from incidents worked at Secureworks. It's not often white hats see operational security failures unmask the identity of the adversary and even rarer to see it reflected in a DOJ sentencing. Attendees will learn about the critical role of contractor organizations in Iranian APT groups, crossovers in tooling between APT groups, techniques leveraged by COBALT MIRAGE to compromise organisations, inconsistencies...
https://www.youtube.com/watch?v=ELa_FrHlMd8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DocIntel: A Context-Centric Cyber Threat Intelligence Platform
SANS Cyber Threat Intelligence Summit 2023 DocIntel: A Context-Centric Cyber Threat Intelligence Platform Antoine Cailliau, Threat Researcher, Belgian Defence An increasing number of documents reporting cyber incidents, vulnerabilities, novel offensive and defensive techniques are shared on a daily basis among various public and private communities. This collective knowledge needs to be collected, processed and organized for the cyber threat intelligence (CTI) analysts to search and investigate. The large volume and diversity of knowledge available form a key challenge for analysts looking to transform the data into actionable knowledge. Expert staffing shortages, employee costs in cybersecurity industry, expensive fees for commercial data feeds and short deadlines in the cybersecurity fast-paced...
https://www.youtube.com/watch?v=TO8cOzNm418
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Use CTI, No Matter the Size of Your Organization
SANS Cyber Threat Intelligence Summit 2023 How to Use CTI, No Matter the Size of Your Organization Sydney Jones, Head of Cyber Threat Intelligence, BNP Paribas Most cyber threat intelligence (CTI) professionals know how to tailor intelligence products for their clients. But the shape of an intelligence team can also be tailored depending on the size (and budget) of the business as well. Through various information sharing organizations, I've worked with smaller firms who often have one person covering all of information security. It's through these interactions that I've come to understand first how different sized firms use (if they use) intelligence and secondly brainstorm with them on how to improve the use of threat intelligence to fit their needs. Intelligence analysts like "intelligence...
https://www.youtube.com/watch?v=LzGx4HZdhNc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]
Walkthrough for a Unity game hacking challenge from the Pico Capture The Flag competition 2023 (picoCTF). First, we'll decompile the Assembly.Csharp.dll with DNSpy and patch/re-compile the code to retrieve the flag. In the second solution, we'll use Cheat Engine 7.5 to identify our player position and teleport through the wall, allowing us to recover the flag. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #ReverseEngineering #CTF #CaptureTheFlag #Pico #PicoCTF #PicoCTF2023 #CheatEngine #GameHacking If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b and the gamepwn README: https://github.com/Crypto-Cat/CTF/tree/main/game_hacking#readme ↢Social...
https://www.youtube.com/watch?v=QgF4PQjeG-o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Two Thumbs Up - Thumbnail Forensics
In this episode, we'll look at Thumbs.db and Thumbcache -- databases used by Windows to store thumbnails (preview images) of pictures, documents, and other file types. Learn how these rather obscure artifacts could potentially be invaluable to your investigations. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:28 - Thumbs.db / Thumbcache artiFACTS 05:13 - Thumbcache Viewer Demo 🛠 Resources #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=5efCp1VXhfQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dirty Vanity: A New Approach to Code Injection & EDR Bypass
This talk showcases yet another new code injection technique (I know, bear with me), nicknamed Dirty Vanity. This technique challenges current injection detection and prevention means while opening a wider spectrum of attacks that challenges common concepts of EDR TTPs. This technique abuses the lesser-known forking mechanism which is built in Windows operating systems. In the talk, we will cover the forking mechanism's internals, and common means to activate it... By: Eliran Nissan Full Abstract and Presentation Materials: https://www.blackhat.com/eu-22/briefings/schedule/#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
https://www.youtube.com/watch?v=Fpb4eL3vMgk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bridging the Gap Between Research and Practice in Intelligently Bypassing WAF
AI-enabled cyber attack is fast becoming a prevalent topic. One of the representative topics is to utilize AI to learn how to bypass web application firewalls (WAFs). The general workflow includes three steps. First, build the original payload dataset that may be blocked by WAF, and collect the mutation operation set such as case substitution and adding comments in SQL injection. Second, use heuristic algorithm or reinforcement learning (RL) to explore a combination of operations to bypass the WAF. Finally, the mutated payloads that can bypass WAF are obtained.This workflow has laid a solid foundation for the intelligentization of cyber attacks, but we encounter two key problems in practice. 1) The payloads used in practice are diverse, and their bypass methods are also different. It is difficult...
https://www.youtube.com/watch?v=PhGDZad0DdA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep into Android Bluetooth Bug Hunting: New Attack Surfaces and Weak Code Patterns
In the past few years, researchers have found hundreds of security vulnerabilities in the AOSP Bluetooth module such as Blueborne and BlueFrag. Almost all of these vulnerabilities are caused by the process not properly validating the remote user-supplied data, when parsing the Bluetooth request packet.In this context, in order to improve the security of Bluetooth, Google has adopted a variety of hardening methods:1. Validate the length of incoming Bluetooth packets.2. Implement a new and more secure AVRCP profile.3. Rewrite Bluetooth stack code-named Gabeldorsche in Rust.However, through some new approaches (focusing on the lifecycle of Bluetooth packet data and specific weak Bluetooth architectural logic), we still found a large number of security vulnerabilities hidden deep in the code.In...
https://www.youtube.com/watch?v=TDSgRWOeS-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Event-based Fuzzing, Patch-based Research, and Comment Police: Finding Bugs Through a Bug
Learning from known vulnerabilities is a must for every security researcher, and subscribing to the major vendors' monthly public bulletins and security patch updates is the first thing security researchers do at the beginning of each month.The value of an enlightening security vulnerability is not only to reveal significant attack surfaces and exploit scenarios but also to inspire deeper digging as an important input to bug hunting. From a period of work on security vulnerability analysis and tracking, we have concluded several approaches to finding bugs over bugs, which apply to both mature products security research and efficient finding vulnerabilities of customized products. Through such patterns, we have developed a targeted fuzzer and written specific CodeQL/Weggli rules, and we found...
https://www.youtube.com/watch?v=mPiv0eZlx9w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DataBinding2Shell: Novel Pathways to RCE Web Frameworks
DataBinding is a mechanism that allows request parameters to be bound to a domain object automatically. It makes development more efficient and code cleaner, and is widely implemented by best web frameworks written in trending programming languages, including Java, JavaScript, Groovy, Python and Ruby.The previous research related to DataBinding mainly focuses on Mass Assignment[1], which is caused by improper use of DataBinding. This occurs when a user is able to access a sensitive field of domain object such as salary, and admin flag, which are not intended by the application. However, the security of the DataBinding mechanism itself has been neglected for a long time. Therefore, we conducted comprehensive research about it and analyzed top web frameworks including Spring, Struts, Grails,...
https://www.youtube.com/watch?v=9BIAuwo4xvU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Confidence in Chaos: Strategies for World-Class Security Operations
You've just found out the smart-lights in the cafeteria are connected to your corporate network and can be dimmed from anywhere in the world, the sales team has been spinning up unmanaged AWS accounts to do customer demos, and your organisation engaged full encryption to meet data protection and privacy laws without notifying you. You know you need to accelerate building and adjusting your detection and response capabilities - and you can't risk making mistakes while you identify your priorities. Today's cybersecurity operations centers (SOCs) are under more pressure than ever to adjust defense and detection techniques on-the-fly to address adversaries hiding in the corners of your IT. To help you see clear priorities through your often unpredictable operational world, we've cultivated an...
https://www.youtube.com/watch?v=D17-yJg3ML0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Parcels: The Bad, the Good and the Better - Introducing Android's Safer Parcel
Parcel is the serialization mechanism in Android and is behind almost every OS cross-process interaction. Parcelable implementations have been the source of vulnerabilities in Android for ~8 years, often rated high severity and weaponized by malware authors to achieve privileged exploits, including silent package installation and arbitrary code execution.This talk covers a detailed overview of known exploit techniques that abuse Parcel vulnerabilities, including the well-known yet still active Bundle FengShui exploits; and a novel exploit chain that was reported through Google VRP program (CVE-2021-0928) in June 2021, that achieves arbitrary code execution in privileged applications' processes, on Android 12... By: Hao Ke , Bernardo Rufino , Maria Uretsky , Yang Yang Full Abstract and Presentation...
https://www.youtube.com/watch?v=qIzMKfOmIAA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fail Harder: Finding Critical 0-Days in Spite of Ourselves
Vulnerability researchers and bug hunters love to talk about their successful path to finding a critical vulnerability. However, this is rarely the Cinderella story people tell on stage. Failure, along with a healthy dose of persistence, can lead to tremendous success. This session will take a deep dive into all the things that didn't work, along with the many challenges that preceded the findings of critical zero-day bugs across multiple projects... By: Philippe Laulheret , Douglas McKee Full Abstract and Presentation Materials: https://www.blackhat.com/eu-22/briefings/schedule/#fail-harder-finding-critical--days-in-spite-of-ourselves-29168
https://www.youtube.com/watch?v=A5eG7cmVri8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs
While the Active Directory implementation of Kerberos prefers to use cryptography based on AES, the deprecated Kerberos encryption type is still supported by default and widely used in practice. The property that RC4 derives its cryptographic keys from a user's NTLM hash is frequently exploited to authenticate without the original password (overpass-the-hash) or to efficiently brute-force service account passwords offline (Kerberoasting).No attacks were yet known that take advantage of the well-known weaknesses in Kerberos' RC4 implementation. Therefore I decided to take a look at this and quickly identified a relatively obvious flaw in the way it was used.However, turning this cryptographic flaw into a practical attack against Kerberos or Active Directory turned out to be far from trivial... By:...
https://www.youtube.com/watch?v=Dxqb-q2OjoM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cross-Contract Ricochet Attacks & Off-Chain-On-Chain Manipulation of Billion Dollar NFT Collections
The enticing narrative promised by the Ethereum blockchain is to be a decentralized world-computer within which utility based NFTs are an integral piece of the story. In this presentation, we will look at a crafty new technique that ricochets a utility based NFT across smart contracts to circumvent staking safeguards, and also how easy it is to exploit off-chain marketplace logic relied upon to implement ERC-721 and ERC-1155 standards... By: Nitesh Dhanjani Full Abstract and Presentation Materials: https://www.blackhat.com/eu-22/briefings/schedule/#cross-contract-ricochet-attacks--off-chain-on-chain-manipulation-of-billion-dollar-nft-collections-29327
https://www.youtube.com/watch?v=x57acY3f90s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Choo Choo, Network Train - The One to Rule Your Perimeter
I hear you saying: MQTT again, that's an old and stale topic. It's actually not old or stale. MQTT is still out there and many servers are still open to attack. But even more interesting, what other devices are connected to those open servers and what networks are they sitting on? For example, do you know that with MQTT it's possible to open a whole network from the inside out using one simple wall switch? An MQTT attack against a network can also be used for DNS hijacking, DDoS attacks, and control of Bluetooth devices on internal networks among other things.We are concerned that MQTT leaks data but I'll show in this talk we really should be focusing on the bigger risk posed by using MQTT to replace the firmware in connected devices... By: Martin Hron Full Abstract and Presentation Materials:...
https://www.youtube.com/watch?v=RpXoVwCSHA0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Back-connect to the Connected Car. Search for Vulnerabilities in the VW Electric Car.
The attack surface on modern connected cars is broad – Wi-Fi, Bluetooth, V2X, 2G/3G/4G, custom RF protocols, CAN, OBD2 interfaces, automotive Ethernet, USB ports, remote diagnostics, telematics, and mobile apps. During the presentation, we will show part of the results of penetration testing the modern European electric Volkswagen car model ID3. Our discovered vulnerabilities and security problems in car architecture are also applicable for such Volkswagen models like ID4, ID5 and affect hundreds of thousands of electric cars on the roads.We will demonstrate how hackers can receive root access in Infotainment and Gateway modules in the cars, install backdoors and what hackers can do remotely with hacked cars... By: Alexey Kondikov , Sergey Razmakhnin , Khaled Sakr , Yuriy Serdyuk Full...
https://www.youtube.com/watch?v=4yBKYMKRPbU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CSI:Rowhammer: Closing the Case of Half-Double and Beyond
Rowhammer is a severe security problem in DRAM, allowing an unprivileged adversary to gain kernel privileges by inducing electrical disturbance errors. Today, mitigations against Rowhammer, most notably Targeted Row Refresh (TRR), are widely adopted and even part of recent DRAM standards.In this talk, we first show that TRR is insufficient by design and counterintuitively assists an attacker in the context of our new Rowhammer type: Half-Double. Unlike all previous Rowhammer attacks, Half-Double hammers from a distance of two... By: Jonas Juffinger , Andreas Kogler Full Abstract and Presentation Materials: https://www.blackhat.com/eu-22/briefings/schedule/#csirowhammer-closing-the-case-of-half-double-and-beyond-29281
https://www.youtube.com/watch?v=TJJxhcKyM-w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DnD: Decompiling Deep Neural Network Compiled Binary
The usage of Deep Neural Networks (DNNs) has steadily increased in recent years. Especially when used in edge devices and embedded systems, dedicated DNN compilers are used to compile DNNs into binaries for the best performance. Security applications such as DNN model extraction, white-box adversarial sample generation, and DNN model patching become possible when a DNN model is accessible. However, these techniques cannot be applied to compiled DNN binaries. No decompilers can recover a high-level representation of a DNN model from its compiled binary code.In this paper, we introduce DnD, the first ISA- and compiler-agnostic DNN decompiler... By: Antonio Bianchi , Taegyu Kim , Dave (Jing) Tian , Ruoyu Wu , Dongyan Xu Full Abstract and Presentation Materials: https://www.blackhat.com/eu-22/briefings/schedule/#dnd-decompiling-deep-neural-network-compiled-binary-28993...
https://www.youtube.com/watch?v=ygWgQcMrPvc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Techniques To Improve Vulnerability Visibility & Detection (W/ Clement Fouque) | PurpleSec
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/ Read the full article: https://purplesec.us/learn/vulnerability-visibility/ Chapters --------------- 00:00 - Introduction 00:45 - Clement Fouque 01:36 - Importance Of Visibility In Vulnerability Management 02:51 - Why Is Poor Visibility An Issue? 04:40 - Common Blind Spots 06:55 - Improving Asset Inventories 09:30 - How Do You Know If You Have Poor Visibility? 13:20 - Techniques For Improving Visibility 15:05 - How To Ensure All Endpoints Are Being Scanned 18:25 - How Network Segmentation Improves Visibility 20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CyberChef Malware Analysis - DCRat Loader
🔥 Learn How To Use CyberChef for Malware Analysis 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking. 🔗 Article Link: https://guidedhacking.com/threads/cyberchef-analysing-a-dcrat-loader.20317/ 📜 Video Description: Learn some tips and tricks for using CyberChef for de-obfuscation Some credit for this video belongs to @embee_research on Twitter where a thread labeled AsyncRAT - Defeating Obfuscation Using CyberChef was posted. You can find that research here: https://twitter.com/embee_research/status/1638463073441972225 CyberChef is a tool that was released by the GCHQ in 2018. The tool is completely free and open source whilst being constantly...
https://www.youtube.com/watch?v=rpp6BZYIziM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why does DNS always break the internet?
The internet, it's a series of tubes? Or is it? This week we take a look at how the internet actually works and what we mean when we say web security. What happens when you visit a website? How does it know what to display? What technologies are we actually hacking? What is a request and response anyway? Well this week we cover all of that and more. As we dive into TCP/IP, DNS, HTTP, HTML, CSS and some other acronyms. This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous...
https://www.youtube.com/watch?v=yp1rH7Kj12o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Bard vs. GPT4 - Hands-On First Look [Cybersecurity]
Burp Suite Deep Dive course: https://bit.ly/burpforpros __________ Resources - https://www.cybersecurityeducation.org/careers/ - https://www.coursera.org/articles/cybersecurity-jobs - https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/ - https://universityhq.org/how-to-become/cyber-security-jobs/ - https://www.coursera.org/articles/cybersecurity-career-paths My courses: Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx Neural Networks with Tensorflow: http://bit.ly/tensorflownets Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets Study cybersecurity with 50% OFF...
https://www.youtube.com/watch?v=xhZ-rueqllg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

You Can't Hack Them All - Master of One - From Noob to Clients
Burp Suite Deep Dive course: https://bit.ly/burpforpros __________ Resources - https://www.cybersecurityeducation.org/careers/ - https://www.coursera.org/articles/cybersecurity-jobs - https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/ - https://universityhq.org/how-to-become/cyber-security-jobs/ - https://www.coursera.org/articles/cybersecurity-career-paths My courses: Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx Neural Networks with Tensorflow: http://bit.ly/tensorflownets Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets Study cybersecurity with 50% OFF...
https://www.youtube.com/watch?v=BU0R_7IBpxs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How does Bug Bounty work anyway?
I talk a lot about becoming a bug bounty hunter on my channel, in this new series we're going to go from knowing nothing about hacking to finding your first bug, to getting more consistent bounties and everything in between. While we're starting at the very basics I think you'll find this series has a lot to offer a hacker at any level! This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you up with the right program...
https://www.youtube.com/watch?v=nXvP8j3QtHI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cerebral App Leaks Telehealth Medical Data - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links Cerebral was leaking personal info, security folks are being targeted in attacks, and GitHub will now require 2FA! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/BL1CUH0H8DA Chapters: 00:00 Cerebral HIPAA Non-Compliance 02:39 InfoSec Targeted In Attacks 04:31 GitHub Requires 2FA Links: Resources...
https://www.youtube.com/watch?v=BL1CUH0H8DA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Doublespeak: Jailbreaking ChatGPT-style Sandboxes using Linguistic Hacks
A review of Large Language Model (LLM) vulnerabilities/exploits, e.g. including prompt leakage, prompt injection and other linguistic hacks. We'll run through levels 1-9 of the doublespeak.chat challenges, produced by Forces Unseen. doublespeak.chat is a text-based game that explores LLM pre-prompt contextual sandboxing. The challenges prime an LLM (Chat-GPT) with a secret and a scenario in a pre-prompt hidden from the player. The player's goal is to discover the secret either by playing along or by hacking the conversation to guide the LLM's behavior outside the anticipated parameters. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox:...
https://www.youtube.com/watch?v=au3CRqlbWlQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Interview with Lesley Carhart (hacks4pancakes)
In this special guest episode of 13Cubed, I interview Lesley Carhart (aka hacks4pancakes) of Dragos. We'll cover a variety of topics and provide some career advice along the way! *** Check out PancakesCon 4 at https://pancakescon.com/ coming March 19, 2023! *** 🎉 Also check out the new 13Cubed Training Course Investigating Windows Endpoints. Affordable, on-line, and on-demand training is here! Enroll now at https://training.13cubed.com/ 🛠 Resources Twitter: https://twitter.com/hacks4pancakes Mastodon: https://infosec.exchange/@hacks4pancakes TikTok: https://www.tiktok.com/@UCezvmPw4tfO6n_FMQoN4waw #forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=aC4jd8hQdYo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NEW Powershell features in DuckyScript 3.0
Learn how to take advantage of the latest new STRING command features in DuckyScript 3.0 Payload Studio: https://payloadstudio.hak5.org Discover Payloads: https://payloads.hak5.org Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award...
https://www.youtube.com/watch?v=9ToUb5kTwq0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UEFI Bootkit Successfully Hits Windows 11 - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links Gmail Now Gets Client Side Encryption (for some folks), a UEFI bootkit targets Windows 11, and the LastPass just got even worse! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/t2RB6K1GcC0 Chapters: 00:00 Gmail, Now With CSE 02:33 Windows 11 UEFI Bootkit 04:29 RIP LastPass Links: Resources...
https://www.youtube.com/watch?v=t2RB6K1GcC0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I Test for Broken Access Controls | #cybersecurity #hacking #shorts
Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=0YtGklzmbOQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Insider Insight from 55 Pentests | #cybersecurity #infosec #shorts
Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=w9mhqlkQPUs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It's About Time - Timestamp Changes in Windows 11
In this episode, we'll revisit NTFS MACB timestamps and take a look at how file creations, accesses, modifications, renames, copies, and moves affect them. Then, we'll take a look at how Windows 11 has changed the behavior associated with some of those timestamps. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:24 - File Creation 02:54 - File Access and NtfsDisableLastAccessUpdate 05:12 - File Modification 06:18 - File Rename 07:33 - File Copy 09:50 - File Move 12:53 - Correction 14:02 - Timestamp Changes in Windows 11 🛠 Resources Windows MACB Timestamps (NTFS Forensics): https://www.youtube.com/watch?v=OTea54BelTg Windows 11 Time Rules: https://www.khyrenz.com/blog/windows-11-time-rules/ #Windows11...
https://www.youtube.com/watch?v=_D2vJZvCW_8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advanced DuckyScript 3.0 Features [PAYLOAD]
Make the most out of your USB Rubber Ducky payloads with these advanced DuckyScript 3.0 features. Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where...
https://www.youtube.com/watch?v=dAt-tK19p7k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Bolsters Firmware Security - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/ Support ThreatWire! https://www.patreon.com/shannonmorse Follow Shannon on Social Media: https://snubsie.com/links That free game could be malware in disguise, Google is making firmware more secure, and Activision got hacked! All that coming up now on ThreatWire. #threatwire #hak5 ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers. Watch this on youtube: https://youtu.be/Re_J6Y_NpDA Chapters: 00:00 Pirated Games = Malware 02:14 Google Bolsters Firmware Security 03:38 Activision Confirms Hack Links: Resources...
https://www.youtube.com/watch?v=Re_J6Y_NpDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: A Taste Of Privacy Threat Modeling by Kim Wuyts
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=0HMxksszzDI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: Opening Remarks - Grant Ongers
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=v8SeSkmYxXU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: Introducing Threat Modelling To Established Teams - Sarah-Jane Madden
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=1Zkta9i1CYQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: Attacking And Protecting Artificial Intelligence - Rob Van Der Veer
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=ABmWHnFrMqI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: Why Winning In Cybersecurity Means Winning More Everyday - Jessica Robinson
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=UJeraXFMcoI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gobal AppSec Dublin: Trusting Software: Runtime Protection Is The Third Alternative - Jeff Williams
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=sRE3f_2ECfs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: Passwordless Future: Using WebAuthn And Passkeys In Practice - Clemens Hübner
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=_L9pbpkX-Ps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: GitHub Actions: Vulnerabilities, Attacks, And Counter-Measures - Magno Logan
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=gxCvV35yXmU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global AppSec Dublin: [T]OTPs Are Not As Secure As You Might Believe - Santiago Kantorowicz
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=K3myOx4HI90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Orlando w/ Epic Games 2023 (H1-407)
Hackers were brought out to sunny Orlando, Florida! Our hackers were challenged with the amazing team at Epic Games to help keep our games secure. Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01 ◇ Instagram → https://www.instagram.com/hacker0x01/ ◇ LinkedIn → https://www.linkedin.com/company/Hack... ◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=LU5VPLwJLqM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Barcelona w/ PayPal 2022 (H1-3493)
Live Hacking Events are the ultimate voyage for hackers selected to test their skills. This time our hackers had the chance to experience gothic architecture, historic streets, and a historic music venue. Check out what hackers had to say about their experience abroad! Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01 ◇ Instagram → https://www.instagram.com/hacker0x01/ ◇ LinkedIn → https://www.linkedin.com/company/Hack... ◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=C8mBx7iz9cU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Passive OS Fingerprinting [PAYLOAD]
New extensions in DuckyScript 3.0 for the USB Rubber Ducky give you the ability to passively identify Windows and non-Windows targets -- adding failsafe possibilities for your next payloads. Dig into this feature: https://hakshop.myshopify.com/blogs/usb-rubber-ducky/detect-ready Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded...
https://www.youtube.com/watch?v=R8NX0ceBqr4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Forensics Training You Can Actually Afford!
Announcing the first ever 13Cubed Training Course: Investigating Windows Endpoints. Unlock the secrets of Windows forensic investigation with my new course! I took my years of experience creating videos on this channel and set out to develop affordable, comprehensive, and professional training. Whether you're looking to get into the field, already work in the field but want to step up your game, or just have an interest in digital forensics, look no further. This is the course for you! Purchase the Course Here: https://training.13cubed.com/investigating-windows-endpoints #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=d8fAKTXOjS8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inject Keystrokes in only 25 milliseconds! [PAYLOAD]
DELAY 3000 is a relic of the past. Learn the hot new DuckyScript 3.0 techniques with DETECT_READY extensions that speed up payload deployment by 99% Dig into the details: https://hak5.org/blogs/usb-rubber-ducky/detect-ready Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec...
https://www.youtube.com/watch?v=kmG87Ot4Fv4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CAN I WIN A GAME OF BATTLEGROUNDS?! [HackTheBox - Server Siege]
3 more practice games of @HackTheBox battlegrounds (server siege) 💜 If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢HackTheBox↣ https://app.hackthebox.com/battlegrounds https://twitter.com/hackthebox_eu https://discord.gg/hackthebox ↢Video-Specific Resources↣ https://help.hackthebox.com/en/articles/5185620-introduction-to-battlegrounds https://www.youtube.com/watch?v=gH_q0zRcPuI ↢Resources↣ Ghidra:...
https://www.youtube.com/watch?v=VX445yn4lQ4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESXiArgs Ransomware Analysis with @fwosar
Join us as we reverse engineer the ESXiArgs ransomware used in wide spread attacks targeting unpatched VMware servers with CVE-2021-21974. Fabian (https://twitter.com/fwosar) joins us to do the heavy lifting! Tutorial that may assist with decrypting files that have been encrypted by ESXiArgs (https://enes.dev/). BleepingComputer help forum for ESXiArgs victims (https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/) ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=bBcvqxPdjoI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Much Money Ethical Hackers can Make | #cybersecurity #shorts #hacking
Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=YuxWGoNWrDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking, back in the Days - 15 years ago | #cybersecurity #shorts
From a discussion with @HackerSploit. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=B6hlqzfolBg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2022-4510: Directory Traversal RCE in binwalk
A path traversal vulnerability (CVE-2022-4510) was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 (inclusive). This vulnerability allows remote attackers to execute arbitrary code on affected installations of binwalk. User interaction is required to exploit this vulnerability in that the target must open the malicious file with binwalk using extract mode (-e option). The issue lies within the PFS (obscure filesystem format found in some embedded devices) extractor plugin that was merged into binwalk in 2017. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Vulnerability #CVE-2022-4510 #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn:...
https://www.youtube.com/watch?v=71e5iMoDDMA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5 Get 0 In Free Linode Credit ►► https://bit.ly/39mrvRM Get started with Intigriti: https://go.intigriti.com/hackersploit //CYBERTALK PODCAST Spotify...
https://www.youtube.com/watch?v=Yq2d9FuWjd8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Network Pentesting Course from 0 to Hacker | #cybersecurity #shorts
From a discussion with @HackerSploit. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=Ya24z_4o8po
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Year Cybersecurity Career Roadmap
In this video, I outline a concise 3-year Cybersecurity career roadmap designed for students or professionals looking to get started with a career in Cybersecurity in 2023 and beyond. Slides: https://bit.ly/3HlM3aw Black Hills 5-Year InfoSec Plan: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►►...
https://www.youtube.com/watch?v=oI9aaBpJvoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attacking Open Ports in Pentesting - Practical | #cybersecurity #shorts
From a discussion with @HackerSploit. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=WPmbwkzwtoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How much Coding you Actually Need for Bug Hunting | #cybersecurity #shorts
From a discussion with @TCMSecurityAcademy. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=Kfv2uErkPmg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackTheBox Battlegrounds - Server Siege (Practice Mode)
Wanna to watch me fail to gain a foothold on two @HackTheBox battlegrounds machines? Well, you're in luck! In this video, I compete in 2 practice games of battlegrounds server siege mode. Unfortunately, I didn't get a shell in either of the 15 minute matches but hopefully showing my real-time thought process and initial impressions of the competitive hacking mode will still be helpful to some people. If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #Battlegrounds #ServerSiege #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit:...
https://www.youtube.com/watch?v=Jo-2F-4f0F0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EZ Tools Manuals Interview with Andrew Rathbun
In this special guest episode of 13Cubed, I interview Andrew Rathbun of Kroll to discuss the new EZ Tools Manuals he's written. This documentation provides in-depth coverage of nearly all Windows forensic tools written by Eric Zimmerman. We also discuss a few other DFIR community projects at the end, so don't miss it! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - EZ Tools Manuals 20:40 - DFIR Artifact Museum 25:48 - Digital Forensics Discord Server 🛠 Resources EZ Tools Manuals: https://leanpub.com/eztoolsmanuals Vanilla Windows Reference: https://github.com/AndrewRathbun/VanillaWindowsReference DFIR Artifact Museum: https://github.com/AndrewRathbun/DFIRArtifactMuseum A Beginner's Guide to the Digital...
https://www.youtube.com/watch?v=Mz5hin8Wxak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Python Libraries used by Hackers | #cybersecurity #shorts
From a discussion with @HackerSploit. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx 10 Points for PentesterLab PRO: http://bit.ly/awesomepentester Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2 Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/ 101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=IUXkkZ52QfI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ultimate GraphQL Recon - A Tactical Approach
Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ GraphQL is widely adopted in the industry. Learn how to map its attack surface so as to safely and effectively protect it. GitHub: https://github.com/nicholasaleks/graphql-threat-matrix/ graphw00f: https://github.com/dolevf/graphw00f Free Chapter 4: https://nostarch.com/download/BlackHatGraphQL_ch4sample_102422.pdf __________ Resources - https://www.cybersecurityeducation.org/careers/ - https://www.coursera.org/articles/cybersecurity-jobs - https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/ - https://universityhq.org/how-to-become/cyber-security-jobs/ - https://www.coursera.org/articles/cybersecurity-career-paths My...
https://www.youtube.com/watch?v=c_RPptC4V9I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A New Program Execution Artifact - Windows 11 22H2 Update!
In this episode, we'll take a look at a new Windows 11 Pro 22H2 program execution artifact discovered in late December 2022. We'll cover the basics and then look at this new Program Compatibility Assistant (PCA) artifact in action on a Windows 11 system. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:52 - PCA artiFACTS 02:52 - Demo 11:28 - Recap 🛠 Resources New Windows 11 Pro (22H2) Evidence of Execution Artifact: https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/ Vanilla Windows Reference: https://github.com/AndrewRathbun/VanillaWindowsReference DFIR Artifact Museum: https://github.com/AndrewRathbun/DFIRArtifactMuseum 🙏 Special Thanks for Additional Research and...
https://www.youtube.com/watch?v=rV8aErDj06A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Expert in One Bug or Master of All (None) | #cybersecurity #shorts
From a discussion with @TheXSSrat. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Why only a handful of security researchers and bounty hunters make it and how can you be one of them? Free coding platforms: https://freecodecamp.org https://edabit.com https://codewars.com Free books: https://www.py4e.com/book.php https://www.golang-book.com/books/intro https://books.goalkicker.com/BashBook/ __________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx...
https://www.youtube.com/watch?v=wyulRbEzBGk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Learn Malware Analysis - With Real Malware Samples | #cybersecurity #shorts
How to learn reverse engineering fast with these 3 practical resources. From a discussion with @HackerSploit. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Why only a handful of security researchers and bounty hunters make it and how can you be one of them? Free coding platforms: https://freecodecamp.org https://edabit.com https://codewars.com Free books: https://www.py4e.com/book.php https://www.golang-book.com/books/intro https://books.goalkicker.com/BashBook/ __________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python...
https://www.youtube.com/watch?v=W2uqUW6DCaM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Learn Reverse Engineering Fast | #cybersecurity #shorts
How to learn reverse engineering fast with these 3 practical resources. From a discussion with @HackerSploit. Talk to me: https://dgtsec.com/contact ________________________________________________________________________________________________ Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ Why only a handful of security researchers and bounty hunters make it and how can you be one of them? Free coding platforms: https://freecodecamp.org https://edabit.com https://codewars.com Free books: https://www.py4e.com/book.php https://www.golang-book.com/books/intro https://books.goalkicker.com/BashBook/ __________ Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python...
https://www.youtube.com/watch?v=LSvfIwmqKME
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Red Team Defense Evasion Techniques - Hiding Linux Processes
In this video, I explore the process of evading defenses on Linux by hiding Linux processes with libprocesshider. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses. Process Hider GitHub Repository: https://github.com/gianlucaborello/libprocesshider //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER...
https://www.youtube.com/watch?v=GT-ClZAi6rE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Most Frequent Vulnerabilities I Found in 80+ Pentests in 2022
Burp Suite Deep Dive course: https://bit.ly/burpforpros ________________________________________________________________________________________________ These are the most frequent vulnerabilities I found in my pentests in 2022. __________ Resources - https://www.cybersecurityeducation.org/careers/ - https://www.coursera.org/articles/cybersecurity-jobs - https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/ - https://universityhq.org/how-to-become/cyber-security-jobs/ - https://www.coursera.org/articles/cybersecurity-career-paths My courses: Recon in Cybersecurity course: https://bit.ly/cybersecrecon Python for Pentesters course: http://bit.ly/2I0sRkm Python Basics course: http://bit.ly/37cmhlx Neural Networks with Tensorflow: http://bit.ly/tensorflownets Machine...
https://www.youtube.com/watch?v=Bob-_PtgvXA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Red Team Persistence Techniques - SSH Keys, Web Shells & Cron Jobs
In this video, I explore the process of establishing persistence on Linux via SSH keys, local accounts, web shells, and Cron Jobs. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=tNJs8CFj_B8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What The Security Industry Should Know About Reverse Engineering [ Reverse Engineering AMA ]
What is one thing you wish your peers in the security industry knew about reverse engineering? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS...
https://www.youtube.com/watch?v=SffxAVWmbk4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Do Companies Actually Pay Ransomware [ Reverse Engineering AMA ]
Do companies really pay ransomware? Do they buy bitcoin to pay? If they pay do they actually get their files back? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS...
https://www.youtube.com/watch?v=-CD82mTcy5A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ChatGPT For Cybersecurity
In this video, I go over the process of how to use ChatGPT and cover various examples of how to use ChatGPT for Cybersecurity. ChatGPT is an AI-driven chatbot launched by OpenAI in November 2022. It is trained using Reinforcement Learning from Human Feedback (RLHF). It is built on top of OpenAI's GPT-3.5 family of large language models and is fine-tuned with both supervised and reinforcement learning techniques. OpenAI ChatGPT: https://chat.openai.com/chat Timestamps: 0:00 Introduction 7:50 ChatGPT usage 10:45 Pentesting examples 13:10 Generating shells 14:25 Fuzzing 17:15 Shellcode 18:00 Custom emails 19:34 Macros 20:56 Buffer overflow 22:15 Automation 25:00 Blue team examples 28:33 ChatGPT impact on cybersecurity //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY...
https://www.youtube.com/watch?v=6PrC4z4tPB0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is The Future of Reverse Engineering [ Reverse Engineering AMA ]
What is the future of reverse engineering? What should we prepare for? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS...
https://www.youtube.com/watch?v=lilIOWzDeBA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Red Team Privilege Escalation Techniques - Kernel Exploits & SUDO Permissions
In this video, I explore the process of elevating privileges on Linux by leveraging kernel exploits, local accounts, and misconfigured SUDO permissions. Privilege Escalation consists of techniques adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=w2rElXYV2Fs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

One Trick To Level Up Your Reverse Engineering [ Reverse Engineering AMA ]
What is one trick or tip that really levelled up your reverse engineering? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS...
https://www.youtube.com/watch?v=EjVVbM6ub00
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Identify Unknown Crypto Functions [ Reverse Engineering AMA ]
How do you identify unknown crypto and compression algorithms when reverse engineering? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS...
https://www.youtube.com/watch?v=BGIDMpSztSk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]
What are some tips for dealing with static config extraction of .NET malware? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS...
https://www.youtube.com/watch?v=n435uL01T_E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is The Most Interesting Malware From 2022 [ Reverse Engineering AMA ]
What is the most interesting malware from 2022? What new techniques have been observed? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS...
https://www.youtube.com/watch?v=suxFVJijfbc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Most Embarrassing Malware You Have Analyzed [ Reverse Engineering AMA ]
What is the more embarrassing, crude, or downright outrageous malware that you have reverse engineered? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS...
https://www.youtube.com/watch?v=IIUbgphLJ5Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Switch Careers Into Reverse Engineering [ Reverse Engineering AMA ]
How do you switch your career and become a full time reverse engineer? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS...
https://www.youtube.com/watch?v=HzziSeRu55g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tips for Analysis of Large Complex Binaries [ Reverse Engineering AMA ]
What is the best way to approach reverse engineering a large and complex binary? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS...
https://www.youtube.com/watch?v=2rhyCGHHiSU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LastPass Data Breach - Password Security 101
In this episode of CyberTalk, I discuss the latest LastPass data breach (December 2022) and outline a failsafe password management policy for you, your family, and or your business. The following is a set of password security and management guidelines you should follow: 1. Generate secure, random, and complex passwords. 2. Use a new and unique password for every account. 3. Store your passwords with an offline password management database/vault like KeePass. 4. Take regular backups of your password database/vault and store them in a secure location (preferably only known to you). 5. Regularly change your passwords. 6. Develop a password handover contingency plan in the event of your death or incapacitation. 7. Remember, online platforms and solutions can go out of business or may not necessarily...
https://www.youtube.com/watch?v=MsxlsGAJ97c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Red Team Lateral Movement Techniques - PsExec & RDP
In this video, I will be exploring the process of performing lateral movement on Windows by leveraging PsExec and RDP. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER...
https://www.youtube.com/watch?v=QGkmlsvjMYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Red Team Privilege Escalation Techniques - Bypassing UAC & Kernel Exploits
In this video, I will be exploring the process of privilege escalation on Windows by leveraging various privilege escalation techniques. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Writeup: https://hackersploit.org/windows-privilege-escalation-fundamentals //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM...
https://www.youtube.com/watch?v=vPTbWnCZ0sg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation
In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Writeup: https://hackersploit.org/windows-red-team-defense-evasion-techniques/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=6xexyQwG7SY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackTheBox Certified Penetration Testing Specialist (CPTS) - Review + Tips
My review of the new @HackTheBox Certified Penetration Testing Specialist (CPTS) certification - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec #CPTS #Certification #Course ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢HackTheBox↣ https://www.hackthebox.com/newsroom/certified-penetration-testing-specialist-cpts https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist https://academy.hackthebox.com/path/preview/penetration-tester https://twitter.com/hackthebox_eu https://discord.gg/hackthebox ↢Video-Specific...
https://www.youtube.com/watch?v=UN5fTQtlKCc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dissect Effect - An Open Source IR Framework
In this episode, we'll take a look at the recently open sourced Dissect incident response framework from Fox-IT. We'll briefly examine the overall capabilities of the software, then we'll install it within a WSL 2 environment, and lastly, we'll take it for a test drive using a Windows Server 2019 disk image. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:37 - Installation 03:31 - Using target-query 11:01 - Using target-shell 14:33 - Recap 🛠 Resources Dissect Project: https://github.com/fox-it/dissect Dissect Documentation: https://docs.dissect.tools/en/latest/ #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=A2e203LizAM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible. Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4 Socials: https://twitter.com/InsiderPhD https://infosec.exchange/@insiderphd https://insiderphd.dev
https://www.youtube.com/watch?v=ZsmRQqjGb9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tier 1: Funnel - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Funnel" machine from tier one of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, pivoting/tunnelling and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢HackTheBox↣ https://app.hackthebox.com/starting-point https://twitter.com/hackthebox_eu https://discord.gg/hackthebox ↢Video-Specific...
https://www.youtube.com/watch?v=HxWtXhL1mVU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advent of Cyber 2022: Day 16 SQLi's the king, the carolers sing (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible. Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4 Socials: https://twitter.com/InsiderPhD https://infosec.exchange/@insiderphd https://insiderphd.development Nahamcon Secret ;) flag{2d01c445fbf95457a78aa68f4ddf6dec}
https://www.youtube.com/watch?v=iv02-Oi0TvM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advent of Cyber 2022: Day 15 Santa is looking for a Sidekick (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible. Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4 Socials: https://twitter.com/InsiderPhD https://infosec.exchange/@insiderphd https://insiderphd.dev
https://www.youtube.com/watch?v=9Pniza-s1ds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Risk-Based Vulnerability Management | PurpleSec
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Read The Full Case Study ---------------------------------------- https://purplesec.us/case-studies/travel-services-provider/ High Level Findings ------------------------------- PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period: - 75% MTTR reduction. - 86% vulnerability risk reduction. - M average annual savings for the client. - 1.6k average monthly man-hour savings. -...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Extreme Transparency or Corporate Security Responsibility?
We can all agree in theory that transparency is a good thing, but how far are you really willing to push it when the worst happens? Alex Rice and Will Farrell challenge organizations to push for transparency regardless of their situation, industry, or stakeholders. In this session, they explore the limits of corporate transparency and reframe it in the context of Corporate Security Responsibility. Key takeaways: -Understand why the message of transparency works -Learn the strategies for creating a culture of transparency and collaboration -Get the tools to translate transparency into board-friendly language Find out more about Corporate Security Responsibility: https://www.hackerone.com/corporate-security-responsibility
https://www.youtube.com/watch?v=V7jyrIkNukE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tier 0: Synced - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Synced" machine from tier zero of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, rsync (file transfer) and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢HackTheBox↣ https://app.hackthebox.com/starting-point https://twitter.com/hackthebox_eu https://discord.gg/hackthebox ↢Video-Specific...
https://www.youtube.com/watch?v=RcnJ_xlErdE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Let's Talk About MUICache
In this episode, we'll take an in-depth look at Windows MUICache. We'll start by reviewing the purpose of this Windows feature, the metadata it collects, and its forensic value in showing evidence of program execution. Then, we'll jump into a demo and see it in action. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:54 - Background 03:42 - MUICache artiFACTS 07:20 - Demo 🛠 Resources Forensic Analysis of MUICache Files in Windows https://www.magnetforensics.com/blog/forensic-analysis-of-muicache-files-in-windows/ #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=ea2nvxN878s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MITRE ATT&CK Framework For Offensive & Defensive Operations
In this live training session, I will introduce you to the MITRE ATT&CK framework and will cover the process of operationalizing it for both offensive and defensive operations. //LIVE TRAINING AND BOOTCAMPS Introduction To C2 Frameworks: https://cyberranges.clickmeeting.com/introduction-to-c2-frameworks-3-day-webinar/register //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials...
https://www.youtube.com/watch?v=ujaoOWmkGLY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Updates & Content Schedule - Q4 2022 - Q2 2023
This video outlines the latest updates from the HackerSploit team and goes over the content development plan for Q4 2022 - Q2 2023. //CERTIFICATIONS Certified Exploitation & Post-Exploitation Professional (CEPP): https://cyberranges.clickmeeting.com/exploitation-post-exploitation-3-day-bootcamp/register //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT...
https://www.youtube.com/watch?v=BnkhIpfc1aU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Many Timestamps??? #Shorts
How many timestamps *could* exist for a given file on an NTFS filesystem. Watch this to find out! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=xeevyCqC62E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64
Why looking into a 30 years old "malicious" software make sense in 2022? Because this little "jewels", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.
https://www.youtube.com/watch?v=Dl7l7gdr34o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 BiC Village - Segun Olaniyan- Growth Systems for Cybersecurity Enthusiasts
The presentation gives perspective to the systems of growth for cybersecurity starters, students and enthusiasts that are rarely known or mentioned in the cybersecurity field and have helped many professionals grow from newbies to the experts they are today. These are systems that will help cybersecurity students become relevant in the industry as a student; these are systems that will give cybersecurity enthusiasts a voice in the industry, they are capable of giving newbies rapid growth in the industry, I call them Growth Systems for Cybersecurity Enthusiasts.
https://www.youtube.com/watch?v=s-iLGZQTYaM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - Silk - DEF CON Memorial Interview
See more of SIlk's hacker videos at : YouTube.com/alexchaveriat YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=Pv33I_GXOGA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 Car Hacking Village - Evadsnibor - Getting Naughty on CAN bus with CHV Badge
Explain how the CHV badge can generate CAN waveforms (and other digital protocols) with different errors to disrupt vehicle networks. More than an ARB, the generation can be interactive - where the waveform can change based on the response of the network. The talk will focus on the Raspberry Pi rp2040 in the CHV badge and its hacker potential.
https://www.youtube.com/watch?v=ItPVA3x77EQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - Silk- GoKarts
See more of SIlk's hacker videos at : YouTube.com/alexchaveriat YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=zf4oHEqAHQA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - Silk - Hacker Karaoke
See more of SIlk's hacker videos at : YouTube.com/alexchaveriat YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=CGoM35pojcU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 BiC Village - Alexis Hancock - The Man in the Middle
The Trans-Atlantic Slave Trade was a dark, cruel time in the history of much of the Americas. The horrors of slavery still cast their shadow through systemic racism today. One of the biggest obstacles enslaved Africans faced when trying to organize and fight was the fact that they were closely watched, along with being separated, abused, and tortured. They often spoke different languages from each other, with different cultures, and beliefs. Organizing under these conditions seemed impossible. Yet even under these conditions including overbearing surveillance, they developed a way to fight back.The continued fight today is an evolution of that history established from dealing with censorship and authoritarian surveillance. This talk walks through the technology and the tools used to fight...
https://www.youtube.com/watch?v=bIXFWZuMHr4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 Car Hacking Village - Soohwan Oh, Jonghyuk Song, Jeongho Yang - Smart Black Box Fuzzing
How to solve the difficulties when performing black box fuzzing on the real automobiles. First, coverage-guided fuzzing is impossible, so we should generate testcases with full understanding of UDS CAN, such as message flows, frame types. Second, it is hard to decide whether errors occurred, we should check timeout, pending response, DTC (diagnostic Trouble Code) and NRC (Negative Response Code). Third, even if the target ECU is dead, we should continue the fuzzing by using ClearDiagnosticInformation and ECUReset. During this talk, audiences can learn the effective and practical CAN fuzzing guides on the technical level.
https://www.youtube.com/watch?v=C1_ZIXZVIBg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 Car Hacking Village - Mohammed Shine - Remote Exploitation of Honda Cars
The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with its Telematics Control Unit (TCU)
https://www.youtube.com/watch?v=BKzkZPz3n_c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - Silk - XOR Machine
See more of SIlk's hacker videos at : YouTube.com/alexchaveriat YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=7Ds8M38GqP8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 Car Hacking Village - Kevin2600, Li Swei - Biometrics System Hacking of the Smart Vehicle
Biometric systems such as face recognition, voice-print identification is extensively used for personal identification. In recent years more and more vehicle makers are implemented the facial recognition systems into the modern vehicle. However, how secure these systems really are? In this talk, we will present some of simple yet very practical attack methods, to bypass the face recognition systems found on some modern vehicles, in order to login or even start the engine. We will also diving into the journey of how to spoof the voiceprint based system. To trick the Smart speakers authentication mechanism to shopping online. Or generated a "unharmed" song with a specific command secretly embedded within. eg. "Open the car window"
https://www.youtube.com/watch?v=_mPW_iul97M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - Silk - Plane Hacking
See more of SIlk's hacker videos at : YouTube.com/alexchaveriat YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=6DHi-qC1jww
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - Silk - BlacksinCyber Village Interview

https://www.youtube.com/watch?v=go4kkRIwjQ8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 - MKFactor Badge talk
Silk talks badges and more with MKFactor, the badge creators for DEF CON 30. See more of SIlk's hacker videos at : YouTube.com/alexchaveriat YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=A6bFMqx2LpU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 30 Car Hacking Village - Jay Turla - canTot A CAN Bus Hacking Framework
canTot is a cli framework similar to the usage of known frameworks like Metasploit, dronesploit, expliot, and Recon-ng. The fun thing is that it contains fun hacks and known vulnerabilities disclosed. It can also be used as a guide for pentesting vehicles and learning python for Car Hacking the easier way. This is not to reinvent the wheel of known CAN fuzzers, car exploration tools like caring caribou, or other great CAN analyzers out there. But to combine all the known vulnerabilities and fun CAN bus hacks in automotive security.
https://www.youtube.com/watch?v=OBC0v5KDcJg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Impacket Impediments - Finding Evil in Event Logs
In this episode, we'll take a look at the five (5) Impacket exec commands: atexec.py, dcomexec.py, psexec.py, smbexec.py, and wmiexec.py. The goal is to understand what event log residue we should be looking for on the target system, both with standard "out-of-the-box" log configuration, and with additional configurations such as process auditing with command line. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:32 - atexec.py 13:46 - dcomexec.py 19:30 - psexec.py 23:57 - smbexec.py 30:58 - wmiexec.py 36:55 - Recap 🛠 Resources Impacket Exec Commands Cheat Sheet: https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet.pdf Impacket Exec Commands Cheat Sheet (Poster): https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet_poster.pdf #Forensics...
https://www.youtube.com/watch?v=UMogme3rDRA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tier 0: Mongod - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Mongod" machine from tier zero of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, mongo (NoSQL) databases and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢HackTheBox↣ https://app.hackthebox.com/starting-point https://twitter.com/hackthebox_eu https://discord.gg/hackthebox ↢Video-Specific...
https://www.youtube.com/watch?v=xbCrF7b3mEA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Read the full article... https://purplesec.us/learn/vulnerability-management-program/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz RSS: https://feeds.buzzsprout.com/2137278.rss Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leveraging Bug Bounties for Your Career | Panel
Bug bounty isn't just a way to sharpen you skills and collect bounties. Listen to hackers The_Arch_Angel, none_of_the_above, and Niemand_sec talk to HackerOne Community Director Jessica Sexton about ways to utilize your career as a bug hunter for your future career. This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas! Follow The_Arch_Angel: https://twitter.com/ArchAngelDDay Follow none_of_the_above: https://twitter.com/lean0x2f Follow niemand_sec: https://twitter.com/niemand_sec Follow Jessica: https://twitter.com/sgtcardigan ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01​ ◇ Twitch → https://twitch.tv/HackerOneTV ◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=gul-DFzibaE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities I've Found: The Fun, the Weird and the Technical | Roni Carta
Roni Carta is a hacker who grew up playing video games becoming engrossed in the idea of creating them himself. Inspired by the master thief Arsene Lupin, Roni has learned to use his skills to outsmart and find creative ways to exploit systems. This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas! Follow Roni: https://twitter.com/0xLupin ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01​ ◇ Twitch → https://twitch.tv/HackerOneTV ◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=EM2ZNMA3ggg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fuzzing XSS Sanitizers for Fun and Profit | Tom Anthony
In 1998 Tom was arrested for hacking, and was told he was looking at over 270 years in prison. Time for a career change! Tom went on to a life as an academic, earning a PhD in Artificial Intelligence, before starting a career as an SEO consultant (you think telling people you are a hacker is bad -- try telling them you do SEO!). Although nowadays his day job is as CTO of an SEO SaaS business, Tom still has 'the itch.' This took him from being the first person to ever be awarded a bounty for hacking Google's search algorithm, to hitting the news when he tried to join Boris Johnson's cabinet meeting on Zoom, and discovering a few fun bugs along the way. This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas! Follow Tom: https://twitter.com/TomAnthonySEO ▼ Keep...
https://www.youtube.com/watch?v=gJGbS8UELGw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking VNC Clients with Evil Servers | Eugene Lim
Eugene Lim hacks for good! He has helped secure products and data from a range of vulnerabilities. He is interested in application security and securing user data through sustainable DevSecOps practices. In 2019, he won the Most Valuable Hacker award at the H1-213 live hacking event in Los Angeles organized by HackerOne, US Air Force, UK Ministry of Defense, and Verizon Media. In 2021, he was 1 of 5 selected from a pool of 1 million white hat hackers for the H1-Elite Hall of Fame. This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas! Follow Eugene: https://twitter.com/spaceraccoonsec ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01​ ◇ Twitch → https://twitch.tv/HackerOneTV ◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en...
https://www.youtube.com/watch?v=5kWDNVfNAqg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Bug Hunter's Methodology - Application Analysis | Jason Haddix
Jason is the Head of Security for a leading videogame company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before that, Jason had a distinguished 10-year career as a penetration tester and was Director of Penetration Testing for HP. He is a hacker and bug hunter through and through and currently specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children. Jason has presented all over the world teaching ethical hacking, including speaking and keynotes at conferences such as DEFCON, BlackHat, RSA, Rootcon, NullCon, B-sides, and SANS. This H@cktivitycon...
https://www.youtube.com/watch?v=FqnSAa2KmBI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Submitting High Quality Bug Bounty Reports - Tips from Behind the Curtain | Roy Davis
Roy Davis is a security researcher and engineer with 20 years of pentesting and programming experience. He has worked on security teams at Zoom, Salesforce, Apple, Barclays Bank, and Thomson Reuters. Roy has presented at several security conferences starting in 2008 to his most recent talk at DEFCON 29. Roy currently manages the Bug Bounty program at Zoom. This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas! Follow Roy Davis: https://twitter.com/Hack_All_Things ▼ Keep up with us ▼ ◇ Twitter → https://twitter.com/Hacker0x01​ ◇ Twitch → https://twitch.tv/HackerOneTV ◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=mUYWXRI0WIo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading... https://purplesec.us/learn/vulnerability-remediation/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users. The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings. Chapters --------------- 00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's on My DFIR Box?
By popular request, this episode provides a walkthrough of the hardware and software I utilize for my digital forensic workstation. While this is probably more beneficial for people new to the DFIR field, I suspect it will still be interesting to a wide range of viewers. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:42 - Windows Subsystem for Linux (WSL) 2 03:18 - Windows Terminal 04:39 - Sysinternals Suite 05:31 - Microsoft PowerToys 06:20 - DCode 07:04 - FTK Imager 07:31 - PST Walker 08:53 - Arsenal Image Mounter 09:35 - Hibernation Recon 10:05 - Kroll Artifact Parser and Extractor (KAPE) 10:42 - NirSoft Tools 11:49 - X-Ways Forensics 12:19 - Eric Zimmerman Tools 14:09 - Chainsaw 14:21 - INDXRipper 14:26...
https://www.youtube.com/watch?v=-xGfzCT6TUQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=hd4dy1jZPS0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Denver 2022 (H1-303)
Check out our highlights from H1-303!
https://www.youtube.com/watch?v=tMqF4f7WR6M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Austin w/ Github 2022 (H1-512)
Check out the highlights from H1-512!
https://www.youtube.com/watch?v=gm2s8IlJW6A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Vulnerability Management? (Explained By Experts) | PurpleSec
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz RSS: https://feeds.buzzsprout.com/2137278.rss Chapters --------------- 00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Ngrok
Additional information can be found at ngrok.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DRIbd9-bXvA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hertzbleed Attack Impacting Intel & AMD CPUs | Security Insights By PurpleSec
In June 2022, a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, have published an article on their website about a new attack they developed called Hertzbleed. This attack allows attackers to detect variations in the frequency of CPU using something called Dynamic voltage and frequency scaling or DVFS in short, and steal entire cryptographic keys in that way. Intel's security advisory states that all Intel processors are affected. We have experimentally confirmed that several Intel processors are affected, including desktop and laptop models from the 8th to the 11th generation Core microarchitecture. AMD's security advisory states that several of their desktop, mobile and server processors are affected....
https://www.youtube.com/watch?v=ta8aOUEGyLc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PACMAN M1 Chip Attack Explained | Security Insights By PurpleSec
The team at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a way to attack the pointer authentication in Apple's M1 chip to execute arbitrary code on Macintosh systems. The team says that the vulnerability is found in other ARM chips, not just the M1 – but it hasn't yet had the chance to try it against the M2. In order to get a little closer to this attack and what is the main characteristic and basis of the attack, we have to mention the PAC itself. Pointer Authentication is a security feature that adds a cryptographic signature to operating system pointers, named Pointer Authentication Code (PAC). This allows the OS to spot and block unexpected changes that may lead to data leaks. Chapters --------------- 00:00 - Summary Of The Attack 01:00...
https://www.youtube.com/watch?v=qfnV6iwWCY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Hackerwares
Additional information can be found at hackerware.io. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ImZPTNDX1L0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cleartrip Suffers Massive Data Breach | Security Insights By PurpleSec
Cleartrip is a popular travel-booking platform, founded back in 2006 and acquired by Walmart-owned Flipkart in April 2021. Cleartrip has suffered a massive data breach through what they claim was a “security anomaly” of their internal systems. Their confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022. Their current platforms are fully functional and they state that the data breach is being dealt with, technically and legally. It is also worth mentioning that this isn't the first data breach that Cleartrip has dealt with. The company also suffered a data breach in April 2017 when Cleartrip's website was defaced by a hacking group called “Turtle Squad ” after they gained unauthorized...
https://www.youtube.com/watch?v=WNQZBhXNYio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - SEKTOR7
Additional information can be found at sektor7.net. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=eqaEunkWTcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Maui Ransomware Attacking Healthcare | Security Insights By PurpleSec
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which is claimed to have been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. In June 2022, the Stairwell research team investigated one of lesser-known ecosystems of Ransomware-as-a-Service, the Maui ransomware. Maui has been shown to have a lack of several key features which are commonly seen with tooling from RaaS providers, such as an embedded ransom note to provide recovery instructions or automated means of transmitting encryption keys to attackers. Chapters --------------- 00:00...
https://www.youtube.com/watch?v=csswVeGUgEg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tier 1: Three - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Three" machine from tier one of the @HackTheBox "Starting Point" track; "You need to walk before you can run". We'll be exploring the basics of enumeration, service discovery, directory busting, insecure s3 buckets, aws-cli and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec ↢Social Media↣ Twitter: https://twitter.com/_CryptoCat GitHub: https://github.com/Crypto-Cat HackTheBox: https://app.hackthebox.eu/profile/11897 LinkedIn: https://www.linkedin.com/in/cryptocat Reddit: https://www.reddit.com/user/_CryptoCat23 YouTube: https://www.youtube.com/CryptoCat23 Twitch: https://www.twitch.tv/cryptocat23 ↢HackTheBox↣ https://app.hackthebox.com/starting-point https://twitter.com/hackthebox_eu https://discord.gg/hackthebox ↢Video-Specific...
https://www.youtube.com/watch?v=sV9M4LKKT9s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Offensive Security
Additional information can be found at www.offensive-security.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=_Hd6p1do7rw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Write A Penetration Testing Report
This video outlines the importance of penetration testing reports and what makes up a good penetration testing report. //LINKS Penetration Test Reports: https://pentestreports.com/ SANS Whitepaper: https://www.sans.org/white-papers/33343/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN Affiliate Link...
https://www.youtube.com/watch?v=J34DnrX7dTo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MemProcFS - This Changes Everything
Imagine being able to "mount" memory as if it were a disk image. With a single command, MemProcFS will create a virtual file system representing the processes, file handles, registry, $MFT, and more. The tool can be executed against a memory dump, or run against memory on a live system. This is a game changer for memory forensics! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:42 - Installation 02:41 - Demo 🛠 Resources MemProcFS: The Memory Process File System: https://github.com/ufrisk/MemProcFS #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=hjWVUrf7Obk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - BC Security
Additional information can be found at www.bc-security.org. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RCXMqdr2h5k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Nahamsec
Additional information can be found at nahamsec.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=U52MQa4W_JA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC30 - Red Team Village - Optiv
Additional information about Optiv can be found at optiv.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=FLu-eyHDapk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Conti Costa Rica Ransomware Attack Explained | Security Insights By PurpleSec
On May 8th, 2022 the President of Costa Rica Rodrigo Chaves declared a national emergency due to an ongoing Conti ransomware campaign against several Costa Rican government entities starting in April of this year. Conti is a prolific ransomware-as-a-service operation that has been infecting and damaging systems since it was first observed in 2020. Attributed to the threat group called WizardSpider by CrowdStrike in 2019. The group is also known for TrickBot and the Ryuk ransomware distributed through the ZLoader botnet which we previously reported as shutdown by Microsoft. Chapters --------------- 00:00 - Summary Of The Attack 00:36 - What Happened? 01:13 - New & Novel Techniques 02:06 - The Ransom Demand 02:39 - Impact Of The Breach 03:04 - Preventing Ransomware Attacks 03:52 - Wrapping...
https://www.youtube.com/watch?v=hW3t36YG2s8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vote for 13Cubed! #Shorts
❤️ Vote for 13Cubed in the 2022 Forensic 4:cast Awards! https://forms.gle/nRDGNP2qeEVPPyPj6
https://www.youtube.com/watch?v=oepwM6cEOxs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Virtual Hacking Event Recap: PayPal 2022 (H1-2204)
Check out highlights from H1-2204!
https://www.youtube.com/watch?v=MPV6PgbvkME
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Anatomy of an NTFS FILE Record - Windows File System Forensics
In this episode, we'll talk about the structure and composition of an NTFS FILE record. Then, we'll take a look at a sample record for a resident file and learn how to manually extract the important attributes. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:08 - Analysis 🛠 Resources Anatomy of an NTFS File Record (Cheat Sheet): https://www.13cubed.com/downloads/ntfs_file_record.pdf Everything I know about NTFS (primary reference for this episode): https://kcall.co.uk/ntfs/ 010 Editor: https://www.sweetscape.com/010editor/ #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=l4IphrAjzeY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Performing Web Searches From Your Terminal
How to perform web searches from your terminal with Oh My Zsh. Oh My Zsh: https://ohmyz.sh/ How to setup Oh My Zsh: https://www.youtube.com/watch?v=njDuayF9Q6k Web Search Plugin: https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/web-search/web-search.plugin.zsh //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN...
https://www.youtube.com/watch?v=64TlFUnPiz4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I Got Started In Cybersecurity
In this episode of the CyberTalk Podcast, I outline my journey to becoming a penetration tester and go over the key milestones in my career and how they eventually paved the way to becoming a cybersecurity professional. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5 Get...
https://www.youtube.com/watch?v=87aOIeG3AVM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Use Bug Bounty to Help Your Career!
So I've now had a job it security, whooo, but what did I learn? Well I spoke to a lot of people who hire for jobs and wanted to tell you what I learned when it came to career planning and how I leveraged my bug bounty knowledge to get that security job! Sponsored by Detectify, find out more at: https://detectify.com/haksec - Social Media - Discord: https://insiderphd.dev/discord Patreon: https://www.patreon.com/insiderphd Twitter: https://twitter.com/insiderphd
https://www.youtube.com/watch?v=qhzthf-Ssow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My API Testing Automated Toolbox
APIs in the real world are huge, especially on large scope programs. In this video I share with you my top tools I use when testing and what I have in my toolbox. I tried to make this one short, but I really want to present a full methodology so you know what each tool does and how I use it to actually find bugs. - The Tools - Recon: Amass, Lazyrecon, webscreenshot, BBHT API Enumeration: Kiterunner, fuff, Axiom, TomNomNom Wordlist method, inQL Vulnerabilities: Autorize, logger++, SQLMap, NoSQLMap, JWT_Tool, Burp - Social Media - Discord: https://insiderphd.dev/discord Patreon: https://www.patreon.com/insiderphd Twitter: https://twitter.com/insiderphd
https://www.youtube.com/watch?v=5qSq1S2sRC8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Escalating Your Bugs With GDPR Impact
GDPR was a landmark piece of data privacy legislation that was passed in the EU, it offers a ton of security for EU citizens, but it also puts some pretty stringent requirements on organisations which process this data. For bug bounty hunting this is great, we can really prove and explain the impact of our bugs, netting us higher bounties! Did you know this episode was sponsored by Intigriti? Sign up with my link http://go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome! This month as a thank you for bearing with me as I get back into video making we're doing a giveaway! To win one of the following prizes please enter via a comment...
https://www.youtube.com/watch?v=7JiOqXIZHy0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Easy IDOR hunting with Autorize? (GIVEAWAY)
I've said it once and I'll say it again APIs are some of the best applications to hunt on, and now I've worked at a platform I have some data to back me up that IDORs are fantastic first bugs and they are EVERYWHERE! But, when we test a real API vs a lab or CTF there are so many endpoints and resources and stuff to test, so what if we could make IDOR hunting easier? What if we could automate it? Well this is what Autorize is designed to do! This free Burp extension allows us to automatically make a second request to test if our attacker account can do something to affect our victim. It's such a useful tool to have installed I 100% recommend it especially if you're a beginner. Did you know this episode was sponsored by Intigriti? Sign up with my link http://go.intigriti.com/katie I'm so pleased...
https://www.youtube.com/watch?v=2WzqH6N-Gbc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Try Hack Me: Advent of Cyber 2021 - Day 3
Play this TryHackMe Room with me https://tryhackme.com/room/adventofcyber3 Hi everyone, something a bit different this week, I've worked with TryHackMe to produce a little walkthrough of their day 3 challenge, don't worry if you've not started it's only day 3 and you can totally catch up! If you're not already using TryHackMe it's a CTF/learning platform for learning a bunch of security topics, and if you're used to learning in school you'll probably vibe really well. There are distinct learning paths that they take you through and each one is a little tutorial with some questions at the end. It's really affordable and has a student discount. Full disclosure: This video was not paid for by TryHackMe, I just like the website and said yes when they asked for some help with making videos. They...
https://www.youtube.com/watch?v=8dUylKcDUvU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Power of Social Engineering by Mishaal Khan
Speaker: Mishaal Khan Often times we hit a wall in our pentesting engagements. Sometimes all you need to do is ask! I'll go over a few real life scenarios where a bit of social engineering compromised an entire organization, made the difference between a successful and failed spear phishing campaign and how this super power is used to control a difficult situation, steer the outcome and get what you want. Recon, OSINT, planing, framing, ethical hacking, and reading expressions and body language all are components of this super power. The Red Team Village track at Hacktivitycon2021 Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xRnVzafXZjQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Writing Better Vulnerability Reports - Nikhil Srivastava
Speaker: Nikhil Srivastava This Talk will covers all about how to write better vulnerability reports ranges from title, description, impact, CVSS, steps to reproduce and recommended fix to help individuals doing triage to quickly assess the reports. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=h2bFLkML_cc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PEzoNG: Advanced Packer For Automated Evasion - Dimitri Di Cristofaro - Giorgio Bernardinetti
Title: PEzoNG: Advanced Packer For Automated Evasion On Windows Speakers: Dimitri Di Cristofaro and Giorgio Bernardinetti A fully undetectable (FUD) executable is a highly coveted goal in cybersecurity field, especially in the case of Red Teams. In this talk we present the design and implementation of PEzoNG, a framework for automatic creation of FUD binaries in a Windows environment. PEzoNG features a custom loader for Windows binaries, polymorphic obfuscation, a payload decryption process and a number of anti-sandbox and anti-analysis evasion mechanisms - in particular we present a novel userland unhooking technique. In addition, the custom loader supports a large amount of Windows executable files, and features stealth and bleeding-edge memory allocation schemes. Finally we show the...
https://www.youtube.com/watch?v=RZAWSCesiSs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentest Collaboration Framework - Ilya Shaposhnikov
Title: Pentest Collaboration Framework Speaker: Shaposhnikov Ilya Pentest Collaboration Framework. It's analogue of such utilities as Dradis and Faraday, but it is open source( free), portable (sqlite3) and cross-platform (python v3.9). The main task of the utility is to create a workspace for penetration testers/red teams to join all information about projects: hosts, hostnames, ports, notes, chats, issues, networks and more! Moreover you can export this information as: word, raw txt or defined variables only with user-defined templates. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=bcNa-ZtcphE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploitation with Reverse Shell and Infection with PowerShell using VBS
Title: Exploitation with Reverse Shell and Infection with PowerShell using VBS Speaker: Filipi PIres The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this presentation brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain the access inside the victim's machine and after that performing a Malware in VBS to infected the victim machine through use some scripts in PowerShell to call this malware, in our environment bypassing some components and engines, such as: Malware Protection - Associated IOC (Command entered in script), Suspicious Processes, File System Access, Suspicious Processes, Suspicious Scripts...
https://www.youtube.com/watch?v=73f6Jei3W8M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SSH Tunnels: Creating Reverse Proxies and Evading Network Detection - Cory Wolff
Title: SSH Tunnels: Creating Reverse Proxies and Evading Network Detection Speaker: Cory Wolff SSH tunneling is a valuable component of the red teamer's toolkit when used correctly - but that's the hard part. Demystifying reverse port forwards, local port forwards, and dynamic port forwards can be a challenge for any operator. This talk will begin with the basics of SSH tunneling and then focus on ways to utilize them to create reverse proxies and evade network monitoring during an engagement. It aims to provide clarity on the use of these different port forwards and provide examples on how to use them in an offensive security scenario. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=BQQKO-MC1-U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Is Social Engineering Effective? (Expert Explains) | PurpleSec
We interview Darius Burt, who is a cyber security leader and a frequent voice in the community on all things social engineering. During the interview Darius answers our burning question: Why does social engineering work? What You'll Learn: - How human psychology is connected to social engineering. - What personality types are most vulnerable to social engineering attacks. - Three newer social engineering tactics in use by threat actors. - How businesses can educate employees of the latest attacks beyond computer training. Connect with Darius - https://www.linkedin.com/in/darius-burt-a146b8137/ #SocialEngineering #WhyItWorks #SecurityMaturity
https://www.youtube.com/watch?v=V7O8oeyIwkM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)