16 - Open Redirect (low/med/high) - Damn Vulnerable Web Application (DVWA)
16 - Open Redirection (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Open Redirects↣
@PwnFunction: https://www.youtube.com/watch?v=4Jk_I-cw4WE
https://learn.snyk.io/lessons/open-redirect/javascript
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect
https://cwe.mitre.org/data/definitions/601.html
https://portswigger.net/support/using-burp-to-test-for-open-redirections
↢Chapters↣
Start...
https://www.youtube.com/watch?v=I5jko9mLNO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille
N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c
Fun stream hanging out with @c3rb3ru5d3d53c and trying to reverse engineer her malware challenge! API hashing, stack strings, and rick rolls, we've got it all!
Full workshop samples and solutions:
https://github.com/c3rb3ru5d3d53c/reworkshop
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=amnvrOLRGHA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting the Cloud from Ransomware | Host: Ryan Chapman | June 20, 2023
Ransomware continues to pose a serious threat to organizations, and the threat is only growing as ransomware attacks increase in sophistication and number.
This episode of Wait Just an Infosec is hosted by ransomware subject-matter expert Ryan Chapman, who invites on cloud DFIR SME Megan Roddie and other special guests for a lively discussion aimed at helping arm our community with actionable tactics to combat ransomware attacks in cloud environments.
Receive an overview of what is actually happening in the cloud with ransomware, and get your questions answered in a live Q&A with the experts.
#WJAI #WaitJustanInfosec #Infosec #Cybersecurity #InformationSecurity #Ransomware #CloudSecurity #RansomwareTraining #RansomwareCourse #RansomwareSummit
https://www.youtube.com/watch?v=oP81aSassNo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is PowerShell the root of all Hacking evil? (Cybersecurity needs a solution!)
Why are hackers winning the ransomware war?
A very big thank you to Cisco for sponsoring my Cisco Live trip and this video.
In this video I interview Tom Gillis about why hackers are winning and how to protect ourselves against the attacks.
Go here for more information about the announcements: https://newsroom.cisco.com
Cisco Talos Video: https://youtu.be/SyaP9GDNIug
// Tom's Socials//
Twitter: https://twitter.com/_tomgillis
LinkedIn: https://www.linkedin.com/in/tomgillis1
Cisco Newsroom: https://newsroom.cisco.com/c/r/newsroom/en/us/executives/tom-gillis.html
// David's Social //
Discord: https://discord.gg/davidbombal
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co...
https://www.youtube.com/watch?v=OXRWk4jWMJs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Now Scammers Can RENT Email Addresses for Cybercrime
https://j-h.io/snyk || Try Snyk to find vulnerabilities in your own code and applications FOR FREE ➡ https://j-h.io/snyk
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle ➡ https://j-h.io/humblebundle
🐶Snyk...
https://www.youtube.com/watch?v=O36COhOWFg0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2
How to do asset detection at home — and for free | Cyber Work Hacks
Huxley Barbee, security evangelist at runZero, talks about the nuts and bolts of asset detection on a large scale, specifically around the U.S. federal government's current directive. Here, we will shrink the playing field and tell newcomers to security how to do your home asset detection!
0:00 - Asset detection at home
1:18 - What is asset detection?
2:44 - Is asset detection difficult?
3:39 - Do asset detection on your network
4:45 - Asset detection on a school network
6:50 - How to put asset detection on your resume
9:44 - What to study for asset detection roles
10:31 - Learn more about runZero
11:15 - Outro
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications...
https://www.youtube.com/watch?v=96-TKk2BwSk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FAKE Microsoft Login to Hacked Charity Scam
https://j-h.io/proton || Get privacy by default with Proton, and stop other companies from exploiting your data! You can get started with Proton for free at https://j-h.io/proton
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble...
https://www.youtube.com/watch?v=3Vy2l1kv7Cc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Bug Bounty Hunting with These Resources!
I made this video a few years ago but as you can imagine the bug bounty community moves quickly, so here is a new list of resources for 2023 and some of my favourite newsletters, YouTube channels, blogs, write ups, books and more that I recommend if you're just getting started!
https://www.youtube.com/watch?v=guh96GpGWx8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Return Address Spoofing Tutorial
🔥 Hide From Anti-Cheats by Using Return Address Spoofing
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗GH Article: https://guidedhacking.com/threads/return-address-spoofing.20390/
Full Credits to namazso - we are just explaining how his code works
🔗 https://www.unknowncheats.me/forum/anti-cheat-bypass/268039-x64-return-address-spoofing-source-explanation.html
📜 Video Description:
Return address spoofing is a technique frequently utilized in numerous exploits, including buffer overflow attacks. Understanding how to spoof return addresses can provide insight into this often-used trick in the world of reverse engineering and video game...
https://www.youtube.com/watch?v=bSQau-PaCTE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and Networking just changed!
Cybersecurity and Networking just changed with major announcements from Cisco.
Cisco have announced new platforms and solutions that integrate AI and native telemetry to stop cyber attacks and better manage networks. This includes the major goal of simplification.
A very big thank you to Cisco for sponsoring my Cisco Live trip and this video.
In this video I interview Jeetu Patel and Jonathan Davidson about the future of networking and cybersecurity (and the effects of AI on all of us).
Go here for more information about the announcements: https://newsroom.cisco.com
// Jeetu's Social //
Twitter: https://twitter.com/jpatel41
LinkedIn: https://www.linkedin.com/in/jeetupatel
//Jonathan's Social //
Twitter: https://twitter.com/jonathandavidsn
LinkedIn: https://www.linkedin.com/in/jonathandavidson1...
https://www.youtube.com/watch?v=hNHsYgLQsg0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon FINED For Privacy Violations - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
This MacOS flaw can bypass security protections, Russia Accuses the US of hacking iphones, and Amazon is hit with a fine for privacy violations! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: xxx
Chapters:
00:00 MacOS Flaw Bypasses Security Protection
03:44 Russia Accuses US of iOS Hacking
06:44 Amazon Fined...
https://www.youtube.com/watch?v=0XyODke1vt4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What it's like to work in asset discovery? | Cyber Work Podcast
Tech evangelist Huxley Barbee from runZero talks about some of the basic day-to-day work that goes into asset discovery and asset inventory, including the challenges of using conventional security tools like port scanners and fuzzing, which could disrupt network operations.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune...
https://www.youtube.com/watch?v=_-U95cXvB-M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The importance of assets in cybersecurity | Cyber Work Podcast
Tech evangelist Huxley Barbee from runZero talks about some of the basic day-to-day work that goes into asset discovery and asset inventory, including the challenges of using conventional security tools like port scanners and fuzzing, which could disrupt network operations.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune...
https://www.youtube.com/watch?v=XKCc2aHpQbs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Importance of a full asset inventory | Cyber Work Podcast | #shorts
Tech evangelist Huxley Barbee from runZero talks about a practical reason why companies should across the board be working on a full asset inventory of their network; when a breach inevitably happens, there's nothing worse than finding out it came from an asset you didn't even know was still on the system.
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security...
https://www.youtube.com/watch?v=djUHxVkqoOc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is the FOR528: Ransomware for Incident Responders course all about?
Listen to FOR528: Ransomware for Incident Responders course author Ryan Chapman as he provides a detailed description of what the course is all about and how the course's extensive hands-on labs make this class a must take for all DFIR practitioners.
For more information about the course visit: https://www.sans.org/cyber-security-courses/ransomware-incident-responders/
https://www.youtube.com/watch?v=wWZ6bo5Fjk8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The nuts and bolts of asset detecting and asset mapping | Guest Huxley Barbee
Tech evangelist Huxley Barbee from runZero talks about asset detection, the day-to-day work of asset detection and asset mapping. Go beyond the theory and speculation about whether the U.S. federal government will implement it on time and join Barbee as he walks you through how it's all done and what you need in order to do it well.
0:00 - Asset detection and asset mapping
2:56 - Getting into cybersecurity
4:12 - Shifting roles in cybersecurity to evangelist
6:02 - What does a security evangelist do?
8:30 - What is BSides NYC?
14:41 - Planning in cybersecurity assets
22:50 - Tools and techniques of asset inventory
32:13 - The importance of asset discovery
34:25 - Skills needed to work in asset detection
37:32 - Cybersecurity starts and ends with assets
42:22 - What does runZero do?
44:44...
https://www.youtube.com/watch?v=taUE5u_cTdE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers exploit new top-level domains: Are your employees ready? | Hacker Headlines
Google recently published two top-level domains that could spell trouble if you're not practicing cyber-safe behaviors. In this episode of Hacker Headline, Keatron Evans, VP of Portfolio and Product Strategy at Infosec, covers how to stay vigilant against hackers who are taking advantage of two file-type domains in hopes of stealing your data and exploiting your device.
Watch this training module and explore related resources in our security awareness training platform, Infosec IQ! Don't have an account, meet with a member of our team to get started!
Learn more here: https://www.infosecinstitute.com/form/infosec-iq-demo-google-domains/
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills...
https://www.youtube.com/watch?v=Im7jNrLJ-uA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BECOME AN ETHICAL HACKER!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Comptia A+ Full Course:
- CompTIA A+ Full Course - https://www.youtube.com/watch?v=1CZXXNKAY5o&pp=ygUWY29tcHRpYSBhKyBmdWxsIGNvdXJzZQ%3D%3D
- How to Pass your 220-1101 and 220-1102 A+ Exams - https://www.youtube.com/watch?v=87t6P5ZHTP0&list=PLG49S3nxzAnnOmvg5UGVenB_qQgsh01uC
Comptia Network+ Full Course:
- CompTIA Network+ Full Course - https://www.youtube.com/watch?v=xmpYfyNmWbw
- How to Pass Your N10-008 Network+ Exam - https://www.youtube.com/watch?v=As6g6IXcVa4&list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G
Learn Python:
- Learn Python in ONE Hour - https://www.youtube.com/watch?v=kqtD5dpn9C8
- Learn Python - Full Course for Beginners - https://www.youtube.com/watch?v=rfscVS0vtbw
- Codecademy Python: https://try.codecademy.com/learn-python-3...
https://www.youtube.com/watch?v=GyktHRmkBWU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hands-on Ransomware: Exploring Cybercrime
Check out what Ryan is up to: https://twitter.com/rj_chap
My Lockbit tweet: https://twitter.com/_JohnHammond/status/1572562824878239745
00:00 - Ryan Chapman, Malware Analyst
00:30 - Introduction
04:29 - First Demo
07:29 - Configuring RAASNet
15:58 - Building RAASNet
18:17 - Detonating RAASNet
21:41 - Builder Archive
23:37 - Second Demo
26:20 - Building Yashma
27:54 - Third Demo
30:08 - Configuring Lockbit
35:01 - Building Lockbit
37:50 - Final Thoughts
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point...
https://www.youtube.com/watch?v=9zEXov_L0os
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering Skid Malware
🔥 Analyzing an unknown malware we found on Triage
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗Article Link: https://guidedhacking.com/threads/reverse-engineering-skid-malware.20375/
📜 Video Description:
Finding and studying intriguing malware is something I frequently do by scrolling through the public reports of the Triage sandbox website, where users execute their samples. On one such occasion, I stumbled across a rather interesting piece of skid malware. This skid malware caught my attention because it had a high score but no family detected, meaning the employees at Triage had not yet written a detection for it. This indicated that...
https://www.youtube.com/watch?v=0BASO4I7XhU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I got Pwned ... and so did you! (you're likely in the 12 Billion)
Our data is out there! Have I Been Pwned. Yes, and so have you (most likely) because of all the data breaches taking place every day. 12 Billion accounts have been compromised. This is a security nightmare!
Check if your data was found in a data breach:
E-mail address: https://haveibeenpwned.com/
Password: https://haveibeenpwned.com/Passwords
Pwned Websites: https://haveibeenpwned.com/PwnedWebsites
// Troy's SOCIAL //
Youtube: https://www.youtube.com/user/troyhuntdotcom
Website: https://www.troyhunt.com/
Website: https://haveibeenpwned.com/
Twitter: https://twitter.com/troyhunt
Facebook: https://www.facebook.com/troyahunt
LinkedIn: https://www.linkedin.com/in/troyhunt
// David's SOCIAL //
Discord: https://discord.gg/davidbombal
Twitter: https://www.twitter.com/davidbombal
Instagram:...
https://www.youtube.com/watch?v=4sQ1teIVXw0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today!
In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us.
For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Pentest Tutorial (Active Directory Game Over!)
Get your 10% discount here: https://www.offsec.com/review/david-pwk-2023/
Disclaimer: I was NOT paid for this interview. I wanted to make this video because it affects many of you watching and is a major topic on the OSCP exam. However, OffSec did give me access to Learn One for one year so I could see the course content. This has helped me prepare for the interview. Hopefully I'll be able to make more content covering what is in the PEN 200 course in future :)
// Documentation //
Changes: https://www.offsec.com/offsec/pen-200-2023/
Course: https://www.offsec.com/courses/pen-200/
// Offsec //
Twitter: https://twitter.com/offsectraining
Website: https://www.offsec.com/
LinkedIn: https://www.linkedin.com/company/offsec-training/
// Remi's SOCIAL //
LinkedIn: https://no.linkedin.com/in/remi-solberg-8991b910a
//...
https://www.youtube.com/watch?v=f8jGhLwCa28
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat Asia 2023 Highlights
Check out all the highlights from Black Hat Asia 2023 at the Marina Bay Sands Singapore. Visit our Flickr page for the event photos: https://www.flickr.com/photos/blackhatevents/albums/ . #cybersecurity #infosec #blackhat
https://www.youtube.com/watch?v=mR39R68BmyA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Emulation & Purple Teaming (with PlexTrac Runbooks)
This is a fully featured and dedicated video for our sponsor PlexTrac. https://j-h.io/plextrac || Perform adversary emulation all inside of PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://j-h.io/plextrac 😎
00:00 - Plextrack Runbooks
00:57 - Introduction
02:47 - Demo Begin
07:47 - Quick Q&A Session
10:33 - Final Thoughts
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development...
https://www.youtube.com/watch?v=jSIybWI4DzA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Catch me if you can! #shorts
Big thanks to NetAlly for sponsoring this video and supporting the channel! Full video here: https://youtu.be/zZR0mycMksU
Learn more about the CyberScope here:
https://davidbombal.wiki/netally
#wifi #nmap #hacking
https://www.youtube.com/watch?v=AK6eop6lupo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cheat Engine Movement Speed Hack Tutorial 🔥 GHS211
🔥 Learn How to Make a Cheat Engine Movement Speed Hack!
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗Article: https://guidedhacking.com/threads/cheat-engine-movement-speed-hack-tutorial-ghs211.20389/
🔗Beginner Tutorials: https://guidedhacking.com/forums/game-hacking-shenanigans/
🔗How to Find Coordinates: https://guidedhacking.com/threads/how-to-find-position-coordinates-with-cheat-engine.14000/
📜 Description:
Cheat Engine Movement Speed Hack in Sekiro: A Step-by-Step Walkthrough
Welcome to our comprehensive walkthrough on creating a super speed mod for the mountainous world of Sekiro! We'll be delving deep into the mechanics of...
https://www.youtube.com/watch?v=7xQYOUUwznI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is this NEW Generative AI Feature a GAME CHANGER? [Adobe Firefly]
A demo of Adobe Firefly, the new generative AI functionality in Photoshop. We'll explore various applications of the ethical AI-assisted editing feature, including generative fill (beta) to edit a photograph. First, we'll remove the people (and other objects) from the beach. Next, we'll extend/expand the image, generating additional content that seamlessly clicks into the image. We'll also replace the sky, change the sand and add a variety of animals and objects. Finally, we'll play around with a cartoon image (CryptoCat) to see how the AI functionality works with illustrations. During the course of the video, we'll discuss some of the advantages/disadvantages, talk about bugs, design choices (stock images only) and cyber-security implications (deep fakes). Hope you enjoy this video, next...
https://www.youtube.com/watch?v=oLxIrRzWhUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Can CI/CD Go Horribly Wrong?
In this video we'll learn the basics of Continuous Integration and Continuous Deployment (CI/CD) and what security implications it has – with a live demo example, showcasing how we can perform direct pipeline poisoning to execute code and ultimately leak sensitive production info like AWS credentials!
You can learn more about Carlos Polop, Ignacio Dominguez or the security audits and assessments that HALBORN performs at https://j-h.io/halborn
00:00 - How Can CI/CD Go Horribly Wrong?
01:19 - What is CI/CD?
03:47 - Common Misconfigurations
06:19 - Start of Demonstration
10:16 - Pipeline Poisoning Explanation
12:00 - Showcasing Direct Pipeline Poisoning
17:04 - Security Takeaways
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔...
https://www.youtube.com/watch?v=IzdWk6nA_Ho
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Intelligence with The Grugq | 401 Access Denied Podcast Ep. 81
Open Source Intelligence with The Grugq | 401 Access Denied Podcast Ep. 81
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=open-source-intelligence-with-the-grugq
Given the complex and evolving nature of security, how do different countries approach cyber strategy on a global scale? In this episode of 401 Access Denied, Joe Carson is joined by the one and only Thaddeus E. Grugq (“The Grugq”), who brings along decades of security research and operational security experience. They explore various countries' approaches to cyber operations, including the US, UK and EU, India, Russia, and China. The Grugq also touches on the importance of legal frameworks, cooperation between different government entities, and the dynamic relationships between intelligence...
https://www.youtube.com/watch?v=pTzFpaVT8Us
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid Windows Memory Analysis with Volatility 3
https://j-h.io/cysec || Find your next cybersecurity career! CySec Careers is the premiere platform designed to connect candidates and companies. Try it for free! https://j-h.io/cysec
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble...
https://www.youtube.com/watch?v=EqGoGwVCVwM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploring the Latest Dark Web Onion Sites
https://j-h.io/flare-systems || Track down any information leaks or cyber threat intelligence with Flare Systems, try a free trial and uncover your exposed attack surface! https://j-h.io/flare-systems
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training...
https://www.youtube.com/watch?v=OGqgGwFFQ3o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's the Future of AI in Cybersecurity and Hacking (are we doomed)?
Is AI going to end the world? No more jobs in Cybersecurity? Are we going to survive the attacks?
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal
// Mr Robot Playlist //
https://www.youtube.com/playlist?list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/davidbombal
// Occupy The Web social //
Twitter: https://twitter.com/three_cube
// OTW classes //
Hacker's Arise Pro Subscription:
https://hackers-arise.com/online-store/Member-PRO-p444073646/?afmc=1d
Get...
https://www.youtube.com/watch?v=OJxRruHrSow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Dark Web URL Shortener Sucks
https://www.youtube.com/watch?v=xpvUZJNhMTw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It's DNS again 😢 Did you know this Malware Hack?
Chris Greer is back to show us Malware that Hackers could use to attack you (in this case using DNS). Chris is the man I talk to about Wireshark! Did you learn something new in this video? Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal
// Chris SOCIAL //
YouTube: https://www.youtube.com/c/ChrisGreer
Wireshark course: https://davidbombal.wiki/chriswireshark
Nmap course: https://davidbombal.wiki/chrisnmap
LinkedIn: https://www.linkedin.com/in/cgreer/
Twitter: https://twitter.com/packetpioneer
// David SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal...
https://www.youtube.com/watch?v=slNe6z9gFv0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Raspberry Pi Malware uses IRC Remote Access Trojan (RAT)
https://j-h.io/snyk || Try Snyk to find vulnerabilities in your own code and applications FOR FREE ➡ https://j-h.io/snyk
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle ➡ https://j-h.io/humblebundle
🐶Snyk...
https://www.youtube.com/watch?v=DmJSLGaJBiw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SANS Threat Analysis Rundown | Katie Nickels
Join SANS Certified Instructor Katie Nickels as she gives the rundown on the latest cyber threat topics you should know about.
This month, Katie will be joined by Jamie Collier and Shanyn Ronis of Mandiant to discuss a foundation of cyber threat intelligence: requirements. Jamie and Shanyn will share findings from their recent work on what it means to be requirements-driven in practice. Attendees will hear actionable advice on how intelligence functions can implement requirements within their organizations.
Katie Nickels, @likethecoins, https://www.linkedin.com/in/katie-nickels/
Jamie Collier, @TheCollierJam, https://www.linkedin.com/in/collierjs/
Shanyn Ronis, @SRRonis, https://www.linkedin.com/in/shanyn-ronis/
FOR578: Cyber Threat Intelligence
https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/...
https://www.youtube.com/watch?v=wgigBNZLZ1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding The PEB for Reverse Engineers
Full Patreon tutorial (with examples):
https://www.patreon.com/posts/understanding-1-83402055
https://www.patreon.com/posts/understanding-2-83402366
Vergilius Project
https://www.vergiliusproject.com/
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=uyisPPTupmA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beginner Malware Analysis CTF ⭐️ CyberDefenders RE101
🔥 Learn How To Complete This Beginner Malware Analysis CTF
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/cyberdefenders-re101-malware-ctf-walkthrough.20367/
🔗 CyberDefenders RE101: https://cyberdefenders.org/blueteam-ctf-challenges/36#nav-questions
🔗 CyberDefenders Twitter https://twitter.com/cyberdefenders
📜 Video Description:
Malware analysts, particularly those at a beginner malware analysis stage, need to constantly practice and use their skills so that they can improve and be prepared for any situation. In this video, we look at the challenges offered by CyberDefenders (CyberDefenders...
https://www.youtube.com/watch?v=_lzPubejr4U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#osint #doxxing #cybersecurity #shorts
https://www.youtube.com/watch?v=L5sin2dTY_w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn about crypto crime working for the federal government | Cyber Work Podcast | #shorts
CAT Labs CEO and founder Lili Infante says one way to learn how to work in crypto crime, dark web investigating and crypto fraud is to work for the federal government right out of college. The work is mission-driven and not business driven so you don't have to worry about “making your numbers” for the month. And because of the amount of intelligence available, you'll get an immersive amount of context around the current threat agents.
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec...
https://www.youtube.com/watch?v=2vdL6xzEp3s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KeePass Master Passwords Could Be Stolen - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
TP-Link home routers are being targeted in attacks, stealing master passwords from KeePass, and these end of life smart plugs can get hacked! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/CCYVeRPDx94
Chapters:
00:00 TP-Link Home Routers Targeted
02:34 Stealing KeePass Master Passwords
04:32...
https://www.youtube.com/watch?v=CCYVeRPDx94
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What it's like to investigate dark web markets | Cyber Work Podcast
CAT Labs CEO and founder Lili Infante explains her background investigating Dark Web markets, as well as the harder and easier things about fighting these criminals. On one hand, they don't need to go undercover, because everyone is undercover here. On the other hand, it's harder for criminals to “flip” on their bosses since they don't always know who they're working for.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees...
https://www.youtube.com/watch?v=alRXf8AgPcY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to work with crypto scams | Cyber Work Podcast
CAT Labs CEO and founder Lili Infante gives advice to students or individuals who want to get into work with crypto scams. Some of her tips are to be a self-directed learner, learn by doing and work toward a job in the government. Those two things will kick-start your career faster than anything.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More...
https://www.youtube.com/watch?v=6NG7rVCU1Cw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kali NetHunter Pro in 6 minutes
You can easily install Kali Linux NetHunter on a Pine Phone in only a few minutes!
If you are new to this, watch this video which shows you how to install Kali NetHunter on most Android phones: https://youtu.be/KxOGyuGq0Ts
// MENU //
00:00 - Intro
00:35 - Downloading and Installing Required Software
02:43 - Flashing and Starting up Tow-Boot Bootloader
04:42 - Flashing and Installing Kali NetHunter
06:15 - Booting the Pine Phone with Kali NetHunter installed
// Equipment used //
Pine Phone: https://pine64.com/product/pinephone-beta-edition-with-convergence-package/
// David SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co...
https://www.youtube.com/watch?v=i1bDofmvhNw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The current state of crypto crime | Guest Lili Infante
CAT Labs CEO and founder Lili Infante worked as a special agent for the U.S. Department of Justice for 10 years specializing in cryptocurrency's use in dark web investigations. Infante gives us the insider's view of dark web investigations, why it's so difficult to prosecute dark web actors when anonymity extends all up and down the hierarchy, the current state of dark web markets, and the rise of state-sponsored crypto crime organizations like North Korea's Lazarus Group. Plus, Infante gives you some expert advice on getting started in crypto crime investigation and forensics research! You don't need a Tor browser for this info.
0:00 - Crypto crime in 2023
2:46 - How Lili Infante began in cybersecurity
4:50 - Economics, bitcoin and crypto
9:20 - Liberal arts education and cybersecurity
14:05...
https://www.youtube.com/watch?v=hs6Qs3pKf7c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Finding Your First Bug
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=F9dV5lH8nvo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A File's Life - File Deletion and Recovery
In this episode, we'll look at exactly what happens when you delete a file from an NTFS file system. Then, we'll talk about file "undeletion" versus file carving, and use PhotoRec to perform file carving against a mounted disk image. Lastly, we'll explore techniques to search through that recovered data using an Ubuntu WSL 2 instance.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
13:12 - PhotoRec Demo
19:03 - Searching Recovered Data
🛠 Resources
PhotoRec:
https://www.cgsecurity.org/wiki/PhotoRec
Recycle Bin Forensics:
https://www.youtube.com/watch?v=Gkir-wGqG2c
Let's Talk About NTFS Index Attributes:
https://www.youtube.com/watch?v=x-M-wyq3BXA
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=4zlk9ZSMa-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
C++ IMGUI Menu Tutorial - MEGA GUIDE
🔥 Learn How to Make a C++ IMGUI Menu In This 7 Chapter MEGA GUIDE
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
What You Will Learn:
1) How to Add Images
2) Custom Fonts
3) Custom Icons
4) Change ImGui Styling
5) Use Separators
6) Animated Borders
7) Animated Text
🔗 Article Link:
https://guidedhacking.com/threads/c-imgui-menu-tutorial-mega-guide.20371/
📜 Video Description:
C++ IMGUI Menu Tutorial
Welcome to this comprehensive imgui tutorial focusing on C++ IMGUI menus. The primary target audience here are reverse engineers like us, who develop imgui cheat menus. Our mission today is to discuss several essential aspects, including images,...
https://www.youtube.com/watch?v=2B_qzPHV4MQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
His new gadget any good at catching rogue devices?
What tools and gadgets does Chris Greer use for packet analysis, device discovery and threat hunting? Here's one of his newest tools! What is it and is it any good?
I trust Chris. When Chris tells me he uses a product in the real world, I listen to him.
What do you think? Like this or not? A big thank you to NetAlly for supporting my channel so I can create more free content! Huge thank you to all of you who watch my videos and support me! 😀
Learn more about the CyberScope here:
https://davidbombal.wiki/netally
// Chris SOCIAL //
Wireshark course: https://davidbombal.wiki/chriswireshark
Nmap course: https://davidbombal.wiki/chrisnmap
LinkedIn: https://www.linkedin.com/in/cgreer/
YouTube: https://www.youtube.com/c/ChrisGreer
Twitter: https://twitter.com/packetpioneer
// David SOCIAL...
https://www.youtube.com/watch?v=zZR0mycMksU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
15 - Authorisation Bypass (low/med/high) - Damn Vulnerable Web Application (DVWA)
15 - Authorisation Bypass (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Authorisation Bypass↣
https://portswigger.net/web-security/access-control
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References
↢Chapters↣
Start...
https://www.youtube.com/watch?v=Qcgu34eWQa4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stay Ahead of Ransomware Livestream Series - Episode 2
Stay Ahead of Ransomware Livestream Series with Ryan Chapman and Mari DeGrazia
Episode 2: Ransomware Gangs Continue to Evolve
Attend this SANS LIVE session to learn about how ransomware gangs are evolving to maintain their edge. In 2019, the industry saw change from single to double extortion. The second stage of extortion, data exfiltration, has now become the primary means by which several groups extort their victims. Did you know that some "ransomware" groups are no longer encrypting their victim's environments? Why is this happening? How can this affect you and YOUR organization?
We'll provide an overview of what's truly happening with ransomware and end with a Q&A session so that YOU can ask us questions.
https://www.youtube.com/watch?v=UIbmwHUQxTc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Revealing Secrets with Information Disclosure Bugs
Information disclosure is really broad, ranging from technical things like finding API keys or code review, to that webpage is displaying my address publicly! So they can be great bugs particularly if you don't have access to a regular computer or you're not familiar with
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your...
https://www.youtube.com/watch?v=l5GKb8UDSq0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT Analyzes Fake ChatGPT Malware
https://j-h.io/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://j-h.io/plextrac 😎
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble...
https://www.youtube.com/watch?v=poIZDuAWrOo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Flaw in Ruckus WiFi APs - Update Firmware ASAP - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Update your Ruckus, GitHub improves open source repo security, and Discord discloses a data breach! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/TKfxOTvt27o
Chapters:
00:00 Ruckus WiFi AP Flaw
02:19 GitHub Pushes Protection
03:57 Discord Data Breach
Links:
Resources for stories are available...
https://www.youtube.com/watch?v=TKfxOTvt27o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity in the Boardroom with Art Gilliland | 401 Access Denied Ep. 80
Cybersecurity in the Boardroom with Art Gilliland | 401 Access Denied Ep. 80
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=cybersecurity-in-the-boardroom-with-art-gilliland
On paper, the board of a company should serve to protect the security of their business. But what functions are actually involved in that process? In this episode of 401 Access Denied, Joe Carson is joined by Delinea's own CEO, Art Gilliland. Hear straight from the source what exactly goes into leading a company from the security practitioner's perspective. This inside scoop will demystify what goes on in corporate board rooms, and the big decisions that trickle down through the rest of the company. Tune in to learn more from this unique vantage point!
Follow Art:
~https://twitter.com/artgilliland
~https://www.linkedin.com/in/artgilliland...
https://www.youtube.com/watch?v=51GcW-2wu1Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Don't People Want Security?
This is a fully dedicated video for our sponsor Passbolt. https://j-h.io/passbolt || Use a password manager to keep all your credentials secure -- my code JOHN-HAMMOND will save 20% off!! https://j-h.io/passbolt
00:00 - Background
00:39 - Begin interview
01:00 - Abnormal reservations?
03:50 - How do we combat that confusion?
07:48 - Open Source Open Audit?
09:08 - Centralized Database Woes.
13:52 - New folder feature!
18:03 - Wrap up
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified...
https://www.youtube.com/watch?v=bwc8r9LaLLw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0,000 in two months with #bugbounty! #infosec #ethicalhacking #cybersecurity
https://www.youtube.com/watch?v=Da_bHZnDPkA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Changed My Life!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=Rvz8cIilxfI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
👨💻 How to Find Malware C2 Panels 🔎 Skid Hunting 👀
🔥 Learn How to Find C2 Panels and Laugh at Cyber Criminals
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/how-to-find-malware-c2-panels-threat-hunting.20358/
🔗 ViriBack C2 Tracker: https://tracker.viriback.com/
🔗Censys: https://search.censys.io/
🔗Shodan: https://malware-hunter.shodan.io/
🔗 ThreatFox: https://threatfox.abuse.ch/
🔗URLScan.io: https://urlscan.io/
📜 Video Description: How to Find C2 Panels
Understanding and Locating Malware Command and Control Web Panels
In the world of malware, command and control web panels are the real puppet masters. They're the platforms where...
https://www.youtube.com/watch?v=5a-wajRy-jc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to be Invisible Online (and the hard truth about it)...
Don't be fooled ... Occupy The Web (OTW) tells us the hard truth about being anonymous online. The brutal truth: Will using your neigbors wifi keep you anonymous? Can you hide from the NSA? Can you hide from Google and other companies? Will Tor help you? Will Proxy Chains help? Which phone do you need to use - Android or iPhone or something else? Which operating system - Windows, macOS or Linux? What is the truth? What do you need to use?
// Mr Robot Playlist //
https://www.youtube.com/playlist?list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co...
https://www.youtube.com/watch?v=LEbAxsYRMcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Intruder Alert Podcast - Ep. 3 - Hacktivism and Bug Bounties with Nahamsec
Join host Marcus Hutchins, world-renowned hacker, and hacker NahamSec as they discuss hacktivism, learning how to hack online, and bug bounties.
For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=sSBi5VsseWY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Raspberry Pi Chip Shortage Update (Eben Upton Interview)
I ask Eben Upton the difficult questions in this interview. Why is there no stock available? When will there be stock? Why is the hobbyist community not able to buy Raspberry Pi's? Eben explains how he has had to make some of the most painful and difficult decisions in his life.
// Raspberry Pi //
Twitter: https://twitter.com/Raspberry_Pi
YouTube: https://www.youtube.com/raspberrypi
LinkedIn: https://www.linkedin.com/company/raspberrypi/
Facebook: https://www.facebook.com/raspberrypi
Instagram: https://www.instagram.com/raspberrypi/
// Raspberry Pi Foundation //
YouTube: https://www.youtube.com/c/RaspberryPiFoundation
Twitter: https://twitter.com/Raspberry_Pi
Raspberry Pi Foundation: https://www.raspberrypi.org/
Facebook: https://www.facebook.com/RaspberryPiFoundation
Instagram: https://www.instagram.com/raspberrypifoundation/
//...
https://www.youtube.com/watch?v=6HrbU2G6fU4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hide a Hacker's Reverse Shell in ONE Command
https://j-h.io/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! https://j-h.io/plextrac 😎
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble...
https://www.youtube.com/watch?v=gzv3d7rvjKA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is CompTIA's Cloud+ certification right for you? | Cyber Work Hacks
James Stanger, chief technology evangelist at CompTIA, talks about CompTIA's Cloud+ certification and why security professionals really need to consider adding it to the certification toolbox.
0:00 - CompTIA Cloud+ certification
1:06 - Benefits of Cloud+
3:24 - Cloud+ is vendor agnostic
6:27 - Preparing for Cloud+
8:43 - Cloud+'s future
11:18 - Good Cloud+ training
12:50 - How to study for Cloud+
14:26 - Outro
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their...
https://www.youtube.com/watch?v=jfndZ03b0do
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
🛠️ Windows Virtual Memory Explained 📚 Windows Internals 💻
🔥 Learn How Virtual Memory Works on Windows Operating System
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/windows-virtual-memory-explained-windows-internals.20362/
📜 Video Description:
Virtual memory is an essential concept in computer science that allows an operating system to create the illusion of having more memory than what is physically available. This Virtual Memory tutorial' explains how Windows uses this system, giving a glimpse into the Windows Internals.
At the core of virtual memory is the concept of paging. Both virtual and physical memory are divided into four-kilobyte chunks,...
https://www.youtube.com/watch?v=CdQ2EYKfB8g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Getting Started in Firmware Analysis & IoT Reverse Engineering
https://j-h.io/bugprove || For blazing-fast automated IoT firmware analysis and zero-day discovery, you can use BugProve FOR FREE: https://j-h.io/bugprove
Kavishka Gihan's original Medium article: https://kavigihan.medium.com/iot-hacking-reversing-a-router-firmware-df6e06cc0dc9
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
📗Humble Bundle ➡ https://j-h.io/humblebundle
🌎Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin ↔ https://j-h.io/instagram ↔ https://j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ https://j-h.io/sponsorship
🚩 CTF Hosting Requests...
https://www.youtube.com/watch?v=zs86OYea8Wk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Memory Forensics Acquisition Cloud
For webcast slides , please visit here: https://www.sans.org/webcasts/memory-forensics-acquisition-in-the-cloud/
As more and more organizations begin moving their resources to the cloud, analysts and responders must be prepared to operate in this new landscape. One aspect of traditional forensics that we must learn to implement in the cloud is memory forensics.
In this webcast, Mat Fuchs (author and instructor for FOR532: Enterprise Memory Forensics In-Depth) and Megan Roddie (co-author and instructor for FOR509: Enterprise Cloud Forensics and Incident Response) look at how to approach memory forensics when responding to incidents in cloud environments.
First, we'll explain what cloud services fall in scope when discussing memory forensics.
Next we'll discuss the tools, services, and...
https://www.youtube.com/watch?v=5Nb_iZBiUVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Adds Passkey Support - Upgrade Now! - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Stopping Bluetooth Stalking, MSI was hacked, and Google adds Passkey support! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/fBCdq6gdJAE
Chapters:
00:00 Stopping Bluetooth Stalking
02:20 MSI Hacked
04:31 Upgrade to Passkeys
Links:
Resources for stories are available on Patreon exclusively,...
https://www.youtube.com/watch?v=fBCdq6gdJAE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity
https://j-h.io/pwyc || Jump into Pay What You Can training -- at whatever cost makes sense for you! https://j-h.io/pwyc
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle ➡ https://j-h.io/humblebundle
🐶Snyk...
https://www.youtube.com/watch?v=wiQ8U5mFncw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking ahead for cybersecurity customers | Cyber Work Podcast | #shorts
Leonid Belkind, Torq's chief technology officer (CTO), says that while it is important to listen to your customers when they tell you what they need, a good company needs to think ahead to new ways of giving the customer something they need but don't even know exists yet.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune...
https://www.youtube.com/watch?v=jW0HkZ55xGY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Utilizing AI as a cybersecurity tool | Cyber Work Podcast
Leonid Belkind, Torq's chief technology officer (CTO), explains how processes of AI-based automation aren't about replacing cybersecurity professionals or developing a replica of human thought but using automation as a tool to augment human thought and decision-making processes.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the...
https://www.youtube.com/watch?v=M_LK09_5iog
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google To Add E2EE To 2FA Authenticator Cloud Backups - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Flaws in a DNA Sequencer could lead to hacks, Magecart is back with some shiny upgrades, and Cloud backups of 2FA codes? Better make sure they're encrypted! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/flNka1HWGhM
Chapters:
00:00 DNA Sequencing Flaws
02:19 Magecart's Shiny Upgrades
04:10...
https://www.youtube.com/watch?v=flNka1HWGhM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The importance of endpoint security in 2023 | Cyber Work Podcast
Leonid Belkind is Torq's chief technology officer (CTO). Here he talks about how endpoint security has become a primary area of focus in dealing with ways to defend organizations now that the traditional method of “protecting the network and the building” gives way to “protect a small series of independent work environments.”
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to...
https://www.youtube.com/watch?v=f-VQ9WrUUY4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PowerShell CRYPTOSTEALER through DNS
https://j-h.io/snyk || Try Snyk to find vulnerabilities in your own code and applications FOR FREE ➡ https://j-h.io/snyk
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle ➡ https://j-h.io/humblebundle
🐶Snyk...
https://www.youtube.com/watch?v=GguO_Oc0h5A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Intruder Alert podcast - Episode 1
Join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins as they dive into the dark side of social media, and how ChatGPT has entered the world of cyber.
For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=gPU3_gB2hb8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne at RSAC 2023
HackerOne CEO, Marten Mickos, and CTO and co-founder, Alex Rice, speak to ISMG about transparency and trust as a competitive differentiator and how ethical hackers and continuous testing provide more impactful results for less spend than traditional solutions.
https://www.youtube.com/watch?v=5rNF4tiGd0Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I MADE 0,000 IN TWO MONTHS!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
00:00 - Introduction
01:35 - Luck
2:14 - Stats
3:09 - Program Selection
4:03 - Approach
7:00 - Attention to Details
8:00 - Burnout
9:04 - Outro
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=TKIEXwOcbfc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#soc #cybersecurity #hacking #shorts
https://www.youtube.com/watch?v=F0_WzFzt_Rk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
👨💻 North Korean Malware Analysis 🚨 ROKRAT KillChain 📡
🔥 Learn How North Korea infects victims
👨💻 Buy Our Courses: https://guidedhacking.com/register/
🔗 Visit Checkpoint: https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 GH Article Link: https://guidedhacking.com/threads/north-korean-malware-analysis-rokrat-killchain.20349/
📜 North Korean Malware Video Description:
In this walkthrough, we will analyze a North Korean malware campaign targeting individuals in South Korea. This coverage was inspired by a blog recently released by Checkpoint Research they outline many of these different lures which then drops the ROKRAT malware which is a signature of North Korean attacks.
Some...
https://www.youtube.com/watch?v=d-PfZJ16SWc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Eben Upton Interview (Raspberry Pi Behind the Scenes)
We go behind the scenes with Eben Upton to talk about the birthplace and home of the Raspberry Pi, how St John's college played such an important role in the creation of the Raspberry Pi and why it all started. I hope you enjoy this interview with Eben Upton!
Chip Shortage video here: https://youtu.be/6HrbU2G6fU4
Lots more Raspberry Pi content coming! What do you want to see?
// Raspberry Pi //
Twitter: https://twitter.com/Raspberry_Pi
YouTube: https://www.youtube.com/raspberrypi
LinkedIn: https://www.linkedin.com/company/raspberrypi/
Facebook: https://www.facebook.com/raspberrypi
Instagram: https://www.instagram.com/raspberrypi/
// Raspberry Pi Foundation //
YouTube: https://www.youtube.com/c/RaspberryPiFoundation
Twitter: https://twitter.com/Raspberry_Pi
Raspberry Pi Foundation: https://www.raspberrypi.org/
Facebook:...
https://www.youtube.com/watch?v=a5ijfjgp9r8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT: How to use AI tools securely | Hacker Headlines
AI is a valuable business tool that can make your job easier — but it's also a huge cybersecurity risk. In this episode of Hacker Headlines, Keatron Evans, Principal Cybersecurity Advisor at Infosec, will provide an overview of common AI tools, what they are and how to use them safely.
Learn more about Hacker Headlines and the Infosec IQ security awareness platform: https://www.infosecinstitute.com/form/infosec-iq-demo-chatgpt/
About the Series:
Cybersecurity is constantly evolving, and continuous training that tackles today's latest threats is needed to keep your organization cyber secure. This is why we recently created our free training series: Hacker Headlines.
Hacker Headlines features Infosec's Principal Cybersecurity Advisor, Keatron Evans, who breaks down current cybersecurity...
https://www.youtube.com/watch?v=PqjDPBBuqVE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stored, Blind, Reflected and DOM - Everything Cross--Site Scripting (XSS)
I'll be honest, XSS are not my favourite kinds of bugs to hunt for, even now and I don't think they are great for beginners. BUT I have been outvoted by the community on this one so here's how to find your first bug, XSS edition. I'm going to talk about each type of XSS and show you how I actually approach a target when I'm looking for XSS bugs. I will be the first to admit I've found 1 XSS in the wild and it was a DOM based XSS!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your...
https://www.youtube.com/watch?v=hQEQ-KJh06M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#shorts #pentester #hacker #cybersecurity
https://www.youtube.com/watch?v=zosg0BJ04Tc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kali Linux TP-Link TL-WN722N install (1 command fix)
It's now very easy to fix the TP-Link TL-WN722N WiFi Adapter in Kali Linux so you can use it for monitoring WiFi networks. You can get the adapter to inject packets and set monitor mode once you update the drivers as I demonstrate in this video.
// MENU //
00:00 - Installing drivers for TP-Link TL-WN722N v2/v3
00:37 - Intro
00:51 - Installing drivers // Enabling monitor mode
05:28 - Summary
06:08 - Conclusion
// Command //
sudo apt install -y realtek-rtl8188eus-dkms
// Recommended Adapters //
Alfa AWUS036NHA: https://amzn.to/3wnyVen
Alfa AWUS036ACM: https://amzn.to/3fCL4WT
Alfa AWUS036ACH: https://amzn.to/3rLAjny or https://amzn.to/2PxkkMV
Others:
Alfa AWUS1900: https://amzn.to/31E0AtH
Alfa Long-Range Dual-Band AC1200: https://amzn.to/34UUCEL
Alfa AWUS036NEH: https://amzn.to/3sK2iW8
Panda...
https://www.youtube.com/watch?v=-xkpgvjuEy0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What happens when I remove the hard drive? #shorts
#youtubeshorts #raid #synology
https://www.youtube.com/watch?v=9Ubv_FXNJkQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#cybersecurity #shorts #hacking #podcast #cybrary
https://www.youtube.com/watch?v=xT3_EN8oxqM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
👨💻 PolyGlot Malware Analysis - IcedID Stager 💾
🔥 Learn how polyglot malware stagers are evolving
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/analyzing-polygot-malware.20346/
📜 Video Description:
Threat actors consistently innovate in their efforts to infect victims and avoid those conducting malware analysis and reverse engineering on their creations. In this malware analysis tutorial, we'll explore the concept of polyglot malware and how to analyze it, particularly for beginners.
We start by examining a file posted on Twitter that appears as an image, instructing viewers to download and change its file extension. Upon downloading and...
https://www.youtube.com/watch?v=4j8t9kFLFIY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Passwords with Dustin Heywood (aka Evil Mog) | 401 Access Denied Ep. 79
The State of Passwords with Dustin Heywood (aka Evil Mog) | 401 Access Denied Ep. 79
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-state-of-passwords-with-evil-mog
Did you know that May 4th is World Password Day? To celebrate, we invited top hacker Dustin Heywood (aka Evil Mog) to the 401 Access Denied Podcast to discuss the state of passwords! He and Joe Carson take a close look at where passwords currently stand in our rapidly evolving cyber climate, as well as what the future holds. Together, they answer the increasingly asked question, “Are passwords really dead?” Tune in to find out!
Follow Evil Mog:
~https://twitter.com/Evil_Mog
~https://www.linkedin.com/in/evilmog
https://www.youtube.com/watch?v=9O8uCKXW1PQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Here are 3 FREE web hacking resources to learn web hacking! #bugbounty #hackers #cybersecurity
https://www.youtube.com/watch?v=Butgz49BBWs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Managed vs Unmanaged Switch? #shorts
#youtubeshorts #switch #router
https://www.youtube.com/watch?v=SX9foVa7z_k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Asset Discovery Using Shodan + Giveaway! // Bug Bounty Recon
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1
Github:
https://github.com/nahamsec
Nahamsec's Discord:
https://discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=4CL_8GRNVTE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#podcast #cybersecurity #hacking Marcus Hutchins hosting the new Intruder Alert podcast for Cybrary
https://www.youtube.com/watch?v=Ft1b6afdtB8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Intruder Alert Podcast - Episode 2
Join host Marcus Hutchins, world-renowned hacker, and Will Carlson as they discuss red teaming and blue teaming on this episode of Intruder Alert. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=RcETH0rJ61s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub:...
https://www.youtube.com/watch?v=55jibxjUj3I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious OAuth Apps Hide Themselves In Plain Sight - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
What is a double supply chain attack? Cisco routers are being hit with attacks, and hiding malicious apps from view! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/i_2mG6dLuEI
Chapters:
00:00 Double Supply Chain Attack
03:29 Cisco Routers Attacked
04:56 GhostToken
Links:
Resources for stories...
https://www.youtube.com/watch?v=i_2mG6dLuEI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Hacking: Google Cloud Platform (GCP)
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1
Github:
https://github.com/nahamsec
Nahamsec's Discord:
https://discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=BemIxEaS4kI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhiteSnake Stealer Malware Analysis
A new and interesting malware, WhiteSnake Stealer has a few unique properties.
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
Learn more here:
https://guidedhacking.com/threads/whitesnake-stealer-malware-analysis.20340/
Today we carry out some malware analysis on WhiteSnake Stealer. Whitenake stealer has recently hit the market selling multiple commonly found functionalities that are found in other stealers. Some of the functionalities offered by WhiteSnake stealer is that it will steal from browsers, wallets and has a file grabber. WhiteSnake stealer will then send out this information through Telegram which is becoming a very common method of C2...
https://www.youtube.com/watch?v=-pHHGE2MwUg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five resources to learn hacking, pentesting or get started with #cybersecurity!
https://www.youtube.com/watch?v=1u425TZnTMA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Not Suck at Hacking // How To Bug Bounty
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1
Github:
https://github.com/nahamsec
Nahamsec's Discord:
https://discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=Ddr2__qImZ0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Challenges [Space Heroes CTF 2023]
Video walkthrough for some web exploitation challenges from the Space Heroes (CTF) competition 2023. Some topics covered include; HTTP parameter pollution, chatGPT breakout (prompt injection/leakage), insecure file upload, XSS, CSP bypass and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SpaceHeroes #SpaceHeroesCTF #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Space Heroes CTF↣
https://ctftime.org/event/1856
https://spaceheroes.ctfd.io/challenges
https://discord.gg/BsSyhTDdne
↢Resources↣
Ghidra:...
https://www.youtube.com/watch?v=d2BRicRLMfk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Well it finally happened... infected myself with Emotet lel
Come hang out with us for some live digital forensics as we hunt down the persistence mechanism for this malware and clean up my host 😆
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=6U0obWnOYO0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Interviews: @ArchAngelDDay
👨💻📚Purchase my Bug Bounty Course here: bugbounty.nahamsec.training
Signup for the Snyk CTF workshop here 👉🏼 snyk.co/nahamsec101
Wanna watch a live interview? Come join me on Twitch every Sunday!
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1
Github:
https://github.com/nahamsec
Nahamsec's Discord:
https://discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=W93oH_bTgmE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"Easiest" Beginner Bugs? Access Control and IDORs
Whenever someone asks what bug they should look for I always say IDORs/access control issues particularly across large enterprise level apps (think Atlassian), where you have complex access control rules. While these bugs don't requite advanced technical skills they do require a lot of manual testing, but when you're still looking for your first bug you have a lot of time.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll...
https://www.youtube.com/watch?v=cV0uoZTLVVY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management Metrics: Top 10 KPIs To Measure Success (W/ Walter Haydock)
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
In this engaging interview, Walter shares valuable insights on:
🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments.
🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations.
⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs.
📈 Success stories of organizations...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Internals - Special Process Types Explained
Not all processes are created equally. Find out why!
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
Learn more here:
https://guidedhacking.com/threads/windows-internals-special-process-types.20342/
Video Creator: rexir
Video Narrator: Mewspaper
You may also like: Processes and Threads Explained
https://www.youtube.com/watch?v=1t9PrSOlNPk
-- Windows Internals - Special Processes Summary --
Windows processes can be classified into several types based on their unique characteristics. Key types include:
Protected Processes: Introduced for DRM purposes, they have limited access to other processes and require a special Windows Media Certificate for...
https://www.youtube.com/watch?v=GhG6Fc__HEE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Hacking: Hacking Amazon AWS
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1
Github:
https://github.com/nahamsec
Nahamsec's Discord:
https://discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=Gq4QLy1-jcc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Real Adversaries with Dan Card | 401 Access Denied Ep. 78
The Real Adversaries with Dan Card | 401 Access Denied Ep. 78
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-real-adversaries-with-dan-card
Over the years, we've all seen a lot of the same cybersecurity-centric messaging. But realistically, how many of these talking points are still potent and relevant? Luckily, Joe Carson is joined by CISO and security consultant Dan Card to help answer that question! This humorous yet informative discussion takes a critical look at established “truths” in security to see if they still hold up. Tune in to learn about the communication disconnect between security practitioners and the average person.
Follow Dan:
~https://www.linkedin.com/in/dancard/
~https://twitter.com/UK_Daniel_Card
https://www.youtube.com/watch?v=SK--RAMJUtw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The RESTRICT Act: TLDR? Watch This - ThreatWire
In depth video about the RESTRICT Act: https://www.youtube.com/watch?v=DcONTg8rYjY
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
The Restrict Act: TLDR? What this. Kodi Forum PMs were stolen, and the military using geofencing to target teens with ads! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/REb0Ya_6AWI
Chapters:
00:00 TLDR: The...
https://www.youtube.com/watch?v=REb0Ya_6AWI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Books to get into bug bounty and web hacking #infosec #hacking #bugbounty #redteam #hackers
https://www.youtube.com/watch?v=GF7dDJDSV5g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking SQHell from TryHackMe (SQL Injection Guide!)
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1
Github:
https://github.com/nahamsec
Nahamsec's Discord:
https://discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=_WXQKpyxbGM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WHY YOU SUCK AT HACKING // How To Bug Bounty
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1
Github:
https://github.com/nahamsec
Nahamsec's Discord:
https://discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational
https://www.youtube.com/watch?v=Mys8E5ar8Ko
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
🕵️ Binary Refinery Tutorial 🛠️ Command Line CyberChef
🔥 Learn How To Use Binary Refinery for malware analysis and binary manipulation
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Links:
https://guidedhacking.com/threads/binary-refinery-tutorial.20338/
https://github.com/binref/refinery
https://binref.github.io/
📜 Video Description:
After posting our coverage on CyberChef and how to use complex recipes with some new functions on DCRat to decrypt it we were quoted on Twitter by Jesko Huttenheim who is the creator of Binary Refinery. Within his reply he provided a Binary Refinery one liner that could do what we had accomplished within the video in only a few actions. This of course was incredibly...
https://www.youtube.com/watch?v=wsfGOW8eGu8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management SOP: Expert Reveals Top Tips (W/ Kevin Donatelli)
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs!
In this not-to-be-missed session, you'll:
🔑 Learn the essential components of effective vulnerability management SOPs
🛡️ Discover how to prioritize and remediate risks efficiently
🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spinning up the RTV Ship
We are building up the things to bring you up to speed with the latest in Red Team Village activities and DEFCON 31. See you in the network.
https://www.youtube.com/watch?v=RVkXhwIOX6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Intruder Alert Podcast - Episode 1
https://www.youtube.com/watch?v=Og2FkvLwqL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FOR498 - New Course Name, New Content & A Whole Lot of Actionable Intelligence in 90 min or less
As the digital media world expands, SANS DFIR course FOR498 has continually evolved to keep up with the investigation demands posed by more digital devices, repositories, and colossal data sets. After four years of instructing, the course authors have decided to rebrand it from FOR498: “Battlefield Forensics & Data Acquisition” to “Digital Acquisition & Rapid Triage” to accurately reflect the newly revised content and to better reflect the content students can expect to receive.
The FOR498: Digital Acquisition and Rapid Triage course is designed to provide first responders, investigators, and digital forensics teams with the advanced skills to quickly and properly identify, collect, preserve, and respond to data from a wide range of storage devices and repositories.
Learn more about...
https://www.youtube.com/watch?v=XCX6QnMCftM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PE File Unmapping Explained aka Lazy Process Dumping
Just a quick twitch clip where we talk about PE dumping and unmapping... we get asked about this a lot 😅
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=mrIHSmUlKv0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Las Vegas 2022 (H1-702)
Live Hacking Events are the ultimate voyage for hackers selected to test their skills. Hackers crushed previous payouts in our largest LHE of the year! Check out the recap of this unforgettable event.
Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=t8d0Q8YZhiQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Hacking Setup and How to Use It (Firefox/Burp Community)
This is probably one of the most common question I get asked about Bug Bounty, right next to "do you take mentors" and "how to find a bug". There are a ton of 3rd party awesome community tools that can take your pen testing and hacking to the next level, but it's important to not rush to try out new tools when you're still learning the basics. With that in mind I take you around the basic toolkit I use and show you some of the fundamental tools that help me get bounties!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted...
https://www.youtube.com/watch?v=wNqaLalaNE0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beginner Malware Traffic Analysis Challenge
Beginner Introduction to Malware Traffic Analysis with Wireshark
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
Malware-Traffic-Analysis.net recommended a beginner Wireshark Challenge from PaloAlto, so we thought we'd make a video for those of you just getting into traffic analysis.
Malware-Traffic-Analysis Exercises
https://www.malware-traffic-analysis.net/training-exercises.html
Palo Alto unit 42 January exercise
https://unit42.paloaltonetworks.com/january-wireshark-quiz/
Chapters
0:00 Malware-Traffic-Analysis.net
1:00 Intro to The Challenge
3:05 The Wireshark Challenge
4:48 Join GuidedHacking.com!
5:22 The Wireshark Challenge Continued
10:17...
https://www.youtube.com/watch?v=6ebXr7nqr6o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud-Powered DFIR: Harnessing the cloud to improve investigator efficiency
While the move to the cloud brings forth many challenges and changes to the field of digital forensics and incident response, it also presents responders with numerous benefits. Whether it's using functions-as-a-service for automation, deploying cloud-hosted lab environments, or benefiting from scalable resources, there are many ways in which we can leverage the cloud to improve our investigations. Join SANS FOR509 course instructors Terrence Williams and Megan Roddie as they present some of the new possibilities that exist for DFIR practitioners thanks to cloud technology.
Read the associated blog post for this livestream here: https://www.sans.org/blog/cloud-powered-dfir-harnessing-the-cloud-to-improve-investigator-efficiency/
About our speakers
Megan Roddie
Megan Roddie is currently...
https://www.youtube.com/watch?v=C8VnDSjPHr8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management Trends & Predictions For 2023 (W/ Joshua Copeland) | PurpleSec
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading: https://purplesec.us/learn/vulnerability-management-trends/
Chapters
---------------
00:00 - Introduction
00:20 - Joshua Copeland
02:47 - Automation Is Key
10:30 - Adoption Of Risk-Based Approaches
16:40 - Continuous Monitoring
21:40 - Increased Focus On Cloud Security
28:43 - Increased Use Of Threat Intelligence
35:10 - The Role Of Network Segmentation
43:30 - DevSecOps: Building Security From The Ground Up
50:40...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Internals - Processes and Threads Explained
🔥 Nothing is as simple as it looks, join us on this deep dive into processes & threads.
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
Windows Processes and Threads form the backbone of the Windows Operating System, enabling the simultaneous execution of various applications while efficiently allocating system resources. In this this video and accompanying text, we will dive into the intricacies processes and threads, their distinguishing factors, and their management techniques. Furthermore, we will examine the art of synchronization and methods of inter-thread communication to ensure seamless operation.
🔗 Article Link: https://guidedhacking.com/threads/windows-internals-processes-and-threads.20333/
📜...
https://www.youtube.com/watch?v=1t9PrSOlNPk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Hacker Interviews: Miguel (@Fisher)
Hear from Miguel (@Fisher) on his experience at HackerOne's live hacking event in Barcelona H1-3439!
Follow our Community Blog to keep with more info about events, hacker stories, and more! Here's an infographic for the recent event:
https://www.hackerone.com/hackerone-community-blog/h1-hackers-walk-streets-barcelona-h1-3493
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=OxOXIbpe_7Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Should AI Training Be Paused? - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
This new attack bypasses wifi encryption, the popular app 3CX is backdoored, and AI's risks and rewards! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/3XKvOaVQX-8
Chapters:
00:00 New Wi-Fi Encryption Bypass
02:44 3CX Backdoored
04:44 AI Risks vs Rewards
Links:
Resources for stories are...
https://www.youtube.com/watch?v=3XKvOaVQX-8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Unicorns with Bryson Bort | 401 Access Denied Ep. 77
Cybersecurity Unicorns with Bryson Bort | 401 Access Denied Ep. 77
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=cybersecurity-unicorns-with-bryson-bort
Does your business have the infrastructure, tools, and people to stay ahead of cyber attacks? In this episode of 401 Access Denied, Joe Carson is joined by the one and only cyber unicorn - Bryson Bort! When it comes to building a company with the necessary foundation to maximize security, Bryson has you covered. As the founder of organizations including SCYTHE and GRIMM Cyber, he comes with a wealth of knowledge on how to protect your business from the ground up with stronger purple teaming. Join the fun in this exciting conversation!
Follow Bryson:
~https://www.linkedin.com/in/brysonbort/
~https://twitter.com/brysonbort...
https://www.youtube.com/watch?v=U5n_jni0nTg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Swathi Joshi Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=5p2tw5sIrwg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Opening Remarks and Anna Westelius Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=VuXVX0q_yE4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Jim Manico Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=DPJtv-E8SlM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Closing Remarks and Giveaway
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=ftJJJe03fMU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Simon Bennetts Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=t77aKVJQKzY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Squeezing The Last Drop Out Of OWASP Juice Shop - Bjoern Kimminich
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=m1f2fPC8hLU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Ransomware Tool Set: When a Threat Actor Opsec
SANS Cyber Threat Intelligence Summit 2023
Breaking the Ransomware Tool Set: When a Threat Actor Opsec FailureBecame a Threat Intelligence Gold Mine
Nicklas Keijser
During a recent incident response engagement I was assigned to reverse engineer the RAT that the threat actor had deployed in the environment. During the malware analysis a suspicious string was found in the memory, https://ipnumber/list.txt. The list contained a not only a complete inventory that the threat actor had, but also a link to the full repository of all their tools, almost 5 GB / over 100 files and scripts of content covering every part for an intrusion -from reconnaissance to impact and everything in between. This led to an interesting labyrinth of research on all the aspects of this tooling. This presentation goes...
https://www.youtube.com/watch?v=uQQxduIIqAA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Way to a Stakeholder's Heart is by Providing Value: Measuring Success of Your CTI Program
SANS Cyber Threat Intelligence Summit 2023
The Way to a Stakeholder's Heart is by Providing Value: Measuring Success of Your CTI Program
Freddy Murstad, Senior Threat IntelligenceAnalyst, Nordic Financial CERT
Here the presenter will lead you through the anatomy of success by illustrating that knowledge about your stakeholders and what they really want (=value) is the recipe for success. In this talk I will provide * A process for identifying and understanding who you stakeholders really are and what they really want * An overview of how you can convert that understanding into activities for your CTI team * A suggestion for how you can then deliver on those requirements and measure if you have successfully met them Basically, this will be a suggestion for a process for how your CTI program...
https://www.youtube.com/watch?v=5agsRg6-L4o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Report Writer's Grimoire
SANS Cyber Threat Intelligence Summit 2023
The Report Writer's Grimoire
John Grim, Director, Cyber Threat Intelligence, Experian
A grimoire is a book of magic; specifically, one on how to use spells, create objects, or invoke entities. We're certainly not looking to conjure up new APT ghouls. And in no way are we saying that threat intelligence is magical, although some would argue intelligence is more art than science. As threat intelligence practitioners, we need grimoire or codex. We need a refence guide to help us with the 'how-tos' for effective writing and proper annotation. A Report Writer's Grimoire. Join this session and learn how to summon the good faeries associated with reporting outlines, clear communication, source reliability, confidence levels, severity ratings, and product...
https://www.youtube.com/watch?v=Lnw_VSf-znI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons Learned From Over a Decade in OSINT
SANS Cyber Threat Intelligence Summit 2023
Lessons Learned From Over a Decade in OSINT
Matt Edmondson, Certified Instructor, SANS Institute
Most organizations now realize that OSINT skills aren't just nice to have; they're mandatory. In this talk we'll discuss lessons learned from doing OSINT professionally for over a decade and starting up multiple OSINT units within the government. It's always more fun to hear about others' mistakes than to make your own. We'll end by discussing how these concepts relate to CTI teams.
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
https://www.youtube.com/watch?v=2IaNN6iOOMo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the IranianAPT COBALT MIRAGE
SANS Cyber Threat Intelligence Summit 2023
Unmasking the IranianAPT COBALT MIRAGE
Lina Lau, Principal Incident ResponseConsultant - APJ South, Secureworks
From operational security failures to a Department of Justice (DOJ) indictment, COBALT MIRAGE likes to blur the lines between espionage and revenue generation. This talk uncovers the tactics, techniques and procedures deployed by COBALT MIRAGE from incidents worked at Secureworks. It's not often white hats see operational security failures unmask the identity of the adversary and even rarer to see it reflected in a DOJ sentencing. Attendees will learn about the critical role of contractor organizations in Iranian APT groups, crossovers in tooling between APT groups, techniques leveraged by COBALT MIRAGE to compromise organisations, inconsistencies...
https://www.youtube.com/watch?v=ELa_FrHlMd8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DocIntel: A Context-Centric Cyber Threat Intelligence Platform
SANS Cyber Threat Intelligence Summit 2023
DocIntel: A Context-Centric Cyber Threat Intelligence Platform
Antoine Cailliau, Threat Researcher, Belgian Defence
An increasing number of documents reporting cyber incidents, vulnerabilities, novel offensive and defensive techniques are shared on a daily basis among various public and private communities. This collective knowledge needs to be collected, processed and organized for the cyber threat intelligence (CTI) analysts to search and investigate. The large volume and diversity of knowledge available form a key challenge for analysts looking to transform the data into actionable knowledge. Expert staffing shortages, employee costs in cybersecurity industry, expensive fees for commercial data feeds and short deadlines in the cybersecurity fast-paced...
https://www.youtube.com/watch?v=TO8cOzNm418
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Use CTI, No Matter the Size of Your Organization
SANS Cyber Threat Intelligence Summit 2023
How to Use CTI, No Matter the Size of Your Organization
Sydney Jones, Head of Cyber Threat Intelligence, BNP Paribas
Most cyber threat intelligence (CTI) professionals know how to tailor intelligence products for their clients. But the shape of an intelligence team can also be tailored depending on the size (and budget) of the business as well. Through various information sharing organizations, I've worked with smaller firms who often have one person covering all of information security. It's through these interactions that I've come to understand first how different sized firms use (if they use) intelligence and secondly brainstorm with them on how to improve the use of threat intelligence to fit their needs. Intelligence analysts like "intelligence...
https://www.youtube.com/watch?v=LzGx4HZdhNc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]
Walkthrough for a Unity game hacking challenge from the Pico Capture The Flag competition 2023 (picoCTF). First, we'll decompile the Assembly.Csharp.dll with DNSpy and patch/re-compile the code to retrieve the flag. In the second solution, we'll use Cheat Engine 7.5 to identify our player position and teleport through the wall, allowing us to recover the flag. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #ReverseEngineering #CTF #CaptureTheFlag #Pico #PicoCTF #PicoCTF2023 #CheatEngine #GameHacking
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b and the gamepwn README: https://github.com/Crypto-Cat/CTF/tree/main/game_hacking#readme
↢Social...
https://www.youtube.com/watch?v=QgF4PQjeG-o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Two Thumbs Up - Thumbnail Forensics
In this episode, we'll look at Thumbs.db and Thumbcache -- databases used by Windows to store thumbnails (preview images) of pictures, documents, and other file types. Learn how these rather obscure artifacts could potentially be invaluable to your investigations.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:28 - Thumbs.db / Thumbcache artiFACTS
05:13 - Thumbcache Viewer Demo
🛠 Resources
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=5efCp1VXhfQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dirty Vanity: A New Approach to Code Injection & EDR Bypass
This talk showcases yet another new code injection technique (I know, bear with me), nicknamed Dirty Vanity. This technique challenges current injection detection and prevention means while opening a wider spectrum of attacks that challenges common concepts of EDR TTPs. This technique abuses the lesser-known forking mechanism which is built in Windows operating systems. In the talk, we will cover the forking mechanism's internals, and common means to activate it...
By: Eliran Nissan
Full Abstract and Presentation Materials: https://www.blackhat.com/eu-22/briefings/schedule/#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
https://www.youtube.com/watch?v=Fpb4eL3vMgk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bridging the Gap Between Research and Practice in Intelligently Bypassing WAF
AI-enabled cyber attack is fast becoming a prevalent topic. One of the representative topics is to utilize AI to learn how to bypass web application firewalls (WAFs). The general workflow includes three steps. First, build the original payload dataset that may be blocked by WAF, and collect the mutation operation set such as case substitution and adding comments in SQL injection. Second, use heuristic algorithm or reinforcement learning (RL) to explore a combination of operations to bypass the WAF. Finally, the mutated payloads that can bypass WAF are obtained.This workflow has laid a solid foundation for the intelligentization of cyber attacks, but we encounter two key problems in practice. 1) The payloads used in practice are diverse, and their bypass methods are also different. It is difficult...
https://www.youtube.com/watch?v=PhGDZad0DdA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep into Android Bluetooth Bug Hunting: New Attack Surfaces and Weak Code Patterns
In the past few years, researchers have found hundreds of security vulnerabilities in the AOSP Bluetooth module such as Blueborne and BlueFrag. Almost all of these vulnerabilities are caused by the process not properly validating the remote user-supplied data, when parsing the Bluetooth request packet.In this context, in order to improve the security of Bluetooth, Google has adopted a variety of hardening methods:1. Validate the length of incoming Bluetooth packets.2. Implement a new and more secure AVRCP profile.3. Rewrite Bluetooth stack code-named Gabeldorsche in Rust.However, through some new approaches (focusing on the lifecycle of Bluetooth packet data and specific weak Bluetooth architectural logic), we still found a large number of security vulnerabilities hidden deep in the code.In...
https://www.youtube.com/watch?v=TDSgRWOeS-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Event-based Fuzzing, Patch-based Research, and Comment Police: Finding Bugs Through a Bug
Learning from known vulnerabilities is a must for every security researcher, and subscribing to the major vendors' monthly public bulletins and security patch updates is the first thing security researchers do at the beginning of each month.The value of an enlightening security vulnerability is not only to reveal significant attack surfaces and exploit scenarios but also to inspire deeper digging as an important input to bug hunting. From a period of work on security vulnerability analysis and tracking, we have concluded several approaches to finding bugs over bugs, which apply to both mature products security research and efficient finding vulnerabilities of customized products. Through such patterns, we have developed a targeted fuzzer and written specific CodeQL/Weggli rules, and we found...
https://www.youtube.com/watch?v=mPiv0eZlx9w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DataBinding2Shell: Novel Pathways to RCE Web Frameworks
DataBinding is a mechanism that allows request parameters to be bound to a domain object automatically. It makes development more efficient and code cleaner, and is widely implemented by best web frameworks written in trending programming languages, including Java, JavaScript, Groovy, Python and Ruby.The previous research related to DataBinding mainly focuses on Mass Assignment[1], which is caused by improper use of DataBinding. This occurs when a user is able to access a sensitive field of domain object such as salary, and admin flag, which are not intended by the application. However, the security of the DataBinding mechanism itself has been neglected for a long time. Therefore, we conducted comprehensive research about it and analyzed top web frameworks including Spring, Struts, Grails,...
https://www.youtube.com/watch?v=9BIAuwo4xvU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Confidence in Chaos: Strategies for World-Class Security Operations
You've just found out the smart-lights in the cafeteria are connected to your corporate network and can be dimmed from anywhere in the world, the sales team has been spinning up unmanaged AWS accounts to do customer demos, and your organisation engaged full encryption to meet data protection and privacy laws without notifying you. You know you need to accelerate building and adjusting your detection and response capabilities - and you can't risk making mistakes while you identify your priorities. Today's cybersecurity operations centers (SOCs) are under more pressure than ever to adjust defense and detection techniques on-the-fly to address adversaries hiding in the corners of your IT. To help you see clear priorities through your often unpredictable operational world, we've cultivated an...
https://www.youtube.com/watch?v=D17-yJg3ML0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Parcels: The Bad, the Good and the Better - Introducing Android's Safer Parcel
Parcel is the serialization mechanism in Android and is behind almost every OS cross-process interaction. Parcelable implementations have been the source of vulnerabilities in Android for ~8 years, often rated high severity and weaponized by malware authors to achieve privileged exploits, including silent package installation and arbitrary code execution.This talk covers a detailed overview of known exploit techniques that abuse Parcel vulnerabilities, including the well-known yet still active Bundle FengShui exploits; and a novel exploit chain that was reported through Google VRP program (CVE-2021-0928) in June 2021, that achieves arbitrary code execution in privileged applications' processes, on Android 12...
By: Hao Ke , Bernardo Rufino , Maria Uretsky , Yang Yang
Full Abstract and Presentation...
https://www.youtube.com/watch?v=qIzMKfOmIAA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fail Harder: Finding Critical 0-Days in Spite of Ourselves
Vulnerability researchers and bug hunters love to talk about their successful path to finding a critical vulnerability. However, this is rarely the Cinderella story people tell on stage. Failure, along with a healthy dose of persistence, can lead to tremendous success. This session will take a deep dive into all the things that didn't work, along with the many challenges that preceded the findings of critical zero-day bugs across multiple projects...
By: Philippe Laulheret , Douglas McKee
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-22/briefings/schedule/#fail-harder-finding-critical--days-in-spite-of-ourselves-29168
https://www.youtube.com/watch?v=A5eG7cmVri8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs
While the Active Directory implementation of Kerberos prefers to use cryptography based on AES, the deprecated Kerberos encryption type is still supported by default and widely used in practice. The property that RC4 derives its cryptographic keys from a user's NTLM hash is frequently exploited to authenticate without the original password (overpass-the-hash) or to efficiently brute-force service account passwords offline (Kerberoasting).No attacks were yet known that take advantage of the well-known weaknesses in Kerberos' RC4 implementation. Therefore I decided to take a look at this and quickly identified a relatively obvious flaw in the way it was used.However, turning this cryptographic flaw into a practical attack against Kerberos or Active Directory turned out to be far from trivial...
By:...
https://www.youtube.com/watch?v=Dxqb-q2OjoM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cross-Contract Ricochet Attacks & Off-Chain-On-Chain Manipulation of Billion Dollar NFT Collections
The enticing narrative promised by the Ethereum blockchain is to be a decentralized world-computer within which utility based NFTs are an integral piece of the story. In this presentation, we will look at a crafty new technique that ricochets a utility based NFT across smart contracts to circumvent staking safeguards, and also how easy it is to exploit off-chain marketplace logic relied upon to implement ERC-721 and ERC-1155 standards...
By: Nitesh Dhanjani
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-22/briefings/schedule/#cross-contract-ricochet-attacks--off-chain-on-chain-manipulation-of-billion-dollar-nft-collections-29327
https://www.youtube.com/watch?v=x57acY3f90s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Choo Choo, Network Train - The One to Rule Your Perimeter
I hear you saying: MQTT again, that's an old and stale topic. It's actually not old or stale. MQTT is still out there and many servers are still open to attack. But even more interesting, what other devices are connected to those open servers and what networks are they sitting on? For example, do you know that with MQTT it's possible to open a whole network from the inside out using one simple wall switch? An MQTT attack against a network can also be used for DNS hijacking, DDoS attacks, and control of Bluetooth devices on internal networks among other things.We are concerned that MQTT leaks data but I'll show in this talk we really should be focusing on the bigger risk posed by using MQTT to replace the firmware in connected devices...
By: Martin Hron
Full Abstract and Presentation Materials:...
https://www.youtube.com/watch?v=RpXoVwCSHA0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Back-connect to the Connected Car. Search for Vulnerabilities in the VW Electric Car.
The attack surface on modern connected cars is broad – Wi-Fi, Bluetooth, V2X, 2G/3G/4G, custom RF protocols, CAN, OBD2 interfaces, automotive Ethernet, USB ports, remote diagnostics, telematics, and mobile apps. During the presentation, we will show part of the results of penetration testing the modern European electric Volkswagen car model ID3. Our discovered vulnerabilities and security problems in car architecture are also applicable for such Volkswagen models like ID4, ID5 and affect hundreds of thousands of electric cars on the roads.We will demonstrate how hackers can receive root access in Infotainment and Gateway modules in the cars, install backdoors and what hackers can do remotely with hacked cars...
By: Alexey Kondikov , Sergey Razmakhnin , Khaled Sakr , Yuriy Serdyuk
Full...
https://www.youtube.com/watch?v=4yBKYMKRPbU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CSI:Rowhammer: Closing the Case of Half-Double and Beyond
Rowhammer is a severe security problem in DRAM, allowing an unprivileged adversary to gain kernel privileges by inducing electrical disturbance errors. Today, mitigations against Rowhammer, most notably Targeted Row Refresh (TRR), are widely adopted and even part of recent DRAM standards.In this talk, we first show that TRR is insufficient by design and counterintuitively assists an attacker in the context of our new Rowhammer type: Half-Double. Unlike all previous Rowhammer attacks, Half-Double hammers from a distance of two...
By: Jonas Juffinger , Andreas Kogler
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-22/briefings/schedule/#csirowhammer-closing-the-case-of-half-double-and-beyond-29281
https://www.youtube.com/watch?v=TJJxhcKyM-w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DnD: Decompiling Deep Neural Network Compiled Binary
The usage of Deep Neural Networks (DNNs) has steadily increased in recent years. Especially when used in edge devices and embedded systems, dedicated DNN compilers are used to compile DNNs into binaries for the best performance. Security applications such as DNN model extraction, white-box adversarial sample generation, and DNN model patching become possible when a DNN model is accessible. However, these techniques cannot be applied to compiled DNN binaries. No decompilers can recover a high-level representation of a DNN model from its compiled binary code.In this paper, we introduce DnD, the first ISA- and compiler-agnostic DNN decompiler...
By: Antonio Bianchi , Taegyu Kim , Dave (Jing) Tian , Ruoyu Wu , Dongyan Xu
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-22/briefings/schedule/#dnd-decompiling-deep-neural-network-compiled-binary-28993...
https://www.youtube.com/watch?v=ygWgQcMrPvc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Techniques To Improve Vulnerability Visibility & Detection (W/ Clement Fouque) | PurpleSec
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/
Read the full article: https://purplesec.us/learn/vulnerability-visibility/
Chapters
---------------
00:00 - Introduction
00:45 - Clement Fouque
01:36 - Importance Of Visibility In Vulnerability Management
02:51 - Why Is Poor Visibility An Issue?
04:40 - Common Blind Spots
06:55 - Improving Asset Inventories
09:30 - How Do You Know If You Have Poor Visibility?
13:20 - Techniques For Improving Visibility
15:05 - How To Ensure All Endpoints Are Being Scanned
18:25 - How Network Segmentation Improves Visibility
20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberChef Malware Analysis - DCRat Loader
🔥 Learn How To Use CyberChef for Malware Analysis
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking.
🔗 Article Link: https://guidedhacking.com/threads/cyberchef-analysing-a-dcrat-loader.20317/
📜 Video Description:
Learn some tips and tricks for using CyberChef for de-obfuscation
Some credit for this video belongs to @embee_research on Twitter where a thread labeled AsyncRAT - Defeating Obfuscation Using CyberChef was posted.
You can find that research here:
https://twitter.com/embee_research/status/1638463073441972225
CyberChef is a tool that was released by the GCHQ in 2018. The tool is completely free and open source whilst being constantly...
https://www.youtube.com/watch?v=rpp6BZYIziM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why does DNS always break the internet?
The internet, it's a series of tubes? Or is it? This week we take a look at how the internet actually works and what we mean when we say web security. What happens when you visit a website? How does it know what to display? What technologies are we actually hacking? What is a request and response anyway? Well this week we cover all of that and more. As we dive into TCP/IP, DNS, HTTP, HTML, CSS and some other acronyms.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous...
https://www.youtube.com/watch?v=yp1rH7Kj12o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Bard vs. GPT4 - Hands-On First Look [Cybersecurity]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF...
https://www.youtube.com/watch?v=xhZ-rueqllg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You Can't Hack Them All - Master of One - From Noob to Clients
Burp Suite Deep Dive course: https://bit.ly/burpforpros
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF...
https://www.youtube.com/watch?v=BU0R_7IBpxs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How does Bug Bounty work anyway?
I talk a lot about becoming a bug bounty hunter on my channel, in this new series we're going to go from knowing nothing about hacking to finding your first bug, to getting more consistent bounties and everything in between. While we're starting at the very basics I think you'll find this series has a lot to offer a hacker at any level!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you up with the right program...
https://www.youtube.com/watch?v=nXvP8j3QtHI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cerebral App Leaks Telehealth Medical Data - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Cerebral was leaking personal info, security folks are being targeted in attacks, and GitHub will now require 2FA! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/BL1CUH0H8DA
Chapters:
00:00 Cerebral HIPAA Non-Compliance
02:39 InfoSec Targeted In Attacks
04:31 GitHub Requires 2FA
Links:
Resources...
https://www.youtube.com/watch?v=BL1CUH0H8DA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Doublespeak: Jailbreaking ChatGPT-style Sandboxes using Linguistic Hacks
A review of Large Language Model (LLM) vulnerabilities/exploits, e.g. including prompt leakage, prompt injection and other linguistic hacks. We'll run through levels 1-9 of the doublespeak.chat challenges, produced by Forces Unseen. doublespeak.chat is a text-based game that explores LLM pre-prompt contextual sandboxing. The challenges prime an LLM (Chat-GPT) with a secret and a scenario in a pre-prompt hidden from the player. The player's goal is to discover the secret either by playing along or by hacking the conversation to guide the LLM's behavior outside the anticipated parameters. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox:...
https://www.youtube.com/watch?v=au3CRqlbWlQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Lesley Carhart (hacks4pancakes)
In this special guest episode of 13Cubed, I interview Lesley Carhart (aka hacks4pancakes) of Dragos. We'll cover a variety of topics and provide some career advice along the way!
*** Check out PancakesCon 4 at https://pancakescon.com/ coming March 19, 2023! ***
🎉 Also check out the new 13Cubed Training Course Investigating Windows Endpoints. Affordable, on-line, and on-demand training is here! Enroll now at https://training.13cubed.com/
🛠 Resources
Twitter:
https://twitter.com/hacks4pancakes
Mastodon:
https://infosec.exchange/@hacks4pancakes
TikTok:
https://www.tiktok.com/@UCezvmPw4tfO6n_FMQoN4waw
#forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=aC4jd8hQdYo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NEW Powershell features in DuckyScript 3.0
Learn how to take advantage of the latest new STRING command features in DuckyScript 3.0
Payload Studio: https://payloadstudio.hak5.org
Discover Payloads: https://payloads.hak5.org
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award...
https://www.youtube.com/watch?v=9ToUb5kTwq0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UEFI Bootkit Successfully Hits Windows 11 - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Gmail Now Gets Client Side Encryption (for some folks), a UEFI bootkit targets Windows 11, and the LastPass just got even worse! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/t2RB6K1GcC0
Chapters:
00:00 Gmail, Now With CSE
02:33 Windows 11 UEFI Bootkit
04:29 RIP LastPass
Links:
Resources...
https://www.youtube.com/watch?v=t2RB6K1GcC0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Test for Broken Access Controls | #cybersecurity #hacking #shorts
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=0YtGklzmbOQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insider Insight from 55 Pentests | #cybersecurity #infosec #shorts
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=w9mhqlkQPUs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It's About Time - Timestamp Changes in Windows 11
In this episode, we'll revisit NTFS MACB timestamps and take a look at how file creations, accesses, modifications, renames, copies, and moves affect them. Then, we'll take a look at how Windows 11 has changed the behavior associated with some of those timestamps.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:24 - File Creation
02:54 - File Access and NtfsDisableLastAccessUpdate
05:12 - File Modification
06:18 - File Rename
07:33 - File Copy
09:50 - File Move
12:53 - Correction
14:02 - Timestamp Changes in Windows 11
🛠 Resources
Windows MACB Timestamps (NTFS Forensics):
https://www.youtube.com/watch?v=OTea54BelTg
Windows 11 Time Rules:
https://www.khyrenz.com/blog/windows-11-time-rules/
#Windows11...
https://www.youtube.com/watch?v=_D2vJZvCW_8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced DuckyScript 3.0 Features [PAYLOAD]
Make the most out of your USB Rubber Ducky payloads with these advanced DuckyScript 3.0 features.
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where...
https://www.youtube.com/watch?v=dAt-tK19p7k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Bolsters Firmware Security - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
That free game could be malware in disguise, Google is making firmware more secure, and Activision got hacked! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/Re_J6Y_NpDA
Chapters:
00:00 Pirated Games = Malware
02:14 Google Bolsters Firmware Security
03:38 Activision Confirms Hack
Links:
Resources...
https://www.youtube.com/watch?v=Re_J6Y_NpDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: A Taste Of Privacy Threat Modeling by Kim Wuyts
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=0HMxksszzDI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Opening Remarks - Grant Ongers
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=v8SeSkmYxXU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Introducing Threat Modelling To Established Teams - Sarah-Jane Madden
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=1Zkta9i1CYQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Attacking And Protecting Artificial Intelligence - Rob Van Der Veer
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=ABmWHnFrMqI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Why Winning In Cybersecurity Means Winning More Everyday - Jessica Robinson
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=UJeraXFMcoI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gobal AppSec Dublin: Trusting Software: Runtime Protection Is The Third Alternative - Jeff Williams
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=sRE3f_2ECfs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Passwordless Future: Using WebAuthn And Passkeys In Practice - Clemens Hübner
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=_L9pbpkX-Ps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: GitHub Actions: Vulnerabilities, Attacks, And Counter-Measures - Magno Logan
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=gxCvV35yXmU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: [T]OTPs Are Not As Secure As You Might Believe - Santiago Kantorowicz
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=K3myOx4HI90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Orlando w/ Epic Games 2023 (H1-407)
Hackers were brought out to sunny Orlando, Florida! Our hackers were challenged with the amazing team at Epic Games to help keep our games secure.
Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=LU5VPLwJLqM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Barcelona w/ PayPal 2022 (H1-3493)
Live Hacking Events are the ultimate voyage for hackers selected to test their skills. This time our hackers had the chance to experience gothic architecture, historic streets, and a historic music venue. Check out what hackers had to say about their experience abroad!
Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=C8mBx7iz9cU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Passive OS Fingerprinting [PAYLOAD]
New extensions in DuckyScript 3.0 for the USB Rubber Ducky give you the ability to passively identify Windows and non-Windows targets -- adding failsafe possibilities for your next payloads.
Dig into this feature: https://hakshop.myshopify.com/blogs/usb-rubber-ducky/detect-ready
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded...
https://www.youtube.com/watch?v=R8NX0ceBqr4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Forensics Training You Can Actually Afford!
Announcing the first ever 13Cubed Training Course: Investigating Windows Endpoints.
Unlock the secrets of Windows forensic investigation with my new course! I took my years of experience creating videos on this channel and set out to develop affordable, comprehensive, and professional training. Whether you're looking to get into the field, already work in the field but want to step up your game, or just have an interest in digital forensics, look no further. This is the course for you!
Purchase the Course Here:
https://training.13cubed.com/investigating-windows-endpoints
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=d8fAKTXOjS8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inject Keystrokes in only 25 milliseconds! [PAYLOAD]
DELAY 3000 is a relic of the past. Learn the hot new DuckyScript 3.0 techniques with DETECT_READY extensions that speed up payload deployment by 99%
Dig into the details: https://hak5.org/blogs/usb-rubber-ducky/detect-ready
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec...
https://www.youtube.com/watch?v=kmG87Ot4Fv4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CAN I WIN A GAME OF BATTLEGROUNDS?! [HackTheBox - Server Siege]
3 more practice games of @HackTheBox battlegrounds (server siege) 💜 If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/battlegrounds
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
https://help.hackthebox.com/en/articles/5185620-introduction-to-battlegrounds
https://www.youtube.com/watch?v=gH_q0zRcPuI
↢Resources↣
Ghidra:...
https://www.youtube.com/watch?v=VX445yn4lQ4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESXiArgs Ransomware Analysis with @fwosar
Join us as we reverse engineer the ESXiArgs ransomware used in wide spread attacks targeting unpatched VMware servers with CVE-2021-21974.
Fabian (https://twitter.com/fwosar) joins us to do the heavy lifting!
Tutorial that may assist with decrypting files that have been encrypted by ESXiArgs (https://enes.dev/).
BleepingComputer help forum for ESXiArgs victims (https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/)
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=bBcvqxPdjoI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Much Money Ethical Hackers can Make | #cybersecurity #shorts #hacking
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=YuxWGoNWrDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking, back in the Days - 15 years ago | #cybersecurity #shorts
From a discussion with @HackerSploit.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=B6hlqzfolBg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-4510: Directory Traversal RCE in binwalk
A path traversal vulnerability (CVE-2022-4510) was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 (inclusive). This vulnerability allows remote attackers to execute arbitrary code on affected installations of binwalk. User interaction is required to exploit this vulnerability in that the target must open the malicious file with binwalk using extract mode (-e option). The issue lies within the PFS (obscure filesystem format found in some embedded devices) extractor plugin that was merged into binwalk in 2017. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Vulnerability #CVE-2022-4510 #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:...
https://www.youtube.com/watch?v=71e5iMoDDMA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5
Get 0 In Free Linode Credit ►► https://bit.ly/39mrvRM
Get started with Intigriti: https://go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify...
https://www.youtube.com/watch?v=Yq2d9FuWjd8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Network Pentesting Course from 0 to Hacker | #cybersecurity #shorts
From a discussion with @HackerSploit.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=Ya24z_4o8po
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 Year Cybersecurity Career Roadmap
In this video, I outline a concise 3-year Cybersecurity career roadmap designed for students or professionals looking to get started with a career in Cybersecurity in 2023 and beyond.
Slides: https://bit.ly/3HlM3aw
Black Hills 5-Year InfoSec Plan: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►►...
https://www.youtube.com/watch?v=oI9aaBpJvoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attacking Open Ports in Pentesting - Practical | #cybersecurity #shorts
From a discussion with @HackerSploit.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=WPmbwkzwtoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How much Coding you Actually Need for Bug Hunting | #cybersecurity #shorts
From a discussion with @TCMSecurityAcademy.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=Kfv2uErkPmg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackTheBox Battlegrounds - Server Siege (Practice Mode)
Wanna to watch me fail to gain a foothold on two @HackTheBox battlegrounds machines? Well, you're in luck! In this video, I compete in 2 practice games of battlegrounds server siege mode. Unfortunately, I didn't get a shell in either of the 15 minute matches but hopefully showing my real-time thought process and initial impressions of the competitive hacking mode will still be helpful to some people. If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #Battlegrounds #ServerSiege #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit:...
https://www.youtube.com/watch?v=Jo-2F-4f0F0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EZ Tools Manuals Interview with Andrew Rathbun
In this special guest episode of 13Cubed, I interview Andrew Rathbun of Kroll to discuss the new EZ Tools Manuals he's written. This documentation provides in-depth coverage of nearly all Windows forensic tools written by Eric Zimmerman. We also discuss a few other DFIR community projects at the end, so don't miss it!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - EZ Tools Manuals
20:40 - DFIR Artifact Museum
25:48 - Digital Forensics Discord Server
🛠 Resources
EZ Tools Manuals:
https://leanpub.com/eztoolsmanuals
Vanilla Windows Reference:
https://github.com/AndrewRathbun/VanillaWindowsReference
DFIR Artifact Museum:
https://github.com/AndrewRathbun/DFIRArtifactMuseum
A Beginner's Guide to the Digital...
https://www.youtube.com/watch?v=Mz5hin8Wxak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Python Libraries used by Hackers | #cybersecurity #shorts
From a discussion with @HackerSploit.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts'n'stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/...
https://www.youtube.com/watch?v=IUXkkZ52QfI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ultimate GraphQL Recon - A Tactical Approach
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ GraphQL is widely adopted in the industry. Learn how to map its attack surface so as to safely and effectively protect it.
GitHub: https://github.com/nicholasaleks/graphql-threat-matrix/
graphw00f: https://github.com/dolevf/graphw00f
Free Chapter 4: https://nostarch.com/download/BlackHatGraphQL_ch4sample_102422.pdf
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My...
https://www.youtube.com/watch?v=c_RPptC4V9I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A New Program Execution Artifact - Windows 11 22H2 Update!
In this episode, we'll take a look at a new Windows 11 Pro 22H2 program execution artifact discovered in late December 2022. We'll cover the basics and then look at this new Program Compatibility Assistant (PCA) artifact in action on a Windows 11 system.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:52 - PCA artiFACTS
02:52 - Demo
11:28 - Recap
🛠 Resources
New Windows 11 Pro (22H2) Evidence of Execution Artifact:
https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
Vanilla Windows Reference:
https://github.com/AndrewRathbun/VanillaWindowsReference
DFIR Artifact Museum:
https://github.com/AndrewRathbun/DFIRArtifactMuseum
🙏 Special Thanks for Additional Research and...
https://www.youtube.com/watch?v=rV8aErDj06A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Expert in One Bug or Master of All (None) | #cybersecurity #shorts
From a discussion with @TheXSSrat.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ Why only a handful of security researchers and bounty hunters make it and how can you be one of them?
Free coding platforms:
https://freecodecamp.org
https://edabit.com
https://codewars.com
Free books:
https://www.py4e.com/book.php
https://www.golang-book.com/books/intro
https://books.goalkicker.com/BashBook/
__________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx...
https://www.youtube.com/watch?v=wyulRbEzBGk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Learn Malware Analysis - With Real Malware Samples | #cybersecurity #shorts
How to learn reverse engineering fast with these 3 practical resources. From a discussion with @HackerSploit.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ Why only a handful of security researchers and bounty hunters make it and how can you be one of them?
Free coding platforms:
https://freecodecamp.org
https://edabit.com
https://codewars.com
Free books:
https://www.py4e.com/book.php
https://www.golang-book.com/books/intro
https://books.goalkicker.com/BashBook/
__________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python...
https://www.youtube.com/watch?v=W2uqUW6DCaM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Learn Reverse Engineering Fast | #cybersecurity #shorts
How to learn reverse engineering fast with these 3 practical resources. From a discussion with @HackerSploit.
Talk to me: https://dgtsec.com/contact
________________________________________________________________________________________________
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ Why only a handful of security researchers and bounty hunters make it and how can you be one of them?
Free coding platforms:
https://freecodecamp.org
https://edabit.com
https://codewars.com
Free books:
https://www.py4e.com/book.php
https://www.golang-book.com/books/intro
https://books.goalkicker.com/BashBook/
__________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python...
https://www.youtube.com/watch?v=LSvfIwmqKME
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Defense Evasion Techniques - Hiding Linux Processes
In this video, I explore the process of evading defenses on Linux by hiding Linux processes with libprocesshider.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Process Hider GitHub Repository: https://github.com/gianlucaborello/libprocesshider
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER...
https://www.youtube.com/watch?v=GT-ClZAi6rE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Most Frequent Vulnerabilities I Found in 80+ Pentests in 2022
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ These are the most frequent vulnerabilities I found in my pentests in 2022.
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine...
https://www.youtube.com/watch?v=Bob-_PtgvXA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Persistence Techniques - SSH Keys, Web Shells & Cron Jobs
In this video, I explore the process of establishing persistence on Linux via SSH keys, local accounts, web shells, and Cron Jobs.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=tNJs8CFj_B8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What The Security Industry Should Know About Reverse Engineering [ Reverse Engineering AMA ]
What is one thing you wish your peers in the security industry knew about reverse engineering?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=SffxAVWmbk4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do Companies Actually Pay Ransomware [ Reverse Engineering AMA ]
Do companies really pay ransomware? Do they buy bitcoin to pay? If they pay do they actually get their files back?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=-CD82mTcy5A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT For Cybersecurity
In this video, I go over the process of how to use ChatGPT and cover various examples of how to use ChatGPT for Cybersecurity.
ChatGPT is an AI-driven chatbot launched by OpenAI in November 2022.
It is trained using Reinforcement Learning from Human Feedback (RLHF).
It is built on top of OpenAI's GPT-3.5 family of large language models and is fine-tuned with both supervised and reinforcement learning techniques.
OpenAI ChatGPT: https://chat.openai.com/chat
Timestamps:
0:00 Introduction
7:50 ChatGPT usage
10:45 Pentesting examples
13:10 Generating shells
14:25 Fuzzing
17:15 Shellcode
18:00 Custom emails
19:34 Macros
20:56 Buffer overflow
22:15 Automation
25:00 Blue team examples
28:33 ChatGPT impact on cybersecurity
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY...
https://www.youtube.com/watch?v=6PrC4z4tPB0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is The Future of Reverse Engineering [ Reverse Engineering AMA ]
What is the future of reverse engineering? What should we prepare for?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=lilIOWzDeBA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Privilege Escalation Techniques - Kernel Exploits & SUDO Permissions
In this video, I explore the process of elevating privileges on Linux by leveraging kernel exploits, local accounts, and misconfigured SUDO permissions.
Privilege Escalation consists of techniques adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=w2rElXYV2Fs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Trick To Level Up Your Reverse Engineering [ Reverse Engineering AMA ]
What is one trick or tip that really levelled up your reverse engineering?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=EjVVbM6ub00
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Identify Unknown Crypto Functions [ Reverse Engineering AMA ]
How do you identify unknown crypto and compression algorithms when reverse engineering?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=BGIDMpSztSk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]
What are some tips for dealing with static config extraction of .NET malware?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=n435uL01T_E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is The Most Interesting Malware From 2022 [ Reverse Engineering AMA ]
What is the most interesting malware from 2022? What new techniques have been observed?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=suxFVJijfbc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most Embarrassing Malware You Have Analyzed [ Reverse Engineering AMA ]
What is the more embarrassing, crude, or downright outrageous malware that you have reverse engineered?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=IIUbgphLJ5Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Switch Careers Into Reverse Engineering [ Reverse Engineering AMA ]
How do you switch your career and become a full time reverse engineer?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=HzziSeRu55g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips for Analysis of Large Complex Binaries [ Reverse Engineering AMA ]
What is the best way to approach reverse engineering a large and complex binary?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=2rhyCGHHiSU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LastPass Data Breach - Password Security 101
In this episode of CyberTalk, I discuss the latest LastPass data breach (December 2022) and outline a failsafe password management policy for you, your family, and or your business.
The following is a set of password security and management guidelines you should follow:
1. Generate secure, random, and complex passwords.
2. Use a new and unique password for every account.
3. Store your passwords with an offline password management database/vault like KeePass.
4. Take regular backups of your password database/vault and store them in a secure location (preferably only known to you).
5. Regularly change your passwords.
6. Develop a password handover contingency plan in the event of your death or incapacitation.
7. Remember, online platforms and solutions can go out of business or may not necessarily...
https://www.youtube.com/watch?v=MsxlsGAJ97c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team Lateral Movement Techniques - PsExec & RDP
In this video, I will be exploring the process of performing lateral movement on Windows by leveraging PsExec and RDP.
Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER...
https://www.youtube.com/watch?v=QGkmlsvjMYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team Privilege Escalation Techniques - Bypassing UAC & Kernel Exploits
In this video, I will be exploring the process of privilege escalation on Windows by leveraging various privilege escalation techniques.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
Writeup: https://hackersploit.org/windows-privilege-escalation-fundamentals
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM...
https://www.youtube.com/watch?v=vPTbWnCZ0sg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation
In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts.
Writeup: https://hackersploit.org/windows-red-team-defense-evasion-techniques/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=6xexyQwG7SY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackTheBox Certified Penetration Testing Specialist (CPTS) - Review + Tips
My review of the new @HackTheBox Certified Penetration Testing Specialist (CPTS) certification - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec #CPTS #Certification #Course
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://www.hackthebox.com/newsroom/certified-penetration-testing-specialist-cpts
https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist
https://academy.hackthebox.com/path/preview/penetration-tester
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=UN5fTQtlKCc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dissect Effect - An Open Source IR Framework
In this episode, we'll take a look at the recently open sourced Dissect incident response framework from Fox-IT. We'll briefly examine the overall capabilities of the software, then we'll install it within a WSL 2 environment, and lastly, we'll take it for a test drive using a Windows Server 2019 disk image.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:37 - Installation
03:31 - Using target-query
11:01 - Using target-shell
14:33 - Recap
🛠 Resources
Dissect Project:
https://github.com/fox-it/dissect
Dissect Documentation:
https://docs.dissect.tools/en/latest/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=A2e203LizAM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible.
Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4
Socials:
https://twitter.com/InsiderPhD
https://infosec.exchange/@insiderphd
https://insiderphd.dev
https://www.youtube.com/watch?v=ZsmRQqjGb9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tier 1: Funnel - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Funnel" machine from tier one of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, pivoting/tunnelling and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=HxWtXhL1mVU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber 2022: Day 16 SQLi's the king, the carolers sing (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible.
Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4
Socials:
https://twitter.com/InsiderPhD
https://infosec.exchange/@insiderphd
https://insiderphd.development
Nahamcon Secret ;) flag{2d01c445fbf95457a78aa68f4ddf6dec}
https://www.youtube.com/watch?v=iv02-Oi0TvM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber 2022: Day 15 Santa is looking for a Sidekick (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible.
Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4
Socials:
https://twitter.com/InsiderPhD
https://infosec.exchange/@insiderphd
https://insiderphd.dev
https://www.youtube.com/watch?v=9Pniza-s1ds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk-Based Vulnerability Management | PurpleSec
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read The Full Case Study
----------------------------------------
https://purplesec.us/case-studies/travel-services-provider/
High Level Findings
-------------------------------
PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period:
- 75% MTTR reduction.
- 86% vulnerability risk reduction.
- M average annual savings for the client.
- 1.6k average monthly man-hour savings.
-...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extreme Transparency or Corporate Security Responsibility?
We can all agree in theory that transparency is a good thing, but how far are you really willing to push it when the worst happens? Alex Rice and Will Farrell challenge organizations to push for transparency regardless of their situation, industry, or stakeholders. In this session, they explore the limits of corporate transparency and reframe it in the context of Corporate Security Responsibility.
Key takeaways:
-Understand why the message of transparency works
-Learn the strategies for creating a culture of transparency and collaboration
-Get the tools to translate transparency into board-friendly language
Find out more about Corporate Security Responsibility: https://www.hackerone.com/corporate-security-responsibility
https://www.youtube.com/watch?v=V7jyrIkNukE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tier 0: Synced - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Synced" machine from tier zero of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, rsync (file transfer) and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=RcnJ_xlErdE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's Talk About MUICache
In this episode, we'll take an in-depth look at Windows MUICache. We'll start by reviewing the purpose of this Windows feature, the metadata it collects, and its forensic value in showing evidence of program execution. Then, we'll jump into a demo and see it in action.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:54 - Background
03:42 - MUICache artiFACTS
07:20 - Demo
🛠 Resources
Forensic Analysis of MUICache Files in Windows
https://www.magnetforensics.com/blog/forensic-analysis-of-muicache-files-in-windows/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=ea2nvxN878s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MITRE ATT&CK Framework For Offensive & Defensive Operations
In this live training session, I will introduce you to the MITRE ATT&CK framework and will cover the process of operationalizing it for both offensive and defensive operations.
//LIVE TRAINING AND BOOTCAMPS
Introduction To C2 Frameworks: https://cyberranges.clickmeeting.com/introduction-to-c2-frameworks-3-day-webinar/register
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials...
https://www.youtube.com/watch?v=ujaoOWmkGLY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updates & Content Schedule - Q4 2022 - Q2 2023
This video outlines the latest updates from the HackerSploit team and goes over the content development plan for Q4 2022 - Q2 2023.
//CERTIFICATIONS
Certified Exploitation & Post-Exploitation Professional (CEPP): https://cyberranges.clickmeeting.com/exploitation-post-exploitation-3-day-bootcamp/register
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT...
https://www.youtube.com/watch?v=BnkhIpfc1aU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Many Timestamps??? #Shorts
How many timestamps *could* exist for a given file on an NTFS filesystem. Watch this to find out!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=xeevyCqC62E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64
Why looking into a 30 years old "malicious" software make sense in 2022? Because this little "jewels", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.
https://www.youtube.com/watch?v=Dl7l7gdr34o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 BiC Village - Segun Olaniyan- Growth Systems for Cybersecurity Enthusiasts
The presentation gives perspective to the systems of growth for cybersecurity starters, students and enthusiasts that are rarely known or mentioned in the cybersecurity field and have helped many professionals grow from newbies to the experts they are today. These are systems that will help cybersecurity students become relevant in the industry as a student; these are systems that will give cybersecurity enthusiasts a voice in the industry, they are capable of giving newbies rapid growth in the industry, I call them Growth Systems for Cybersecurity Enthusiasts.
https://www.youtube.com/watch?v=s-iLGZQTYaM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - Silk - DEF CON Memorial Interview
See more of SIlk's hacker videos at :
YouTube.com/alexchaveriat
YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=Pv33I_GXOGA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 Car Hacking Village - Evadsnibor - Getting Naughty on CAN bus with CHV Badge
Explain how the CHV badge can generate CAN waveforms (and other digital protocols) with different errors to disrupt vehicle networks. More than an ARB, the generation can be interactive - where the waveform can change based on the response of the network. The talk will focus on the Raspberry Pi rp2040 in the CHV badge and its hacker potential.
https://www.youtube.com/watch?v=ItPVA3x77EQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - Silk- GoKarts
See more of SIlk's hacker videos at :
YouTube.com/alexchaveriat
YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=zf4oHEqAHQA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - Silk - Hacker Karaoke
See more of SIlk's hacker videos at :
YouTube.com/alexchaveriat
YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=CGoM35pojcU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 BiC Village - Alexis Hancock - The Man in the Middle
The Trans-Atlantic Slave Trade was a dark, cruel time in the history of much of the Americas. The horrors of slavery still cast their shadow through systemic racism today. One of the biggest obstacles enslaved Africans faced when trying to organize and fight was the fact that they were closely watched, along with being separated, abused, and tortured. They often spoke different languages from each other, with different cultures, and beliefs. Organizing under these conditions seemed impossible. Yet even under these conditions including overbearing surveillance, they developed a way to fight back.The continued fight today is an evolution of that history established from dealing with censorship and authoritarian surveillance. This talk walks through the technology and the tools used to fight...
https://www.youtube.com/watch?v=bIXFWZuMHr4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 Car Hacking Village - Soohwan Oh, Jonghyuk Song, Jeongho Yang - Smart Black Box Fuzzing
How to solve the difficulties when performing black box fuzzing on the real automobiles. First, coverage-guided fuzzing is impossible, so we should generate testcases with full understanding of UDS CAN, such as message flows, frame types. Second, it is hard to decide whether errors occurred, we should check timeout, pending response, DTC (diagnostic Trouble Code) and NRC (Negative Response Code). Third, even if the target ECU is dead, we should continue the fuzzing by using ClearDiagnosticInformation and ECUReset. During this talk, audiences can learn the effective and practical CAN fuzzing guides on the technical level.
https://www.youtube.com/watch?v=C1_ZIXZVIBg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 Car Hacking Village - Mohammed Shine - Remote Exploitation of Honda Cars
The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with its Telematics Control Unit (TCU)
https://www.youtube.com/watch?v=BKzkZPz3n_c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - Silk - XOR Machine
See more of SIlk's hacker videos at :
YouTube.com/alexchaveriat
YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=7Ds8M38GqP8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 Car Hacking Village - Kevin2600, Li Swei - Biometrics System Hacking of the Smart Vehicle
Biometric systems such as face recognition, voice-print identification is extensively used for personal identification. In recent years more and more vehicle makers are implemented the facial recognition systems into the modern vehicle. However, how secure these systems really are?
In this talk, we will present some of simple yet very practical attack methods, to bypass the face recognition systems found on some modern vehicles, in order to login or even start the engine.
We will also diving into the journey of how to spoof the voiceprint based system. To trick the Smart speakers authentication mechanism to shopping online. Or generated a "unharmed" song with a specific command secretly embedded within. eg. "Open the car window"
https://www.youtube.com/watch?v=_mPW_iul97M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - Silk - Plane Hacking
See more of SIlk's hacker videos at :
YouTube.com/alexchaveriat
YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=6DHi-qC1jww
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - Silk - BlacksinCyber Village Interview
https://www.youtube.com/watch?v=go4kkRIwjQ8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 - MKFactor Badge talk
Silk talks badges and more with MKFactor, the badge creators for DEF CON 30.
See more of SIlk's hacker videos at :
YouTube.com/alexchaveriat
YouTube.com/hackerhangouts
https://www.youtube.com/watch?v=A6bFMqx2LpU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 30 Car Hacking Village - Jay Turla - canTot A CAN Bus Hacking Framework
canTot is a cli framework similar to the usage of known frameworks like Metasploit, dronesploit, expliot, and Recon-ng. The fun thing is that it contains fun hacks and known vulnerabilities disclosed. It can also be used as a guide for pentesting vehicles and learning python for Car Hacking the easier way. This is not to reinvent the wheel of known CAN fuzzers, car exploration tools like caring caribou, or other great CAN analyzers out there. But to combine all the known vulnerabilities and fun CAN bus hacks in automotive security.
https://www.youtube.com/watch?v=OBC0v5KDcJg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Impacket Impediments - Finding Evil in Event Logs
In this episode, we'll take a look at the five (5) Impacket exec commands: atexec.py, dcomexec.py, psexec.py, smbexec.py, and wmiexec.py. The goal is to understand what event log residue we should be looking for on the target system, both with standard "out-of-the-box" log configuration, and with additional configurations such as process auditing with command line.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:32 - atexec.py
13:46 - dcomexec.py
19:30 - psexec.py
23:57 - smbexec.py
30:58 - wmiexec.py
36:55 - Recap
🛠 Resources
Impacket Exec Commands Cheat Sheet:
https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet.pdf
Impacket Exec Commands Cheat Sheet (Poster):
https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet_poster.pdf
#Forensics...
https://www.youtube.com/watch?v=UMogme3rDRA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tier 0: Mongod - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Mongod" machine from tier zero of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, mongo (NoSQL) databases and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=xbCrF7b3mEA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read the full article... https://purplesec.us/learn/vulnerability-management-program/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leveraging Bug Bounties for Your Career | Panel
Bug bounty isn't just a way to sharpen you skills and collect bounties. Listen to hackers The_Arch_Angel, none_of_the_above, and Niemand_sec talk to HackerOne Community Director Jessica Sexton about ways to utilize your career as a bug hunter for your future career.
This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas!
Follow The_Arch_Angel: https://twitter.com/ArchAngelDDay
Follow none_of_the_above: https://twitter.com/lean0x2f
Follow niemand_sec: https://twitter.com/niemand_sec
Follow Jessica: https://twitter.com/sgtcardigan
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=gul-DFzibaE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities I've Found: The Fun, the Weird and the Technical | Roni Carta
Roni Carta is a hacker who grew up playing video games becoming engrossed in the idea of creating them himself. Inspired by the master thief Arsene Lupin, Roni has learned to use his skills to outsmart and find creative ways to exploit systems.
This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas!
Follow Roni: https://twitter.com/0xLupin
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=EM2ZNMA3ggg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fuzzing XSS Sanitizers for Fun and Profit | Tom Anthony
In 1998 Tom was arrested for hacking, and was told he was looking at over 270 years in prison. Time for a career change! Tom went on to a life as an academic, earning a PhD in Artificial Intelligence, before starting a career as an SEO consultant (you think telling people you are a hacker is bad -- try telling them you do SEO!). Although nowadays his day job is as CTO of an SEO SaaS business, Tom still has 'the itch.' This took him from being the first person to ever be awarded a bounty for hacking Google's search algorithm, to hitting the news when he tried to join Boris Johnson's cabinet meeting on Zoom, and discovering a few fun bugs along the way.
This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas!
Follow Tom: https://twitter.com/TomAnthonySEO
▼ Keep...
https://www.youtube.com/watch?v=gJGbS8UELGw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking VNC Clients with Evil Servers | Eugene Lim
Eugene Lim hacks for good! He has helped secure products and data from a range of vulnerabilities. He is interested in application security and securing user data through sustainable DevSecOps practices. In 2019, he won the Most Valuable Hacker award at the H1-213 live hacking event in Los Angeles organized by HackerOne, US Air Force, UK Ministry of Defense, and Verizon Media. In 2021, he was 1 of 5 selected from a pool of 1 million white hat hackers for the H1-Elite Hall of Fame.
This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas!
Follow Eugene: https://twitter.com/spaceraccoonsec
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en...
https://www.youtube.com/watch?v=5kWDNVfNAqg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Bug Hunter's Methodology - Application Analysis | Jason Haddix
Jason is the Head of Security for a leading videogame company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before that, Jason had a distinguished 10-year career as a penetration tester and was Director of Penetration Testing for HP. He is a hacker and bug hunter through and through and currently specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children. Jason has presented all over the world teaching ethical hacking, including speaking and keynotes at conferences such as DEFCON, BlackHat, RSA, Rootcon, NullCon, B-sides, and SANS.
This H@cktivitycon...
https://www.youtube.com/watch?v=FqnSAa2KmBI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Submitting High Quality Bug Bounty Reports - Tips from Behind the Curtain | Roy Davis
Roy Davis is a security researcher and engineer with 20 years of pentesting and programming experience.
He has worked on security teams at Zoom, Salesforce, Apple, Barclays Bank, and Thomson Reuters. Roy has presented at several security conferences starting in 2008 to his most recent talk at DEFCON 29. Roy currently manages the Bug Bounty program at Zoom.
This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas!
Follow Roy Davis: https://twitter.com/Hack_All_Things
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=mUYWXRI0WIo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/vulnerability-remediation/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users.
The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID.
More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's on My DFIR Box?
By popular request, this episode provides a walkthrough of the hardware and software I utilize for my digital forensic workstation. While this is probably more beneficial for people new to the DFIR field, I suspect it will still be interesting to a wide range of viewers.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:42 - Windows Subsystem for Linux (WSL) 2
03:18 - Windows Terminal
04:39 - Sysinternals Suite
05:31 - Microsoft PowerToys
06:20 - DCode
07:04 - FTK Imager
07:31 - PST Walker
08:53 - Arsenal Image Mounter
09:35 - Hibernation Recon
10:05 - Kroll Artifact Parser and Extractor (KAPE)
10:42 - NirSoft Tools
11:49 - X-Ways Forensics
12:19 - Eric Zimmerman Tools
14:09 - Chainsaw
14:21 - INDXRipper
14:26...
https://www.youtube.com/watch?v=-xGfzCT6TUQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=hd4dy1jZPS0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Denver 2022 (H1-303)
Check out our highlights from H1-303!
https://www.youtube.com/watch?v=tMqF4f7WR6M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Austin w/ Github 2022 (H1-512)
Check out the highlights from H1-512!
https://www.youtube.com/watch?v=gm2s8IlJW6A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is Vulnerability Management? (Explained By Experts) | PurpleSec
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Ngrok
Additional information can be found at ngrok.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DRIbd9-bXvA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hertzbleed Attack Impacting Intel & AMD CPUs | Security Insights By PurpleSec
In June 2022, a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, have published an article on their website about a new attack they developed called Hertzbleed.
This attack allows attackers to detect variations in the frequency of CPU using something called Dynamic voltage and frequency scaling or DVFS in short, and steal entire cryptographic keys in that way.
Intel's security advisory states that all Intel processors are affected. We have experimentally confirmed that several Intel processors are affected, including desktop and laptop models from the 8th to the 11th generation Core microarchitecture.
AMD's security advisory states that several of their desktop, mobile and server processors are affected....
https://www.youtube.com/watch?v=ta8aOUEGyLc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PACMAN M1 Chip Attack Explained | Security Insights By PurpleSec
The team at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a way to attack the pointer authentication in Apple's M1 chip to execute arbitrary code on Macintosh systems.
The team says that the vulnerability is found in other ARM chips, not just the M1 – but it hasn't yet had the chance to try it against the M2.
In order to get a little closer to this attack and what is the main characteristic and basis of the attack, we have to mention the PAC itself.
Pointer Authentication is a security feature that adds a cryptographic signature to operating system pointers, named Pointer Authentication Code (PAC). This allows the OS to spot and block unexpected changes that may lead to data leaks.
Chapters
---------------
00:00 - Summary Of The Attack
01:00...
https://www.youtube.com/watch?v=qfnV6iwWCY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Hackerwares
Additional information can be found at hackerware.io.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ImZPTNDX1L0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cleartrip Suffers Massive Data Breach | Security Insights By PurpleSec
Cleartrip is a popular travel-booking platform, founded back in 2006 and acquired by Walmart-owned Flipkart in April 2021.
Cleartrip has suffered a massive data breach through what they claim was a “security anomaly” of their internal systems.
Their confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022.
Their current platforms are fully functional and they state that the data breach is being dealt with, technically and legally.
It is also worth mentioning that this isn't the first data breach that Cleartrip has dealt with.
The company also suffered a data breach in April 2017 when Cleartrip's website was defaced by a hacking group called “Turtle Squad ” after they gained unauthorized...
https://www.youtube.com/watch?v=WNQZBhXNYio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - SEKTOR7
Additional information can be found at sektor7.net.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=eqaEunkWTcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maui Ransomware Attacking Healthcare | Security Insights By PurpleSec
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which is claimed to have been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.
In June 2022, the Stairwell research team investigated one of lesser-known ecosystems of Ransomware-as-a-Service, the Maui ransomware.
Maui has been shown to have a lack of several key features which are commonly seen with tooling from RaaS providers, such as an embedded ransom note to provide recovery instructions or automated means of transmitting encryption keys to attackers.
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=csswVeGUgEg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tier 1: Three - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Three" machine from tier one of the @HackTheBox "Starting Point" track; "You need to walk before you can run". We'll be exploring the basics of enumeration, service discovery, directory busting, insecure s3 buckets, aws-cli and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://app.hackthebox.com/starting-point
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=sV9M4LKKT9s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Offensive Security
Additional information can be found at www.offensive-security.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=_Hd6p1do7rw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Write A Penetration Testing Report
This video outlines the importance of penetration testing reports and what makes up a good penetration testing report.
//LINKS
Penetration Test Reports: https://pentestreports.com/
SANS Whitepaper: https://www.sans.org/white-papers/33343/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link...
https://www.youtube.com/watch?v=J34DnrX7dTo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MemProcFS - This Changes Everything
Imagine being able to "mount" memory as if it were a disk image. With a single command, MemProcFS will create a virtual file system representing the processes, file handles, registry, $MFT, and more. The tool can be executed against a memory dump, or run against memory on a live system. This is a game changer for memory forensics!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:42 - Installation
02:41 - Demo
🛠 Resources
MemProcFS: The Memory Process File System:
https://github.com/ufrisk/MemProcFS
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=hjWVUrf7Obk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - BC Security
Additional information can be found at www.bc-security.org.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RCXMqdr2h5k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Nahamsec
Additional information can be found at nahamsec.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=U52MQa4W_JA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Optiv
Additional information about Optiv can be found at optiv.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=FLu-eyHDapk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Conti Costa Rica Ransomware Attack Explained | Security Insights By PurpleSec
On May 8th, 2022 the President of Costa Rica Rodrigo Chaves declared a national emergency due to an ongoing Conti ransomware campaign against several Costa Rican government entities starting in April of this year.
Conti is a prolific ransomware-as-a-service operation that has been infecting and damaging systems since it was first observed in 2020.
Attributed to the threat group called WizardSpider by CrowdStrike in 2019.
The group is also known for TrickBot and the Ryuk ransomware distributed through the ZLoader botnet which we previously reported as shutdown by Microsoft.
Chapters
---------------
00:00 - Summary Of The Attack
00:36 - What Happened?
01:13 - New & Novel Techniques
02:06 - The Ransom Demand
02:39 - Impact Of The Breach
03:04 - Preventing Ransomware Attacks
03:52 - Wrapping...
https://www.youtube.com/watch?v=hW3t36YG2s8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vote for 13Cubed! #Shorts
❤️ Vote for 13Cubed in the 2022 Forensic 4:cast Awards!
https://forms.gle/nRDGNP2qeEVPPyPj6
https://www.youtube.com/watch?v=oepwM6cEOxs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Virtual Hacking Event Recap: PayPal 2022 (H1-2204)
Check out highlights from H1-2204!
https://www.youtube.com/watch?v=MPV6PgbvkME
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of an NTFS FILE Record - Windows File System Forensics
In this episode, we'll talk about the structure and composition of an NTFS FILE record. Then, we'll take a look at a sample record for a resident file and learn how to manually extract the important attributes.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:08 - Analysis
🛠 Resources
Anatomy of an NTFS File Record (Cheat Sheet):
https://www.13cubed.com/downloads/ntfs_file_record.pdf
Everything I know about NTFS (primary reference for this episode):
https://kcall.co.uk/ntfs/
010 Editor:
https://www.sweetscape.com/010editor/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=l4IphrAjzeY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Performing Web Searches From Your Terminal
How to perform web searches from your terminal with Oh My Zsh.
Oh My Zsh: https://ohmyz.sh/
How to setup Oh My Zsh: https://www.youtube.com/watch?v=njDuayF9Q6k
Web Search Plugin: https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/web-search/web-search.plugin.zsh
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN...
https://www.youtube.com/watch?v=64TlFUnPiz4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Got Started In Cybersecurity
In this episode of the CyberTalk Podcast, I outline my journey to becoming a penetration tester and go over the key milestones in my career and how they eventually paved the way to becoming a cybersecurity professional.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5
Get...
https://www.youtube.com/watch?v=87aOIeG3AVM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Use Bug Bounty to Help Your Career!
So I've now had a job it security, whooo, but what did I learn? Well I spoke to a lot of people who hire for jobs and wanted to tell you what I learned when it came to career planning and how I leveraged my bug bounty knowledge to get that security job!
Sponsored by Detectify, find out more at: https://detectify.com/haksec
- Social Media -
Discord: https://insiderphd.dev/discord
Patreon: https://www.patreon.com/insiderphd
Twitter: https://twitter.com/insiderphd
https://www.youtube.com/watch?v=qhzthf-Ssow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My API Testing Automated Toolbox
APIs in the real world are huge, especially on large scope programs. In this video I share with you my top tools I use when testing and what I have in my toolbox. I tried to make this one short, but I really want to present a full methodology so you know what each tool does and how I use it to actually find bugs.
- The Tools -
Recon: Amass, Lazyrecon, webscreenshot, BBHT
API Enumeration: Kiterunner, fuff, Axiom, TomNomNom Wordlist method, inQL
Vulnerabilities: Autorize, logger++, SQLMap, NoSQLMap, JWT_Tool, Burp
- Social Media -
Discord: https://insiderphd.dev/discord
Patreon: https://www.patreon.com/insiderphd
Twitter: https://twitter.com/insiderphd
https://www.youtube.com/watch?v=5qSq1S2sRC8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Escalating Your Bugs With GDPR Impact
GDPR was a landmark piece of data privacy legislation that was passed in the EU, it offers a ton of security for EU citizens, but it also puts some pretty stringent requirements on organisations which process this data. For bug bounty hunting this is great, we can really prove and explain the impact of our bugs, netting us higher bounties!
Did you know this episode was sponsored by Intigriti? Sign up with my link http://go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
This month as a thank you for bearing with me as I get back into video making we're doing a giveaway! To win one of the following prizes please enter via a comment...
https://www.youtube.com/watch?v=7JiOqXIZHy0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Easy IDOR hunting with Autorize? (GIVEAWAY)
I've said it once and I'll say it again APIs are some of the best applications to hunt on, and now I've worked at a platform I have some data to back me up that IDORs are fantastic first bugs and they are EVERYWHERE! But, when we test a real API vs a lab or CTF there are so many endpoints and resources and stuff to test, so what if we could make IDOR hunting easier? What if we could automate it? Well this is what Autorize is designed to do! This free Burp extension allows us to automatically make a second request to test if our attacker account can do something to affect our victim. It's such a useful tool to have installed I 100% recommend it especially if you're a beginner.
Did you know this episode was sponsored by Intigriti? Sign up with my link http://go.intigriti.com/katie I'm so pleased...
https://www.youtube.com/watch?v=2WzqH6N-Gbc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Try Hack Me: Advent of Cyber 2021 - Day 3
Play this TryHackMe Room with me https://tryhackme.com/room/adventofcyber3
Hi everyone, something a bit different this week, I've worked with TryHackMe to produce a little walkthrough of their day 3 challenge, don't worry if you've not started it's only day 3 and you can totally catch up! If you're not already using TryHackMe it's a CTF/learning platform for learning a bunch of security topics, and if you're used to learning in school you'll probably vibe really well. There are distinct learning paths that they take you through and each one is a little tutorial with some questions at the end. It's really affordable and has a student discount. Full disclosure: This video was not paid for by TryHackMe, I just like the website and said yes when they asked for some help with making videos. They...
https://www.youtube.com/watch?v=8dUylKcDUvU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Power of Social Engineering by Mishaal Khan
Speaker: Mishaal Khan
Often times we hit a wall in our pentesting engagements. Sometimes all you need to do is ask! I'll go over a few real life scenarios where a bit of social engineering compromised an entire organization, made the difference between a successful and failed spear phishing campaign and how this super power is used to control a difficult situation, steer the outcome and get what you want. Recon, OSINT, planing, framing, ethical hacking, and reading expressions and body language all are components of this super power.
The Red Team Village track at Hacktivitycon2021
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xRnVzafXZjQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Writing Better Vulnerability Reports - Nikhil Srivastava
Speaker: Nikhil Srivastava
This Talk will covers all about how to write better vulnerability reports ranges from title, description, impact, CVSS, steps to reproduce and recommended fix to help individuals doing triage to quickly assess the reports.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=h2bFLkML_cc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PEzoNG: Advanced Packer For Automated Evasion - Dimitri Di Cristofaro - Giorgio Bernardinetti
Title: PEzoNG: Advanced Packer For Automated Evasion On Windows
Speakers: Dimitri Di Cristofaro and Giorgio Bernardinetti
A fully undetectable (FUD) executable is a highly coveted goal in cybersecurity field, especially in the case of Red Teams. In this talk we present the design and implementation of PEzoNG, a framework for automatic creation of FUD binaries in a Windows environment.
PEzoNG features a custom loader for Windows binaries, polymorphic obfuscation, a payload decryption process and a number of anti-sandbox and anti-analysis evasion mechanisms - in particular we present a novel userland unhooking technique. In addition, the custom loader supports a large amount of Windows executable files, and features stealth and bleeding-edge memory allocation schemes. Finally we show the...
https://www.youtube.com/watch?v=RZAWSCesiSs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentest Collaboration Framework - Ilya Shaposhnikov
Title: Pentest Collaboration Framework
Speaker: Shaposhnikov Ilya
Pentest Collaboration Framework. It's analogue of such utilities as Dradis and Faraday, but it is open source( free), portable (sqlite3) and cross-platform (python v3.9).
The main task of the utility is to create a workspace for penetration testers/red teams to join all information about projects: hosts, hostnames, ports, notes, chats, issues, networks and more! Moreover you can export this information as: word, raw txt or defined variables only with user-defined templates.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=bcNa-ZtcphE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploitation with Reverse Shell and Infection with PowerShell using VBS
Title: Exploitation with Reverse Shell and Infection with PowerShell using VBS
Speaker: Filipi PIres
The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this presentation brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain the access inside the victim's machine and after that performing a Malware in VBS to infected the victim machine through use some scripts in PowerShell to call this malware, in our environment bypassing some components and engines, such as: Malware Protection - Associated IOC (Command entered in script), Suspicious Processes, File System Access, Suspicious Processes, Suspicious Scripts...
https://www.youtube.com/watch?v=73f6Jei3W8M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSH Tunnels: Creating Reverse Proxies and Evading Network Detection - Cory Wolff
Title: SSH Tunnels: Creating Reverse Proxies and Evading Network Detection
Speaker: Cory Wolff
SSH tunneling is a valuable component of the red teamer's toolkit when used correctly - but that's the hard part. Demystifying reverse port forwards, local port forwards, and dynamic port forwards can be a challenge for any operator.
This talk will begin with the basics of SSH tunneling and then focus on ways to utilize them to create reverse proxies and evade network monitoring during an engagement. It aims to provide clarity on the use of these different port forwards and provide examples on how to use them in an offensive security scenario.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=BQQKO-MC1-U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Is Social Engineering Effective? (Expert Explains) | PurpleSec
We interview Darius Burt, who is a cyber security leader and a frequent voice in the community on all things social engineering.
During the interview Darius answers our burning question:
Why does social engineering work?
What You'll Learn:
- How human psychology is connected to social engineering.
- What personality types are most vulnerable to social engineering attacks.
- Three newer social engineering tactics in use by threat actors.
- How businesses can educate employees of the latest attacks beyond computer training.
Connect with Darius - https://www.linkedin.com/in/darius-burt-a146b8137/
#SocialEngineering #WhyItWorks #SecurityMaturity
https://www.youtube.com/watch?v=V7O8oeyIwkM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)