Pas d'actualité

Soutenez No Hack Me sur Tipeee

L'Actu de la veille

How to stay relevant as a cyber professional: Skills, trends and career paths to consider
Live ethical hacking workshop: https://www.infosecinstitute.com/webinar/ethical-hacking-workshop/?utm_source=youtube&utm_medium=webinar&utm_campaign=webinar As a cybersecurity professional, you need to constantly learn, but what new skills are employers asking for — both now and in the coming years? Join this webinar to learn how to position your career to stay ahead of the latest technology trends, from AI to cloud security to the latest security controls. Then, start future-proofing your career for long-term success. 00:00 Introduction 00:34 Live ethical hacking workshop 02:24 The evolving cybersecurity market 04:52 "Cloud" taking over many job titles 5:50 Importance of building on your current skills 8:37 Guidance on anticipating trends 13:22 AI's role in cybersecurity 20:58...
https://www.youtube.com/watch?v=joytlMrcmXY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2

The search continues...
Rake's epic quest to find intelligent life on this planet continues 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking ✏️ Tags: #cheatengine #guidedhacking #gamehacking game hacking tutorials gamehacking bible game hacking course guidedhacking.com game hacking courses guidedhacking game hacking rake guided hacking game hacking guidedhacking rake game hackers game hacking tutorials game hacking bible guidedhacking.com rake gamehacking
https://www.youtube.com/watch?v=nf9H52_8DFs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V
In recent years, CPU vulnerabilities such as transient-execution attacks and architectural CPU bugs have threatened computing security. Most of these bugs impact x86 CPUs due to their complex and legacy features. RISC-V, as a new and open CPU architecture, has the potential to address these vulnerabilities through its design. RISC-V is already gaining popularity across various domains, including embedded devices, single-board computers, laptops, phones, and cloud deployments. In this talk, we unveil multiple architectural CPU vulnerabilities in off-the-shelf RISC-V CPUs. For this, we introduce a highly effective automated approach for identifying such vulnerabilities. Our automated approach discovers the most severe architectural vulnerability to date and 2 unprivileged "halt-and-catch-fire"...
https://www.youtube.com/watch?v=1AAZUd_Yk7U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

All Your Secrets Belong to Us: Leveraging Firmware Bugs to Break TEEs
Modern TEEs depend on highly privileged firmware to securely implement complex features, coordinate between different hardware components, and provide a root of trust. Parts of AMD's SEV-SNP technology are implemented in firmware running on the Platform Security Processor. This talk details two vulnerabilities in this firmware and presents novel techniques to exploit such vulnerabilities. This results in a complete loss of confidentiality, as an attacker can decrypt arbitrary guest memory on affected systems. In some cases, an attacker can arbitrarily change the contents of encrypted memory leading to a complete loss of integrity of a running guest. By: Tom Dohrmann | Security Researcher Full Abstract and Presentation Materials: https://www.blackhat.com/us-24/briefings/schedule/#all-your-secrets-belong-to-us-leveraging-firmware-bugs-to-break-tees-40137...
https://www.youtube.com/watch?v=ra-Ef1QykwY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Privacy Tools and Tips for 2025!
Big thank you to DeleteMe for sponsoring this video. Go to http://joindeleteme.com/Bombal to receive a 20% discount. // Naomi Brockwell SOCIAL // YouTube: https://www.youtube.com/NaomiBrockwellTV NBTV Newsletter: https://nbtv.substack.com/ Merch Shop: https://shop.nbtv.media/ Instagram: https://www.instagram.com/nbtv.media/ TikTok: https://www.tiktok.com/@naomibrockwell Website: https://naomibrockwell.com/ // Website REFERENCE // https://www.ludlowinstitute.org/ https://privacytests.org/ https://venice.ai/ // Books REFERENCE // Beginners Introduction to Privacy by Naomi Brockwell: US: https://amzn.to/3VJQLqu UK: https://amzn.to/49JltWg Extreme Privacy by Michael Bazzell US: https://amzn.to/4gBEuw5 UK: https://amzn.to/3ZUQoM6 // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb...
https://www.youtube.com/watch?v=Z7AqBuc8Nrk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Binary Ninja Scripting with Python!
https://jh.live/snyk || Try Snyk for free and find vulnerabilities in your code and applications! ➡ https://jh.live/snyk Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter Learn Coding: https://jh.live/codecrafters Host your own VPN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4 Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5 📧JOIN THE NEWSLETTER ➡ https://jh.live/newsletter 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW...
https://www.youtube.com/watch?v=kgyRiQqc1FU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Emulating FIN6 - Gaining Initial Access (Office Word Macro)
Welcome to the next installment in our adversary emulation series! This video focuses on emulating initial access via a spear-phishing attachment—specifically, a malicious Word document with an embedded macro, just like FIN6 might use. 🚨 Next Up: If you want to manually develop your own VBA macros for initial access, don't worry—we've got you covered in the next video, where we'll dive deeper into crafting custom macros for red team operations. 🎥 Practical Labs: This video uses the CYBER RANGES platform to simulate a realistic attack environment. Try it out and follow along! // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU The lab used in this video: https://app.cyberranges.com/scenario/624cd3877733a30007185a15 🔗...
https://www.youtube.com/watch?v=hUBRnh5dzrI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Broken Security Promises: How Human-AI Collaboration Rebuilds Developer Trust
Traditional security approaches have long frustrated developers, creating friction and eroding trust. The endless vulnerability backlogs must become a thing of the past. Discover a fresh approach that transforms security from a bottleneck to a strategic advantage, where AI-powered insights work in harmony with human-in-the-loop expertise to rewrite the rules of code security and ship more secure code faster. Learn how combining artificial intelligence with human expertise will enable developers to: - Receive actionable, context-aware security feedback that doesn't interrupt development - Reduce false positives through intelligent human-in-the-loop analysis - Benefit from contextual, just-in-time security training We'll showcase real-world examples of how this human-AI collaborative approach...
https://www.youtube.com/watch?v=OZcaX38B2F8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Safety and You: Perspectives on Evolving Risks and Impacts
AI deployments are accelerating, plunging deeper into the systems we use daily. As the flag of innovation is waved atop the mountain of compute, one topic missing from the conversation is safety. AI Safety is often framed as the spirit animal of the existential risk crowd, making it appear as though it has little relevance unless you think AI will wipe out humanity, but this couldn't be further from the truth. As AI technology gets closer to us, more ingrained in our systems, and opaque algorithms used to make critical decisions, we must ensure these systems are safe to use. Various harms can manifest from these deployments. Not addressing AI safety almost ensures these harms emerge, affecting not only the organizations deploying these technologies but also the humans that use them. AI safety...
https://www.youtube.com/watch?v=s9cLeHR8CBA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution
WebAssembly (WASM) is a high-performance compiled language that is assembly-like and executes at high speeds in the browser. It can also be extended to Cloud Native, Mobile, IoT, blockchain and other fields. WASM bytecode is first compiled into machine code by the compiler and then executed in the WASM virtual machine. In our previous research [1], we discovered a number of security issues in the WASM compilation phase of the Safari browser. However, through analysis of these vulnerabilities, we found that most of them are difficult to exploit. The reason is that although they caused serious memory corruption during the compilation phase, it was limited by the "predefined code path", which restricted the method of using the bug to hijack the control flow. Fortunately, we found that the execution...
https://www.youtube.com/watch?v=X2JQrQQmOLA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers have hacked AI - Cisco Defense protects organizations #shorts #ai #cybersecurity #cisco
Big thank you to Cisco for sponsoring this video! Full interview here: https://youtu.be/YSGiFry4vI4 #shorts #ai #cybersecurity #cisco
https://www.youtube.com/watch?v=C0tIvYwlcgM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Detection Engineering with Wazuh
https://jh.live/wazuh || Try Wazuh completely for free, and start detection engineering with an open-source SIEM and XDR platform! https://jh.live/wazuh Sysmon: https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon Wazuh Documentation: https://documentation.wazuh.com/ Wazuh Custom Rules: https://documentation.wazuh.com/current/user-manual/ruleset/rules/custom.html Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter Learn Coding: https://jh.live/codecrafters Host your own VPN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4 Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5 📧JOIN...
https://www.youtube.com/watch?v=nSOqU1iX5oQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Would you buy this? Thinner Than Ever? Foldable Next?#shorts #apple #iphone17 #iphoneair
#shorts #apple #iphone17 #iphoneair
https://www.youtube.com/watch?v=UYBM-b4HS_s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is going to happen to TikTok? - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev MY NEW YOUTUBE VIDEO: https://www.youtube.com/watch?v=hs8tgsPSbNo Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 0:00 0 - Intro 0:08 1 - Cyber Trust Mark is Live 02:23 2 - Tencent Now Marked as a Military Company 04:26 3 - TikTok Ban and ByteDance Concerns 07:33 4 - Outro LINKS 🔗 Story 1: Cyber Trust Mark is Live https://www.theregister.com/2025/01/09/white_house_smart_device_security_label/ https://www.fcc.gov/CyberTrustMark https://www.energystar.gov/sites/default/files/asset/document/ES_factsheet_ByTheNumbers_171113.pdf https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/ 🔗...
https://www.youtube.com/watch?v=pz6OuA2dPSk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ACE Up the Sleeve: Hacking Into Apple's New USB-C Controller
With the iPhone 15 & iPhone 15 Pro, Apple switched their iPhone to USB-C and introduced a new USB-C controller: The ACE3, a powerful, very custom, TI manufactured chip. But the ACE3 does more than just handle USB power delivery: It's a full microcontroller running a full USB stack connected to some of the internal busses of the device, and is responsible for providing access to JTAG of the application processor, the internal SPMI bus, etc. Previous variants of the ACE, namely the ACE2 found in MacBooks, could easily be dumped and analyzed using SWD and even be persistently backdoored through a software vulnerability we found. On the ACE3 however, Apple upped their game: Firmware updates are personalized to the device, debug interfaces seem to be disabled, and the external flash is validated...
https://www.youtube.com/watch?v=-uxmmlQr3lA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Framework for Evaluating National Cybersecurity Strategies
As governments seek to confront today's complex and evolving threat landscape, they are experimenting with distinct approaches to safeguarding their national cybersecurity. This project compares a dozen key countries' national cybersecurity strategies in order to determine the most effective and innovative policy approaches that should inform global standards. The countries assessed include the US, China, the UK, Germany, South Korea, Singapore, the UAE, and Australia, among others. Having closely analyzed each strategy document and interviewed more than 20 officials and non-government experts representing all countries included in the study, we employ a two-dimensional framework to evaluate the strategies alongside one another against a 67-point rubric with an eye toward identifying leaders,...
https://www.youtube.com/watch?v=D3KKYD0JPcc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat Asia 2025 Video

https://www.youtube.com/watch?v=ZCXGT5a2F_A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat Asia 2025 - Sizzle Reel

https://www.youtube.com/watch?v=KbK1v65O6uU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Starlink Cybertruck #shorts #starlink #cybertruck #fires
#shorts #starlink #cybertruck #fires #wifi
https://www.youtube.com/watch?v=1cmUMCfBfJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The State of Cybercrime [2024]
https://jh.live/flare || Track down shady sellers, hunt for cybercrime, or manage threat intelligence and your exposed attack surface with Flare! Start a free trial and see what info is out there: https://jh.live/flare Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter Learn Coding: https://jh.live/codecrafters Host your own VPN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4 Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5 📧JOIN THE NEWSLETTER ➡ https://jh.live/newsletter 🙏SUPPORT THE CHANNEL...
https://www.youtube.com/watch?v=E40WYnGKhsc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are you using a Hacked AI system?
Big thank you to Cisco for sponsoring this video! Hackers are hacking AI models. Prompt injection attacks are happening all the time. AI's are hallucinating and giving incorrect information. The AI models you download could be made by hackers. Your users are posting confidential information like passwords and API keys into online AI models. Developers are leveraging AI systems in their applications without checking that the AI models are not open to prompt injections. Read more here: https://blogs.cisco.com/security/cisco-ai-defense-comprehensive-security-for-enterprise-ai-adoption We need a way to protect AI systems. And Cisco have a solution. // DJ Sampath's SOCIALS // LinkedIn: https://www.linkedin.com/in/djsampath/ Twitter/X: https://www.twitter.com/djsampath // David's SOCIAL...
https://www.youtube.com/watch?v=YSGiFry4vI4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Force Browser Refresh #shorts #microsoft #google #website
#shorts #microsoft #google #website
https://www.youtube.com/watch?v=RQyYQt2B07k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USB Ethernet Adapter Malware??? Chinese RJ45-USB Full Analysis - Part 1
Reverse engineering all stages with line by line code analysis. e3f57d5ebc882a0a0ca96f9ba244fe97fb1a02a3297335451b9c5091332fe359 OP https://epcyber.com/blog/f/chinese-rj45-usb-with-flash-memory-exe-recognized-as-malware -- OALABS PATREON https://www.patreon.com/oalabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs
https://www.youtube.com/watch?v=3IfJSGWIrCo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Do you know this about TCP (TCP Three-Way Handshake)? #shorts #tcp #wireshark #cybersecurity
Detailed video here: https://youtu.be/rmFX1V49K8U #shorts #tcp #internet #cybersecurity
https://www.youtube.com/watch?v=gswS_ASIB0U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BLOB Based Phishing Scams
https://jh.live/feedly || Use Feedly's TTP Dashboard to track tactics, techniques and procedures from threat actor campaigns described across threat intel reports -- all in real time: https://jh.live/feedly Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter Learn Coding: https://jh.live/codecrafters Host your own VPN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4 Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5 📧JOIN THE NEWSLETTER ➡ https://jh.live/newsletter 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝...
https://www.youtube.com/watch?v=I9SDnshT3pk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Incident response: What I learned from a hands-on project | Guest Gamuchirai Muchafa
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast Today on Cyber Work, we welcome Gamuchirai Muchafa from Africa's CyberGirls program to discuss her journey in cybersecurity. Muchafa shares the rigorous application process for this mentorship program, her transition from a healthcare assistant to an IT professional and the importance of documentation in cybersecurity. We delve into her experiences with incident response challenges and her hands-on project involving an automated incident detection and response system. Muchafa also reflects on her aspirations and offers advice for aspiring cybersecurity professionals. – View Cyber Work Podcast transcripts and...
https://www.youtube.com/watch?v=OSZ1Qi-tzSE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FIN6 Adversary Emulation Plan (TTPs & Tooling)
Step into the world of adversary emulation with this in-depth video on the FIN6 Emulation Plan. Learn how to use the Center for Threat-Informed Defense (CTID) Adversary Emulation Library to craft a comprehensive emulation plan that replicates FIN6's sophisticated TTPs. This video will provide you with: An intelligence summary of FIN6, and the FIN6 emulation plan detailing TTPs from initial access to discovery, privilege escalation, and exfiltration. The Adversary Emulation Fundamentals labs used in this video and series are available for free on CYBER RANGES to practice and refine your emulation skills. // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU Lab used in this video: https://app.cyberranges.com/scenario/624cb3bd7733a30007185990 🔗...
https://www.youtube.com/watch?v=qEfk44G4zFM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Open Linux Files in Windows and Windows Files in Linux! #linux #windows #microsoft #shorts
#linux #windows #microsoft #shorts
https://www.youtube.com/watch?v=v7My_iGm9K0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Developing An Adversary Emulation Plan
Creating an adversary emulation plan is a critical process for red teamers and cybersecurity professionals aiming to improve their organization's threat detection and response capabilities. In this video, we break down the entire process starting with how to select a threat actor relevant to your industry or geolocation, finding and leveraging Cyber Threat Intelligence (CTI) to gather insights on the adversary, and mapping the adversary's TTPs using the MITRE ATT&CK framework. 🔗 Video Resources & References Explore the comprehensive APT Groups and Operations Directory to find details on APT groups by region, their TTPs, and campaigns: https://apt.threattracking.com APTnotes: https://github.com/kbandla/APTnotes APT & CyberCriminal Campaign Collection: https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections //...
https://www.youtube.com/watch?v=1N49x1EWw7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kali Linux install in 5 minutes (Microsoft Windows) - BAD or GOOD option?
It's very easy to install Kali Linux on Windows 11 using Hyper-V. BUT, would you use it? Or would you rather use VirtualBox or Vmware Workstation or something else? In this video I show you how to download and use Kali Linux in Hyper-V and also discuss if it is good or not. Do you agree with what I said? // PDF REFERENCE // Kali Linux Hyper-v PDF: https://davidbombal.wiki/kalilinuxhyperv // Article REFERENCE // Windows 11 Hyper-V System Requirements: https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/hyper-v-requirements // Other install options // Kali Linux USB persistence the right way: https://youtu.be/Hxau-bh8gr4 Kali Linux NetHunter install: https://youtu.be/Lqu-G7sqClA Kali Linux (VirtualBox) Install: https://youtu.be/MPkni85O9JA Kali Linux Nethunter Pro...
https://www.youtube.com/watch?v=TGmjaK_dUGc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How 3 Hackers Combined Their Skills for Big Bounties! (And how you can do it too)
Join us in this special episode as we sit down with the winners of Bugcrowd's Hacker Showdown Carnival of Chaos virtual event: sw33tLie, bsysop, and godiego! Discover their hacking methodologies, collaboration techniques, and their journey to victory. Learn how they met, their advice for forming your own team, and the coolest exploits they uncovered during the event. If you're interested in bug bounties, team hacking, or just want to meet more hacker friends, this episode is a must-watch! 00:00 Introduction and Special Guests 01:04 Meet the Hackers 02:55 Carnival of Chaos Experience 04:32 Collaboration and Team Dynamics 06:15 Roles and Strategies in Hacking 13:00 Finding the Right Collaborators 15:25 Live Hacking Events vs. Virtual Events 22:30 Coolest Findings and Bug Stories 29:52 Advice...
https://www.youtube.com/watch?v=gUuDyIE44bc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Active Directory!
Slavi Parpulev teaches all about the inner-workings of Active Directory -- and how it can be taken advantage of by attackers! Learn more from Slavi at: https://justhacking.com
https://www.youtube.com/watch?v=UlgQ8A0daP0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS Threat Analysis Rundown with Katie Nickels | January 2025
This month, Katie will be joined by SANS CTI Summit co-chairs Rebekah Brown and Rick Holland for a preview of the upcoming event. They will highlight key talks as well as share foundational CTI knowledge to help attendees get the most out of the summit, no matter their background. Be sure to register for the free Live Online CTI Summit now!
https://www.youtube.com/watch?v=1LNUuyE3GJs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

They really are listening to you! #shorts #privacy #apple #iphone
#shorts #privacy #apple #iphone
https://www.youtube.com/watch?v=umzupnMHeRw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

You want Privacy? Ditch iOS and Android and use the best privacy phone (2025 edition)
Many of you asked for shorter videos. So here you go. Full interview coming soon. // Naomi Brockwell SOCIAL // YouTube: https://www.youtube.com/NaomiBrockwellTV NBTV Newsletter: https://nbtv.substack.com/ Merch Shop: https://shop.nbtv.media/ Instagram: https://www.instagram.com/nbtv.media/ TikTok: https://www.tiktok.com/@naomibrockwell Website: https://naomibrockwell.com/ // Website REFERENCE // https://www.ludlowinstitute.org/ https://privacytests.org/ https://venice.ai/ // Books REFERENCE // Beginners Introduction to Privacy by Naomi Brockwell: US: https://amzn.to/3VJQLqu UK: https://amzn.to/49JltWg Extreme Privacy by Michael Bazzell US: https://amzn.to/4gBEuw5 UK: https://amzn.to/3ZUQoM6 // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal...
https://www.youtube.com/watch?v=r5C38--z8OQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

⁨‌ㅤ⁩
Leave a comment for what you think the video title should be and I'll set the title to whichever has the most likes! Fortinet Writeup: https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain Learn Cybersecurity with Just Hacking Training: https://justhacking.com Learn Coding: https://jh.live/codecrafters Don't listen to other "influencer" VPN crap -- host YOUR OWN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4 Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5 📧JOIN MY NEWSLETTER ➡ https://jh.live/email 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝...
https://www.youtube.com/watch?v=OMTLsslHSN0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Edinburgh w/ Amazon and AWS
In September, some of the best security researchers in the world joined the Amazon and AWS teams in Edinburgh, Scotland, for a live-hacking event fit for a Scottish king. 👑 This collaboration with the security researcher community is vital to Amazon and AWS' commitment to comprehensive security for their users and customers. See the highlights and which security researchers were able to climb to the top of the leaderboard. For more information about HackerOne, visit https://www.hackerone.com/
https://www.youtube.com/watch?v=xIIPn4CV9eM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Godot Game Used As Malware
https://jh.live/keeper || Keeper Security offers a privileged access management solution to deliver enterprise grade protection all in one unified platform -- keep your users, your data, and your environment secure with Keeper! https://jh.live/keeper Check Point Research Writeup: https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/ Resetti's Blog: https://0xresetti.github.io/ Learn Cybersecurity with Just Hacking Training: https://justhacking.com Join The Newsletter: https://jh.live/newsletter Learn Coding: https://jh.live/codecrafters Don't listen to other "influencer" VPN crap -- host YOUR OWN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4...
https://www.youtube.com/watch?v=fV-pTu5T59M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction To Advanced Persistent Threats (APTs)
This informative video is designed to give you a comprehensive understanding of Advanced Persistent Threats (APTs). In this video, you will learn what APTs are, how they differ from traditional threat actors, and why they pose a significant challenge to organizations worldwide. This video also explores the categorization and naming of APT Groups based on nation-state affiliation, motivations, and the tactics they employ to achieve their objectives. This video also sheds light on the complexities of APT naming conventions used by major cybersecurity vendors, such as CrowdStrike and Mandiant, and the challenges in tracking these elusive groups. 🔗 Don't miss this resource: Access the "APT Groups and Operations" repository here: https://apt.threattracking.com — a comprehensive spreadsheet...
https://www.youtube.com/watch?v=CwSG5sa0Nao
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Our Top 10 Cybersecurity Stories of 2024 - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 0:00 0 - Intro 10 - All The AI Fails 9 - NVD Went AFK 8 - So Many Supply Chain Attacks 7 - Kaspersky Banned 6 - ShinyHunters and The Ticketmaster Fallout 5 - Welcome Back Net Neutrality 4 - Salt Typhoon Owns the US TelCos 3 - XZ-Utils Backdoor 2 - Progressions of the Internet Archive 1 - CrowdStrike 0 - Outro All ThreatWire episodes about these stories 10. All The AI Fails: https://youtu.be/_32wmVR06WY https://youtu.be/xy14cXRbpG0 https://youtu.be/4Wwq4xXlZ1A https://youtu.be/3X5a_mNynDw https://youtu.be/L0IBbmmaMiU 9....
https://www.youtube.com/watch?v=kHUA4mcepg0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

we de-virtualized the anti-cheat, now what?
devious alien mastermind travels 5 million light years with his goon squad of shape-shifting reverse engineers to unlock the sacred knowledge embedded in vanguard anticheat 🔥 Bypass Kernel Anti-Cheat Here: https://guidedhacking.com/threads/how-to-bypass-kernel-anticheat-develop-drivers.11325/ 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ✏️ Tags: #anticheat #anticheats #gamehacking kernel hacks kernelmode anticheat guidedhacking Bypass Kernel Anti-Cheat kernel game hacking hacking games with kernel drivers kernel cheats vulnerable kernel drivers kernel game hacking bypass kernel drivers kernel cheats #gamehacking #kernel #anticheat Kernel...
https://www.youtube.com/watch?v=YrsIlWi3Ibk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Ethical Hacker Roadmap with lots of free training (NOT Sponsored)
This video is NOT sponsored by TCM Security and I DO NOT get any affiliate commission if you use the links in the video description to buy courses etc from TCM. Also, in the interest of transparency: Heath mentions in the video and in the linked article that references to TCM Security are marked as self-promotion. I love it that Heath is providing so much free training and low cost training to the community. Heath is very well known and respected in the cybersecurity community. I love that he is making so much content available for free via his YouTube channel and on his website. Watch his content on YouTube, take the free courses and also do you own research and make your own decisions about the training and references he mentions. There are so many options out there for free training...
https://www.youtube.com/watch?v=OCjh8AULc8Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to hack an API: A walkthrough | Guest Katie Paxton-Fear
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast Join us on Cyber Work Hacks as Katie Paxton-Fear, known as InsiderPhD, demonstrates how to hack APIs and uncover vulnerabilities in shopping apps. Paxton-Fear provides a visual walkthrough of common mistakes in API security, emphasizing problem-solving and creativity over technical skills. You'll learn how to use tools like Burp Suite and Repeater to exploit vulnerabilities, access personal information and make unauthorized transactions. Paxton-Fears' insights make API hacking an accessible entry point into cybersecurity, highlighting the path to becoming a bug bounty hunter. Plus, discover tips on starting your...
https://www.youtube.com/watch?v=-CvvtwKXYjE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Customer Testimonial: Amazon and AWS
For Amazon and AWS, their bug bounty programs give their security teams unique insight into their entire digital landscape. Through their programs, the Amazon and AWS teams work with researchers from around the world to continuously test their platform and products. See how their teams regularly engage the researcher community to protect customer data, drive collaboration, and foster knowledge sharing. For more information on HackerOne products visit: https://www.hackerone.com/
https://www.youtube.com/watch?v=pNJNdrZN0YA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Flipper Zero vs. Internet of Amazon Trash (IAT)? #shorts #flipperzero #flipper #amazon #alarm #bike
#shorts #flipperzero #flipper
https://www.youtube.com/watch?v=37eC4IotYk4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I was just awarded 0,000 for hacking into Facebook! #bugbounty #hacking #pentest

https://www.youtube.com/watch?v=LUVm6uaZuJA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Be Kind, Rewind... The USN Journal
In this episode, we'll explore groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” This innovative technique reveals how to uncover the original locations of files recorded in the USN Journal, even after their corresponding NTFS FILE records have been reused by different files. 🛑 If you need a refresher on the prerequisites for this episode, watch these: Introduction to MFTECmd - NTFS MFT and Journal Forensics: https://www.youtube.com/watch?v=_qElVZJqlGY Anatomy of an NTFS FILE Record - Windows File System Forensics: https://www.youtube.com/watch?v=l4IphrAjzeY NTFS FILE Record Reuse: https://www.youtube.com/watch?v=6LpJVx7PrUI *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 05:03...
https://www.youtube.com/watch?v=GDc8TbWiQio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking Tools (with demos) that you need to learn in 2025
So you're got Kali Linux or Parrot OS installed. Now what? These are the top Hacking Tools that you need to learn. // YouTube Video REFERENCE // Hacking Tools with Demos that you need to learn in 2024: https://youtu.be/GxkKszPVD1M Demo of Microsoft Window's Hack developed by NSA: https://youtu.be/zExZsLCHp1I Real World Hacking Demo with OTW: https://youtu.be/R1amgARgFDs // YouTube Playlist REFERENCE // Linux Basics for Hackers: https://www.youtube.com/watch?v=YJUVNlmIO6E&list=PLhfrWIlLOoKOs-fjCPHdzD2icF2vORfwK // Occupy The Web Books // Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK:...
https://www.youtube.com/watch?v=cziZ8aJ4wFU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Printer Hax & Wildcard Tunneling - Hak5 '25x01
Darren Kitchen is joined by Alex Lynd and Dade to get into cups printer hacks, shark jack nmap payloads, linux keystroke injection printer attacks and rolling your own tunnels the wild way. All that and more, this time on Hak5. Alex Lynd: https://lyndlabs.io/ Dade: https://0xda.de/ Thermal label printer recommendations: Darren says go Zebra - https://www.zebra.com/us/en/products/printers Alex is a fan of Rollo - https://www.rollo.com/intro-print/ Hacker Chat w/ Alex Lynd & Darren Kitchen! https://www.youtube.com/watch?v=VihVajUhY1o Dade's Roll Your Own Tunnel: https://0xda.de/blog/2024/04/can-you-grok-it/ 0:00 - Intro 0:27 - CUPS Hax & SharkJack Payloads 15:36 - Roll your own Tunnels with Wildcards 20:30 - Beware the Key Croc 21:43 - Outro & DuckyScript Payload 26:04 - Bloopers -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Shop...
https://www.youtube.com/watch?v=HPXPD6m2erk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BYPASS Cheat Engine Integrity Checks Like a PRO!
🔥 Learn How to BYPASS Integrity Checks using Cheat Engine! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking This x64 Cheat Engine tutorial replaces our old x86 beginner tutorial in the Game Hacking Bible. Most games are 64bit now so we are updating all our old content. Guided Hacking's number one goal for 2025 is to remake all our old content with perfect audio, perfect video quality, targeting open source 64bit games using the latest versions of all software. This tutorial walks you through the built in tutorial of Cheat Engine 7.5. This tutorial should work with all new versions of Cheat Engine. ©GuidedHacking - GuidedHacking™ 🔗 Article 2:...
https://www.youtube.com/watch?v=m799riuoR5M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

403 Bypass and Deserialization in BentoML Library (CVE-2024-2912) - "Summar-AI-ze" [Web Challenge]
🚩 Video walkthrough for the "Summar-AI-ze" (web) challenge I created and hosted on my NEW website (https://cryptocat.me)!! Players were required to bypass a 403 error by using the X-Forwarded-For HTTP header, allowing them to activate an internal feature and grant their account beta access. The "beta" feature was a word summarization tool, running BentoML (LLM) on the backend. Players could identify the library by changing the content-type, triggering an error. Some research would yield CVE-2024-2912; a python pickle deserialization vulnerability, discovered by PinkDraconian 💜 Players could use the supplied PoC to gain code execution and exfiltrate the flag using curl 😎 #CTF #Challenge #CryptoCat Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/cryptocat/summaraize Join...
https://www.youtube.com/watch?v=5NCzDZcx_Dg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

78% of IT pros are confident about their careers #cybersecurity
Despite some negative outlooks in the tech market, the IT sector remains robust with ongoing hiring and a high level of career optimism among professionals, says CompTIA's Patrick Lane. This video discusses the significant role of AI in enhancing productivity by helping IT professionals manage overwhelming tasks such as filtering thousands of security alerts daily. The positive impacts of technology on the industry are highlighted, showcasing how fears around new tech are being replaced by increased efficiency and growth.
https://www.youtube.com/watch?v=A0JMdYHJ4Nw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FREE Programming courses (Python, C, SQL and more)
Change your life in 2025! You have access to fantastic training from the amazing Dr Chuck - no excuses!! // Python for Everybody // Python for Everybody: https://www.py4e.com/ Python for Everybody on Coursera: https://www.coursera.org/specializations/python YouTube: https://youtu.be/8DvywoWv6fI Free Python Book: http://do1.dr-chuck.com/pythonlearn/EN_us/pythonlearn.pdf Dr Chuck's Website: https://www.dr-chuck.com/ Free Python Book options: https://www.py4e.com/book // C for Everybody Course // Free C Programming Course https://www.cc4e.com/ Free course on YouTube (freeCodeCamp): https://youtu.be/j-_s8f5K30I C Programming for Everybody on Coursera: https://www.coursera.org/specializations/c-programming-for-everybody // C book Audio by Dr Chuck // https://www.cc4e.com/podcast // Django...
https://www.youtube.com/watch?v=gwwtae_flKk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why is IL2CPP Harder to Hack?
🔥 What is IL2CPP? Is it harder to hack than Unity's normal .NET? 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking ✏️ Tags: #unityengine #gamemodding #gamedev how to hack il2cpp games hack il2cpp games hack unity games il2cpp how to use il2cpp dumper decompile il2cpp game unity hacking tutorial unity il2cpp game hacking il2cpp game hacking il2cpp hacking il2cpp dnspy il2cpp ida pro unity il2cpp game modding tutorial unity game hacking il2cpp modding melon loader how to hack unity games game hacking how to mod il2cpp games unity explorer il2cpp hack how to mod unity games
https://www.youtube.com/watch?v=2v8GGtHFv2o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is the CompTIA Xpert Series? #SecurityX #DataX #CloudNetX
CompTIA's Patrick Lane discusses CompTIA's rebranding of CASP+ to SecurityX as part of their new Xpert Series to highlight their expert-level certifications. Learn about the new certifications, including SecurityX for advanced cybersecurity skills, DataX for expert-level data scientist skills, and the upcoming CloudNetX for network architects in hybrid environments.
https://www.youtube.com/watch?v=D7ti3L3u7mM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering File Layers: Unlocking Payload Secrets
https://www.youtube.com/watch?v=L38prIs4hhM
https://www.youtube.com/watch?v=zsSnkj7OMV4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spying on Scammers
https://jh.live/anydesk || Join the fight against scammers alongside AnyDesk, with fast remote desktop software and access from anywhere! https://jh.live/anydesk Special thank you to @NightSec for his help with this video. Learn Cybersecurity with Just Hacking Training: https://justhacking.com Learn Coding: https://jh.live/codecrafters Don't listen to other "influencer" VPN crap -- host YOUR OWN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4 Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5 📧JOIN MY NEWSLETTER ➡ https://jh.live/email 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝...
https://www.youtube.com/watch?v=n-31cfEZPu8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Creating a Secure Password Archive: Step-by-Step Guide
https://www.youtube.com/watch?v=L38prIs4hhM
https://www.youtube.com/watch?v=n7AKghEImQY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Revolutionary Tool to Combat Session Hijacking Risks
https://www.youtube.com/watch?v=hdE4l6O_xXM
https://www.youtube.com/watch?v=K8By_yWYH00
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Uncovering GNU vs. BusyBox TAR: The Hidden Tricks
https://www.youtube.com/watch?v=L38prIs4hhM
https://www.youtube.com/watch?v=pLfEbo_i1R0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Your Browser: Secure Your Saved Passwords Today
https://www.youtube.com/watch?v=hdE4l6O_xXM
https://www.youtube.com/watch?v=D6c5Ut4xrqQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CompTIA SecurityX is here (CASP+ is no more): What you need to know
Free Resources – Cybersecurity salary guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide/?utm_source=youtube&utm_medium=webinar&utm_campaign=webinar – Cybersecurity certification roadmap: https://www.infosecinstitute.com/form/cybersecurity-certification-roadmap/?utm_source=youtube&utm_medium=webinar&utm_campaign=webinar – Emerging trends checklist: https://www.infosecinstitute.com/form/cybersecurity-trends-certification-checklist/?utm_source=youtube&utm_medium=webinar&utm_campaign=webinar The CompTIA CASP+ certification is getting an overhaul — and a name change. Meet SecurityX, the updated expert-level cybersecurity certification from CompTIA. Why is the name changing, and how will it impact the career goals of cybersecurity professionals...
https://www.youtube.com/watch?v=ZVtPSZbA8yY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why employees keep bypassing cybersecurity #cybersecurityawareness
Theo Nasser discusses the challenges organizations face in prioritizing security while enabling employees to perform their job effectively. The focus shifts from traditional security awareness to human risk management, emphasizing the importance of understanding employees' needs. Learn how to achieve security objectives without hindering daily work goals and discover the future direction of human risk management.
https://www.youtube.com/watch?v=qCgv7WmFYLw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding Docker Changes: OCI Format Explained
https://www.youtube.com/watch?v=L38prIs4hhM
https://www.youtube.com/watch?v=ReITMAmfilg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering Reddit Security: Log In Safely Every Time
https://www.youtube.com/watch?v=hdE4l6O_xXM
https://www.youtube.com/watch?v=SLfSaPav4Zo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The BEST Unreal Engine Dumper!
🔥 Download Unreal Engine Dumper at GuidedHacking.com 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking Download the GH Unreal Engine Dumper here: https://guidedhacking.com/resources/gh-unreal-engine-dumper-ue4-cheat-engine-plugin.763/ GH UE Dumper Developer: PeaceBeUponYou Video creator: Mewspaper Hacking Unreal Engine games has never been easier with the Guided Hacking Unreal Engine Dumper. View every class that makes up a game along with its fields and methods, dump every live object, browse and modify fully named fields with the UE structure dissector, and even call methods with the dumper's API. All of this integrated seamlessly into Cheat Engine....
https://www.youtube.com/watch?v=w-4f3bgl6PY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is human risk management? #cybersecurityawareness
Explore the concept of human risk management and its importance in breaking down barriers and reducing friction within organizations. We discuss the necessity for closer collaboration between GRC teams and security operations teams to enhance security awareness programs. By improving communication and sharing intelligence, security teams can gain more visibility and proactively address risks. We also delve into how tailored security training programs can be built based on the specific behaviors and risks identified within an organization, leading to more effective security leadership.
https://www.youtube.com/watch?v=9FoowwkidYg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why repetition matters in cybersecurity #cybersecurityawareness
Explore how continuous feedback and practice enhance learning and behavior improvement in the workplace. The video highlights the importance of immediate alerts for mistakes, allowing employees to self-regulate and refine their skills. This repetitive learning process not only aids professional growth but also positively impacts personal life, promoting cybersecurity awareness that can be shared with family and friends.
https://www.youtube.com/watch?v=-YQCNVl9A3M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advent of Cyber Day 24: MQTT & Wireshark
Check out TryHackMe's Advent of Cyber Event: https://tryhackme.com/r/christmas?utm_source=youtube&utm_medium=social&utm_campaign= Join Katie, aka InsiderPhD, on the 24th day of TryHackMe's Advent of Cyber! Today, we're diving into the mysterious world of communication protocols, focusing on the MQTT protocol. Discover how the city of Wereville faces off against Mayor Malware's sabotage of smart lights and HVAC systems. Using Wireshark, Katie demonstrates how to analyze MQTT traffic, understand the publish-subscribe model, and reverse engineer networking protocols. With a blend of British humour and hands-on learning, Katie leads you through the process of identifying malicious commands and securing IoT devices. By the end, you'll learn how to troubleshoot smart devices, monitor network...
https://www.youtube.com/watch?v=ct6393M_Iow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bridging the gap: From security awareness training to human risk management
Learn more about human risk management: https://www.infosecinstitute.com/iq/human-risk-management/?utm_source=youtube&utm_medium=webinar&utm_campaign=webinar With 68% of data breaches involving the human element, security awareness training is essential to managing cyber risk. But how can you mature your program to enhance visibility into that risk, reduce security alerts and drive an organization-wide culture of security? The answer is human risk management. Join us in learning from two human risk and security awareness training leaders: Bret Fund, Infosec SVP and General Manager, and Theo Nasser, Right-Hand Cybersecurity CEO and Co-Founder. They'll discuss: 0:00 Introduction 1:43 Stats on security awareness and training 6:25 What is human risk management 10:42 How is user...
https://www.youtube.com/watch?v=j5auhsdPVBo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BEAT the Cheat Engine Mini Games Before They BEAT YOU!
🔥 Learn How To Beat The x64 Cheat Engine Mini Games with this 2024 Walkthrough! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking This x64 Cheat Engine tutorial replaces our old x86 beginner tutorial in the Game Hacking Bible. Most games are 64bit now so we are updating all our old content. Guided Hacking's number one goal for 2025 is to remake all our old content with perfect audio, perfect video quality, targeting open source 64bit games using the latest versions of all software. This tutorial walks you through the built in tutorial of Cheat Engine 7.5. This tutorial should work with all new versions of Cheat Engine. ©GuidedHacking - GuidedHacking™ 🔗...
https://www.youtube.com/watch?v=BuU294NVnMc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 14. What is Next
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=yTP6vgoJSfU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 13. Exception Handling
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=aQ6LQ4s5Y9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 12. Working with Files and Installing Modules
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=_YbYUHJDGd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 11. Classes
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=JCvxEBLB4bE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hak5 Payload Awards - 2023/2024
Join Hak5 host Darren Kitchen and Ali Diamond as we celebrate and reward the most creative payload contributions from our community in 2023 and 2024! ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=FjEi0OPqsFM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS Threat Analysis Rundown with Katie Nickels | December 2024
Are you staying ahead of the latest cyber threats? In a rapidly evolving digital landscape, being informed is your best defense. Join SANS Certified Instructor Katie Nickels, your expert guide, as she breaks down the latest cybersecurity threats you need to know about. Each month, Katie brings in top voices from across the community to deliver diverse insights and fresh perspectives on the most pressing developments in cybersecurity. Don't miss out on these vital updates that could make all the difference in your security strategy. Subscribe now and stay informed! Learn more about Katie Nickels: X: https://x.com/likethecoins LI: https://www.linkedin.com/in/katie-nickels/ FOR578: Cyber Threat Intelligence https://sans.org/for578 #cyberthreat #cyberthreatintelligence #analysis...
https://www.youtube.com/watch?v=srHWWm39KA4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RIOT GAMES Cracks Down on Cheaters HARD
When Riot Games curb stomps paycheat devs, God laughs. 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ✏️ Tags: #valorant #riotgames #anticheat vanguard anticheat valorant anti-cheat riot games anticheat bypass riot games gamerdoc anti-cheat bypass valorant cheats valorant hacks riot games anticheat gamerdoc
https://www.youtube.com/watch?v=x6WoLuhOYeg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DDOS-For-Hires Attacked - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:12 1 - Take Downs of DDOS for Hire 01:39 2 - Microsoft LDAP At High Risk 02:48 3 - BADRAM fleeces AMD 05:04 4 - Outro LINKS 🔗 Story 1: Take Downs of DDOS for Hire https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-shuts-down-27-ddos-booters-ahead-of-annual-christmas-attacks https://www.theregister.com/2024/12/12/operation_poweroff_ddos_takedowns/ 🔗 Story 2: Microsoft LDAP At High Risk https://www.securityweek.com/microsoft-ships-urgent-patch-for-exploited-windows-clfs-zero-day/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 🔗...
https://www.youtube.com/watch?v=5LGccembC7Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Report to Results: Building Resilience with Insights from the Hacker-Powered Security Report
The 8th Annual Hacker-Powered Security Report just launched. How can you interpret it to make the case for your own human-powered security program, attract more security researchers to your programs, or incentivize more impactful vulnerability reports? This webinar, featuring HackerOne customers and a leading member of our security researcher community, will answer that question. Learn More: https://www.hackerone.com/events/report-results-hacker-powered-security-report
https://www.youtube.com/watch?v=tAGF4pFSs6M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction To Adversary Emulation
This video introduces you to Adversary Emulation and its role in Red Team operations. Furthermore, this video also explains the differences between Adversary Emulation and Simulation. Adversary emulation in the context of Red Teaming is the process of mimicking/emulating the tactics, techniques, and procedures (TTPs) of a threat actor/adversary to test the effectiveness and efficacy of an organization's defenses. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege...
https://www.youtube.com/watch?v=CUMhiSdOSkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Write Great Bug Bounty & Pentest Report (Proof of Concepts)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=qR_OQsRFd7g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CompTIA CySA+: Your key to cybersecurity analyst roles | Guest James Stanger
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast In this episode of Cyberwork Hacks, host Chris Sienko speaks with James Stanger from CompTIA about the CySA+ certification, designed for aspiring cybersecurity analysts. They discuss the certification's importance, breaking down its domains and how it prepares candidates for hands-on security roles. Addressing concerns about AI and the evolving role of security analysts, Stanger emphasizes the need for continuous upskilling. He also shares practical advice for those considering the certification, highlighting its practical, hands-on learning approach. Tune in for insights on how CySA+ can be a calling card in...
https://www.youtube.com/watch?v=jwv6c8YiIQk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Game Hacking Bible = The Best Resource for Beginners #gamehacking
🔥 The Game Hacking Bible is Step by Step Learning For Beginners 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking ✏️ Tags: #cheatengine #guidedhacking #gamehacking game hacking tutorials gamehacking bible game hacking course guidedhacking.com game hacking courses guidedhacking guided hacking game hacking guidedhacking rake game hackers game hacking tutorials game hacking bible gamehacking
https://www.youtube.com/watch?v=9dunEhqSQcg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ChatGPT Advanced Voice Mode with Vision - Testing Screenshare 🤯

https://www.youtube.com/watch?v=JcVfUDjIyoc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MASTER the x64 Cheat Engine Tutorial in 2024!
🔥 Learn How To Complete The x64 Cheat Engine Tutorial with this 2024 Beginner Walkthrough! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking This x64 Cheat Engine tutorial replaces our old x86 beginner tutorial in the Game Hacking Bible. Most games are 64bit now so we are updating all our old content. Guided Hacking's number one goal for 2025 is to remake all our old content with perfect audio, perfect video quality, targeting open source 64bit games using the latest versions of all software. This tutorial walks you through the built in tutorial of Cheat Engine 7.5. This tutorial should work with all new versions of Cheat Engine. ©GuidedHacking -...
https://www.youtube.com/watch?v=P0Kfn8pmgZg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advent of Cyber Day 13: Exploring WebSocket Vulnerabilities with InsiderPhD
Check out TryHackMe's Advent of Cyber Event: https://tryhackme.com/r/christmas?utm_source=youtube&utm_medium=social&utm_campaign= Join me, in today's TryHackMe Advent of Cyber Day 13 walkthrough, where she diving into WebSockets and WebSocket message manipulation vulnerabilities. Learn about WebSocket message manipulation, common security risks such as weak authentication, message tampering. Follow along as I demonstrates how to identify and exploit WebSocket vulnerabilities in a web application. Perfect for anyone interested in web security, bug bounty hunting, and real-time communication protocols. 00:00 Introduction and Welcome 00:26 Story Setup: The Threat in Wareville 01:22 Understanding WebSockets 02:54 WebSocket Vulnerabilities 04:08 WebSocket Message Manipulation 07:33 Practical...
https://www.youtube.com/watch?v=ozgRXn44FF0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unboxing Hak5 Gear Live with @endingwithali and @Hak5Darren
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=V4O2L2WUNWg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI Finally Recommends Use of Encrypted Messaging - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 0:00 0 - Intro 0:10 - Salt Typhoon Is In The Network 2:53 - US to Ban Data Brokers 4:34 - Ma' Bell to Nix Landlines 5:31 - Outro LINKS 🔗 Story 1: Salt Typhoon Is In The Network https://www.bleepingscomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/ https://www.bleepingcomputer.com/news/security/white-house-salt-typhoon-hacked-telcos-in-dozens-of-countries/ https://www.cybersecuritydive.com/news/tmobile-salt-typhoon-telecom-attack-campaign/734729/ https://www.mactech.com/2024/12/03/fbi-cisa-says-iphone-android-users-shouldnt-text-each-other/ https://www.cbc.ca/news/business/us-phone-hack-text-message-safety-1.7404286 https://arstechnica.com/tech-policy/2024/12/us-recommends-encrypted-messaging-as-chinese-hackers-linger-in-telecom-networks/ https://www.securityweek.com/white-house-says-at-least-8-us-telecom-firms-dozens-of-nations-impacted-by-china-hacking-campaign/ https://www.trendmicro.com/en_us/research/24/k/earth-estries.html https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure 🔗...
https://www.youtube.com/watch?v=PNIhJndVMrI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1 YEAR AT HAK5 FEATURING SPECIAL GUESTS
LIVE WRITING THREATWIRE -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=DWmLH1YfVMo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is the Thread Stack? 👨‍💻
🔥 Learn How To Hack Games @ GuidedHacking.com 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking ✏️ Tags: #cheatengine #gamehacking #reverseengineering main thread thread stack windows virtual memory thread stack pointer threadstack memory stack thread stack pointer
https://www.youtube.com/watch?v=6mBCcQ57tZ0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Penetration testing careers 101: Learning and getting certified | Cyber Work Hacks
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast In this episode of Cyber Work Hacks, guest James Stanger from CompTIA dives into the PenTest+ certification. He explains the critical distinctions between pentesting and hacking and outlines the essential career skills involved in pentesting, such as network discovery, social engineering and vulnerability analytics. Viewers will also learn about hands-on activities to enhance their resumes and hear valuable advice for entering cybersecurity roles. The episode touches on adjacent career paths like GRC, threat hunting and vulnerability management while providing practical tips for preparing for the PenTest+...
https://www.youtube.com/watch?v=YgS67oVEyBQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding ⛔️403 Bypasses⛔️ (With Examples)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=PvpXRBor-Jw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering Persistence: Using an Apache2 Rootkit for Stealth and Defense Evasion
In this video, I demonstrate the process of establishing persistence and evading defenses on Linux through the use of an Apache2 rootkit. The lab used in this video can be accessed for free on the CYBER RANGES platform. The links to the platform and lab are listed below: // CYBER RANGES CYBER RANGES: https://app.cyberranges.com SQL Injection Lab: https://app.cyberranges.com/scenario/67474e64a3907f65136f1a6d //LINKS Apache2 Rootkit: https://github.com/ChristianPapathanasiou/apache-rootkit //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=Ra2altDvPYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Roblox Hackers SELL OUT! #robloxhackers #robloxexploits
💰 Roblox "acquired" the Synapse paycheat company 🔥 Learn How To Hack Games @ GuidedHacking.com 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking ✏️ Tags: #robloxexploits #roblox #robloxhackers roblox exploiting roblox cheats roblox hacks roblox script executor roblox scripts free roblox executor roblox exploit
https://www.youtube.com/watch?v=xLhpn3HhzDQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Valorant Wants You To Hack Them - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:08 1 - First Bootkit for Linux Discovered 02:19 2 - Valorant 100k Bounty 03:26 3 - Pokemon GO used to Map the World 04:42 4 - Outro LINKS 🔗 Story 1: First Bootkit for Linux Discovered https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/ 🔗 Story 2: Valorant 100k Bounty https://hackerone.com/riot?type=team https://www.si.com/esports/news/riot-games-offers-100k-bounty-to-hackers https://www.pcgamer.com/games/fps/riot-is-flexing-its-anticheat-vanguard-by-placing-a-bounty-of-up-to-usd100-000-for-anyone-brilliant-enough-to-find-and-report-gaps-in-the-system/ 🔗...
https://www.youtube.com/watch?v=ubm6qv4dbzw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacked for the holidays: A tech tale
Scammers are feeling festive, and your data is on their wish list. Join Infosec as we share some cybersecurity tips that are not to be missed. This holiday season, we're spreading the joy of cybersecurity with our Hacked for the Holidays security awareness training toolkit. From online shopping to payment methods and common holiday scams, this collection of training resources covers it all. Download the toolkit here: https://www.infosecinstitute.com/form/hacked-for-the-holidays/?utm_source=youtube&utm_medium=video&utm_campaign=hacked%20for%20holidays About Infosec Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness...
https://www.youtube.com/watch?v=XX7isz-8_Rc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding DoD 8140 and CompTIA certifications | Cyber Work Hacks
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast In this episode of Cyber Work Hacks, James Stanger from CompTIA discusses the U.S. Department of Defense's 8140 directive. Explore the high standards set for IT and cybersecurity expertise, focusing on the certifications and career mapping skills required for DoD roles. With practical advice and resources, host Chris Sienko and Stanger guide viewers on how to leverage CompTIA certifications, like Security+, for various DoD job roles. Additionally, they delve into career development strategies under the 8140 framework, highlighting resources such as CompTIA's interactive tools and the DoD marketplace. Tune...
https://www.youtube.com/watch?v=INlajw-leds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XSS via CSPT and DOM Clobbering - "SafeNotes 2.0" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Safe Notes 2.0" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The developer of Safe Notes learnt from their mistakes and introduced a variety of security fixes, but unfortunately introduced new vulnerabilities! Players were required to chain DOM Clobbering, client-side path traversal (CSPT) and an Open Redirect in order to achieve XSS and steal the admin's cookie. 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/safenotes_2 Check out Safe Notes v1 challenge and walkthrough here: https://challenge-0824.intigriti.io + https://youtu.be/yGRRGUtT9MU 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=G-KoF8WAoUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Write A Pentest Report That Gets Your Findings Fixed
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=oBtJ7bryKII
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NTFS FILE Record Reuse
In this continuation of "Anatomy of an NTFS FILE Record," we'll learn how NTFS manages record reuse and distinguishes between in-use and deleted files and directories. If you haven't watched the previous episode, watch it here: https://www.youtube.com/watch?v=l4IphrAjzeY *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:31 - NTFS Master File Table (MFT) artiFACTS 01:49 - Analysis #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=6LpJVx7PrUI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Deal With The Google Monopoly - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ VOTE IN THE PAYLOAD AWARDS: https://shop.hak5.org/pages/payload-awards @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:07 1 - Swiss Phishing Test 01:49 2 - Google Monopoly Breakdown 02:51 3 - New Wi-Fi Based Attack Discovered 05:15 4 - OUTRO LINKS 🔗 Story 1: Swiss Phishing Test https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/2024-meteosuisse.html https://www.theregister.com/2024/11/16/swiss_malware_qr/ 🔗 Story 2: Google Monopoly Breakdown https://techcrunch.com/2024/11/20/doj-google-must-sell-chrome-to-end-monopoly/ 🔗...
https://www.youtube.com/watch?v=x26fHbLlzn0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Use GenAI to create a cusom cybersecurity training plan
Whether you're a newbie, an experienced cybersecurity professional, or an HR or L&D leader, you can create a cybersecurity training plan that aligns with your job role in seconds using Infosec Skills Navigator. See how this new GenAI-powered tool works in Infosec Skills. Then try it yourself.
https://www.youtube.com/watch?v=75iwpzGFn_8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Basic Stack Buffer Overflow (with parameters) - "Retro2Win" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Retro2Win" (pwn) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! A classic "ret2win" challenge, the binary included a buffer overflow vulnerability, allowing players to take over the flow of execution and call a "win" function. In this case, the function expected two parameters, requiring values to be popped into the RDI/RSI registers first 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/pwn/retro2win 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00 Intro 0:13 Basic file...
https://www.youtube.com/watch?v=Y37KMst1XFU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why C++ For Game Hacking? #gamehacking
🔥 Guided Hacking FTW 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ✏️ Tags: #cprogramming #gamehacking guided hacking c++ language game hacking tutorials c++ programming tutorials guidedhacking.com game hacking bible c++ for beginners game hacking courses c++ programming c++ tutorial learn c++ c++ tutorial for beginners learn c++ programming how to learn c++ c++ programming tutorial programming game hacking c vs c++ game hackers c++ programming game hacking tutorials c++ basics game hacking bible learn c++ language game hacking rake guidedhacking C++ game hacking game hacking course
https://www.youtube.com/watch?v=-x_WA_STJtg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WRITING THREATWIRE !
LIVE WRITING THREATWIRE -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=mzG9DfEqBqo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Blueprint to Your First ,000+ Bounty
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=8DnphDtFt3Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GAME HACKERS CAUGHT Red Handed! #gamehacking #anticheat
👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ©GuidedHacking - GuidedHacking™ ✏️ Tags: #gamehacker #gamehacking #anticheat game hackers game hacking tutorials game hacking bible game hacking course guidedhacking.com guided hacking game hacking guidedhacking.com game hacking website game hacking websites guidedhacking guided hacking guidedhacking.com game hackers
https://www.youtube.com/watch?v=PEoSCDBU04o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exposing DoNex Ransomware Secrets with Malcore!
🔥 DoNex Ransomware does WHAT? ❤️ Try Malcore For FREE : https://link.malcore.io/redirect/guidedhacking 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ©GuidedHacking - GuidedHacking™ 🔗 Article: https://guidedhacking.com/threads/donex-ransomware-analysis-with-malcore.20750/ ❤️ Try Malcore For FREE : https://link.malcore.io/redirect/guidedhacking Donex malware sample: https://app.malcore.io/share/6700512884e17599109bebb6/6705ee23c6859106c77b74c4 👨‍💻 Video Author: CodeNulls 👉https://guidedhacking.com/members/codenulls.272722/ Code Nulls also known as Danish Khan is a professional Malware Analyst and tutor who has been making...
https://www.youtube.com/watch?v=LPaMroC-gMk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

X-Forwarded-For Header Spoofing and XXE - "BioCorp" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "BioCorp" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! Players arrived an a website for an energy corporation, with a hint that they were working on decoupling their backend infrastructure from the public facing website. By analysing the source code, players would find a hidden panel, restricted by IP address. By setting the X-Forwarded-For header, they could spoof the IP and gain access to a nuclear panel. Since the panel read XML data, players would test for XXE and ultimately recover the flag 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/biocorp 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=hyi_JZvXOTU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS Threat Analysis Rundown with Katie Nickels | November 2024
Are you staying ahead of the latest cyber threats? In a rapidly evolving digital landscape, being informed is your best defense. Join SANS Certified Instructor Katie Nickels, your expert guide, as she breaks down the latest threats you need to know about. Each month, Katie delivers diverse insights and fresh perspectives on the most pressing developments in cybersecurity. Don't miss out on these vital updates that could make all the difference in your security. #Cybersecurity #CyberThreats #SANSInstitute #Infosec #InformationSecurity
https://www.youtube.com/watch?v=azj-6ZRVOGI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Things You Need to Learn From the New Hacker-Powered Security Report
As the cybersecurity landscape continues to change, understanding the perspectives of security researchers is essential for effective risk management. In this 30-minute live webinar session, we'll dive into the top five takeaways from the 8th Annual Hacker-Powered Security Report. With practical examples and actionable recommendations, you'll learn how to: - Ensure that AI deployments are secure and trustworthy - Enhance your approach to vulnerability management - Implement demonstrably valuable security measures Join this fast-paced exploration of the vital role of human expertise in the AI era. To download the full report, visit: hackerone.com/report
https://www.youtube.com/watch?v=1DdY6lV3Llc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA is at Risk - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 - Intro 00:12 - NVD is coming back 02:01 - Faux Data Requests 03:48 - CISA is at Risk 05:29 - Outro LINKS 🔗 Story 1: NVD is coming back https://securityboulevard.com/2024/11/nist-clears-backlog-of-known-security-flaws-but-not-all-vulnerabilities/ https://www.nist.gov/itl/nvd https://lacework.com/cloud-security-fundamentals/nvd-what-is-the-national-vulnerability-database 🔗 Story 2: Faux Data Requests https://gizmodo.com/hackers-are-using-police-emails-to-send-tech-companies-fraudulent-data-requests-2000522134 https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/ https://gizmodo.com/hackers-are-using-police-emails-to-send-tech-companies-fraudulent-data-requests-2000522134 🔗...
https://www.youtube.com/watch?v=dRDJk3zUcr4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Impact of Collaboration

https://www.youtube.com/watch?v=n2Z-kaRr2ws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

One Time Pad (OTP) with a Twist - "Schrödinger's Pad" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Schrödinger's Pad" (crypto) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The challenge included a common vulnerability; reusing a one-time-pad (OTP). There was a slight twist; for each encryption, the box would be observed. If the cat is alive, some cryptographic operations would take place. If the cat is dead, some different operations occur - players need to reverse it! 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/crypto/schrodingers_pad 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=9NrmlOBcF1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Lessons That Made Me M Since 2022
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=AR_FbrSy5hc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JWT Algorithm Confusion and SSTI (Pug) - "Cat Club" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Cat Club" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The challenge featured a server-side template injection (SSTI) vulnerability in the user welcome message. However, there is a problem; the username is sanitized on registration and then rendered from the JWT, which is signed using an RS256 private key. Players must exploit an algorithm confusion vulnerability to tamper with the JWT, changing their username to an SSTI (pug) payload. There's no command output, so to return the flag they will also need to develop a blind payload (e.g. return flag to web server logs) 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/cat_club 🐛INTIGRITI...
https://www.youtube.com/watch?v=Vh9SqT9KyL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Breaking Secure Web Gateways for Fun and Profit -Vivek Ramachandran, Jeswin Mathai
Secure Web Gateways (SWGs) are cloud-based SSL-intercepting proxies and an important component of enterprise Secure Access Service Edge (SASE) or Security Service Edge (SSE) solutions. SWGs ensure secure web access for enterprise users by doing malware protection, threat prevention, URL filtering, and content inspection of sensitive data, among other critical security measures. Our research indicates that in today's world of complex web applications and protocols, SWGs often fail to deliver on their promise. We will demonstrate a new class of attacks: “Last Mile Reassembly Attacks,” which, as of this writing, can bypass every SWG in the Gartner Magic Quadrant for SASE and SSE - this includes the largest public market cybersecurity companies in the world. Additionally, we will release...
https://www.youtube.com/watch?v=mBZQnJ1MWYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Listen to the Whispers: Web Timing Attacks that Actually Work - James Kettle
Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this session, I'll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack-surface. This is not a theoretical threat; every technique will be illustrated with multiple real-world case studies on diverse targets. Unprecedented advances have made these attacks both accurate and efficient; in the space of ten seconds you can now reliably detect a sub-millisecond differential with no prior configuration or 'lab conditions' required. In other words, I'm going to share timing attacks you can actually use. To help, I'll equip you...
https://www.youtube.com/watch?v=zOPjz-sPyQM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Server-side Anti-Cheat Protections - "Bug Squash (part 2)" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Bug Squash part 2" (gamepwn) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! It's a unity-based game where players need to squash bugs to earn points, like part 1. The difference here is the points are stored server-side and some anti-cheat mechanisms have been put in place to prevent hackers from manipulating their score! Players must develop a PoC which exploits some JSON parsing discrepancies, being careful not to trigger any ant-cheat defences (all under a strict time limit) 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/game/bug_squash2 Bug Squash part 1: https://youtu.be/VoT74JOGWgA 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=dEA68Aa0V-s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GuidedHacking.com is the GOAT #gamehacking #guidedhacking
🔥 GuidedHacking.com will always be the GOAT 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking ✏️ Tags: #cheatengine #guidedhacking #gamehacking game hacking tutorials gamehacking bible game hacking course guidedhacking.com game hacking courses guidedhacking game hacking rake guided hacking game hacking guidedhacking rake game hackers game hacking tutorials game hacking bible guidedhacking.com rake gamehacking
https://www.youtube.com/watch?v=3I2Zmfpq2aw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Guide for Solving Beginner CTF Challenges [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for 4 "warmup" challenges from the 2023 1337UP LIVE (CTF) competition by Intigriti, originally presented during the pre-CTF livestream in 2024. The challenges include various decodings with cyberchef, traffic analysis (PCAPs) and basic reversing/crypto 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Full livestream: https://youtube.com/live/BKXfrNwrcqQ 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00 Intro 0:19 Warmup: Encoding 1:52 Forensics: OverTheWire (part 1) 5:17 Forensics: OverTheWire (part 2) 10:00 Crypto: Keyless 11:03 Conclusion 🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register 👾...
https://www.youtube.com/watch?v=CsyQFzTJ09w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 8th Annual Hacker-Powered Security Report: An overview
The 8th Annual Hacker-Powered Security Report states that whether you think AI is a threat or an opportunity, you are right. - 48% of security leaders say GenAI is the biggest threat to their organization. - Nearly 10% of researchers specialize in AI red teaming as the number of AI assets in scope for bug bounty programs has increased by 171%. - Researchers are also leveraging AI tools to be even more effective in finding and reporting vulnerabilities, with 58% saying they use AI either as a significant tool or in some way. At HackerOne, we definitely see the opportunities provided by GenAI. In the spirit of embracing the technology, we asked NotebookLM to summarize the latest Hacker-Powered Security Report. Listen to our AI-generated podcast on the report and let us know what you think! To...
https://www.youtube.com/watch?v=7j1cNrknCe4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tor Under Attack - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 0:00 0 - Intro 0:09 1 - Tor Under Attack 01:34 2 - iPhone Randomly Restarts 02:55 3 - Russia Charges Google All Money Possible 04:41 4 - Cisco Scores a Perfect 10 06:20 5 - Outro LINKS 🔗 Story 1: Tor Under Attack https://r00t.monster/ https://paste.sh/8U02_ZEv#iDZDNUFtN2NnDJMdnYdTISFG https://x.com/Andrew___Morris/status/1854289771197329517 🔗 Story 2: iPhone Randomly Restarts https://www.404media.co/apple-quietly-introduced-iphone-reboot-code-which-is-locking-out-cops/ https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/ 🔗...
https://www.youtube.com/watch?v=-FnGQTs_LKk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Do This For Your First 0,000 in Bounties
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=QEQ8JENCnNM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 10. Functions
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=QnfZ9eQJVh8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 9. Loops
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=bP4yElH3WKM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 8. If, Else Statements
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=Ynbo31gbXh4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sophos Hacked Back - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:10 1 - Okta Oopsies 01:01 2 - Strava is Bad Opsec 01:51 3 - Sophos Hacks Back 03:38 4 - LLM Discovered SQLite Vulnerability 05:49 5 - Outro LINKS 🔗 Story 1: Okta Oopsies https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ https://x.com/bcrypt/status/1852575080989257893 🔗 Story 2: Strava is Bad Opsec https://www.the-independent.com/world/strava-security-trump-putin-macron-secret-service-b2637282.html https://www.kyivpost.com/post/19325 🔗...
https://www.youtube.com/watch?v=VjAWUNxcx-Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Abusing Windows Hello Without a Severed Hand - Ceri Coburn, Dirk jan Mollema
Windows Hello is touted by Microsoft as the modern de facto authentication scheme on Windows platforms, supporting authentication and encryption backed by biometrics. In a world that is quickly accelerating towards a passwordless existence, what new threats do we face in this complex landscape? We will take a deep dive into the inner working of Windows Hello. Via the release of a new tool, it will be demonstrated how an attacker on a fully compromised Windows host can leverage secrets backed by Windows Hello biometrics without needing the biometric data that protects them. We will also show how the hardware protections of Windows Hello and its accompanying Primary Refresh Tokens can be defeated, making it possible to use Windows Hello for identity persistency and PRT stealing, in some cases...
https://www.youtube.com/watch?v=mFJ-NUnFBac
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS Threat Analysis Rundown with Katie Nickels | October 2024
Summary: This month, Katie will be joined by two members of the MITRE ATT&CK team, Enterprise Lead Casey Knerr and CTI Lead Joe Slowik, to discuss the new release of ATT&CK, top techniques to pay attention to, and what's happening with ATT&CK. Twitter: @mitreattack, @jfslowik, @casey_knerr LinkedIn: https://www.linkedin.com/showcase/mitre-att&ck/ https://www.linkedin.com/in/joe-slowik/ https://www.linkedin.com/in/casey-knerr-12a64a160/
https://www.youtube.com/watch?v=ReDrkYDhNSQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DFIRCON 2024 Pre-Event Community Day
Join us for a unique, FREE pre-event session at DFIRCON's Special Edition, featuring hands-on tutorials with open-source tools led by top cyber experts in the DFIR community. These sessions are designed to enhance your investigative skills through practical, expert-led training. Don't miss this opportunity to gain valuable knowledge and prepare for the training week ahead. Learn more about Community at DFIRCON: https://www.sans.org/u/1xGq Learn more about DFIRCON: https://www.sans.org/u/1xGA #DFIR
https://www.youtube.com/watch?v=4XgXShROU1Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DFIRCON Miami 2024: Special Edition
Enhance your cybersecurity skills at SANS DFIRCON Miami 2024: Special Edition (November 17-23, ET). Join us for a premier cybersecurity event led by top industry course authors known for their deep expertise and practical approach. Learn more about Community at DFIRCON: https://www.sans.org/u/1xGq Learn more about DFIRCON: https://www.sans.org/u/1xGA #DFIR
https://www.youtube.com/watch?v=nObGlw0Qb7o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Scan The Entire Cloud
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=IKefdmXFa3U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

13Cubed XINTRA Lab Walkthrough
In this episode, we'll perform a comprehensive walkthrough of the 13Cubed challenge created for XINTRA Labs. Learn more at https://www.xintra.org/labs. 💰 For a limited time only, use the discount code "13CUBED" to get 15% off a XINTRA Labs subscription! 🙏 Special thanks to Mike Peterson from https://nullsec.us for playing the role of Threat Actor in our scenario! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:58 - Workstation - Running MemProcFS 03:25 - Workstation - Question 1 05:14 - Workstation - Question 2 07:06 - Workstation - Question 3 07:53 - Workstation - Question 4 09:42 - Workstation - Question 5 12:42 - Workstation - Question 6 15:31 - Workstation - Question 7 17:34 - Workstation -...
https://www.youtube.com/watch?v=A7Bh7vnAooQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Main Stage: Let Me Tell You a Story: Technology and the 4 Vs
In a world where cyber villains create victims through vendor-created vulnerabilities, can visionaries harness innovation for a more secure world? AI makes wild promises through the siren song of fame, fortune, and even power, but is it worth it without guaranteeing the safety of our fellow man? You write the code that could either uplift humanity or lead to its destruction. Your creations reflect the values and vision for the future and how we tell the story of our technology evolution matters. Please join the Cybersecurity and Infrastructure Security Agency Director Jen Easterly in telling our shared technology story for a more secure and hopeful future. By: Jen Easterly | Director, Cybersecurity and Infrastructure Security Agency (CISA)
https://www.youtube.com/watch?v=itpZnfqu9eQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Review: This Is How They Tell Me the World Ends (not with a bang but with a bug)
Join me on a brand-new series as I indulge my childhood dream of creating a personal library, focusing on InfoSec books! Kicking things off, we dive into 'This Is How They Tell Me How The World Ends' by Nicole Perlroth. Despite being an ebook enthusiast, I decided it was high time to fill my custom-built bookcase with real books. We'll explore the fascinating histories and personal stories behind bug bounties, zero days, and cyber warfare, all narrated with the flair of a seasoned journalist. From cyber politics to sassy hacker quips - what did happen to that salmon anyway? To how hackers take on the global stage of politics 00:00 Introduction to the Quest for Infosec Books 00:29 Building the Dream Library 00:55 E-Readers vs. Physical Books 02:41 Criteria for Book Selection 04:44 First Book...
https://www.youtube.com/watch?v=OvUmumbiGRI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Las Vegas w/Epic Games

https://www.youtube.com/watch?v=rJb-qFYylis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Counter Deception: Defending Yourself in a World Full of Lies - Tom Cross, Greg Conti
The Internet was supposed to give us access to the world's information, so that people, everywhere, would be able to know the truth. But that's not how things worked out. Instead, we have a digital deception engine of global proportions. Nothing that comes through the screen can be trusted, and even the things that are technically true have been selected, massaged, and amplified in support of someone's messaging strategy. Deception isn't just about narratives - we see deception at every layer of the network stack, from spoofed electromagnetic signatures, to false flags in malware, to phony personas used to access networks and spread influence. They hide in our blindspots, exploit our biases, and fill our egos while manipulating our perceptions. How do we decide what is real? This talk...
https://www.youtube.com/watch?v=gHqDEMrqTjE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is This The Best Recon Framework?
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=GOwq95QMv_g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 6. Lists, Tuples, and Sets
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=PZe2TGGAaKs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 7. Dictionaries
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=mHTgnYStaxA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS FOR518: Mac & iOS Forensic Analysis & Incident Response
FOR518 is the first non-vendor-based Mac and iOS incident response and forensics course that focuses students on the raw data, in-depth detailed analysis, and how to get the most out of their Mac and iOS cases. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. 23 Hands-On Labs Download the new updated Mac and iOS Forensic Analysis & Incident Response poster here: https://www.sans.org/u/1yHa Learn more or register for future classes at http://sans.org/FOR518
https://www.youtube.com/watch?v=1RWE7kOPAQo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding the Bugcrowd VRT: An Insider's Guide
Join us at DEF CON as we sit down with Codingo, VP of Operations at Bugcrowd, to look into the Vulnerability Rating Taxonomy (VRT). Learn what makes the VRT unique, how it compares to other vulnerability rating systems like CVSS, and why it's a key part of Bugcrowd's platform. Discover how the VRT evolves, the community's role in its development, and essential tips for hackers advocating for higher priorities on their findings. Whether you're a seasoned Bugcrowd hacker or new to the platform, this interview offers valuable insights and practical advice for improving your skills and understanding of the VRT. 00:00 Introduction to the VRT and Bugcrowd 00:33 Bugcrowd's Unique Offerings for Hackers 01:19 Understanding the VRT: An Interview with Kodinga 02:22 Differences Between VRT and CVSS 03:09...
https://www.youtube.com/watch?v=AIJK_Lw8rKw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - DEF CON Closing Ceremonies & Awards
The full closing ceremonies presentation from the final day of DEF CON 32.
https://www.youtube.com/watch?v=GdeKrNlvG8g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - What To Expect When You're Exploiting: 0Days Baby Monitors & Wi-Fi Cams - Mager, Forte
Home surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent...
https://www.youtube.com/watch?v=caY7ls4G460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - AppSec Considerations From the Casino Industry - Aleise McGowan, Tennisha Martin
In the casino industry, a surge of ransomware attacks has marked an era of unprecedented threats and vulnerabilities. This session will focus on a critical aspect of security within this industry, exploring how ransomware has specifically impacted applications and associated systems. Attendees will gain insights into the methods used by malicious actors to compromise casino applications, the resulting financial and operational disruptions, (i.e., affected customer data security etc.) and responses developed to counter these threats. By researching industry giants like MGM and Caesars, we will highlight the importance of robust application security measures and the future landscape of cybersecurity in this sector. Unique security challenges faced by the casino industry will be explored, along...
https://www.youtube.com/watch?v=k7odY9gCxaI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Where's the Money-Defeating ATM Disk Encryption - Matt Burch
Holding upwards of 0,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in just the last few years. During this time, I led security research with another colleague into the enterprise ATM industry resulting in the discovery of 6 zero-day vulnerabilities affecting Diebold Nixdorf's Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently...
https://www.youtube.com/watch?v=lF8NEsl3-kQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - On Your Ocean's 11 Team, I'm the AI Guy (technically Girl) - Harriet Farlow
One of the best parts of DEF CON is the glitz and glam of Vegas, the gambling capital of the world. Many have explored hacking casinos (on and off stage). Unfortunately, it's just not like it is portrayed in the Oceans franchise.. in real life there's much less action, no George Clooney, and it's a lot harder to pull off a successful heist. Fortunately I'm not your typical hacker, I'm an AI hacker. I use adversarial machine learning techniques to disrupt, deceive and disclose information from Artificial Intelligence systems. I chose my target carefully: Canberra Casino. It's the best casino in my city.. It's also the only casino but that's not the point. The casino industry is at an interesting inflection point. Many large casinos have already adopted AI for surveillance...
https://www.youtube.com/watch?v=pTSEViCwAig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Why are you still using my server for your internet access - Thomas Boejstrup Johansen
Pawning countries at top level domain by just buying one specific domain name ‘wpad.tld', come hear about this more the 25+ years old issue and the research from running eight different wpad.tld domains for more than one year that turn into more the 1+ billion DNS request and more then 600+GB of Apache log data with leaked information from the clients. This is the story about how easy it is to just buying one domain and then many hundreds of thousands of Internet clients will get auto pwned without knowing it and start sending traffic to this man-in-the-middle setup there is bypassing encryption and can change content with the ability to get the clients to download harmful content and execute it. The talk will explain the technical behind this issue and showcase why and how clients will...
https://www.youtube.com/watch?v=uwsykPWa5Lc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - The edges of Surveilance System and its supply chain - Chanin Kim, Myounghun Pak
With the development of artificial intelligence and image processing technology, the video industry such as CCTV is developing greatly. However, CCTV video may infringe on an individual's privacy, and personal information may be leaked due to hacking or illegal video collection. As such, Surveillance System's Security issues are also increasing, the importance of the video surveillance industry is becoming more prominent. In order to prevent hacking or illegal video collection, research on camera security is being conducted. However, there is a lack of awareness of NVR (Network Video Recorder), a device that actually watches videos recorded by cameras, and research on this is also insufficient. We selected Hikvision and Dahua, which have a high NVR market share, as target vendors, and also...
https://www.youtube.com/watch?v=v6VMEeUcqzo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Welcome to DEF CON 32 - The Dark Tangent
Opening remarks from our founder The Dark Tangent.
https://www.youtube.com/watch?v=vad7FiHlgMU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad Shortman
Have you ever wondered how those little boxes that you tap your card to open doors work? What are they reading on the card? How do they ultimately unlock the door? And, are they even secure? In this talk, we will answer all of those questions and more. We will walk through how access-control systems, in general, work, and dig into the details of the most popular systems. Fortunately for the entertainment value of this talk, there be dragons in our doors. We will walk through some of the most high-profile attacks in detail and then dive into some more fundamental flaws with how the systems are designed. All of these discussions will be accompanied with live demos and first hand experience. After this talk, you will look at the world, especially doors, differently -- weaknesses everywhere! My...
https://www.youtube.com/watch?v=zBP2deuPQTg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - OH MY DC Abusing OIDC all the way to your cloud - Aviad Hahami
As DevOps and developers are slowly shifting away from storing long-lived static credentials to the more secure, still kinda-new, OIDC alternative - the underlying logic, mechanisms and implementations tend to feel like complicated magic and are mostly overlooked. In this talk, we'll begin by recapping what OIDC is, who are the interacting entities when OIDC is used, and how OIDC is taking place to securely access one's cloud using CI/CD flows. Once covered, we will be able to alternate our point-of-view between the entities in play and demonstrate potential vulnerabilities in various setups. Starting with the user PoV, we will show what "under-configurations" look like, and continue by demonstrating how new OIDC configuration options can actually be misconfigurations that can result with...
https://www.youtube.com/watch?v=asd33hSRJKU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - MaLDAPtive: Obfuscation and De-Obfuscation - Daniel Bohannon, Sabajete Elezaj
DAP is no stranger to the security spotlight. While LDAP is a protocol (Lightweight Directory Access Protocol) and Active Directory is the most popular directory services system that supports a subset of LDAP, the terms “LDAP” and “AD” are tightly coupled when discussing the execution, detection and prevention of attacks targeting directory services data. In the last decade the widespread offensive value of querying AD data via LDAP was cemented with the release of open-source tools such as BloodHound and PingCastle. However, proper visibility of LDAP queries mostly remains a privileged asset for those organizations with deep pockets, and the commercial security tools providing this visibility are often woefully fixated on simple signature-based detections. MaLDAPtive is the 2,000-hour...
https://www.youtube.com/watch?v=mKRS5Iyy7Qo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reverse Engineering LAB Setup Tutorial (updated)
If you are just getting started with reverse engineering this the place to start. In this tutorial we provide an overview the current setup that we currently run, this is also the same setup used in all of our live streams and tutorials. The full notes for this tutorial are unlocked for everyone on our Patreon including links to all of the tools mentioned https://www.patreon.com/posts/101718688 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=adAr0KBJm4U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Amazon Paid Hackers .1M+ in Bounties (h1-0131 vlog)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=SdDEgvPahUY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Living off Microsoft Copilot- DEMO- invoice manipulation
Take a look at this short Demo before diving into the talk Living off Microsoft Copilot By Michael Bargury. Link To The Rest of This Presentation- https://www.youtube.com/watch?v=-YJgcTCSzU0&list=PLH15HpR5qRsUiLYPNSylDvlskvS_RSzee&index=6
https://www.youtube.com/watch?v=tr1tTJk32uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Las Vegas w/TikTok

https://www.youtube.com/watch?v=QYRgmBmsm_M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Get Bigger Bounties With Better Reports
At DEFCON a few weeks ago, I sat down with Codingo, VP of operations to talk about the key elements of writing an effective bug report, especially for non-native English speakers and beginners. We also discuss the importance of clarity, accurate replication steps, and the impact of comprehensive report writing on your bug bounty success. Learn from Bugcrowd's framework and community-driven practices to enhance your cybersecurity skills and make a stronger impact with your findings. 00:00 Introduction and Apology 00:37 Sponsor Message: Bugcrowd 01:22 Live from DEF CON 01:53 The Importance of Report Writing 02:17 Key Elements of a Good Report 04:46 Challenges in Report Writing 06:11 The Triage Process 08:21 Support for Non-Native English Speakers 09:17 Common Reasons for Bug Rejection 11:09...
https://www.youtube.com/watch?v=hnU0mRl0WBI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Project Zero: Ten Years of 'Make 0-Day Hard'
In 2014, Google announced Project Zero, a security research team with the mission to 'make 0-day hard'. A lot has happened since then! This talk shares the ups and downs of Project Zero's past 10 years. It starts by explaining Project Zero's mission and gives an inside look at how the team operates. We'll then look back at the state of 0-day attacks and vulnerability research in 2014, and how both changed over the years. This talk will describe the many security bugs that Project Zero has discovered over the years, and how the actions of defenders have impacted the prevalence of exploitable vulnerabilities in many targets. It will also discuss the role of mitigations in preventing exploitation, and how increased openness and public research have led to the development of mitigations that...
https://www.youtube.com/watch?v=Oy03K6o3iug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Locknote: Conclusions & Key Takeaways from Black Hat USA 2024
Join Review Board Members Nathan Hamiel, Ellen Cram Kowalczykik Window Snyder, Jos Wetzels, and Black Hat founder Jeff Moss as they conclude Black Hat USA 2024 with an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the conference's key takeaways and how these trends will impact future InfoSec strategies. By: Ellen Cram Kowalczyk | Security Engineering Manager, Google Jeff Moss | Founder of Black Hat and U.S. Department of Homeland Security Advisory Council, U.S. Department of Homeland Security Advisory Council Nathan Hamiel | Senior Director of Research, Kudelski Security Window Snyder | Founder & CEO, Thistle Technologies Jos Wetzels | Partner, Midnight Blue
https://www.youtube.com/watch?v=zbNU7kRw3tg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keynote: Fireside Chat with Moxie Marlinspike
Jeff Moss, the founder of Black Hat, and Moxie Marlinspike, the founder of Signal, sit down and delve into critical topics shaping the future of privacy. Drawing from real-world experience, Jeff and Moxie examine the complex tradeoffs between security and privacy. They detail examples of navigating these tradeoffs, shedding light on decisions and strategies that others have speculated about but have not had to do. They will also discuss why safeguarding personal information should be a core priority for developers and companies alike and the responsibilities cyber leaders play in this mission. Additionally, their conversation will explore the essential role of privacy in enabling social change. Don't miss this unique opportunity to hear from two of the foremost thinkers in cybersecurity and...
https://www.youtube.com/watch?v=MAJP-fAf8MI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Living off Microsoft Copilot
Before Diving Into This Presentation, Take a Look at The Short Demo: https://www.youtube.com/watch?v=tr1tTJk32uk&list=PLH15HpR5qRsUiLYPNSylDvlskvS_RSzee&index=12 Whatever your need as a hacker post-compromise, Microsoft Copilot has got you covered. Covertly search for sensitive data and parse it nicely for your use. Exfiltrate it out without generating logs. Most frightening, Microsoft Copilot will help you phish to move lately. Heck, it will even social engineer victims for you! This talk is a comprehensive analysis of Microsoft copilot taken to red-team-level practicality. We will show how Copilot plugins can be used to install a backdoor into other user's copilot interactions, allowing for data theft as a starter and AI-based social engineering as the main course. We'll show how...
https://www.youtube.com/watch?v=-YJgcTCSzU0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Practical LLM Security: Takeaways From a Year in the Trenches
As LLMs are being integrated into more and more applications, security standards for these integrations have lagged behind. Most security research either focuses 1) on social harms, biases exhibited by LLMs, and other content moderation tasks, or 2) zooms in on the LLM itself and ignores the applications that are built around them. Investigating traditional security properties such as confidentiality, integrity, or availability for the entire integrated application has received less attention, yet in practice, we find that this is where the majority of non-transferable risk lies with LLM applications. NVIDIA has implemented dozens of LLM powered applications, and the NVIDIA AI Red Team has helped secure all of them. We will present our practical findings around LLM security: what kinds of...
https://www.youtube.com/watch?v=Rhpqiunpu0c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Undecided about taking the new FOR589: Cybercrime Intelligence Course?
Jon DiMaggio just took the course and he provides a detailed explanation of what the course is about and why he recommends it to all DFIR professionals. Learn more about the course or check out the course demo at http://www.sans.org/FOR589 The cybercrime landscape is perpetually evolving, driven by technological advancements, increased investments by nation-states in offensive cyber operations, and a dynamic cybercrime ecosystem that continuously lowers the barriers for novice criminals to collaborate with more sophisticated actors. FOR589 offers a comprehensive exploration of the cybercrime underground, detailing a broad spectrum of tactics and techniques used by cybercriminals to target organizations. This course includes over twenty hands-on labs and a final capstone exercise, equipping...
https://www.youtube.com/watch?v=6XOz6eXmFB4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Bug Got Me A ,000 Bounty
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=Mt32ZHP4790
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RFC 6819 Distilled - OAuth 2.0 Security [AI Podcast w. NotebookLM]
RFC 6819: https://datatracker.ietf.org/doc/html/rfc6819 This AI Podcast has been created with NotebookLM, so thank you @Google. Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=O8m6U9-7UKw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Pentesting - Tips via Hacktricks [AI Podcast w. NotebookLM]
Source: https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting This AI Podcast has been created with NotebookLM, so thank you @Google. Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=T3MnYo_IQzs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Miami w/ Capital One

https://www.youtube.com/watch?v=V9qwgXcfJ-Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 5. Variables, Strings and Simple Operations in Python
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=aCPkR0rvZh8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 3. Using the Python Interpreter vs an IDE
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=RCHdKEPAUNw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 2. Setting up Python in Windows, Linux, and Mac
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=R8--s5rQgZk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Singapore w/ Salesforce

https://www.youtube.com/watch?v=MjXCLB995tw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking Websites With A Zip File (Zip Slip)
Check out Snyk 👉🏼 snyk.co/nahamsec LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug...
https://www.youtube.com/watch?v=4sKlbMiGWAw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Memory Forensics Challenge
Welcome to a special Linux Memory Forensics Challenge from 13Cubed. This is an excellent opportunity to get some hands-on practice with Linux memory forensics. You'll find the questions below, as well as a link to download the memory sample needed to answer those questions. 🎉 Check out the official training courses from 13Cubed at https://training.13cubed.com! HINT 1: To get started, run the Volatility 3 banners plugin to determine the correct kernel version, and subsequently install the correct symbols and create the ISF. HINT 2: The kernel version in use on this Ubuntu 22.04 machine was 6.5.0-41. It is recommended that Ubuntu 22.04 be used for the analysis. 🛑 CONTEST IS CLOSED 🛑 All winners have been selected. We still encourage you to participate in the lab, as we believe it...
https://www.youtube.com/watch?v=IHd85h6T57E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS Threat Analysis Rundown with Katie Nickels | Sep. 2024 Edition
Are you staying ahead of the latest cyber threats? In a rapidly evolving digital landscape, understanding new tools and models can be the key to success. Join SANS Certified Instructor Katie Nickels, your expert guide, as she breaks down the latest cyber threats and equips you with the knowledge you need to stay secure. This month, Katie will be joined by special guests: Colin Connor and Michael DeBolt to discuss the newly-developed Cyber Threat Intelligence Capability Maturity Model (CTI-CMM). They'll explain how this model can empower your team, streamline CTI efforts, and deliver lasting value to your organization. If you're struggling to harness the full potential of CTI in your organization, this conversation is for you! Tune in on Thursday, September 26th, 2024 for diverse insights...
https://www.youtube.com/watch?v=qyKoPPZaNrY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Implement a Vulnerability Disclosure Program (And How to Do It)
New threats emerge faster than any security team can fight them, which is why implementing an always-on vulnerability disclosure program (VDP) is not just a wise decision—it's becoming a standard practice mandated by government regulations and global compliance frameworks. Having a VDP openly demonstrates your organization's commitment to security, showcasing transparency, accountability, and a proactive approach to safeguarding your systems.
https://www.youtube.com/watch?v=prDbKBjNEck
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automating incident response: scalable & fast, within minutes
In today's rapidly evolving digital landscape, the increasing frequency and the scale of security incidents pose significant challenges for incident response teams. The traditional approach, rooted in digital forensics, is no longer sufficient nor is it efficient enough. It's time for a shift towards an automated incident response strategy that combines the investigative prowess of a digital detective with a DevOps mindset. In this talk, we will present how the incident response process of acquiring data, processing data, and analyzing information can be automated. Based on how we have built our incident response lab using open-source software packages developed by Microsoft (AVML), Spector Ops (SharpHound), Google (Timesketch, Plaso and WinPmem), Rapid7 (Velociraptor), Fox-IT (Dissect), Elastic...
https://www.youtube.com/watch?v=qZBoy-0qcLo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Machine Learning for Enhanced Malware Detection & Classification
Malware continues to increase in prevalence and sophistication. VirusTotal reported a daily submission of 2M+ malware samples. Of those 2 million malware daily submissions, over 1 million were unique malware samples. Successfully exploiting networks and systems has become a highly profitable operation for malicious threat actors. Traditional detection mechanisms including antivirus software fail to adequately detect new and varied malware. Artificial Intelligence provides advanced capabilities that can enhance cybersecurity. The purpose of this talk is to deliver a new framework that uses Machine Learning models to analyze malware, produce uniform datasets for additional analysis, and classify malicious samples into malware families. Additionally, this research presents a new Ensemble Classification...
https://www.youtube.com/watch?v=PBzlOgXHcZI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keynote | Days of Future Past: The Impacts of GenAI on Cybersecurity
In this engaging talk, Rob T. Lee delves into the transformative impact of GenAI on cybersecurity, uncovering the blend of challenges and opportunities it presents. He examines GenAI's influence on nation-state strategies including mass disinformation and criminal enterprises, emphasizing the need for organizations to evolve defensively and offensively. With GenAI revolutionizing cybersecurity tactics, Rob will explore the necessity of upskilling to harness GenAI's potential effectively, highlighting the balance between leveraging its defensive benefits and mitigating the risks of new vulnerabilities it introduces. SANS DFIR Summit 2024 Keynote | Days of Future Past: The Impacts of GenAI on Cybersecurity Speaker: Rob Lee, Faculty Fellow, SANS Institute View upcoming Summits: http://www.sans.org/u/DuS...
https://www.youtube.com/watch?v=uNEUNtvfFRU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Llama: The Fast-File Processor with No Drama
SANS DFIR Summit 2024 Llama: The Fast-File Processor with No Drama Speakers: Jon Stewart, Managing Director , Aon Cyber Solutions Julia Paluch, Software Developer, Aon Cyber Solutions View upcoming Summits: http://www.sans.org/u/DuS
https://www.youtube.com/watch?v=YlmdEo_LUTk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Tortured Responders Department: Scott & Rebekah's Version
Just when you think you have your DFIR processes buttoned up - investigation wrapped, remediations complete, defenses in place, it turns out you're not done. Someone has to tell the world what just happened, and it may or may not be you. Cyber security has moved from a niche topic discussed in small circles to news-cycle leading events that are talked about by leaders in both business and government. As a result the way companies talk about security incidents is more critical than ever - and it's not getting any easier. New worldwide regulations have the potential to impact security professionals by imposing stringent compliance requirements across various sectors and regions, especially when it comes to mandatory security incident reporting. At the same time security is becoming more...
https://www.youtube.com/watch?v=vfh84u-244E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How persistent is an APT? Battling Three Threat Actors in a Single Environment
As seasoned incident responders we help organizations eradicate and remediate threat actors on a daily basis. Yet, what happens when our efforts to neutralize one threat inadvertently collide with another? Imagine the scenario: you're on the verge of thwarting a financially motivated threat actor, only to discover that your actions disrupted the operations of a Chinese state-sponsored adversary. And just as you prepare to execute a kill-switch operation against the first, a second Chinese APT emerges, throwing a wrench into your carefully laid plans. In this presentation, we delve into the intricacies of combating multiple threat actors concurrently. Drawing from real-world experiences, we offer a firsthand account of the cat-and-mouse game that unfolds between incident responders and their...
https://www.youtube.com/watch?v=VxMwRykTdCk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Hacker Mentality
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=X2uK5fd0VxA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking GitLab Instances For A ,000 Bounty (2 Examples)
👀👀 Signup for DevSecCon 👉🏼 snyk.co/dscnahamsec LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to...
https://www.youtube.com/watch?v=KfoOl8RhlhQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is OSINT? (With Examples)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=oLyVOhV9kSw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shimcache Execution Is Back - What You Need to Know!
In this special episode, Mike Peterson from nullsec.us joins us to discuss important new research on Shimcache/AppCompatCache. Discover how this artifact can potentially be used to prove execution in Windows 10 and later—a capability that was previously thought impossible! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:08 - Shimcache/AppCompatCache artiFACTS 09:38 - nullsec.us Research 18:40 - Wrap-up 🛠 Resources Original research from Eric Zimmerman: https://github.com/EricZimmerman/AppCompatCacheParser/issues/6 GitHub commit for AppCompatCacheParser adding the functionality (March 2023): https://github.com/EricZimmerman/AppCompatCacheParser/commit/c995e82a58684bb15a46c34729c99a4024aaf8b3#diff-e5f34b98fc08cf3da1819cd0652cb2c28a785e4f2bab8cccfb0d7fe2cb99cff9R79 For...
https://www.youtube.com/watch?v=DsqKIVcfA90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cookie Forgery, Signature Bypass and Blind Command Injection - "Feature Unlocked" [CSCTF 2024]
Video walkthrough for the "Feature Unlocked" web challenge I made for CyberSpace CTF 2024. The challenge required players to hijack the validation server via a hidden GET parameter, cookie forgery and custom signature generation/verification in order to access an unreleased feature, which itself contained a blind command injection vulnerability. Hope you enjoy 🙂 #CSCTF #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec Write-up: https://book.cryptocat.me/ctf-writeups/2024/cyberspace/web/feature_unlocked ↢CyberSpace CTF 2024↣ https://2024.csc.tf https://ctftime.org/event/2428 https://discord.csc.tf 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ 0:00 Start 1:46 Source code review 2:33 Cookie forgery 4:13 Recreate validation server 6:20 Access unlocked...
https://www.youtube.com/watch?v=6jvmbvsRLgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village - Recap
Thank you to everyone who attended the village this year at DEF CON! Another huge thank you to our core team, sponsors, volunteers, goons, and DEF CON! Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xjKxLoz0Dw4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Leaders Must Become Members
By September 30, 2024, OWASP Leaders must become members. Find out why and how to join OWASP. Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=FiTaaeVx98U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The History of the OWASP Developer Guide
Learn about the early history of OWASP's first project, the OWASP Developer Guide, and what's been happening more recently. The OWASP Developer Guide Project home page, PDF and e-book: https://owasp.org/www-project-developer-guide/ Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=niqV55vPTfw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Global Board of Directors Nomination Process
So you'd like to become an OWASP Global Board Director? This is why you should and how to apply in less than eight minutes. Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=L7dkvE5Rza8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beyond Bug Bounty
Don't leave your organization's security to chance. The HackerOne Platform combines the power of ethical hackers with cutting-edge automation to protect your digital assets. Our comprehensive suite of preemptive solutions covers every aspect of your security strategy. Learn more here: https://www.hackerone.com/product/overview
https://www.youtube.com/watch?v=rNLlZyAWcsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trusted and Vetted
Some of the most common questions prospective customers have about working with hackers are “How do I know I can trust hackers?” and “How do I retain control of my environment?” HackerOne human-powered security program is the most trusted in the industry. See why how our customers love working with the ethical hacker community at: https://www.hackerone.com/product/how-human-powered-security-works
https://www.youtube.com/watch?v=hNhS64IYeEk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Team Enhancement
Outmatch cybercriminals with a legion of ethical hackers who work for you to continuously protect your attack surface. For more information visit: https://www.hackerone.com/
https://www.youtube.com/watch?v=15OTy7VqA3E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Amazon
Thank you Amazon for being a platinum sponsor! For more information about Amazon, please visit https://amazon.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ouv0tgFmo8M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Kindo
Thank you Kindo for being a platinum sponsor! For more information, please visit https://kindo.ai. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=-1wBcsNVqPo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV x Flare - An Introduction to Flare
The Red Team Village Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xXulBDmkxsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Core Team
Check out our amazing core team! Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DXklOoiJXVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Horizon3.ai
Thank you for being one of our platinum sponsors! Additional information about Horizon3.ai can be obtained from https://www.horizon3.ai. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=kuviZ77aUB8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Planning Red Team Operations | Scope, ROE & Reporting
Hey guys, HackerSploit here back again with another video. This video outlines the process of planning and orchestrating Red Team operations. This video also outlines various Red Team resources, guides, and templates to plan and orchestrate a successful Red Team Operation. //LINKS & RESOURCES REDTEAM.GUIDE: https://redteam.guide/ The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/introduction-to-the-mitre-att-ck-framework/9127 //HACKERSPLOIT PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE...
https://www.youtube.com/watch?v=usDt-s2sACI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mapping APT TTPs With MITRE ATT&CK Navigator
Hey guys, HackerSploit here back again with another video. This video will introduce you to the MITRE ATT&CK Navigator and will illustrate how it can be operationalized for planning and orchestrating Red Team operations. MITRE ATT&CK Framework: https://attack.mitre.org/ MITRE ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker...
https://www.youtube.com/watch?v=hN_r3JW6xsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction To The MITRE ATT&CK Framework
Hey guys, HackerSploit here back again with another video. This video will introduce you to the MITRE ATT&CK framework and will illustrate how it can be operationalized for Red Team and Blue Team operations. The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/introduction-to-the-mitre-att-ck-framework/9127 MITRE ATT&CK Framework: https://attack.mitre.org/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege...
https://www.youtube.com/watch?v=LCec9K0aAkM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Red Team Frameworks & Methodologies
Hey guys, HackerSploit here back again with another video. This video will introduce you to the various industry-standard frameworks and methodologies used by Red Teamers to plan and orchestrate successful Red Team operations. The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/red-team-frameworks-methodologies/9126 //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques...
https://www.youtube.com/watch?v=UafxorrS3mQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Flare
Thank you for being a Diamond sponsor! For additional information about Flare, please visit https://flare.io. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=7AON2imxy24
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Optiv
Thank you for being one of our sponsors! Additional information about Optiv can be obtained from https://optiv.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=mbM3KEk8vxQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mounting Linux Disk Images in Windows
Learn how to mount Linux disk images in Windows using the Windows Subsystem for Linux (WSL). We'll tackle common issues and their fixes. ⌨️ Command used in the video: sudo mount -o ro,loop,offset=[OFFSET],noload [IMAGE] /mnt/[MOUNTPOINT] If you're mounting images containing Logical Volume Management (LVM) volumes, additional steps are required: ✅ Install LVM2 (if not already installed) sudo apt install lvm2 (Debian/Ubuntu) sudo dnf install lvm2 (Fedora) sudo yum install lvm2 (RHEL) ✅ Create a loop device from the disk image: sudo losetup -f -P testimage.dd Here, "-f" tells losetup to find the next available loop device, and "-P" forces the kernel to scan the partition table on the newly created loop device. ✅ Refresh LVM so that the new device appears: sudo pvscan --cache This...
https://www.youtube.com/watch?v=W_youhia4dU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP API Security Project - Paulo Silva & Erez Yalon
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=hn4mgTu5izg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud-Squatting: The Never-ending Misery Of Deleted & Forgotten Cloud Assets - Abdullah Al-Sultani
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=Q6cjhc7SszA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Growing A Security Champion Program Into A Security Powerhouse - Bonnie Viteri
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=Y0mJuAdi9DY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP SAMM: Interactive Introduction And Update - Seba Deleersnyder & Bart De Win
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=YHGrInrptPQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Coraza Web Application Firewalls Revisited - José Carlos Chávez
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=cTnStYlDII4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dawn Of The Dead: The Tale Of The Resurrected Domains - Pedro Fortuna
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=fon4GR38f0s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP SamuraiWTF - Kevin Johnson
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=gorm_CTI-2w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 AppSec Stories, And What We Can Learn From Them - Paul Molin
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=kwmcOeCkYc0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Can Traditional Web App Security Learn From Browser Wallet Extensions? - Gal Weizman
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=v-kPsabcrQc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Closing Ceremony - OWASP Board
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=vPbpekMj63Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Theory To Practice: Navigating The Challenges Of Vulnerability Research - Raphael Silva
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=ztCqvSraC78
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Assessing 3rd Party Libraries More Easily With Security Scorecards - Niels Tanis
- Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=BZy5UaiAMDY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x White Knight Labs
Thank you for being one of our platinum sponsors! Additional information about White Knight Labs can be obtained from https://whiteknightlabs.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=QQD0SJwJG8A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction To Red Teaming
Hey guys, HackerSploit here back again with another video. This video will introduce you to red teaming, and explain its origins and adoption in offensive cybersecurity. You will also learn about the key differences between Red Teaming and Penetration Testing. You will also be introduced to the various roles and responsibilities within a red team, including the red team operator and red team lead. Whether you're a beginner or looking to deepen your knowledge, this video provides a comprehensive overview to get you started on your red teaming journey. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN...
https://www.youtube.com/watch?v=rHxYZwMz-DY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting Diaries 0x1 - SQL Injection 101
Hey guys, HackerSploit here back again with another video, Welcome to the all-new pentesting diaries series. Pentesting Diaries is a weekly video series, where I will be exploring various pentesting techniques and tools, with the primary objective of demystifying them to provide you with a deeper, more holistic understanding of how specific attack techniques work, what tools to use and how to correctly use these tools to optimize your efficiency. The lab used in this video can be accessed for free on the CYBER RANGES platform. The links to the platform and lab are listed below: // CYBER RANGES CYBER RANGES: https://app.cyberranges.com SQL Injection Lab: https://app.cyberranges.com/scenario/59bb8cec8b68ef17d2962512 //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY...
https://www.youtube.com/watch?v=fwXRVeIjs-w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Course! Investigating Linux Devices
Check out Investigating Linux Devices, a comprehensive Linux forensics training course from 13Cubed! Starting with fundamental principles, Investigating Linux Devices rapidly progresses to encompass log analysis, file systems, persistence mechanisms, memory forensics, live response, and more! This course offers extensive hands-on practice and a capstone involving the analysis of a compromised system. Tailored for both beginners and seasoned professionals, it serves as an ideal resource for mastering Linux forensics! 🎉 Enroll today at training.13cubed.com! #Forensics #DigitalForensics #DFIR #LinuxForensics
https://www.youtube.com/watch?v=4sRFu_QTkXM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV x BC Security - An Introduction to CTFs
The Red Team Village Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=t5X8ONopEVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XSS in PDF.js (CVE-2024-4367) - "Upload" [Akasec CTF 2024]
Video walkthrough for the "Upload" web challenge from Akasec CTF 2024. The challenge involved server-side XSS (dynamic PDF) using a recent exploit (CVE-2024-4367) and SSRF! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Akasec #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec Write-up: https://book.cryptocat.me/ctf-writeups/2024/akasec_24/web/upload ↢Akasec CTF 2024↣ https://ctf.akasec.club https://ctftime.org/event/2222 https://discord.gg/6yyzBnZP2e https://twitter.com/akasec_1337 https://www.linkedin.com/company/akasec-1337 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ 0:00 Start 0:55 Source code review 4:39 XSS (CVE-2024-4367) 10:11 SSRF 15:29 End
https://www.youtube.com/watch?v=XrSOaHoeJCo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2: XML External Entity Injection (XXE) - Gin and Juice Shop (Portswigger)
XML External Entity Injection (XXE) - Episode 3 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec ↢Portswigger: Gin and Juice Shop↣ https://ginandjuice.shop https://portswigger.net/blog/gin-and-juice-shop-put-your-scanner-to-the-test https://portswigger.net/burp/vulnerability-scanner https://portswigger.net/web-security 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ 0:00...
https://www.youtube.com/watch?v=hixTxzYDuDg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerSploit Channel Update 2024
Hey guys, HackerSploit here back again with another video. Just wanted to provide you with an update on where I have been and what the content plan is for the channel. Lots of exciting content ahead, and I look forward to continuing the journey we started. I would also like to thank everyone for their support during my absence and for checking in on me. It is greatly appreciated. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques...
https://www.youtube.com/watch?v=s1Hl9_stdqk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Weird Windows Feature You've Never Heard Of
In this episode, we'll explore File System Tunneling, a lesser-known legacy feature of Windows. We'll uncover the fascinating behind-the-scenes functionality and discuss the potential implications for forensic examinations of compromised systems. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 05:06 - File System Tunneling Demo 🛠 Resources The Apocryphal History of File System Tunnelling: https://devblogs.microsoft.com/oldnewthing/20050715-14/?p=34923 File System Tunneling in Windows (Jason Hale): https://df-stream.com/2012/02/file-system-tunneling-in-windows/ File System Tunneling (Harlan Carvey): https://windowsir.blogspot.com/2010/04/linksand-whatnot.html #Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=D5lQVdYYF4I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live at the RSA expo hall!

https://www.youtube.com/watch?v=y7-J8g3_9l8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zombieware
Self-replicating malware, long abandoned by its operators, continues to contribute significant volume and noise to malware feeds. We investigate this trend, which we refer to as Zombieware! Join us on Patreon for Part 2 where we reverse engineer a popular file infector and write an extractor to recover the infected files! https://www.patreon.com/posts/zombieware-part-103656376 Full Zombieware blog post can be found on our UnpacMe blog here: https://blog.unpac.me/2024/04/25/zombieware/ Ladislav Zezula's excellent talk from BSides Prague can be found here: https://www.youtube.com/watch?v=OgXvd-Wce9o ----- OALABS DISCORD https://discord.gg/oalabs OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED...
https://www.youtube.com/watch?v=NNLZmB6_aGA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite Certified Practitioner (BSCP) Review + Tips/Tricks [Portswigger]
Burp Suite Certified Practitioner (BSCP) review, tips/tricks etc. Hopefully this videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc who might be interested in taking the BSCP exam from Portswigger 🙂 #BSCP #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec Considering taking the HackTheBox CPTS course? You can find my full review for it here: https://youtu.be/UN5fTQtlKCc Looking for Portswigger lab walkthroughs? I produce videos for the @intigriti channel: https://www.youtube.com/playlist?list=PLmqenIp2RQciV955S2rqGAn2UOrR2NX-v ↢Portswigger: Burp Suite Certified Professional↣ https://portswigger.net/web-security/certification https://portswigger.net/web-security/certification/how-it-works https://portswigger.net/web-security/certification/practice-exam https://portswigger.net/web-security/mystery-lab-challenge ↢BSCP...
https://www.youtube.com/watch?v=L-3jJTGLAhc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is AI The Future Of Penetration Testing?
AI has the potential to revolutionize penetration testing by automating many repetitive, rote tasks like exploit development, vulnerability scanning, and report generation, thereby speeding up pen tests and making them more efficient. However, AI is not yet advanced enough to fully replace human expertise, especially when it comes to testing custom web applications and proprietary systems that require critical thinking and creativity. There are risks associated with AI, such as false positives/negatives, scope creep, and accidental system crashes, that necessitate skilled human oversight. As a result, pentesters' roles may evolve to focus more on validating AI tool output, conducting adversary simulations, and formulating high-level strategies rather than executing technical tasks. Furthermore,...
https://www.youtube.com/watch?v=CvSKuonYsHk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Cybersecurity Tips For Small Businesses
Small businesses are underserved by the cybersecurity community. Solutions are too complicated, take too long to implement, and are too expensive. This often leads to do-it-yourself security, which means you're not fully addressing the risk of your organization as many do not have internal expertise. In addition, requirements, whether vendor, client, insurance, or compliance, typically lead security initiatives. This reactive approach means rushed decisions to fulfill requirements over investing in cybersecurity for the long term. We interviewed Bruno Aburto and Heather Noggle - two long-time small business security advocates on their top tips for helping organizations navigate the complexities of cybersecurity. AI & Cybersecurity Newsletter ------------------------------------------------ 👋...
https://www.youtube.com/watch?v=xwqO86qwyVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Web Application Penetration Testing: Steps, Methods, & Tools | PurpleSec
Web application penetration testing is comprised of four main steps including: 1. Information gathering. 2. Research and exploitation. 3. Reporting and recommendations. 4. Remediation with ongoing support. These tests are performed primarily to maintain secure software code development throughout its lifecycle. Coding mistakes, specific requirements, or lack of knowledge of cyber attack vectors are the main purposes of performing this type of penetration test. In this video, you'll learn the steps on how to perform security testing on a web application and popular tools used during a web application penetration test with real-life examples. Continue reading... https://purplesec.us/web-application-penetration-testing/ Sample Web Application Report --------------------------------------------------- https://purplesec.us/wp-content/uploads/2021/10/Web-Application-Penetration-Test-Sample-Report.pdf Video...
https://www.youtube.com/watch?v=e1DZYIddDrY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Ultimate Guide to Arsenal Image Mounter
In this episode, we'll take an in-depth look at Arsenal Image Mounter. We'll start with the basics and cover the functionality included in the free version. Then, we'll look at advanced features including the ability to launch VMs from disk images, password bypass and password cracking, and working with BitLocker encrypted disk images. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:57 - Free Mode 07:55 - Professional Mode 08:43 - Launch a VM from a Disk Image 09:28 - Fixing a Common Issue 12:21 - Windows Authentication Bypass 14:55 - About DPAPI 16:36 - DPAPI: Password Attack Functionality 19:49 - Mounting VSCs 22:36 - Launch a VM from a VSC 23:45 - More VSC Options 26:08 - Working with BitLocker Images 🛠...
https://www.youtube.com/watch?v=4eifl8qvqVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1: SQL Injection (Union + Blind) - Gin and Juice Shop (Portswigger)
SQL Injection - Episode 2 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec ↢Portswigger: Gin and Juice Shop↣ https://ginandjuice.shop https://portswigger.net/blog/gin-and-juice-shop-put-your-scanner-to-the-test https://portswigger.net/burp/vulnerability-scanner https://portswigger.net/web-security 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ 0:00...
https://www.youtube.com/watch?v=4g2a-n4hjfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why You Should Learn AI In Cybersecurity
Cybersecurity faces a difficult challenge with AI. The speed and complexity at which adversaries use this technology pose a serious risk for organizations. Defenders are struggling to keep pace with new use cases and the evolution of AI happening every day. So what's the best way to defend against AI and to enhance your career development in security? Learn AI. We interviewed Jonathan Todd and Tom Vazdar, two experts at the forefront of AI security to help address this growing threat and provide practical ways to empower security professionals. AI & Cybersecurity Newsletter ------------------------------------------------ 👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/ Video...
https://www.youtube.com/watch?v=4cXM7CG2D90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How LLMs Are Being Exploited
Shubham Khichi has been working on cyber AGI for the past 7 years. Before that, he spent nearly a decade as a red team specialist and cybersecurity researcher. In this interview, Shubham shares his insights into how LLMs are being exploited by adversaries and provides practical tips to secure AI. AI & Cybersecurity Newsletter ------------------------------------------------ 👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/ Video Chapters ------------------------------ 00:00 - Introduction 02:16 - What Is An LLM? 03:53 - Common Vulnerabilities With LLMs 09:34 - How LLMs Are Being Exploited 14:50 - Defending Against LLM Exploits 16:57...
https://www.youtube.com/watch?v=91CbW9XWotw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackTheBox Cyber Apocalypse 2024: Web Challenge Walkthroughs
Video walkthrough for the first 7 web challenges from @HackTheBox Cyber Apocalypse CTF 2024 (Hacker Royale); Flag Command, TimeKORP, KORP Terminal, Labyrinth Linguist, Locktalk, SerialFlow and Testimonial. The challenges involved API testing, command injection, SQL injection (SQLi), server-side template injection (SSTI), 403 bypass (haproxy), JWT attacks, Memcached injection, python pickle deserialization, gRPC hacking and path traversal! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTB #CyberApocalypse #CyberApocalypse24 #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec Write-ups: https://book.cryptocat.me/ctf-writeups/2024/cyber_apocalypse_24 Looking for more HTB CA '24 walkthroughs? Check out @SloppyJoePirates video: https://www.youtube.com/watch?v=EGItzKCxTdQ Sign...
https://www.youtube.com/watch?v=-vhl8ixthO4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Should I report this vulnerability? Will I get a bounty?
It's really exciting to find your first bug BUT it's crushing when you realise it isn't reportable or comes back as NA from a client. Here are my top tips for identifying if you've found something and double checking before getting caught up in excitement! I still get emails about IDORs being NA because you need a victims cookie and hackers who are angry at bug bounty programs or triagers.
https://www.youtube.com/watch?v=T4EhE5f7fQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to take notes when you suck at it
This episode of the Bug Bounty course we talk about the importance of developing a personal note taking system that supports both hacking and learning. Emphasizing the differentiation between notes taken during hacking activities and those for learning about vulnerabilities. We look at methods for organizing and accessing your notes whether you are into Notion, Obsidian or Vim or even mind maps we'll look at how to integrate your notes with tools like Burp Suite. Creating your own knowledge base you can refer to every time you hack, tailored to individual needs and preferences and refine your own note-taking strategies for successful hacking and learning. 00:00 Introduction to the Bug Bounty Course 00:14 The Importance of a Personalized Note-Taking System 00:53 Sponsor Shoutout: Bugcrowd 01:45...
https://www.youtube.com/watch?v=uXuMvUPlvd0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

0: Getting Started with Burp Suite - Gin and Juice Shop (Portswigger)
Intro / Setup for new web pentesting series (ft. burp suite crash course) - Episode 1 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec ↢Portswigger: Gin and Juice Shop↣ https://ginandjuice.shop https://portswigger.net/blog/gin-and-juice-shop-put-your-scanner-to-the-test https://portswigger.net/burp/vulnerability-scanner https://portswigger.net/web-security 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ 0:00...
https://www.youtube.com/watch?v=FPzoD_nUQYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Where's the 4624? - Logon Events vs. Account Logons
In this episode, we'll learn about the difference between "Logon Events" and "Account Logons" and explore a scenario in which communication occurs between two domain-joined workstations. Where will we find Event ID 4624 and other account-related Event IDs of interest? *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:18 - Win11-Test-VM 02:14 - Win10-Test-VM 03:41 - Win2019-Test-VM 05:28 - Recap 🛠 Resources Logon/Logoff Events: https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter5 Account Logon Events: https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter4 #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=EXsKJ9kIc6s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Value Of A vCISO For Small Business
Greg Schaffer shares his over 33 years of information technology and cybersecurity experience on the value small and mid-sized businesses gain from working with a virtual CISO (vCISO). AI & Cybersecurity Newsletter ------------------------------------------------ 👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/ Video Chapters ------------------------- 00:00 - Introduction 02:55 - LinkedIn Poll Results 08:40 - What Are The Responsibilities Of A vCISO? 14:00 - What Are The Benefits Of A vCISO For SMBs? 16:50 - What Are The Risks Of DIY Security? 19:38 - When Should A Small Business Hire A vCISO? 24:27 - What Should SMBs Look For...
https://www.youtube.com/watch?v=YpJPOPfbkLQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RDP Authentication vs. Authorization
In this episode, we'll learn about an important RDP scenario involving Network Level Authentication (NLA) and the Windows Event Log entry that is generated as a result. We'll also see what happens when authentication succeeds, but authorization fails, and how that impacts what's logged. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:10 - Demo 🛠 Resources RDP Flowchart: https://13cubed.s3.amazonaws.com/downloads/rdp_flowchart.pdf #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=OlENso8_u7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 4 - Efficient Rule Development
In this OALABS Patreon tutorial we cover the foundations of writing efficient YARA rules and provide some tips that can help speed up your YARA hunting. The full notes for this tutorial are unlocked for everyone on our Patreon https://www.patreon.com/posts/introduction-to-96638239 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=xKeF_cPKXt0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 3 - Rule Use Cases
In this OALABS Patreon tutorial we cover the three main use cases for YARA rules and how they apply to both BlueTeam/SOC operations and malware analysis. Fun notes have been unlocked for everyone on our Patreon here https://www.patreon.com/posts/introduction-to-96637668 The following are links to UnpacMe specific tutorials for developing each type of rule. Identifying specific malware families (unpacked) https://support.unpac.me/howto/hunting-with-yara/#identifying-specific-malware-families-unpacked Identifying malware on disk or in network traffic (packed) https://support.unpac.me/howto/hunting-with-yara/#identifying-malware-on-disk-or-in-network-traffic-packed Hunting (malware characteristics) https://support.unpac.me/howto/hunting-with-yara/#hunting-malware-characteristics ----- OALABS...
https://www.youtube.com/watch?v=xutDqu_OiH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 2 - Hunting on UnpacMe
In this OALABS Patreon tutorial we demonstrate a simple YARA hunting example using the UnpacMe free YARA scan service: https://www.unpac.me Full notes have been unlocked on our Patreon here https://www.patreon.com/posts/introduction-to-96637337 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=Xqvlju9ED1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 1 - What is a YARA Rule
In this OALABS Patreon tutorial we cover the basics of YARA, what is it, how is it used, and how to write your first rule. Full notes have been unlocked on our Patreon here https://www.patreon.com/posts/introduction-to-96636471 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=3BpIhbsDR_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating Windows Courses
Check out the official 13Cubed Investigating Windows training courses, with 365-day access and a certification/digital badge attempt included! If you're looking for affordable, comprehensive, online, on-demand digital forensics training with 4K video, subtitles, and more, you've come to the right place! 🎉 Enroll today at https://training.13cubed.com #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=BYmRdfmJPfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Approaching Large Scope Targets Without Feeling Overwhelmed
In this video, we discuss how beginners can tackle large scope targets in bug bounty hunting. These targets offer more flexibility and potential for bug discovery, making them a great starting point for new hackers. However, they can be overwhelming due to their size and diversity. We suggest focusing on one part of the larger scope, which helps you understand the target's application development process without becoming overwhelmed. We also delve into different reconnaissance techniques, including subdomain enumeration, Google Dorking, API enumeration, OSINT, and more. Lastly, we emphasize that while reconnaissance is critical for large scope targets, it is just a stepping stone to actually hacking and finding vulnerabilities. This series couldn't happen without the support of our sponsor...
https://www.youtube.com/watch?v=W4pafFxOOwc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New OWASP API Top 10 for Hackers
Blog article isn't done yet but I'll get it up ASAP! Today we explore the new OWASP API Top 10 in detail, the new version is much more hacker friendly and focuses on bugs we can find rather than defenders but how can we start to study these bugs and actually find them? Let's take a look at some of the changes in the new OWASP API top 10 2023, which ones I recommend for beginners just starting out with API hacking and when to look out for specific bugs There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when they are lurking in our code…it's not as fun But that's where our sponsor Snyk comes in - Snyk scans your code, dependencies, containers, and configs, all in...
https://www.youtube.com/watch?v=sl1yqGhuVy4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

E-commerce Flaws and 0-1000 Bounties
We're continuing our stories of bad bugs theme with some business logic flaws. Unfortunately, I couldn't find the link to the whitepaper with the e-commerce flaws, but I remember it being quantity manipulation, price manipulation by changing the currency and guessing giftcards. In today's video we look at a pretty basic authentication issue, a pretty boring price manipulation issue and end with an utterly underwhelming order number adjustment. Each of these bugs got paid a bounty between 0-1000, though some were duplicates that were split between me and other hackers because they were bugs found at live hacking events) There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when...
https://www.youtube.com/watch?v=IsBgaEWpqro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OALABS Holiday Variety Show 2023
𝘔𝘦𝘳𝘳𝘺 𝘐𝘋𝘈𝘮𝘢𝘴 𝘢𝘯𝘥 𝘢 𝘏𝘢𝘱𝘱𝘺 𝘉𝘪𝘯𝘫𝘢-𝘠𝘦𝘢𝘳 Join us for our holiday special reverse engineering variety show! - Guess the prompt AI charades - Random RE banter - Suspicious liquids in bottles We've got it all! Merry Christmas everyone we will see you in 2024! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=XMVhX29AJbQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackMe Advent Of Cyber Day 20 - DevSecOps
DevSecOps has enabled developers to be much more efficient, committing code and deploying it automatically, but it's a fantastic tool for us to go exploring and hacking in their pipelines! Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=wGO2dWVk1oM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

🔥Resume Roast from our Content Manager Rachel. #shorts #resume #career #hacking

https://www.youtube.com/watch?v=012h_SV0bRs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyper-V Memory Forensics - MemProcFS to the Rescue!
In this episode, we'll learn how to properly acquire memory from Microsoft Hyper-V guest virtual machines. 🎉 Update After I recorded this episode, Ulf Frisk, the author of MemProcFS, let me know that he has made some updates that no longer require you to copy the vmsavedstatedumpprovider.dll file to the MemProcFS directory if the SDK is installed in the ***default*** location. If installed to a different location, the file must still be copied. Additionally, the requirement to prepend the Hyper-V checkpoint file with hvsavedstate:// has also been removed. Both changes now make this process even easier! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:43 - Preparation 06:35 - Using MemProcFS 🛠 Resources MemProcFS: https://github.com/ufrisk/MemProcFS MemProcFS...
https://www.youtube.com/watch?v=Wbk6ayF_zaQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Updated Beginners Guide to API Bug Bounty
If you're just getting started with bug bounty hunting, web APIs are a fantastic place to start, they're easy to approach, can't easily be automated and are full of bugs. Join the free, API security live class on Zoom webinars https://www.traceable.ai/resources/lp/webinar-api-security-masterclass?utm_medium=org_social&utm_source=org_social&utm_campaign=tb This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll...
https://www.youtube.com/watch?v=85vdKS0vNN0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is there ageism in #cybersecurity? Matt thinks so! What do you think? #shorts #hacking #ageism

https://www.youtube.com/watch?v=PH9CCcRhUbk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Can an Attacker Actually Do With a Bug Anyway?
We explore the significance of understanding and explaining the impact of vulnerabilities in a bug bounty context. Using Flare.io, to peek into the dark web and see what attackers are actually doing with our vulnerabilities. We cover different vulnerabilities, provide guidelines on creating an effective impact statement, and offer three examples of impactful bug bounty reports. Before I give you my tips for explaining impact to triage and avoiding arguments over severity. Thank you to our sponsor Flare.io. Know your exposed attack surface, track threat intelligence, and set prioritized alerts (that cut out the noise) for your own info leaked on the dark web with Flare! Try a free trial and see what is out there: https://hi.flare.io/katie-paxton-fear-free-trial/. 00:00 Introduction to Impact...
https://www.youtube.com/watch?v=4gjUby6LGFk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tips For Analyzing Delphi Binaries in IDA (Danabot)
Reverse Engineering Delphi is a nightmare ... or it can be if you don't have the right setup! In this clip we cover some easy tips that can help make some of the analysis a bit easier. Full notes with links for tools are available here: https://research.openanalysis.net/danabot/loader/delphi/2023/12/04/danabot.html Full stream with analysis of the Danabot loader is available on Patreon here: https://www.patreon.com/posts/live-stream-vod-94510766 ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=04RsqP_P9Ss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Recognize Macro Encrypted Strings in Malware
How to identify when a macro is used to encrypt strings in malware... inferring source from disassembly! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=fEAGYjhKzJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Important Change to ShellBags - Windows 11 2023 Update!
In this episode, we'll learn about an important change introduced with the September 26, 2023 Windows 11 Configuration Update, and how that change affects ShellBags! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 02:07 - Demo 07:34 - Recap 🛠 Resources September 26, 2023 Windows 11 Configuration Update: https://support.microsoft.com/en-us/topic/september-26-2023-windows-configuration-update-542780c2-594c-46cb-979d-11116fe164ba#:~:text=Note%20The%20update%20to%20Windows,to%20broaden%20availability%20over%20time #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=M1nyMIu1Y18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]
Our live discord call-in show debates! Are indirect syscalls even required? What are they and how are they used?! What are EDR vendors doing to detect them and why you might care.... ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=W2SeruUxhDs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]
Our live discord call-in show debates! Are red team tools really helping our industry or are they just giving malware operators a free lunch?! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=ur6csODQHKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

October 12, 2023

https://www.youtube.com/watch?v=1GbAFa_i-bk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware Memory Forensics - Don't Miss This Important Detail!
In this episode, we'll learn how to properly acquire memory from VMware ESXi guest virtual machines. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:45 - VMware ESXi Snapshot Creation 04:57 - Analysis 06:20 - Recap 🛠 Resources Memory Forensics for Virtualized Hosts: https://blogs.vmware.com/security/2021/03/memory-forensics-for-virtualized-hosts.html #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=P0yw93GJsYU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reverse Engineering With Unicorn Emulation
In this OALABS Patreon tutorial we will learn how to use the Unicorn Emulator to assist with reverse engineering! This is the second part in a five-part tutorial series that can be found on our Patreon here... https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation Lab Notes https://gist.github.com/herrcore/1a5af37f91a6f9b263a527c98c7b08bd ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=-CNy4qh08iU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied Ep88: The RISE of the CISO with Merike Kaeo
This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=FklaFGnBEyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Emulation Fundamentals - Writing A Basic x86 Emulator
In this OALABS Patreon tutorial we will explore how an emulator works by building one ourselves! This is the first part in a five-part tutorial series that can be found on our Patreon here... https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation The demo Jupyter Lab note can be found on GitHub here... https://gist.github.com/herrcore/f25bcf55fa10fa8d04effc172eeb63c9 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=HPrqOIdNlrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 6 | Deconstructing Malware Attacks & Forging a Career in Cybersecurity
In this episode of Intruder Alert, Marcus Hutchins is joined by cybersecurity expert Caitlin Sarian, known for her role as the Global Lead of Cybersecurity Advocacy and Culture at TikTok and her expertise in data protection and privacy compliance. Marcus and Caitlin provide technical insight into the latest US malware attacks and share invaluable advice on breaking into the cybersecurity field. Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=2aRgdmTdtK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Recap
Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=my568xKtgLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is your favorite on here?? #favorite #cybersecurity #hacker

https://www.youtube.com/watch?v=KPPH7vJZajQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Protecting Society and the Role of CERT with Tonu
In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=aYCyFDlK7vg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne x Red Team Village
Thank you HackerOne for Sponsoring the Red Team Village! Additional information about HackerOne can be obtained from https://hackerone.com The Red Team Village Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=6XzKgYF3kDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Hack The Box
Additional information about Hack The Box can be found at hackthebox.eu Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DX61G7v3jvw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Meta
Additional information about Meta can be found at meta.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=uizRK9qLsJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 5 | Community Uprising: Unravelling the Reddit Blackout
In the latest episode of Intruder Alert, Marcus Hutchins and Cybrary blue teamer, Marc Balingit, delve into the the uproar around Reddit's blackout. They unravel the intricacies of Reddit's contentious API changes, which have cornered third-party apps like Apollo, sparking a sweeping blackout protest across thousands of subreddits. Furthermore, they explore the impact of Twitch's fresh policy adjustments, which are a threat to streamers' ad revenue, and other news impacting online communities. Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=8_CEqpKU8AA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC31 - Red Team Village - Buddobot
Additional information about Buddobot can be found at buddobot.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ubVLiJ17Sd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trying to demo the #hacker side without getting 🤐🤐🤐 by the platform. Oops! #cybersecurity

https://www.youtube.com/watch?v=p_OgaSkmBMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Ep. 85 | Key Takeaways from the Verizon DBIR with Tony Goulding
Join host Joseph Carson and guest Tony Goulding as they break down the annual Verizon breach report. With over 16,000 incidents and more than 5,200 data breaches, there's a lot to look at. Tony and Joe have some great takeaways from this critical annual report and share their expert insights on what's new, what's changed, and what we're not doing so bad at (hint: MFA goes a long way!) Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=luXnfWO_U7I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AV Emulation Detection Tricks Used by Malware
Tricks that malware developers use to detect antivirus emulators and how these differ from the sandbox emulators we use from our recent Twitch stream. Alexie's Windows Defender research with some insights into the emulation engine used... https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf https://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf https://github.com/0xAlexei/WindowsDefenderTools ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=8jckguVRHyI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack you exe's phone? 😂 #podcast #cybersecurity

https://www.youtube.com/watch?v=ufdeWuwsWaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Ep. 84 | The Best of RSAC & Cybersecurity Strategies with Bob Burns
RSAC was the place to be for cybersecurity in 2023, and Joe Carson is joined by Bob Burns to talk all about it. From the sessions that really resonated to the incredible human connections and networking, join Joe and Bob to deconstruct this year's most comprehensive conference. Were you at RSAC this year? Join us in the comments to let us know your favorite session! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=qU40Yg7pfbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-ai-revolution-with-diana-kelley Everybody's talking about it - the AI revolution is here. But given the rapid evolution in this field, it's hard to keep up with the sweeping effects this technology is causing. Luckily, Joe Carson is joined by longtime AI expert Diana Kelley to shed light on all of these changes. She addresses the many misconceptions and media misrepresentations surrounding AI, breaks down the different forms of this technology, and emphasizes the need for a better understanding of AI's capabilities and limitations. They also discuss the ethical and legal implications that will only become more potent as AI...
https://www.youtube.com/watch?v=ow9JszgoC1M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=hacking-the-government-with-bryan-seely In this eye-opening episode, dive into the captivating world of cybercrime and social engineering with our host, Joe Carson, and special guest Bryan Seely! Bryan, a keynote speaker and cybersecurity expert best known for his Secret Service exposé, discusses his journey from a young computer enthusiast to a renowned public speaker. Join them as they investigate the mindset and techniques used by hackers, such as the use of aliases to deceive and manipulate their targets, as well as the importance of responsible disclosure and changing cybersecurity laws. Follow us for exclusive updates: ~https://twitter.com/cybraryIT ~https://www.instagram.com/cybrary.it/ ~https://www.facebook.com/cybraryit/ Follow...
https://www.youtube.com/watch?v=aagD2SxYUJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today! In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey! Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management Metrics: Top 10 KPIs To Measure Success
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide In this engaging interview, Walter shares valuable insights on: 🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments. 🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations. ⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs. 📈 Success stories...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management SOP: Expert Reveals Top Tips
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs! In this not-to-be-missed session, you'll: 🔑 Learn the essential components of effective vulnerability management SOPs 🛡️ Discover how to prioritize and remediate risks efficiently 🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top 10 Vulnerability Management Trends For 2024
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading: https://purplesec.us/learn/vulnerability-management-trends/ Chapters --------------- 00:00 - Introduction 00:20 - Joshua Copeland 02:47 - Automation Is Key 10:30 - Adoption Of Risk-Based Approaches 16:40 - Continuous Monitoring 21:40 - Increased Focus On Cloud Security 28:43 - Increased Use Of Threat Intelligence 35:10 - The Role Of Network Segmentation 43:30 - DevSecOps: Building Security From The...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Techniques To Improve Vulnerability Visibility & Detection
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/ Read the full article: https://purplesec.us/learn/vulnerability-visibility/ Chapters --------------- 00:00 - Introduction 00:45 - Clement Fouque 01:36 - Importance Of Visibility In Vulnerability Management 02:51 - Why Is Poor Visibility An Issue? 04:40 - Common Blind Spots 06:55 - Improving Asset Inventories 09:30 - How Do You Know If You Have Poor Visibility? 13:20 - Techniques For Improving Visibility 15:05 - How To Ensure All Endpoints Are Being Scanned 18:25 - How Network Segmentation Improves Visibility 20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CyberTalk Live #1 - Trying Out BlackBuntu & Q&A
CyberTalk Live #1 - Trying Out BlackBuntu & Q&A //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker Security Essentials (FREE) ►► https://bit.ly/3pDcFuA //SUPPORT THE CHANNEL NordVPN Affiliate Link (73% Off) ►► https://bit.ly/3DEPbu5 Get 0 In Free Linode Credit ►► https://bit.ly/39mrvRM Get started with Intigriti: https://go.intigriti.com/hackersploit //CYBERTALK PODCAST...
https://www.youtube.com/watch?v=XcIUuwH3S9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Risk-Based Vulnerability Management
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Read The Full Case Study ---------------------------------------- https://purplesec.us/case-studies/travel-services-provider/ High Level Findings ------------------------------- PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period: - 75% MTTR reduction. - 86% vulnerability risk reduction. - M average annual savings for the client. - 1.6k average monthly man-hour...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Read the full article... https://purplesec.us/learn/vulnerability-management-program/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz RSS: https://feeds.buzzsprout.com/2137278.rss Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading... https://purplesec.us/learn/vulnerability-remediation/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users. The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings. Chapters --------------- 00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Vulnerability Management? (Explained By Experts)
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/ Podcast Info -------------------- Podcast website: https://purplesec.us/podcast/ Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278 Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz RSS: https://feeds.buzzsprout.com/2137278.rss Chapters --------------- 00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)