Vidéos : les nouvelles vidéos internationales

Build AWS Cloud Infrastructure From Scratch in 60 Minutes | Free Hands-On Workshop
— Access the lab here with a free Infosec Skills account: https://app.infosecinstitute.com/portal/skills/content/asset/43595?utm_source=youtube&utm_medium=webinar&utm_campaign=aws+launch — Additional AWS training: https://www.infosecinstitute.com/skills/content-library/?Type=Boot+camp&_=1743748776579&Vendor=AWS&utm_source=youtube&utm_medium=webinar&utm_campaign=aws+launch —Upcoming live workshops and events: https://www.infosecinstitute.com/events/?utm_source=youtube&utm_medium=webinar&utm_campaign=aws+launch Join Keatron Evans, an AWS Certified Generative AI Expert and VP of Portfolio Product and AI Strategy at Infosec, for this comprehensive hands-on AWS workshop. In less than 60 minutes, you'll learn to build and deploy secure AWS cloud infrastructure...
https://www.youtube.com/watch?v=TPKQup_b0yk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers manipulate URLs to scam users #technews #cybersecurity @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/shorts/lcrjCjZ4J0k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

🔴 CYBERSECURITY NEWS HUNTING with @endingwithali
LIVE WRITING THREATWIRE -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=Wv4114aVJl8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

They Said IPerf3 Was Bad… So I Tested It
Lots of people claimed IPerf2 would crush IPerf3 in a 100Gbps test, so I ran them head to head. The results surprised me. Have you seen a major difference in your setup? Share your tests below! #networking #networkspeed #comparison
https://www.youtube.com/shorts/-2n2UMC1jkc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Soutenez No Hack Me sur Tipeee

L'Actu de la veille

Is your Linux Kernel 2 years old? #technews #cybersecurity @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/shorts/lvJr0sKsdq8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brute Force SSH & Build a Honeypot Now (Hydra and Cowrie Demo)
Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. This video features David Bombal and Kyle Winters demonstrating practical cybersecurity techniques. Kyle walks through how to use Hydra to brute force SSH passwords, explaining the process of leveraging wordlists and optimizing the attack. Following the offensive demonstration, Kyle transitions into defensive measures, showing viewers how to quickly and easily set up an SSH honeypot using Cowrie. The honeypot serves as a decoy to attract and monitor malicious actors attempting to access a network. The demonstration includes setting up the honeypot on an Ubuntu host, configuring IP tables for port redirection, and monitoring logs for incoming connection attempts. The video highlights the importance...
https://www.youtube.com/watch?v=uSohtNwQXuI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2

Remotely Triggering a Bash Bunny Payload using Bluetooth LE w/Glytch
Get your GlytchTech Crash Kit at https://hak5.org/glytch Bash Bunny MK2: https://shop.hak5.org/products/bash-bunny Docs: https://docs.hak5.org/bash-bunny/writing-payloads/wait_for_present/index.html Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission...
https://www.youtube.com/watch?v=bZnIq8NLqdg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Is Your 100Gbps Link Stuck At 55Gbps?
Watch me set my MTU to 9000 on a 100Gbps link, then expose why old gaming PCs and Windows Home are the real speed killers not jumbo frames.
https://www.youtube.com/shorts/0kjmvOKrSUI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

InfoSecMap x OWASP Collaboration
We're stronger together. In a move that speaks directly to the power of open collaboration, OWASP is proud to announce its new partnership with InfoSecMap, a community focused project dedicated to making InfoSec events and resources more accessible, global, and inclusive. At its core, OWASP is a community-driven force building free, open resources for anyone who cares about building safer software. InfoSecMap, meanwhile, has been quietly but impactfully connecting the dots across the global security ecosystem mapping events — from major conferences and CTFs to local communities and other resources — without pay-to-play marketers getting in the way. Visit the all new OWASP hub at InfoSecMap.com/owasp to find the latest from OWASP Chapters, Events, and Community Managed by the OWASP®...
https://www.youtube.com/watch?v=_tDK0wMpCrE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 16 billion password leak is all FUD, not truth #technews #cybersecurity @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/shorts/QCDT0Rp1b5c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Stay Ahead of Ransomware: How Threat Actor Profiling Can Help Prevent Ransomware Attacks
Ransomware attackers aren't all cut from the same cloth. From nation-state affiliates to hacktivists, the motivations and methods behind these attacks are as diverse as the actors themselves. Understanding who you're dealing with can change how you prepare, detect, and respond. In this episode, co-hosts Ryan and Mari welcome Kurtis Minder, a seasoned ransomware negotiator. He'll share a unique threat actor categorization model, developed to help defenders understand and anticipate adversary behavior. We'll explore how these TA profiles, ranging from professional pen testers to organized criminals, map to frameworks like MITRE ATT&CK / Engage, and how context like motive and capability can unlock smarter, more adaptive defenses. Whether you're responding to ransomware today or...
https://www.youtube.com/watch?v=k28UK4Ru628
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Start Learning AI for free
Big thank you to Cisco for sponsoring my trip to Cisco Live and for sponsoring this video! NetAcad Ethical Hacker: https://davidbombal.wiki/freehackingcourse Some Cisco U tutorials: https://u.cisco.com/tutorials/enhance-spanning-tree-protocol-security-with-root-guard-5508 https://u.cisco.com/tutorials/network-security-essentials-arp-spoofing-ccna-learners-5734 https://u.cisco.com/tutorials/network-reconnaissance-with-nmap-ccna-learners-5733 #shorts #ccna #cybersecurity @Cisco
https://www.youtube.com/shorts/LD5tDKq3nhw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows' Secret Screenshot Shortcut
Two hidden Windows combos = instant screenshots & screen-records! Win + Shift + S for pics, Win + Shift + R for video, got another hack? Share below! #windows11 #shortcuts #screenrecorder
https://www.youtube.com/shorts/gFLTOB1xDhE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Serious About Your Online Privacy? Try This
Big thank you to DeleteMe for sponsoring this video. Use my link http://joindeleteme.com/Bombal to receive a 20% discount. #privacy #databrokers #datatheft
https://www.youtube.com/shorts/wDrP8_r1cRk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking Bad Actors: Transforming Threat Intelligence into RaaS Resilience
SANS Ransomware Summit 2025 Breaking Bad Actors: Transforming Threat Intelligence into RaaS Resilience Christina Macaire, Senior Threat Intelligence Analyst, PwC Sohan Lokula, Senior Analyst, Threat Intelligence, PwC Data and statistics are fundamental to understanding and combating real-world criminal activity, enabling us to extrapolate trends and proactively address emerging threats. However, this data-driven approach is often underutilized in the fight against Ransomware-as-a-Service (RaaS), despite the wealth of information available to us through leak site figures – the cyber equivalent of real-world crime data. This presentation delves into the insights available through the analysis of leak site data, going beyond surface-level observations to provide a unique perspective, augmented...
https://www.youtube.com/watch?v=w6pjVIHX20U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HS Detecting Initial Access Malware Before It's Too Late
SANS Ransomware Summit 2025 Detecting Initial Access Malware Before It's Too Late Hiren Sadhwani, Threat Hunter, Company Inspira Enterprise Ransomware attacks don't begin with encryption—they start with initial access malware that gives attackers a foothold in the network. Threats like Lumma Stealer, Bumblebee, RedLine, SnakeLoader, Remcos RAT, and Socgholish are frequently used by ransomware operators to gain access, steal credentials, and move laterally before launching an attack. This session will focus on how to detect and hunt these early-stage threats before they lead to ransomware deployment. Instead of relying only on IoCs, we'll explore behavioral patterns and detection techniques that help uncover initial access malware in its early stages. Attendees will walk away with...
https://www.youtube.com/watch?v=JgiLBSWwrSs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Panel | What's New in the World of Ransomware in 2025
SANS Ransomware Summit 2025 Panel | What's New in the World of Ransomware in 2025 Allan Liska, CSIRT, Recorded Future Selena Larson, Senior Threat Intelligence Analyst, Proofpoint Danny Quist , CTO , Unit129, Inction plans. View upcoming Summits: http://www.sans.org/u/DuS #RansomwareSummit #Ransomware #ThreatIntelligence #CyberThreats
https://www.youtube.com/watch?v=OiJQ3ZGj1N4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Teams, Scams, and Ransomware: BlackBasta's Social Engineering Hustle
SANS Ransomware Summit 2025 Teams, Scams, and Ransomware: BlackBasta's Social Engineering Hustle Partha Alwar, Director, Stroz Friedberg Kelsey Ward-Van Nostrand , Director, Digital Forensic and Incident Response , Stroz Friedberg BlackBasta operators in 2024 increasingly use social engineering for initial access, leveraging email bombing and Teams-based impersonation to trick victims into launching remote management tools. Once inside, they deploy credential theft websites, exploit Microsoft 365 session replay, abuse Active Directory (ESC1), and disable security tools. This talk dissects their attack flow, detection opportunities, and mitigation strategies based on recent investigations. View upcoming Summits: http://www.sans.org/u/DuS #RansomwareSummit #Ransomware #SocialEngineering...
https://www.youtube.com/watch?v=iPSg4Av68mg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware TTX | Seven scenarios to include in your next TTX
SANS Ransomware Summit 2025 Ransomware TTX: Seven scenarios to include in your next TTX Gerard Johansen, Principal Security Solutions Specialist, Red Canary Tabletop Exercises (TTX) are an excellent way for organizations to find gaps in their overall incident response processes and procedures. As part of a ransomware TTX, there are several considerations that should be included to ensure that the organization is prepared to address not only the technical challenges, but also key decisions. In this presentation, we will look at seven different key scenarios that should be included as part of a ransomware TTX. For each of these, we will examine how to structure scenarios into a TTX, either as discussion points or scenario injects. Next, we will examine key points to address and what some...
https://www.youtube.com/watch?v=hE0V23ZUXNU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Facing Modern Ransomware Threats and Tackling Multi-Extortion Tactics
SANS Ransomware Summit 2025 Lightning Talk | Facing Modern Ransomware Threats and Tackling Multi-Extortion Tactics Sanjay Poddar, Advanced Services Engineer, Fortinet Ransomware attacks of today are surgical and multipronged in nature, and they consist of multi-mode extortion tactics that target organizations on multiple fronts. In this session, we will explore the strategies deployed by ransomware operators to maximize their impact-from encrypting critical data to exfiltrating sensitive information and then-exposing it all in public or via denial service attack. An understanding will be gained by attendees as to how these layered extortion techniques are being carried out, the basis of their efficiency, and the very reasons that make defense against them so challenging. For every layer...
https://www.youtube.com/watch?v=w7tV-0_hzDM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Trust AI in Ransomware Defense: Reinventing Risk Management
SANS Ransomware Summit 2025 Lightning Talk | Zero Trust AI in Ransomware Defense: Reinventing Risk Management Jessica Dapelo, President, Jessica Dapelo Enterprise INC In the face of evolving ransomware tactics, organizations must rethink their cybersecurity posture. Traditional defense models are no longer enough to mitigate the risks of sophisticated ransomware attacks. This presentation will explore how integrating Zero Trust architecture and Artificial Intelligence (AI) can revolutionize ransomware defense strategies. Attendees will learn how Zero Trust principles—requiring continuous authentication and least-privilege access—can be combined with AI tools to enhance threat detection, improve incident response, and reduce the attack surface. Practical takeaways will include real-world...
https://www.youtube.com/watch?v=8DiIijUTld8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MCP Demo using Python, AI and a self healing network (Model Context Protocol)
Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. See how Cisco engineer Kareem Iskander teams up with David Bombal at Cisco Live San Diego 2025 to build a self-healing network in real time. Using the new Model Context Protocol (MCP), Splunk logs, Meraki APIs, and Anthropic Claude, Kareem's Python code lets an LLM detect configuration drift and automatically revert changes, no manual troubleshooting required. You will learn: • What MCP is and how it exposes trusted tools to an LLM • How Claude reads Splunk, correlates Meraki changes, and repairs configs • Why two lines of code can spin up an entire MCP server from OpenAPI specs • Where to find Kareem's full code on GitHub and his upcoming Cisco U tutorial // Code // Get the code...
https://www.youtube.com/watch?v=4FEg4XU6yQ4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keynote | Adapting Tradecraft: Examining Ransomware Attacks in 2024 - Insights from The DFIR Report
SANS Ransomware Summit 2025 Keynote | Adapting Tradecraft: Examining Ransomware Attacks in 2024 - Insights from The DFIR Report Peter O, Cyber Threat Analyst, The DFIR Report Angelo Violetti, Swisscom CSIRT Ransomware attacks continue to be highly prevalent, impacting a significant number of organisations. Whilst there has been some impacts to counter this threat, ransomware operators continue to adapt their tradecraft to ensure they are successful in their mission, to elicit a financial reward from a compromised victim network. The DFIR Report throughout 2024 have investigated and analyzed a number of ransomware attacks, providing a rich understanding of how an attack unfolds, how the ransomware operator navigated a compromised environment and how effects were delivered. In this presentation,...
https://www.youtube.com/watch?v=wmFvfm77lSY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How You Can Impersonate Anyone in Active Directory (with Shikata!)
This is a reupload. https://jh.live/specops || Protect your organization with stronger passwords, and continuously scan and block over FOUR BILLION breached passwords with Specops Software! https://jh.live/specops Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense Master Binary Files and Protocols with Gynvael...
https://www.youtube.com/watch?v=JzlaszGBhjw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Wireshark Cert Could Change Your Career
Created by the actual creator of Wireshark 😳🔥 This new cert is already making waves in the industry. Ready to level up? Course from Chris: https://packetpioneer.com/courses/wca/ref/3/?campaign=WCA1 Cert information: https://wireshark.org/certifications
https://www.youtube.com/shorts/1IMo5_ZP9Rk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers User Query Params To Manipulate Users? - Threat Wire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:11 1 - 16 Billion Passwords Leaked 01:05 2 - Update Your Linux Kernels 02:35 3 - Google Ads Continue to Be A Problem 04:18 4 - Outro LINKS 🔗 Story 1: 16 Billion Passwords Leaked https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/ https://www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/ 🔗 Story 2: Update Your Linux Kernels https://thecyberexpress.com/cisa-warns-cve-2023-0386-linux-vulnerability/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-adds-one-known-exploited-vulnerability-catalog https://thecyberexpress.com/cisa-warns-cve-2023-0386-linux-vulnerability/ https://www.cve.org/CVERecord?id=CVE-2023-0386 🔗...
https://www.youtube.com/watch?v=3lhWK6JSMzg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Wi-Fi Mistake Could Let Hackers In
Your Wi-Fi setup is making you an easy target. Fix it in 60 seconds 🔐📶 #cybersecurity #wifitips #wpa3
https://www.youtube.com/shorts/oEgo1LZI4CE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Is Forcing a Network Redesign
AI is changing everything about how we design, scale, and secure networks. It's not just hype, it's a full infrastructure rethink. Big thank you to Cisco for sponsoring my trip to Cisco Live and for sponsoring this video! #sponsored #cisco #ciscolive @cisco
https://www.youtube.com/shorts/u-8SQSXKijo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your Firewall Won't Save You From This 😱
Big thanks to Radware for sponsoring this video and sharing technical insights with us! David Bombal talks with Michael Geller (Radware) and Tim Sherman (Cisco) about how smart devices like fridges, cars, and cameras are being hijacked for DDoS attacks. They explain Web DDoS, encrypted Layer 7 threats, and how attackers bypass traditional firewalls. The discussion covers IoT botnets, API abuse, 5G core vulnerabilities, and how Cisco and Radware are defending cloud and edge infrastructure. // Radware's SOCIALS // X: https://x.com/radware LinkedIn: https://www.linkedin.com/company/radware/posts/ Website: https://www.radware.com/ // Web page REFERENCE // http://livethreatmap.radware.com https://www.radware.com/security/ddos-knowledge-center/ddospedia/mirai/ https://www.radware.com/solutions/web-ddos-protection/ //...
https://www.youtube.com/watch?v=PznT8uDWKEA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why We Skipped IPv5 🧐
Why there's no IPv5. It was already used by the Internet Stream Protocol, which wasn't meant to replace IPv4. So we went straight to IPv6 to avoid confusion. #ipv4 #ipv6 #networking
https://www.youtube.com/shorts/uKtEMY0uMEY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Skills Cybersecurity Professionals Need In 2025
Cybersecurity professionals must blend core technical skills with AI expertise to stay relevant as the field evolves. The following skills are essential for building a practical, effective defense in an AI-driven world. 📖 Read the full article: https://purplesec.us/learn/ai-replacing-cybersecurity-jobs/ Tom Vazdar is the Chief AI Officer at PurpleSec and brings more than two decades of cybersecurity expertise to this discussion. He is an expert in AI and leads the development of advanced cybersecurity strategies, enhancing data protection and compliance. As an AI strategist and mentor, Tom advocates for ethical AI integration. About The Experts ------------------------------ Jason Firch, MBA https://purplesec.us/about-us/leadership/jason-firch/ Tom Vazdar https://purplesec.us/about-us/leadership/tom-vazdar/ AI...
https://www.youtube.com/watch?v=KbyAwGCXfCc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Free Ethical Hacking and Cybersecurity tuts and course #shorts #ccna #cybersecurity
Big thank you to Cisco for sponsoring my trip to Cisco Live and for sponsoring this video! NetAcad Ethical Hacker: https://davidbombal.wiki/freehackingcourse Some Cisco U tutorials: https://u.cisco.com/tutorials/enhance-spanning-tree-protocol-security-with-root-guard-5508 https://u.cisco.com/tutorials/network-security-essentials-arp-spoofing-ccna-learners-5734 https://u.cisco.com/tutorials/network-reconnaissance-with-nmap-ccna-learners-5733 #shorts #ccna #cybersecurity
https://www.youtube.com/shorts/OeOhZONSDXw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OSINT tools to track you down. You cannot hide (these tools are wild)
To try Brilliant for free, visit https://brilliant.org/DavidBombal or scan the QR code onscreen. You'll get 20% off an annual premium subscription. In this video, Mishaal Khan walks through real-world OSINT techniques that show how anyone can be found online using free, publicly available tools. David is joined by Mishaal who demonstrates how to go from basic Google searches to advanced data extraction using license plates, phone numbers, email addresses, and usernames. He covers tools and methods that range from simple people search websites to advanced techniques using breach data, APIs, metadata extraction, and more. Topics covered include: • Google Dorking and advanced search engines (Yandex, DuckDuckGo, Bing) • People and phone number search tools (FastPeopleSearch, Sync.Me, TrueCaller) •...
https://www.youtube.com/watch?v=zing6e1DtXE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft AI Vulnerable Again? #technews #cybersecurity @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/shorts/yNZEoMBIGgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Broke the Internet #technews #cybersecurity @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/shorts/zjy7zxvIGm8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crazy Fast Copper Ethernet? 25Gbps and 100Gbps #shorts #ethernet #internet #fiber #ccna #iphone
#shorts #ethernet #internet #fiber #iphone #android
https://www.youtube.com/shorts/xoxxQT0p4wM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Zero Day Discovered #technews #cybersecurity @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/shorts/ZKMGUcCfbco
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Capture the Flag!
Just Hacking Training livestream with Matt Ehrnschwender at 10am PT/1pm ET on Thursday, June 19 https://justhacking.com
https://www.youtube.com/watch?v=MJC11U3WzoA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is your organization part of the 25%? #securityawareness #cybersecurity
Some insights from a new Dark Reading report on human risk management: 43% of organizations have highly engaged leadership for human risk management, but 25% have leaders who are minimally engaged or just "aware" without active support. Here's the reality check — managing human risk isn't just a technical problem, it's a strategic business priority that requires cross-functional coordination between SecOps, business managers and training teams. Without executive buy-in, your security program will struggle to gain traction and mature. If your leadership falls into that 25%, consider this your wake-up call. Get more insights from the Dark Reading report here: https://www.infosecinstitute.com/iq/human-risk-management-report/?utm_source=youtube&utm_medium=video&utm_campaign=iq%20hrm%20dark%20reading...
https://www.youtube.com/shorts/qaz2Bi-wK3o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Evading Antivirus Detection in C (with Dahvid Schloss)
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=izf8ptPVh2g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live AWS workshop: Build and deploy your first cloud infrastructure | Free training promo
Save your spot here: https://www.infosecinstitute.com/webinar/aws-cloud-workshop/?utm_source=youtube&utm_medium=video&utm_campaign=aws%20launch Ready to discover the power of cloud computing? Don't miss this hands-on training where you'll build real AWS infrastructure and deploy a live site — all in less than an hour. This isn't a passive course. You will actively participate every step of the way and leave with some of the same practical skills students learn in our 3-day AWS boot camps. Already familiar with cloud basics? Come see how AWS makes complex tasks surprisingly simple! Join Keatron Evans, 20-year cybersecurity veteran and VP of Portfolio Product and AI Strategy at Infosec, on June 26 at 11 a.m. Central for this one-of-a-kind training event. During the live workshop,...
https://www.youtube.com/watch?v=jhKm6rZAiMI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why security awareness training isn't working #securityawareness #cybersecurity
Learn why traditional annual security awareness training is hitting a plateau. The solution? Moving beyond basic awareness to behavior-targeted coaching that uses real-time employee risk data to intervene in the moment. The best part? You don't need to scrap your current program—just augment it with behavior-driven insights that actually change security habits. Get more insights from the Dark Reading report: https://www.infosecinstitute.com/iq/human-risk-management-report/?utm_source=youtube&utm_medium=video&utm_campaign=iq%20hrm%20dark%20reading
https://www.youtube.com/shorts/oM1b2osLM9c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Internet Went Down Because of Google - Threat Wire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:08 1 - Apple Closes Open Zero Day 01:21 2 - The First Zero Click AI Vulnerability 02:54 3 - Google Broke The Internet 04:49 4 - Outro LINKS 🔗 Story 1: Apple Closes Open Zero Day https://support.apple.com/en-us/122174 https://thecyberexpress.com/apple-patches-flaw-paragon-spyware-attacks/ http://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/ 🔗 Story...
https://www.youtube.com/watch?v=3zEjV8ahjjA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DLL Sideloading Your Aimbot into ANY Game
🔥 Learn how to load your DLL without injection, using DLL Sideloading! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking Learn how to perform DLL sideloading to inject code without conventional methods. This technique involves hijacking the DLL search order, allowing you to load your own DLL files into a process. This is a form of evasion, commonly used in game hacking, malware & red teaming scenarios. GuidedHacking® - The Game Hacking Bible® - © 2025 Guided Hacking LLC. All Rights Reserved. 🔗 Article Link: https://guidedhacking.com/threads/dll-sideloading-your-aimbot-into-any-game.20978/ 👨‍💻 New Content Creator: Ayla 👉https://guidedhacking.com/members/ayla.279946/ ❤️...
https://www.youtube.com/watch?v=OcDc_gMALX0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Global Board of Directors Meeting - May 2025
Minutes here: https://owasp.org/www-board/meetings-historical/2025/202505 Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=PR7X4NeKEys
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keeping red team skills relevant? Keep "same mindset, different methodologies," says Ed Williams
A colleague of Ed Williams once said, of the rise of Cloud Security, "It's just security, but somewhere else." Ed disagrees - it's the same mindset, but up to date red team and cybersecurity professionals know that methodologies are very different depending on the changing tech, whether Cloud Security or upcoming challenges with AI Security!
https://www.youtube.com/shorts/W9u3tQDxYnY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

🔴 WRITING THREATWIRE LIVE! with @endingwithali
LIVE WRITING THREATWIRE -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=r1D5DjD2iLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CodeDefender Gives You TOTAL FREEDOM to Obfuscate Your Code
Learn how CodeDefender.io and Back.Engineering are pushing the boundaries of code obfuscation, virtualization and anti-tamper. 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - © 2025 Guided Hacking LLC. All Rights Reserved. 🔗 Back.Engineering + CodeDefender 🔗 https://codedefender.io/ https://back.engineering/ https://x.com/BackEngineerLab 🔗 GH Link: https://guidedhacking.com/threads/back-engineering-interview-codedefender-io-demo-gh-podcast-4.20946/ Listen to the Guided Hacking Show on these platforms: - https://podcasters.spotify.com/pod/show/guidedhacking - https://soundcloud.com/guidedhacking - https://guidedhacking.com/forums/the-guided-hacking-podcast.569/ -...
https://www.youtube.com/shorts/cpNvCW9-_Qw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Executives Face Rising Stakes of Security Breaches | #securityawareness #cybersecurity
According to the Verizon Data Breach Report, phishing and social engineering remain the top attack vectors despite years of awareness training. The result? Frustrated executives asking "Why are we still doing this training?" at every board meeting where another breach gets discussed. Here's the reality: Traditional security awareness has hit a plateau. But there's hope. Human risk management (HRM) is the missing piece that can actually change employee behaviors. As Keatron puts it: "We can't change risk without managing risk." HRM is how we manage behavioral risk in today's threat landscape. Get more insights from the Dark Reading report here: https://www.infosecinstitute.com/iq/human-risk-management-report/?utm_source=youtube&utm_medium=video&utm_campaign=iq%20hrm%20dark%20reading...
https://www.youtube.com/shorts/BliXUs9xBHs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From FBI Cyber Agent to Police Tech Innovator | Andre McGregor
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast Andre McGregor of ForceMetrics shares his incredible journey from reluctant FBI recruit to cybersecurity entrepreneur. Despite initially declining the FBI's recruitment call, Andre went on to become a special agent, tackling high-profile cybercrime cases involving nation-state actors like China, Russia and Iran. Growing up in marginalized communities shaped his commitment to creating safer police-community interactions, leading him to develop ForceMetrics — a platform that gives law enforcement officers real-time contextual data to make better decisions and de-escalate situations. This episode dives deep into...
https://www.youtube.com/watch?v=DmWib5JYAUg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learning to Hack Active Directory Certificate Services (with Shikata!)
https://jh.live/specops || Protect your organization with stronger passwords, and continuously scan and block over FOUR BILLION breached passwords with Specops Software! https://jh.live/specops Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana...
https://www.youtube.com/watch?v=tYxJMr8jAgo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Will AI Replace Cybersecurity Jobs? #cybersecurity #AI #jobs #podcast
Will AI Replace Cybersecurity Jobs? w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/Nn4yU6fVnJ0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Security Leaders Build AI-Augmented Defense in Depth
Webinar from HackerOne: Learn how Zoom is adopting defense in depth for a world of constant code changes, rising AI-driven threats, and growing attack surfaces.
https://www.youtube.com/watch?v=8_GpJTqHHOQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Cybersecurity: Job Evolution, Not Job Loss! #cybersecurity #ai #jobs #podcast
AI Cybersecurity: Job Evolution, Not Job Loss! W/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/a4E3xmQhujs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What experience is needed for working in healthcare security? | Ken Zalevsky
Want to get into healthcare security? Wondering what skills and certs you need to succeed? Ken Zalevsky reminds listeners that basic networking and encryption skills will never be out of style. Plus, hear his cert recommendations for healthcare security professionals!
https://www.youtube.com/shorts/-uuy89f5gG4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Yes, AI Will Replace Cybersecurity Jobs (If You Let It)
Is AI coming for your cybersecurity job? In this episode of Security Beyond the Checkbox, host Jason Firch sits down with PurpleSec's Chief AI Officer, Tom Vazdar, to unpack the role of AI in cybersecurity and what it means for your career. From CrowdStrike's 2025 job cuts to a Reddit user's story of their team being replaced by AI, we dive into the headlines and separate fact from fear. Spoiler: AI isn't replacing cybersecurity jobs—it's evolving them. 📖 Read the full article: https://purplesec.us/learn/ai-replacing-cybersecurity-jobs/ Tom shares actionable insights on how AI is reshaping roles, creating hybrid opportunities like AI Security Engineer and AI Governance Specialist, and why skills like ethics, communication, and AI fluency are now critical. Learn how...
https://www.youtube.com/watch?v=reRHSeNkIm0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Extended Detection & Response (XDR) Explained #XDR #cybersecurity #podcast
Extended Detection & Response (XDR) Explained w/ Joshua Selvidge @PurpleSec
https://www.youtube.com/shorts/8Y7pmIZ1IYE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Managed vs Unmanaged XDR: Choosing The Right Fit #XDR #cybersecurity #podcast
Managed vs Unmanaged XDR: Choosing The Right Fit w/ Joshua Selvidge @PurpleSec
https://www.youtube.com/shorts/FTjie8o-2Rs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Phishing!
Livestream with Cori Macy on Wednesday, June 11th at 10am Pacific Time for her upcoming course on Just Hacking Training https://justhacking.com
https://www.youtube.com/watch?v=ZB-2JXSQ5uE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meta's New Way to Track Android Users - Threat Wire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:10 1 - Chrome To Stop Trusting Certificate Authorities 01:37 2 - Hacker Finds Google Account Info Brute Force 03:08 3 - Meta was Listening All Along! 05:23 4 - Outro LINKS 🔗 Story 1: Chrome To Stop Trusting Certificate Authorities https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html https://arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/ 🔗...
https://www.youtube.com/watch?v=Dp8uarJtE14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ed Williams created the red team tool RedSnarf!
Pentester and red teamer extraordinaire Ed Williams of TrustWave and a colleague created a tool for red teaming called RedSnarf. Learn about the process of creating and constantly improving this former "Tool of the Year" on today's Cyber Work short.
https://www.youtube.com/shorts/h69fUOyudnQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attack vectors of medical devices? | Ken Zalevsky
To secure medical devices in a healthcare facility, cybersecurity experts need to know what's running on the system, how old it is, and how to remediate security hazards, says Ken Zalevsky, CEO of Vigilant Ops. If you're going into GRC or healthcare security, make sure you know about SBOMs!
https://www.youtube.com/shorts/gArj-ox6mX0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hunting Phishing Kits
https://jh.live/flare || Track data on the dark web, hunt adversaries across the cybercrime ecosystem, and manage threat intelligence for your exposed attack surface with Flare! Start a free trial and see what info is out there: https://jh.live/flare Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense Master Binary...
https://www.youtube.com/watch?v=sSuAKE7gjBM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ANTICHEAT DEVELOPMENT COURSE - COMING SOON!
🚀 Guided Hacking's Anticheat Development Course - COMING SOON! 👨‍💻 Buy Our Courses: https://guidedhacking.com/forums/anti-cheat-development-course.570/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - The Game Hacking Bible® - © 2025 Guided Hacking LLC. All Rights Reserved. 👑 2025 is the year Guided Hacking reclaims our throne! ⌛️ Coming Soon... 🚀 Guided Hacking's Anticheat Development Course We will be teaching you how to build an anticheat, 1 feature at a time, and then teaching you how to bypass it. More info coming soon! We have HUNDREDS of tutorials teaching you how to bypass anticheat already, but this will be uniquely different. The GH Anticheat app will perform...
https://www.youtube.com/shorts/hPfFEB2jlDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Software Bill of Materials (SBOM)? GRC pros need to know! | Ken Zalevsky
What is a Software Bill of Materials (SBOM)? Ken Zalevsky, CEO of Vigilant Ops, helps Governance, Risk and Compliance professionals understand why SBOMs are an integral part is understanding the security and vulnerability risks in healthcare devices and why understanding SBOMs is a valuable way to future-proof your cybersecurity skills!
https://www.youtube.com/shorts/LX3BHD_aJV8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Endpoint Telemetry (ft. Jonny Johnson)
Check out Jonny's work: https://github.com/jonny-jhnson/ETWInspector // https://github.com/jonny-jhnson/JonMon // https://x.com/JonnyJohnson_ He also just recently put out some AWESOME research for "Remote EDR" using this technique over DCOM: https://jonny-johnson.medium.com/no-agent-no-problem-discovering-remote-edr-8ca60596559f Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst...
https://www.youtube.com/watch?v=BNWAxJFL6uM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Course! Investigating macOS Endpoints
Check out Investigating macOS Endpoints, a comprehensive macOS forensics training course from 13Cubed! Starting with fundamental principles, Investigating macOS Endpoints advances to encompass log analysis, file systems, forensic artifacts, persistence mechanisms, evidence collection, and more! This course offers extensive hands-on practice and a capstone involving the analysis of a compromised system. Tailored for both beginners and seasoned professionals, it serves as an ideal resource for mastering macOS forensics! 🎉 Enroll today at https://training.13cubed.com! #Forensics #DigitalForensics #DFIR #macOSForensics
https://www.youtube.com/watch?v=_D6oHm-371A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Writing Threatw Wire Live! with @endingwithali
LIVE WRITING THREATWIRE -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=sgE5HCMEyjo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hack: See Attacker, SOC and Employee Perspectives | Plus Dark Reading Research
Get the Dark Reading report here, plus a free quiz to assess the maturity of your organization's security awareness program: https://www.infosecinstitute.com/iq/human-risk-management-report/?utm_source=youtube&utm_medium=organic%20social&utm_campaign=hrm%20attack%20webinar An employee clicks on a phishing email, leading to a hack that compromises the organization's systems. Witness the attack unfold from multiple perspectives — the attacker, the SOC and the employee. Then see firsthand how human risk management can pinpoint vulnerabilities like this and strengthen your defenses to reduce risk. We also cover insights into human risk management (HRM) trends based on Infosec Institute research with Dark Reading. 0:00 - Introduction and live hack preview 3:00 - Dark Reading research:...
https://www.youtube.com/watch?v=r31Kj1lS6jE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EDR vs MDR vs XDR: Key Features Explained #xdr #mdr #edr #podcast
EDR vs MDR vs XDR: Key Features Explained w/ Joshua Selvidge @PurpleSec
https://www.youtube.com/shorts/GyDoU8uiooQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Puny-Code, 0-Click Account Takeover | @YShahinzadeh & @AmirMSafari | #NahamCon2025
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=4CCghc7eUgI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI in Cybersecurity: Enhancing Security Team Efficiency #cybersecurity #aisecurity #podcast
AI in Cybersecurity: Enhancing Security Team Efficiency w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/6qKGUCux6QY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Cybersecurity: Autonomous Systems Protecting Us Now! #cybersecurity #aisecurity #podcast
AI Cybersecurity: Autonomous Systems Protecting Us Now! w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/xIBIcDCHgdg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Cyber Attacks: How Bad Guys Are Using AI #cybersecurity #aisecurity #podcast
AI Cyber Attacks: How Bad Guys Are Using AI w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/QHwCNav-34Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Data Poisoning Is The Most Insidious Threat To AI Security #cybersecurity #aisecurity #podcast
Why Data Poisoning Is The Most Insidious Threat To AI Security w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/fuGkIL5_D4E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI vs AI: The Biggest Threat To Cybersecurity #cybersecurity #aisecurity #ai #podcast
AI vs AI: The Biggest Threat To Cybersecurity w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/NLwXM0aYopc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Detecting AI Data Poisoning Is Insanely Difficult #cybersecurity #aisecurity #AI #podcast
Why Detecting AI Data Poisoning Is Insanely Difficult w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/yAyakcxHL9c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recent AI Data Poisoning Attack Cost Banks 4.5 Million #aisecurity #cyberattacks #podcast
Recent AI Data Poisoning Attack Cost Banks 4.5 Million w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/u34Onb93FrA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Poisoned Models: The Hidden Dangers In AI Deployment #cybersecurity #aisecurity #AI #podcast
Poisoned Models: The Hidden Dangers In AI Deployment w/ Tom Vazdar @PurpleSec
https://www.youtube.com/shorts/VxTaCXmRXMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secure Your Spot for DFIRCON Miami 2025 | Cybersecurity Training That Makes an Impact
Ready to strengthen your DFIR knowledge and learn from the best in the industry? Don't miss DFIRCON Miami 2025, November 16–22 in Coral Gables, FL. You'll spend the week learning directly from the experts who wrote the course materials, getting real experience you can take back to work. We're also kicking things off with a free Community Learning Day on Sunday, where you can get a head start with open-source tools and hands-on guidance from the creators. Whether you're new to the field or deep into your DFIR career, this is the kind of training that sticks. Learn more about and register for DFIRCON 2025 here: https://www.sans.org/u/1Bwz
https://www.youtube.com/watch?v=VQPC1ZryJtY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

"Give away your job in a diligent way" says Sam Chehab
Sam Chehab of Postman details the best piece of career advice he received, and it sounds strange at first. "Give away your job to rise in the ranks." BUT, Sam emphasizes, "do so diligently and responsibly." What does that mean? Sam says if you are a software creator, it's important to bring your creation to full fruition, and then pass it along so you can move on to the next big project.
https://www.youtube.com/shorts/lAqvmLUd2MA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BYPASS Anti-Cheat with this one WIERD TRICK!
🔥 Learn How Anti-Cheats Detect CreateRemoteThread, NtCreateThreadEx etc... 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 🔗 Article Link: https://guidedhacking.com/threads/how-to-detect-createremotethread-ntcreatethreadex.20474/ 🔗 GH Injector: https://guidedhacking.com/resources/guided-hacking-dll-injector.4/ ✏️ Tags: #gamehacking #anticheat #reverseengineering
https://www.youtube.com/shorts/fM0_O1ABRGg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI will "democratize" software engineering? Says Sam Chehab
As AI enters the Software Engineering space, Sam Chehab of Postman envisions a future where product managers can "quickly spin up a prototype" for the product they want, thus lowering the bar of creation. What it won't do, however, is create a Skynet-like loop of machines building machines and making software engineers obsolete. Instead, Sam imagines software engineering working through. more "cruft" and using their expertise to solve more complex problems. Check out the full episode of the Cyber Work podcast: https://www.infosecinstitute.com/podcast/when-ai-goes-rogue-api-security-in-the-age-of-ai-agents--guest-sam-chehab/
https://www.youtube.com/shorts/nujqowomSVQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Australia Wants to Know Your Ransom Payouts - Threat Wire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️ @endingwithali → Twitch: https://twitch.tv/endingwithali Twitter: https://twitter.com/endingwithali YouTube: https://youtube.com/@endingwithali Everywhere else: https://links.ali.dev Want to work with Ali? endingwithalicollabs@gmail.com [❗] Join the Patreon→ https://patreon.com/threatwire 00:00 0 - Intro 00:14 1 - Google Calendar as a C2 Server 01:59 2 - SentinelOne Outage 03:32 3 - First Ransomware Reporting Regulations Go into Effect 05:44 4 - Outro LINKS 🔗 Story 1: Google Calendar as a C2 Server https://www.bleepingcomputer.com/news/security/apt41-malware-abuses-google-calendar-for-stealthy-c2-communication/ https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics 🔗 Story 2: SentinelOne Outage https://www.bleepingcomputer.com/news/technology/sentinelone-last-weeks-7-hour-outage-caused-by-software-flaw/ https://www.sentinelone.com/blog/update-on-may-29-outage/ 🔗...
https://www.youtube.com/watch?v=E9CvQ-M12Xg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

"All Cybersecurity pros need *some* coding skill!" with Sam Chehab
Sam Chehab, head of Security and IT at Postman, advises aspiring Cybersecurity professionals to understand at least basic coding, even if it's just "vibe coding" at the start. "The world will require more scripting for people to be successful Cybersecurity professionals," says Sam. See Sam's full interview at https://www.infosecinstitute.com/podcast/when-ai-goes-rogue-api-security-in-the-age-of-ai-agents--guest-sam-chehab/
https://www.youtube.com/shorts/iSB1h59BjHw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Corporate Supporter Spotlight - root.io
In this month's Corporate Supporter Spotlight, learn about how root.io got going, advice for aspiring entrepreneurs looking to get their first start-up going, how best to get your OWASP project to the next level, and more! Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=88WjNmfXDcI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shaking up the Ransomware Game: Introducing Scattered Spider
Ransomware has not largely changed in the past few years - TTPs are common. It's almost become a game of slow-pitch softball for incident responders. Once you've worked a handful of cases, they begin to seem quite similar. But a key player has entered the realm that has shaken things up immensely: Scattered Spider (aka Muddled Libra). Initially known for their cutting edge techniques and game-changing abilities to infiltrate a multitude of environments within a victim organization, Scattered Spider began making a shift to ransomware operations in 2023. Since then, they've worked with BlackCat/ALPHV, RansomHub, Qilin, and now DragonForce ransomware operators. What has the introduction of their tactics done to the ransomware landscape? How has the scene changed? What can we expect given...
https://www.youtube.com/watch?v=RKt_2m83-PM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Offensive Security Web Expert (OSWE) Review + Tips/Tricks [OffSec]
Offensive Security Web Expert (OSWE) review, tips/tricks etc. Hopefully this video will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc who might be interested in taking the Advanced Web Attacks and Exploitation course from Offensive Security (OffSec) 🙂 #OSWE #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec ↢OffSec OSWE↣ Web-300 course: https://www.offsec.com/courses/web-300 Web-300 syllabus: https://manage.offsec.com/app/uploads/2023/01/WEB-300-Syllabus-Google-Docs.pdf Web-300 FAQ: https://help.offsec.com/hc/en-us/articles/360046868971-WEB-300-Advanced-Web-Attacks-and-Exploitation-FAQ OSWE exam guide: https://help.offsec.com/hc/en-us/articles/360046869951-WEB-300-Advanced-Web-Attacks-and-Exploitation-OSWE-Exam-Guide OSWE...
https://www.youtube.com/watch?v=IK4t-i5lDEs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#NahamCon2025 Day 1 Keynote: Hacking, Prompt Engineering, and the Future of Pentesting with AI
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=jT4RVAASPIs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stop trying to make Fetch happen, Microsoft #technews #cybersecurity @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/shorts/VVj3CfXYdG0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malware & Hackers Evade Antivirus with Windows Sandbox
https://jh.live/plextrac-530 || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform: https://jh.live/plextrac-530 😎 https://blog-en.itochuci.co.jp/entry/2025/03/12/140000 http://blog.syscall.party/2020/12/02/weaponizing-windows-sandbox.html https://jsac.jpcert.or.jp/archive/2025/pdf/JSAC2025_2_9_kamekawa_sasada_niwa_en.pdf Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get...
https://www.youtube.com/watch?v=O20WhmCspqo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTVcron: Introduction to Ghidra and Version Tracking
RTVcron is our monthly live stream where we bring workshops to you! Learn more about cron and RTV at https://redteamvillage.io Mike will demonstrate basic Ghidra functionality such as importing programs, launching tools, and using the standard windows and plugins. Next he will explain the design and use of the Version Tracking tool, and how it can help your workflow understanding functionality while analyzing upgrades to software. Finally, time permitting, he will show beginning usage of the BSim capability and how this can be a game changer for discovering lineage of software en masse. Participants are encouraged to ask questions about the application, as Mike will be demonstrating everything live without a net.
https://www.youtube.com/watch?v=6ou3Qcwuao8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vibe Coding in Cursor for Cyber Security
In the past few weeks I've dove headfirst into vibe coding with Cursor, so I wanted to share what I've been working on and some tips and tricks. In this video we'll cover all things vibe coding for hackers: What is it? How is it making waves on Twitter and within the startup and AI influencer communities? More importantly, what does it mean for us bug bounty hunters and hackers? I'll share tips on using AI for coding, how to get started with tools like Cursor, Gemini, and Docker, and even give you a peek at a vibe-coded pet adoption website I worked on. Whether you're a coding newbie or looking to simplify your process, this video has something for you. Enjoy! Links: Awesome .cursorrules: https://github.com/PatrickJS/awesome-cursorrules Spec-drive Vibe Coding (how to write design docs for...
https://www.youtube.com/watch?v=wnVpmSrhNRo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

hackers weaponize... really long filenames??
https://jh.live/antisyphon || Check out Antisyphon Training and course material, including their Pay Forward What You Can offering! https://jh.live/antisyphon https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites https://www.morphisec.com/blog/new-noodlophile-stealer-fake-ai-video-generation-platforms/ Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training...
https://www.youtube.com/watch?v=aj3uBl9hFxY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Sneaky Malware Uses Cloudflare to Steal Your Password
Thank you ThreatLocker for sponsoring this video. Check out ThreatLocker 👉🏼 https://www.threatlocker.com/nahamsec LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in...
https://www.youtube.com/watch?v=JKK24EEpSDo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Nemi Left RIOT GAMES and founded BYFRON Anticheat
New opportunity! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - The Game Hacking Bible® - © 2025 Guided Hacking LLC. All Rights Reserved. Full interview: https://www.youtube.com/watch?v=6xET66eitYY ✏️ Tags: #anticheat #roblox #byfron GuidedHacking.com nemi interview byfron nemi nemi byfron kernel anticheat byfron Hyperion anticheat interview roblox byfron nemi interview how to bypass byfron guidedhacking anticheat dev roblox byfron bypass byfron anti cheat anti-cheat dev nemi hyperion byfron anticheat byfron roblox byfron bypass riot games
https://www.youtube.com/shorts/kraTEATB7bk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FAKE Gambling Cheat Runs Malware
https://jh.live/keeper-pam || Keeper PAM offers a privileged access management solution for enterprise grade protection all in one unified platform -- keep your users, data, and environment secure with Keeper! https://jh.live/keeper-pam https://web.archive.org/web/20250513075542/https://github.com/MirrorHang34r/Limbo-Casino-Predictor-Strategies https://github.com/mitjakolsek/EvilSln https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/ https://learn.microsoft.com/en-us/visualstudio/extensibility/internals/solution-user-options-dot-suo-file?view=vs-2022 https://www.outflank.nl/blog/2023/03/28/attacking-visual-studio-for-initial-access/ Another list of active backdoored Github repositories, credit to @miltinhoc in the Opcode Market community...
https://www.youtube.com/watch?v=pw0xSFEnowk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Quantum Computing!
Just Hacking Training Livestream with Ellie Daw on Friday, May 23 at 10am Pacific/1pm Eastern. https://justhacking.com
https://www.youtube.com/watch?v=OPLOcRk67ms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A New(ish) Way to Detect Process Hollowing
In this episode, we'll briefly explore how process hollowing works. Then, we'll examine the relatively new windows.hollowprocesses plugin for Volatility 3—a more recent alternative to the popular HollowFind plugin from Volatility 2. As you'll see, this new plugin isn't a one-for-one replacement for HollowFind, but it can still be useful. ❤️ Special thanks to Mike Peterson of https://nullsec.us for research and testing. Download the memory samples here: https://cdn.13cubed.com/downloads/hollow.zip *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:54 - A Brief Introduction to Process Hollowing 02:12 - Demo 🛠 Resources The memory samples were created using a derivation of these process hollowing...
https://www.youtube.com/watch?v=x5mGPAG41I4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Secrets Behind Roblox Anti-Cheat
What components does a good anticheat have? 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - The Game Hacking Bible® - © 2025 Guided Hacking LLC. All Rights Reserved. ✏️ Tags: #anticheat #roblox #byfron GuidedHacking.com nemi interview byfron nemi nemi byfron kernel anticheat byfron Hyperion anticheat interview roblox byfron nemi interview how to bypass byfron guidedhacking anticheat dev roblox byfron bypass byfron anti cheat anti-cheat dev nemi hyperion byfron anticheat byfron roblox byfron bypass
https://www.youtube.com/shorts/YMowHnPLNhk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BACK.ENGINEERING's Bin2Bin TECHNOLOGY Will Change Everything!
Learn how CodeDefender.io and Back.Engineering are pushing the boundaries of code obfuscation, virtualization and anti-tamper. 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - © 2025 Guided Hacking LLC. All Rights Reserved. 🔗 Back.Engineering + CodeDefender 🔗 https://codedefender.io/ https://back.engineering/ https://x.com/BackEngineerLab 🔗 GH Link: https://guidedhacking.com/threads/back-engineering-interview-codedefender-io-demo-gh-podcast-4.20946/ Listen to the Guided Hacking Show on these platforms: - https://podcasters.spotify.com/pod/show/guidedhacking - https://soundcloud.com/guidedhacking - https://guidedhacking.com/forums/the-guided-hacking-podcast.569/ -...
https://www.youtube.com/watch?v=3LOGxOHfUHg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WorstFit: Unveiling Hidden Transformers in Windows ANSI!
*It was the best of fit, it was the worst of fit, it was the age of wisdom, it was the age of foolishness.* As we know, certain codepages have limitations and cannot support all Unicode Codepoints. So, why not just convert unsupported characters to the closest one? This is the essence of the "Best Fit" feature in Windows — a seemingly clever long-existing solution to character conversion issues. However, it is a double-edged sword. This system-wide behavior, often neglected by developers, has remained lurked in the deep-seated design flaws in Windows C/C++ Runtime and APIs for decades. It constitutes a critical risk to the Windows ecosystem, giving rise to numerous vulnerabilities across various applications. This presentation unveils a novel attack vector that exploits the "Best Fit"...
https://www.youtube.com/watch?v=sKH8283CFzs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WiFi Calling: Revealing Downgrade Attacks and Not-so-private private Keys
VoWiFi (aka Wi-Fi Calling) is a convenient way for the customer to get better cell coverage while also externalizing the costs for the last mile to the customer without losing call revenue. On a technical level, this is standardized by using IPsec tunnels directly into the mobile network operator's core network. We found that for years, at least 140 million cellular customers worldwide were only using one of ten IPsec keys. Furthermore, a major phone chipset manufacturer allowed downgrades to key lengths well below the 3GPP specification: 768 bits, which is widely considered inadequate for a resourceful attacker. By: Adrian Dabrowski | PhD, University of Applied Sciences FH Campus Wien Gabriel Gegenhuber | Dipl-Ing., University of Vienna, Austria Florian Holzbauer | University of Vienna Philipp...
https://www.youtube.com/watch?v=iBlPlXRxHF0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The CVSS Deception: How We've Been Misled on Vulnerability Severity
Since 2014, 170K+ CVEs have been published with a ~4.5x growth in yearly disclosures, and an average disclosure rate of ~80/day in 2023. The sheer volume makes it untenable for organizations to address all vulnerabilities. It is common to rely heavily on CVSS score/rating for prioritization without giving it a second thought. Being generic, CVSS has implicit tradeoffs that plague its use, and more importantly can lead to a false sense of security. We present six such empirically validated operational challenges to be on the look-out for: C1 - Underrated severity due to CIA (Confidentiality, Integrity, Availability) aggregation. We show ~10% CVEs are potentially underrated posing significant risk. CVE-2020-8187 a 7.5 (under)rated vulnerability disclosed amid COVID crisis had the potential...
https://www.youtube.com/watch?v=qQuaBB5tg8U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Bugs in Your Bootloaders: Embedded Device Secure Boot Fails and How to Fix Them
Many embedded devices use complex boot sequences to initiate their operating systems. These boot chains often implement security features that enforce the authenticity and integrity of each boot stage, forming a chain of trust. Often, a single vulnerability is enough to break and circumvent these chains of trust. We think that this, combined with a lack of basic hardware security features, is an industry-wide problem. In this presentation, we show how to easily break secure boot implementations by exploiting bootloader vulnerabilities using physical access or remote, root-equivalent access. One of our examples is a fully-patched network device that runs a fork of grub 0.97 (yes, the legacy one). We also show how it was possible to fully compromise the Dell iDRAC9 secure boot chain using a...
https://www.youtube.com/watch?v=eZczwNFzxus
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

golang obfuscated malware goes crazy
https://jh.live/keeper-pam || Keeper PAM offers a privileged access management solution for enterprise grade protection all in one unified platform -- keep your users, data, and environment secure with Keeper! https://jh.live/keeper-pam https://go.dev/ https://binary.ninja/ https://hex-rays.com/ida-pro https://ghidra-sre.org/ https://github.com/goretk/redress https://github.com/mandiant/GoReSym https://github.com/burrowers/garble https://cloud.google.com/blog/topics/threat-intelligence/gostringungarbler-deobfuscating-strings-in-garbled-binaries https://github.com/mandiant/gostringungarbler https://github.com/unixpickle/gobfuscate https://invokere.com/posts/2025/03/ungarble-deobfuscating-golang-with-binary-ninja/ https://github.com/Invoke-RE/ungarble_bn https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/ https://github.com/volexity/GoResolver Learn...
https://www.youtube.com/watch?v=gewnAzaZXQo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Browser Hack Scored Me a ,000 Bug Bounty
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=4MpjB68posg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

mfw the game ships with...
All Your .PDB Are Belong To Us 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - The Game Hacking Bible® - © 2025 Guided Hacking LLC. All Rights Reserved. ✏️ Tags: #reverseengineering #guidedhacking #gamehacking game hacking tutorials game hacking bible game hacking course game hacking courses guidedhacking guided hacking game hacking guidedhacking.com guidedhacking rake guided hacking rake game hacking rake game hackers game hacking tutorials game hacking bible
https://www.youtube.com/shorts/eCOBdVjptjw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Double (AI) Agent: Flipping a GenAI Agent Behavior
The Double (AI) Agent: Flipping a GenAI Agent Behavior from Serving an Application to Attacking it using Promptwares Function calling (a.k.a. Plan & Execute), is a groundbreaking application of generative AI (GenAI). By dynamically planning a solution for a given user input, it offers a powerful alternative to traditional, pre-coded approaches. GenAI engines are used to craft a tailored plan (based on the available functions within an application) which independent agents subsequently execute. Despite its rapid adoption in the industry and integration into countless applications (e.g., chatbots, assistants), the risks associated with function calling (agents-based GenAI applications) remain largely unexplored. This talk discusses PromptWare, a new emerging risk to agents-based GenAI applications....
https://www.youtube.com/watch?v=2xGcqDmkkf8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies State-sponsored threat actors have expanded their arsenal of surveillance tooling, leaning into mobile malware as a way to acquire information about a target or target group that had otherwise been inaccessible through traditional desktop campaigns. With more than 86% of the worldwide population using a smartphone, attackers have access to the perfect espionage device in the pockets of nearly every potential target. However, APTs from various regions tend to conduct operations in significantly different ways. In this session, we'll explore the landscape of state-sponsored surveillance activity using case studies from Russian, Chinese and North Korean...
https://www.youtube.com/watch?v=AkNzyvGbB50
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UNC1860 and The Temple of Oats - Iran's hidden hand in Middle Eastern Networks
This session is a master class in piecing together seemingly unrelated tools and incidents into a single cohesive story about an uprising threat group, UNC1860. For years, UNC1860, a state sponsored Iranian threat actor, operated covertly, leaving behind a trail of tools and incidents that multiple security vendors could not attribute to a single entity. Through meticulous investigation, we were able to correlate the clues about this actor and expose not only its full arsenal but also its intent and tactics. While remaining largely obscured despite its persistent targeting of governments, telecommunications and critical infrastructure entities across the Middle East since at least 2018, this group has in fact played the role of an advanced access broker employed by the Iranian government...
https://www.youtube.com/watch?v=ijHL3V08Z2I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The CVE Foundation Interview
This is a conversation with Pete Allor, CVE Board member and Co-Chair of the CVE Vulnerability Conference and Events Working Group. You can read more about the CVE Foundation here: https://www.thecvefoundation.org/ Tib3rius interview: https://www.youtube.com/watch?v=LRbHiB5Jn4k Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense Master...
https://www.youtube.com/watch?v=Ofy0LxkwkT8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When (Remote) Shells Fall Into The Same Hole: Rooting DrayTek Routers Before Attackers Can
When (Remote) Shells Fall Into The Same Hole: Rooting DrayTek Routers Before Attackers Can Do It Again Routers, VoIP gateways, firewalls, WiFi access points and VPN concentrators are ubiquitous in homes, small offices and large business networks. Some vendors manufacture ALL of these devices, which often means they share the same core software components - and thus the same vulnerabilities. In this talk we will analyze a large vendor of such network equipment - DrayTek. Their devices have been targeted by Chinese threat actors on several occasions since 2018. Within the past four years alone, other researchers have disclosed over 19 critical issues in their products. To our big surprise, we were able to achieve Remote Code Execution against the latest model of a VPN concentrator manufactured...
https://www.youtube.com/watch?v=tgfaEtQd8s4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities in the eSIM download protocol
Downloadable eSIM is replacing physical SIM cards in mobile phones. The GSM Association (GSMA) defines the consumer Remote SIM Provisioning (RSP) protocol that enables consumers to download SIM profiles to a secure element in their mobile devices. These profiles contain the credentials for authenticating the device and subscriber to the mobile network. The security of the downloaded profile is critically important for protecting mobile communication and billing, and various other applications depend on these credentials for user authentication. We modeled the protocol with formal methods and performed an in-depth analysis of its security properties. This talk presents the results of the analysis in an understandable form for security practitioners. We will explain the RSP protocol architecture...
https://www.youtube.com/watch?v=v0muR5UGFB8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Black Hat Europe Network Operations Center (NOC) Report
Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network. By: Neil Wyler | Vice President of Defensive Services, Coalfire Bart Stump | Managing Principal, Coalfire Full Abstract Available: https://www.blackhat.com/eu-24/briefings/schedule/#the-black-hat-europe-network-operations-center-noc-report-43579
https://www.youtube.com/watch?v=X-9jPKwwL8w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security analysis of Residential Gateways and ISPs: global network domination is (sneakily) possible
Residential Gateways (modems) have become a very common device around the world, usually provided by the ISP along with a broadband subscription. As consumer routers have frequently been compromised by botnets or exploited as infrastructure for nation-state attackers, RGs have seen little discussions yet on a position on par with consumer routers. We reviewed popular broadband network standards (DSL, DOCSIS, xPON), remote management standards (TR-069/CWMP), and reverse engineered 14 different RGs from 11 ISPs, across 8 different countries, including from G7. We analyzed all RG's hardware components, dissected and inspected all firmware, using a set of firmware dissectors and decryptors that we developed to deal with the proprietary formats. We discovered most RGs are lacking in modern software...
https://www.youtube.com/watch?v=7qBIba8ah6o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Redefining the Origin of Secrecy in a Post-Quantum World
The post-quantum era demands innovative approaches to key generation that can withstand the capabilities of quantum adversaries, making secure and scalable symmetric key creation more essential than ever. Key agreement and distribution methods, old and new, achieve secrecy by constructing relative distinguishability and indistinguishability through high complexity mathematical constructions or quantum phenomena. This talk explores and compares a range of these approaches against a quantum threat model —from mathematical problem-based techniques to quantum-based solutions—and introduces an alternative strategy: leveraging the properties of finite randomness. This unique, quantum-safe method reimagines the origin of secrecy by utilizing a straightforward resource as a foundation for mutual...
https://www.youtube.com/watch?v=dxJfjcQPZo8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Global Board of Directors Meeting - April 2025
Minutes here: https://owasp.org/www-board/meetings-historical/202504.html Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=ZI0EooDKvwI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reasonable Regs vs Red Tape: How Should Governments Tackle the Cyber Intrusion Market
Following recent public revelations about the thriving market in advanced spyware, many governments have wrestled with the question of how to respond to its global spread, and the software supply chain that sits around it. Cyber intrusion companies offer state-level capabilities available to anyone with the means to pay – transforming the cyber threat to us all and posing serious concerns for human rights, national security and the stability of cyberspace. There are clear and legitimate uses for many of these tools. However, the UK and other governments are concerned that, too often, capabilities can be developed, sold and used without the necessary oversight or safeguards in place. How can governments collaborate with industry partners to make the commercial cyber intrusion sector work...
https://www.youtube.com/watch?v=UmR1xzhWnrg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
Server-side HTML sanitization is inherently broken. Nevertheless, it is used everywhere to protect against cross-site scripting (XSS) vulnerabilities. In this talk, we will delve into why this is the case. To remove XSS payloads, an HTML sanitizer must first parse its input. Then, it determines which parts of the input are dangerous and removes or rewrites them. Lastly, it serializes the transformed input back to its textual form and returns it. This process means a sanitizer is only as strong as the employed HTML parser. Despite HTML looking deceptively simple, implementing an HTML parser is surprisingly complex. While officially specified, parsing HTML has tons of edge cases and quirks. Sanitizers have to implement all of them, effectively mimicking the exact behavior of a browser. Even...
https://www.youtube.com/watch?v=VdLMW3um3ZA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Over the Air: Compromise of Modern Volkswagen Group Vehicles
Modern cars offer an increasing number of connected features: in-vehicle Wi-Fi, Bluetooth, and USB to name a few. At the same time, the internal architecture of a modern car has closed nature. This situation, coupled with the fact that car security directly affects everyone's safety, makes cars extremely important targets for security research. The talk will disclose a chain of critical vulnerabilities in the Infotainment System used in many Volkswagen Group vehicles including Skoda Superb III 2022, which allowed would-be attackers to gain code execution on the MIB3 infotainment unit over Bluetooth, elevate privileges to root, bypass secure boot to gain persistent code execution, and control infotainment unit via DNS channel every time the car starts. Tracking vehicle location & speed in...
https://www.youtube.com/watch?v=gSudZtBIyX4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Tiny Chrome Behavior Leads to an Account Takeover
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=Pi37YwraPBg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Gremlin Stealer Malware
https://jh.live/flare || Track data on the dark web, hunt adversaries across the cybercrime ecosystem, and manage threat intelligence for your exposed attack surface with Flare! Start a free trial and see what info is out there: https://jh.live/flare Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense Master Binary...
https://www.youtube.com/watch?v=t7vBdvfBG-Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Team Shellphish AIxCC Interview
Check out what the team is up to for AIxCC -- that work is just way too cool: https://shellphish.net/ Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter 🏆Attend ContinuumCon, the practical online cybersecurity conference that never ends! Livestream begins June 20th, 2025: https://jh.live/continuumcon ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=TQFDqsgPKdY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Do Brackets Do in Assembly Language?
Learn How Brackets Change Assembly Instructions 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - The Game Hacking Bible® - © 2025 Guided Hacking LLC. All Rights Reserved. ✏️ Tags: #gamehacking #reverseengineering #computerscience cpu register x86 assembly language programming machine code language cpu register size x64 assembly code learn x86 assembly programming cpu registers
https://www.youtube.com/shorts/6AHYjQxy67w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staying Ahead of Ransomware: Communication During a Ransomware Engagement
When a ransomware incident occurs, communication is key. How do you work with legal and technical teams to help your (or your client) organization navigate the chaos of the ongoing incident? What about after the technical response has ended? You'll need to explain operational impacts in the early days and manage C-level intra-communications throughout. You may need to respond publicly through press releases. You may even need to engage in consumer notifications. Join us in this episode to talk through these points and more!
https://www.youtube.com/watch?v=6v3f0NostuQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I Got an AI Chatbot to Spill Its Secrets Using Just a Prompt
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=5Wu0eSjOv0o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tsuku CTF Web Challenge Walkthroughs (2025)
🚩 Video walkthrough for the 3 web challenges featured in the 2025 Tsuku CTF competition. Challenges include JSON injection, sensitive file disclosure and flawed PRNG implementation, YAML injection with WAF 😎 #CTF #Challenge #Tsuku Check out the accompanying writeups here: https://book.cryptocat.me/ctf-writeups/2025/tsuku/web Join my discord server if you have any questions: https://discord.cryptocat.me 🐛CIT@CTF🐞 https://tsukuctf.org https://discord.gg/xNgh3a6Ynp 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00 Intro 0:08 len_len 2:47 flash 8:28 YAMLwaf 12:23 Conclusion
https://www.youtube.com/watch?v=qGd4d0zmhy8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Game Hacker's LOST Source Code REVERSE ENGINEERED After 12 Years?!
Rake sent me this RANDOM 12 year old GAME HACK. Can I REVERSE ENGINEER it? 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking GuidedHacking® - The Game Hacking Bible® - © 2025 Guided Hacking LLC. All Rights Reserved. ⚒️ Game Hacking Archaeology ⚒️ In this new video series, our reverse engineers are sent a random 15 year old game hack and they are challenged to reverse it back to the original source code. Join us as we explore the history of game hacking! 🔗 Link: https://guidedhacking.com/threads/game-hacking-archaeology-reverse-engineering-12-year-old-cheats.20861/ 👨‍💻 GH Content Creator: Sightem 👉https://guidedhacking.com/members/sightem.219746/ ❤️...
https://www.youtube.com/watch?v=_uHoi041JjQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CPU Registers Compared - RAX, EAX, AX, AH, AL
🔥 Learn Assembly with Game Hacking Shenanigans: https://guidedhacking.com/forums/game-hacking-shenanigans/ 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ✏️ Tags: #gamehacking #reverseengineering #computerscience cpu register x86 assembly language programming machine code language cpu register size x64 assembly code learn x86 assembly programming cpu registers
https://www.youtube.com/shorts/9DRDq9b_d2k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CTF@CIT Web Challenge Walkthroughs (2025)
🚩 Video walkthrough for the 5 web challenges featured in the 2025 CIT@CTF competition. Challenges include SQL injection (SQLi), git repo version history (git-dumper), local file read (with basic filter), flask session cookie tampering + server-side template injection (SSTI) and credential reuse / HTTP method tampering 😎 #CTF #Challenge #CIT Check out the accompanying writeups here: https://book.cryptocat.me/ctf-writeups/2025/ctf-cit/web Join my discord server if you have any questions: https://discord.cryptocat.me 🐛CIT@CTF🐞 https://ctf.cyber-cit.club https://discord.gg/GzUAsFvhbk 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00 Intro 0:06 Breaking authentication (SQLi) 2:20 Commit & Order: Version Control Unit (git dumping / history) 4:25 How I Parsed...
https://www.youtube.com/watch?v=ZBdApaw0r0M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SANS Threat Analysis Rundown with Katie Nickels | April 2025
This month, Katie will review the latest threat reporting and help you focus on what's most important. She will explore the plethora of recently-published annual threat reports and help identify valuable insights for informing security decisions. She'll highlight patterns and trends that defenders can use to prioritize their efforts, from identifying common behaviors to refining threat models.
https://www.youtube.com/watch?v=ijVb0_HIt-c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTVcron | Systematic Malware: A Rule-Based Approach to Creating Payloads
RTVcron is our monthly live stream where we bring workshops to you! Learn more about cron and RTV at https://redteamvillage.io This month we're joined by Kevin Clark and Skyler Knecht for "Systematic Malware: A Rule-Based Approach to Creating Payloads" Creating evasive payloads in the modern EDR landscape is less about knowing what to do, and more about learning what not to do. Although EDR has moved away from relying on static binary signatures, rule-based detections are still in play. Every step of payload execution is an opportunity to be detected. In this workshop, we showcase step-by-step instructions on how to craft evasive payloads. Kevin Clark Security Consultant at TrustedSec Kevin Clark is a Software Developer turned Penetration Tester at TrustedSec. He focuses on initial access...
https://www.youtube.com/watch?v=-xStGweK9KI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Can You Really Hack Games With Just MelonLoader?
🔥 Learn How MelonLoader Makes Game Hacking Super Easy! 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking ✏️ Tags: #gamehacking #gamemodding how to hack il2cpp games hack il2cpp games hack unity games il2cpp how to use il2cpp dumper decompile il2cpp game unity hacking tutorial unity il2cpp game hacking il2cpp game hacking il2cpp hacking il2cpp dnspy il2cpp ida pro unity il2cpp game modding tutorial unity game hacking il2cpp modding melon loader how to hack unity games game hacking how to mod il2cpp games MelonLoader how to mod unity games
https://www.youtube.com/shorts/HBr0qiH4SWI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Is How Hackers Evade Detection with PowerShell Obfuscation
Thank you Threatlocker for sponsoring this video 👉🏼 https://www.threatlocker.com/nahamsec LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023...
https://www.youtube.com/watch?v=t4rpsFt6n08
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The No BS Bug Bounty & Web Hacking Roadmap
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me http://hhub.io/roadmap 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: Linuxjourney.com Overthewire.org/wargames/bandit/ YouTube.com/Newtorkchuck Portswigger.net/web-security HackingHub.io HackTheBox.eu HackerOne.com/hacktivity 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started...
https://www.youtube.com/watch?v=AMQq06WUMVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reverse Engineering Access Tokens Part 2
This tutorial covers Windows Access Tokens, the Logon Session, Token Elevation, AdjustTokenPrivileges and the Windows Access Control Model. This is part of our IDA Pro reverse engineering series. The full series can be found on our patron... https://www.patreon.com/collection/1259251 ----- References Token Viewer (Tool) https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools LogonSessions (Tool) https://learn.microsoft.com/en-us/sysinternals/downloads/logonsessions Elastic - Introduction to Windows tokens for security practitioners https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners UAC Overview (old but good) https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-1.html Access Control Model (Microsoft) https://learn.microsoft.com/en-us/windows/win32/secauthz/access-control-components LSA...
https://www.youtube.com/watch?v=Y58eBWyJxDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PowerShell for Hackers
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=s2kquCwKNs8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I designed and built eink labels for my filament with an ESP32, here's how it works #3dprinting

https://www.youtube.com/shorts/KIgaZb_IjHU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This CTF Teaches You Everything About Hacking an API
Big thank you to APISEC for sponsoring this video! Please make sure to check out all of their free resources down below ⬇️ 🔗 APISEC University's free API Courses 👉🏼 https://apisecuniversity.com/ RSVP for APISec's FREE API Security conference 👉🏼 https://apisecuniversity.com/ 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking...
https://www.youtube.com/watch?v=6Tyqvl-GSNQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Getting Started with Fuji - The Logical Choice for Mac Imaging
In this episode, we'll look at Fuji—a free, open-source tool for performing live, logical forensic acquisitions of Mac computers (Intel or Apple Silicon). You'll see how Fuji leverages built-in macOS tools to generate a DMG and sparseimage, ready for analysis in your forensic tool of choice. This video is an excerpt from the 13Cubed training course "Investigating macOS Endpoints." Visit https://training.13cubed.com to learn more! 🛠 Resources Fuji: https://github.com/Lazza/Fuji
https://www.youtube.com/watch?v=9bEiizjySHA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Global Board of Directors Meeting - March 2025
Minutes here: https://owasp.org/www-board/meetings-historical/2025/202503.html Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=X_RpCchZxnw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Assembly Language for Beginners
🔥 Learn Assembly with Game Hacking Shenanigans: https://guidedhacking.com/forums/game-hacking-shenanigans/ 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ✏️ Tags: #gamehacking #reverseengineering #computerscience x86 assembly language programming machine code language x64 assembly code learn x86 assembly programming
https://www.youtube.com/shorts/iAhRd6K0g7o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How FIN6 Exfiltrates Files Over FTP
Access the FIN6 Exfiltration Lab: https://bit.ly/3XsXFRZ In this final episode of our FIN6 Adversary Emulation mini-series, we demonstrate how to emulate FIN6's exfiltration techniques, focusing on how this financially motivated threat actor collects, stages, archives, and exfiltrates sensitive data from compromised systems. // CYBER RANGES Adversary Emulation Labs ► New to CYBER RANGES? Register for a free account here: https://bit.ly/42VxDu5 ► Access the FIN6 Exfiltration Lab: https://bit.ly/3XsXFRZ ► Adversary Emulation Fundamentals Labs (Free): https://bit.ly/4gQd8SB 🔗 Video Resources & References CTID Adversary Emulation Library: https://github.com/center-for-threat-informed-defense/adversary_emulation_library 🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6 //...
https://www.youtube.com/watch?v=SbZ7JUII-SQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi
I met Jonathan in 2018 at the CCC when he was just 18 years old. Back then he referenced my videos which had a little bit of impact on his life. Now a lot of time has passed and in this interview I want to get to know Jonathan better. How did he get into hacking, founding of the CTF team perfect blue, working as a vulnerability researcher and ultimately transitioning into a new career. From Zero to Zero Day (2018): https://www.youtube.com/watch?v=xp1YDOtWohw Jonathan on Twitter: https://x.com/j0nathanj 00:00:00 - How we met 00:02:16 - Jonathan's early life 00:04:24 - Going to college as a teenager 00:18:52 - Meeting like-minded people in CTF 00:27:29 - Getting first VR internship at Checkpoint 00:32:34 - Creating opportunities through networking 00:43:40 - Working at Microsoft Security Response...
https://www.youtube.com/watch?v=BOLN_B0qnZk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Global AppSec EU 2025 Barcelona
Don't miss your chance! Register now: http://barcelona.globalappsec.org/ Training May 26-28, 2025 Conference & Expo May 29-30, 2025 Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=_IePZxgYLAI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Hacker Scored ,000 with a Remote Code Execution Exploit!
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io Watch a hacker discover a ,000 Remote Code Execution (RCE) exploit in a public HackerOne bug bounty program. This detailed walkthrough breaks down the vulnerability, from discovery to payout. Ready to test your skills? Try the lab: https://app.hackinghub.io/hubs/RemoteBinge 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces...
https://www.youtube.com/watch?v=oUI38IEqimM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PYTHON Game Hacking Just Got REAL With Python Interpreter Injection
🔥 Learn How To Inject Python To Make REAL Internal Python Hacks 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ ❤️ Follow Our Social Media: https://linktr.ee/guidedhacking 💰 Donate on Patreon: https://patreon.com/guidedhacking Learn how to Inject python hacks internally in the memory space of other processes in this python game hacking tutorial. 🔗 Article Link: https://guidedhacking.com/threads/python-game-hacking-tutorial-1-6-first-internal.19100/ ❤️ Try Malcore For FREE : https://link.malcore.io/redirect/guidedhacking 👨‍💻 Content Creator: codenulls 👉 https://guidedhacking.com/members/codenulls.272722/ 📜 Video Description: Python game hacking has become very popular, especially to the infosec crowd whose go to language is always Python....
https://www.youtube.com/watch?v=U2Pw09KvGcI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is Your AI Deployment Risky? How to Address AI Safety, Security, and Reliability Risks
Most organizations are committed to adopting generative AI in some form to drive innovation and efficiency. Yet, many leaders responsible for AI risk still grapple with how to minimize the chances their organization's AI deployment turns into a very public AI embarrassment that could compromise trust and reputation. In this webinar, hear from HackerOne co-founder Michiel Prins and Haize Labs co-founder Leonard Tang about actionable strategies that can help you proactively manage AI risk and turn your deployment into a competitive advantage rather than a liability. Michiel and Leonard will share insights on establishing clear ownership within your organization and provide practical guidance on identifying and addressing AI safety risks relevant to your industry and use cases. You will...
https://www.youtube.com/watch?v=Z6GU6tGqs1o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

mfw a quick code refactor turns into a 24 hour nightmare
💥💣☢️ this is why you must use git and commit regularly 👨‍💻 Buy Our Courses: https://guidedhacking.com/register/ 💰 Donate on Patreon: https://patreon.com/guidedhacking ❤️ Follow us on Social Media: https://linktr.ee/guidedhacking ©GuidedHacking - GuidedHacking™ #programming #computerscience #codinglife mfw a quick code refactor turns into a 24 hour nightmare
https://www.youtube.com/shorts/1Cv-Boy5tkQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automated AI Reverse Engineering with MCP for IDA and Ghidra (Live VIBE RE)
Testing MCP plugins for IDA and Ghidra live with @mrexodia IDA MCP https://github.com/mrexodia/ida-pro-mcp Ghidra MCP (thanks @lauriewired ) https://github.com/LaurieWired/GhidraMCP Malware sample 7b5b060d9013725413f3f77719d0881035246b281e18005c0040e78a32e1c6cc ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=iFxNuk3kxhk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The State of Ransomware Payments
What's going on with ransomware payments? Have they dropped off? Have they gone up? What are we in the global IT community seeing in terms of ransomware victims paying vs. not doing so? Join us for a lively discussion, and bring your questions!
https://www.youtube.com/watch?v=Wc6-952UnLY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I Scanned 100,000+ Subdomains For CVE-2025-29927
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=7hqBePL0C_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTVcron - Influcence_Ops: Tactical Pretexting
Welcome to RTVcron, our monthly live stream, held on the last Thursday of every month. Each two-hour session features a unique workshop led by a different expert, offering hands-on experience in offensive security tactics and strategies. Follow us: https://redteamvillage.io This month our workshop is provided by Jeff Tomkiewicz! Jeff Tomkiewicz is a Offensive Security Engineer for a Healthcare Fortune 40 organization, where he specializes in network penetration testing, social engineering, and physical penetration testing. With a rich background as a 21-year Air Force veteran, Jeff has served in various capacities, including K9 handler and trainer, Intelligence, and Special Operations. Residing in Colorado Springs, CO, where interests span upon horror films, performing in improv shows,...
https://www.youtube.com/watch?v=vlow4qZSOSE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reverse Engineering Access Tokens Part 1
This tutorial walks through the process of reverse engineering malware which uses AdjustTokenPrivileges to enable SeDebugPrivilege. No steps are skipped in the process! This is Module 2.2 of our IDA Pro reverse engineering series. The full series can be found on our patron... https://www.patreon.com/collection/1259251 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=iT2U3UXhic4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 0. Introduction
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=1AAZDkSZePs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 11 - Additional Resources and Personal Message
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=zVgV__cRhvo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 10 - Finding Hidden Wireless Networks with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=0EB5U8dcAVc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 9 - Spoofing your MAC Address with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=OtvSfjX6kGY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 8 - Cracking Hashes with Python and Hashlib
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=EA4JFh8hj9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 7 - Discovering Subdomains with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=X9oyU7kUob8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 6 - Attacking Web Forms with requests and BeautifulSoup in Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=sYg3dyetcYA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 5 - The Scapy Module for Network Traffic Sniffing and Manipulation
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=M_5YKbsk4eY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 4 - The Socket Module for Network Communication - A TCP Server Client
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=bHDITf8TMmY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 3 - Grabbing Screenshots with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=_O5msdxSwII
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 2 - Building a Basic Port Scanner using NMAP in Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=nlDjpswJmbc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters II - 1 - Gathering Information - Grabbing Banners, Hostname and IP Lookup
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1 Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=S9gYhZT2TFo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Simple URL Encoding Made me ,000 in Bounties
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=sW9SK0ZcHxU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Mobile Application Security (MAS) - Sven Schleier, Carlos Holguera
[This version has the sound fixed from Zoom] In this talk, Carlos Holguera and Sven Schleier, the OWASP Mobile Application Security (MAS) Project Leaders, will take a hands-on look at some of the latest OWASP MAS developments, in particular the new MASWE (Mobile Application Security Weakness Enumeration). This talk will introduce the concepts of "weaknesses", "atomic tests" and "demos" that are the basis of the upcoming MASTG v2. Attendees will gain practical knowledge through detailed examples that show the journey from definition to implementation using both static and dynamic analysis techniques available in MASTG. In addition, discover the newly developed MAS test apps designed to streamline research and improve the development of robust MAS tests. Don't miss this opportunity to improve...
https://www.youtube.com/watch?v=Vgj5VqQaRho
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learning from Past Security Breaches: Strengthening AppSec Efforts and Focus - Jon McCoy
In today's rapidly evolving digital landscape, security breaches have become an inevitable reality for many organizations. This talk will provide valuable insights into the world of AppSec by examining both pre- and post-breach scenarios. We will delve into real-world examples of security incidents to identify what we wish we had done differently in terms of AppSec efforts prior to a breach. This discussion will offer practical steps for achieving full remediation following a security incident. By understanding the importance of proactive measures and effective response strategies, attendees can learn how to bolster their AppSec practices to minimize potential damages and improve overall resilience against future attacks. - Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=MUnuPCVqQLI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP: The Next 25 years - Andrew van der Stock
Although still a little way away, in September 2026 OWASP will turn 25 years old. What have we achieved since our inception, and what could (and should) we do in the next 25 years? Andrew will give his perspective on OWASP's collective successes, what has worked, our challenges, and what still remains to be done. - Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=08pDBStr1yU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Under the Hood: Unmasking Hidden Threats - Dr. Nitish M. Uplavikar
Much like cars, AI technologies must undergo rigorous testing to ensure their safety and reliability. However, just as a 16-wheel truck's brakes are different from that of a standard hatchback, AI models too may need distinct analyses based on their risk, size, application domain, and other factors. Prior research has attempted to do this, by identifying areas of concern for AI/ML applications and tools needed to simulate the effect of adversarial actors. However, currently, a variety of frameworks exist which poses challenges due to inconsistent terminology, focus, complexity, and interoperability issues, hindering effective threat discovery. In this talk, we discuss initial findings from our meta-analysis of 14 AI threat modeling frameworks, providing a streamlined set of questions for...
https://www.youtube.com/watch?v=gdM9hdtj2oc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Practical Software Supply Chain Security Solutions - Robert Marion
The frequency of Software Supply Chain attacks has been increasing over the last several years. This is, in part, due to the fact that the term “Software Supply Chain Attack” actually refers to a set of attacks that include: Repo Jacking, Repo Poisoning, Typo Squatting, and Dependency Confusion. Threat actors, such as Nation states, select high value targets that can be extremely disruptive. They weaponize the software supply chain against their enemies (real or perceived) to wreak physical infrastructure damage or engage in commercial and governmental espionage. Attackers who are motivated by money have been able to demand huge ransoms, which would have been impractical in the past but have been made easy by cryptocurrencies. Frequently, they seek soft targets. Hospitals, municipalities...
https://www.youtube.com/watch?v=GHJWTLJmf6I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatic application hardening by leveraging container runtime behavior analysis - Amit Schendel
Automatic application hardening by leveraging container runtime behavior analysis during CI processes In this presentation, we will explore an innovative approach to improve the security of containerized applications using behavior analysis during continuous integration testing and generating native policies based on behavior. By leveraging behavioral analysis, we can replace tedious manual policy definitions which take long to define and can break easily. We will also discuss the importance of native policies, which allow us to enforce security policies directly within container orchestration tools like Kubernetes without relying on third-party tools. We will focus on policies like seccomp profiles, network policies, AppArmor, and security context. We will cover hands-on practices for...
https://www.youtube.com/watch?v=aSDLQ7j_cq4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Container Escape Room: An Exploration of Container Escapes - Amit Schendel
In this presentation, we will explore an innovative approach to improve the security of containerized applications using behavior analysis during continuous integration testing and generating native policies based on behavior. By leveraging behavioral analysis, we can replace tedious manual policy definitions which take long to define and can break easily. We will also discuss the importance of native policies, which allow us to enforce security policies directly within container orchestration tools like Kubernetes without relying on third-party tools. We will focus on policies like seccomp profiles, network policies, AppArmor, and security context. We will cover hands-on practices for implementing this approach, including how to do behavioral analysis using eBPF-based tools, how to integrate...
https://www.youtube.com/watch?v=2jBCYFFRH78
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Missing Link - How we collect and leverage SBOMs - Cassie Crossley
There is some debate as to how SBOMs can enhance vulnerability management practices, and some believe that collecting SBOMs from internal teams or suppliers is too difficult and time-consuming. Learn how one company has collected thousands of our product SBOMs and how we are leveraging the SBOMs as part of our corporate product CERT to quickly analyze and focus our attention when time is of importance. This presentation describes how we modified our policies and processes to collect, generate, and store thousands of SBOMs. You will hear how we have leveraged SBOMs during the Log4j and OpenSSL vulnerability events. Then we will conclude with key learnings, suggestions, and opportunities for improvement. - Managed by the OWASP® Foundation https://owasp.org/
https://www.youtube.com/watch?v=LpvagarUt5g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Self-Discovering API Key Permissions and Resources - Joseph Leon, Dylan Ayrey
You're a security analyst triaging a list of exposed credentials - how do you prioritize which key to rotate first? How do you even know what resources the key can access? Most SaaS providers make it difficult to enumerate the access granted to a particular credential without logging into their UI. In this talk, we're releasing a new method (self-discovery) for enumerating the permissions and resources associated with API keys and other secrets, without requiring access to the provider's UI. We'll walk through the meticulous steps required to accurately assess different SaaS providers' permission and scopes, as well as share the logic behind how to validate key permissions, including string analysis, HTTP request brute forcing and more. Finally, we'll demo a new open-source tool that automates...
https://www.youtube.com/watch?v=ZXkm36XIrjI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ai is new. We're all back to being learners. #cybersecurity #AISecurity #AISummit @SANSInstitute

https://www.youtube.com/shorts/JtnatdNly44
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Turn Your Cybersecurity to Cyberstrength with HackerOne
This new era of cybersecurity combines AI and Human Intelligence for faster, smarter, and more adaptive protection. Ready to move beyond traditional security and into cyberstrength? Visit https://bit.ly/4kMXE5a to learn more.
https://www.youtube.com/watch?v=f7M8WO6Nz8o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

18 - API Security (low/med/high) - Damn Vulnerable Web Application (DVWA)
18 - API Testing (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂 ↢Damn Vulnerable Web Application (DVWA)↣ https://github.com/digininja/DVWA 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ Start - 0:00 Low - 0:38 Med - 3:59 High - 7:07 Impossible - 13:19 End - 13:35
https://www.youtube.com/watch?v=c_6RaCekH40
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Quantifying the Financial Impact of Cybersecurity with Return on Mitigation (RoM)
Join HackerOne for an insightful session introducing return on mitigation (RoM)—a novel framework that redefines cybersecurity's role in protecting profits and reducing risk. With RoM, you'll learn to quantify the financial impact of mitigated breaches and position cybersecurity as a strategic business enabler. In this session, you'll discover how to: -Use the RoM calculator, built on widely accepted industry benchmarks like IBM's Cost of a Data Breach Report -Automate RoM calculations and generate real-time summaries tailored to your organization's business and risk profile—by using Hai Play, part of the -HackerOne Platform's AI copilot -Make data-driven business cases to your board and executive team, showing why offensive security programs as essential to operational continuity,...
https://www.youtube.com/watch?v=CbiiKnQXGyY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This is How a Simple IDOR Earned Me a Max Bug Bounty Payout
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io 💵 FREE 0 DigitalOcean Credit: https://m.do.co/c/3236319b9d0b 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2 Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3 🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU 2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU Bug Bounty Hunting...
https://www.youtube.com/watch?v=Cw-hlmW89kA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The German Hacking Championship
An amazing event for aspiring German hackers is happening right now. I went to the finals in 2024, share a few impressions and tell you about this year's event. Learn hacking: https://www.hextree.io/ (ad) CSCG 2025 runs from 1. March 2025 until 1. May 2025 Rules: https://play.cscg.live/rules Die Hacking Meisterschaft: https://hacking-meisterschaft.de/ NFITS: https://nfits.de/spenden/ European Cybersecurity Challenge: https://ecsc.eu/ 00:00 - Intro DHM 2024 00:52 - CTF Teams vs. CSCG Teams 01:48 - Sponsor Challenges 03:04 - My CSCG History 04:18 - NFITS 05:06 - Die Deutsche Hacking Meisterschaft (DHM) 07:00 - Take the Opportunity! 07:47 - Outro =[ ❤️ Support ]= → My courses: https://www.hextree.io/ → My font: https://shop.liveoverflow.com/ → per Video: https://www.patreon.com/join/liveoverflow →...
https://www.youtube.com/watch?v=f0C3RH7baEw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Ethical Hackers ACTUALLY Use ChatGPT With Real Examples
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training 💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io Tired of wasting hours on automation scripts or getting nothing but garbage outputs from AI? In this video, I'm breaking down exactly how ethical hackers can use AI the right way—to bypass frustrating prompt rejections, generate useful payloads, and streamline security workflows. I'll be sharing my best AI prompts for penetration testing, API recon, and bypassing security filters—plus, I'll show you how to structure your prompts to avoid AI roadblocks while getting accurate, actionable results. ✅ What You'll Learn: 🔹 The...
https://www.youtube.com/watch?v=0lq-CokNjSI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

17 - Cryptography (low/med/high) - Damn Vulnerable Web Application (DVWA)
17 - Cryptography (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂 ↢Damn Vulnerable Web Application (DVWA)↣ https://github.com/digininja/DVWA ↢Cryptography↣ https://cryptohack.org @pastiesbin2254 : https://www.youtube.com/watch?v=8Tr2aj6JETg https://www.nccgroup.com/uk/research-blog/cryptopals-exploiting-cbc-padding-oracles @nccgroup : https://www.youtube.com/watch?v=6yHM19rQjDo 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ Start - 0:00 Low - 0:14 Med...
https://www.youtube.com/watch?v=7WySPRERN0Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The latest insights on global VDP adoption & IoT security trends
The 2024 report on global Vulnerability Disclosure Policy (VDP) adoption reveals significant strides in IoT security—yet critical gaps remain. Join our exclusive webinar as industry experts break down the key findings, including: - 11.6% growth in VDP adoption—who's leading and who's lagging - The impact of the UK's PSTI Act on IoT security standards - Upcoming regulations in the EU and U.S. and what they mean for businesses - Enterprise vs. consumer IoT security—where vulnerabilities persist Don't miss this opportunity to gain actionable insights and stay ahead of evolving security regulations. For more information visit: https://www.hackerone.com/
https://www.youtube.com/watch?v=CowQQK195Ao
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV Overflow: "Breaching Bare Metal Kubernetes Clusters" with Graham Helton
Graham Helton - Arbiter of (in scope) chaos - "Attackers thrive in complex environments because they're motivated to dive deep into ambiguous technical details. In this workshop I will guide you through those ambiguous technical details by walking through multiple attack scenarios that can be used to fully compromise a bare metal Kubernetes cluster. After each attack, we'll discuss controls that could stop or mitigate each attack, what tools you should carry in your toolbox when performing a Kubernetes assessment, and the security implications (and misconceptions) of Kubernetes. By the end of this workshop, you will be paranoid by the power you possess next time you land a shell in a Kubernetes pod." Web: https://grahamhelton.com/ Twitter/X: @GrahamHelton3 linkedin.com/in/grahamhelton/ ...
https://www.youtube.com/watch?v=iR064xsllqk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV Overflow "An Operators Guide: Hunting SCCM in the Real World" w/ Zachary Stein & Garrett Foster
Zachary Stein (Security Consultant at SpecterOps) and Garrett Foster (Senior Security Consultant at SpecterOps) - "SCCM abuse has become a popular technique in the offensive security community but can be intimidating to test in production environments due to its complexity. This workshop aims to provide operators not only a safe environment to practice tradecraft but also provide them with the confidence to properly find and assess SCCM during their engagements." Twitter/X: @unsigned_sh0rt Twitter/X: @synzack21 https://www.linkedin.com/in/garrett-foster86/ https://www.linkedin.com/in/zacharydstein/ ________________________________________________________________ The Red Team Village Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter:...
https://www.youtube.com/watch?v=TmfWYDqEEUo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV Overflow: "Physical Red Teaming for Offensive Cyber Teams" with Ana Aslanishvili & Shawn Abelson
Ana Aslanishvili (Red Teaming Aficionado) and Shawn Abelson (Ex-Head of Physical Red Team @ Meta, Current Consultant/Trainer for PhySec Red Teaming) - "Offensive security is an unfamiliar concept to most physical security practitioners. Yet we still rely on physical security teams to protect our hardware, network, ports, and assets. Physical security professionals are often non-technical, former law enforcement/military, and are focused on protecting people instead of property. This talk will bridge the gap between physical and cyber red teaming, covering the best approaches, common pitfalls, dangers, and benefits of testing physical security programs as part of a red team assessment. From the difficulty of “patching” physical vulnerabilities to examples of red teams gone wrong and how...
https://www.youtube.com/watch?v=FZS32kb5IXk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Do you know this common Go vulnerability?
When auditing code it's crucial to know about common issues. In this video we explore a Go issue that I was not aware of. Learn hacking on https://www.hextree.io/ (ad) 38c3 CTF - Fajny Jagazyn Wartości Kluczy: https://2024.ctf.link/internal/challenge/fb03748d-7e94-4ca2-8998-a5e0ffcbd761/ Unintended solution: https://msanft.foo/blog/hxp-38c3-web-fajny-jagazyn/ Challenge author writeup: https://hxp.io/blog/114/hxp-38C3-CTF-Fajny-Jagazyn-Wartoci-Kluczy/ VSCode Go debugger client code: https://github.com/golang/vscode-go/blob/39786ea90f18ab98f75d091b9a04367d1b1df82c/extension/src/debugAdapter/goDebug.ts#L1557 00:00 - Intro 00:20 - Go gjson vs json behavior 01:33 - Overview CTF challenge "Fajny Jagazyn Wartości Kluczy" 04:33 - Weird server setup? 05:55 - Arbitrary file read 07:00 - /proc...
https://www.youtube.com/watch?v=wVknDjTgQoo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RADAR Contact! An Obscure Evidence of Execution Artifact
In this episode, we'll take a look at a rather obscure evidence of execution artifact associated with RADAR, the Resource Exhaustion Detection and Resolution system. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:16 - What You Need to Know 🛠 Resources The Mystery of the HeapLeakDetection Registry Key: https://harelsegev.github.io/posts/the-mystery-of-the-heapleakdetection-registry-key/ HeapLeakDetection Registry Forensics: https://github.com/MHaggis/HeapLeakDetection #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=edJa_SLVqOo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Emulating FIN6 - Active Directory Enumeration Made EASY
In this episode of the FIN6 Adversary Emulation series, we focus on Active Directory (AD) enumeration—a critical phase in FIN6's discovery techniques. Understanding how adversaries enumerate Active Directory environments will help you refine your tradecraft or improve your detection and mitigation capabilities if you are a Blue Teamer. In this video, you will learn how FIN6 performs Active Directory enumeration, and how to use native Windows commands like "net" and PowerShell's "Get-AD*" cmdlets for AD Enumeration. You will also learn how to utilize "AdFind.exe" to extract information from an Active Directory Environment. The lab environment used in this demonstration is available for free on CYBER RANGES, allowing you to follow along and practice these techniques in a safe and controlled...
https://www.youtube.com/watch?v=Iwxmscx3XXc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Scammer Tried to Hack Me!
🚨🚔 I was recently offered a video sponsorship opportunity which turned out to be a DocuSign scam! They said they liked my videos but really just wanted to infect me with some malware 😿 Anyway, I thought I'd make a quick educational video to raise awareness. I'll explain what raised my suspicions and how I confirmed that the scammer was trying to hack me! #MalwareAnalysis #CyberSecurity #CyberSecurityAwareness #InfoSec #ScamBaiting #CryptoCat 🦠Malware Analysis🦠 VirusTotal: https://www.virustotal.com/gui/file/8f6f207277a8881e9c2042de4dc3a7c824eaa0334f522d96d412a2dfe5f93820/detection APP.ANY.RUN Analysis: https://app.any.run/tasks/78722395-a017-4ac5-a18c-47464aae63a7 APP.ANY.RUN Safebrowsing: https://app.any.run/browses/6a13f769-5ec1-43e4-bc23-71f076e04e36 DocuSign Scams: https://abnormalsecurity.com/blog/cybercriminals-exploit-docusign 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=v8ZwlKAjMJA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The SECRET to Embedding Metasploit Payloads in VBA Macros
In this episode of the Offensive VBA series, we explore how to integrate PowerShell payloads and stagers into custom VBA macros for initial access. Specifically, we'll demonstrate how to repurpose and format PowerShell stagers generated by Msfvenom and PowerShell-Empire to execute a reverse shell. This video will teach you how to format and embed HTA-based PowerShell payloads inside a VBA macro. // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU 🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6 // MORE RESOURCES HACKERSPLOIT BLOG ►► https://bit.ly/3qjvSjK HACKERSPLOIT FORUM ►► https://bit.ly/39r2kcY HACKERSPLOIT ACADEMY ►►...
https://www.youtube.com/watch?v=Q1wQuHw5JKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV Overflow
RTV Overflow is a full-day virtual event packed with some of your favorite workshops from DEFCON 32! Starting at 10:00 AM ET, the event features hands-on workshops including sessions on breaching Kubernetes clusters, physical red teaming strategies, and advanced cloud exploitation techniques. Get a behind-the-scenes look at RTV's mission, learn how our CTF comes to life, and discover opportunities to contribute to the village at the upcoming DEF CON 33. With sessions led by top professionals this event is your gateway to mastering real-world red team techniques and connecting with the global offensive security community. Visit redteamvillage.io to learn more about our mission and sign up!
https://www.youtube.com/watch?v=JMTMEEqaBKg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Offensive VBA 0x4 - Reverse Shell Macro with Powercat
In this episode of the Offensive VBA series, we dive into one of the most powerful techniques for red teamers—creating a reverse shell VBA macro using Powercat. This technique enables stealthy command execution and remote access through malicious macro-enabled Office documents. In this video, you will learn how to build a reverse shell VBA Macro that leverages Powercat allowing you to stealthily execute remote commands in-memory using PowerShell. Powercat: https://github.com/besimorhino/powercat // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU 🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6 // MORE RESOURCES HACKERSPLOIT BLOG ►►...
https://www.youtube.com/watch?v=0W3Z3Br56XM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Offensive VBA 0x3 - Developing PowerShell Droppers
In this episode of the Offensive VBA series, we take VBA macros to the next level by developing PowerShell droppers designed for red team operations. Learn how to craft stealthy and effective VBA scripts that deliver and execute PowerShell payloads seamlessly. Here's what we'll cover: Writing VBA macros to execute PowerShell scripts, executing payloads directly in memory for stealth, leveraging environment variables to identify system paths dynamically, and techniques to remove traces of macro execution for stealthier operations // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU 🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6 // MORE...
https://www.youtube.com/watch?v=ot3053UxJOc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Offensive VBA 0x2 - Program & Command Execution
Welcome to the second episode of the Offensive VBA series, where we explore how to execute programs and system commands using VBA macros—essential skills for red teamers looking to leverage VBA for initial access and automation. In this video, you will learn how to use the Shell function to run external programs and commands and leverage the WScript.Shell object for enhanced control over command execution. You will also learn how to use the Shell Window Style options to ensure stealth during execution. // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU 🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6 // MORE RESOURCES HACKERSPLOIT BLOG...
https://www.youtube.com/watch?v=ogbrNZ3SCRY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Traditional Pentesting Is Letting You Down (and How to Fix It)
Pentesting is overdue for a refresh. Traditional pentesting methods—slow, checklist-driven, and lacking visibility—can no longer keep up with today's dynamic security landscape. The result is critical security gaps that leave organizations exposed to rapidly evolving threats. In this webinar, you'll learn why traditional pentesting methods are failing and how Pentest as a Service (PTaaS) is reshaping the future of security testing. By combining a skills-vetted global pentester community with the efficiency of the HackerOne PTaaS platform, organizations can achieve real-time results, unmatched flexibility, and deeper integration with modern DevOps workflows. Join us for insights into: Common pitfalls of traditional pentesting, such as inexperienced testers and slow reporting cycles How...
https://www.youtube.com/watch?v=db9ecB0izCA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Offensive VBA 0x1 - Your First Macro
Welcome to the first episode of the Offensive VBA series, where we equip red teamers with the skills to leverage VBA for initial access and offensive operations. This video introduces you to Visual Basic for Applications (VBA)—a powerful scripting language integrated into Microsoft Office. Here's what we'll cover: What is VBA?: An overview of how VBA works and integrates with MS Office, A walkthrough of the Integrated Development Environment (IDE) and its features, and How to create and run a basic macro. Core Concepts: - Subroutines, Functions, and their calls. - Variable declaration, data types, and scope. - User input/output with MsgBox and control statements. // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation...
https://www.youtube.com/watch?v=jGy7_NusjuQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Emulating FIN6 - Gaining Initial Access (Office Word Macro)
Welcome to the next installment in our adversary emulation series! This video focuses on emulating initial access via a spear-phishing attachment—specifically, a malicious Word document with an embedded macro, just like FIN6 might use. 🚨 Next Up: If you want to manually develop your own VBA macros for initial access, don't worry—we've got you covered in the next video, where we'll dive deeper into crafting custom macros for red team operations. 🎥 Practical Labs: This video uses the CYBER RANGES platform to simulate a realistic attack environment. Try it out and follow along! // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU The lab used in this video: https://app.cyberranges.com/scenario/624cd3877733a30007185a15 🔗...
https://www.youtube.com/watch?v=hUBRnh5dzrI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Broken Security Promises: How Human-AI Collaboration Rebuilds Developer Trust
Traditional security approaches have long frustrated developers, creating friction and eroding trust. The endless vulnerability backlogs must become a thing of the past. Discover a fresh approach that transforms security from a bottleneck to a strategic advantage, where AI-powered insights work in harmony with human-in-the-loop expertise to rewrite the rules of code security and ship more secure code faster. Learn how combining artificial intelligence with human expertise will enable developers to: - Receive actionable, context-aware security feedback that doesn't interrupt development - Reduce false positives through intelligent human-in-the-loop analysis - Benefit from contextual, just-in-time security training We'll showcase real-world examples of how this human-AI collaborative approach...
https://www.youtube.com/watch?v=OZcaX38B2F8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USB Ethernet Adapter Malware??? Chinese RJ45-USB Full Analysis - Part 1
Reverse engineering all stages with line by line code analysis. e3f57d5ebc882a0a0ca96f9ba244fe97fb1a02a3297335451b9c5091332fe359 OP https://epcyber.com/blog/f/chinese-rj45-usb-with-flash-memory-exe-recognized-as-malware -- OALABS PATREON https://www.patreon.com/oalabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs
https://www.youtube.com/watch?v=3IfJSGWIrCo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FIN6 Adversary Emulation Plan (TTPs & Tooling)
Step into the world of adversary emulation with this in-depth video on the FIN6 Emulation Plan. Learn how to use the Center for Threat-Informed Defense (CTID) Adversary Emulation Library to craft a comprehensive emulation plan that replicates FIN6's sophisticated TTPs. This video will provide you with: An intelligence summary of FIN6, and the FIN6 emulation plan detailing TTPs from initial access to discovery, privilege escalation, and exfiltration. The Adversary Emulation Fundamentals labs used in this video and series are available for free on CYBER RANGES to practice and refine your emulation skills. // Adversary Emulation Labs New to CYBER RANGES? Register here: https://bit.ly/40dRMsb CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU Lab used in this video: https://app.cyberranges.com/scenario/624cb3bd7733a30007185990 🔗...
https://www.youtube.com/watch?v=qEfk44G4zFM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Developing An Adversary Emulation Plan
Creating an adversary emulation plan is a critical process for red teamers and cybersecurity professionals aiming to improve their organization's threat detection and response capabilities. In this video, we break down the entire process starting with how to select a threat actor relevant to your industry or geolocation, finding and leveraging Cyber Threat Intelligence (CTI) to gather insights on the adversary, and mapping the adversary's TTPs using the MITRE ATT&CK framework. 🔗 Video Resources & References Explore the comprehensive APT Groups and Operations Directory to find details on APT groups by region, their TTPs, and campaigns: https://apt.threattracking.com APTnotes: https://github.com/kbandla/APTnotes APT & CyberCriminal Campaign Collection: https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections //...
https://www.youtube.com/watch?v=1N49x1EWw7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How 3 Hackers Combined Their Skills for Big Bounties! (And how you can do it too)
Join us in this special episode as we sit down with the winners of Bugcrowd's Hacker Showdown Carnival of Chaos virtual event: sw33tLie, bsysop, and godiego! Discover their hacking methodologies, collaboration techniques, and their journey to victory. Learn how they met, their advice for forming your own team, and the coolest exploits they uncovered during the event. If you're interested in bug bounties, team hacking, or just want to meet more hacker friends, this episode is a must-watch! 00:00 Introduction and Special Guests 01:04 Meet the Hackers 02:55 Carnival of Chaos Experience 04:32 Collaboration and Team Dynamics 06:15 Roles and Strategies in Hacking 13:00 Finding the Right Collaborators 15:25 Live Hacking Events vs. Virtual Events 22:30 Coolest Findings and Bug Stories 29:52 Advice...
https://www.youtube.com/watch?v=gUuDyIE44bc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Edinburgh w/ Amazon and AWS
In September, some of the best security researchers in the world joined the Amazon and AWS teams in Edinburgh, Scotland, for a live-hacking event fit for a Scottish king. 👑 This collaboration with the security researcher community is vital to Amazon and AWS' commitment to comprehensive security for their users and customers. See the highlights and which security researchers were able to climb to the top of the leaderboard. For more information about HackerOne, visit https://www.hackerone.com/
https://www.youtube.com/watch?v=xIIPn4CV9eM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction To Advanced Persistent Threats (APTs)
This informative video is designed to give you a comprehensive understanding of Advanced Persistent Threats (APTs). In this video, you will learn what APTs are, how they differ from traditional threat actors, and why they pose a significant challenge to organizations worldwide. This video also explores the categorization and naming of APT Groups based on nation-state affiliation, motivations, and the tactics they employ to achieve their objectives. This video also sheds light on the complexities of APT naming conventions used by major cybersecurity vendors, such as CrowdStrike and Mandiant, and the challenges in tracking these elusive groups. 🔗 Don't miss this resource: Access the "APT Groups and Operations" repository here: https://apt.threattracking.com — a comprehensive spreadsheet...
https://www.youtube.com/watch?v=CwSG5sa0Nao
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Customer Testimonial: Amazon and AWS
For Amazon and AWS, their bug bounty programs give their security teams unique insight into their entire digital landscape. Through their programs, the Amazon and AWS teams work with researchers from around the world to continuously test their platform and products. See how their teams regularly engage the researcher community to protect customer data, drive collaboration, and foster knowledge sharing. For more information on HackerOne products visit: https://www.hackerone.com/
https://www.youtube.com/watch?v=pNJNdrZN0YA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Be Kind, Rewind... The USN Journal
In this episode, we'll explore groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” This innovative technique reveals how to uncover the original locations of files recorded in the USN Journal, even after their corresponding NTFS FILE records have been reused by different files. 🛑 If you need a refresher on the prerequisites for this episode, watch these: Introduction to MFTECmd - NTFS MFT and Journal Forensics: https://www.youtube.com/watch?v=_qElVZJqlGY Anatomy of an NTFS FILE Record - Windows File System Forensics: https://www.youtube.com/watch?v=l4IphrAjzeY NTFS FILE Record Reuse: https://www.youtube.com/watch?v=6LpJVx7PrUI *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 05:03...
https://www.youtube.com/watch?v=GDc8TbWiQio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

403 Bypass and Deserialization in BentoML Library (CVE-2024-2912) - "Summar-AI-ze" [Web Challenge]
🚩 Video walkthrough for the "Summar-AI-ze" (web) challenge I created and hosted on my NEW website (https://cryptocat.me)!! Players were required to bypass a 403 error by using the X-Forwarded-For HTTP header, allowing them to activate an internal feature and grant their account beta access. The "beta" feature was a word summarization tool, running BentoML (LLM) on the backend. Players could identify the library by changing the content-type, triggering an error. Some research would yield CVE-2024-2912; a python pickle deserialization vulnerability, discovered by PinkDraconian 💜 Players could use the supplied PoC to gain code execution and exfiltrate the flag using curl 😎 #CTF #Challenge #CryptoCat Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/cryptocat/summaraize Join...
https://www.youtube.com/watch?v=5NCzDZcx_Dg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advent of Cyber Day 24: MQTT & Wireshark
Check out TryHackMe's Advent of Cyber Event: https://tryhackme.com/r/christmas?utm_source=youtube&utm_medium=social&utm_campaign= Join Katie, aka InsiderPhD, on the 24th day of TryHackMe's Advent of Cyber! Today, we're diving into the mysterious world of communication protocols, focusing on the MQTT protocol. Discover how the city of Wereville faces off against Mayor Malware's sabotage of smart lights and HVAC systems. Using Wireshark, Katie demonstrates how to analyze MQTT traffic, understand the publish-subscribe model, and reverse engineer networking protocols. With a blend of British humour and hands-on learning, Katie leads you through the process of identifying malicious commands and securing IoT devices. By the end, you'll learn how to troubleshoot smart devices, monitor network...
https://www.youtube.com/watch?v=ct6393M_Iow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 14. What is Next
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=yTP6vgoJSfU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 13. Exception Handling
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=aQ6LQ4s5Y9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Python for Pentesters I - 12. Working with Files and Installing Modules
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk Connect with me: X: https://twitter.com/cristivlad25 IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=_YbYUHJDGd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Report to Results: Building Resilience with Insights from the Hacker-Powered Security Report
The 8th Annual Hacker-Powered Security Report just launched. How can you interpret it to make the case for your own human-powered security program, attract more security researchers to your programs, or incentivize more impactful vulnerability reports? This webinar, featuring HackerOne customers and a leading member of our security researcher community, will answer that question. Learn More: https://www.hackerone.com/events/report-results-hacker-powered-security-report
https://www.youtube.com/watch?v=tAGF4pFSs6M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction To Adversary Emulation
This video introduces you to Adversary Emulation and its role in Red Team operations. Furthermore, this video also explains the differences between Adversary Emulation and Simulation. Adversary emulation in the context of Red Teaming is the process of mimicking/emulating the tactics, techniques, and procedures (TTPs) of a threat actor/adversary to test the effectiveness and efficacy of an organization's defenses. //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege...
https://www.youtube.com/watch?v=CUMhiSdOSkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advent of Cyber Day 13: Exploring WebSocket Vulnerabilities with InsiderPhD
Check out TryHackMe's Advent of Cyber Event: https://tryhackme.com/r/christmas?utm_source=youtube&utm_medium=social&utm_campaign= Join me, in today's TryHackMe Advent of Cyber Day 13 walkthrough, where she diving into WebSockets and WebSocket message manipulation vulnerabilities. Learn about WebSocket message manipulation, common security risks such as weak authentication, message tampering. Follow along as I demonstrates how to identify and exploit WebSocket vulnerabilities in a web application. Perfect for anyone interested in web security, bug bounty hunting, and real-time communication protocols. 00:00 Introduction and Welcome 00:26 Story Setup: The Threat in Wareville 01:22 Understanding WebSockets 02:54 WebSocket Vulnerabilities 04:08 WebSocket Message Manipulation 07:33 Practical...
https://www.youtube.com/watch?v=ozgRXn44FF0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering Persistence: Using an Apache2 Rootkit for Stealth and Defense Evasion
In this video, I demonstrate the process of establishing persistence and evading defenses on Linux through the use of an Apache2 rootkit. The lab used in this video can be accessed for free on the CYBER RANGES platform. The links to the platform and lab are listed below: // CYBER RANGES CYBER RANGES: https://app.cyberranges.com SQL Injection Lab: https://app.cyberranges.com/scenario/67474e64a3907f65136f1a6d //LINKS Apache2 Rootkit: https://github.com/ChristianPapathanasiou/apache-rootkit //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON...
https://www.youtube.com/watch?v=Ra2altDvPYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XSS via CSPT and DOM Clobbering - "SafeNotes 2.0" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Safe Notes 2.0" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The developer of Safe Notes learnt from their mistakes and introduced a variety of security fixes, but unfortunately introduced new vulnerabilities! Players were required to chain DOM Clobbering, client-side path traversal (CSPT) and an Open Redirect in order to achieve XSS and steal the admin's cookie. 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/safenotes_2 Check out Safe Notes v1 challenge and walkthrough here: https://challenge-0824.intigriti.io + https://youtu.be/yGRRGUtT9MU 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=G-KoF8WAoUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NTFS FILE Record Reuse
In this continuation of "Anatomy of an NTFS FILE Record," we'll learn how NTFS manages record reuse and distinguishes between in-use and deleted files and directories. If you haven't watched the previous episode, watch it here: https://www.youtube.com/watch?v=l4IphrAjzeY *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:31 - NTFS Master File Table (MFT) artiFACTS 01:49 - Analysis #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=6LpJVx7PrUI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Basic Stack Buffer Overflow (with parameters) - "Retro2Win" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Retro2Win" (pwn) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! A classic "ret2win" challenge, the binary included a buffer overflow vulnerability, allowing players to take over the flow of execution and call a "win" function. In this case, the function expected two parameters, requiring values to be popped into the RDI/RSI registers first 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/pwn/retro2win 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00 Intro 0:13 Basic file...
https://www.youtube.com/watch?v=Y37KMst1XFU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

X-Forwarded-For Header Spoofing and XXE - "BioCorp" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "BioCorp" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! Players arrived an a website for an energy corporation, with a hint that they were working on decoupling their backend infrastructure from the public facing website. By analysing the source code, players would find a hidden panel, restricted by IP address. By setting the X-Forwarded-For header, they could spoof the IP and gain access to a nuclear panel. Since the panel read XML data, players would test for XXE and ultimately recover the flag 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/biocorp 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=hyi_JZvXOTU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Things You Need to Learn From the New Hacker-Powered Security Report
As the cybersecurity landscape continues to change, understanding the perspectives of security researchers is essential for effective risk management. In this 30-minute live webinar session, we'll dive into the top five takeaways from the 8th Annual Hacker-Powered Security Report. With practical examples and actionable recommendations, you'll learn how to: - Ensure that AI deployments are secure and trustworthy - Enhance your approach to vulnerability management - Implement demonstrably valuable security measures Join this fast-paced exploration of the vital role of human expertise in the AI era. To download the full report, visit: hackerone.com/report
https://www.youtube.com/watch?v=1DdY6lV3Llc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Impact of Collaboration

https://www.youtube.com/watch?v=n2Z-kaRr2ws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

One Time Pad (OTP) with a Twist - "Schrödinger's Pad" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Schrödinger's Pad" (crypto) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The challenge included a common vulnerability; reusing a one-time-pad (OTP). There was a slight twist; for each encryption, the box would be observed. If the cat is alive, some cryptographic operations would take place. If the cat is dead, some different operations occur - players need to reverse it! 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/crypto/schrodingers_pad 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=9NrmlOBcF1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JWT Algorithm Confusion and SSTI (Pug) - "Cat Club" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Cat Club" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The challenge featured a server-side template injection (SSTI) vulnerability in the user welcome message. However, there is a problem; the username is sanitized on registration and then rendered from the JWT, which is signed using an RS256 private key. Players must exploit an algorithm confusion vulnerability to tamper with the JWT, changing their username to an SSTI (pug) payload. There's no command output, so to return the flag they will also need to develop a blind payload (e.g. return flag to web server logs) 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/cat_club 🐛INTIGRITI...
https://www.youtube.com/watch?v=Vh9SqT9KyL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Breaking Secure Web Gateways for Fun and Profit -Vivek Ramachandran, Jeswin Mathai
Secure Web Gateways (SWGs) are cloud-based SSL-intercepting proxies and an important component of enterprise Secure Access Service Edge (SASE) or Security Service Edge (SSE) solutions. SWGs ensure secure web access for enterprise users by doing malware protection, threat prevention, URL filtering, and content inspection of sensitive data, among other critical security measures. Our research indicates that in today's world of complex web applications and protocols, SWGs often fail to deliver on their promise. We will demonstrate a new class of attacks: “Last Mile Reassembly Attacks,” which, as of this writing, can bypass every SWG in the Gartner Magic Quadrant for SASE and SSE - this includes the largest public market cybersecurity companies in the world. Additionally, we will release...
https://www.youtube.com/watch?v=mBZQnJ1MWYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Listen to the Whispers: Web Timing Attacks that Actually Work - James Kettle
Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this session, I'll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack-surface. This is not a theoretical threat; every technique will be illustrated with multiple real-world case studies on diverse targets. Unprecedented advances have made these attacks both accurate and efficient; in the space of ten seconds you can now reliably detect a sub-millisecond differential with no prior configuration or 'lab conditions' required. In other words, I'm going to share timing attacks you can actually use. To help, I'll equip you...
https://www.youtube.com/watch?v=zOPjz-sPyQM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Server-side Anti-Cheat Protections - "Bug Squash (part 2)" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Bug Squash part 2" (gamepwn) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! It's a unity-based game where players need to squash bugs to earn points, like part 1. The difference here is the points are stored server-side and some anti-cheat mechanisms have been put in place to prevent hackers from manipulating their score! Players must develop a PoC which exploits some JSON parsing discrepancies, being careful not to trigger any ant-cheat defences (all under a strict time limit) 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/game/bug_squash2 Bug Squash part 1: https://youtu.be/VoT74JOGWgA 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00...
https://www.youtube.com/watch?v=dEA68Aa0V-s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Guide for Solving Beginner CTF Challenges [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for 4 "warmup" challenges from the 2023 1337UP LIVE (CTF) competition by Intigriti, originally presented during the pre-CTF livestream in 2024. The challenges include various decodings with cyberchef, traffic analysis (PCAPs) and basic reversing/crypto 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti Full livestream: https://youtube.com/live/BKXfrNwrcqQ 🐛INTIGRITI 1337UPLIVE CTF🐞 https://ctftime.org/event/2134 https://ctf.intigriti.io https://discord.gg/intigriti-870275171938873395 👷‍♂️Resources🛠 https://cryptocat.me/resources Overview: 0:00 Intro 0:19 Warmup: Encoding 1:52 Forensics: OverTheWire (part 1) 5:17 Forensics: OverTheWire (part 2) 10:00 Crypto: Keyless 11:03 Conclusion 🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register 👾...
https://www.youtube.com/watch?v=CsyQFzTJ09w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 8th Annual Hacker-Powered Security Report: An overview
The 8th Annual Hacker-Powered Security Report states that whether you think AI is a threat or an opportunity, you are right. - 48% of security leaders say GenAI is the biggest threat to their organization. - Nearly 10% of researchers specialize in AI red teaming as the number of AI assets in scope for bug bounty programs has increased by 171%. - Researchers are also leveraging AI tools to be even more effective in finding and reporting vulnerabilities, with 58% saying they use AI either as a significant tool or in some way. At HackerOne, we definitely see the opportunities provided by GenAI. In the spirit of embracing the technology, we asked NotebookLM to summarize the latest Hacker-Powered Security Report. Listen to our AI-generated podcast on the report and let us know what you think! To...
https://www.youtube.com/watch?v=7j1cNrknCe4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Abusing Windows Hello Without a Severed Hand - Ceri Coburn, Dirk jan Mollema
Windows Hello is touted by Microsoft as the modern de facto authentication scheme on Windows platforms, supporting authentication and encryption backed by biometrics. In a world that is quickly accelerating towards a passwordless existence, what new threats do we face in this complex landscape? We will take a deep dive into the inner working of Windows Hello. Via the release of a new tool, it will be demonstrated how an attacker on a fully compromised Windows host can leverage secrets backed by Windows Hello biometrics without needing the biometric data that protects them. We will also show how the hardware protections of Windows Hello and its accompanying Primary Refresh Tokens can be defeated, making it possible to use Windows Hello for identity persistency and PRT stealing, in some cases...
https://www.youtube.com/watch?v=mFJ-NUnFBac
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

13Cubed XINTRA Lab Walkthrough
In this episode, we'll perform a comprehensive walkthrough of the 13Cubed challenge created for XINTRA Labs. Learn more at https://www.xintra.org/labs. 💰 For a limited time only, use the discount code "13CUBED" to get 15% off a XINTRA Labs subscription! 🙏 Special thanks to Mike Peterson from https://nullsec.us for playing the role of Threat Actor in our scenario! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:58 - Workstation - Running MemProcFS 03:25 - Workstation - Question 1 05:14 - Workstation - Question 2 07:06 - Workstation - Question 3 07:53 - Workstation - Question 4 09:42 - Workstation - Question 5 12:42 - Workstation - Question 6 15:31 - Workstation - Question 7 17:34 - Workstation -...
https://www.youtube.com/watch?v=A7Bh7vnAooQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Review: This Is How They Tell Me the World Ends (not with a bang but with a bug)
Join me on a brand-new series as I indulge my childhood dream of creating a personal library, focusing on InfoSec books! Kicking things off, we dive into 'This Is How They Tell Me How The World Ends' by Nicole Perlroth. Despite being an ebook enthusiast, I decided it was high time to fill my custom-built bookcase with real books. We'll explore the fascinating histories and personal stories behind bug bounties, zero days, and cyber warfare, all narrated with the flair of a seasoned journalist. From cyber politics to sassy hacker quips - what did happen to that salmon anyway? To how hackers take on the global stage of politics 00:00 Introduction to the Quest for Infosec Books 00:29 Building the Dream Library 00:55 E-Readers vs. Physical Books 02:41 Criteria for Book Selection 04:44 First Book...
https://www.youtube.com/watch?v=OvUmumbiGRI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Las Vegas w/Epic Games

https://www.youtube.com/watch?v=rJb-qFYylis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Counter Deception: Defending Yourself in a World Full of Lies - Tom Cross, Greg Conti
The Internet was supposed to give us access to the world's information, so that people, everywhere, would be able to know the truth. But that's not how things worked out. Instead, we have a digital deception engine of global proportions. Nothing that comes through the screen can be trusted, and even the things that are technically true have been selected, massaged, and amplified in support of someone's messaging strategy. Deception isn't just about narratives - we see deception at every layer of the network stack, from spoofed electromagnetic signatures, to false flags in malware, to phony personas used to access networks and spread influence. They hide in our blindspots, exploit our biases, and fill our egos while manipulating our perceptions. How do we decide what is real? This talk...
https://www.youtube.com/watch?v=gHqDEMrqTjE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding the Bugcrowd VRT: An Insider's Guide
Join us at DEF CON as we sit down with Codingo, VP of Operations at Bugcrowd, to look into the Vulnerability Rating Taxonomy (VRT). Learn what makes the VRT unique, how it compares to other vulnerability rating systems like CVSS, and why it's a key part of Bugcrowd's platform. Discover how the VRT evolves, the community's role in its development, and essential tips for hackers advocating for higher priorities on their findings. Whether you're a seasoned Bugcrowd hacker or new to the platform, this interview offers valuable insights and practical advice for improving your skills and understanding of the VRT. 00:00 Introduction to the VRT and Bugcrowd 00:33 Bugcrowd's Unique Offerings for Hackers 01:19 Understanding the VRT: An Interview with Kodinga 02:22 Differences Between VRT and CVSS 03:09...
https://www.youtube.com/watch?v=AIJK_Lw8rKw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - DEF CON Closing Ceremonies & Awards
The full closing ceremonies presentation from the final day of DEF CON 32.
https://www.youtube.com/watch?v=GdeKrNlvG8g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - What To Expect When You're Exploiting: 0Days Baby Monitors & Wi-Fi Cams - Mager, Forte
Home surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent...
https://www.youtube.com/watch?v=caY7ls4G460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - AppSec Considerations From the Casino Industry - Aleise McGowan, Tennisha Martin
In the casino industry, a surge of ransomware attacks has marked an era of unprecedented threats and vulnerabilities. This session will focus on a critical aspect of security within this industry, exploring how ransomware has specifically impacted applications and associated systems. Attendees will gain insights into the methods used by malicious actors to compromise casino applications, the resulting financial and operational disruptions, (i.e., affected customer data security etc.) and responses developed to counter these threats. By researching industry giants like MGM and Caesars, we will highlight the importance of robust application security measures and the future landscape of cybersecurity in this sector. Unique security challenges faced by the casino industry will be explored, along...
https://www.youtube.com/watch?v=k7odY9gCxaI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Where's the Money-Defeating ATM Disk Encryption - Matt Burch
Holding upwards of 0,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in just the last few years. During this time, I led security research with another colleague into the enterprise ATM industry resulting in the discovery of 6 zero-day vulnerabilities affecting Diebold Nixdorf's Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently...
https://www.youtube.com/watch?v=lF8NEsl3-kQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - On Your Ocean's 11 Team, I'm the AI Guy (technically Girl) - Harriet Farlow
One of the best parts of DEF CON is the glitz and glam of Vegas, the gambling capital of the world. Many have explored hacking casinos (on and off stage). Unfortunately, it's just not like it is portrayed in the Oceans franchise.. in real life there's much less action, no George Clooney, and it's a lot harder to pull off a successful heist. Fortunately I'm not your typical hacker, I'm an AI hacker. I use adversarial machine learning techniques to disrupt, deceive and disclose information from Artificial Intelligence systems. I chose my target carefully: Canberra Casino. It's the best casino in my city.. It's also the only casino but that's not the point. The casino industry is at an interesting inflection point. Many large casinos have already adopted AI for surveillance...
https://www.youtube.com/watch?v=pTSEViCwAig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Why are you still using my server for your internet access - Thomas Boejstrup Johansen
Pawning countries at top level domain by just buying one specific domain name ‘wpad.tld', come hear about this more the 25+ years old issue and the research from running eight different wpad.tld domains for more than one year that turn into more the 1+ billion DNS request and more then 600+GB of Apache log data with leaked information from the clients. This is the story about how easy it is to just buying one domain and then many hundreds of thousands of Internet clients will get auto pwned without knowing it and start sending traffic to this man-in-the-middle setup there is bypassing encryption and can change content with the ability to get the clients to download harmful content and execute it. The talk will explain the technical behind this issue and showcase why and how clients will...
https://www.youtube.com/watch?v=uwsykPWa5Lc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - The edges of Surveilance System and its supply chain - Chanin Kim, Myounghun Pak
With the development of artificial intelligence and image processing technology, the video industry such as CCTV is developing greatly. However, CCTV video may infringe on an individual's privacy, and personal information may be leaked due to hacking or illegal video collection. As such, Surveillance System's Security issues are also increasing, the importance of the video surveillance industry is becoming more prominent. In order to prevent hacking or illegal video collection, research on camera security is being conducted. However, there is a lack of awareness of NVR (Network Video Recorder), a device that actually watches videos recorded by cameras, and research on this is also insufficient. We selected Hikvision and Dahua, which have a high NVR market share, as target vendors, and also...
https://www.youtube.com/watch?v=v6VMEeUcqzo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - Welcome to DEF CON 32 - The Dark Tangent
Opening remarks from our founder The Dark Tangent.
https://www.youtube.com/watch?v=vad7FiHlgMU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad Shortman
Have you ever wondered how those little boxes that you tap your card to open doors work? What are they reading on the card? How do they ultimately unlock the door? And, are they even secure? In this talk, we will answer all of those questions and more. We will walk through how access-control systems, in general, work, and dig into the details of the most popular systems. Fortunately for the entertainment value of this talk, there be dragons in our doors. We will walk through some of the most high-profile attacks in detail and then dive into some more fundamental flaws with how the systems are designed. All of these discussions will be accompanied with live demos and first hand experience. After this talk, you will look at the world, especially doors, differently -- weaknesses everywhere! My...
https://www.youtube.com/watch?v=zBP2deuPQTg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - OH MY DC Abusing OIDC all the way to your cloud - Aviad Hahami
As DevOps and developers are slowly shifting away from storing long-lived static credentials to the more secure, still kinda-new, OIDC alternative - the underlying logic, mechanisms and implementations tend to feel like complicated magic and are mostly overlooked. In this talk, we'll begin by recapping what OIDC is, who are the interacting entities when OIDC is used, and how OIDC is taking place to securely access one's cloud using CI/CD flows. Once covered, we will be able to alternate our point-of-view between the entities in play and demonstrate potential vulnerabilities in various setups. Starting with the user PoV, we will show what "under-configurations" look like, and continue by demonstrating how new OIDC configuration options can actually be misconfigurations that can result with...
https://www.youtube.com/watch?v=asd33hSRJKU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON 32 - MaLDAPtive: Obfuscation and De-Obfuscation - Daniel Bohannon, Sabajete Elezaj
DAP is no stranger to the security spotlight. While LDAP is a protocol (Lightweight Directory Access Protocol) and Active Directory is the most popular directory services system that supports a subset of LDAP, the terms “LDAP” and “AD” are tightly coupled when discussing the execution, detection and prevention of attacks targeting directory services data. In the last decade the widespread offensive value of querying AD data via LDAP was cemented with the release of open-source tools such as BloodHound and PingCastle. However, proper visibility of LDAP queries mostly remains a privileged asset for those organizations with deep pockets, and the commercial security tools providing this visibility are often woefully fixated on simple signature-based detections. MaLDAPtive is the 2,000-hour...
https://www.youtube.com/watch?v=mKRS5Iyy7Qo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1)
"There are not that many people that do Android research [...] There is no lack of targets. If people would actually look, there is lots to it. The scope is huge." - This is a conversation with Kristoffer Blasiak about Google's Mobile Vulnerability Rewards Program (VRP). Learn Android Hacking (ad): https://hextree.io/hextree-x-google Mobile VRP: https://bughunters.google.com/about/rules/android-friends/6618732618186752/google-mobile-vulnerability-reward-program-rules 00:00 - Introducing Kristoffer and Mobile VRP 01:38 - What happens when you submit a bug 05:07 - Android app bug bounty opportunities 08:38 - "There is no lack of targets" 13:06 - The side-loading threat model 17:00 - Bugs in Android app vs. web app 23:30 - Hextree sponsored by Google =[ ❤️ Support ]= → per Video:...
https://www.youtube.com/watch?v=SyTy1uZgx8E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reverse Engineering LAB Setup Tutorial (updated)
If you are just getting started with reverse engineering this the place to start. In this tutorial we provide an overview the current setup that we currently run, this is also the same setup used in all of our live streams and tutorials. The full notes for this tutorial are unlocked for everyone on our Patreon including links to all of the tools mentioned https://www.patreon.com/posts/101718688 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=adAr0KBJm4U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Live Hacking Event Recap: Las Vegas w/TikTok

https://www.youtube.com/watch?v=QYRgmBmsm_M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Get Bigger Bounties With Better Reports
At DEFCON a few weeks ago, I sat down with Codingo, VP of operations to talk about the key elements of writing an effective bug report, especially for non-native English speakers and beginners. We also discuss the importance of clarity, accurate replication steps, and the impact of comprehensive report writing on your bug bounty success. Learn from Bugcrowd's framework and community-driven practices to enhance your cybersecurity skills and make a stronger impact with your findings. 00:00 Introduction and Apology 00:37 Sponsor Message: Bugcrowd 01:22 Live from DEF CON 01:53 The Importance of Report Writing 02:17 Key Elements of a Good Report 04:46 Challenges in Report Writing 06:11 The Triage Process 08:21 Support for Non-Native English Speakers 09:17 Common Reasons for Bug Rejection 11:09...
https://www.youtube.com/watch?v=hnU0mRl0WBI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My theory on how the webp 0day was discovered #short
Want to learn more about hacking? Checkout our courses on https://www.hextree.io (ad) I have spent many hours looking at the webp vulnerability used in the 0day attack against iPhones. In the past videos we have seen why fuzzers have a hard time finding the issue, so I wanted to understand how this was discovered. And I think I have a good theory! Part 1: Huffman Tables https://youtu.be/lAyhKaclsPM Part 2: Fuzzing libwebp https://youtu.be/PJLWlmp8CDM Sources: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html https://github.com/seemoo-lab/frida-scripts/blob/main/scripts/libdispatch.js https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/ https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://github.com/libjxl/libjxl/blob/4b9dbde293f7f282b6952a02340300abfca2b184/lib/jxl/huffman_table.cc#L51 https://github.com/webmproject/libwebp/blob/7861947813b7ea02198f5d0b46afa5d987b797ae/src/dec/vp8l_dec.c#L86C3-L86C76 https://github.com/Tencent/mars/blob/9ab46e19ed3d4fcafe9d0de4b36547321f5ead83/mars/comm/windows/zlib/inftrees.h#L41 https://github.com/google/brunsli/blob/master/c/enc/jpeg_huffman_decode.h#L20 00:00...
https://www.youtube.com/shorts/CS128zYJSmw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Memory Forensics Challenge
Welcome to a special Linux Memory Forensics Challenge from 13Cubed. This is an excellent opportunity to get some hands-on practice with Linux memory forensics. You'll find the questions below, as well as a link to download the memory sample needed to answer those questions. 🎉 Check out the official training courses from 13Cubed at https://training.13cubed.com! HINT 1: To get started, run the Volatility 3 banners plugin to determine the correct kernel version, and subsequently install the correct symbols and create the ISF. HINT 2: The kernel version in use on this Ubuntu 22.04 machine was 6.5.0-41. It is recommended that Ubuntu 22.04 be used for the analysis. 🛑 CONTEST IS CLOSED 🛑 All winners have been selected. We still encourage you to participate in the lab, as we believe it...
https://www.youtube.com/watch?v=IHd85h6T57E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My theory on how the webp 0day was discovered (BLASTPASS)
Want to learn more about hacking? Checkout our courses on https://www.hextree.io (ad) I have spent many hours looking at the webp vulnerability used in the 0day attack against iPhones. In the past videos we have seen why fuzzers have a hard time finding the issue, so I wanted to understand how this was discovered. And I think I have a good theory! Part 1: Huffman Tables https://youtu.be/lAyhKaclsPM Part 2: Fuzzing libwebp https://youtu.be/PJLWlmp8CDM Sources: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html https://github.com/seemoo-lab/frida-scripts/blob/main/scripts/libdispatch.js https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/ https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://github.com/libjxl/libjxl/blob/4b9dbde293f7f282b6952a02340300abfca2b184/lib/jxl/huffman_table.cc#L51 https://github.com/webmproject/libwebp/blob/7861947813b7ea02198f5d0b46afa5d987b797ae/src/dec/vp8l_dec.c#L86C3-L86C76 https://github.com/Tencent/mars/blob/9ab46e19ed3d4fcafe9d0de4b36547321f5ead83/mars/comm/windows/zlib/inftrees.h#L41 https://github.com/google/brunsli/blob/master/c/enc/jpeg_huffman_decode.h#L20 00:00...
https://www.youtube.com/watch?v=_ACCK0AUQ8Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shimcache Execution Is Back - What You Need to Know!
In this special episode, Mike Peterson from nullsec.us joins us to discuss important new research on Shimcache/AppCompatCache. Discover how this artifact can potentially be used to prove execution in Windows 10 and later—a capability that was previously thought impossible! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:08 - Shimcache/AppCompatCache artiFACTS 09:38 - nullsec.us Research 18:40 - Wrap-up 🛠 Resources Original research from Eric Zimmerman: https://github.com/EricZimmerman/AppCompatCacheParser/issues/6 GitHub commit for AppCompatCacheParser adding the functionality (March 2023): https://github.com/EricZimmerman/AppCompatCacheParser/commit/c995e82a58684bb15a46c34729c99a4024aaf8b3#diff-e5f34b98fc08cf3da1819cd0652cb2c28a785e4f2bab8cccfb0d7fe2cb99cff9R79 For...
https://www.youtube.com/watch?v=DsqKIVcfA90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn Android Hacking! - University Nevada, Las Vegas (2024)
During DEF CON and Black Hat, Google invited me to give a talk about Android hacking to students as part of init.g at the University Nevada, Las Vegas. In this talk I share my "trick" how to get into Android hacking and reverse engineering, which can also be adapted to any other topic. Learn android hacking (ad): https://app.hextree.io/map/android Watch my Vegas Vlog: https://www.youtube.com/watch?v=bhQ6FF3fCdA Article about the init.g event: https://www.unlv.edu/announcement/academics/google-sponsors-initgvegas-student-event-unlv-during-defcon =[ ❤️ Support ]= → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join 2nd Channel: https://www.youtube.com/LiveUnderflow =[ 🐕 Social ]= → Twitter: https://twitter.com/LiveOverflow/ →...
https://www.youtube.com/watch?v=fPt6fJDjKKM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cookie Forgery, Signature Bypass and Blind Command Injection - "Feature Unlocked" [CSCTF 2024]
Video walkthrough for the "Feature Unlocked" web challenge I made for CyberSpace CTF 2024. The challenge required players to hijack the validation server via a hidden GET parameter, cookie forgery and custom signature generation/verification in order to access an unreleased feature, which itself contained a blind command injection vulnerability. Hope you enjoy 🙂 #CSCTF #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec Write-up: https://book.cryptocat.me/ctf-writeups/2024/cyberspace/web/feature_unlocked ↢CyberSpace CTF 2024↣ https://2024.csc.tf https://ctftime.org/event/2428 https://discord.csc.tf 👷‍♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ 0:00 Start 1:46 Source code review 2:33 Cookie forgery 4:13 Recreate validation server 6:20 Access unlocked...
https://www.youtube.com/watch?v=6jvmbvsRLgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village - Recap
Thank you to everyone who attended the village this year at DEF CON! Another huge thank you to our core team, sponsors, volunteers, goons, and DEF CON! Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xjKxLoz0Dw4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Trip to Las Vegas for DEFCON & Black Hat
My second time in Las Vegas for DEF CON and Black Hat. Lots has changed since I have been here 6 years ago. This trip was quite emotional for me and I am so grateful for the experience. Hope to meet you all again. Learn hacking (ad): https://app.hextree.io/ Buy our Faultier (US): https://1bitsquared.com/collections/embedded-hardware/products/faultier Google x Hextree Android Courses: https://www.hextree.io/hextree-x-google Raspberry Pi Hacking Challenge: https://www.hextree.io/rp2350 Embedded System Village: https://embeddedvillage.org/ My previous DEF CON 26 (6 years ago) Vlog: - https://youtu.be/B8saYocsI-U - https://www.youtube.com/watch?v=RXgp4cDbiq4 =[ ❤️ Support ]= → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join 2nd...
https://www.youtube.com/watch?v=bhQ6FF3fCdA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Amazon
Thank you Amazon for being a platinum sponsor! For more information about Amazon, please visit https://amazon.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ouv0tgFmo8M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Kindo
Thank you Kindo for being a platinum sponsor! For more information, please visit https://kindo.ai. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=-1wBcsNVqPo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTV x Flare - An Introduction to Flare
The Red Team Village Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xXulBDmkxsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Core Team
Check out our amazing core team! Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DXklOoiJXVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Horizon3.ai
Thank you for being one of our platinum sponsors! Additional information about Horizon3.ai can be obtained from https://www.horizon3.ai. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=kuviZ77aUB8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Planning Red Team Operations | Scope, ROE & Reporting
Hey guys, HackerSploit here back again with another video. This video outlines the process of planning and orchestrating Red Team operations. This video also outlines various Red Team resources, guides, and templates to plan and orchestrate a successful Red Team Operation. //LINKS & RESOURCES REDTEAM.GUIDE: https://redteam.guide/ The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/introduction-to-the-mitre-att-ck-framework/9127 //HACKERSPLOIT PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE...
https://www.youtube.com/watch?v=usDt-s2sACI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mapping APT TTPs With MITRE ATT&CK Navigator
Hey guys, HackerSploit here back again with another video. This video will introduce you to the MITRE ATT&CK Navigator and will illustrate how it can be operationalized for planning and orchestrating Red Team operations. MITRE ATT&CK Framework: https://attack.mitre.org/ MITRE ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/ //PLATFORMS BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr //SOCIAL NETWORKS TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn //BOOKS Privilege Escalation Techniques ►► https://amzn.to/3ylCl33 Docker...
https://www.youtube.com/watch?v=hN_r3JW6xsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Flare
Thank you for being a Diamond sponsor! For additional information about Flare, please visit https://flare.io. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=7AON2imxy24
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DC32 - Red Team Village x Optiv
Thank you for being one of our sponsors! Additional information about Optiv can be obtained from https://optiv.com. Red Team Village Website: https://redteamvillage.io Discord: https://redteamvillage.io/discord Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=mbM3KEk8vxQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mounting Linux Disk Images in Windows
Learn how to mount Linux disk images in Windows using the Windows Subsystem for Linux (WSL). We'll tackle common issues and their fixes. ⌨️ Command used in the video: sudo mount -o ro,loop,offset=[OFFSET],noload [IMAGE] /mnt/[MOUNTPOINT] If you're mounting images containing Logical Volume Management (LVM) volumes, additional steps are required: ✅ Install LVM2 (if not already installed) sudo apt install lvm2 (Debian/Ubuntu) sudo dnf install lvm2 (Fedora) sudo yum install lvm2 (RHEL) ✅ Create a loop device from the disk image: sudo losetup -f -P testimage.dd Here, "-f" tells losetup to find the next available loop device, and "-P" forces the kernel to scan the partition table on the newly created loop device. ✅ Refresh LVM so that the new device appears: sudo pvscan --cache This...
https://www.youtube.com/watch?v=W_youhia4dU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Course! Investigating Linux Devices
Check out Investigating Linux Devices, a comprehensive Linux forensics training course from 13Cubed! Starting with fundamental principles, Investigating Linux Devices rapidly progresses to encompass log analysis, file systems, persistence mechanisms, memory forensics, live response, and more! This course offers extensive hands-on practice and a capstone involving the analysis of a compromised system. Tailored for both beginners and seasoned professionals, it serves as an ideal resource for mastering Linux forensics! 🎉 Enroll today at https://training.13cubed.com! #Forensics #DigitalForensics #DFIR #LinuxForensics
https://www.youtube.com/watch?v=4sRFu_QTkXM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Weird Windows Feature You've Never Heard Of
In this episode, we'll explore File System Tunneling, a lesser-known legacy feature of Windows. We'll uncover the fascinating behind-the-scenes functionality and discuss the potential implications for forensic examinations of compromised systems. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 05:06 - File System Tunneling Demo 🛠 Resources The Apocryphal History of File System Tunnelling: https://devblogs.microsoft.com/oldnewthing/20050715-14/?p=34923 File System Tunneling in Windows (Jason Hale): https://df-stream.com/2012/02/file-system-tunneling-in-windows/ File System Tunneling (Harlan Carvey): https://windowsir.blogspot.com/2010/04/linksand-whatnot.html #Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=D5lQVdYYF4I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live at the RSA expo hall!

https://www.youtube.com/shorts/y7-J8g3_9l8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zombieware
Self-replicating malware, long abandoned by its operators, continues to contribute significant volume and noise to malware feeds. We investigate this trend, which we refer to as Zombieware! Join us on Patreon for Part 2 where we reverse engineer a popular file infector and write an extractor to recover the infected files! https://www.patreon.com/posts/zombieware-part-103656376 Full Zombieware blog post can be found on our UnpacMe blog here: https://blog.unpac.me/2024/04/25/zombieware/ Ladislav Zezula's excellent talk from BSides Prague can be found here: https://www.youtube.com/watch?v=OgXvd-Wce9o ----- OALABS DISCORD https://discord.gg/oalabs OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED...
https://www.youtube.com/watch?v=NNLZmB6_aGA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Ultimate Guide to Arsenal Image Mounter
In this episode, we'll take an in-depth look at Arsenal Image Mounter. We'll start with the basics and cover the functionality included in the free version. Then, we'll look at advanced features including the ability to launch VMs from disk images, password bypass and password cracking, and working with BitLocker encrypted disk images. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 00:57 - Free Mode 07:55 - Professional Mode 08:43 - Launch a VM from a Disk Image 09:28 - Fixing a Common Issue 12:21 - Windows Authentication Bypass 14:55 - About DPAPI 16:36 - DPAPI: Password Attack Functionality 19:49 - Mounting VSCs 22:36 - Launch a VM from a VSC 23:45 - More VSC Options 26:08 - Working with BitLocker Images 🛠...
https://www.youtube.com/watch?v=4eifl8qvqVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Should I report this vulnerability? Will I get a bounty?
It's really exciting to find your first bug BUT it's crushing when you realise it isn't reportable or comes back as NA from a client. Here are my top tips for identifying if you've found something and double checking before getting caught up in excitement! I still get emails about IDORs being NA because you need a victims cookie and hackers who are angry at bug bounty programs or triagers.
https://www.youtube.com/watch?v=T4EhE5f7fQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to take notes when you suck at it
This episode of the Bug Bounty course we talk about the importance of developing a personal note taking system that supports both hacking and learning. Emphasizing the differentiation between notes taken during hacking activities and those for learning about vulnerabilities. We look at methods for organizing and accessing your notes whether you are into Notion, Obsidian or Vim or even mind maps we'll look at how to integrate your notes with tools like Burp Suite. Creating your own knowledge base you can refer to every time you hack, tailored to individual needs and preferences and refine your own note-taking strategies for successful hacking and learning. 00:00 Introduction to the Bug Bounty Course 00:14 The Importance of a Personalized Note-Taking System 00:53 Sponsor Shoutout: Bugcrowd 01:45...
https://www.youtube.com/watch?v=uXuMvUPlvd0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Where's the 4624? - Logon Events vs. Account Logons
In this episode, we'll learn about the difference between "Logon Events" and "Account Logons" and explore a scenario in which communication occurs between two domain-joined workstations. Where will we find Event ID 4624 and other account-related Event IDs of interest? *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:18 - Win11-Test-VM 02:14 - Win10-Test-VM 03:41 - Win2019-Test-VM 05:28 - Recap 🛠 Resources Logon/Logoff Events: https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter5 Account Logon Events: https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter4 #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=EXsKJ9kIc6s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
A guide on how to do fuzzing with AFL++ in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones. Want to learn hacking? Signup to https://hextree.io (ad) Buy my shitty font: https://shop.liveoverflow.com/ (ad) Watch webp Part 1: https://www.youtube.com/watch?v=lAyhKaclsPM Sudo Vulnerability Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx Docker Video: https://www.youtube.com/watch?v=-YnMr1lj4Z8 OSS-Fuzz: https://github.com/google/oss-fuzz OSS-Fuzz libwebp coverage: https://storage.googleapis.com/oss-fuzz-coverage/libwebp/reports/20230901/linux/src/libwebp/src/utils/report.html AFLplusplus: https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md vanhauser's blog: https://www.srlabs.de/blog-post/advanced-fuzzing-unmasks-elusive-vulnerabilities vanhauser/thc...
https://www.youtube.com/watch?v=PJLWlmp8CDM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RDP Authentication vs. Authorization
In this episode, we'll learn about an important RDP scenario involving Network Level Authentication (NLA) and the Windows Event Log entry that is generated as a result. We'll also see what happens when authentication succeeds, but authorization fails, and how that impacts what's logged. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 01:10 - Demo 🛠 Resources RDP Flowchart: https://cdn.13cubed.com/downloads/rdp_flowchart.pdf #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=OlENso8_u7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 4 - Efficient Rule Development
In this OALABS Patreon tutorial we cover the foundations of writing efficient YARA rules and provide some tips that can help speed up your YARA hunting. The full notes for this tutorial are unlocked for everyone on our Patreon https://www.patreon.com/posts/introduction-to-96638239 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=xKeF_cPKXt0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 3 - Rule Use Cases
In this OALABS Patreon tutorial we cover the three main use cases for YARA rules and how they apply to both BlueTeam/SOC operations and malware analysis. Fun notes have been unlocked for everyone on our Patreon here https://www.patreon.com/posts/introduction-to-96637668 The following are links to UnpacMe specific tutorials for developing each type of rule. Identifying specific malware families (unpacked) https://support.unpac.me/howto/hunting-with-yara/#identifying-specific-malware-families-unpacked Identifying malware on disk or in network traffic (packed) https://support.unpac.me/howto/hunting-with-yara/#identifying-malware-on-disk-or-in-network-traffic-packed Hunting (malware characteristics) https://support.unpac.me/howto/hunting-with-yara/#hunting-malware-characteristics ----- OALABS...
https://www.youtube.com/watch?v=xutDqu_OiH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 2 - Hunting on UnpacMe
In this OALABS Patreon tutorial we demonstrate a simple YARA hunting example using the UnpacMe free YARA scan service: https://www.unpac.me Full notes have been unlocked on our Patreon here https://www.patreon.com/posts/introduction-to-96637337 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=Xqvlju9ED1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to YARA Part 1 - What is a YARA Rule
In this OALABS Patreon tutorial we cover the basics of YARA, what is it, how is it used, and how to write your first rule. Full notes have been unlocked on our Patreon here https://www.patreon.com/posts/introduction-to-96636471 ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=3BpIhbsDR_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Approaching Large Scope Targets Without Feeling Overwhelmed
In this video, we discuss how beginners can tackle large scope targets in bug bounty hunting. These targets offer more flexibility and potential for bug discovery, making them a great starting point for new hackers. However, they can be overwhelming due to their size and diversity. We suggest focusing on one part of the larger scope, which helps you understand the target's application development process without becoming overwhelmed. We also delve into different reconnaissance techniques, including subdomain enumeration, Google Dorking, API enumeration, OSINT, and more. Lastly, we emphasize that while reconnaissance is critical for large scope targets, it is just a stepping stone to actually hacking and finding vulnerabilities. This series couldn't happen without the support of our sponsor...
https://www.youtube.com/watch?v=W4pafFxOOwc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New OWASP API Top 10 for Hackers
Blog article isn't done yet but I'll get it up ASAP! Today we explore the new OWASP API Top 10 in detail, the new version is much more hacker friendly and focuses on bugs we can find rather than defenders but how can we start to study these bugs and actually find them? Let's take a look at some of the changes in the new OWASP API top 10 2023, which ones I recommend for beginners just starting out with API hacking and when to look out for specific bugs There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when they are lurking in our code…it's not as fun But that's where our sponsor Snyk comes in - Snyk scans your code, dependencies, containers, and configs, all in...
https://www.youtube.com/watch?v=sl1yqGhuVy4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

E-commerce Flaws and 0-1000 Bounties
We're continuing our stories of bad bugs theme with some business logic flaws. Unfortunately, I couldn't find the link to the whitepaper with the e-commerce flaws, but I remember it being quantity manipulation, price manipulation by changing the currency and guessing giftcards. In today's video we look at a pretty basic authentication issue, a pretty boring price manipulation issue and end with an utterly underwhelming order number adjustment. Each of these bugs got paid a bounty between 0-1000, though some were duplicates that were split between me and other hackers because they were bugs found at live hacking events) There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when...
https://www.youtube.com/watch?v=IsBgaEWpqro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OALABS Holiday Variety Show 2023
𝘔𝘦𝘳𝘳𝘺 𝘐𝘋𝘈𝘮𝘢𝘴 𝘢𝘯𝘥 𝘢 𝘏𝘢𝘱𝘱𝘺 𝘉𝘪𝘯𝘫𝘢-𝘠𝘦𝘢𝘳 Join us for our holiday special reverse engineering variety show! - Guess the prompt AI charades - Random RE banter - Suspicious liquids in bottles We've got it all! Merry Christmas everyone we will see you in 2024! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=XMVhX29AJbQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Vulnerability to Hack The World - CVE-2023-4863
Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned. Want to learn hacking? Signup to https://hextree.io (ad) Buy my shitty font: https://shop.liveoverflow.com/ (ad) WebP Fix Commit: https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a Citizenlab: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ Ben Hawkes: https://blog.isosceles.com/the-webp-0day/ Software Updates Apple https://support.apple.com/en-gb/106361 Chrome https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html Firefox...
https://www.youtube.com/watch?v=lAyhKaclsPM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackMe Advent Of Cyber Day 20 - DevSecOps
DevSecOps has enabled developers to be much more efficient, committing code and deploying it automatically, but it's a fantastic tool for us to go exploring and hacking in their pipelines! Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=wGO2dWVk1oM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

🔥Resume Roast from our Content Manager Rachel. #shorts #resume #career #hacking

https://www.youtube.com/shorts/012h_SV0bRs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is there ageism in #cybersecurity? Matt thinks so! What do you think? #shorts #hacking #ageism

https://www.youtube.com/shorts/PH9CCcRhUbk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tips For Analyzing Delphi Binaries in IDA (Danabot)
Reverse Engineering Delphi is a nightmare ... or it can be if you don't have the right setup! In this clip we cover some easy tips that can help make some of the analysis a bit easier. Full notes with links for tools are available here: https://research.openanalysis.net/danabot/loader/delphi/2023/12/04/danabot.html Full stream with analysis of the Danabot loader is available on Patreon here: https://www.patreon.com/posts/live-stream-vod-94510766 ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=04RsqP_P9Ss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Recognize Macro Encrypted Strings in Malware
How to identify when a macro is used to encrypt strings in malware... inferring source from disassembly! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=fEAGYjhKzJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reinventing Web Security
Follow me down the rabbit hole into the wonderful world of IT security. Buy my terrible font (ad): https://shop.liveoverflow.com Learn hacking (ad): https://hextree.io Related Videos: https://www.youtube.com/watch?v=866olNIzbrk https://www.youtube.com/watch?v=lKzsNp4AveY Tweets: https://twitter.com/LiveOverflow/status/1720734431659376995 https://twitter.com/LiveOverflow/status/1720799912181284864 https://twitter.com/LiveOverflow/status/1721493232310214910 Understanding the Risks of Stolen Credentials: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46437.pdf Chapters: 00:00 - Intro 00:40 - Security Terminology 01:38 - Direct Database Access 03:40 - Introducing a Security Boundary 05:36 - Typical Web Security Vulnerabilities 07:03 - Clear-text Passwords...
https://www.youtube.com/watch?v=LxUAnZY_08o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]
Our live discord call-in show debates! Are indirect syscalls even required? What are they and how are they used?! What are EDR vendors doing to detect them and why you might care.... ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=W2SeruUxhDs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]
Our live discord call-in show debates! Are red team tools really helping our industry or are they just giving malware operators a free lunch?! ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
https://www.youtube.com/watch?v=ur6csODQHKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Circle of Unfixable Security Issues
Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money! Buy my terrible font (ad): https://shop.liveoverflow.com Learn hacking (ad): https://hextree.io What is a vulnerability? https://www.youtube.com/watch?v=866olNIzbrk hackerone reports: https://hackerone.com/reports/812754 https://hackerone.com/reports/6883 https://hackerone.com/reports/223337 https://hackerone.com/reports/819930 https://hackerone.com/reports/224460 https://hackerone.com/reports/160109 https://hackerone.com/reports/557154 OWASP: https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks Chapters: 00:00 - Intro 00:30 - Denial of Service...
https://www.youtube.com/watch?v=lr1KuL8OmJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

October 12, 2023

https://www.youtube.com/shorts/1GbAFa_i-bk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Binary Exploitation vs. Web Security
Want to learn hacking? (ad) https://hextree.io
https://www.youtube.com/shorts/FbeaklEkMgM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Tweets Explained
Let me explain to you what you can learn from these tweets. Did you know the name trick? Buy my terrible font (ad): https://shop.liveoverflow.com Learn hacking (ad): https://hextree.io Quote Tweet: https://twitter.com/avlidienbrunn/status/1697869590569582932 Original Tweet: https://twitter.com/Rhynorater/status/1696862832841916679 Critical Thinking Podcast: https://www.criticalthinkingpodcast.io/ XSS Origin Series: https://www.youtube.com/playlist?list=PLhixgUqwRTjyakFK7puB3fHVfXMinqMSi Chapters: 00:00 - Intro 00:37 - Tweets About Tricky XSS 01:24 - XSS Testbed Setup with php 03:45 - Exploring the XSS Context 05:24 - The window Object 06:46 - Tweet 1: Justin's XSS Explained 08:22 - Tweet 2: Mathias's Variant With Object 09:52 - Tweet 2: Mathias's Variant Creating Class 10:30 - The window.name...
https://www.youtube.com/watch?v=3zShGLEqDn8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied Ep88: The RISE of the CISO with Merike Kaeo
This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=FklaFGnBEyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zenbleed (CVE-2023-20593)
Let's explore the "most exciting" CPU vulnerability affecting Zen2 CPUs from AMD. Watch part 1 about fuzzing: https://www.youtube.com/watch?v=neWc0H1k2Lc buy my font (advertisement): https://shop.liveoverflow.com/ This video is sponsored by Google: https://security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html Original Zenbleed Writeup: https://lock.cmpxchg8b.com/zenbleed.html Grab the code: https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed cvtsi2ss: https://www.felixcloutier.com/x86/cvtsi2ss.html AMD Security Bulletin: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html RIDL Video: https://www.youtube.com/watch?v=x_R1DeZxGc0 Tavis Ormandy: https://twitter.com/taviso Chapters: 00:00 - Intro 02:27 - zenleak.asm Patterns 03:56...
https://www.youtube.com/watch?v=9EY_9KtxyPg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 6 | Deconstructing Malware Attacks & Forging a Career in Cybersecurity
In this episode of Intruder Alert, Marcus Hutchins is joined by cybersecurity expert Caitlin Sarian, known for her role as the Global Lead of Cybersecurity Advocacy and Culture at TikTok and her expertise in data protection and privacy compliance. Marcus and Caitlin provide technical insight into the latest US malware attacks and share invaluable advice on breaking into the cybersecurity field. Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=2aRgdmTdtK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is your favorite on here?? #favorite #cybersecurity #hacker

https://www.youtube.com/shorts/KPPH7vJZajQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Protecting Society and the Role of CERT with Tonu
In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=aYCyFDlK7vg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 5 | Community Uprising: Unravelling the Reddit Blackout
In the latest episode of Intruder Alert, Marcus Hutchins and Cybrary blue teamer, Marc Balingit, delve into the the uproar around Reddit's blackout. They unravel the intricacies of Reddit's contentious API changes, which have cornered third-party apps like Apollo, sparking a sweeping blackout protest across thousands of subreddits. Furthermore, they explore the impact of Twitch's fresh policy adjustments, which are a threat to streamers' ad revenue, and other news impacting online communities. Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=8_CEqpKU8AA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trying to demo the #hacker side without getting 🤐🤐🤐 by the platform. Oops! #cybersecurity

https://www.youtube.com/shorts/p_OgaSkmBMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Ep. 85 | Key Takeaways from the Verizon DBIR with Tony Goulding
Join host Joseph Carson and guest Tony Goulding as they break down the annual Verizon breach report. With over 16,000 incidents and more than 5,200 data breaches, there's a lot to look at. Tony and Joe have some great takeaways from this critical annual report and share their expert insights on what's new, what's changed, and what we're not doing so bad at (hint: MFA goes a long way!) Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=luXnfWO_U7I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack you exe's phone? 😂 #podcast #cybersecurity

https://www.youtube.com/shorts/ufdeWuwsWaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

401 Access Denied: Ep. 84 | The Best of RSAC & Cybersecurity Strategies with Bob Burns
RSAC was the place to be for cybersecurity in 2023, and Joe Carson is joined by Bob Burns to talk all about it. From the sessions that really resonated to the incredible human connections and networking, join Joe and Bob to deconstruct this year's most comprehensive conference. Were you at RSAC this year? Join us in the comments to let us know your favorite session! Jump-start your cybersecurity career for FREE with Cybrary! Follow us on Social! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
https://www.youtube.com/watch?v=qU40Yg7pfbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-ai-revolution-with-diana-kelley Everybody's talking about it - the AI revolution is here. But given the rapid evolution in this field, it's hard to keep up with the sweeping effects this technology is causing. Luckily, Joe Carson is joined by longtime AI expert Diana Kelley to shed light on all of these changes. She addresses the many misconceptions and media misrepresentations surrounding AI, breaks down the different forms of this technology, and emphasizes the need for a better understanding of AI's capabilities and limitations. They also discuss the ethical and legal implications that will only become more potent as AI...
https://www.youtube.com/watch?v=ow9JszgoC1M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82 Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=hacking-the-government-with-bryan-seely In this eye-opening episode, dive into the captivating world of cybercrime and social engineering with our host, Joe Carson, and special guest Bryan Seely! Bryan, a keynote speaker and cybersecurity expert best known for his Secret Service exposé, discusses his journey from a young computer enthusiast to a renowned public speaker. Join them as they investigate the mindset and techniques used by hackers, such as the use of aliases to deceive and manipulate their targets, as well as the importance of responsible disclosure and changing cybersecurity laws. Follow us for exclusive updates: ~https://twitter.com/cybraryIT ~https://www.instagram.com/cybrary.it/ ~https://www.facebook.com/cybraryit/ Follow...
https://www.youtube.com/watch?v=aagD2SxYUJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today! In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us. For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey! Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)