How this hacker Hacked NASA in 60 seconds (Real World Tutorial)
Jason is back! Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal
Jason is back showing us his tools and methodology to ethically hack companies and help secure them. In this video he shows us how he hacked NASA in 60 seconds (and how you can learn to do something similar).
Previous Video (Hacking Tesla): https://youtu.be/-jLbRnmGYaA
// Videos mentioned //
* Real world hacking tutorial (Target: Tesla): https://www.youtube.com/watch?v=-jLbRnmGYaA
* I got PWNED ... and so dit you (you're likely in the 12 Billion): https://www.youtube.com/watch?v=4sQ1teIVXw0
// Tools discussed //
https://gist.githubusercontent.com/jhaddix/
https://haveibeenpwned.com/
https://github.com/owasp-amass/amass
https://github.com/projectdiscovery/subfinder
https://github.com/projectdiscovery/httpx
https://github.com/gwen001/github-subdomains
https://twitter.com/gwendallecoguic
https://www.hackspacecon.com/
https://bugcrowd.com/nasa-vdp
//Jason's...
https://www.youtube.com/watch?v=ZpdgqsviAiA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2
Back-to-school cyber tips for students | Hacker Headlines
Note: We had a problem with the previous version, so we had to reupload. Thanks!
Cybersecurity is for all ages! From games to homework and social media, children need to be cyber-safe. Join Infosec's VP of Portfolio Product Strategy, Keatron Evans, as we explore how to keep kids cyber secure as we send them back to school.
Learn more about Hacker Headlines and the Infosec IQ security awareness platform: https://www.infosecinstitute.com/iq/
Request an IQ Demo: https://www.infosecinstitute.com/form/iq-demo/
About the Series:
Cybersecurity is constantly evolving, and continuous training that tackles today's latest threats is needed to keep your organization cyber secure. This is why we recently created our free training series: Hacker Headlines.
Hacker Headlines features Infosec's VP...
https://www.youtube.com/watch?v=2PpjoKCm-9U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
YOU have NO excuse now! (Be like Stefan!)
Be like Stefan! No excuses! Get certified and change your life.
Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to https://juniper.net/davidbombal to get lots of training and also learn how to get certified for (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL
// FREE training //
Lots of free courses: https://juniper.net/davidbombal
// Juniper links mentioned //
Coures: https://juniper.net/davidbombal
Community: https://community.juniper.net/home
// Stefan's SOCIAL //
LinkedIn: https://www.linkedin.com/in/sfouant
X / Twitter: https://www.twitter.com/sfouant
Website: Shortestpathfirst https://www.shortestpathfirst.net/
Youtube: https://www.youtube.com/c/ShortestPathFirst
//...
https://www.youtube.com/watch?v=775JuquJBlM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Run ANY Linux Program In Memory
Check out DDexec: https://github.com/arget13/DDexec
Carlos: https://twitter.com/hacktricks_live
Yago: https://twitter.com/arget1313
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=7dc29U9DeIE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SANS Threat Analysis Rundown (STAR) | Live Stream
In this month's STAR Livestream, Katie Nickels will be joined by Amitai Cohen of Wiz to discuss his team's recent research into Microsoft's latest Storm-0558 findings about the acquisition of a signing key that enabled illicit access to Exchange and Outlook accounts. Amitai will share key findings about this incident and what cloud defenders should learn from it.
Learn more about
Katie Nickels:
https://lnkd.in/g7WGak8v
https://lnkd.in/dbrShUqT
https://lnkd.in/gNVDh2gW
FOR578: Cyber Threat Intelligence
https://lnkd.in/diRrt3pA
Twitter: https://twitter.com/AmitaiCo and https://twitter.com/wiz_io
LinkedIn: https://www.linkedin.com/in/amitaico/ and https://www.linkedin.com/company/wizsecurity/
#malware #apt #cyberthreat #cyberthreatintelligence #analysis #OSINT #DFIR
https://www.youtube.com/watch?v=khywfhJv4H8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Congrats to the Infosec IQ content team! | Security awareness training
Work Bytes, the latest security awareness training from Infosec IQ, has won more than any other cybersecurity training series ever.
Learn more about Work Bytes here: https://www.infosecinstitute.com/iq/work-bytes/
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
https://www.youtube.com/watch?v=OzYTdcUgwiU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incorporating charitable investment into your cybersecurity career | Cyber Work Podcast
Leslie Lynn Smith is the National Executive Director for GET Cities. Smith provides practical advice for cyber and tech professionals for ways to incorporate charitable investment and assistance into your career at any point in the cycle, whether you have thousands to invest, or even a hundred or less!
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home....
https://www.youtube.com/watch?v=7P3dSTp65DY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux vs Windows (why doesn't this work?) #shorts #linux #windows
#linux #kalilinux #windows
https://www.youtube.com/watch?v=1AwVAhkD3mQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Which Visual Studio Code Extensions Can Be Hacked?
https://jh.live/snyk || Try Snyk for free and find vulnerabilities in your code and applications! ➡ https://jh.live/snyk
Snyk's 2023 State of Open Source Security Report: https://jh.live/snyk-report
VSCode Extensions & Vulnerabilities Sheet: https://docs.google.com/spreadsheets/d/12GIzrSzzU-_Ok4pPigUJYSxKO2ZYSmDwr1OJy6T2X40
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=1zGwA1qMGvM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insider Threats Packing Their Bags With Corporate Data
What if your organization could discover which of your employees are exfiltrating data prior to leaving? The 2020 Securonix Insider Threat Report found that 60% of Insider Threats involve "Flight Risk" employees planning to leave. While we know this is a problem, it has been tough to solve, especially as cloud services proliferate and personal vs. business traffic becomes more challenging to separate. In this talk, we will discuss the indicators we have used in a large production environment to find employees that are exfiltrating data before they leave.....
By: Colin Estep , Dagmawi Mulugeta
Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/briefings/schedule/#insider-threats-packing-their-bags-with-corporate-data-31111
https://www.youtube.com/watch?v=uvtlU3sQ5fw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hand Me Your SECRET, MCU! Microarchitectural Timing Attacks on Microcontrollers are Practical
The discovery of Spectre and Meltdown has turned systems security upside down. These attacks have opened a novel frontier for exploration to hackers and shed light on the untapped potential of hidden transient states created by shared microarchitectural resources. Since then, we have witnessed the rise of a plethora of effective software-based microarchitectural timing side-channel attacks capable of breaking and bypassing the security (isolation) boundaries of numberless processors from mainstream CPU vendors (Intel, AMD, Arm). Notwithstanding, one class of computing systems apparently is resilient to these attacks: microcontrollers (MCUs). MCUs are shipped in billions annually and are at the heart of every embedded and IoT device. There is a common belief that MCUs are not vulnerable to...
https://www.youtube.com/watch?v=xso4e4BdzFo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Women with imposter syndrome in cybersecurity | Cyber Work Podcast
Leslie Lynn Smith is the National Executive Director for GET Cities. Smith wants women to stop buying into “imposter syndrome” in executive situations. As she puts it, if you hear it called Imposter syndrome, ask yourself: who are you trying to impersonate if not yourself?
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune...
https://www.youtube.com/watch?v=alUVMlaWcSg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Explored Ransomware Cybercrime on the Dark Web
https://jh.live/flare || Know your exposed attack surface, track threat intelligence and set alerts for your own info leaked in the dark web with Flare! Try a free trial and see what is out there: https://jh.live/flare
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=seB4a3Oph34
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actor Tool Analysis at Enterprise Scale | Host: Ryan Chapman | September 19, 2023
The more we learn about the tools that threat actors use — from discovery/enumeration tools all the way through ransomware payloads — the better we can understand how to detect, hunt, and prevent these actors from accomplishing their goals.
In this episode of Wait Just an Infosec, join hosts Ryan Chapman and Mari DeGrazia as they welcome reverse engineer and threat hunter Silas Cutler for a heated discussion. Have your physical notepad and/or notepad.exe ready to go, as this chat will provide an informative session on how you and your organization can become more proactive in the identification and analysis of these threats.
Learn more about Wait Just an Infosec: sans.org/wjai
#WJAI #WaitJustanInfosec #Infosec #Ransomware #RansomwarePayloads #ThreatActors #ThreatHunting
https://www.youtube.com/watch?v=bBqN889c2TY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Casinos Hit In (Possibly Related?) Cyberattacks - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
2FA cloud backups lead to a hack, Microsoft AI devs leak sensitive data, and multiple casinos are hit in cyberattacks! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/oGwCrOl6r7U
Chapters:
00:00 2FA Backup Leads To Hack
03:58 AI Devs Leak Data
06:05 Casinos Hit With Hacks
Links:
Resources...
https://www.youtube.com/watch?v=oGwCrOl6r7U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacked on National Television
In 2021, Swedish national television (SVT) aired a six-part TV series called "Hacked" where 4 professional hackers set out to hack into the private assets of normal people, celebrities, and companies. They had all agreed to participate in a cyber security experiment but were unaware of what exactly was going to happen. Linus was one of the 4 hackers in the TV series and in this talk, he is going to talk about some of the highlights that were seen on-screen as well as behind the scenes.
Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/briefings/schedule/#hacked-on-national-television-30458
https://www.youtube.com/watch?v=_4GBTTP9g3U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grand Theft House: RF Lock Pick Tool to Unlock Smart Door Lock
Recently, many people have installed smart door locks in their homes and offices, as a way to maximize convenience and security. The wireless link provides a simple and convenient connection to the doorlock from anywhere in the IoT-covered area. As RF wireless technology makes our lives more convenient, there have been a lot of security threats and the resulting enhancement in the past decade. The threats remain clearly unresolved due to the vendor's lack of insight into the proprietary RF protocol security.
We will provide an in-depth analysis of the implementation of smart door locks and their vulnerabilities on secure rolling code algorithms which use advanced encryption standard (AES) and its cipher-based message for RF transmitter authentication....
By: Seokhie Hong , Kwonyoup Kim ,...
https://www.youtube.com/watch?v=QwaoIaCON4w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leveraging Digital Footprints for Darkweb Investigations and Attack Surface Management
The talk will cover topics comprising threat intelligence research, Darkweb investigations/monitoring, Locating APT Groups, ICS Reporting, Threat Intel Feeds, Locating Data Breaches, Fraud Investigation/Monitoring, Crimeware Intelligence Reporting, and more. Participants will get a practical approach to different case studies and daily operations of a CTI Analyst as well as techniques and approaches on leveraging Open source for operating threat intelligence/risk advisory tasks. Will be sharing my experience and case studies with intelligence agencies and law enforcement on tracking a particular APT, scam scenario. While examining threat actors on the dark web the significance of connecting surface web footprints. In the end Pros and Cons in this field as well as career-based advice for starting...
https://www.youtube.com/watch?v=DzmwP3Izd7Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaching the Depths of the Abyss: Exposing Rootkits and Bootkits
In the vast ocean of cyber threats, bootkits and rootkits are the stealth enemy lurking beneath the surface, silently infiltrating systems and evading detection. These advanced malware types embed themselves deep within the foundations of compromised systems, making detection and removal as challenging as locating a submerged enemy submarine. In this talk, we will dive into the depths of bootkits and rootkits, exploring their inner workings and the techniques they employ to maintain a firm grip on their targets. We will begin with an overview of the key differences between bootkits and rootkits, highlighting how they navigate the abyssal zone of system boot processes and kernel exploitation. We will examine the tactics used by these malware types to stay hidden from security controls. To provide...
https://www.youtube.com/watch?v=fhtFa-jFfVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Registry Forensics: There's Always Something New
Windows Registry analysis is fundamental to forensics, but are your tools on a strong foundation? We wanted a fast, cross-platform library for parsing registry hives with full support for transaction logs, but nothing was available. So, we wrote our own in Rust and open-sourced it! We'll show you how to use it with real DFIR use cases and how to integrate it with TimeSketch, Excel, and other tools. Finally, we'll use it to dive deep into Shellbags and uncommon extension blocks, dispel some dangerous myths about what they say about user behavior, and show how to build a defensible timeline from the last written timestamps of Shellbag keys.
SANS DFIR Summit 2023
Speakers:
Shane McCulley, Senior Software Developer, Aon
Kimberly Stone, Director, Aon
View upcoming Summits: http://www.sans.org/u/DuS...
https://www.youtube.com/watch?v=HO0TbQHfYwg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defending and Investigating Hypervisors
Bare metal hypervisors hosting virtual machines are used to run IT infrastructure by most of the organizations. Threat actors continue to target these hypervisors, sometimes to perform at scale encryption and other times to maintain covert persistence. Based on experience gained from investigating a variety of such attacks targeting organizations, this talk will detail the attack surface of some of the popular hypervisors like VMWare ESXi, how threat actors target them, how defenders can secure them and how post-incident investigations can be performed. The focus of this talk is to share a practical investigation approach for hypervisor compromises, based on logs available, and evidence created during common attack scenarios. We will discuss an investigation approach and evidence created during...
https://www.youtube.com/watch?v=lJwc_UgzbO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Effectively Investigate a Human-Operated Ransomware Attack
One of the most common types of attacks modern incident responders face is human-operated ransomware. There're quite a few challenges you may deal with during investigation: many pieces of valuable data are encrypted, threat actors still have access to the compromised environment, no proper logging... This talk will help you to effectively investigate such attacks using only default artifacts available in any network.
SANS DFIR Summit 2023
How to Effectively Investigate a Human-Operated Ransomware Attack in a Network Without Advanced Security Solutions & Logging
Speaker: Oleg Skulkin, Head of Cyber Threat Intelligence, BI.ZONE
View upcoming Summits: http://www.sans.org/u/DuS
https://www.youtube.com/watch?v=_2mpW17UkLc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iOS Advanced Recovery: Looking for Deleted Evidence of WhatsApp Activities
System type extraction, we will proceed with the analysis of the databases of both Apple Photos and Cloudkit-related artifacts to search for evidence related to the exchange of WhatsApp messages in order to verify the original presence of deleted communications and to attribute the receipt or sending of a file to a particular contact.
SANS DFIR Summit 2023
Speaker: Luca Cadonici, Digital Forensics Examiner, European Forensic Institute
View upcoming Summits: http://www.sans.org/u/DuS
https://www.youtube.com/watch?v=-BwlRs5JXjY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hunting C2 Beaconing at Scale in the Modern Age
As organizations continue to adopt new applications and services, more network traffic is beginning to resemble beaconing activity. Furthermore, threat actors employ domain fronting and malleable profiles to make their C2 traffic look normal. As a result, it becomes increasingly difficult to distinguish malicious traffic from benign traffic. In this talk, I will explain the difficulties and demonstrate a new method for effectively identifying malicious beaconing traffic at scale. I will also release the Jupyter Notebook I have developed.
SANS DFIR Summit 2023
Speaker: Mehmet Ergene, Security Researcher & Data Scientist, Binalyze
View upcoming Summits: http://www.sans.org/u/DuS
https://www.youtube.com/watch?v=UsDqAQs9WFQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating a WSA Endpoint
This session will cover:
-Overview of unseen & new artifacts left/generated by WSA on a windows endpoint.
-Challenges from DFIR perspective about the usage of WSA.
-The proposed solution to the challenges.
-Tools and techniques used to analyze the artifacts of WSA (including Windows artifacts & hunting manually).
-WSA vs Android Device (similarities and dissimilarities).
-Can WSA be used for nefarious purposes or to gain persistence on a Windows endpoint?
SANS DFIR Summit 2023
Speakers:
Bhargav Rathod, Security Analyst, Salesforce
Debasis Parida, Security Researcher
View upcoming Summits: http://www.sans.org/u/DuS
https://www.youtube.com/watch?v=obdM90cu_sc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Today, Old Tomorrow? Emerging Technology Forensics
The field of digital forensics and incident response (DFIR) is fast-paced and ever-evolving. The view of a single computer for an investigation was quashed long ago, every investigation now involves multiple devices and systems spread over large digital ecosystems. Globally, the average of number of devices per individual has increased, on average, from 2.4 to 3.8 in the period 2018 to 2023. New technology and systems are continually released with the potential to hold artifacts relevant to an investigation. This technology now sees an increasing synergy with a user, including the implantation of devices to assist with medical problems and to track general health, and within vehicles for increased personalized driving experiences and integration of technology. As emerging technology becomes...
https://www.youtube.com/watch?v=IVjwX2RjD38
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
All I See Are Strange Clouds
This presentation will provide a deep dive into the "other clouds" - cloud providers that are not as well-known as the big three, Microsoft Azure, Amazon AWS, and Google Cloud. While these providers may not receive as much attention, they still hold a wealth of data that can be incredibly valuable for forensic investigations. Throughout the talk, attendees will learn about the various types of forensic artifacts that can be found within these clouds. This includes log files, user data, network traffic, and more. Additionally, the presentation will cover the methods for accessing and interpreting this data, as well as the challenges and limitations of conducting investigations in these environments. The "other clouds" can provide a wealth of forensic evidence that can be used in investigations....
https://www.youtube.com/watch?v=mn4CgrV7UiE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Differential File System Analysis for the Quick Win
Mature DevOps organizations use continuous integration/continuous delivery (CI/CD) techniques to deliver a hardened virtual machine "gold image" to production that does not need any additional configuration on first boot and is ready to join the cluster of virtual machines in the backend pool of its designated load balancer. This approach offers several significant security advantages, but it can also speed up the time to do a forensic analysis when Differential File System Analysis is employed. Differential File System Analysis is a technique wherein the storage volume(s) of a VM launched from a gold image are mounted read-only to a forensic workstation and are used as a basis for comparison against the forensic copies of the storage volume(s) of a VM that is suspected to be compromised....
https://www.youtube.com/watch?v=s9bGBDAKXAQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Direct Handling of AWS Snapshots: Reading Files in a Snap!
This presentation examines contemporary approaches to analyzing AWS snapshots and then switches to a particular focus on utilizing Elastic Block Storage (EBS) APIs to implement Read/Seek capabilities on top of snapshots, resulting in a novel analysis method. This new method can easily be used to help triage AWS snapshots by directly accessing the data within the snapshot itself. The practical implementation of this technique will be demonstrated (in Rust) to showcase how data within a snapshot can be directly accessed and handled without having to overlay or download the entire snapshot. Furthermore, open-source tools will be provided to facilitate the adoption of this cutting-edge approach. We will conclude by discussing other quick wins that could be achieved by utilizing this method.
SANS...
https://www.youtube.com/watch?v=MKaCrhDiQrc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Search Index: The Forensic Artifact You've Been Searching For
For examiners investigating cyber-crimes on Windows endpoints, the Windows Search Index artifact can reveal information about a user's Internet history, emails, file interactions, and even deleted user files. Originally created as a tool to enable searching for user files across the Windows operating system, the Windows Search Index as a forensic artifact provides insight into file existence and user activity. In this presentation, we will discuss how the Windows Search Index can be used as a source of evidence in DFIR investigations. This presentation will provide an overview of the data recorded in the Windows Search Index by default and user actions that trigger modifications of the index. Next, we will introduce the structure of the index in Windows 10 and prior, and how it has changed...
https://www.youtube.com/watch?v=X4WTcRdIDAM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I control YOUR computer now! #shorts #windows #microsoft
You can buy the O.MG adapter here (affiliate link): https://davidbombal.wiki/gethak5
#wifi #iphone #windows
https://www.youtube.com/watch?v=PG7M7AkwNHs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VLOG from @DEFCONConference! 🙌🏼🙌🏼
https://www.youtube.com/watch?v=-UZ14a78mTY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#iphones getting hacked at #defcon!
https://www.youtube.com/watch?v=uaB_RQTNdgE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fuzzing the Native NTFS Read-Write Driver (NTFS3) in the Linux Kernel
In 1993, Microsoft introduced the proprietary NTFS with Windows NT 3.1. Over two decades later, the full-fledged NTFS native driver, dubbed NTFS3, contributed to the Linux 5.15 kernel in late 2021 by Paragon Software. As a new and complicated subsystem in the Linux kernel, NTFS3 is a good target for hackers and security researchers. Based on that, we started using system call fuzzers (e.g., syzkaller, Trinity, etc.) for identifying vulnerabilities in NTFS3. However, as shown in previous context-aware fuzzing efforts, we need a more efficient way to skip invaluable paths generated by the random mutation.
We chose to leverage and improve the context-aware file system fuzzer, Janus, to fuzz NTFS3.....
By: Edward Lo , Chiachih Wu
Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/briefings/schedule/#fuzzing-the-native-ntfs-read-write-driver-ntfs-in-the-linux-kernel-31229...
https://www.youtube.com/watch?v=n62uFd47F30
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forward Focus – The Impact of Artificial Intelligence
Artificial Intelligence (AI) has the potential to revolutionize cybersecurity by enhancing detection and response capabilities, automating routine tasks, and identifying threats that are invisible to humans. However, AI also poses significant risks, including the potential for attackers to use AI to develop more sophisticated attacks and evade detection. Panelist will explore how AI can be used to improve cybersecurity, the ethical considerations of using AI in security, and how to manage the risks associated with AI-powered security systems. Additionally, the panel will discuss the future of AI and cybersecurity and the role the InfoSec community and policymakers can have in shaping the development and use of AI in security.
By: Maxine Holt , Marina Krotofil , Tara Seals , Fyodor Yarochkin...
https://www.youtube.com/watch?v=A7FxxuHV0Jk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity investment and launching new companies | Guest Leslie Lynn Smith
Leslie Lynn Smith is the National Executive Director for GET Cities. GET stands for Gender Equality in Tech. Today's episode will move away from standard cybersecurity and IT insights in favor of a larger look at investment opportunities for tech startups, and where and on who we spend investment capital. Smith is a multi-decade authority on state- and city-wide community investment initiatives with a lifelong passion for bringing people of marginalized races and genders to the table in fulfilling their tech business dreams. Smith talks about bridging the gap from angel investor money to initial seed, and why the space between the two can sink new startups, the slow, patient process of affecting equitable change at the legislative level, and offers an accelerated way to make IT and cyber...
https://www.youtube.com/watch?v=TFMaY_q0G58
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Look For Virtual Hosts // How To Bug Bounty
Here's the demo from the video
https://app.hackinghub.io/vhost-basics
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=lUUL2dNQI5M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Finding and supporting neurodiverse cybersecurity professionals | Guest Tara D. Anderson
Tara D. Anderson, managing director of Framework Security and an official member of the Forbes Technology Council, walks us through her journey, including her years in the world of finance, opens up about a traumatic event in her life that altered the way she learns and retains information and how her switch to IT and Cybersecurity was an ideal fit. From her days co-founding the consultancy firm Cognitive SLC, an organization whose founders were all neurodiverse, to Framework Security's desire to make protection understandable to small charitable companies and organizations who couldn't bounce back from hacking and theft, Anderson's ethos and vision, from work to the interview process, is a complete inspiration for anyone interested in bringing neurodiverse professionals into their organization....
https://www.youtube.com/watch?v=t6uysc2Qw2c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn
The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
https://www.youtube.com/watch?v=ALPsY7X42o4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Staying Undetected Using the Windows Container Isolation Framework - Daniel Avinoam
The use of containers became an integral part of any resource-efficient and secure environment. Starting from Windows Server 2016, Microsoft released its version of this solution called Windows Containers, which offers either a process or Hyper-V isolation modes.
In both cases, an efficient file system separation should be provided. On one hand, each container should be able to access system files and write changes that will not affect the host. On the other, copying the entire main volume on each container launch will be storage-inefficient and not practical.
In this presentation, we will cover the basics of windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by an actor to bypass...
https://www.youtube.com/watch?v=Cm-zFx6hwzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe Slowik
In March 2023, journalists and investigators released analysis of “the Vulkan files.” Consisting of documents associated with a Russian company working with intelligence and military authorities, the papers revealed a variety of ambitious programs such as “Scan-V” and“Amezit.” Both programs, in the sense that they offer capabilities to acquire, maintain, and task infrastructure for cyber and information operations at scale, are deeply concerning, indicating a significant advancement in Russian-linked network warfare and related actions.
Placing these items in context reveals a far more troubling picture.After reviewing the capabilities of Amezit and Scan-V, we can see glimpses of historical programs in the advertised efficacy of these projects. We will consider other items that...
https://www.youtube.com/watch?v=H7bV_99I7O4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer Attias
Public transportation payment systems have undergone significant changes over the years. Recently, mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using their smartphones or other mobile devices.
The evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation?
In this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app's API, including...
https://www.youtube.com/watch?v=NVnzm-L4a5c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan - byt3bl33d3r
Ever wake up and ask yourself: “Damn, how could I make email security suck even more today”? Tired of your Red Teams phishing emails not landing in your targets inbox?
Do you dislike Boston (the city) and love Satan?
If you answered yes to any of those questions you should come to this talk!
I'll be showing you how to spoof emails from 2 million+ domains (while also “bypassing” SPF & DMARC!) by (ab)using a partnership between Cloudflare and the “biggest transactional email service” on the interwebs. We'll be diving into "edge" serverless applications and the magical world of email security where everything is (still) held up by duct tape, pasta, and marinara sauce. Finally, I'll be dropping code and releasing a tool that demonstrates how to impersonate emails from 2million+...
https://www.youtube.com/watch?v=NwnT15q_PS8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, Jonghyuk Song
Recently, automotive industry is performing USB fuzzing in an inefficient way for automobiles. Usually, fuzzing is performed by commercial media fuzzers, but the fuzzers are not directly connected to the vehicle during fuzzing. So, it requires much manual efforts of testers.
In this talk, we propose efficient way to perform USB fuzzing to actual vehicles. We describe how to perform USB fuzzing to kernel area fuzzing as well as media fuzzing by directly connecting the fuzzer and the car with a USB cable. By this method, we found real-world vulnerabilities in Volkswagen Jetta, Renault Zoe, GM Chevrolet Equinox, and AGL.
https://www.youtube.com/watch?v=W_vQ5s1bB30
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater
It is 60 years since the first publication of the ASCII standard, something we now very much take for granted. ASCII introduced the Escape character; something we still use but maybe don't think about very much. The terminal is a tool all of us use. It's a way to interact with nearly every modern operating system. Underneath it uses escape codes defined in standards, some of which date back to the 1970s.
Like anything which deals with untrusted user input, it has an attack surface. 20 years ago HD Moore wrote a paper on terminal vulnerabilities, finding multiple CVEs in the process. I decided it was time to revisit this class of vulnerability.
In this talk I'll look at the history of terminals and then detail the issues I found in half a dozen different terminals. Even Microsoft who historically...
https://www.youtube.com/watch?v=Y4A7KMQEmfo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Breaking BMC The Forgotten Key to the Kingdom - Alex Tereshkin, Adam Zabrocki
The Baseboard Management Controller (BMC) is a specialized microcontroller embedded on the motherboard, typically used in servers and other enterprise-level hardware. The security of the BMC is critical to the overall security of the system, as it provides a privileged level of access and control over the hardware components of the system, including the ability to perform firmware updates, and even power the system on and off remotely.
When the internal offensive security research team was analyzing one of the NVIDIA hardware, they detected several remotely exploitable bugs in AMI MegaRAC BMC. Moreover, various elevations of privileges and "change of scope" bugs have been identified, many of which may be chained together resulting in a highest severity security issue. During this talk we...
https://www.youtube.com/watch?v=dbJQIQibZQY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep Rodriguez
We conducted a research to assess the current security of NFC payment readers that are present in most of the major ATM brands, portable point of sales, gas stations, vending machines, transportation and other kind of point of sales in the US, Europe and worldwide. In particular, we found code execution vulnerabilities exploitable through NFC when handling a special application protocol data unit (APDU) that affect most NFC payment vendors. The vulnerabilities affect baremetal firmware devices and Android/Linux devices as well.
After waiting more than 1 year and a half once we disclosed it to all the affected vendors, we are ready to disclose all the technical details to the public. This research was covered in the media by wired.com but without the technical details that we can share now...
https://www.youtube.com/watch?v=eV76vObO2IM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - The Art of Compromising C2 Servers A Web App Vulns Perspective - Vangelis Stykas
C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.
While understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.
By exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of...
https://www.youtube.com/watch?v=fMxSRFYXMV0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Defeating VPN Always On - Maxime Clementz
VPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunneled.
We will review the relevant Windows API, the practicalities of this feature, look at popular VPN software; we will then consider ridiculously complex exfil methods and... finally bypass it with unexpectedly trivial tricks. We will exploit design, implementation and configuration issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by...
https://www.youtube.com/watch?v=hUMKg9Xe0Zc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - The GitHub Actions Worm - Asi Greenholts
GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.
In this talk I'll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.
We will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of.
We will then dive down to how GitHub Actions is working under the hood and I'll show you how an attacker...
https://www.youtube.com/watch?v=j8ZiIOd53JU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded Systems - Martin Petran
The CAN bus is a traditional communication standard used (not only) in automotive to allow different components to talk to each other over reliable connection. While one of the primary motivators for CAN bus introduction was to reduce the amount of wiring inside vehicles, it became popular for its robustness, flexibility, and ease of implementation for which it is now used in almost every vehicle.As with any other protocol, it is a well-defined standard that enforces all aspects of the communication from the physical media to the message format and its processing. The formal protocol specifications like this are often seen as the source of the absolute truth when working with various transfer protocols. Such specifications are very strict on the format of the messages that belong to the given...
https://www.youtube.com/watch?v=okrzUNDLgbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - Ringhopper - How We Almost Zero day'd the World - Benny Zeltser, Jonathan Lusky
Last year we almost zero-day'd the world with the publication of RingHopper. Now we can finally share some juicy details and invite you for an illuminating journey as we delve into the realm of RingHopper, a method to hop from user-land to SMM.
We will survey the discovery and disclosure of a family of industry-wide vulnerabilities in various UEFI implementations, affecting more than eight major vendors, making billions of devices vulnerable to our attack. Then, we will deep-dive into the innards of SMM exploitation and discuss methods to use and abuse various functionalities and properties of edk2 to gain code execution. We will unveil both our futile and fruitful quests of crafting our way to SMM, and detail both the paths that lead to dead-ends, and the route to success.
We will give...
https://www.youtube.com/watch?v=u8V4ofWpHZk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 31 - There Are No Mushroom Clouds in Cyberwar - Mieke Eoyang
This presentation will discuss the history of cyberwarfare, highlighting the misconceptions between nuclear deterrence and the nature of cyber conflict. It will shed light on this association in popular culture, including in movies like "WarGames," which influenced then President Ronald Reagan and fed his concerns about potential hacking into U.S. weapons systems. These concerns and other influences helped to shape early perceptions about the cyber domain, which immediately became intertwined with notions of strategic weapons and catastrophic effects. In subsequent decades, continued theorizing about cyberwarfare envisioned strategic cyber attacks that could cause decisive effects, stoking fears of a "Cyber Pearl Harbor." However, the reality is that cyber operations are ephemeral and cyber...
https://www.youtube.com/watch?v=xweVuSEC8ZI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
firmWar: An Imminent Threat to the Foundation of Computing
The global IT supply chain is under a heavy spotlight, amidst covid-impacted production shortages, work-from-home policies, geopolitical tensions, and an overall re-balkanization of technology design and production. The 2020 SolarWinds attacks brought the real-world risk of a supply chain attack to the forefront. More commonly overlooked, however, is the risk posed by enterprise devices and the firmware which controls them. These systems exist in highly privileged areas of the computing industry, and due to both their mission criticality and difficulty in patching are mostly forgotten - but not to attackers.
We'll reveal new research which began with a ransomware group and ended with a significant coordinated disclosure effort to remediate vulnerabilities discovered at the top of the firmware...
https://www.youtube.com/watch?v=io2MCK3M_pw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fireside Chat: Jeff Moss and Gaurav Keerthi
In this fireside chat, Black Hat Founder Jeff Moss sits down with Gaurav Keerthi, Former Deputy Chief Executive, CSA to discuss the ongoing tension between regulating emerging technologies and the drive for innovation in cybersecurity. They also examine the role of government vs the private sector in fostering innovation while also protecting against security threats and addressing privacy concerns. Join this session to learn if government technology regulations save humanity or kill innovation.
By: Gaurav Keerthi , Jeff Moss
Full Abstract and Presentation Materials: https://www.blackhat.com/asia-23/briefings/schedule/#fireside-chat-jeff-moss-and-gaurav-keerthi-33754
https://www.youtube.com/watch?v=ifA3kLv6D2c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Find your unique cybersecurity traits | Cyber Work Podcast | #shorts
Limor Bergman-Gross, founder of LBG Consulting, gives an easy but genuinely brilliant tip for people who are trying to find their course in their career. Many of us don't know what our work or personality looks like to the outside world. So ask someone! Ask them, “what am I good at? What do you think that I do especially well or uniquely?” Whether a manager or a peer, getting this outside perspective can help give you clarity about your own talents and passions!
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance...
https://www.youtube.com/watch?v=JVkhhbZvK6I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Mysterious "Office Hotkey"..
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
https://www.youtube.com/watch?v=fLrA5eBmMwM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity training: Behind the scenes | Infosec IQ Work Bytes
Get a behind-the-scenes look at Work Bytes, the award-winning security awareness training series from Infosec IQ. See what goes into creating security awareness content that is entertaining, engaging and educational.
Watch the Work Bytes trailer: https://www.youtube.com/watch?time_continue=1&v=8ahQnpsrKaM
Learn more about Work Bytes: https://www.infosecinstitute.com/iq/work-bytes/
Get free Work Bytes posters and other free training resources: https://www.infosecinstitute.com/free
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70%...
https://www.youtube.com/watch?v=6kipsgZ9K3w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Engaging the Next Generation of Cybersecurity Professionals: The Power of Security Zines
Security Zines is a unique initiative that uses comics, single-page flyers, and visual presentations to teach about cybersecurity in a fun and interactive way. Our goal is to make learning about infosec, appsec, data security, network security, and other technical topics accessible and engaging for people of all ages and backgrounds. In this presentation, we'll discuss the concept and creation of Security Zines, and share examples of how they can be used to educate and inspire the next generation of cybersecurity professionals.....
By: Rohit Sehgal
Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/briefings/schedule/#engaging-the-next-generation-of-cybersecurity-professionals-the-power-of-security-zines-31062
https://www.youtube.com/watch?v=N8Tfb-WqgIY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
E-Meet (or Emit?) My Keystrokes: How Benign Screen-sharing Meetings Could Leak Typing Behaviors
Have you ever wondered whether screen-sharing could pose a threat to your privacy? Or, perhaps imagine whether it is truly safe to keep your screen-sharing mode active when typing passwords, even if they're masked on-screen?
Think about it: during video meetings, we frequently share our screens, giving our audience a real-time view of the characters and symbols as we type them. Some of us don't even bother to stop the screen sharing mode while typing passwords, believing that since the password is masked (hidden) on the screen, there is no potential threat to our privacy.
However, while this behavior may not matter to human audiences, a computer vision model observing the screen-sharing session can gain a lot of information. It can determine the precise time a certain character is typed,...
https://www.youtube.com/watch?v=gQmOb7GVKQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Combining art and coding | Cyber Work Podcast | #shorts
Brianne Caplan is the founder and executive director of Code Your Dreams, a non-profit that brings knowledge, accessibility and excitement about programming and tech to learners from age 5 to adulthood in underserved communities. Caplan talks about one of the many fun activities that the non-profit group Code Your Dreams provides students in underserved communities, including Python instruction and understanding pixel art to create your own apps. The fact that students can go from no knowledge whatsoever to being able to create a completed program that works has proven to be a big inspiration for coding/tech beginners and has kept them in the program longer, even influencing some to be future Code Your Dreams teachers as well.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
–...
https://www.youtube.com/watch?v=w05FOnbOfSs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUPER Powered USB Adapter? #shorts #iphone #linux
You can buy the O.MG adapter here (affiliate link): https://davidbombal.wiki/gethak5
#wifi #iphone #linux
https://www.youtube.com/watch?v=8yMXA0i-tJk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Pivot Through a Network with Chisel
https://jh.live/7a-john40 || 7ASecurity offers training and penetration tests with a free fix verification -- get 40% off training with JOHN40, 00 off a pentest, or a enter their contest to win a completely FREE pentest! https://jh.live/7a-freepentest
00:00 - Chisel
00:23 - Setup
01:30 - Recon
05:55 - On static binaries
12:44 - Using chisel
14:35 - Put it in reverse
19:22 - Socks Proxy
20:49 - Proxychains
23:12 - HTTP service
27:40 - Forward Shell
32:54 - Final Thoughts
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram...
https://www.youtube.com/watch?v=pbR_BNSOaMk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What do Code Your Dreams participants do? | Cyber Work Podcast
Brianne Caplan is the founder and executive director of Code Your Dreams, a non-profit that brings knowledge, accessibility and excitement about programming and tech to learners from age 5 to adulthood in underserved communities. Caplan talks about all the cool things Code Your Dreams participants get to do, including app development, activism and coding and projects that combine app programming with music, art and even dance!
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and...
https://www.youtube.com/watch?v=WMOjjwfud58
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors
The Android operating system uses intents as its main means of exchanging information between applications. Besides messaging, file exchange is also possible by simply constructing an intent of action ACTION_SEND and using it to forward the desired file as an associated stream to another application. On the other end, the receiving app can define a filter in its manifest to inform the intent resolver to route the forwarded stream to a specific component.
While the sender application can construct an implicit intent and delegate the decision of choosing the target to the user, it is also possible to categorematically define a component of another package and by the time that this is exported, to trigger it by using an explicit intent....
By: Dimitrios Valsamaras
Full Abstract and Presentation...
https://www.youtube.com/watch?v=oZTGR9vJVMQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dirty Bin Cache: A New Code Injection Poisoning Binary Translation Cache
In recent years, Arm processors have become popular on laptops, not limited to embedded devices. For example, Apple announced the Mac transition from Intel to Arm-based Apple Silicon in 2020, which made a big splash. Apple Silicon Mac has Rosetta 2, which enables the execution of Intel-based apps by translating x64 code into Arm64 code. Several researchers have conducted research on Rosetta 2 from a performance perspective. However, to our best knowledge, there is no research on Rosetta 2 from a security perspective.
In this talk, we present a new code injection vulnerability in Rosetta 2. Rosetta 2 stores binary translation results as Ahead-Of-Time (AOT) files, which are cached and reused for the next application launch.....
By: Koh Nakagawa
Full Abstract and Presentation Materials: https://www.blackhat.com/asia-23/briefings/schedule/#dirty-bin-cache-a-new-code-injection-poisoning-binary-translation-cache-30907...
https://www.youtube.com/watch?v=Hi9EJ9np2pk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Classify Malware with YARA
https://jh.live/soc || Join me for the SOC Analyst Appreciation Day! A completely FREE event on October 18th by DEVO! https://jh.live/soc
00:00 - YARA
00:47 - Setting Up
03:10 - Using YARA
04:02 - Writing rules
10:44 - Rule Resources
12:39 - Another Rule Resource
17:23 - YARA Integration
20:09 - Final Resources
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated...
https://www.youtube.com/watch?v=fu71CljrxsU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Privacy Sandbox A Good Thing For Consumers? - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Google enables new ad settings by default, patch your iPhone ASAP, and Microsoft spills the tea on a recent hack! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/0p5vhoV9R00
Chapters:
00:00 Google Enables New Ad Settings
04:11 Update Your iPhone
06:39 Microsoft Tells All
Links:
Resources for...
https://www.youtube.com/watch?v=0p5vhoV9R00
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dilemma in IoT Access Control: Revealing Novel Attacks and Design Challenges in Mobile-as-a-Gateway
From Bluetooth smart locks to item trackers, Mobile-as-a-Gateway (MaaG) IoT devices are everywhere. MaaG IoT devices use mobile devices as gateways to connect to the internet for management. They allow for remote access sharing and revocation, while also providing "offline availability" for enhanced usability. However, in order for these functionalities to be realized, secure cooperation among the cloud service, the companion app, and the IoT device is necessary.....
By: Jiale Guan (Jalon) , Zhiyun Qian , Luyi Xing , Xin'an Zhou
Full Abstract and Presentation Materials: https://www.blackhat.com/asia-23/briefings/schedule/#dilemma-in-iot-access-control-revealing-novel-attacks-and-design-challenges-in-mobile-as-a-gateway-iot-31040
https://www.youtube.com/watch?v=asJ0PPOSsCk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deception at Scale: How Malware Abuses Trust
The attackers actively use techniques to disguise malware files as legitimate, including reliable distribution channels, stolen certificates, hiding malicious files in legitimate applications, or using system tools to deploy malicious activity.
At VirusTotal, we have explored the evolution of these and other techniques. In fact, it was surprising to realize that more than one million signed files were sent in the past 12 months to our service, dozens of legitimate domains belonging to the Alexa Top 1k ranking were used to distribute malware, and there is a growing trend of mimicking legitimate applications when building malware, with Skype, Acrobat Reader, and VLC being the top 3.....
By: Gerardo Fernandez
Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/briefings/schedule/#deception-at-scale-how-malware-abuses-trust-31254...
https://www.youtube.com/watch?v=fmHBiIvkxFc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Code Your Dreams works | Cyber Work Podcast
Brianne Caplan is the founder and executive director of Code Your Dreams, a non-profit that brings knowledge, accessibility and excitement about programming and tech to learners from age 5 to adulthood in underserved communities. Caplan distills the methods, history and goals of her organization, Code Your Dreams.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work...
https://www.youtube.com/watch?v=zKmBNsTGnCI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flipper Zero Bad USB: Phone is no match! #shorts #flipperzero #android
#flipperzero #android #iphone
https://www.youtube.com/watch?v=ExC3TguzIJc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudy With a Chance of Exploits: Compromising Critical Infrastructure Through IIoT Cloud Solutions
The adoption of Industry 4.0 and IoT (IIoT) technologies into industrial business operations has brought great operational and economic benefits, but also introduced new risks and challenges. One of the major risks is the potential for central points of failure (the cloud), which in the industrial remote access scenario can leave many industrial companies reliant on a single IIoT supplier's security level.
IIoT suppliers often provide cloud-based management solutions to remotely manage and operate devices....
By: Roni Gavrilov
Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/briefings/schedule/#cloudy-with-a-chance-of-exploits-compromising-critical-infrastructure-through-iiot-cloud-solutions-31175
https://www.youtube.com/watch?v=yL4lOwo2N8g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bringing coding skills to underserved communities | Guest Brianne Caplan
Brianne Caplan is the founder and executive director of Code Your Dreams, a non-profit that brings knowledge, accessibility and excitement about programming and tech to learners from age 5 to adulthood in underserved communities. Caplan tells some incredible stories, like the women's coding and data analysis group in Burundi, exciting coding projects for students interested in art, music and dance and why her experience inadvertently creating a non-profit company that was incorporated as a for-profit was a learning experience that helped kickstart Code Your Dreams! This one's inspiring, so I hope you'll keep it here for Cyber Work.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes:...
https://www.youtube.com/watch?v=KZJE93vomDE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne's H1-702 Paid .7M To Hackers! (Vlog)
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=8EXf7CtpDBA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux for Hackers Tutorial (And Free Courses)
You need to learn Linux. I've said this for a very long time. Occupy The Web says the same thing - if you want to learn hacking, you need to lean Linux. This is a fundamental skill.
// Juniper Free Training //
Big thank you to Juniper Networks for supporting the community and making this training free (and sponsoring my channel). Go to https://juniper.net/davidbombal to get lots of training and also learn how to get certified for (Associate Level). Use this voucher code to register for your courses: DAVIDBOMBAL
If you have issues with the Juniper registration, please use these links that they gave me:
For Login assistance link https://userregistration.juniper.net/loginassistance
Customer Support link- https://support.juniper.net/support/requesting-support/
// Occupy The Web Books //
Linux...
https://www.youtube.com/watch?v=YJUVNlmIO6E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering With Unicorn Emulation
In this OALABS Patreon tutorial we will learn how to use the Unicorn Emulator to assist with reverse engineering! This is the second part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
Lab Notes
https://gist.github.com/herrcore/1a5af37f91a6f9b263a527c98c7b08bd
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=-CNy4qh08iU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hidden USB Keylogger 😱 #shorts #usb #macbook
You can buy the O.MG plug here (affiliate link): https://davidbombal.wiki/gethak5
#mac #android #iphone
https://www.youtube.com/watch?v=KWGIpczACLw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Windows Memory Is Here!
Announcing the second 13Cubed Training Course: Investigating Windows Memory!
If you've taken Investigating Windows Endpoints (or already have the equivalent knowledge), this is a natural continuation of the content that deep dives into Windows memory forensics. Learn the foundations of how Windows memory is structured, how to acquire memory, how to analyze memory images using Volatility, MemProcFS, and WinDbg, and more!
Purchase the Course Here:
https://training.13cubed.com/investigating-windows-memory
Purchase the Bundle Here:
https://training.13cubed.com/investigating-windows-bundle
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=IIfHov1W2ko
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to quickly find MAC Addresses in Windows 11 (and change them) #shorts
Watch this video for details on how to change your Windows MAC address: https://youtu.be/V3Pcc8b_m0U or by using Python: https://youtu.be/ZIqvGmrw7Tw
#wifi #windows #mac
https://www.youtube.com/watch?v=LNeAP32MFu8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied Ep88: The RISE of the CISO with Merike Kaeo
This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=FklaFGnBEyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Bypass ASLR - Exploit Development 8 - Ekoparty 2019 Challenge
🔥 Learn how to Bypass ASLR in the 8th chapter of our Exploit Development Course
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Full Video Here: https://guidedhacking.com/threads/binary-exploit-development-8-how-to-bypass-aslr.20260/
🔗 Ekoparty 2019 Challenge: https://labs.bluefrostsecurity.de/blog/2019/09/07/bfs-ekoparty-2019-exploitation-challenge/
📜 Description:
In our last video we learned ASLR theory, today we will learn how to bypass ASLR. Even in modern applications, it can still be possible to bypass the ASLR exploit mitigation using techniques such as information leaks via read primitives. This time we are going to bypass ASLR...
https://www.youtube.com/watch?v=nyQ8qFYxvsk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The next iPhone hack coming soon? #shorts
You can buy the O.MG cable here (affiliate link): https://davidbombal.wiki/gethak5
#wifi #ipad #iphone
https://www.youtube.com/watch?v=dHDXFTcYX2Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AT&T Email List Exposed
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle ➡ https://j-h.io/humblebundle
🐶Snyk ➡ https://j-h.io/snyk
🌎Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin...
https://www.youtube.com/watch?v=_rjdAYlYTzk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flipper Zero: How far away can I be for it to still unlock the door?
To address some of the most common comments on this video:
1) No, this is not my house. It's a well known stately home in the UK. With a bit of OSINT work you'll probably find it.
2) A lot of people seem to have missed the distance mentioned in the video. I don't have exact distances, but safe to say it works at just over 60 meters based on Google measurements. I ran out of space at about 65 meters.
3) My test is definitely not scientific and as some people have pointed out, not perfectly done, but I hope you liked the lasers :)
4) Lots of comments about antenna direction - I know ... but what about the lasers! :)
I'll do some more testing with different antennas and arrangements to show differences and affects (however - some of the results of my tests to date may not be what you expect).
5)...
https://www.youtube.com/watch?v=F0UuMv1byJw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Stories (EP1): Hacking An Online Casino
Thanks to bug bounties, I was able to hack into one of the biggest online casinos in the world and in this video I'm going to show you exactly how! Try it out here: https://app.hackinghub.io/feeling-lucky
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking...
https://www.youtube.com/watch?v=2eIDxVrk4a8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flipper Zero Bluetooth Phone Control and Fuzzer & T Rex Install #shorts
#flipperzero #bluetooth #android
https://www.youtube.com/watch?v=DSG-k_t4L1g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Active Directory Kerberoasting
https://jh.live/alteredsecurity || Learn on-premise Active Directory & Azure Active Directory penetration testing and get certified with Altered Security! https://jh.live/alteredsecurity
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble...
https://www.youtube.com/watch?v=tRCvagjqx3c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Install Kali Linux on Windows 11 for FREE
Install Kali Linux on Windows 11 using VirtualBox for free - it's not a difficult install and it's a great way to get started.
Need help? Join my Discord: https://discord.com/invite/usKSyzb
// Other Install Options //
Kali Linux USB Live Boot: https://youtu.be/FYYU9qZ0Pps
Kali Linux Dual Boot: https://youtu.be/2vTVA-Nq0bw
Kali Linux NetHunter Pro: https://youtu.be/i1bDofmvhNw
Kali Linux NetHunter: https://youtu.be/KxOGyuGq0Ts
Kali Linux WSL2: https://youtu.be/mp5DdgZP7ns
Kali Linux Raspberry Pi: https://youtu.be/PqRVo2niA_8
Kali Linux VMware Player: https://youtu.be/W6_nBr8SbPE
Download from here: https://www.kali.org/
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn:...
https://www.youtube.com/watch?v=MPkni85O9JA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Will iPhones soon also be vulnerable to this attack? Bad USB phone cable? #shorts
You can buy the O.MG cable here (affiliate link): https://davidbombal.wiki/gethak5
#wifi #android #iphone
https://www.youtube.com/watch?v=8i2hiEzKXXo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trick Hackers with a Fake User
https://jh.live/pwyc || Jump into Pay What You Can training for Active Defense & Cyber Deception -- at whatever cost makes sense for you! https://jh.live/pwyc
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle...
https://www.youtube.com/watch?v=cwaJznO_g2U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old School MS-DOS Commands for DFIR
In this episode, we'll look at numerous old-school MS-DOS commands from the 80's and 90's that are still very valid and useful today -- even in Windows 11! Learn how to perform complex file searches, change file attributes, view Alternate Data Streams, and more - right from the Command Prompt!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:15 - DIR
03:01 - CLS
03:55 - DIR /A
05:07 - DIR /AH
05:47 - DIR /AD
07:21 - DIR /OD
08:12 - DIR /TC
08:34 - DIR /A/TC/OD
09:26 - DIR /W
10:10 - DIR /S [FILENAME]
11:40 - DIR /S/A [FILENAME]
13:16 - DIR /S/A ?.EXE
14:16 - DIR /S/A ??.EXE
15:11 - DIR /P
16:17 - DIR /S/A [PATTERN]*.??
17:49 - DIR /S/AH ?.EXE
18:52 - CD | CHDIR
20:25 - DIR /R
20:44 - DIR /R/A
21:25 - MORE...
https://www.youtube.com/watch?v=SfG25LmNkT0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering a HWID Spoofer
🔥 Reverse engineering a HWID Spoofer for fun!
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/reverse-engineering-a-hwid-spoofer.20413/
📜 Video Description:
Reverse Engineering a HWID Spoofer
In today's video we will be reverse engineering an HWID spoofer, this started as just a fun idea for a video but we'll end up learning how they work as we analyze the binary. This is a very popular and updated open source HWID Spoofer from SecHex that we'll be looking at.
Hardware ID Spoofers. Oh yes, these much sought after programs are integral to the game hacking and particularly the paycheat industry....
https://www.youtube.com/watch?v=ClqPkffPx5M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Identifying your cybersecurity skills and qualifications | Cyber Work Podcast
Limor Bergman-Gross, founder of LBG Consulting, gives advice for people who have a hard time seeing their own skills and qualifications — just ask others! Seeing how others see you can give you more clarity around the things that you do extremely well, even if you think you're just getting by. This in turn can help you to look deeper into the things that you are passionate about doing and determine where those passions intersect with the things that others see you excelling at.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals...
https://www.youtube.com/watch?v=MHoMgn-ei_k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Social Media Scams: How to avoid them | Hacker Headlines
Social media has become an important part of everyday life. Sharing updates and photos and showing the world who we are. But the more information you share, the bigger target you are for hackers and scammers — this is why it's crucial to prioritize social media safety to protect yourself from potential cyber threats.
In this episode of Hacker Headlines, Infosec's VP of Portfolio Product Strategy, Keatron Evans, covers common scams and social media security tips.
Learn more about Hacker Headlines and the Infosec IQ security awareness platform: https://www.infosecinstitute.com/iq/ f
About the Series:
Cybersecurity is constantly evolving, and continuous training that tackles today's latest threats is needed to keep your organization cyber secure. This is why we recently created our...
https://www.youtube.com/watch?v=i2IlX2a-MjM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to grab WiFi Passwords with only two commands #shorts
#wifi #windows #passwords
https://www.youtube.com/watch?v=eBmO7UOYzR4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From software engineer to career coaching | Cyber Work Podcast
Limor Bergman-Gross, founder of LBG Consulting, talks about her early experiences in management and how her experience with professionals of all different levels and backgrounds helped her make the jump from software engineering to career coaching.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec...
https://www.youtube.com/watch?v=PwVkZ-QFtBc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emulation Fundamentals - Writing A Basic x86 Emulator
In this OALABS Patreon tutorial we will explore how an emulator works by building one ourselves! This is the first part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
The demo Jupyter Lab note can be found on GitHub here...
https://gist.github.com/herrcore/f25bcf55fa10fa8d04effc172eeb63c9
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=HPrqOIdNlrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whiffy Recon Can Track Your Physical Location - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
This malware can track your location, Messenger will soon be encrypted by default, and a financial firm is hit with sim swapping! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/PMlB6eTG8to
Chapters:
00:00 Location Tracking With Malware
02:41 Messenger To Get E2EE
05:08 Financial Firm Hit...
https://www.youtube.com/watch?v=PMlB6eTG8to
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The FBI Disrupted a HUGE Malware Strain
Seriously, huge congratulations to all law enforcement and everyone involved.
FBI Los Angeles announcement: https://www.justice.gov/usao-cdca/pr/qakbot-malware-disrupted-international-cyber-takedown
Release video: https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown
Public affidavit: https://www.justice.gov/d9/2023-08/23mj4251_application_redacted.pdf
Huntress blog: https://www.huntress.com/blog/qakbot-malware-takedown-and-defending-forward
Huntress Vaccine Files: https://support.huntress.io/hc/en-us/articles/12353342482195
https://www.youtube.com/watch?v=tu6FzFfzhF4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Computer could be For Sale on the Dark Web
https://jh.live/flare || You can track down shady sellers, hunt for cybercrime, or manage threat intelligence and your exposed attack surface with Flare! Try a free trial and see what info is out there: https://jh.live/flare
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch...
https://www.youtube.com/watch?v=CYv2vKO8j6c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Powered Wordlist // How To Bug Bounty
I often get asked about how to create a wordlist or to even share my own. So why not create your own wordlist using AI/chatGPT!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=nPZ4VFiIwDM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unity Game Hacking Challenge - "Azusawa's Gacha World" [SekaiCTF]
Video walkthrough for "Azusawa's Gacha World", a [game] reversing challenge from Project SEKAI CTF 2023. The challenge involved memory manipulation with cheat engine (optional), reverse engineering of Unity game code (C#) in dnSpy, some network traffic analysis and HTTP traffic manipulation. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SEKAICTF #ProjectSEKAI #CTF #ReverseEngineering #GameHacking #CheatEngine
You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/sekai_23/rev/azusawas_gacha_world.md 🥰
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b...
https://www.youtube.com/watch?v=R8EnhRDDWFg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 6 | Deconstructing Malware Attacks & Forging a Career in Cybersecurity
In this episode of Intruder Alert, Marcus Hutchins is joined by cybersecurity expert Caitlin Sarian, known for her role as the Global Lead of Cybersecurity Advocacy and Culture at TikTok and her expertise in data protection and privacy compliance. Marcus and Caitlin provide technical insight into the latest US malware attacks and share invaluable advice on breaking into the cybersecurity field.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=2aRgdmTdtK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Find Velocity Address in Cheat Engine - GHS108
🔥 Learn How to Find The Velocity Address In Cheat Engine
👨💻 Courses: https://guidedhacking.com/register/
💰 Patreon: https://patreon.com/guidedhacking
❤️ Social Media: https://linktr.ee/guidedhacking
🔗 Article: https://guidedhacking.com/threads/how-to-find-velocity-addresses-in-cheat-engine-ghs108.20430/
📜 Description:
Finding Velocity Addresses Using Cheat Engine
Sekiro is a game where character movements are vital. Manipulating the velocity might lead to some interesting gameplay possibilities. In this walkthrough, we are going to illustrate how you can get the velocity of your character in Sekiro using Cheat Engine. Although our focus is on Sekiro, keep in mind that this method will work with many other games as well.
📝 Timestamps:
0:00 - Intro to Finding...
https://www.youtube.com/watch?v=jDjXB7atDDM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=my568xKtgLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is your favorite on here?? #favorite #cybersecurity #hacker
https://www.youtube.com/watch?v=KPPH7vJZajQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Does Malware Know It's Being Monitored?
https://jh.live/maldevacademy || Learn how to write modern 64-bit Windows malware and more anti-debugging techniques with Maldev Academy! For a limited time you can use code 'HAMMOND10' to save 10%: https://jh.live/maldevacademy
Previous videos mentioned:
1. Classic Shellcode Loader in Nim: https://youtu.be/vq6wNGYzdDE
2. Using Sliver for Command & Control: https://youtu.be/lMihdys4jw8
3. Permanently Disable Windows Defender: https://youtu.be/81l__vvGnjA
4. Spoof Parent Process ID & CreateToolhelp32Snapshot: https://youtu.be/PAlQp3ioIIA
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware...
https://www.youtube.com/watch?v=5cch_-3NVLk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Protecting Society and the Role of CERT with Tonu
In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=aYCyFDlK7vg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We Hacked An AWS Account. Again.
https://jh.live/halborn || For our last episode in the Cloud and CI/CD series, Ignacio Dominguez (@congon4tor) demonstrates taking advantage of Crossplane to use a Kubernetes cluster administrator to a full AWS admin account takeover! And some personal insights on why you might want to become a cloud security pentester. 😎
This video is released in partnership with @Halborn ! Learn more about their cloud and CI/CD security assessments and what they can offer you: https://jh.live/halborn
00:00 Demo Teaser
00:19 Kick-off with Ignacio and Carlos
01:02 Managing AWS Crossplane & Kubernetes
02:47 Start of Demo (AWS IAM Roles)
04:24 Using kubectl to retrieve Crossplane pods
06:14 Creating our malicious pod
09:07 Using the stolen AWS token to become admin
10:18 Why did you want to focus on cloud...
https://www.youtube.com/watch?v=lTVY01pbMvM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantum Resilient FIDO2 Security Keys - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Malicious APKs Evade Detection, quantum resilient FIDO2 security keys, and a severe WinRAR flaw is disclosed! All that coming up now on ThreatWire. All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/QrAbO5G6UnM
Chapters:
00:00 Malicious APKs Evade Detection
02:26 Quantum Resilient FIDO2 Keys
03:58...
https://www.youtube.com/watch?v=QrAbO5G6UnM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had ChatGPT Analyze My Code
https://jh.live/snyk-ai || Use Snyk for FREE alongside Github Copilot or ChatGPT to generate code fast -- and SECURE! https://jh.live/snyk-ai
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle ➡ https://j-h.io/humblebundle
🐶Snyk...
https://www.youtube.com/watch?v=NPpcW49_ue4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEFCON 31 VLOG
DEFCON 31 vlog covering my first ever Bug Bounty Meetup with @stok, Jason Haddix, John Hammond, and more while covering some of my favorite villages like Red Team Village, Cloud Village, and Recon Village!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking...
https://www.youtube.com/watch?v=79Xw0NHLCMY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Identify File Types - File Format Analysis Tools
🔥 Learn How To Identity Unknown File Types using File Format Analysis Tools
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/how-to-identify-file-types-file-format-analysis-tools.20412/
📜 Video Description:
How To Detect Files Formats
Whether it's an unrecognized file on our desktop or an unmarked binary, our goal is to guide you in determining what these files might be. We will walk you through three significant areas in file identification: General File Identification, Binary Analysis, and Malware Analysis and File Detection. In the intricate field of reverse engineering, file format analysis...
https://www.youtube.com/watch?v=xwpNYpFRLf0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spoof Your Computer
https://jh.live/pwyc || Jump into Pay What You Can training for Active Defense & Cyber Deception -- at whatever cost makes sense for you! https://jh.live/pwyc
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🐱👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
📗Humble Bundle...
https://www.youtube.com/watch?v=7ak6-hCnw0I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android 14 Vs Stingrays - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
40 Million Exposed In a UK cyber attack, Android 14 stops Stingrays, and CPUs across brands are susceptible to hacks! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/FnUDW1E6qcs
Chapters:
00:00 40 Million Exposed In Hack
02:35 Android 14 vs Stingrays
04:34 CPUs Susceptible to Hacks
Links:
Resources...
https://www.youtube.com/watch?v=FnUDW1E6qcs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Hook Steam Overlay Tutorial - 64-bit IMGUI Hook
🔥 Learn How to Hook the Steam Overlay to draw your IMGUI menu
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow our Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/how-to-hook-steam-overlay-tutorial-64-bit-imgui-hook.20422/
📜 Description:
We'll specifically focus on how to hook Steam and Discord overlays, showcasing the step-by-step process using a test environment with a 3D project. Our objective is to make it as simple and efficient as possible while providing valuable insights to improve your skill set. We'll begin by setting up the test environment and preparing the required tools. After that, we'll dive deep into hooking Steam overlay by effectively...
https://www.youtube.com/watch?v=z7zUMieOO98
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing the OMG UnBlocker
https://hak5.org/omg
https://o.mg.lol
Music by @Venjent
https://www.youtube.com/watch?v=MJQ-sgGCmuQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealing Keystrokes With Sound - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Stealing keystrokes via sound, APT31 targets air gapped ICS, and versioning is being used in real world android attacks! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/-gDrgj7AOQg
Chapters:
00:00 Stealing Keystrokes Via Sound
03:04 APT31 Targets Air Gapped ICS
05:44 Versioning Used In Android...
https://www.youtube.com/watch?v=-gDrgj7AOQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne x Red Team Village
Thank you HackerOne for Sponsoring the Red Team Village!
Additional information about HackerOne can be obtained from https://hackerone.com
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=6XzKgYF3kDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
API Hacking With ChatGPT!
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=BTlUEWHRldk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best SysInternals Tools for Malware Analysis
🔥 Learn how to use SysInternals best malware analysis tools
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article: https://guidedhacking.com/threads/best-sysinternals-tools-for-malware-analysis.20411/
📜 Video Description:
Malware analysis, a critical aspect of cybersecurity, leverages tools like Process Explorer within the Sysinternals suite to uncover the behaviors and purposes of malicious software. Malware, ranging from viruses to ransomware, can be better understood and counteracted through the use of Sysinternals, which aids in dissecting and analyzing its complex code. Reverse engineering is a methodology employed in malware analysis,...
https://www.youtube.com/watch?v=fCp2usRXmGg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Hack The Box
Additional information about Hack The Box can be found at hackthebox.eu
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DX61G7v3jvw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Android Malware Can Use OCR To Steal Data - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
This Android Malware Can Use OCR To Steal Data, The SEC Will Require Hack Disclosures in 4 Days, and Almost 1 Million Routers are Vulnerable to Hacks! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/wMRFpzJgbEQ
Chapters:
00:00 Android Malware Uses OCR
03:17 4 Day Limit On Hack Disclosures
06:04...
https://www.youtube.com/watch?v=wMRFpzJgbEQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Meta
Additional information about Meta can be found at meta.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=uizRK9qLsJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 5 | Community Uprising: Unravelling the Reddit Blackout
In the latest episode of Intruder Alert, Marcus Hutchins and Cybrary blue teamer, Marc Balingit, delve into the the uproar around Reddit's blackout. They unravel the intricacies of Reddit's contentious API changes, which have cornered third-party apps like Apollo, sparking a sweeping blackout protest across thousands of subreddits. Furthermore, they explore the impact of Twitch's fresh policy adjustments, which are a threat to streamers' ad revenue, and other news impacting online communities.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=8_CEqpKU8AA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Most Useful Recon Trick
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=zDB-SdT6_FI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
x64 Virtual Address Translation
🔥 Learn How x64 Virtual Address Translation is Performed
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/x64-virtual-address-translation-page-tables.20416/
📜 Video Description:
Virtual memory serves as a key component in the architecture of contemporary operating systems, not excluding Windows. Essentially, it's an ingenious abstraction layer that empowers processes by creating an illusion of a vast, continuous memory block, despite the fact that the actual physical memory is often considerably smaller and shared among numerous processes.
At its core, virtual memory hinges on the idea of address...
https://www.youtube.com/watch?v=W3o5jYHMh8s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOM Clobbering, Prototype Pollution and XSS - "sanity" Walkthrough [Amateurs CTF 2023]
Video walkthrough for "sanity", a web challenge from Amateurs CTF 2023. The challenge involved DOM clobbering, prototype pollution and XSS. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #AmateursCTF #CTF #Pentesting #OffSec #WebSec
You can find my full write-up here: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/amateurs_23/web/sanity.md 🥰
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Amateurs CTF↣
https://ctf.amateurs.team/challs
https://discord.com/invite/gCX22asy65
↢Resources↣
Ghidra:...
https://www.youtube.com/watch?v=AO7CDquZ690
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Buddobot
Additional information about Buddobot can be found at buddobot.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ubVLiJ17Sd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trying to demo the #hacker side without getting 🤐🤐🤐 by the platform. Oops! #cybersecurity
https://www.youtube.com/watch?v=p_OgaSkmBMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack with Katie: Live Session
Join @Bugcrowd for a thrilling live hacking session with Katie
In this engaging and educational webinar you'll have the unique opportunity to watch Katie, an expert hacker, as she demonstrates her skills in real-time. But that's not all! You'll also have the chance to actively participate and hack alongside her in this fun and collaborative stream.
During this interactive workshop session, you can expect:
- To gain valuable insights into the important aspects of ethical hacking
- Discover how to navigate through the vast sea of resources and select the most valuable material to sharpen your skills
- Katie will share her expertise on how to approach a new target for the first time
- She will guide you through the initial steps of reconnaissance and setting the stage for a successful hack
-...
https://www.youtube.com/watch?v=fbgt4YJg_Kk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 85 | Key Takeaways from the Verizon DBIR with Tony Goulding
Join host Joseph Carson and guest Tony Goulding as they break down the annual Verizon breach report. With over 16,000 incidents and more than 5,200 data breaches, there's a lot to look at. Tony and Joe have some great takeaways from this critical annual report and share their expert insights on what's new, what's changed, and what we're not doing so bad at (hint: MFA goes a long way!)
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=luXnfWO_U7I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AV Emulation Detection Tricks Used by Malware
Tricks that malware developers use to detect antivirus emulators and how these differ from the sandbox emulators we use from our recent Twitch stream.
Alexie's Windows Defender research with some insights into the emulation engine used...
https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf
https://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf
https://github.com/0xAlexei/WindowsDefenderTools
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=8jckguVRHyI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing the NEW 🐿 Packet Squirrel
Packet Squirrel Mark II ••• https://hak5.org/products/packet-squirrel-mark-ii ••• Network Interception and Manipulation ••• Man-in-the-Middle Made Easy ••• Powered by DuckyScript™, Bash and Python ••• Deployed with the Flip of a Switch ••• PACKETS GO IN. PACKETS COME OUT. THE REST IS UP TO YOU!
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=hN9tFx5N3uM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is the Cyber Trust Mark? & Major ColdFusion & Microsoft Exchange Hacks Underway! - ThreatWire
YouTube Title: What is the Cyber Trust Mark? & Major ColdFusion & Microsoft Exchange Hacks Underway! - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
What is a Cyber Trust Mark?, ColdFusion is under attack, and Microsoft Exchange suffers vulnerabilities! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/yoVkxZ8JRcQ
Chapters:
00:00...
https://www.youtube.com/watch?v=yoVkxZ8JRcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2023: Forager: New Insights Into Leaked Secrets | @InsecureNature
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=LfP-wDM432U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2023: Context + Questions: How GPT-based AI Will Disrupt Security | @DanielMiessler
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=Jj1P5yz7ocE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2023: Bugs Exposed: Unveiling Effective Strategies for Bug Bounty Programs | @ArchAngelDDay
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=G1RHa7l1Ys4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2023: Hacking Root EPP Servers To Take Control of Zones | @infosec_au
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=ayS6iDAMhms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2023 Going Beyond Microsoft IIS Short File Name Disclosure | @irsdl
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=1U3dY0wOzkc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#NahamCon2023: Securing Open Source Dependencies: It's Not Just Your Code That You Need to Secure
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
JOIN DISCORD:
https://discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
💬 Social Media
- https://twitter.com/nahamsec
- https://instagram.com/nahamsec
- https://twitch.com/nahamsec
- https://facebook.com/nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
https://www.youtube.com/watch?v=3oKtaZEoAfU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Los Angeles w/ Amazon
Hackers gather in Los Angeles, California, to partner with the Amazon security team as they work to keep their customers safe.
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=Tvt0ILI2uNg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack you exe's phone? 😂 #podcast #cybersecurity
https://www.youtube.com/watch?v=ufdeWuwsWaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Binary Comparisons for Patch Diffing - BinDiff Tutorial
🔥 Learn how to compare binaries using BinDiff and Diaphora
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/how-to-compare-binary-versions-with-bindiff.20399/
📜 Video Description:
How to Compare Binary Versions with BinDiff
Binary comparison is a crucial process in software development and security, allowing for the analysis and comparison of binary files to detect changes between software updates. This is particularly useful in identifying and rectifying exploits in software code, a process often referred to as patch diffing.
BinDiff is a tool used for binary comparison, widely utilized by...
https://www.youtube.com/watch?v=n06QSoICU6c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Bishop Fox
Additional information about Bishop Fox can be found at:
https://www.bishopfox.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=aopkRkBfkgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC31 - Red Team Village - Optiv
Additional information about Optiv can be found at optiv.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RMaH8T6Qx_s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 84 | The Best of RSAC & Cybersecurity Strategies with Bob Burns
RSAC was the place to be for cybersecurity in 2023, and Joe Carson is joined by Bob Burns to talk all about it. From the sessions that really resonated to the incredible human connections and networking, join Joe and Bob to deconstruct this year's most comprehensive conference. Were you at RSAC this year? Join us in the comments to let us know your favorite session!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=qU40Yg7pfbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting PsExec Usage
In this episode, we're going to look at a variety of methods you can use to determine whether or not a system was the recipient of a PsExec connection. While you may already be familiar with some of these detections, there's a good chance you haven't seen them all!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
03:03 - Demo 1
05:09 - Event Log Analysis 1
09:01 - Demo 2
09:56 - Event Log Analysis 2
10:56 - Shimcache Analysis
15:46 - The Key to Identify PsExec
17:55 - Prefetch Analysis
21:38 - Recap
🛠 Resources
The Key to Identify PsExec:
https://aboutdfir.com/the-key-to-identify-psexec/
Prefetch Deep Dive:
https://www.youtube.com/watch?v=f4RAtR_3zcs
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=oVM1nQhDZQc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV Badge Preview - 2023
Pick yours up now!
https://redteamvillage.square.site/
https://www.youtube.com/watch?v=DSHE3wXIkSA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
InsiderPhD Live Stream
https://www.youtube.com/watch?v=hY_rps_u69U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
vTables for Game Hacking & VMT Hooking
🔥 Learn How vTables are used in Game Hacking & VMT Hooking
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/vtables-for-game-hacking-vmt-hooking.20405/
📜 Video Description:
Welcome to this instructional video presented by guidedhacking, where we take an in-depth look at reverse engineering techniques in game hacking, specifically using C++. Our focus here is a detailed game hacking tutorial in C++, where we illuminate how to bypass anti-cheat systems using V cable swapping, VMT function pointer hooking, and much more.
Kicking off this C++ game hacking tutorial, we provide an insightful explanation...
https://www.youtube.com/watch?v=HfrBdf-hM28
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Finding Your First API Bug (NahamCon 2023)
In case you missed it, here's my NahamCon 2023 presentation, it's a short 20min talk introducing API hacking and how to find your first valid bug by hacking them! It's a whirlwind tour but hopefully inspires you to give API hacking a try!
https://www.youtube.com/watch?v=r9dF9kd9hOo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
YARA Rules for Malware Detection
🔥 Learn How to Write Yara Rules for Malware Detection 🔥
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/how-to-write-yara-rules.20397/
📜 Video Description:
YARA rules were created by VirusTotal in 2013 and are used as a way to create classifications for malware. They work by outlining a set of signatures and conditions and once these conditions are written which state what signatures must be matched then a rule can state what a malicious binary is. These rules are written in YARAs own formatting and is outlined in the documentation. YARA is used by all kinds of anti virus products and is...
https://www.youtube.com/watch?v=zzpz3VYKzUw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-ai-revolution-with-diana-kelley
Everybody's talking about it - the AI revolution is here. But given the rapid evolution in this field, it's hard to keep up with the sweeping effects this technology is causing. Luckily, Joe Carson is joined by longtime AI expert Diana Kelley to shed light on all of these changes. She addresses the many misconceptions and media misrepresentations surrounding AI, breaks down the different forms of this technology, and emphasizes the need for a better understanding of AI's capabilities and limitations. They also discuss the ethical and legal implications that will only become more potent as AI continues...
https://www.youtube.com/watch?v=ow9JszgoC1M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Game Hacking at GuidedHacking.com
🔥 Learn Game Hacking at GuidedHacking.com
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
GuidedHacking.com Review:
Guided Hacking is the only source I could recommend to anyone interested in game hacking. I have been reading all about game hacking over the internet with nothing but confusion. When it comes to such a huge concept, what you need is guidance because without it, you get lost with outdated and unorganized content everywhere.
To be honest I was not expecting the tutorials to be up to date at all since I have seen that it's a 10+ year old website before I decided to give them a try. And it's amazing how careful they are about keeping...
https://www.youtube.com/watch?v=Sd-NphOTHDs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips to Learn Reverse Engineering: Avoid These Common Pitfalls!
How to maximize the return on your time when learning how to reverse engineer! Just a few thoughts on what worked for me and what to avoid from our recent Twitch stream.
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=JzhpTLe8Vg4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Find Cheat Engine Coordinates 🔥 GHS107
🔥 Learn How To Find Coordinates in Cheat Engine
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/gh107-how-to-find-coordinates-with-cheat-engine.20400/
📜 Video Description:
How to Find Coordinates in Cheat Engine
First and foremost, you might wonder how to find coordinates in any given game or software. When working with Cheat Engine, this process involves scanning the program's memory for specific values representing the x, y, and z coordinates. These values are often floating point numbers and may be stored in a variety of different formats, which is why the type of scan you choose in Cheat...
https://www.youtube.com/watch?v=Ym921qmVJ4s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State DMV Data Stolen via MOVEit Vulnerabilities & Reddit's API Change Triggers Hackers - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Hackers are hitting back at Reddit for their API changes, USB malware hits Ukraine, and state DMV data was stolen via the MOVEit Vulnerabilities! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/Q1FCJY-4TqY
Chapters:
00:00 Reddit's API Change vs Hackers
02:55 USB Malware Hits Ukraine
06:08...
https://www.youtube.com/watch?v=Q1FCJY-4TqY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NahamCon CTF 2023: Web Challenge Walkthroughs
Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by @NahamSec ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec
If you're looking for the "Marmalade 5" Web challenge, check the @intigriti channel: https://youtu.be/3LRZsnSyDrQ 🥰
Full write-ups for the challenges: https://github.com/Crypto-Cat/CTF/tree/main/ctf_events/nahamcon_23
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit:...
https://www.youtube.com/watch?v=XHg_sBD0-es
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Reverse Engineer Go Binaries - GoLang Malware Analysis
🔥 Learn How to Reverse Engineer Go Binaries for Malware Analysis
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 GH Article Link: https://guidedhacking.com/threads/how-to-reverse-engineer-go-binaries.20392/
❤️Reversing Golang Binaries with Ghidra by CUJO AI at VB2021❤️
We couldn't have made this video without these great resources:
1️⃣ Video: https://www.youtube.com/watch?v=oeWSWD5avZo
2️⃣Slides: https://vblocalhost.com/uploads/2021/09/VB2021-04.pdf
3️⃣Article: https://cujo.com/reverse-engineering-go-binaries-with-ghidra/
4️⃣https://twitter.com/albertzsigovits
5️⃣https://twitter.com/pad0rka
📜 Video Description:
Reverse...
https://www.youtube.com/watch?v=cBdY5Y16OR4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Fined For Violating Children's Privacy - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Patch your file transfer software now, Microsoft Violated a Children's Privacy Law, and Replace your Barracuda ESGs ASAP! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/Zp4pwMQD9S0
Chapters:
00:00 Patch MOVEit NOW!
03:47 Microsoft Violated Child Privacy Law
07:08 Replace Barracuda ESGs...
https://www.youtube.com/watch?v=Zp4pwMQD9S0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=hacking-the-government-with-bryan-seely
In this eye-opening episode, dive into the captivating world of cybercrime and social engineering with our host, Joe Carson, and special guest Bryan Seely! Bryan, a keynote speaker and cybersecurity expert best known for his Secret Service exposé, discusses his journey from a young computer enthusiast to a renowned public speaker. Join them as they investigate the mindset and techniques used by hackers, such as the use of aliases to deceive and manipulate their targets, as well as the importance of responsible disclosure and changing cybersecurity laws.
Follow us for exclusive updates:
~https://twitter.com/cybraryIT
~https://www.instagram.com/cybrary.it/
~https://www.facebook.com/cybraryit/
Follow...
https://www.youtube.com/watch?v=aagD2SxYUJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16 - Open Redirect (low/med/high) - Damn Vulnerable Web Application (DVWA)
16 - Open Redirection (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Open Redirects↣
@PwnFunction: https://www.youtube.com/watch?v=4Jk_I-cw4WE
https://learn.snyk.io/lessons/open-redirect/javascript
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect
https://cwe.mitre.org/data/definitions/601.html
https://portswigger.net/support/using-burp-to-test-for-open-redirections
↢Chapters↣
Start...
https://www.youtube.com/watch?v=I5jko9mLNO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c
Fun stream hanging out with @c3rb3ru5d3d53c and trying to reverse engineer her malware challenge! API hashing, stack strings, and rick rolls, we've got it all!
Full workshop samples and solutions:
https://github.com/c3rb3ru5d3d53c/reworkshop
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=amnvrOLRGHA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn Bug Bounty Hunting with These Resources!
I made this video a few years ago but as you can imagine the bug bounty community moves quickly, so here is a new list of resources for 2023 and some of my favourite newsletters, YouTube channels, blogs, write ups, books and more that I recommend if you're just getting started!
Link to the full article with more detail :) https://open.substack.com/pub/insiderphd/p/how-to-study-bug-bounty-hunting?r=sip8j&utm_medium=ios&utm_campaign=post
https://www.youtube.com/watch?v=guh96GpGWx8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Return Address Spoofing Tutorial
🔥 Hide From Anti-Cheats by Using Return Address Spoofing
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗GH Article: https://guidedhacking.com/threads/return-address-spoofing.20390/
Full Credits to namazso - we are just explaining how his code works
🔗 https://www.unknowncheats.me/forum/anti-cheat-bypass/268039-x64-return-address-spoofing-source-explanation.html
📜 Video Description:
Return address spoofing is a technique frequently utilized in numerous exploits, including buffer overflow attacks. Understanding how to spoof return addresses can provide insight into this often-used trick in the world of reverse engineering and video game...
https://www.youtube.com/watch?v=bSQau-PaCTE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon FINED For Privacy Violations - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
This MacOS flaw can bypass security protections, Russia Accuses the US of hacking iphones, and Amazon is hit with a fine for privacy violations! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: xxx
Chapters:
00:00 MacOS Flaw Bypasses Security Protection
03:44 Russia Accuses US of iOS Hacking
06:44 Amazon Fined...
https://www.youtube.com/watch?v=0XyODke1vt4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering Skid Malware
🔥 Analyzing an unknown malware we found on Triage
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗Article Link: https://guidedhacking.com/threads/reverse-engineering-skid-malware.20375/
📜 Video Description:
Finding and studying intriguing malware is something I frequently do by scrolling through the public reports of the Triage sandbox website, where users execute their samples. On one such occasion, I stumbled across a rather interesting piece of skid malware. This skid malware caught my attention because it had a high score but no family detected, meaning the employees at Triage had not yet written a detection for it. This indicated that...
https://www.youtube.com/watch?v=0BASO4I7XhU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today!
In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us.
For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is this NEW Generative AI Feature a GAME CHANGER? [Adobe Firefly]
A demo of Adobe Firefly, the new generative AI functionality in Photoshop. We'll explore various applications of the ethical AI-assisted editing feature, including generative fill (beta) to edit a photograph. First, we'll remove the people (and other objects) from the beach. Next, we'll extend/expand the image, generating additional content that seamlessly clicks into the image. We'll also replace the sky, change the sand and add a variety of animals and objects. Finally, we'll play around with a cartoon image (CryptoCat) to see how the AI functionality works with illustrations. During the course of the video, we'll discuss some of the advantages/disadvantages, talk about bugs, design choices (stock images only) and cyber-security implications (deep fakes). Hope you enjoy this video, next...
https://www.youtube.com/watch?v=oLxIrRzWhUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Intelligence with The Grugq | 401 Access Denied Podcast Ep. 81
Open Source Intelligence with The Grugq | 401 Access Denied Podcast Ep. 81
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=open-source-intelligence-with-the-grugq
Given the complex and evolving nature of security, how do different countries approach cyber strategy on a global scale? In this episode of 401 Access Denied, Joe Carson is joined by the one and only Thaddeus E. Grugq (“The Grugq”), who brings along decades of security research and operational security experience. They explore various countries' approaches to cyber operations, including the US, UK and EU, India, Russia, and China. The Grugq also touches on the importance of legal frameworks, cooperation between different government entities, and the dynamic relationships between intelligence...
https://www.youtube.com/watch?v=pTzFpaVT8Us
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding The PEB for Reverse Engineers
Full Patreon tutorial (with examples):
https://www.patreon.com/posts/understanding-1-83402055
https://www.patreon.com/posts/understanding-2-83402366
Vergilius Project
https://www.vergiliusproject.com/
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=uyisPPTupmA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#osint #doxxing #cybersecurity #shorts
https://www.youtube.com/watch?v=L5sin2dTY_w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KeePass Master Passwords Could Be Stolen - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
TP-Link home routers are being targeted in attacks, stealing master passwords from KeePass, and these end of life smart plugs can get hacked! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/CCYVeRPDx94
Chapters:
00:00 TP-Link Home Routers Targeted
02:34 Stealing KeePass Master Passwords
04:32...
https://www.youtube.com/watch?v=CCYVeRPDx94
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A File's Life - File Deletion and Recovery
In this episode, we'll look at exactly what happens when you delete a file from an NTFS file system. Then, we'll talk about file "undeletion" versus file carving, and use PhotoRec to perform file carving against a mounted disk image. Lastly, we'll explore techniques to search through that recovered data using an Ubuntu WSL 2 instance.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
13:12 - PhotoRec Demo
19:03 - Searching Recovered Data
🛠 Resources
PhotoRec:
https://www.cgsecurity.org/wiki/PhotoRec
Recycle Bin Forensics:
https://www.youtube.com/watch?v=Gkir-wGqG2c
Let's Talk About NTFS Index Attributes:
https://www.youtube.com/watch?v=x-M-wyq3BXA
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=4zlk9ZSMa-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
15 - Authorisation Bypass (low/med/high) - Damn Vulnerable Web Application (DVWA)
15 - Authorisation Bypass (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. Hope you enjoy 🙂
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Authorisation Bypass↣
https://portswigger.net/web-security/access-control
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References
↢Chapters↣
Start...
https://www.youtube.com/watch?v=Qcgu34eWQa4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Revealing Secrets with Information Disclosure Bugs
Information disclosure is really broad, ranging from technical things like finding API keys or code review, to that webpage is displaying my address publicly! So they can be great bugs particularly if you don't have access to a regular computer or you're not familiar with
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your...
https://www.youtube.com/watch?v=l5GKb8UDSq0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Flaw in Ruckus WiFi APs - Update Firmware ASAP - ThreatWire
ThreatWire Totem Board - Limited Edition! - https://snubsie.com/threatwire-products/tw-totem
Shop ThreatWire Merch on Teespring! - https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/shannonmorse
Follow Shannon on Social Media: https://snubsie.com/links
Update your Ruckus, GitHub improves open source repo security, and Discord discloses a data breach! All that coming up now on ThreatWire.
#threatwire #hak5
ThreatWire by Shannon Morse is a weekly news journalism show covering cybersecurity topics for network admins, information security professionals, and consumers.
Watch this on youtube: https://youtu.be/TKfxOTvt27o
Chapters:
00:00 Ruckus WiFi AP Flaw
02:19 GitHub Pushes Protection
03:57 Discord Data Breach
Links:
Resources for stories are available...
https://www.youtube.com/watch?v=TKfxOTvt27o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity in the Boardroom with Art Gilliland | 401 Access Denied Ep. 80
Cybersecurity in the Boardroom with Art Gilliland | 401 Access Denied Ep. 80
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=cybersecurity-in-the-boardroom-with-art-gilliland
On paper, the board of a company should serve to protect the security of their business. But what functions are actually involved in that process? In this episode of 401 Access Denied, Joe Carson is joined by Delinea's own CEO, Art Gilliland. Hear straight from the source what exactly goes into leading a company from the security practitioner's perspective. This inside scoop will demystify what goes on in corporate board rooms, and the big decisions that trickle down through the rest of the company. Tune in to learn more from this unique vantage point!
Follow Art:
~https://twitter.com/artgilliland
~https://www.linkedin.com/in/artgilliland...
https://www.youtube.com/watch?v=51GcW-2wu1Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne at RSAC 2023
HackerOne CEO, Marten Mickos, and CTO and co-founder, Alex Rice, speak to ISMG about transparency and trust as a competitive differentiator and how ethical hackers and continuous testing provide more impactful results for less spend than traditional solutions.
https://www.youtube.com/watch?v=5rNF4tiGd0Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stored, Blind, Reflected and DOM - Everything Cross--Site Scripting (XSS)
I'll be honest, XSS are not my favourite kinds of bugs to hunt for, even now and I don't think they are great for beginners. BUT I have been outvoted by the community on this one so here's how to find your first bug, XSS edition. I'm going to talk about each type of XSS and show you how I actually approach a target when I'm looking for XSS bugs. I will be the first to admit I've found 1 XSS in the wild and it was a DOM based XSS!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your...
https://www.youtube.com/watch?v=hQEQ-KJh06M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
Video walkthrough for the binary exploitation (pwn) challenge, "Leek" from the Angstrom capture the flag (CTF) competition 2023. The challenge involves performing a heap overflow to overwrite all null bytes between our user input chunk and secret data chunk so that when puts() is called, it prints both chunks (there's no null terminator separating them). After this, we need to repair the header of the chunk we modified so that the program can continue execution. We repeat this process of leaking and submitting the random (secret) bytes 100 times, at which point we receive the flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Angstrom #AngstromCTF #CTF #Pentesting #OffSec #Pwn #BinaryExploitation #Reversing #ReverseEngineering
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub:...
https://www.youtube.com/watch?v=55jibxjUj3I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Challenges [Space Heroes CTF 2023]
Video walkthrough for some web exploitation challenges from the Space Heroes (CTF) competition 2023. Some topics covered include; HTTP parameter pollution, chatGPT breakout (prompt injection/leakage), insecure file upload, XSS, CSP bypass and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SpaceHeroes #SpaceHeroesCTF #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Space Heroes CTF↣
https://ctftime.org/event/1856
https://spaceheroes.ctfd.io/challenges
https://discord.gg/BsSyhTDdne
↢Resources↣
Ghidra:...
https://www.youtube.com/watch?v=d2BRicRLMfk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Well it finally happened... infected myself with Emotet lel
Come hang out with us for some live digital forensics as we hunt down the persistence mechanism for this malware and clean up my host 😆
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=6U0obWnOYO0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"Easiest" Beginner Bugs? Access Control and IDORs
Whenever someone asks what bug they should look for I always say IDORs/access control issues particularly across large enterprise level apps (think Atlassian), where you have complex access control rules. While these bugs don't requite advanced technical skills they do require a lot of manual testing, but when you're still looking for your first bug you have a lot of time.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll...
https://www.youtube.com/watch?v=cV0uoZTLVVY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management Metrics: Top 10 KPIs To Measure Success (W/ Walter Haydock)
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
In this engaging interview, Walter shares valuable insights on:
🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments.
🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations.
⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs.
📈 Success stories of organizations...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management SOP: Expert Reveals Top Tips (W/ Kevin Donatelli)
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs!
In this not-to-be-missed session, you'll:
🔑 Learn the essential components of effective vulnerability management SOPs
🛡️ Discover how to prioritize and remediate risks efficiently
🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spinning up the RTV Ship
We are building up the things to bring you up to speed with the latest in Red Team Village activities and DEFCON 31. See you in the network.
https://www.youtube.com/watch?v=RVkXhwIOX6w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PE File Unmapping Explained aka Lazy Process Dumping
Just a quick twitch clip where we talk about PE dumping and unmapping... we get asked about this a lot 😅
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=mrIHSmUlKv0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Las Vegas 2022 (H1-702)
Live Hacking Events are the ultimate voyage for hackers selected to test their skills. Hackers crushed previous payouts in our largest LHE of the year! Check out the recap of this unforgettable event.
Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=t8d0Q8YZhiQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Hacking Setup and How to Use It (Firefox/Burp Community)
This is probably one of the most common question I get asked about Bug Bounty, right next to "do you take mentors" and "how to find a bug". There are a ton of 3rd party awesome community tools that can take your pen testing and hacking to the next level, but it's important to not rush to try out new tools when you're still learning the basics. With that in mind I take you around the basic toolkit I use and show you some of the fundamental tools that help me get bounties!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted...
https://www.youtube.com/watch?v=wNqaLalaNE0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management Trends & Predictions For 2023 (W/ Joshua Copeland) | PurpleSec
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading: https://purplesec.us/learn/vulnerability-management-trends/
Chapters
---------------
00:00 - Introduction
00:20 - Joshua Copeland
02:47 - Automation Is Key
10:30 - Adoption Of Risk-Based Approaches
16:40 - Continuous Monitoring
21:40 - Increased Focus On Cloud Security
28:43 - Increased Use Of Threat Intelligence
35:10 - The Role Of Network Segmentation
43:30 - DevSecOps: Building Security From The Ground Up
50:40...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Hacker Interviews: Miguel (@Fisher)
Hear from Miguel (@Fisher) on his experience at HackerOne's live hacking event in Barcelona H1-3439!
Follow our Community Blog to keep with more info about events, hacker stories, and more! Here's an infographic for the recent event:
https://www.hackerone.com/hackerone-community-blog/h1-hackers-walk-streets-barcelona-h1-3493
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=OxOXIbpe_7Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Swathi Joshi Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=5p2tw5sIrwg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Opening Remarks and Anna Westelius Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=VuXVX0q_yE4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Jim Manico Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=DPJtv-E8SlM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Closing Remarks and Giveaway
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=ftJJJe03fMU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2022 Global AppSec San Francisco: Simon Bennetts Keynote
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=t77aKVJQKzY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Squeezing The Last Drop Out Of OWASP Juice Shop - Bjoern Kimminich
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=m1f2fPC8hLU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Teleporting Through Walls with Cheat Engine - "No Way Out" [PicoCTF 2023]
Walkthrough for a Unity game hacking challenge from the Pico Capture The Flag competition 2023 (picoCTF). First, we'll decompile the Assembly.Csharp.dll with DNSpy and patch/re-compile the code to retrieve the flag. In the second solution, we'll use Cheat Engine 7.5 to identify our player position and teleport through the wall, allowing us to recover the flag. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #ReverseEngineering #CTF #CaptureTheFlag #Pico #PicoCTF #PicoCTF2023 #CheatEngine #GameHacking
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the @intigriti channel: https://www.youtube.com/watch?v=ku6AtIY-Lu0&list=PLmqenIp2RQcg0x2mDAyL2MC23DAGcCR9b and the gamepwn README: https://github.com/Crypto-Cat/CTF/tree/main/game_hacking#readme
↢Social...
https://www.youtube.com/watch?v=QgF4PQjeG-o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Two Thumbs Up - Thumbnail Forensics
In this episode, we'll look at Thumbs.db and Thumbcache -- databases used by Windows to store thumbnails (preview images) of pictures, documents, and other file types. Learn how these rather obscure artifacts could potentially be invaluable to your investigations.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:28 - Thumbs.db / Thumbcache artiFACTS
05:13 - Thumbcache Viewer Demo
🛠 Resources
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=5efCp1VXhfQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Techniques To Improve Vulnerability Visibility & Detection (W/ Clement Fouque) | PurpleSec
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/
Read the full article: https://purplesec.us/learn/vulnerability-visibility/
Chapters
---------------
00:00 - Introduction
00:45 - Clement Fouque
01:36 - Importance Of Visibility In Vulnerability Management
02:51 - Why Is Poor Visibility An Issue?
04:40 - Common Blind Spots
06:55 - Improving Asset Inventories
09:30 - How Do You Know If You Have Poor Visibility?
13:20 - Techniques For Improving Visibility
15:05 - How To Ensure All Endpoints Are Being Scanned
18:25 - How Network Segmentation Improves Visibility
20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why does DNS always break the internet?
The internet, it's a series of tubes? Or is it? This week we take a look at how the internet actually works and what we mean when we say web security. What happens when you visit a website? How does it know what to display? What technologies are we actually hacking? What is a request and response anyway? Well this week we cover all of that and more. As we dive into TCP/IP, DNS, HTTP, HTML, CSS and some other acronyms.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous...
https://www.youtube.com/watch?v=yp1rH7Kj12o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Bard vs. GPT4 - Hands-On First Look [Cybersecurity]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF...
https://www.youtube.com/watch?v=xhZ-rueqllg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You Can't Hack Them All - Master of One - From Noob to Clients
Burp Suite Deep Dive course: https://bit.ly/burpforpros
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF...
https://www.youtube.com/watch?v=BU0R_7IBpxs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How does Bug Bounty work anyway?
I talk a lot about becoming a bug bounty hunter on my channel, in this new series we're going to go from knowing nothing about hacking to finding your first bug, to getting more consistent bounties and everything in between. While we're starting at the very basics I think you'll find this series has a lot to offer a hacker at any level!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll match you up with the right program...
https://www.youtube.com/watch?v=nXvP8j3QtHI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Doublespeak: Jailbreaking ChatGPT-style Sandboxes using Linguistic Hacks
A review of Large Language Model (LLM) vulnerabilities/exploits, e.g. including prompt leakage, prompt injection and other linguistic hacks. We'll run through levels 1-9 of the doublespeak.chat challenges, produced by Forces Unseen. doublespeak.chat is a text-based game that explores LLM pre-prompt contextual sandboxing. The challenges prime an LLM (Chat-GPT) with a secret and a scenario in a pre-prompt hidden from the player. The player's goal is to discover the secret either by playing along or by hacking the conversation to guide the LLM's behavior outside the anticipated parameters. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox:...
https://www.youtube.com/watch?v=au3CRqlbWlQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Lesley Carhart (hacks4pancakes)
In this special guest episode of 13Cubed, I interview Lesley Carhart (aka hacks4pancakes) of Dragos. We'll cover a variety of topics and provide some career advice along the way!
*** Check out PancakesCon 4 at https://pancakescon.com/ coming March 19, 2023! ***
🎉 Also check out the new 13Cubed Training Course Investigating Windows Endpoints. Affordable, on-line, and on-demand training is here! Enroll now at https://training.13cubed.com/
🛠 Resources
Twitter:
https://twitter.com/hacks4pancakes
Mastodon:
https://infosec.exchange/@hacks4pancakes
TikTok:
https://www.tiktok.com/@UCezvmPw4tfO6n_FMQoN4waw
#forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=aC4jd8hQdYo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It's About Time - Timestamp Changes in Windows 11
In this episode, we'll revisit NTFS MACB timestamps and take a look at how file creations, accesses, modifications, renames, copies, and moves affect them. Then, we'll take a look at how Windows 11 has changed the behavior associated with some of those timestamps.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:24 - File Creation
02:54 - File Access and NtfsDisableLastAccessUpdate
05:12 - File Modification
06:18 - File Rename
07:33 - File Copy
09:50 - File Move
12:53 - Correction
14:02 - Timestamp Changes in Windows 11
🛠 Resources
Windows MACB Timestamps (NTFS Forensics):
https://www.youtube.com/watch?v=OTea54BelTg
Windows 11 Time Rules:
https://www.khyrenz.com/blog/windows-11-time-rules/
#Windows11...
https://www.youtube.com/watch?v=_D2vJZvCW_8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: A Taste Of Privacy Threat Modeling by Kim Wuyts
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=0HMxksszzDI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Opening Remarks - Grant Ongers
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=v8SeSkmYxXU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Introducing Threat Modelling To Established Teams - Sarah-Jane Madden
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=1Zkta9i1CYQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Attacking And Protecting Artificial Intelligence - Rob Van Der Veer
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=ABmWHnFrMqI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Why Winning In Cybersecurity Means Winning More Everyday - Jessica Robinson
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=UJeraXFMcoI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gobal AppSec Dublin: Trusting Software: Runtime Protection Is The Third Alternative - Jeff Williams
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=sRE3f_2ECfs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: Passwordless Future: Using WebAuthn And Passkeys In Practice - Clemens Hübner
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=_L9pbpkX-Ps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: GitHub Actions: Vulnerabilities, Attacks, And Counter-Measures - Magno Logan
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=gxCvV35yXmU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global AppSec Dublin: [T]OTPs Are Not As Secure As You Might Believe - Santiago Kantorowicz
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=K3myOx4HI90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Orlando w/ Epic Games 2023 (H1-407)
Hackers were brought out to sunny Orlando, Florida! Our hackers were challenged with the amazing team at Epic Games to help keep our games secure.
Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=LU5VPLwJLqM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Barcelona w/ PayPal 2022 (H1-3493)
Live Hacking Events are the ultimate voyage for hackers selected to test their skills. This time our hackers had the chance to experience gothic architecture, historic streets, and a historic music venue. Check out what hackers had to say about their experience abroad!
Follow our community blog for additional resources →https://www.hackerone.com/hackerone-community-blog
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Instagram → https://www.instagram.com/hacker0x01/
◇ LinkedIn → https://www.linkedin.com/company/Hack...
◇ Facebook → https://www.facebook.com/Hacker0x01/
https://www.youtube.com/watch?v=C8mBx7iz9cU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Forensics Training You Can Actually Afford!
Announcing the first ever 13Cubed Training Course: Investigating Windows Endpoints.
Unlock the secrets of Windows forensic investigation with my new course! I took my years of experience creating videos on this channel and set out to develop affordable, comprehensive, and professional training. Whether you're looking to get into the field, already work in the field but want to step up your game, or just have an interest in digital forensics, look no further. This is the course for you!
Purchase the Course Here:
https://training.13cubed.com/investigating-windows-endpoints
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=d8fAKTXOjS8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CAN I WIN A GAME OF BATTLEGROUNDS?! [HackTheBox - Server Siege]
3 more practice games of @HackTheBox battlegrounds (server siege) 💜 If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #offsec
HackTheBox: https://affiliate.hackthebox.com/cryptocat-htb
HTB Academy: https://affiliate.hackthebox.com/cryptocat-academy
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://affiliate.hackthebox.com/cryptocat-htb
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=VX445yn4lQ4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESXiArgs Ransomware Analysis with @fwosar
Join us as we reverse engineer the ESXiArgs ransomware used in wide spread attacks targeting unpatched VMware servers with CVE-2021-21974.
Fabian (https://twitter.com/fwosar) joins us to do the heavy lifting!
Tutorial that may assist with decrypting files that have been encrypted by ESXiArgs (https://enes.dev/).
BleepingComputer help forum for ESXiArgs victims (https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/)
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=bBcvqxPdjoI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-4510: Directory Traversal RCE in binwalk
A path traversal vulnerability (CVE-2022-4510) was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 (inclusive). This vulnerability allows remote attackers to execute arbitrary code on affected installations of binwalk. User interaction is required to exploit this vulnerability in that the target must open the malicious file with binwalk using extract mode (-e option). The issue lies within the PFS (obscure filesystem format found in some embedded devices) extractor plugin that was merged into binwalk in 2017. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Vulnerability #CVE-2022-4510 #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:...
https://www.youtube.com/watch?v=71e5iMoDDMA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5
Get 0 In Free Linode Credit ►► https://bit.ly/39mrvRM
Get started with Intigriti: https://go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify...
https://www.youtube.com/watch?v=XcIUuwH3S9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 Year Cybersecurity Career Roadmap
In this video, I outline a concise 3-year Cybersecurity career roadmap designed for students or professionals looking to get started with a career in Cybersecurity in 2023 and beyond.
Slides: https://bit.ly/3HlM3aw
Black Hills 5-Year InfoSec Plan: https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►►...
https://www.youtube.com/watch?v=oI9aaBpJvoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackTheBox Battlegrounds - Server Siege (Practice Mode)
Wanna to watch me fail to gain a foothold on two @HackTheBox battlegrounds machines? Well, you're in luck! In this video, I compete in 2 practice games of battlegrounds server siege mode. Unfortunately, I didn't get a shell in either of the 15 minute matches but hopefully showing my real-time thought process and initial impressions of the competitive hacking mode will still be helpful to some people. If you think I should do some things differently, let me know in the comments! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #Battlegrounds #ServerSiege #CTF #Pentesting #OffSec
HackTheBox: https://affiliate.hackthebox.com/cryptocat-htb
HTB Academy: https://affiliate.hackthebox.com/cryptocat-academy
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub:...
https://www.youtube.com/watch?v=Jo-2F-4f0F0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EZ Tools Manuals Interview with Andrew Rathbun
In this special guest episode of 13Cubed, I interview Andrew Rathbun of Kroll to discuss the new EZ Tools Manuals he's written. This documentation provides in-depth coverage of nearly all Windows forensic tools written by Eric Zimmerman. We also discuss a few other DFIR community projects at the end, so don't miss it!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - EZ Tools Manuals
20:40 - DFIR Artifact Museum
25:48 - Digital Forensics Discord Server
🛠 Resources
EZ Tools Manuals:
https://leanpub.com/eztoolsmanuals
Vanilla Windows Reference:
https://github.com/AndrewRathbun/VanillaWindowsReference
DFIR Artifact Museum:
https://github.com/AndrewRathbun/DFIRArtifactMuseum
A Beginner's Guide to the Digital...
https://www.youtube.com/watch?v=Mz5hin8Wxak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ultimate GraphQL Recon - A Tactical Approach
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ GraphQL is widely adopted in the industry. Learn how to map its attack surface so as to safely and effectively protect it.
GitHub: https://github.com/nicholasaleks/graphql-threat-matrix/
graphw00f: https://github.com/dolevf/graphw00f
Free Chapter 4: https://nostarch.com/download/BlackHatGraphQL_ch4sample_102422.pdf
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My...
https://www.youtube.com/watch?v=c_RPptC4V9I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A New Program Execution Artifact - Windows 11 22H2 Update!
In this episode, we'll take a look at a new Windows 11 Pro 22H2 program execution artifact discovered in late December 2022. We'll cover the basics and then look at this new Program Compatibility Assistant (PCA) artifact in action on a Windows 11 system.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:52 - PCA artiFACTS
02:52 - Demo
11:28 - Recap
🛠 Resources
New Windows 11 Pro (22H2) Evidence of Execution Artifact:
https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
Vanilla Windows Reference:
https://github.com/AndrewRathbun/VanillaWindowsReference
DFIR Artifact Museum:
https://github.com/AndrewRathbun/DFIRArtifactMuseum
🙏 Special Thanks for Additional Research and...
https://www.youtube.com/watch?v=rV8aErDj06A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Defense Evasion Techniques - Hiding Linux Processes
In this video, I explore the process of evading defenses on Linux by hiding Linux processes with libprocesshider.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Process Hider GitHub Repository: https://github.com/gianlucaborello/libprocesshider
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER...
https://www.youtube.com/watch?v=GT-ClZAi6rE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Most Frequent Vulnerabilities I Found in 80+ Pentests in 2022
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ These are the most frequent vulnerabilities I found in my pentests in 2022.
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine...
https://www.youtube.com/watch?v=Bob-_PtgvXA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Persistence Techniques - SSH Keys, Web Shells & Cron Jobs
In this video, I explore the process of establishing persistence on Linux via SSH keys, local accounts, web shells, and Cron Jobs.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=tNJs8CFj_B8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What The Security Industry Should Know About Reverse Engineering [ Reverse Engineering AMA ]
What is one thing you wish your peers in the security industry knew about reverse engineering?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=SffxAVWmbk4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do Companies Actually Pay Ransomware [ Reverse Engineering AMA ]
Do companies really pay ransomware? Do they buy bitcoin to pay? If they pay do they actually get their files back?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=-CD82mTcy5A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT For Cybersecurity
In this video, I go over the process of how to use ChatGPT and cover various examples of how to use ChatGPT for Cybersecurity.
ChatGPT is an AI-driven chatbot launched by OpenAI in November 2022.
It is trained using Reinforcement Learning from Human Feedback (RLHF).
It is built on top of OpenAI's GPT-3.5 family of large language models and is fine-tuned with both supervised and reinforcement learning techniques.
OpenAI ChatGPT: https://chat.openai.com/chat
Timestamps:
0:00 Introduction
7:50 ChatGPT usage
10:45 Pentesting examples
13:10 Generating shells
14:25 Fuzzing
17:15 Shellcode
18:00 Custom emails
19:34 Macros
20:56 Buffer overflow
22:15 Automation
25:00 Blue team examples
28:33 ChatGPT impact on cybersecurity
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY...
https://www.youtube.com/watch?v=6PrC4z4tPB0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is The Future of Reverse Engineering [ Reverse Engineering AMA ]
What is the future of reverse engineering? What should we prepare for?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=lilIOWzDeBA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Red Team Privilege Escalation Techniques - Kernel Exploits & SUDO Permissions
In this video, I explore the process of elevating privileges on Linux by leveraging kernel exploits, local accounts, and misconfigured SUDO permissions.
Privilege Escalation consists of techniques adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=w2rElXYV2Fs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Trick To Level Up Your Reverse Engineering [ Reverse Engineering AMA ]
What is one trick or tip that really levelled up your reverse engineering?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=EjVVbM6ub00
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Identify Unknown Crypto Functions [ Reverse Engineering AMA ]
How do you identify unknown crypto and compression algorithms when reverse engineering?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS...
https://www.youtube.com/watch?v=BGIDMpSztSk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]
What are some tips for dealing with static config extraction of .NET malware?
--
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS...
https://www.youtube.com/watch?v=n435uL01T_E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LastPass Data Breach - Password Security 101
In this episode of CyberTalk, I discuss the latest LastPass data breach (December 2022) and outline a failsafe password management policy for you, your family, and or your business.
The following is a set of password security and management guidelines you should follow:
1. Generate secure, random, and complex passwords.
2. Use a new and unique password for every account.
3. Store your passwords with an offline password management database/vault like KeePass.
4. Take regular backups of your password database/vault and store them in a secure location (preferably only known to you).
5. Regularly change your passwords.
6. Develop a password handover contingency plan in the event of your death or incapacitation.
7. Remember, online platforms and solutions can go out of business or may not necessarily...
https://www.youtube.com/watch?v=MsxlsGAJ97c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team Lateral Movement Techniques - PsExec & RDP
In this video, I will be exploring the process of performing lateral movement on Windows by leveraging PsExec and RDP.
Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER...
https://www.youtube.com/watch?v=QGkmlsvjMYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team Privilege Escalation Techniques - Bypassing UAC & Kernel Exploits
In this video, I will be exploring the process of privilege escalation on Windows by leveraging various privilege escalation techniques.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
Writeup: https://hackersploit.org/windows-privilege-escalation-fundamentals
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM...
https://www.youtube.com/watch?v=vPTbWnCZ0sg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation
In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts.
Writeup: https://hackersploit.org/windows-red-team-defense-evasion-techniques/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=6xexyQwG7SY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackTheBox Certified Penetration Testing Specialist (CPTS) - Review + Tips
My review of the new @HackTheBox Certified Penetration Testing Specialist (CPTS) certification - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec #CPTS #Certification #Course
HackTheBox: https://affiliate.hackthebox.com/cryptocat-htb
HTB Academy: https://affiliate.hackthebox.com/cryptocat-academy
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://www.hackthebox.com/newsroom/certified-penetration-testing-specialist-cpts
https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist
https://academy.hackthebox.com/path/preview/penetration-tester
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=UN5fTQtlKCc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Paid to Hack - Salaries in Cybersecurity
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ How much money can you make in cybersecurity. I've compiled salaries for a list of 9 cybersecurity jobs.
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets...
https://www.youtube.com/watch?v=QZcHhowgU3U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dissect Effect - An Open Source IR Framework
In this episode, we'll take a look at the recently open sourced Dissect incident response framework from Fox-IT. We'll briefly examine the overall capabilities of the software, then we'll install it within a WSL 2 environment, and lastly, we'll take it for a test drive using a Windows Server 2019 disk image.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:37 - Installation
03:31 - Using target-query
11:01 - Using target-shell
14:33 - Recap
🛠 Resources
Dissect Project:
https://github.com/fox-it/dissect
Dissect Documentation:
https://docs.dissect.tools/en/latest/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=A2e203LizAM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber 2022: Day 17 Filtering for Order Amidst Chaos (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible.
Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4
Socials:
https://twitter.com/InsiderPhD
https://infosec.exchange/@insiderphd
https://insiderphd.dev
https://www.youtube.com/watch?v=ZsmRQqjGb9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tier 1: Funnel - HackTheBox Starting Point - Full Walkthrough
Learn the basics of Penetration Testing: Video walkthrough for the "Funnel" machine from tier one of the @HackTheBox "Starting Point" track; "The key is a strong foundation". We'll be exploring the basics of enumeration, service discovery, pivoting/tunnelling and more! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CTF #Pentesting #OffSec
HackTheBox: https://affiliate.hackthebox.com/cryptocat-htb
HTB Academy: https://affiliate.hackthebox.com/cryptocat-academy
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢HackTheBox↣
https://affiliate.hackthebox.com/cryptocat-htb
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific...
https://www.youtube.com/watch?v=HxWtXhL1mVU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber 2022: Day 16 SQLi's the king, the carolers sing (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible.
Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4
Socials:
https://twitter.com/InsiderPhD
https://infosec.exchange/@insiderphd
https://insiderphd.development
Nahamcon Secret ;) flag{2d01c445fbf95457a78aa68f4ddf6dec}
https://www.youtube.com/watch?v=iv02-Oi0TvM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber 2022: Day 15 Santa is looking for a Sidekick (Walkthrough)
Hi everyone! This week I'll be publishing walkthroughs of TryHackMe's Advent of Cyber. Advent of Cyber is a free event that anyone can participate in which gets you to try a new cyber security challenge each day of December leading up to Christmas. Don't worry if you've not been participating until now. You can catch up and still be entered to win prizes. You can totally do the majority of the challenges straight from your web browser. I'm not being paid or anything I just really like Advent of Cyber and wanted to help make it possible.
Check out Advent of Cyber https://tryhackme.com/room/adventofcyber4
Socials:
https://twitter.com/InsiderPhD
https://infosec.exchange/@insiderphd
https://insiderphd.dev
https://www.youtube.com/watch?v=9Pniza-s1ds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Detect & Bypass Detection of ChatGPT and GPT3 Generated Text
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ How to Detect & Bypass Detection of ChatGPT and GPT3 Generated Text.
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine...
https://www.youtube.com/watch?v=0bBfAIbxob8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Use ChatGPT as a Cybersecurity Professional
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ How to use ChatGPT in cybersecurity.
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python:...
https://www.youtube.com/watch?v=oEWciI0At28
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk-Based Vulnerability Management | PurpleSec
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read The Full Case Study
----------------------------------------
https://purplesec.us/case-studies/travel-services-provider/
High Level Findings
-------------------------------
PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period:
- 75% MTTR reduction.
- 86% vulnerability risk reduction.
- M average annual savings for the client.
- 1.6k average monthly man-hour savings.
-...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Hacker to Hero - The Exciting World of Cybersecurity Careers
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ A comprehensive guide to cybersecurity careers.
__________
Resources
- https://www.cybersecurityeducation.org/careers/
- https://www.coursera.org/articles/cybersecurity-jobs
- https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
- https://universityhq.org/how-to-become/cyber-security-jobs/
- https://www.coursera.org/articles/cybersecurity-career-paths
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn...
https://www.youtube.com/watch?v=ZDO_43NGfio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extreme Transparency or Corporate Security Responsibility?
We can all agree in theory that transparency is a good thing, but how far are you really willing to push it when the worst happens? Alex Rice and Will Farrell challenge organizations to push for transparency regardless of their situation, industry, or stakeholders. In this session, they explore the limits of corporate transparency and reframe it in the context of Corporate Security Responsibility.
Key takeaways:
-Understand why the message of transparency works
-Learn the strategies for creating a culture of transparency and collaboration
-Get the tools to translate transparency into board-friendly language
Find out more about Corporate Security Responsibility: https://www.hackerone.com/corporate-security-responsibility
https://www.youtube.com/watch?v=V7jyrIkNukE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Bypass Authentication [Multiple Ways]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ How to Bypass Authentication - As An Appsec Specialist.
__________
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF on Pluralsight: http://bit.ly/cyberplural
Python for Pentesters (on Packt): http://bit.ly/pythonpackt
Training:
Hands-On Training with PentesterLab PRO: http://bit.ly/awesomepentester...
https://www.youtube.com/watch?v=x6bX26f_Ibw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's Talk About MUICache
In this episode, we'll take an in-depth look at Windows MUICache. We'll start by reviewing the purpose of this Windows feature, the metadata it collects, and its forensic value in showing evidence of program execution. Then, we'll jump into a demo and see it in action.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:54 - Background
03:42 - MUICache artiFACTS
07:20 - Demo
🛠 Resources
Forensic Analysis of MUICache Files in Windows
https://www.magnetforensics.com/blog/forensic-analysis-of-muicache-files-in-windows/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=ea2nvxN878s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Get Pentesting and Appsec Clients [Unconventionally]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ From Practice Labs to Real Targets.
__________
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF on Pluralsight: http://bit.ly/cyberplural
Python for Pentesters (on Packt): http://bit.ly/pythonpackt
Training:
Hands-On Training with PentesterLab PRO: http://bit.ly/awesomepentester...
https://www.youtube.com/watch?v=2-fTRjZehD8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MITRE ATT&CK Framework For Offensive & Defensive Operations
In this live training session, I will introduce you to the MITRE ATT&CK framework and will cover the process of operationalizing it for both offensive and defensive operations.
//LIVE TRAINING AND BOOTCAMPS
Introduction To C2 Frameworks: https://cyberranges.clickmeeting.com/introduction-to-c2-frameworks-3-day-webinar/register
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials...
https://www.youtube.com/watch?v=ujaoOWmkGLY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Practical Web Application Security - Part 28 - Password Mismanagement Attacks [Hacksplaining]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ The multiple ways to make or break application security. Via @hacksplaining8497 https://hacksplaining.com
__________
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF on Pluralsight: http://bit.ly/cyberplural
Python for Pentesters (on Packt): http://bit.ly/pythonpackt
Training:
Hands-On...
https://www.youtube.com/watch?v=fEfiRi3RK3k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updates & Content Schedule - Q4 2022 - Q2 2023
This video outlines the latest updates from the HackerSploit team and goes over the content development plan for Q4 2022 - Q2 2023.
//CERTIFICATIONS
Certified Exploitation & Post-Exploitation Professional (CEPP): https://cyberranges.clickmeeting.com/exploitation-post-exploitation-3-day-bootcamp/register
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT...
https://www.youtube.com/watch?v=BnkhIpfc1aU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Many Timestamps??? #Shorts
How many timestamps *could* exist for a given file on an NTFS filesystem. Watch this to find out!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=xeevyCqC62E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Practice Labs to Real Targets - [and No Bug Bounties]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ From Practice Labs to Real Targets.
__________
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF on Pluralsight: http://bit.ly/cyberplural
Python for Pentesters (on Packt): http://bit.ly/pythonpackt
Training:
Hands-On Training with PentesterLab PRO: http://bit.ly/awesomepentester...
https://www.youtube.com/watch?v=IE0hgOu2q_A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Practical Web Application Security - Part 27 - information Leakage Defenses [Hacksplaining]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ The multiple ways to make or break application security. Via @hacksplaining8497 https://hacksplaining.com
__________
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF on Pluralsight: http://bit.ly/cyberplural
Python for Pentesters (on Packt): http://bit.ly/pythonpackt
Training:
Hands-On...
https://www.youtube.com/watch?v=kuHE_8-Uuuw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Practical Web Application Security - Part 26 - information Leakage Attacks [Hacksplaining]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ The multiple ways to make or break application security. Via @hacksplaining8497 https://hacksplaining.com
__________
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF on Pluralsight: http://bit.ly/cyberplural
Python for Pentesters (on Packt): http://bit.ly/pythonpackt
Training:
Hands-On...
https://www.youtube.com/watch?v=puDzdBZZ0T4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Practical Web Application Security - Part 25 - User Enumeration Defenses [Hacksplaining]
Burp Suite Deep Dive course: https://bit.ly/burpforpros
________________________________________________________________________________________________ The multiple ways to make or break application security. Via @hacksplaining8497 https://hacksplaining.com
__________
My courses:
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Neural Networks with Tensorflow: http://bit.ly/tensorflownets
Machine Learning with Scikit-Learn and Python: http://bit.ly/mlpractical
Artificial Neural Nets with Neurolab: https://bit.ly/artificialnets
Study cybersecurity with 50% OFF on Pluralsight: http://bit.ly/cyberplural
Python for Pentesters (on Packt): http://bit.ly/pythonpackt
Training:
Hands-On...
https://www.youtube.com/watch?v=HzcKk5s_hck
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Impacket Impediments - Finding Evil in Event Logs
In this episode, we'll take a look at the five (5) Impacket exec commands: atexec.py, dcomexec.py, psexec.py, smbexec.py, and wmiexec.py. The goal is to understand what event log residue we should be looking for on the target system, both with standard "out-of-the-box" log configuration, and with additional configurations such as process auditing with command line.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:32 - atexec.py
13:46 - dcomexec.py
19:30 - psexec.py
23:57 - smbexec.py
30:58 - wmiexec.py
36:55 - Recap
🛠 Resources
Impacket Exec Commands Cheat Sheet:
https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet.pdf
Impacket Exec Commands Cheat Sheet (Poster):
https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet_poster.pdf
#Forensics...
https://www.youtube.com/watch?v=UMogme3rDRA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read the full article... https://purplesec.us/learn/vulnerability-management-program/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leveraging Bug Bounties for Your Career | Panel
Bug bounty isn't just a way to sharpen you skills and collect bounties. Listen to hackers The_Arch_Angel, none_of_the_above, and Niemand_sec talk to HackerOne Community Director Jessica Sexton about ways to utilize your career as a bug hunter for your future career.
This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas!
Follow The_Arch_Angel: https://twitter.com/ArchAngelDDay
Follow none_of_the_above: https://twitter.com/lean0x2f
Follow niemand_sec: https://twitter.com/niemand_sec
Follow Jessica: https://twitter.com/sgtcardigan
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=gul-DFzibaE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities I've Found: The Fun, the Weird and the Technical | Roni Carta
Roni Carta is a hacker who grew up playing video games becoming engrossed in the idea of creating them himself. Inspired by the master thief Arsene Lupin, Roni has learned to use his skills to outsmart and find creative ways to exploit systems.
This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas!
Follow Roni: https://twitter.com/0xLupin
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=EM2ZNMA3ggg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fuzzing XSS Sanitizers for Fun and Profit | Tom Anthony
In 1998 Tom was arrested for hacking, and was told he was looking at over 270 years in prison. Time for a career change! Tom went on to a life as an academic, earning a PhD in Artificial Intelligence, before starting a career as an SEO consultant (you think telling people you are a hacker is bad -- try telling them you do SEO!). Although nowadays his day job is as CTO of an SEO SaaS business, Tom still has 'the itch.' This took him from being the first person to ever be awarded a bounty for hacking Google's search algorithm, to hitting the news when he tried to join Boris Johnson's cabinet meeting on Zoom, and discovering a few fun bugs along the way.
This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas!
Follow Tom: https://twitter.com/TomAnthonySEO
▼ Keep...
https://www.youtube.com/watch?v=gJGbS8UELGw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking VNC Clients with Evil Servers | Eugene Lim
Eugene Lim hacks for good! He has helped secure products and data from a range of vulnerabilities. He is interested in application security and securing user data through sustainable DevSecOps practices. In 2019, he won the Most Valuable Hacker award at the H1-213 live hacking event in Los Angeles organized by HackerOne, US Air Force, UK Ministry of Defense, and Verizon Media. In 2021, he was 1 of 5 selected from a pool of 1 million white hat hackers for the H1-Elite Hall of Fame.
This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas!
Follow Eugene: https://twitter.com/spaceraccoonsec
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en...
https://www.youtube.com/watch?v=5kWDNVfNAqg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Bug Hunter's Methodology - Application Analysis | Jason Haddix
Jason is the Head of Security for a leading videogame company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before that, Jason had a distinguished 10-year career as a penetration tester and was Director of Penetration Testing for HP. He is a hacker and bug hunter through and through and currently specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children. Jason has presented all over the world teaching ethical hacking, including speaking and keynotes at conferences such as DEFCON, BlackHat, RSA, Rootcon, NullCon, B-sides, and SANS.
This H@cktivitycon...
https://www.youtube.com/watch?v=FqnSAa2KmBI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Submitting High Quality Bug Bounty Reports - Tips from Behind the Curtain | Roy Davis
Roy Davis is a security researcher and engineer with 20 years of pentesting and programming experience.
He has worked on security teams at Zoom, Salesforce, Apple, Barclays Bank, and Thomson Reuters. Roy has presented at several security conferences starting in 2008 to his most recent talk at DEFCON 29. Roy currently manages the Bug Bounty program at Zoom.
This H@cktivitycon talk was given at our H1-702 Live Hacking Event in Las Vegas!
Follow Roy Davis: https://twitter.com/Hack_All_Things
▼ Keep up with us ▼
◇ Twitter → https://twitter.com/Hacker0x01
◇ Twitch → https://twitch.tv/HackerOneTV
◇ Instagram → https://www.instagram.com/hacker0x01/?hl=en
https://www.youtube.com/watch?v=mUYWXRI0WIo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/vulnerability-remediation/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users.
The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID.
More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's on My DFIR Box?
By popular request, this episode provides a walkthrough of the hardware and software I utilize for my digital forensic workstation. While this is probably more beneficial for people new to the DFIR field, I suspect it will still be interesting to a wide range of viewers.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:42 - Windows Subsystem for Linux (WSL) 2
03:18 - Windows Terminal
04:39 - Sysinternals Suite
05:31 - Microsoft PowerToys
06:20 - DCode
07:04 - FTK Imager
07:31 - PST Walker
08:53 - Arsenal Image Mounter
09:35 - Hibernation Recon
10:05 - Kroll Artifact Parser and Extractor (KAPE)
10:42 - NirSoft Tools
11:49 - X-Ways Forensics
12:19 - Eric Zimmerman Tools
14:09 - Chainsaw
14:21 - INDXRipper
14:26...
https://www.youtube.com/watch?v=-xGfzCT6TUQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=hd4dy1jZPS0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Denver 2022 (H1-303)
Check out our highlights from H1-303!
https://www.youtube.com/watch?v=tMqF4f7WR6M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Austin w/ Github 2022 (H1-512)
Check out the highlights from H1-512!
https://www.youtube.com/watch?v=gm2s8IlJW6A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is Vulnerability Management? (Explained By Experts) | PurpleSec
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Ngrok
Additional information can be found at ngrok.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DRIbd9-bXvA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hertzbleed Attack Impacting Intel & AMD CPUs | Security Insights By PurpleSec
In June 2022, a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, have published an article on their website about a new attack they developed called Hertzbleed.
This attack allows attackers to detect variations in the frequency of CPU using something called Dynamic voltage and frequency scaling or DVFS in short, and steal entire cryptographic keys in that way.
Intel's security advisory states that all Intel processors are affected. We have experimentally confirmed that several Intel processors are affected, including desktop and laptop models from the 8th to the 11th generation Core microarchitecture.
AMD's security advisory states that several of their desktop, mobile and server processors are affected....
https://www.youtube.com/watch?v=ta8aOUEGyLc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PACMAN M1 Chip Attack Explained | Security Insights By PurpleSec
The team at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a way to attack the pointer authentication in Apple's M1 chip to execute arbitrary code on Macintosh systems.
The team says that the vulnerability is found in other ARM chips, not just the M1 – but it hasn't yet had the chance to try it against the M2.
In order to get a little closer to this attack and what is the main characteristic and basis of the attack, we have to mention the PAC itself.
Pointer Authentication is a security feature that adds a cryptographic signature to operating system pointers, named Pointer Authentication Code (PAC). This allows the OS to spot and block unexpected changes that may lead to data leaks.
Chapters
---------------
00:00 - Summary Of The Attack
01:00...
https://www.youtube.com/watch?v=qfnV6iwWCY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Hackerwares
Additional information can be found at hackerware.io.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ImZPTNDX1L0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cleartrip Suffers Massive Data Breach | Security Insights By PurpleSec
Cleartrip is a popular travel-booking platform, founded back in 2006 and acquired by Walmart-owned Flipkart in April 2021.
Cleartrip has suffered a massive data breach through what they claim was a “security anomaly” of their internal systems.
Their confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022.
Their current platforms are fully functional and they state that the data breach is being dealt with, technically and legally.
It is also worth mentioning that this isn't the first data breach that Cleartrip has dealt with.
The company also suffered a data breach in April 2017 when Cleartrip's website was defaced by a hacking group called “Turtle Squad ” after they gained unauthorized...
https://www.youtube.com/watch?v=WNQZBhXNYio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - SEKTOR7
Additional information can be found at sektor7.net.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=eqaEunkWTcQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maui Ransomware Attacking Healthcare | Security Insights By PurpleSec
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which is claimed to have been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.
In June 2022, the Stairwell research team investigated one of lesser-known ecosystems of Ransomware-as-a-Service, the Maui ransomware.
Maui has been shown to have a lack of several key features which are commonly seen with tooling from RaaS providers, such as an embedded ransom note to provide recovery instructions or automated means of transmitting encryption keys to attackers.
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=csswVeGUgEg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - Offensive Security
Additional information can be found at www.offensive-security.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=_Hd6p1do7rw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Write A Penetration Testing Report
This video outlines the importance of penetration testing reports and what makes up a good penetration testing report.
//LINKS
Penetration Test Reports: https://pentestreports.com/
SANS Whitepaper: https://www.sans.org/white-papers/33343/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link...
https://www.youtube.com/watch?v=J34DnrX7dTo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC30 - Red Team Village - BC Security
Additional information can be found at www.bc-security.org.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=RCXMqdr2h5k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Conti Costa Rica Ransomware Attack Explained | Security Insights By PurpleSec
On May 8th, 2022 the President of Costa Rica Rodrigo Chaves declared a national emergency due to an ongoing Conti ransomware campaign against several Costa Rican government entities starting in April of this year.
Conti is a prolific ransomware-as-a-service operation that has been infecting and damaging systems since it was first observed in 2020.
Attributed to the threat group called WizardSpider by CrowdStrike in 2019.
The group is also known for TrickBot and the Ryuk ransomware distributed through the ZLoader botnet which we previously reported as shutdown by Microsoft.
Chapters
---------------
00:00 - Summary Of The Attack
00:36 - What Happened?
01:13 - New & Novel Techniques
02:06 - The Ransom Demand
02:39 - Impact Of The Breach
03:04 - Preventing Ransomware Attacks
03:52 - Wrapping...
https://www.youtube.com/watch?v=hW3t36YG2s8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Performing Web Searches From Your Terminal
How to perform web searches from your terminal with Oh My Zsh.
Oh My Zsh: https://ohmyz.sh/
How to setup Oh My Zsh: https://www.youtube.com/watch?v=njDuayF9Q6k
Web Search Plugin: https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/web-search/web-search.plugin.zsh
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN...
https://www.youtube.com/watch?v=64TlFUnPiz4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Use Bug Bounty to Help Your Career!
So I've now had a job it security, whooo, but what did I learn? Well I spoke to a lot of people who hire for jobs and wanted to tell you what I learned when it came to career planning and how I leveraged my bug bounty knowledge to get that security job!
Sponsored by Detectify, find out more at: https://detectify.com/haksec
- Social Media -
Discord: https://insiderphd.dev/discord
Patreon: https://www.patreon.com/insiderphd
Twitter: https://twitter.com/insiderphd
https://www.youtube.com/watch?v=qhzthf-Ssow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My API Testing Automated Toolbox
APIs in the real world are huge, especially on large scope programs. In this video I share with you my top tools I use when testing and what I have in my toolbox. I tried to make this one short, but I really want to present a full methodology so you know what each tool does and how I use it to actually find bugs.
- The Tools -
Recon: Amass, Lazyrecon, webscreenshot, BBHT
API Enumeration: Kiterunner, fuff, Axiom, TomNomNom Wordlist method, inQL
Vulnerabilities: Autorize, logger++, SQLMap, NoSQLMap, JWT_Tool, Burp
- Social Media -
Discord: https://insiderphd.dev/discord
Patreon: https://www.patreon.com/insiderphd
Twitter: https://twitter.com/insiderphd
https://www.youtube.com/watch?v=5qSq1S2sRC8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Is Social Engineering Effective? (Expert Explains) | PurpleSec
We interview Darius Burt, who is a cyber security leader and a frequent voice in the community on all things social engineering.
During the interview Darius answers our burning question:
Why does social engineering work?
What You'll Learn:
- How human psychology is connected to social engineering.
- What personality types are most vulnerable to social engineering attacks.
- Three newer social engineering tactics in use by threat actors.
- How businesses can educate employees of the latest attacks beyond computer training.
Connect with Darius - https://www.linkedin.com/in/darius-burt-a146b8137/
#SocialEngineering #WhyItWorks #SecurityMaturity
https://www.youtube.com/watch?v=V7O8oeyIwkM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)