Pas d'actualité
Soutenez No Hack Me sur Tipeee
L'Actu de la veille
I Scanned 100,000+ Subdomains For CVE-2025-29927
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=7hqBePL0C_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2
DDoS Attacks (HTTP/2, DNS, Hacktivist) // Real World Technical Analysis
Big thanks to Radware for sponsoring this video and sharing technical insights with us!
// Radware reports REFERENCE //
Executive Summary: https://davidbombal.wiki/2025threats
2025 Global Threat Analysis Report: https://davidbombal.wiki/2025threatsummary
// Pascal Geenens' SOCIAL //
LinkedIn: https://www.linkedin.com/in/geenensp/
Website: https://www.radware.com/
// Radware SOCIAL //
YouTube: https://www.youtube.com/radwareinc
Webinars: https://www.radware.com/newsroom/events/
LinkedIn https://www.linkedin.com/company/radware
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok:...
https://www.youtube.com/watch?v=t2jKcA1OyBE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rotate your keys ASAP if you use this GH Action #cybersecurity #technews @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=QgHwiOJIcMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Google taking a BIG bet on Wiz #cybersecurity #technews #hackernews #cloudcomputer @endingwithali
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=aaxrHzZ5d-U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Downdate: Downgrade Attacks Using Windows Updates
Downgrade attacks force software to revert to an older, vulnerable version of itself. In 2023, the notorious BlackLotus UEFI bootkit emerged, downgrading the Windows boot manager to bypass Secure Boot. Microsoft addressed the threat, mitigating downgrade attacks on the boot manager to protect Secure Boot against downgrades. However, we wondered whether Secure Boot was the only critical component vulnerable to downgrade attacks....
By: Alon Leviev | Security Researcher, SafeBreach
Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#windows-downdate-downgrade-attacks-using-windows-updates-38963
https://www.youtube.com/watch?v=SI5_COohUlM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We R in a Right Pickle With All These Insecure Serialization Formats
The term pickle has become synonymous with insecurity in the modern python community and yet it remains one of the most prevalent serialization formats in the python ecosystem. However, pickle, despite its wide use, has been talked to death.
In this talk, we will take a step back and look at the root problem, the use of bytecode driven serialization formats. We'll dissect both pickle and RDS, R's serialization format, giving a never before seen deep dive into the R language's main serialization format.....
By:
Kasimir Schulz | Principal Security Researcher, HiddenLayer
Tom Bonner | Vice President of Research, HiddenLayer
Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#we-r-in-a-right-pickle-with-all-these-insecure-serialization-formats-39137...
https://www.youtube.com/watch?v=yrM1ryBaIJs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From CIA to CISO: AI security predictions and career strategies | Guest Ross Young
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast
Ross Young, CISO in residence at Team8, joins this week's Cyber Work episode to share insights from his fascinating career journey from the CIA to cybersecurity leadership. With over a decade of experience across intelligence agencies and major companies, Young discusses the rapidly evolving AI security landscape, predicts how AI will transform security roles and offers valuable career advice for cybersecurity professionals at all levels. Learn how security professionals can stay relevant in an AI-driven future and why continuous learning is non-negotiable in this field.
00:00 Intro
00:27 Ross Young's journey...
https://www.youtube.com/watch?v=zoO3owY34H0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Monitor your network 24/7 and stop rogue devices with Docker on a NAS #shorts #docker #fing
You can now monitor your network 24/7 and stop rogue devices using the Fing agent running in a Docker container on your NAS.
Get a 25% discount for 6 months on a Fing Premium plan using my link: https://davidbombal.wiki/4bn5HAH
Big thank you to Fing for sponsoring this video.!
#android #iphone #wifi #shorts #android #iphone #wifi #docker #hack #fing
https://www.youtube.com/watch?v=Pl6bxdSrz6A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Bruteforce WiFi WPA2 cracking with GPU and Hashcat
This video is part of my hashcat course. In this video I show you how to use advanced Hashcat brute force options to crack wifi passwords using a GPU.
Disclaimer: This video is for educational purposes only. I either have permission to use, or own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack. Use the tools ethically to improve network security.
// Hashcat YouTube playlist //
Hashcat Course: https://www.youtube.com/watch?v=b5zQ6xTQGfY&list=PLhfrWIlLOoKNhibrzUPCfEnW4_EHWQBrA
// Previous video //
Previous video in course: Bruteforce WiFi WPA2 with GPU: https://youtu.be/b5zQ6xTQGfY
// PDF Download //
Download the PDF here: https://davidbombal.wiki/hashcatbruteforceadvanced
//...
https://www.youtube.com/watch?v=yvNKuZqRmJ4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're Hosting a Conference
https://continuumcon.com
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
Learn Coding: https://jh.live/codecrafters
Host your own VPN: https://jh.live/openvpn
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN THE NEWSLETTER ➡ https://jh.live/newsletter
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ALONG ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram...
https://www.youtube.com/watch?v=7R6h4btbte8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV CRON - Influcence_Ops: Tactical Pretexting
Welcome to RTV CRON, our monthly live stream, held on the last Thursday of every month. Each two-hour session features a unique workshop led by a different expert, offering hands-on experience in offensive security tactics and strategies.
Follow us: https://redteamvillage.io
This month our workshop is provided by Jeff Tomkiewicz!
Jeff Tomkiewicz is a Offensive Security Engineer for a Healthcare Fortune 40 organization, where he specializes in network penetration testing, social engineering, and physical penetration testing. With a rich background as a 21-year Air Force veteran, Jeff has served in various capacities, including K9 handler and trainer, Intelligence, and Special Operations. Residing in Colorado Springs, CO, where interests span upon horror films, performing in improv shows,...
https://www.youtube.com/watch?v=vlow4qZSOSE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering Process Tokens Part 1
This tutorial walks through the process of reverse engineering malware which uses AdjustTokenPrivileges to enable SeDebugPrivilege. No steps are skipped in the process!
This is Module 2.2 of our IDA Pro reverse engineering series. The full series can be found on our patron...
https://www.patreon.com/collection/1259251
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=iT2U3UXhic4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical NextJS CVE Found #cybersecurity #technews #hackernews #javascript
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=tEg3nsQA3qc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Valorant hackers and "undetected firmware"
When Riot Games curb stomps paycheat devs, God laughs.
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#valorant #riotgames #anticheat
vanguard anticheat
valorant anti-cheat
riot games
anticheat bypass
riot games gamerdoc
anti-cheat bypass
valorant cheats
valorant hacks
riot games anticheat
gamerdoc
https://www.youtube.com/watch?v=kan2KH7C__k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BREAKING: MAJOR CVEs for Ingress NGINX Controller #technews #hackernews #kubernetes
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=627pc-BI7WQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Taking A Huge Bet On Wiz - Threat Wire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
00:00 0 - Intro
00:11 1 - Critical NextJS CVE Found
01:29 2 - Wiz sold to Google
02:34 3 - MAJOR CVEs for Ingress NGINX Controller
05:07 4 - Popular Github Actions Compromised
06:14 5 - Outro
LINKS
🔗 Story 1: Critical NextJS CVE Found
https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
https://nextjs.org/blog/cve-2025-29927
https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=(next.js)+and+services.software.product%3D'Next.js'
🔗...
https://www.youtube.com/watch?v=fbUohX9St8Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
this MP3 file is malware
https://jh.live/vanta || Automate and prove your security compliance with Vanta! Get ,000 off with my link to cruise through compliance across SOC 2, ISO 27001, ISO 42001, NIST AI RMF, HIPAA, GDPR, and more! https://jh.live/vanta
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=25NvCdFSkA4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 0. Introduction
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=1AAZDkSZePs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 11 - Additional Resources and Personal Message
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=zVgV__cRhvo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 10 - Finding Hidden Wireless Networks with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=0EB5U8dcAVc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 9 - Spoofing your MAC Address with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=OtvSfjX6kGY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 8 - Cracking Hashes with Python and Hashlib
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=EA4JFh8hj9E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 7 - Discovering Subdomains with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=X9oyU7kUob8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 6 - Attacking Web Forms with requests and BeautifulSoup in Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=sYg3dyetcYA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 5 - The Scapy Module for Network Traffic Sniffing and Manipulation
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=M_5YKbsk4eY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 4 - The Socket Module for Network Communication - A TCP Server Client
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=bHDITf8TMmY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 3 - Grabbing Screenshots with Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=_O5msdxSwII
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 2 - Building a Basic Port Scanner using NMAP in Python
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=nlDjpswJmbc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters II - 1 - Gathering Information - Grabbing Banners, Hostname and IP Lookup
Part of the Python for Pentesters II course: https://www.youtube.com/playlist?list=PLonlF40eS6nyj9h8wwrOgf1yBGDB2CYT1
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=S9gYhZT2TFo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Can you hack a hub? #shorts #hub #switch #network #wireshark #ccna
#shorts #hub #switch #network #wireshark #ccna
https://www.youtube.com/watch?v=x8bRp488aL0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Apple vs Windows: Which is harder? | Guest Weldon Dodd
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast
Today on Cyber Work, we welcome Weldon Dodd, Senior Vice President of Global Partnerships at Kandji. Dodd discusses a recent report highlighting why Apple devices are perceived as more secure than Windows systems in the event of a global software outage. He dives into the technical and social reasons behind these security differences, explores the challenges in securing different platforms and offers career advice for aspiring cybersecurity professionals. Learn why a commitment to continuous learning and focus is essential, and get insights into the growing role of Apple in the enterprise environment. This episode...
https://www.youtube.com/watch?v=poN4U87rgo4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Simple URL Encoding Made me ,000 in Bounties
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=sW9SK0ZcHxU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
the CRITICAL 9.1 severity Next.js vulnerability
The researchers' writeup: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=dL1a0KcAW3Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WSL Setup (GPU WiFi Cracking, Wireshark, Remote Desktop and a lot more)
This is part 2 of the WSL series. Previous video here:
https://youtu.be/TvNAElBLB7M
Download PDF from here: https://davidbombal.wiki/wsl2
Udemy course: Coming soon :)
Learn how to install software for WiFi cracking using GPUs, installation of Wireshark and other GUI applications like Burpsuite. GUI setup using Kali Linux Kex and remote desktop. Lots of installation and setup information in this video.
// Hashcat videos //
Bruteforce WiFi WPA2 with GPU: https://youtu.be/b5zQ6xTQGfY
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
//...
https://www.youtube.com/watch?v=OmIa9Grnqcs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why You Need To Learn Assembly
🔥 Learn Assembly with Game Hacking Shenanigans: https://guidedhacking.com/forums/game-hacking-shenanigans/
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#gamehacking #reverseengineering #computerscience
x86 assembly language programming
machine code language
x64 assembly code
learn x86 assembly programming
https://www.youtube.com/watch?v=8muHNN9N1xc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn API Hacking!
Learn API Hacking Livestream with Katie Paxton-Fear (InsiderPhd) on March 21, 11am PT / 2pm ET
https://www.youtube.com/watch?v=bWIegXZ75cY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers Changed the Media (and the Media Changed Hackers)
Cyber extortion gangs routinely send journalists (often unsolicited) details about their hacks, victims, and leaked information, hoping that their exploits will make the news and damage victims' reputation. Journalists, in turn, are placed in a tricky situation, balancing the need to report accurate and true events with the ethics of empowering criminals. In today's mature hacker economy, some gangs have developed formal media and PR programs (such as the BlackMatter gang, which invited journalists to register on their platform in order to get early notification of data breaches, and direct access to "ask questions and get information from the primary source.")...
By:
Sherri Davidoff | CEO, LMG Security
Lorenzo Franceschi-Bicchierai | Senior Writer/Editor, Cybersecurity, TechCrunch
Robert...
https://www.youtube.com/watch?v=a5O4OrYhqWo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attacking Samsung Galaxy A* Boot Chain, and Beyond
During our previous research on Android File-Based encryption, we studied the boot chain of some Samsung devices based on Mediatek system on chips. Our objective was to exploit a known boot ROM vulnerability to bypass the secure boot and ultimately retrieve the required ingredients to brute force the user credentials. Once we became familiar with this boot chain, we decided to take a closer look at a component coming later in the process: the Little Kernel bootloader (LK, also called BL3-3)....
By: Maxime Rossi Bellom & Raphael Neveu
Additional Contributors: Damiano Melotti & Gabrielle Viala
Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#attacking-samsung-galaxy-a-boot-chain-and-beyond-38526
https://www.youtube.com/watch?v=qU9SzAo1G-s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Doxing to Doorstep: Exposing Privacy Intrusion Techniques used by Hackers for Extortion
Doxing, initially a practice for undermining hackers' online anonymity by "dropping docs", has evolved into a tool used for real-world extortion, employing violence-as-a-service tactics like "brickings", "firebombings" and "shootings". This escalation reflects a troubling trend where digital conflicts manifest physically and is facilitated by legal gray areas. The ambiguous stance on doxing in U.S. policy complicates accountability, making it a pressing concern for privacy and personal safety.....
By: Jacob Larsen | Offensive Security Team Lead, CyberCX
Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#from-doxing-to-doorstep-exposing-privacy-intrusion-techniques-used-by-hackers-for-extortion-39011
https://www.youtube.com/watch?v=sg3CpRQdBek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP Mobile Application Security (MAS) - Sven Schleier, Carlos Holguera
[This version has the sound fixed from Zoom]
In this talk, Carlos Holguera and Sven Schleier, the OWASP Mobile Application Security (MAS) Project Leaders, will take a hands-on look at some of the latest OWASP MAS developments, in particular the new MASWE (Mobile Application Security Weakness Enumeration). This talk will introduce the concepts of "weaknesses", "atomic tests" and "demos" that are the basis of the upcoming MASTG v2. Attendees will gain practical knowledge through detailed examples that show the journey from definition to implementation using both static and dynamic analysis techniques available in MASTG. In addition, discover the newly developed MAS test apps designed to streamline research and improve the development of robust MAS tests. Don't miss this opportunity to improve...
https://www.youtube.com/watch?v=Vgj5VqQaRho
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learning from Past Security Breaches: Strengthening AppSec Efforts and Focus - Jon McCoy
In today's rapidly evolving digital landscape, security breaches have become an inevitable reality for many organizations. This talk will provide valuable insights into the world of AppSec by examining both pre- and post-breach scenarios. We will delve into real-world examples of security incidents to identify what we wish we had done differently in terms of AppSec efforts prior to a breach.
This discussion will offer practical steps for achieving full remediation following a security incident. By understanding the importance of proactive measures and effective response strategies, attendees can learn how to bolster their AppSec practices to minimize potential damages and improve overall resilience against future attacks.
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=MUnuPCVqQLI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP: The Next 25 years - Andrew van der Stock
Although still a little way away, in September 2026 OWASP will turn 25 years old. What have we achieved since our inception, and what could (and should) we do in the next 25 years? Andrew will give his perspective on OWASP's collective successes, what has worked, our challenges, and what still remains to be done.
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=08pDBStr1yU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Under the Hood: Unmasking Hidden Threats - Dr. Nitish M. Uplavikar
Much like cars, AI technologies must undergo rigorous testing to ensure their safety and reliability. However, just as a 16-wheel truck's brakes are different from that of a standard hatchback, AI models too may need distinct analyses based on their risk, size, application domain, and other factors. Prior research has attempted to do this, by identifying areas of concern for AI/ML applications and tools needed to simulate the effect of adversarial actors. However, currently, a variety of frameworks exist which poses challenges due to inconsistent terminology, focus, complexity, and interoperability issues, hindering effective threat discovery. In this talk, we discuss initial findings from our meta-analysis of 14 AI threat modeling frameworks, providing a streamlined set of questions for...
https://www.youtube.com/watch?v=gdM9hdtj2oc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Practical Software Supply Chain Security Solutions - Robert Marion
The frequency of Software Supply Chain attacks has been increasing over the last several years. This is, in part, due to the fact that the term “Software Supply Chain Attack” actually refers to a set of attacks that include: Repo Jacking, Repo Poisoning, Typo Squatting, and Dependency Confusion. Threat actors, such as Nation states, select high value targets that can be extremely disruptive. They weaponize the software supply chain against their enemies (real or perceived) to wreak physical infrastructure damage or engage in commercial and governmental espionage. Attackers who are motivated by money have been able to demand huge ransoms, which would have been impractical in the past but have been made easy by cryptocurrencies. Frequently, they seek soft targets. Hospitals, municipalities...
https://www.youtube.com/watch?v=GHJWTLJmf6I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux for Windows?
It's now really easy to use Kali Linux, Ubuntu and other distributions on Windows! Hashcat, Burpsuite and other tools are supported. GUI apps are supported - Wireshark, Firefox, Burp etc.
Next video in the series here: https://youtu.be/OmIa9Grnqcs
Download PDF from here: https://davidbombal.wiki/wsl2
// Hashcat videos //
Bruteforce WiFi WPA2 with GPU: https://youtu.be/b5zQ6xTQGfY
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS...
https://www.youtube.com/watch?v=TvNAElBLB7M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatic application hardening by leveraging container runtime behavior analysis - Amit Schendel
Automatic application hardening by leveraging container runtime behavior analysis during CI processes
In this presentation, we will explore an innovative approach to improve the security of containerized applications using behavior analysis during continuous integration testing and generating native policies based on behavior. By leveraging behavioral analysis, we can replace tedious manual policy definitions which take long to define and can break easily. We will also discuss the importance of native policies, which allow us to enforce security policies directly within container orchestration tools like Kubernetes without relying on third-party tools.
We will focus on policies like seccomp profiles, network policies, AppArmor, and security context. We will cover hands-on practices for...
https://www.youtube.com/watch?v=aSDLQ7j_cq4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Container Escape Room: An Exploration of Container Escapes - Amit Schendel
In this presentation, we will explore an innovative approach to improve the security of containerized applications using behavior analysis during continuous integration testing and generating native policies based on behavior. By leveraging behavioral analysis, we can replace tedious manual policy definitions which take long to define and can break easily. We will also discuss the importance of native policies, which allow us to enforce security policies directly within container orchestration tools like Kubernetes without relying on third-party tools.
We will focus on policies like seccomp profiles, network policies, AppArmor, and security context. We will cover hands-on practices for implementing this approach, including how to do behavioral analysis using eBPF-based tools, how to integrate...
https://www.youtube.com/watch?v=2jBCYFFRH78
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Missing Link - How we collect and leverage SBOMs - Cassie Crossley
There is some debate as to how SBOMs can enhance vulnerability management practices, and some believe that collecting SBOMs from internal teams or suppliers is too difficult and time-consuming. Learn how one company has collected thousands of our product SBOMs and how we are leveraging the SBOMs as part of our corporate product CERT to quickly analyze and focus our attention when time is of importance. This presentation describes how we modified our policies and processes to collect, generate, and store thousands of SBOMs. You will hear how we have leveraged SBOMs during the Log4j and OpenSSL vulnerability events. Then we will conclude with key learnings, suggestions, and opportunities for improvement.
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=LpvagarUt5g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Self-Discovering API Key Permissions and Resources - Joseph Leon, Dylan Ayrey
You're a security analyst triaging a list of exposed credentials - how do you prioritize which key to rotate first? How do you even know what resources the key can access? Most SaaS providers make it difficult to enumerate the access granted to a particular credential without logging into their UI.
In this talk, we're releasing a new method (self-discovery) for enumerating the permissions and resources associated with API keys and other secrets, without requiring access to the provider's UI. We'll walk through the meticulous steps required to accurately assess different SaaS providers' permission and scopes, as well as share the logic behind how to validate key permissions, including string analysis, HTTP request brute forcing and more.
Finally, we'll demo a new open-source tool that automates...
https://www.youtube.com/watch?v=ZXkm36XIrjI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Code Generation - Benefits, Risks and Mitigation Controls - Aruneesh Salhotra
The potential benefits are substantial as organizations increasingly adopt AI-driven code-generation tools to enhance productivity and streamline development workflows. Code generation offers transformative advantages, from accelerating development cycles to minimizing manual errors.
However, this technological advancement introduces a range of risks that, if not adequately understood and managed, could pose significant challenges. Key risks include security vulnerabilities, code quality issues, potential copyright infringement, data breaches, and the possibility of reverse engineering models. Additional concerns involve bias introduction, poisoning attacks, inefficient code generation, hallucinated dependencies, and an over-reliance on AI tools, potentially leading to increased technical...
https://www.youtube.com/watch?v=RYLyXu9eMH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Steps to VEX Success: Managing the End-to-End Workflow - Cortez Frazier Jr.
If you work in vulnerability management, you're probably familiar with the painful condition known as CVE overload. Each year, tens of thousands of new vulnerabilities are reported, and these potential risks overwhelm security teams tasked with confirming risks and remediating them.
A proposed solution is VEX (Vulnerability Exploitability eXchange): a set of formats that communicates vulnerability impact status, whether a vulnerability is exploitable in its deployed context, and mitigation steps. In theory, VEX (when used alongside other prioritization inputs) makes it possible for downstream security teams to remediate more efficiently. But as with most security frameworks, efficacy depends on proper implementation.
This talk will cover five steps to leveraging VEX throughout the...
https://www.youtube.com/watch?v=pIZWMxxw02A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maturing Your Application Security Program with ASVS-Driven Development - Aram Hovsepyan
Application security requires a systematic and holistic approach. However, organizations typically struggle in creating an effective application security (AppSec) program. They often end up in the rabbit hole of fixing security tool-generated vulnerabilities. We believe that leveraging ASVS as a security requirements framework as well as a guide to unit and integration testing is amongst the highest added value security practices. By turning security requirements into “just requirements” organizations can enable a common language shared by all stakeholders involved in the SDLC.
In this talk, we would like to present the case of ASVS-driven development. Firstly, we have analyzed the completed ASVS to determine how much of it could be transformed into security test cases. Our analysis indicates...
https://www.youtube.com/watch?v=QvJaam-N-Po
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Escaping Vulnerability Hell: Bridging the Gap Between Developers and Security Teams - Ahmad Sadeddin
Fixing web application security vulnerabilities is critical but often frustrating, leading to what we call "Vulnerability Hell." This talk covers the main challenges of false positives and difficult fixes, their impact on developers and security teams, and practical solutions involving AI, penetration testing, and application-level attacks. Discover how better tools, automated suggestions, integrated workflows, and improved collaboration can help.
-
Managed by the OWASP® Foundation
https://owasp.org/
https://www.youtube.com/watch?v=Pwogm9DHeig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slack's Vulnerability Aggregator: manage vulnerabilities at scale - Atul Gaikwad, Nicholas Lin
Slack's Vulnerability Aggregator: How we built a platform to manage vulnerabilities at scale
Managing vulnerabilities effectively in a diverse tooling environment posed significant challenges for Slack's Security team. Historically, disparate tools generated varied scan results, severity assessments, and reporting formats, complicating triage and remediation processes. This fragmented approach led to inefficiencies, coverage gaps, and increased workload for security engineers and developers.
To address these challenges, we developed a comprehensive vulnerability aggregation platform. This platform centralizes all tooling findings, standardizes processing methodologies, and streamlines reporting across Slack's ecosystem. We hope you can apply the insights from our presentation to simplify...
https://www.youtube.com/watch?v=0eXk3y7Gt48
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Millions Of Public Certificates Are Reusing Old Private Keys - Dylan Ayrey, Joseph Leon
TLS Certificates are re-using private keys by the millions. We'll demonstrate that key re-use in TLS certificates is systemic and undermines one of the foundational protections offered in modern web security
We looked at 7 billion certs logged in Certificate Transparency and found millions of certs re-using private keys. We identified orgs like Verizon that re-used the same key for 10 years, despite revoking it in the first year! We found cases of organizations continuing to re-use the same private key to issue new certs, despite having had that key compromised. Picture a short lived cert that only lasts 90 days, but the same key is re-used on all future certs for a decade
We also analyzed SSH key re-use for authentication to GitHub. We looked at 58 million GitHub user's keys and found...
https://www.youtube.com/watch?v=gyytL_RmihE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ai is new. We're all back to being learners. #cybersecurity #AISecurity #AISummit @SANSInstitute
https://www.youtube.com/watch?v=JtnatdNly44
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Cyber HUMINT? | SANS CTI Summit 2025
Eliska Puckova breaks down the definition and use of Cyber HUMINT in this SANS CTI Summit talk.
Presentation:
Leveraging Classic HUMINT Tactics in CTI Investigations
Speakers:
Eliska Puckova, Cyber Threat Intelligence Specialist, Ubisoft
Julien Mascaro, Security & Forensic Investigator, Ubisoft
View Eliska and Julien's full Summit talk: https://www.youtube.com/watch?v=o1TTO5d1DXQ&list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y&index=7
Explore the CTI Summit 2025 Playlist: https://www.youtube.com/playlist?list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y
View Upcoming SANS Summits: https://www.sans.org/u/1AAq
#shorts #CyberHUMINT #ThreatIntelligence #CTISummit
https://www.youtube.com/watch?v=G0dlEZsG1Gk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Building Autonomy Can Improve Mental Health & Well-Being | SANS CTI Summit 2025
Cybersecurity Burnout: How Building Autonomy Can Improve Mental Health & Well-Being | SANS CTI Summit 2025
Daniel Shore walks us through Ways to build autonomy as a way of combating the adversaries of stress and burnout in cybersecurity at SANS CTI Summit.
Keynote
Your Mental Health & Well-Being: Combating the Adversaries of Stress & Burnout in Cybersecurity
Speaker:
Daniel Shore, Co-Founder, Multiteam Solutions
View Daniel's Full Summit Keynote: https://www.youtube.com/watch?v=gMDeX8eOoUg&list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y&index=5
Explore the CTI Summit 2025 Playlist: https://www.youtube.com/playlist?list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y
View Upcoming SANS Summits: https://www.sans.org/u/1AAq
#Shorts #CybersecurityBurnout #MentalHealthInTech #CTISummit
https://www.youtube.com/watch?v=HnG8AUcHPxo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quishing: How Threat Actors Use QR Codes to Evade Security Controls | SANS CTI Summit 2025
During Arda Büyükkaya's SANS CTI Summit 2025 talk, he demonstrated how a threat actor used QR codes to bypass corporate security.
Presentation:
ONNX Store: The Rise and Fall of a Phishing-as-a-Service Platform Targeting Financial Institutions
Speaker: Arda Büyükkaya, Senior Cyber Threat Intelligence Analyst, EclecticIQ
View Arda's full Summit talk: https://www.youtube.com/watch?v=F4d1MMs1L1A&list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y&index=20
Explore the CTI Summit 2025 Playlist: https://www.youtube.com/playlist?list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y
View Upcoming SANS Summits: https://www.sans.org/u/1AAq
#Shorts #Quishing #CyberThreatIntel #QRCodePhishing #CTISummit
https://www.youtube.com/watch?v=HaT9V11SbYg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SANS Threat Analysis Rundown with Katie Nickels | March 2025
This month, Katie will be joined by Zack Allen, Senior Director of Security Detection & Research at Datadog. Zack leads Datadog's Security Research team and publishes the Detection Engineering Weekly newsletter, where he helps readers interpret the latest detection reporting. Zack will share his perspectives on cloud security and threat detection as he and Katie review the latest cyber threat news.
https://www.youtube.com/watch?v=MPfrtt6gxfo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Main Stage: Understanding and Reducing Supply Chain and Software Vulnerability Risks
In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation.
By:
Danny Jenkins | CEO & Co-Founder, ThreatLocker
Full Abstract Available:
https://www.blackhat.com/us-24/briefings/schedule/#main-stage-understanding-and-reducing-supply-chain-and-software-vulnerability-risks-42104
https://www.youtube.com/watch?v=js3SiZd5XNk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Turn Your Cybersecurity to Cyberstrength with HackerOne
This new era of cybersecurity combines AI and Human Intelligence for faster, smarter, and more adaptive protection.
Ready to move beyond traditional security and into cyberstrength? Visit https://bit.ly/4kMXE5a to learn more.
https://www.youtube.com/watch?v=f7M8WO6Nz8o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
18 - API Security (low/med/high) - Damn Vulnerable Web Application (DVWA)
18 - API Testing (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
Start - 0:00
Low - 0:38
Med - 3:59
High - 7:07
Impossible - 13:19
End - 13:35
https://www.youtube.com/watch?v=c_6RaCekH40
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Europe Hates Encryption - ThreatWire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
00:00 0 - Intro
00:10 1 - FTC Cracks Down on Popups
01:42 2 - Apple Quietly Patches CVE
02:53 3 - New Canadian Cybersecurity Certification
04:46 4 - France Kills Encryption Backdoor Law
06:03 5 - Outro
LINKS
🔗 Story 1: FTC Cracks Down on Popups
https://www.bleepingcomputer.com/news/security/ftc-will-send-255-million-to-victims-of-tech-support-scams/
https://www.ftc.gov/news-events/news/press-releases/2024/03/tech-support-firms-will-pay-26-million-settle-ftc-charges-they-deceived-consumers-buying-repair
https://www.ftc.gov/news-events/news/press-releases/2025/03/ftc-sends-more-255-million-consumers-impacted-tech-support-firms-scam
🔗...
https://www.youtube.com/watch?v=7DKTbOZNZJ8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantifying the Financial Impact of Cybersecurity with Return on Mitigation (RoM)
Join HackerOne for an insightful session introducing return on mitigation (RoM)—a novel framework that redefines cybersecurity's role in protecting profits and reducing risk. With RoM, you'll learn to quantify the financial impact of mitigated breaches and position cybersecurity as a strategic business enabler.
In this session, you'll discover how to:
-Use the RoM calculator, built on widely accepted industry benchmarks like IBM's Cost of a Data Breach Report
-Automate RoM calculations and generate real-time summaries tailored to your organization's business and risk profile—by using Hai Play, part of the -HackerOne Platform's AI copilot
-Make data-driven business cases to your board and executive team, showing why offensive security programs as essential to operational continuity,...
https://www.youtube.com/watch?v=CbiiKnQXGyY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Main Stage: Solving the Cyber Hard Problems: A View into Problem Solving from the White House
Cybersecurity is full of hard problems. The White House National Cyber Director's Office was built to take on the hard, long-term challenges in order to seize the initiative from those who consider harming our nation. In his first appearance at Black Hat, National Cyber Director Harry Coker, Jr. will dive into the challenges his office is tackling to protect the nation's digital infrastructure as well as how extreme coordination in the Federal Government and partners across the public and private sector are setting the course to improve the security of our digital ecosystem.
By:
Harry Coker | National Cyber Director, Executive Office of the President
Steven Kelly | Chief Trust Officer, Institute for Security and Technology
Full Abstract Available:
https://www.blackhat.com/us-24/briefings/schedule/#main-stage-solving-the-cyber-hard-problems-a-view-into-problem-solving-from-the-white-house-42239...
https://www.youtube.com/watch?v=U03KN2fc904
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Main Stage: From the Office of the CISO: Smarter, Faster, Stronger Security in the Age of AI
The Microsoft Office of the CISO drives the decisions and changes that shape the security posture of one of the largest software companies in the world. Security leadership continues to make enormous investments in threat intelligence, research and development, and AI. Microsoft is mining insights from its global-scale threat intelligence to make smarter security choices and is pioneering and deploying innovative security strategies and solutions to turn the tables on adversaries. Join Ann Johnson, Deputy CISO, and Sherrod DeGrippo, Director of Threat Intelligence Strategy, for a discussion about protecting and defending an organization, how threat intelligence shapes security strategy, and how AI is transforming what we know about security today.
By:
Ann Johnson | Corporate Vice President...
https://www.youtube.com/watch?v=bBf8F167DZM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keynote: Democracy's Biggest Year: The Fight for Secure Elections Around the World
2024 is the year for global democracy. The year when a record-breaking number of countries held national elections; when more than two billion voters cast ballots to shape the future of their nation and the world. In the foreground of this monumental moment, emerging technologies and heightened global tensions confront the resilience of even the world's longest standing democracies. This session will unpack how key international leaders are approaching election security risks to the democratic processes - such as cyber threats, foreign malign influence, and the role of generative AI - and ensure that 2024 is no anomaly, but an inflection point. Join CISA Director Jen Easterly, NCSC CEO Felicity Oswald, and ENISA COO Hans de Vries as they discuss the challenges of protecting democracy.
By:
Jen...
https://www.youtube.com/watch?v=vJxxzWgqlCQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New French law puts encryption at risk #hackernews #cybersecuritynews #technews
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=rGI4XAoMZqs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ms teams is now a C2 (command-and-control)
https://jh.live/plextrac-318 || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform: https://jh.live/plextrac-318 😎
https://github.com/cxnturi0n/convoC2/
https://posts.inthecyber.com/leveraging-microsoft-teams-for-initial-access-42beb07f12c4
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=FqZIm6vP7XM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Real-World Network Threat Hunting & Incident Response with SANS FOR572
Real-World Network Threat Hunting & Incident Response with SANS FOR572
Network forensics is key to uncovering cyber threats, but how do you analyze billions of records efficiently? SANS FOR572: Advanced Network Forensics & Threat Hunting teaches you how to investigate large-scale network intrusions using real-world casework, hands-on scenarios, and powerful tools like SOF-ELK. This course eliminates the steep learning curve of setting up data analysis tools, allowing you to focus on finding and responding to threats fast.
➡️ Learn more about FOR572: https://www.sans.org/u/1AcX
#SANSTraining #ThreatHunting #IncidentResponse #FOR572
https://www.youtube.com/watch?v=RafN1ZSHup0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Windows to Linux: Master Incident Response with SANS FOR577
From Windows to Linux: Master Incident Response with SANS FOR577
Linux is everywhere, but are you prepared to investigate security incidents on it? FOR577: Linux Incident Response & Threat Hunting is the only dedicated course focused on rapidly detecting and analyzing cyber threats on Linux systems. Whether you're new to Linux or an experienced responder with a Windows background, this course bridges the gap, teaching you how to identify and track threat actor behavior under time pressure. If you're serious about Linux forensics, IR, and cyber defense, FOR577 is a must!
➡️ Learn more about FOR577: https://www.sans.org/u/1Ad2
#SANSTraining #IncidentResponse #Linux #FOR577
https://www.youtube.com/watch?v=PzAvD8ikUfM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigate & Mitigate Large-Scale Cyber Threats with SANS FOR608
FOR608: Enterprise-Class Incident Response & Threat Hunting™️ is designed for cybersecurity professionals handling large-scale intrusions in enterprise environments. This advanced course teaches you how to lead IR engagements, manage enterprise-wide investigations, and analyze complex threats. Plus, FOR608 now comes with the GAC Enterprise Incident Response (GEIR) certification, offering a real-world, hands-on test of your skills.
➡️ Learn more about FOR608: https://www.sans.org/u/1AAF
#SANSTraining #IncidentResponse #ThreatHunting #DFOR608
https://www.youtube.com/watch?v=vkJ2WnoSU40
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigate Faster: From Data Collection to Actionable Intelligence with SANS FOR498
Investigate Faster: From Data Collection to Actionable Intelligence with SANS FOR498
Need to quickly acquire and analyze digital evidence? FOR498: Digital Acquisition and Rapid Triage™️ is designed to equip investigators with the modern tools and techniques needed to collect and analyze data from mobile devices, cloud environments, laptops, desktops, and more. This course teaches you how to prioritize leads and extract actionable intelligence within 90 minutes or less—a crucial skill for incident response and forensic investigations. FOR498 builds a strong foundation in digital forensics so you can confidently handle real-world cases.
➡️ Learn more about FOR498: https://www.sans.org/u/1AAA
#SANSTraining #DigitalForensics #FOR498
https://www.youtube.com/watch?v=8dDERakU-40
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Master Cloud Forensics & Incident Response with SANS FOR509
Master Cloud Forensics & Incident Response with SANS FOR509
Ready to become an expert in cloud forensics and incident response? In this video, SANS Certified Instructor and course author, David Cowen, walks you through how FOR509: Enterprise Cloud Forensics and Incident Response™️ prepares students to investigate security incidents across AWS, Azure, Google Cloud, Kubernetes, Microsoft 365, and Google Workspace. Learn how to analyze logs, track threats, and conduct real-world forensic investigations using multi-cloud and multi-tenant datasets. Whether you're new to DFIR and Cloud Security or a seasoned pro, FOR509 will take your cloud forensics skills to the next level and help you stay ahead of today's threats.
➡️ Learn more about FOR509: https://www.sans.org/u/1AAv
#SANSTraining...
https://www.youtube.com/watch?v=E1tNkp89ZrY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Head? #shorts #linux #kalilinux #ubuntu #android
#shorts #linux #kalilinux #ubuntu #android
https://www.youtube.com/watch?v=R2FJDQnBxY4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using ChatGPT for Offensive Security | Guest Robert Morrell
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast
In this episode of Cyber Work Hacks, host Chris Sienko welcomes Infosec Skills Instructor Robert Morrell to discuss his learning path, "ChatGPT for Offensive Security." Morrell outlines the seven-course path, including five courses of learning and two interactive labs, focused on using ChatGPT in various offensive security tasks. The discussion includes crafting cross-site scripting attacks, generating phishing campaigns and engineering prompts for optimal results. Morrell also provides insight on effectively using ChatGPT to write detailed bug reports and demonstrate AI security skills to potential employers....
https://www.youtube.com/watch?v=0jBqCkrntcs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating the Complex Challenges of Setting Up Efficient and Robust OT SOC Capabilities
In today's rapidly evolving industrial landscape, Operational Technology (OT) environments are increasingly targeted by cyber threats. As a result, the need for robust and efficient OT Security Operations Centers (SOC) has never been more critical.
Unique constraints of OT environments, emphasizing the importance of near real-time threat detection, incident response, and the seamless integration of OT SOCs with existing IT SOCs. How to address key topics such as regulatory compliance, workforce training, and the adoption of advanced technologies like AI and machine learning. The influence those technologies have on building future-proof, OT focused SOC framework.
How to establish a successful OT SOC? How to put the right governance structure in place so that IT and OT could successfully...
https://www.youtube.com/watch?v=mWgMtkhz39E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM?
While there have been several studies on inserting malicious code into UEFI OROM (Option ROM), none of them have focused solely on UEFI OROM itself; instead, OROM has been used for auxiliary purposes such as ensuring persistence or as a temporary buffer for lateral movement. Therefore, there is a lack of clarification on what actions a backdoor in UEFI OROM could perform and its potential benefits.
This presentation aims to organize the benefits and infection scenarios of placing a backdoor in UEFI OROM. It will delve deeply into the stealthiness and potency of OROM backdoors, followed by demonstrations of three novel PoC OROM backdoors targeting Windows. This PoC utilizes multiple novel evasion techniques, including communication with a C2 server during boot, execution of malicious code...
https://www.youtube.com/watch?v=_S6EymfaBqQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Will We Survive the Transitive Vulnerability Locusts?
Transitive vulnerabilities are the most hated type of security issue by developers, and for a good reason: transitive dependencies are the most common source of vulnerabilities in software projects. However, yet still, only a tiny number of them are exploitable.
This talk will present our research findings on quantifying the risk of known vulnerabilities in modern software applications and the prevalence of exploitable transitive dependencies in real-world applications. While each vulnerability may have a slight chance of exploitation, the sheer number of transitive dependencies amplifies the risk significantly. This data underscores the importance of our discussion and the need for effective strategies to mitigate these risks in your software projects.
We will present a PoC exploit for...
https://www.youtube.com/watch?v=DVlFHen9hh0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Lies Beneath the Surface? Evaluating LLMs for Offensive Cyber Capabilities
What Lies Beneath the Surface? Evaluating LLMs for Offensive Cyber Capabilities through Prompting, Simulation & Emulation
Large Language Models (LLMs) show remarkable aptitude for analyzing code and employing software, leading to concerns about potential misuse in enabling autonomous or AI-assisted offensive cyber operations (OCO). Current LLM risk assessments present a false sense of security by primarily testing models' responses to open-ended hacking challenges in isolated exploit/action scenarios, a bar which today's off-the-shelf LLMs largely fail to meet. This fails to quantify graduated risks that LLMs may be capable of being adapted or guided by a malicious adversary to enable specific preferred tactics and techniques. In effect, this has left cyber defenders without a confident answer...
https://www.youtube.com/watch?v=p9T4gWds54o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub used as middleman for cybercrime #hackernews #cybersecuritynews #news
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=nbc6_a9IwjE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This is How a Simple IDOR Earned Me a Max Bug Bounty Payout
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=Cw-hlmW89kA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I took the TryHackMe Security Analyst Level 1 Certification (SAL1)
https://jh.live/tryhackme-sal1 || Launch your cybersecurity career with TryHackMe and the defensive certification that gets you hired (code 10SAL1 gets 10% off for the first 100 people): https://jh.live/tryhackme-sal1
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
Learn Coding: https://jh.live/codecrafters
Host your own VPN: https://jh.live/openvpn
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN THE NEWSLETTER ➡ https://jh.live/newsletter
🙏SUPPORT THE CHANNEL...
https://www.youtube.com/watch?v=AIPbFFJgD4o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Company sold zero days to the police #cybersecuritynews #hackernews #technews
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=lEmVhPwFd2Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Want to break into Cybersecurity? This is where the most jobs are at!
Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal
// GIVE AWAY//
Gerald is giving away 10 seats in the Simply Cyber Academy GRC Analyst Master Class (Value: 9) to 10 lucky David Bombal viewers. To enter the giveaway go here: https://gleam.io/VVK24/simply-cyber-grc-course-10-winners
// DISCOUNT //
To get 10% discount on Simply Cyber Academy GRC Analyst Master Class go here: https://simplycyber.io/grc use the following discount code BOMBAL10
// Gerald Auger's SOCIAL //
YouTube: https://www.youtube.com/@SimplyCyber/streams
Website: https://www.simplycyber.io
X: https://x.com/gerald_auger
LinkedIn: https://www.linkedin.com/in/geraldauger/
Discord:...
https://www.youtube.com/watch?v=yjap5P0z_DA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Use Your Spell Against You: Threat Prevention of Smart Contract Exploit By Reusing Opcode Trace
With the increasing number of attacks on decentralized finance (DeFi) protocols, the losses caused by DeFi attacks have become a significant concern. To protect the security of DeFi protocols, contract code audits have gained attention in the industry. However, hundreds of cases still exist where these audited projects are attacked. Since traditional code-centric approaches are not enough to fully address these threats, we argue that proactive threat prevention is needed to block attacks and recover losses when an attack occurs.
Our method takes advantage of the time difference between the attack transaction broadcasting and confirming. Specifically, we can automatically reconstruct the attack contract and broadcast a block transaction to front-run the attack transaction. The reconstructed...
https://www.youtube.com/watch?v=Gqxc9zf0OZY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC
The security architecture of modern operating systems is intricate and layered. To effectively challenge these defenses, attackers must extensively audit the security policies of the operating system across various dimensions. In July 2023, the speaker redirected their focus from Android and IoT vulnerabilities to those within macOS. This transition was motivated by an intent to adapt methodologies typically employed by Android security researchers for use in macOS environments, which subsequently led to the identification of numerous vulnerabilities.
In this presentation, the speaker will introduce a generic method for escaping macOS application sandboxes.
Additionally, the speaker will discuss a permission granting mechanism on macOS
Moreover, macOS 14.0 introduced new TCC protections,...
https://www.youtube.com/watch?v=v1wIPaJT7x8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CYBERSECURITY PSA FOR YOUTUBE CREATORS #cybersecuritycourses #cybersecuritynews #technews #creator
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=zCZaUDc6Qjs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Hacking Demo (includes password cracking)
Thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal
// Alex Benton's SOCIAL //
LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
//...
https://www.youtube.com/watch?v=bBut8D7usKA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
when the anticheat ships without virtualization....
🔥 Reverse Engineer Kernel Anti-Cheat Here: https://guidedhacking.com/forums/anticheat-bypass-antidebug-tutorials.46/
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#anticheat #anticheats #gamehacking
kernel anticheat
Bypass Kernel Anti-Cheat
game hacking
Kernel Anti-Cheat Bypass
vanguard anti-cheat
anticheat bypass
https://www.youtube.com/watch?v=hD4wjLgIVfg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Red Hat elevated to CNA of Last Resort #cybersecuritynews #hackernews #technews
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=kvFuJ5q-I8A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
they tried to hack me so i confronted them
https://jh.live/keeper-pam || Keeper PAM offers a privileged access management solution for enterprise grade protection all in one unified platform -- keep your users, data, and environment secure with Keeper! https://jh.live/keeper-pam
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=CFjATtMAm8A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Intelligence-Driven Hunting? | SANS CTI Summit 2025 | Highlight
What is Intelligence-Driven Hunting? | SANS CTI Summit 2025 | Highlight
Lior Rochberger walks us through the definition and use of Intelligence-Driven Hunting in this SANS CTI Summit talk.
Presentation:
Advanced Threat Research Methodologies: Unraveling a Triple-APT Intrusion
Tom Fakterman Threat Researcher, @paloaltonetworks
Lior RochbergerSenior Threat Researcher, @paloaltonetworks
Speakers:
Lior Rochberger Senior Threat Researcher, Palo Alto Networks
Tom Fakterman Threat Researcher, Palo Alto Networks
View Lior and Tom's full Summit talk: https://www.youtube.com/watch?v=xUo4ugx0wKQ&list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y&index=14
Explore the CTI Summit 2025 Playlist: https://www.youtube.com/playlist?list=PLfouvuAjspTpaiK-BhSS7MPyYhZRDHj2Y
View Upcoming SANS Summits:...
https://www.youtube.com/watch?v=TdlC3Tm0wd8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
France Asks for Encryption Backdoor - Threatwire
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? endingwithalicollabs@gmail.com
[❗] Join the Patreon→ https://patreon.com/threatwire
00:00 0 - Intro
00:14 1 - YouTube PSA
01:28 2 - chmod 777 Red Hat
02:26 3 - Good Guys Go Bad
03:50 4 - GitHub as a Malware Middleman
05:11 5 - French Law To Demand Unencrypted Data
06:49 6 - Outro
LINKS
🔗 Story 1: YouTube PSA
https://www.cysecurity.news/2025/03/youtube-alerts-creators-about-ai.html
https://support.google.com/youtube/thread/328763988/phishing-campaign-using-private-video-sharing
🔗 Story 2: chmod 777 Red Hat
https://www.redhat.com/en/blog/red-hat-now-cve-numbering-authority-last-resort-cve-program
https://www.cve.org/ResourcesSupport/Glossary
🔗...
https://www.youtube.com/watch?v=B3dGSr9txDU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LEAKED Russian Hackers Internal Chats
https://jh.live/flare || Track data on dark web, hunt adversaries across the cybercrime ecosystem, and manage threat intelligence for your exposed attack surface with Flare! Start a free trial and see what info is out there: https://jh.live/flare
https://www.cybercrimediaries.com/post/black-basta-chat-leak-organization-and-infrastructures
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10...
https://www.youtube.com/watch?v=cH7BYWbtsfI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Read like a lawyer, think like a manager #cisspexam #cissptraining
In this video from the free Infosec CISSP exam prep course, instructor Steve Allen explains the concept of thinking like a manager and its implications for passing the CISSP exam. He illustrates the point with an example question about SAML.
https://www.youtube.com/watch?v=VyDFDmS3YQk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CompTIA Network+ training: What to expect in a boot camp | Instructor Tommy Gober
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast
In this episode of Cyber Work Hacks, Infosec Boot Camp Instructor Tommy Gober walks us through what his Network+ training course is like. He talks about the supportive learning environment and explains how the boot camp is designed for those new to the field. He covers the structure of the five-day program, touching on topics like the OSI model, binary number systems, networking hardware and more. He also shares his insights on the benefits of boot camp learning versus self-study or traditional schooling — and offers tips for taking the Network+ exam.
0:00 Introduction
1:19 Free cybersecurity salary guide
2:54...
https://www.youtube.com/watch?v=Psv94L54imY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shut it down! #shorts #windows #microsoft
#shorts #windows #windows11 #admin #powershell
https://www.youtube.com/watch?v=eFGNIEaC2tw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Ethical Hackers ACTUALLY Use ChatGPT With Real Examples
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
Tired of wasting hours on automation scripts or getting nothing but garbage outputs from AI? In this video, I'm breaking down exactly how ethical hackers can use AI the right way—to bypass frustrating prompt rejections, generate useful payloads, and streamline security workflows.
I'll be sharing my best AI prompts for penetration testing, API recon, and bypassing security filters—plus, I'll show you how to structure your prompts to avoid AI roadblocks while getting accurate, actionable results.
✅ What You'll Learn:
🔹 The...
https://www.youtube.com/watch?v=0lq-CokNjSI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Left school at 15 ... hacks and creates $$$ Billion dollar Cybersecurity company
Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal
// Danny Jenkin's SOCIAL //
X: https://x.com/threatlocker
LinkedIn: https://www.linkedin.com/in/dannyjenkinscyber/
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out...
https://www.youtube.com/watch?v=CjDYDJhzPFQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MSPGEEKCON is back for 2025
Join the party at MSPGEEKCON 2025: https://mspgeekcon.com/
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
Learn Coding: https://jh.live/codecrafters
Host your own VPN: https://jh.live/openvpn
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN THE NEWSLETTER ➡ https://jh.live/newsletter
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ALONG ➡ https://jh.live/twitter ↔ https://jh.live/linkedin...
https://www.youtube.com/watch?v=s46i-WsydbQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mozilla Changes Wording - Firefox is on Fire #privacy #cybersecurity #technews #hackernews
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=DFp0NTVN1YI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PINCE = Cheat Engine For LINUX?
🔥 PINCE Is Not Cheat Engine.... or is it?
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#gamehacking #cheatengine #imgui
cheat engine linux
linux cheat engine
cheat engine tutorial
https://www.youtube.com/watch?v=biVusUndFj8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Pleads Guilty To Selling Government Secrets #technews #cybersecurity #news #hacking
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=kuahPWJ_Gco
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TECH SUPPORT GONE WRONG
Tib3rius' Channel: @Tib3rius https://www.youtube.com/tib3rius
0xTib3rius Twitter/X: https://x.com/0xTib3rius
Thread: https://x.com/0xTib3rius/status/1896333858943193358
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=93u0ae-7Wkw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Level Up Your OSINT Skills!
Livestream with Mishaal Khan on March 7th, 2025
https://www.youtube.com/watch?v=avNmw4Kr2yk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
コードから侵害まで:GCP Cloud Functions における脅威の分析
この講演では、GCP Cloud Functionsの複雑さを掘り下げ、攻撃者がCloud Functionsを悪用する方法を明らかにします。攻撃者がどのようにCloud Functionsを悪用するのか、一般的な悪用パターンと実例に焦点を当ててご紹介します。
#SANSAPACDFIRSummit #DFIR #APAC
https://www.youtube.com/watch?v=B-jfo0vgDXY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
高度なサイバー犯罪の台頭と増加:インシデントレスポンス編
このプレゼンテーションを通じて、大規模な組織に壊滅的な打撃を与えた実際の攻撃から得られた知見をもとにし、効果的なインシデント対応を行う方法についてお話しします。
#SANSAPACDFIRSummit #DFIR #APAC
https://www.youtube.com/watch?v=rpYRgMuJ1SA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scarred ManticoreによるAPTへのインシデントレスポンス
このプレゼンテーションではLIONTAILについての分析を共有します。LIONTAILとは、Scarred ManticoreがWindowsのHTTPドライバの非公開機能を悪用し、メモリ常駐型のペイロードをロードするために使っている革新的なマルウェアフレームワークです。このような脅威に対応するための特徴的な対策技術を共有し、Windows Server HTTPメカニズムに焦点を当てながら、インシデントレスポンス活動中に侵害されたネットワークにおける攻撃活動を監視、分析、追跡するために取られた対策について説明します。
#SANSAPACDFIRSummit #DFIR #APAC
https://www.youtube.com/watch?v=D6m_BFiTIgw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
サプライチェーンの最前線を切り開く
このプレゼンテーションでは、サプライチェーン攻撃が行われた事例を紹介します。攻撃者はダークウェブからVPNの認証情報を入手し、小規模企業の環境を経由して大企業のファイルサーバーへのアクセスに成功しました。攻撃者はWinRMとCobalt Strike SMB Beaconを悪用し、EDRによる監視の目をかいくぐりながら、正規に利用されるソフトウェアにコードをインジェクションして横展開を行いました。その他にも、Process HackerやRivaTuner Statistics Server、Process Explorerのようなソフトウェアや、Zemana AntiMalwareやMSI Afterburnerなどに利用されている脆弱なドライバなど、攻撃に悪用されたツールや技術を分析しました。
#SANSPACDFIRSummit...
https://www.youtube.com/watch?v=khhxcIWBdhg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every question after 100 counts for your CISSP score #cisspexam #cissptraining
In this video from the free Infosec CISSP exam prep course, instructor Steve Allen discusses the importance of the first 100 questions in your CISSP test. If the test ends at question 100, you've likely passed, with 75 out of those first 100 questions being scored. However, if you go beyond 100 questions, every additional question counts towards your score. He also highlights that within the first 100 questions, 25 are non-scored, but their identity remains unknown to you. Understanding this structure can help you optimize your test-taking strategy.
https://www.youtube.com/watch?v=uwBzDyMqgdM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LOCAL Private Telephone System (PBX) with USA number for a month
Thank you to 3CX for sponsoring this video. To try 3CX Pro for free for two months sign up using the following link: https://www.3cx.com/signup/?src=davidbombal
// YouTube video REFERENCE //
Free Private Phone System: https://youtu.be/YzH7q2Z3V2U
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - 3CX quick walkthrough...
https://www.youtube.com/watch?v=wTYPPhrhi3k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Copilot Exposing Hidden Repos #technews #cybersecurity #news #hacking
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
https://www.youtube.com/watch?v=kZZWlu5F9Gw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
the tools that real hackers use
https://jh.live/feedly-ai || Synthesize threat intelligence reports, create threat hunting hypotheses, attack flow diagrams, timelines and more with Feedly's Ask AI! https://jh.live/feedly-ai
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=KS9u-h90fPI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
95% CISSP exam pass rate #cisspexam #cissptraining
In this video from the free Infosec CISSP exam prep course, instructor Steve Allen discusses the pass rates of their students based on the number of questions answered in a test, emphasizing a first-attempt pass rate of about 95%. He shares an encouraging story of a student who felt they were failing but ended up passing at 126 questions. The key message is to persevere and not give up, as many students feel like they are failing due to the nature of the test.
https://www.youtube.com/watch?v=n5mfskT2bQU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
17 - Cryptography (low/med/high) - Damn Vulnerable Web Application (DVWA)
17 - Cryptography (low/med/high difficulties) video from the Damn Vulnerable Web Application (DVWA) walkthrough/tutorial series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! Hope you enjoy 🙂
↢Damn Vulnerable Web Application (DVWA)↣
https://github.com/digininja/DVWA
↢Cryptography↣
https://cryptohack.org
@pastiesbin2254 : https://www.youtube.com/watch?v=8Tr2aj6JETg
https://www.nccgroup.com/uk/research-blog/cryptopals-exploiting-cbc-padding-oracles
@nccgroup : https://www.youtube.com/watch?v=6yHM19rQjDo
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
Start - 0:00
Low - 0:14
Med...
https://www.youtube.com/watch?v=7WySPRERN0Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Did you know this Windows trick? #shorts #windows #windows11 #ip
#shorts #windows #windows11 #admin #powershell #ip #address
https://www.youtube.com/watch?v=5izBCdZPAI8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Programming Language For Anabolic Steroid Enjoyers
🔥 One language to rule them all, and in the darkness bind them
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#cprogramming #cpp #coding
c++ language
c++ programming tutorials
c++ for beginners
c++ tutorial
learn c++
learn c++ programming
how to learn c++
c++ programming tutorial
programming
c vs c++
c++ programming
https://www.youtube.com/watch?v=1PqH4e4QzXs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Change management is always the answer #cisspexam #cissptraining
In this video from the free Infosec CISSP exam prep course, instructor Steve Allen shares the analogy of security as a "glove" tailored to fit the "hand" of business needs. The discussion emphasizes the importance of understanding the specific business scenarios, goals and objectives to manage risk effectively. The concept of change management is highlighted as a critical factor in this process, consistently being the key answer across various professional tests, including the CISSP and CISM certification exams.
https://www.youtube.com/watch?v=om45F9RXOmI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
are built-in windows programs vulnerable?
https://jh.live/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform: https://jh.live/plextrac 😎
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get DFIR and SOC Analyst Training with CyberDefenders: https://jh.live/cyberdefense
Master Binary Files and Protocols with Gynvael Coldwind: https://jh.live/hackarcana (code MBF-JH-10 gives 10% off!)
https://www.youtube.com/watch?v=uY8BpZBF2f0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How do switches learn? #shorts #switch #router #android #iphone
#shorts #ccna #switch #router #android #iphone
https://www.youtube.com/watch?v=zNnQcZ9C81U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding CompTIA CEUs: How to renew your Network+ | Guest Tommy Gober
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast
Infosec Boot Camp instructor Tommy Gober returns to Cyber Work to share insights on maintaining your CompTIA Network+ certification through continuing education credits (CEUs). Learn the best practices for accruing CEUs, including documenting projects, attending conferences and engaging in hands-on learning experiences. Tommy also discusses the importance of staying current in the field and tips for avoiding the last-minute scramble to earn CEUs. Discover how advancing your certification level can simplify the renewal process and keep you updated with the latest industry trends.
0:00 Introduction
1:28 Free...
https://www.youtube.com/watch?v=Xc-qzMcXrag
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
They Think Macs are Safe? Watch this Demo 😱
Big thank you to ThreatLocker for sponsoring my trip to ZTW25 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal
// Slava Konstantinov SOCIAL //
LinkedIn: https://www.linkedin.com/in/franticmm/
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
//...
https://www.youtube.com/watch?v=ioCM7s-7tu8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The latest insights on global VDP adoption & IoT security trends
The 2024 report on global Vulnerability Disclosure Policy (VDP) adoption reveals significant strides in IoT security—yet critical gaps remain.
Join our exclusive webinar as industry experts break down the key findings, including:
- 11.6% growth in VDP adoption—who's leading and who's lagging
- The impact of the UK's PSTI Act on IoT security standards
- Upcoming regulations in the EU and U.S. and what they mean for businesses
- Enterprise vs. consumer IoT security—where vulnerabilities persist
Don't miss this opportunity to gain actionable insights and stay ahead of evolving security regulations.
For more information visit: https://www.hackerone.com/
https://www.youtube.com/watch?v=CowQQK195Ao
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV Overflow: "Breaching Bare Metal Kubernetes Clusters" with Graham Helton
Graham Helton - Arbiter of (in scope) chaos - "Attackers thrive in complex environments because they're motivated to dive deep into ambiguous technical details. In this workshop I will guide you through those ambiguous technical details by walking through multiple attack scenarios that can be used to fully compromise a bare metal Kubernetes cluster.
After each attack, we'll discuss controls that could stop or mitigate each attack, what tools you should carry in your toolbox when performing a Kubernetes assessment, and the security implications (and misconceptions) of Kubernetes. By the end of this workshop, you will be paranoid by the power you possess next time you land a shell in a Kubernetes pod."
Web: https://grahamhelton.com/
Twitter/X: @GrahamHelton3
linkedin.com/in/grahamhelton/
...
https://www.youtube.com/watch?v=iR064xsllqk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV Overflow "An Operators Guide: Hunting SCCM in the Real World" w/ Zachary Stein & Garrett Foster
Zachary Stein (Security Consultant at SpecterOps) and Garrett Foster (Senior Security Consultant at SpecterOps) - "SCCM abuse has become a popular technique in the offensive security community but can be intimidating to test in production environments due to its complexity. This workshop aims to provide operators not only a safe environment to practice tradecraft but also provide them with the confidence to properly find and assess SCCM during their engagements."
Twitter/X: @unsigned_sh0rt
Twitter/X: @synzack21
https://www.linkedin.com/in/garrett-foster86/
https://www.linkedin.com/in/zacharydstein/
________________________________________________________________
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter:...
https://www.youtube.com/watch?v=TmfWYDqEEUo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV Overflow: "Physical Red Teaming for Offensive Cyber Teams" with Ana Aslanishvili & Shawn Abelson
Ana Aslanishvili (Red Teaming Aficionado) and Shawn Abelson (Ex-Head of Physical Red Team @ Meta, Current Consultant/Trainer for PhySec Red Teaming) - "Offensive security is an unfamiliar concept to most physical security practitioners. Yet we still rely on physical security teams to protect our hardware, network, ports, and assets. Physical security professionals are often non-technical, former law enforcement/military, and are focused on protecting people instead of property. This talk will bridge the gap between physical and cyber red teaming, covering the best approaches, common pitfalls, dangers, and benefits of testing physical security programs as part of a red team assessment. From the difficulty of “patching” physical vulnerabilities to examples of red teams gone wrong and how...
https://www.youtube.com/watch?v=FZS32kb5IXk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISSP sample question: Is every answer correct? #cisspexam #cissptraining
In this video from the free Infosec CISSP exam prep course, instructor Steve Allen shares strategies for selecting the best answer among multiple correct options in challenging test questions. Using an example of choosing five animals, he illustrates the process of determining the most appropriate answer from a set of seemingly correct choices. He explains the test's tricky nature and warns students that they may feel uncertain about their performance, emphasizing the test's focus on selecting the best possible answer rather than clear-cut solutions.
https://www.youtube.com/watch?v=bbWMKgy_6eQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Can you handle a cyber attack? TryHackMe SOC Simulator
https://jh.live/tryhackme-soc || Check out TryHackMe's SOC Simulator to help revolutionize your security operations and build real-world expertise in cybersecurity defense! https://jh.live/tryhackme-soc
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
Learn Coding: https://jh.live/codecrafters
Host your own VPN: https://jh.live/openvpn
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN THE NEWSLETTER ➡ https://jh.live/newsletter
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝...
https://www.youtube.com/watch?v=dIu0bvtGbmU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Snyk Fetch the Flag CTF is LIVE right now!!
https://snyk.ctf.games || Jump in and register to play! https://snyk.co/johnftf
https://www.youtube.com/watch?v=Y6cKItq_EtQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Total system domination: When hackers take over #hackingcourse #ai #cybersecurity
Discover how a vulnerability can swiftly lead to system control, even restricting admin functions. This video demonstrates the process from finding a weakness to exploiting it effectively. Learn how proper prompting and AI can empower novices to accomplish these steps seamlessly. This clip is taken from the Infose beginner hacking and using AI free training course.
https://www.youtube.com/watch?v=p6b1oJC6TOI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISSP is not a technical test #cisspexam #cissptraining
In this video from the free Infosec CISSP exam prep course, instructor Steve Allen discusses strategies for excelling in management tests, emphasizing the value of reading skills demonstrated by English majors and lawyers. He highlights the critical principle of integrating security from the start, rather than adding it as an afterthought. Physical security is stressed as the foundational layer necessary before implementing logical security. Understanding these concepts is crucial, especially for individuals from a technical background who might find these tests challenging.
https://www.youtube.com/watch?v=5Q3O1SrowEI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Data Execution Prevention?
🔥 Data Execution Prevention Stops Code Injection in Data Pages
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
#computerscience #cybersecurity #windowsinternals
Data execution prevention or DEP is a critical security feature designed to block shellcode execution and protect against binary exploitation attacks. This protection mechanism works alongside memory management systems to prevent buffer overflow attacks from executing malicious code in memory pages. Through virtual memory enforcement and strict access controls, DEP forms a crucial part of offensive security research and defense.
https://www.youtube.com/watch?v=4lBerAaSXRk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Network+ practice questions: Tips to pass your exam | Guest Tommy Gober
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast
Infosec Boot Camp Instructor Tommy Gober joins Cyber Work Hacks to discuss the mechanics of the CompTIA Network+ exam. This episode features an overview of different question types, including multiple-choice, multiple-answer and performance-based questions. Tommy guides you through sample exam questions, providing insights into CIDR notation, subnetting and troubleshooting IP addresses. Additionally, learn about the benefits of practice exams and receive essential tips for exam day success. This episode is perfect for anyone preparing for the Network+ certification or looking to strengthen their networking knowledge.
0:00...
https://www.youtube.com/watch?v=AhOEsUXVR_U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Which AI Can Fully Hack This Website?
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=jWPXwEfGsAA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RADAR Contact! An Obscure Evidence of Execution Artifact
In this episode, we'll take a look at a rather obscure evidence of execution artifact associated with RADAR, the Resource Exhaustion Detection and Resolution system.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:16 - What You Need to Know
🛠 Resources
The Mystery of the HeapLeakDetection Registry Key:
https://harelsegev.github.io/posts/the-mystery-of-the-heapleakdetection-registry-key/
HeapLeakDetection Registry Forensics:
https://github.com/MHaggis/HeapLeakDetection
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=edJa_SLVqOo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Covering your hack with Meterpreter #hackingcourse #ai #cybersecurity
In this tutorial, learn how to effectively cover your tracks using Meterpreter by clearing Windows event logs. We'll guide you through the process, including essential commands like clearev, to ensure there's no evidence of account creation, while highlighting the implications for cybersecurity investigations. This clip is taken from Infosec's free learn how to hack and use AI training course.
https://www.youtube.com/watch?v=ULhDxSHZzN8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thread Stack in Assembly - Push, Pop, EBP & ESP Explained
🔥 Learn How The Thread Stack Works! Push, Pop, EBP & ESP Explained
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
©GuidedHacking - GuidedHacking™
🔗 Article Link: https://guidedhacking.com/threads/assembly-thread-stack-in-game-hacking.20872/
👨💻 GH Content Creator: CodeNulls
👉https://guidedhacking.com/members/codenulls.272722/
📜 Video Description:
The thread stack, also known as stack, is memory space allocated by the operating system when a program is loaded into memory. Each thread will have its own ESP and EBP registers, which will point to its stack in memory. The PUSH and POP assembly instructions manipulate the thread...
https://www.youtube.com/watch?v=0jky5t89YHc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Use AI to prompt your way to hacking success #chatgpt #ai #hackingcourse
Discover how prompting can accelerate your learning process, whether you're a beginner or an expert. Learn to navigate high-level steps and experiment with various hacking commands using ChatGP or other artificial intelligence tools. Embrace this new wave of learning revolution by mastering the art of prompting in the free Infosec learn how to hack and use AI for cybersecurity course.
https://www.youtube.com/watch?v=L8fmf7hbfoY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emulating FIN6 - Active Directory Enumeration Made EASY
In this episode of the FIN6 Adversary Emulation series, we focus on Active Directory (AD) enumeration—a critical phase in FIN6's discovery techniques. Understanding how adversaries enumerate Active Directory environments will help you refine your tradecraft or improve your detection and mitigation capabilities if you are a Blue Teamer.
In this video, you will learn how FIN6 performs Active Directory enumeration, and how to use native Windows commands like "net" and PowerShell's "Get-AD*" cmdlets for AD Enumeration. You will also learn how to utilize "AdFind.exe" to extract information from an Active Directory Environment.
The lab environment used in this demonstration is available for free on CYBER RANGES, allowing you to follow along and practice these techniques in a safe and controlled...
https://www.youtube.com/watch?v=Iwxmscx3XXc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Give Me 13 Minutes and This Will Be Your Best Bug Bounty Year
Thank you Intigriti for making this video happen. Signup on their platform using this link for a chance to win a private invite 👉🏼https://go.intigriti.com/nahamsec
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
🔥 Discover how I turned a 6-hour airport layover into a profitable bug bounty hunting session! In this video, I break down my proven framework for consistently landing high-impact bugs in 2025. Learn why tools alone aren't enough, how to select the right targets, and the exact methodology top hunters use to earn 4-5 figure bounties. From mapping attack surfaces to thinking like a business, I'm sharing everything I've learned from earning over M in bug bounties. Plus, get an exclusive 70% discount on my comprehensive bug bounty course! 👉🏼 hhub.io/L5T2v1E
🎓...
https://www.youtube.com/watch?v=PER6Nvr6ij8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ban Hammer of Divine Retribution 🔨
🔨 Petty cybercriminals get BTFO
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
©GuidedHacking - GuidedHacking™
✏️ Tags:
#guidedhacking #gamehacking #cybercrime
game hackers
game hacking tutorials
game hacking bible
game hacking course
guidedhacking.com
guided hacking
game hacking
guidedhacking.com
game hacking website
game hacking websites
guidedhacking
guided hacking
guidedhacking.com
game hackers
https://www.youtube.com/watch?v=62HN0TMMcY4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Scammer Tried to Hack Me!
🚨🚔 I was recently offered a video sponsorship opportunity which turned out to be a DocuSign scam! They said they liked my videos but really just wanted to infect me with some malware 😿 Anyway, I thought I'd make a quick educational video to raise awareness. I'll explain what raised my suspicions and how I confirmed that the scammer was trying to hack me! #MalwareAnalysis #CyberSecurity #CyberSecurityAwareness #InfoSec #ScamBaiting #CryptoCat
🦠Malware Analysis🦠
VirusTotal: https://www.virustotal.com/gui/file/8f6f207277a8881e9c2042de4dc3a7c824eaa0334f522d96d412a2dfe5f93820/detection
APP.ANY.RUN Analysis: https://app.any.run/tasks/78722395-a017-4ac5-a18c-47464aae63a7
APP.ANY.RUN Safebrowsing: https://app.any.run/browses/6a13f769-5ec1-43e4-bc23-71f076e04e36
DocuSign Scams: https://abnormalsecurity.com/blog/cybercriminals-exploit-docusign
👷♂️Resources🛠
https://cryptocat.me/resources
Overview:
0:00...
https://www.youtube.com/watch?v=v8ZwlKAjMJA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The SECRET to Embedding Metasploit Payloads in VBA Macros
In this episode of the Offensive VBA series, we explore how to integrate PowerShell payloads and stagers into custom VBA macros for initial access. Specifically, we'll demonstrate how to repurpose and format PowerShell stagers generated by Msfvenom and PowerShell-Empire to execute a reverse shell.
This video will teach you how to format and embed HTA-based PowerShell payloads inside a VBA macro.
// Adversary Emulation Labs
New to CYBER RANGES? Register here: https://bit.ly/40dRMsb
CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU
🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6
// MORE RESOURCES
HACKERSPLOIT BLOG ►► https://bit.ly/3qjvSjK
HACKERSPLOIT FORUM ►► https://bit.ly/39r2kcY
HACKERSPLOIT ACADEMY ►►...
https://www.youtube.com/watch?v=Q1wQuHw5JKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python Game Hacking
🔥 Learn all about Python Game Hacking: https://www.youtube.com/watch?v=fvlkgdngGlQ
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#pythonprogramming
#python
#gamehacking
python game hacking
python cheats
Python Game Hacking Tutorial
python hacking tutorial
https://www.youtube.com/watch?v=IcgY3dq6O2I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Used AI To Hack This Site
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
Thank you to Snyk for sponsoring this videoo. Signup for their CTF 👉🏼 snyk.co/nahamsecctf
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023...
https://www.youtube.com/watch?v=7Z4ZDlFoHmc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV Overflow
RTV Overflow is a full-day virtual event packed with some of your favorite workshops from DEFCON 32!
Starting at 10:00 AM ET, the event features hands-on workshops including sessions on breaching Kubernetes clusters, physical red teaming strategies, and advanced cloud exploitation techniques. Get a behind-the-scenes look at RTV's mission, learn how our CTF comes to life, and discover opportunities to contribute to the village at the upcoming DEF CON 33. With sessions led by top professionals this event is your gateway to mastering real-world red team techniques and connecting with the global offensive security community.
Visit redteamvillage.io to learn more about our mission and sign up!
https://www.youtube.com/watch?v=JMTMEEqaBKg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nemi Interview - Roblox & Byfron Anti-Cheat Dev - Guided Hacking Podcast
🔥 Get to know 0xNemi the mastermind behind Byfron and Hyperion!
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
©GuidedHacking - GuidedHacking™
📜 Guided Hacking Podcast - Who is Nemi?
Nemanja Mulasmajic, also known as Nemi, is known for his work in developing Hyperion, an anti-cheat solution that was later acquired by Roblox. Nemi began his career in information security at the Department of Defense. However, he soon realized his passion for video games, which led him to transition into the gaming industry. He landed his first job at Blizzard Entertainment, where he built to anti-cheat systems that protected Overwatch. Nemi then joined...
https://www.youtube.com/watch?v=6xET66eitYY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers found a way to unlock and track every Subaru! 🤯 #hacking #bugbounty #cybernews
Hackers found a way to unlock and track every Subaru! 🤯 #hacking #bugbounty #cybernews #cybersecurity
https://www.youtube.com/watch?v=akJJ9a0zmhY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When the HWID Spoofer...
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
#hwidspoofer #hwid #hwidban
hwid spoofer
free hwid spoofer
valorant spoofer
free hwid spoofer fortnite
hwid spoofer free
hwid spoofer tutorial
hwid spoofer free download
hwid ban
hwid reset
hwid unban
https://www.youtube.com/watch?v=q2nqKtjbG3c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Offensive VBA 0x4 - Reverse Shell Macro with Powercat
In this episode of the Offensive VBA series, we dive into one of the most powerful techniques for red teamers—creating a reverse shell VBA macro using Powercat. This technique enables stealthy command execution and remote access through malicious macro-enabled Office documents.
In this video, you will learn how to build a reverse shell VBA Macro that leverages Powercat allowing you to stealthily execute remote commands in-memory using PowerShell.
Powercat: https://github.com/besimorhino/powercat
// Adversary Emulation Labs
New to CYBER RANGES? Register here: https://bit.ly/40dRMsb
CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU
🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6
// MORE RESOURCES
HACKERSPLOIT BLOG ►►...
https://www.youtube.com/watch?v=0W3Z3Br56XM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Build a Recon & Lead Generation Box for Under
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
This video is sponsored by Hostinger 👉🏼 hostinger.com/nahamsec, use coupon code: NAHAMSEC
for additional 10%.
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024,...
https://www.youtube.com/watch?v=h2V3XybOjjk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What are Netvar Offsets? Netvars Explained!
🔥 Learn all about netvars here: https://www.youtube.com/watch?v=hBA-_aAETX4
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#gamehacking #csgo #sourceengine
m_ihealth
netvar manager
cs2 offsets
how to update offsets cs2
how to find netvars
netvar offsets
offset cs2
how to update cs go cheat offsets
cs2 cheat
how to find offsets
how to find netvar
cs2 netvars
offsets ida pro
cs2 offset
offset cs2
netvar offset
https://www.youtube.com/watch?v=vE-gRB7KIc8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
00+ Bounty on TikTok's Bug Bounty Program
Do you think that your private TikTok profile was actually private?
https://www.youtube.com/watch?v=epCTnKED5dk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Offensive VBA 0x3 - Developing PowerShell Droppers
In this episode of the Offensive VBA series, we take VBA macros to the next level by developing PowerShell droppers designed for red team operations. Learn how to craft stealthy and effective VBA scripts that deliver and execute PowerShell payloads seamlessly.
Here's what we'll cover: Writing VBA macros to execute PowerShell scripts, executing payloads directly in memory for stealth, leveraging environment variables to identify system paths dynamically, and techniques to remove traces of macro execution for stealthier operations
// Adversary Emulation Labs
New to CYBER RANGES? Register here: https://bit.ly/40dRMsb
CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU
🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6
// MORE...
https://www.youtube.com/watch?v=ot3053UxJOc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Java Game Hacking - External ESP Overlay Tutorial
🔥 Learn How To Make A Java ESP for Sauerbraten!
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
©GuidedHacking - GuidedHacking™
🔗 Java Game Hacking Course: https://guidedhacking.com/forums/java-game-hacking-course-jgh100.553/
👨💻 Video Author: codenulls
👉https://guidedhacking.com/members/codenulls.272722/
👨💻 Video Editor: Dulge
👉https://guidedhacking.com/members/dulge.279155/
📜 Java Overlay Description:
In this java game hacking course you're going to learn from start to finish how to hack games with Java. We're going to start by talking about Java as a language, including it's syntax and how we're going to call...
https://www.youtube.com/watch?v=BVZt5ZISpDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KdMapper has had enough...
🔥 Replace KdMapper with PhysMeme or KDU
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
✏️ Tags:
#gamehacking #kernel #anticheat
kernel hacks
kernelmode anticheat
guidedhacking
Bypass Kernel Anti-Cheat
reverse engineering
kernel game hacking
hacking games with kernel drivers kernel cheats
vulnerable kernel drivers
kernel
game hacking
kdmapper
bypass kernel drivers
kernel cheats
Kernel Anti-Cheat Bypass
kdmapper
https://www.youtube.com/watch?v=3ivA-7Ghn-Q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
These Vulnerabilities WILL Make you 0K in 2025 (Bug Bounty Tutorial)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=fUhBiIpv61Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Offensive VBA 0x2 - Program & Command Execution
Welcome to the second episode of the Offensive VBA series, where we explore how to execute programs and system commands using VBA macros—essential skills for red teamers looking to leverage VBA for initial access and automation.
In this video, you will learn how to use the Shell function to run external programs and commands and leverage the WScript.Shell object for enhanced control over command execution. You will also learn how to use the Shell Window Style options to ensure stealth during execution.
// Adversary Emulation Labs
New to CYBER RANGES? Register here: https://bit.ly/40dRMsb
CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU
🎥 Have an idea for a video? make your submission here: https://forms.gle/VDwwMsuudzQfT9VM6
// MORE RESOURCES
HACKERSPLOIT BLOG...
https://www.youtube.com/watch?v=ogbrNZ3SCRY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Disk Paging? Virtual Memory Explained!
🔥 Learn How Virtual Memory Works on Windows Operating System
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
Virtual memory is an essential concept in computer science that allows an operating system to create the illusion of having more memory than what is physically available. This Virtual Memory tutorial' explains how Windows uses this system, giving a glimpse into the Windows Internals.
In Disk Paging, when the system requires more physical memory than available, the memory manager moves unused memory pages to special files called page files on disk to free up memory, a process known as paging out memory. The memory addresses remain valid, and...
https://www.youtube.com/watch?v=vF0STIjz-tA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Traditional Pentesting Is Letting You Down (and How to Fix It)
Pentesting is overdue for a refresh. Traditional pentesting methods—slow, checklist-driven, and lacking visibility—can no longer keep up with today's dynamic security landscape. The result is critical security gaps that leave organizations exposed to rapidly evolving threats.
In this webinar, you'll learn why traditional pentesting methods are failing and how Pentest as a Service (PTaaS) is reshaping the future of security testing. By combining a skills-vetted global pentester community with the efficiency of the HackerOne PTaaS platform, organizations can achieve real-time results, unmatched flexibility, and deeper integration with modern DevOps workflows.
Join us for insights into:
Common pitfalls of traditional pentesting, such as inexperienced testers and slow reporting cycles
How...
https://www.youtube.com/watch?v=db9ecB0izCA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Offensive VBA 0x1 - Your First Macro
Welcome to the first episode of the Offensive VBA series, where we equip red teamers with the skills to leverage VBA for initial access and offensive operations. This video introduces you to Visual Basic for Applications (VBA)—a powerful scripting language integrated into Microsoft Office.
Here's what we'll cover: What is VBA?: An overview of how VBA works and integrates with MS Office, A walkthrough of the Integrated Development Environment (IDE) and its features, and How to create and run a basic macro.
Core Concepts:
- Subroutines, Functions, and their calls.
- Variable declaration, data types, and scope.
- User input/output with MsgBox and control statements.
// Adversary Emulation Labs
New to CYBER RANGES? Register here: https://bit.ly/40dRMsb
CYBER RANGES Adversary Emulation...
https://www.youtube.com/watch?v=jGy7_NusjuQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop Submitting Duplicate Bug Reports in 2025 (Bug Bounty) 🎯
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=WqP2WTmWGnE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emulating FIN6 - Gaining Initial Access (Office Word Macro)
Welcome to the next installment in our adversary emulation series! This video focuses on emulating initial access via a spear-phishing attachment—specifically, a malicious Word document with an embedded macro, just like FIN6 might use.
🚨 Next Up: If you want to manually develop your own VBA macros for initial access, don't worry—we've got you covered in the next video, where we'll dive deeper into crafting custom macros for red team operations.
🎥 Practical Labs: This video uses the CYBER RANGES platform to simulate a realistic attack environment. Try it out and follow along!
// Adversary Emulation Labs
New to CYBER RANGES? Register here: https://bit.ly/40dRMsb
CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU
The lab used in this video: https://app.cyberranges.com/scenario/624cd3877733a30007185a15
🔗...
https://www.youtube.com/watch?v=hUBRnh5dzrI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Broken Security Promises: How Human-AI Collaboration Rebuilds Developer Trust
Traditional security approaches have long frustrated developers, creating friction and eroding trust. The endless vulnerability backlogs must become a thing of the past. Discover a fresh approach that transforms security from a bottleneck to a strategic advantage, where AI-powered insights work in harmony with human-in-the-loop expertise to rewrite the rules of code security and ship more secure code faster.
Learn how combining artificial intelligence with human expertise will enable developers to:
- Receive actionable, context-aware security feedback that doesn't interrupt development
- Reduce false positives through intelligent human-in-the-loop analysis
- Benefit from contextual, just-in-time security training
We'll showcase real-world examples of how this human-AI collaborative approach...
https://www.youtube.com/watch?v=OZcaX38B2F8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USB Ethernet Adapter Malware??? Chinese RJ45-USB Full Analysis - Part 1
Reverse engineering all stages with line by line code analysis.
e3f57d5ebc882a0a0ca96f9ba244fe97fb1a02a3297335451b9c5091332fe359
OP
https://epcyber.com/blog/f/chinese-rj45-usb-with-flash-memory-exe-recognized-as-malware
--
OALABS PATREON
https://www.patreon.com/oalabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
https://www.youtube.com/watch?v=3IfJSGWIrCo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FIN6 Adversary Emulation Plan (TTPs & Tooling)
Step into the world of adversary emulation with this in-depth video on the FIN6 Emulation Plan. Learn how to use the Center for Threat-Informed Defense (CTID) Adversary Emulation Library to craft a comprehensive emulation plan that replicates FIN6's sophisticated TTPs.
This video will provide you with: An intelligence summary of FIN6, and the FIN6 emulation plan detailing TTPs from initial access to discovery, privilege escalation, and exfiltration.
The Adversary Emulation Fundamentals labs used in this video and series are available for free on CYBER RANGES to practice and refine your emulation skills.
// Adversary Emulation Labs
New to CYBER RANGES? Register here: https://bit.ly/40dRMsb
CYBER RANGES Adversary Emulation Labs (Free): https://bit.ly/4amBPEU
Lab used in this video: https://app.cyberranges.com/scenario/624cb3bd7733a30007185990
🔗...
https://www.youtube.com/watch?v=qEfk44G4zFM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Developing An Adversary Emulation Plan
Creating an adversary emulation plan is a critical process for red teamers and cybersecurity professionals aiming to improve their organization's threat detection and response capabilities. In this video, we break down the entire process starting with how to select a threat actor relevant to your industry or geolocation, finding and leveraging Cyber Threat Intelligence (CTI) to gather insights on the adversary, and mapping the adversary's TTPs using the MITRE ATT&CK framework.
🔗 Video Resources & References
Explore the comprehensive APT Groups and Operations Directory to find details on APT groups by region, their TTPs, and campaigns: https://apt.threattracking.com
APTnotes: https://github.com/kbandla/APTnotes
APT & CyberCriminal Campaign Collection: https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
//...
https://www.youtube.com/watch?v=1N49x1EWw7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How 3 Hackers Combined Their Skills for Big Bounties! (And how you can do it too)
Join us in this special episode as we sit down with the winners of Bugcrowd's Hacker Showdown Carnival of Chaos virtual event: sw33tLie, bsysop, and godiego! Discover their hacking methodologies, collaboration techniques, and their journey to victory. Learn how they met, their advice for forming your own team, and the coolest exploits they uncovered during the event. If you're interested in bug bounties, team hacking, or just want to meet more hacker friends, this episode is a must-watch!
00:00 Introduction and Special Guests
01:04 Meet the Hackers
02:55 Carnival of Chaos Experience
04:32 Collaboration and Team Dynamics
06:15 Roles and Strategies in Hacking
13:00 Finding the Right Collaborators
15:25 Live Hacking Events vs. Virtual Events
22:30 Coolest Findings and Bug Stories
29:52 Advice...
https://www.youtube.com/watch?v=gUuDyIE44bc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Edinburgh w/ Amazon and AWS
In September, some of the best security researchers in the world joined the Amazon and AWS teams in Edinburgh, Scotland, for a live-hacking event fit for a Scottish king. 👑
This collaboration with the security researcher community is vital to Amazon and AWS' commitment to comprehensive security for their users and customers. See the highlights and which security researchers were able to climb to the top of the leaderboard.
For more information about HackerOne, visit https://www.hackerone.com/
https://www.youtube.com/watch?v=xIIPn4CV9eM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction To Advanced Persistent Threats (APTs)
This informative video is designed to give you a comprehensive understanding of Advanced Persistent Threats (APTs). In this video, you will learn what APTs are, how they differ from traditional threat actors, and why they pose a significant challenge to organizations worldwide. This video also explores the categorization and naming of APT Groups based on nation-state affiliation, motivations, and the tactics they employ to achieve their objectives.
This video also sheds light on the complexities of APT naming conventions used by major cybersecurity vendors, such as CrowdStrike and Mandiant, and the challenges in tracking these elusive groups.
🔗 Don't miss this resource: Access the "APT Groups and Operations" repository here: https://apt.threattracking.com — a comprehensive spreadsheet...
https://www.youtube.com/watch?v=CwSG5sa0Nao
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Customer Testimonial: Amazon and AWS
For Amazon and AWS, their bug bounty programs give their security teams unique insight into their entire digital landscape. Through their programs, the Amazon and AWS teams work with researchers from around the world to continuously test their platform and products. See how their teams regularly engage the researcher community to protect customer data, drive collaboration, and foster knowledge sharing.
For more information on HackerOne products visit: https://www.hackerone.com/
https://www.youtube.com/watch?v=pNJNdrZN0YA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I was just awarded 0,000 for hacking into Facebook! #bugbounty #hacking #pentest
https://www.youtube.com/watch?v=LUVm6uaZuJA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Be Kind, Rewind... The USN Journal
In this episode, we'll explore groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” This innovative technique reveals how to uncover the original locations of files recorded in the USN Journal, even after their corresponding NTFS FILE records have been reused by different files.
🛑 If you need a refresher on the prerequisites for this episode, watch these:
Introduction to MFTECmd - NTFS MFT and Journal Forensics:
https://www.youtube.com/watch?v=_qElVZJqlGY
Anatomy of an NTFS FILE Record - Windows File System Forensics:
https://www.youtube.com/watch?v=l4IphrAjzeY
NTFS FILE Record Reuse:
https://www.youtube.com/watch?v=6LpJVx7PrUI
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
05:03...
https://www.youtube.com/watch?v=GDc8TbWiQio
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
403 Bypass and Deserialization in BentoML Library (CVE-2024-2912) - "Summar-AI-ze" [Web Challenge]
🚩 Video walkthrough for the "Summar-AI-ze" (web) challenge I created and hosted on my NEW website (https://cryptocat.me)!! Players were required to bypass a 403 error by using the X-Forwarded-For HTTP header, allowing them to activate an internal feature and grant their account beta access. The "beta" feature was a word summarization tool, running BentoML (LLM) on the backend. Players could identify the library by changing the content-type, triggering an error. Some research would yield CVE-2024-2912; a python pickle deserialization vulnerability, discovered by PinkDraconian 💜 Players could use the supplied PoC to gain code execution and exfiltrate the flag using curl 😎 #CTF #Challenge #CryptoCat
Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/cryptocat/summaraize
Join...
https://www.youtube.com/watch?v=5NCzDZcx_Dg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber Day 24: MQTT & Wireshark
Check out TryHackMe's Advent of Cyber Event: https://tryhackme.com/r/christmas?utm_source=youtube&utm_medium=social&utm_campaign=
Join Katie, aka InsiderPhD, on the 24th day of TryHackMe's Advent of Cyber! Today, we're diving into the mysterious world of communication protocols, focusing on the MQTT protocol. Discover how the city of Wereville faces off against Mayor Malware's sabotage of smart lights and HVAC systems. Using Wireshark, Katie demonstrates how to analyze MQTT traffic, understand the publish-subscribe model, and reverse engineer networking protocols. With a blend of British humour and hands-on learning, Katie leads you through the process of identifying malicious commands and securing IoT devices. By the end, you'll learn how to troubleshoot smart devices, monitor network...
https://www.youtube.com/watch?v=ct6393M_Iow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters I - 14. What is Next
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=yTP6vgoJSfU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters I - 13. Exception Handling
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=aQ6LQ4s5Y9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Pentesters I - 12. Working with Files and Installing Modules
Part of the Python for Pentesters I course: https://www.youtube.com/playlist?list=PLonlF40eS6nwhfPHOfoSM57xWftXonfbk
Connect with me:
X: https://twitter.com/cristivlad25
IG: https://instagram.com/cristivladz
https://www.youtube.com/watch?v=_YbYUHJDGd4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Report to Results: Building Resilience with Insights from the Hacker-Powered Security Report
The 8th Annual Hacker-Powered Security Report just launched. How can you interpret it to make the case for your own human-powered security program, attract more security researchers to your programs, or incentivize more impactful vulnerability reports?
This webinar, featuring HackerOne customers and a leading member of our security researcher community, will answer that question.
Learn More: https://www.hackerone.com/events/report-results-hacker-powered-security-report
https://www.youtube.com/watch?v=tAGF4pFSs6M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction To Adversary Emulation
This video introduces you to Adversary Emulation and its role in Red Team operations. Furthermore, this video also explains the differences between Adversary Emulation and Simulation. Adversary emulation in the context of Red Teaming is the process of mimicking/emulating the tactics, techniques, and procedures (TTPs) of a threat actor/adversary to test the effectiveness and efficacy of an organization's defenses.
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege...
https://www.youtube.com/watch?v=CUMhiSdOSkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Write Great Bug Bounty & Pentest Report (Proof of Concepts)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=qR_OQsRFd7g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber Day 13: Exploring WebSocket Vulnerabilities with InsiderPhD
Check out TryHackMe's Advent of Cyber Event: https://tryhackme.com/r/christmas?utm_source=youtube&utm_medium=social&utm_campaign=
Join me, in today's TryHackMe Advent of Cyber Day 13 walkthrough, where she diving into WebSockets and WebSocket message manipulation vulnerabilities. Learn about WebSocket message manipulation, common security risks such as weak authentication, message tampering. Follow along as I demonstrates how to identify and exploit WebSocket vulnerabilities in a web application. Perfect for anyone interested in web security, bug bounty hunting, and real-time communication protocols.
00:00 Introduction and Welcome
00:26 Story Setup: The Threat in Wareville
01:22 Understanding WebSockets
02:54 WebSocket Vulnerabilities
04:08 WebSocket Message Manipulation
07:33 Practical...
https://www.youtube.com/watch?v=ozgRXn44FF0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding ⛔️403 Bypass Techniques⛔️ (With Examples)
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE 0 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting...
https://www.youtube.com/watch?v=PvpXRBor-Jw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastering Persistence: Using an Apache2 Rootkit for Stealth and Defense Evasion
In this video, I demonstrate the process of establishing persistence and evading defenses on Linux through the use of an Apache2 rootkit.
The lab used in this video can be accessed for free on the CYBER RANGES platform. The links to the platform and lab are listed below:
// CYBER RANGES
CYBER RANGES: https://app.cyberranges.com
SQL Injection Lab: https://app.cyberranges.com/scenario/67474e64a3907f65136f1a6d
//LINKS
Apache2 Rootkit: https://github.com/ChristianPapathanasiou/apache-rootkit
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON...
https://www.youtube.com/watch?v=Ra2altDvPYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XSS via CSPT and DOM Clobbering - "SafeNotes 2.0" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Safe Notes 2.0" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The developer of Safe Notes learnt from their mistakes and introduced a variety of security fixes, but unfortunately introduced new vulnerabilities! Players were required to chain DOM Clobbering, client-side path traversal (CSPT) and an Open Redirect in order to achieve XSS and steal the admin's cookie. 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti
Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/safenotes_2
Check out Safe Notes v1 challenge and walkthrough here: https://challenge-0824.intigriti.io + https://youtu.be/yGRRGUtT9MU
🐛INTIGRITI 1337UPLIVE CTF🐞
https://ctftime.org/event/2134
https://ctf.intigriti.io
https://discord.gg/intigriti-870275171938873395
👷♂️Resources🛠
https://cryptocat.me/resources
Overview:
0:00...
https://www.youtube.com/watch?v=G-KoF8WAoUM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NTFS FILE Record Reuse
In this continuation of "Anatomy of an NTFS FILE Record," we'll learn how NTFS manages record reuse and distinguishes between in-use and deleted files and directories.
If you haven't watched the previous episode, watch it here:
https://www.youtube.com/watch?v=l4IphrAjzeY
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:31 - NTFS Master File Table (MFT) artiFACTS
01:49 - Analysis
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=6LpJVx7PrUI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Basic Stack Buffer Overflow (with parameters) - "Retro2Win" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Retro2Win" (pwn) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! A classic "ret2win" challenge, the binary included a buffer overflow vulnerability, allowing players to take over the flow of execution and call a "win" function. In this case, the function expected two parameters, requiring values to be popped into the RDI/RSI registers first 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti
Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/pwn/retro2win
🐛INTIGRITI 1337UPLIVE CTF🐞
https://ctftime.org/event/2134
https://ctf.intigriti.io
https://discord.gg/intigriti-870275171938873395
👷♂️Resources🛠
https://cryptocat.me/resources
Overview:
0:00 Intro
0:13 Basic file...
https://www.youtube.com/watch?v=Y37KMst1XFU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
X-Forwarded-For Header Spoofing and XXE - "BioCorp" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "BioCorp" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! Players arrived an a website for an energy corporation, with a hint that they were working on decoupling their backend infrastructure from the public facing website. By analysing the source code, players would find a hidden panel, restricted by IP address. By setting the X-Forwarded-For header, they could spoof the IP and gain access to a nuclear panel. Since the panel read XML data, players would test for XXE and ultimately recover the flag 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti
Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/biocorp
🐛INTIGRITI 1337UPLIVE CTF🐞
https://ctftime.org/event/2134
https://ctf.intigriti.io
https://discord.gg/intigriti-870275171938873395
👷♂️Resources🛠
https://cryptocat.me/resources
Overview:
0:00...
https://www.youtube.com/watch?v=hyi_JZvXOTU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Things You Need to Learn From the New Hacker-Powered Security Report
As the cybersecurity landscape continues to change, understanding the perspectives of security researchers is essential for effective risk management.
In this 30-minute live webinar session, we'll dive into the top five takeaways from the 8th Annual Hacker-Powered Security Report. With practical examples and actionable recommendations, you'll learn how to:
- Ensure that AI deployments are secure and trustworthy
- Enhance your approach to vulnerability management
- Implement demonstrably valuable security measures
Join this fast-paced exploration of the vital role of human expertise in the AI era.
To download the full report, visit: hackerone.com/report
https://www.youtube.com/watch?v=1DdY6lV3Llc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Collaboration
https://www.youtube.com/watch?v=n2Z-kaRr2ws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Time Pad (OTP) with a Twist - "Schrödinger's Pad" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Schrödinger's Pad" (crypto) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The challenge included a common vulnerability; reusing a one-time-pad (OTP). There was a slight twist; for each encryption, the box would be observed. If the cat is alive, some cryptographic operations would take place. If the cat is dead, some different operations occur - players need to reverse it! 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti
Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/crypto/schrodingers_pad
🐛INTIGRITI 1337UPLIVE CTF🐞
https://ctftime.org/event/2134
https://ctf.intigriti.io
https://discord.gg/intigriti-870275171938873395
👷♂️Resources🛠
https://cryptocat.me/resources
Overview:
0:00...
https://www.youtube.com/watch?v=9NrmlOBcF1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JWT Algorithm Confusion and SSTI (Pug) - "Cat Club" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Cat Club" (web) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! The challenge featured a server-side template injection (SSTI) vulnerability in the user welcome message. However, there is a problem; the username is sanitized on registration and then rendered from the JWT, which is signed using an RS256 private key. Players must exploit an algorithm confusion vulnerability to tamper with the JWT, changing their username to an SSTI (pug) payload. There's no command output, so to return the flag they will also need to develop a blind payload (e.g. return flag to web server logs) 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti
Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/web/cat_club
🐛INTIGRITI...
https://www.youtube.com/watch?v=Vh9SqT9KyL8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Breaking Secure Web Gateways for Fun and Profit -Vivek Ramachandran, Jeswin Mathai
Secure Web Gateways (SWGs) are cloud-based SSL-intercepting proxies and an important component of enterprise Secure Access Service Edge (SASE) or Security Service Edge (SSE) solutions. SWGs ensure secure web access for enterprise users by doing malware protection, threat prevention, URL filtering, and content inspection of sensitive data, among other critical security measures.
Our research indicates that in today's world of complex web applications and protocols, SWGs often fail to deliver on their promise. We will demonstrate a new class of attacks: “Last Mile Reassembly Attacks,” which, as of this writing, can bypass every SWG in the Gartner Magic Quadrant for SASE and SSE - this includes the largest public market cybersecurity companies in the world. Additionally, we will release...
https://www.youtube.com/watch?v=mBZQnJ1MWYI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Listen to the Whispers: Web Timing Attacks that Actually Work - James Kettle
Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them.
In this session, I'll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack-surface.
This is not a theoretical threat; every technique will be illustrated with multiple real-world case studies on diverse targets. Unprecedented advances have made these attacks both accurate and efficient; in the space of ten seconds you can now reliably detect a sub-millisecond differential with no prior configuration or 'lab conditions' required. In other words, I'm going to share timing attacks you can actually use.
To help, I'll equip you...
https://www.youtube.com/watch?v=zOPjz-sPyQM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Server-side Anti-Cheat Protections - "Bug Squash (part 2)" [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for the "Bug Squash part 2" (gamepwn) challenge I made for Intigriti's 1337UP LIVE (CTF) competition 2024! It's a unity-based game where players need to squash bugs to earn points, like part 1. The difference here is the points are stored server-side and some anti-cheat mechanisms have been put in place to prevent hackers from manipulating their score! Players must develop a PoC which exploits some JSON parsing discrepancies, being careful not to trigger any ant-cheat defences (all under a strict time limit) 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti
Check out the accompanying writeup here: https://book.cryptocat.me/ctf-writeups/2024/intigriti/game/bug_squash2
Bug Squash part 1: https://youtu.be/VoT74JOGWgA
🐛INTIGRITI 1337UPLIVE CTF🐞
https://ctftime.org/event/2134
https://ctf.intigriti.io
https://discord.gg/intigriti-870275171938873395
👷♂️Resources🛠
https://cryptocat.me/resources
Overview:
0:00...
https://www.youtube.com/watch?v=dEA68Aa0V-s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Guide for Solving Beginner CTF Challenges [INTIGRITI 1337UP CTF 2024]
🚩 Video walkthrough for 4 "warmup" challenges from the 2023 1337UP LIVE (CTF) competition by Intigriti, originally presented during the pre-CTF livestream in 2024. The challenges include various decodings with cyberchef, traffic analysis (PCAPs) and basic reversing/crypto 😎 #1337UP #1337UPLIVE #CTF #INTIGRITI #HackWithIntigriti
Full livestream: https://youtube.com/live/BKXfrNwrcqQ
🐛INTIGRITI 1337UPLIVE CTF🐞
https://ctftime.org/event/2134
https://ctf.intigriti.io
https://discord.gg/intigriti-870275171938873395
👷♂️Resources🛠
https://cryptocat.me/resources
Overview:
0:00 Intro
0:19 Warmup: Encoding
1:52 Forensics: OverTheWire (part 1)
5:17 Forensics: OverTheWire (part 2)
10:00 Crypto: Keyless
11:03 Conclusion
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾...
https://www.youtube.com/watch?v=CsyQFzTJ09w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 8th Annual Hacker-Powered Security Report: An overview
The 8th Annual Hacker-Powered Security Report states that whether you think AI is a threat or an opportunity, you are right.
- 48% of security leaders say GenAI is the biggest threat to their organization.
- Nearly 10% of researchers specialize in AI red teaming as the number of AI assets in scope for bug bounty programs has increased by 171%.
- Researchers are also leveraging AI tools to be even more effective in finding and reporting vulnerabilities, with 58% saying they use AI either as a significant tool or in some way.
At HackerOne, we definitely see the opportunities provided by GenAI. In the spirit of embracing the technology, we asked NotebookLM to summarize the latest Hacker-Powered Security Report. Listen to our AI-generated podcast on the report and let us know what you think!
To...
https://www.youtube.com/watch?v=7j1cNrknCe4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Abusing Windows Hello Without a Severed Hand - Ceri Coburn, Dirk jan Mollema
Windows Hello is touted by Microsoft as the modern de facto authentication scheme on Windows platforms, supporting authentication and encryption backed by biometrics. In a world that is quickly accelerating towards a passwordless existence, what new threats do we face in this complex landscape? We will take a deep dive into the inner working of Windows Hello. Via the release of a new tool, it will be demonstrated how an attacker on a fully compromised Windows host can leverage secrets backed by Windows Hello biometrics without needing the biometric data that protects them. We will also show how the hardware protections of Windows Hello and its accompanying Primary Refresh Tokens can be defeated, making it possible to use Windows Hello for identity persistency and PRT stealing, in some cases...
https://www.youtube.com/watch?v=mFJ-NUnFBac
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
13Cubed XINTRA Lab Walkthrough
In this episode, we'll perform a comprehensive walkthrough of the 13Cubed challenge created for XINTRA Labs. Learn more at https://www.xintra.org/labs.
💰 For a limited time only, use the discount code "13CUBED" to get 15% off a XINTRA Labs subscription!
🙏 Special thanks to Mike Peterson from https://nullsec.us for playing the role of Threat Actor in our scenario!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:58 - Workstation - Running MemProcFS
03:25 - Workstation - Question 1
05:14 - Workstation - Question 2
07:06 - Workstation - Question 3
07:53 - Workstation - Question 4
09:42 - Workstation - Question 5
12:42 - Workstation - Question 6
15:31 - Workstation - Question 7
17:34 - Workstation -...
https://www.youtube.com/watch?v=A7Bh7vnAooQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Review: This Is How They Tell Me the World Ends (not with a bang but with a bug)
Join me on a brand-new series as I indulge my childhood dream of creating a personal library, focusing on InfoSec books! Kicking things off, we dive into 'This Is How They Tell Me How The World Ends' by Nicole Perlroth. Despite being an ebook enthusiast, I decided it was high time to fill my custom-built bookcase with real books. We'll explore the fascinating histories and personal stories behind bug bounties, zero days, and cyber warfare, all narrated with the flair of a seasoned journalist. From cyber politics to sassy hacker quips - what did happen to that salmon anyway? To how hackers take on the global stage of politics
00:00 Introduction to the Quest for Infosec Books
00:29 Building the Dream Library
00:55 E-Readers vs. Physical Books
02:41 Criteria for Book Selection
04:44 First Book...
https://www.youtube.com/watch?v=OvUmumbiGRI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Las Vegas w/Epic Games
https://www.youtube.com/watch?v=rJb-qFYylis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Counter Deception: Defending Yourself in a World Full of Lies - Tom Cross, Greg Conti
The Internet was supposed to give us access to the world's information, so that people, everywhere, would be able to know the truth. But that's not how things worked out. Instead, we have a digital deception engine of global proportions. Nothing that comes through the screen can be trusted, and even the things that are technically true have been selected, massaged, and amplified in support of someone's messaging strategy.
Deception isn't just about narratives - we see deception at every layer of the network stack, from spoofed electromagnetic signatures, to false flags in malware, to phony personas used to access networks and spread influence. They hide in our blindspots, exploit our biases, and fill our egos while manipulating our perceptions.
How do we decide what is real? This talk...
https://www.youtube.com/watch?v=gHqDEMrqTjE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding the Bugcrowd VRT: An Insider's Guide
Join us at DEF CON as we sit down with Codingo, VP of Operations at Bugcrowd, to look into the Vulnerability Rating Taxonomy (VRT). Learn what makes the VRT unique, how it compares to other vulnerability rating systems like CVSS, and why it's a key part of Bugcrowd's platform. Discover how the VRT evolves, the community's role in its development, and essential tips for hackers advocating for higher priorities on their findings. Whether you're a seasoned Bugcrowd hacker or new to the platform, this interview offers valuable insights and practical advice for improving your skills and understanding of the VRT.
00:00 Introduction to the VRT and Bugcrowd
00:33 Bugcrowd's Unique Offerings for Hackers
01:19 Understanding the VRT: An Interview with Kodinga
02:22 Differences Between VRT and CVSS
03:09...
https://www.youtube.com/watch?v=AIJK_Lw8rKw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - DEF CON Closing Ceremonies & Awards
The full closing ceremonies presentation from the final day of DEF CON 32.
https://www.youtube.com/watch?v=GdeKrNlvG8g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - What To Expect When You're Exploiting: 0Days Baby Monitors & Wi-Fi Cams - Mager, Forte
Home surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent...
https://www.youtube.com/watch?v=caY7ls4G460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - AppSec Considerations From the Casino Industry - Aleise McGowan, Tennisha Martin
In the casino industry, a surge of ransomware attacks has marked an era of unprecedented threats and vulnerabilities. This session will focus on a critical aspect of security within this industry, exploring how ransomware has specifically impacted applications and associated systems. Attendees will gain insights into the methods used by malicious actors to compromise casino applications, the resulting financial and operational disruptions, (i.e., affected customer data security etc.) and responses developed to counter these threats. By researching industry giants like MGM and Caesars, we will highlight the importance of robust application security measures and the future landscape of cybersecurity in this sector. Unique security challenges faced by the casino industry will be explored, along...
https://www.youtube.com/watch?v=k7odY9gCxaI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Where's the Money-Defeating ATM Disk Encryption - Matt Burch
Holding upwards of 0,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in just the last few years. During this time, I led security research with another colleague into the enterprise ATM industry resulting in the discovery of 6 zero-day vulnerabilities affecting Diebold Nixdorf's Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently...
https://www.youtube.com/watch?v=lF8NEsl3-kQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - On Your Ocean's 11 Team, I'm the AI Guy (technically Girl) - Harriet Farlow
One of the best parts of DEF CON is the glitz and glam of Vegas, the gambling capital of the world. Many have explored hacking casinos (on and off stage). Unfortunately, it's just not like it is portrayed in the Oceans franchise.. in real life there's much less action, no George Clooney, and it's a lot harder to pull off a successful heist.
Fortunately I'm not your typical hacker, I'm an AI hacker. I use adversarial machine learning techniques to disrupt, deceive and disclose information from Artificial Intelligence systems.
I chose my target carefully: Canberra Casino. It's the best casino in my city.. It's also the only casino but that's not the point. The casino industry is at an interesting inflection point. Many large casinos have already adopted AI for surveillance...
https://www.youtube.com/watch?v=pTSEViCwAig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Why are you still using my server for your internet access - Thomas Boejstrup Johansen
Pawning countries at top level domain by just buying one specific domain name ‘wpad.tld', come hear about this more the 25+ years old issue and the research from running eight different wpad.tld domains for more than one year that turn into more the 1+ billion DNS request and more then 600+GB of Apache log data with leaked information from the clients.
This is the story about how easy it is to just buying one domain and then many hundreds of thousands of Internet clients will get auto pwned without knowing it and start sending traffic to this man-in-the-middle setup there is bypassing encryption and can change content with the ability to get the clients to download harmful content and execute it.
The talk will explain the technical behind this issue and showcase why and how clients will...
https://www.youtube.com/watch?v=uwsykPWa5Lc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - The edges of Surveilance System and its supply chain - Chanin Kim, Myounghun Pak
With the development of artificial intelligence and image processing technology, the video industry such as CCTV is developing greatly. However, CCTV video may infringe on an individual's privacy, and personal information may be leaked due to hacking or illegal video collection. As such, Surveillance System's Security issues are also increasing, the importance of the video surveillance industry is becoming more prominent.
In order to prevent hacking or illegal video collection, research on camera security is being conducted. However, there is a lack of awareness of NVR (Network Video Recorder), a device that actually watches videos recorded by cameras, and research on this is also insufficient.
We selected Hikvision and Dahua, which have a high NVR market share, as target vendors, and also...
https://www.youtube.com/watch?v=v6VMEeUcqzo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - Welcome to DEF CON 32 - The Dark Tangent
Opening remarks from our founder The Dark Tangent.
https://www.youtube.com/watch?v=vad7FiHlgMU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad Shortman
Have you ever wondered how those little boxes that you tap your card to open doors work? What are they reading on the card? How do they ultimately unlock the door? And, are they even secure? In this talk, we will answer all of those questions and more. We will walk through how access-control systems, in general, work, and dig into the details of the most popular systems. Fortunately for the entertainment value of this talk, there be dragons in our doors. We will walk through some of the most high-profile attacks in detail and then dive into some more fundamental flaws with how the systems are designed. All of these discussions will be accompanied with live demos and first hand experience. After this talk, you will look at the world, especially doors, differently -- weaknesses everywhere! My...
https://www.youtube.com/watch?v=zBP2deuPQTg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - OH MY DC Abusing OIDC all the way to your cloud - Aviad Hahami
As DevOps and developers are slowly shifting away from storing long-lived static credentials to the more secure, still kinda-new, OIDC alternative - the underlying logic, mechanisms and implementations tend to feel like complicated magic and are mostly overlooked.
In this talk, we'll begin by recapping what OIDC is, who are the interacting entities when OIDC is used, and how OIDC is taking place to securely access one's cloud using CI/CD flows.
Once covered, we will be able to alternate our point-of-view between the entities in play and demonstrate potential vulnerabilities in various setups.
Starting with the user PoV, we will show what "under-configurations" look like, and continue by demonstrating how new OIDC configuration options can actually be misconfigurations that can result with...
https://www.youtube.com/watch?v=asd33hSRJKU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DEF CON 32 - MaLDAPtive: Obfuscation and De-Obfuscation - Daniel Bohannon, Sabajete Elezaj
DAP is no stranger to the security spotlight. While LDAP is a protocol (Lightweight Directory Access Protocol) and Active Directory is the most popular directory services system that supports a subset of LDAP, the terms “LDAP” and “AD” are tightly coupled when discussing the execution, detection and prevention of attacks targeting directory services data.
In the last decade the widespread offensive value of querying AD data via LDAP was cemented with the release of open-source tools such as BloodHound and PingCastle. However, proper visibility of LDAP queries mostly remains a privileged asset for those organizations with deep pockets, and the commercial security tools providing this visibility are often woefully fixated on simple signature-based detections.
MaLDAPtive is the 2,000-hour...
https://www.youtube.com/watch?v=mKRS5Iyy7Qo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering LAB Setup Tutorial (updated)
If you are just getting started with reverse engineering this the place to start. In this tutorial we provide an overview the current setup that we currently run, this is also the same setup used in all of our live streams and tutorials.
The full notes for this tutorial are unlocked for everyone on our Patreon including links to all of the tools mentioned
https://www.patreon.com/posts/101718688
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=adAr0KBJm4U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Las Vegas w/TikTok
https://www.youtube.com/watch?v=QYRgmBmsm_M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Get Bigger Bounties With Better Reports
At DEFCON a few weeks ago, I sat down with Codingo, VP of operations to talk about the key elements of writing an effective bug report, especially for non-native English speakers and beginners. We also discuss the importance of clarity, accurate replication steps, and the impact of comprehensive report writing on your bug bounty success. Learn from Bugcrowd's framework and community-driven practices to enhance your cybersecurity skills and make a stronger impact with your findings.
00:00 Introduction and Apology
00:37 Sponsor Message: Bugcrowd
01:22 Live from DEF CON
01:53 The Importance of Report Writing
02:17 Key Elements of a Good Report
04:46 Challenges in Report Writing
06:11 The Triage Process
08:21 Support for Non-Native English Speakers
09:17 Common Reasons for Bug Rejection
11:09...
https://www.youtube.com/watch?v=hnU0mRl0WBI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Miami w/ Capital One
https://www.youtube.com/watch?v=V9qwgXcfJ-Y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Live Hacking Event Recap: Singapore w/ Salesforce
https://www.youtube.com/watch?v=MjXCLB995tw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Memory Forensics Challenge
Welcome to a special Linux Memory Forensics Challenge from 13Cubed. This is an excellent opportunity to get some hands-on practice with Linux memory forensics. You'll find the questions below, as well as a link to download the memory sample needed to answer those questions.
🎉 Check out the official training courses from 13Cubed at https://training.13cubed.com!
HINT 1: To get started, run the Volatility 3 banners plugin to determine the correct kernel version, and subsequently install the correct symbols and create the ISF.
HINT 2: The kernel version in use on this Ubuntu 22.04 machine was 6.5.0-41. It is recommended that Ubuntu 22.04 be used for the analysis.
🛑 CONTEST IS CLOSED 🛑
All winners have been selected. We still encourage you to participate in the lab, as we believe it...
https://www.youtube.com/watch?v=IHd85h6T57E
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shimcache Execution Is Back - What You Need to Know!
In this special episode, Mike Peterson from nullsec.us joins us to discuss important new research on Shimcache/AppCompatCache. Discover how this artifact can potentially be used to prove execution in Windows 10 and later—a capability that was previously thought impossible!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:08 - Shimcache/AppCompatCache artiFACTS
09:38 - nullsec.us Research
18:40 - Wrap-up
🛠 Resources
Original research from Eric Zimmerman:
https://github.com/EricZimmerman/AppCompatCacheParser/issues/6
GitHub commit for AppCompatCacheParser adding the functionality (March 2023):
https://github.com/EricZimmerman/AppCompatCacheParser/commit/c995e82a58684bb15a46c34729c99a4024aaf8b3#diff-e5f34b98fc08cf3da1819cd0652cb2c28a785e4f2bab8cccfb0d7fe2cb99cff9R79
For...
https://www.youtube.com/watch?v=DsqKIVcfA90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cookie Forgery, Signature Bypass and Blind Command Injection - "Feature Unlocked" [CSCTF 2024]
Video walkthrough for the "Feature Unlocked" web challenge I made for CyberSpace CTF 2024. The challenge required players to hijack the validation server via a hidden GET parameter, cookie forgery and custom signature generation/verification in order to access an unreleased feature, which itself contained a blind command injection vulnerability. Hope you enjoy 🙂 #CSCTF #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec
Write-up: https://book.cryptocat.me/ctf-writeups/2024/cyberspace/web/feature_unlocked
↢CyberSpace CTF 2024↣
https://2024.csc.tf
https://ctftime.org/event/2428
https://discord.csc.tf
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
0:00 Start
1:46 Source code review
2:33 Cookie forgery
4:13 Recreate validation server
6:20 Access unlocked...
https://www.youtube.com/watch?v=6jvmbvsRLgQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village - Recap
Thank you to everyone who attended the village this year at DEF CON! Another huge thank you to our core team, sponsors, volunteers, goons, and DEF CON!
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xjKxLoz0Dw4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Amazon
Thank you Amazon for being a platinum sponsor! For more information about Amazon, please visit https://amazon.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=ouv0tgFmo8M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Kindo
Thank you Kindo for being a platinum sponsor! For more information, please visit https://kindo.ai.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=-1wBcsNVqPo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV x Flare - An Introduction to Flare
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=xXulBDmkxsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Core Team
Check out our amazing core team!
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=DXklOoiJXVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Horizon3.ai
Thank you for being one of our platinum sponsors!
Additional information about Horizon3.ai can be obtained from https://www.horizon3.ai.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=kuviZ77aUB8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Planning Red Team Operations | Scope, ROE & Reporting
Hey guys, HackerSploit here back again with another video. This video outlines the process of planning and orchestrating Red Team operations.
This video also outlines various Red Team resources, guides, and templates to plan and orchestrate a successful Red Team Operation.
//LINKS & RESOURCES
REDTEAM.GUIDE: https://redteam.guide/
The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/introduction-to-the-mitre-att-ck-framework/9127
//HACKERSPLOIT PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE...
https://www.youtube.com/watch?v=usDt-s2sACI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mapping APT TTPs With MITRE ATT&CK Navigator
Hey guys, HackerSploit here back again with another video. This video will introduce you to the MITRE ATT&CK Navigator and will illustrate how it can be operationalized for planning and orchestrating Red Team operations.
MITRE ATT&CK Framework: https://attack.mitre.org/
MITRE ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► https://amzn.to/3ylCl33
Docker...
https://www.youtube.com/watch?v=hN_r3JW6xsY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction To The MITRE ATT&CK Framework
Hey guys, HackerSploit here back again with another video. This video will introduce you to the MITRE ATT&CK framework and will illustrate how it can be operationalized for Red Team and Blue Team operations.
The slides and written version of this video can be accessed on the HackerSploit Forum: https://forum.hackersploit.org/t/introduction-to-the-mitre-att-ck-framework/9127
MITRE ATT&CK Framework: https://attack.mitre.org/
//PLATFORMS
BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► https://bit.ly/3sNKXfq
DISCORD ►► https://bit.ly/3hkIDsK
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn
//BOOKS
Privilege...
https://www.youtube.com/watch?v=LCec9K0aAkM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Flare
Thank you for being a Diamond sponsor! For additional information about Flare, please visit https://flare.io.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=7AON2imxy24
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x Optiv
Thank you for being one of our sponsors!
Additional information about Optiv can be obtained from https://optiv.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=mbM3KEk8vxQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mounting Linux Disk Images in Windows
Learn how to mount Linux disk images in Windows using the Windows Subsystem for Linux (WSL). We'll tackle common issues and their fixes.
⌨️ Command used in the video:
sudo mount -o ro,loop,offset=[OFFSET],noload [IMAGE] /mnt/[MOUNTPOINT]
If you're mounting images containing Logical Volume Management (LVM) volumes, additional steps are required:
✅ Install LVM2 (if not already installed)
sudo apt install lvm2 (Debian/Ubuntu)
sudo dnf install lvm2 (Fedora)
sudo yum install lvm2 (RHEL)
✅ Create a loop device from the disk image:
sudo losetup -f -P testimage.dd
Here, "-f" tells losetup to find the next available loop device, and "-P" forces the kernel to scan the partition table on the newly created loop device.
✅ Refresh LVM so that the new device appears:
sudo pvscan --cache
This...
https://www.youtube.com/watch?v=W_youhia4dU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DC32 - Red Team Village x White Knight Labs
Thank you for being one of our platinum sponsors!
Additional information about White Knight Labs can be obtained from https://whiteknightlabs.com.
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=QQD0SJwJG8A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Course! Investigating Linux Devices
Check out Investigating Linux Devices, a comprehensive Linux forensics training course from 13Cubed! Starting with fundamental principles, Investigating Linux Devices rapidly progresses to encompass log analysis, file systems, persistence mechanisms, memory forensics, live response, and more! This course offers extensive hands-on practice and a capstone involving the analysis of a compromised system. Tailored for both beginners and seasoned professionals, it serves as an ideal resource for mastering Linux forensics!
🎉 Enroll today at training.13cubed.com!
#Forensics #DigitalForensics #DFIR #LinuxForensics
https://www.youtube.com/watch?v=4sRFu_QTkXM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RTV x BC Security - An Introduction to CTFs
The Red Team Village
Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter
https://www.youtube.com/watch?v=t5X8ONopEVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XSS in PDF.js (CVE-2024-4367) - "Upload" [Akasec CTF 2024]
Video walkthrough for the "Upload" web challenge from Akasec CTF 2024. The challenge involved server-side XSS (dynamic PDF) using a recent exploit (CVE-2024-4367) and SSRF! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Akasec #CTF #CaptureTheFlag #Pentesting #OffSec #WebSec #AppSec
Write-up: https://book.cryptocat.me/ctf-writeups/2024/akasec_24/web/upload
↢Akasec CTF 2024↣
https://ctf.akasec.club
https://ctftime.org/event/2222
https://discord.gg/6yyzBnZP2e
https://twitter.com/akasec_1337
https://www.linkedin.com/company/akasec-1337
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
0:00 Start
0:55 Source code review
4:39 XSS (CVE-2024-4367)
10:11 SSRF
15:29 End
https://www.youtube.com/watch?v=XrSOaHoeJCo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2: XML External Entity Injection (XXE) - Gin and Juice Shop (Portswigger)
XML External Entity Injection (XXE) - Episode 3 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Portswigger: Gin and Juice Shop↣
https://ginandjuice.shop
https://portswigger.net/blog/gin-and-juice-shop-put-your-scanner-to-the-test
https://portswigger.net/burp/vulnerability-scanner
https://portswigger.net/web-security
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
0:00...
https://www.youtube.com/watch?v=hixTxzYDuDg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Weird Windows Feature You've Never Heard Of
In this episode, we'll explore File System Tunneling, a lesser-known legacy feature of Windows. We'll uncover the fascinating behind-the-scenes functionality and discuss the potential implications for forensic examinations of compromised systems.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
05:06 - File System Tunneling Demo
🛠 Resources
The Apocryphal History of File System Tunnelling:
https://devblogs.microsoft.com/oldnewthing/20050715-14/?p=34923
File System Tunneling in Windows (Jason Hale):
https://df-stream.com/2012/02/file-system-tunneling-in-windows/
File System Tunneling (Harlan Carvey):
https://windowsir.blogspot.com/2010/04/linksand-whatnot.html
#Forensics #DigitalForensics #DFIR #ComputerForensics...
https://www.youtube.com/watch?v=D5lQVdYYF4I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live at the RSA expo hall!
https://www.youtube.com/watch?v=y7-J8g3_9l8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zombieware
Self-replicating malware, long abandoned by its operators, continues to contribute significant volume and noise to malware feeds. We investigate this trend, which we refer to as Zombieware!
Join us on Patreon for Part 2 where we reverse engineer a popular file infector and write an extractor to recover the infected files!
https://www.patreon.com/posts/zombieware-part-103656376
Full Zombieware blog post can be found on our UnpacMe blog here: https://blog.unpac.me/2024/04/25/zombieware/
Ladislav Zezula's excellent talk from BSides Prague can be found here:
https://www.youtube.com/watch?v=OgXvd-Wce9o
-----
OALABS DISCORD
https://discord.gg/oalabs
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED...
https://www.youtube.com/watch?v=NNLZmB6_aGA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite Certified Practitioner (BSCP) Review + Tips/Tricks [Portswigger]
Burp Suite Certified Practitioner (BSCP) review, tips/tricks etc. Hopefully this videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc who might be interested in taking the BSCP exam from Portswigger 🙂 #BSCP #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
Considering taking the HackTheBox CPTS course? You can find my full review for it here: https://youtu.be/UN5fTQtlKCc
Looking for Portswigger lab walkthroughs? I produce videos for the @intigriti channel: https://www.youtube.com/playlist?list=PLmqenIp2RQciV955S2rqGAn2UOrR2NX-v
↢Portswigger: Burp Suite Certified Professional↣
https://portswigger.net/web-security/certification
https://portswigger.net/web-security/certification/how-it-works
https://portswigger.net/web-security/certification/practice-exam
https://portswigger.net/web-security/mystery-lab-challenge
↢BSCP...
https://www.youtube.com/watch?v=L-3jJTGLAhc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is AI The Future Of Penetration Testing?
AI has the potential to revolutionize penetration testing by automating many repetitive, rote tasks like exploit development, vulnerability scanning, and report generation, thereby speeding up pen tests and making them more efficient.
However, AI is not yet advanced enough to fully replace human expertise, especially when it comes to testing custom web applications and proprietary systems that require critical thinking and creativity.
There are risks associated with AI, such as false positives/negatives, scope creep, and accidental system crashes, that necessitate skilled human oversight.
As a result, pentesters' roles may evolve to focus more on validating AI tool output, conducting adversary simulations, and formulating high-level strategies rather than executing technical tasks.
Furthermore,...
https://www.youtube.com/watch?v=CvSKuonYsHk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Cybersecurity Tips For Small Businesses
Small businesses are underserved by the cybersecurity community. Solutions are too complicated, take too long to implement, and are too expensive.
This often leads to do-it-yourself security, which means you're not fully addressing the risk of your organization as many do not have internal expertise.
In addition, requirements, whether vendor, client, insurance, or compliance, typically lead security initiatives. This reactive approach means rushed decisions to fulfill requirements over investing in cybersecurity for the long term.
We interviewed Bruno Aburto and Heather Noggle - two long-time small business security advocates on their top tips for helping organizations navigate the complexities of cybersecurity.
AI & Cybersecurity Newsletter
------------------------------------------------
👋...
https://www.youtube.com/watch?v=xwqO86qwyVs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Application Penetration Testing: Steps, Methods, & Tools | PurpleSec
Web application penetration testing is comprised of four main steps including:
1. Information gathering.
2. Research and exploitation.
3. Reporting and recommendations.
4. Remediation with ongoing support.
These tests are performed primarily to maintain secure software code development throughout its lifecycle. Coding mistakes, specific requirements, or lack of knowledge of cyber attack vectors are the main purposes of performing this type of penetration test.
In this video, you'll learn the steps on how to perform security testing on a web application and popular tools used during a web application penetration test with real-life examples.
Continue reading... https://purplesec.us/web-application-penetration-testing/
Sample Web Application Report
---------------------------------------------------
https://purplesec.us/wp-content/uploads/2021/10/Web-Application-Penetration-Test-Sample-Report.pdf
Video...
https://www.youtube.com/watch?v=e1DZYIddDrY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ultimate Guide to Arsenal Image Mounter
In this episode, we'll take an in-depth look at Arsenal Image Mounter. We'll start with the basics and cover the functionality included in the free version. Then, we'll look at advanced features including the ability to launch VMs from disk images, password bypass and password cracking, and working with BitLocker encrypted disk images.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:57 - Free Mode
07:55 - Professional Mode
08:43 - Launch a VM from a Disk Image
09:28 - Fixing a Common Issue
12:21 - Windows Authentication Bypass
14:55 - About DPAPI
16:36 - DPAPI: Password Attack Functionality
19:49 - Mounting VSCs
22:36 - Launch a VM from a VSC
23:45 - More VSC Options
26:08 - Working with BitLocker Images
🛠...
https://www.youtube.com/watch?v=4eifl8qvqVk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why You Should Learn AI In Cybersecurity
Cybersecurity faces a difficult challenge with AI. The speed and complexity at which adversaries use this technology pose a serious risk for organizations.
Defenders are struggling to keep pace with new use cases and the evolution of AI happening every day.
So what's the best way to defend against AI and to enhance your career development in security?
Learn AI.
We interviewed Jonathan Todd and Tom Vazdar, two experts at the forefront of AI security to help address this growing threat and provide practical ways to empower security professionals.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry:
https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video...
https://www.youtube.com/watch?v=4cXM7CG2D90
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How LLMs Are Being Exploited
Shubham Khichi has been working on cyber AGI for the past 7 years. Before that, he spent nearly a decade as a red team specialist and cybersecurity researcher. In this interview, Shubham shares his insights into how LLMs are being exploited by adversaries and provides practical tips to secure AI.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
------------------------------
00:00 - Introduction
02:16 - What Is An LLM?
03:53 - Common Vulnerabilities With LLMs
09:34 - How LLMs Are Being Exploited
14:50 - Defending Against LLM Exploits
16:57...
https://www.youtube.com/watch?v=91CbW9XWotw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Should I report this vulnerability? Will I get a bounty?
It's really exciting to find your first bug BUT it's crushing when you realise it isn't reportable or comes back as NA from a client. Here are my top tips for identifying if you've found something and double checking before getting caught up in excitement! I still get emails about IDORs being NA because you need a victims cookie and hackers who are angry at bug bounty programs or triagers.
https://www.youtube.com/watch?v=T4EhE5f7fQg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to take notes when you suck at it
This episode of the Bug Bounty course we talk about the importance of developing a personal note taking system that supports both hacking and learning. Emphasizing the differentiation between notes taken during hacking activities and those for learning about vulnerabilities. We look at methods for organizing and accessing your notes whether you are into Notion, Obsidian or Vim or even mind maps we'll look at how to integrate your notes with tools like Burp Suite. Creating your own knowledge base you can refer to every time you hack, tailored to individual needs and preferences and refine your own note-taking strategies for successful hacking and learning.
00:00 Introduction to the Bug Bounty Course
00:14 The Importance of a Personalized Note-Taking System
00:53 Sponsor Shoutout: Bugcrowd
01:45...
https://www.youtube.com/watch?v=uXuMvUPlvd0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Where's the 4624? - Logon Events vs. Account Logons
In this episode, we'll learn about the difference between "Logon Events" and "Account Logons" and explore a scenario in which communication occurs between two domain-joined workstations. Where will we find Event ID 4624 and other account-related Event IDs of interest?
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:18 - Win11-Test-VM
02:14 - Win10-Test-VM
03:41 - Win2019-Test-VM
05:28 - Recap
🛠 Resources
Logon/Logoff Events:
https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter5
Account Logon Events:
https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter4
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=EXsKJ9kIc6s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Value Of A vCISO For Small Business
Greg Schaffer shares his over 33 years of information technology and cybersecurity experience on the value small and mid-sized businesses gain from working with a virtual CISO (vCISO).
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: https://www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
-------------------------
00:00 - Introduction
02:55 - LinkedIn Poll Results
08:40 - What Are The Responsibilities Of A vCISO?
14:00 - What Are The Benefits Of A vCISO For SMBs?
16:50 - What Are The Risks Of DIY Security?
19:38 - When Should A Small Business Hire A vCISO?
24:27 - What Should SMBs Look For...
https://www.youtube.com/watch?v=YpJPOPfbkLQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RDP Authentication vs. Authorization
In this episode, we'll learn about an important RDP scenario involving Network Level Authentication (NLA) and the Windows Event Log entry that is generated as a result. We'll also see what happens when authentication succeeds, but authorization fails, and how that impacts what's logged.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:10 - Demo
🛠 Resources
RDP Flowchart:
https://13cubed.s3.amazonaws.com/downloads/rdp_flowchart.pdf
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=OlENso8_u7s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 4 - Efficient Rule Development
In this OALABS Patreon tutorial we cover the foundations of writing efficient YARA rules and provide some tips that can help speed up your YARA hunting.
The full notes for this tutorial are unlocked for everyone on our Patreon
https://www.patreon.com/posts/introduction-to-96638239
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=xKeF_cPKXt0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 3 - Rule Use Cases
In this OALABS Patreon tutorial we cover the three main use cases for YARA rules and how they apply to both BlueTeam/SOC operations and malware analysis.
Fun notes have been unlocked for everyone on our Patreon here
https://www.patreon.com/posts/introduction-to-96637668
The following are links to UnpacMe specific tutorials for developing each type of rule.
Identifying specific malware families (unpacked)
https://support.unpac.me/howto/hunting-with-yara/#identifying-specific-malware-families-unpacked
Identifying malware on disk or in network traffic (packed)
https://support.unpac.me/howto/hunting-with-yara/#identifying-malware-on-disk-or-in-network-traffic-packed
Hunting (malware characteristics)
https://support.unpac.me/howto/hunting-with-yara/#hunting-malware-characteristics
-----
OALABS...
https://www.youtube.com/watch?v=xutDqu_OiH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 2 - Hunting on UnpacMe
In this OALABS Patreon tutorial we demonstrate a simple YARA hunting example using the UnpacMe free YARA scan service: https://www.unpac.me
Full notes have been unlocked on our Patreon here
https://www.patreon.com/posts/introduction-to-96637337
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=Xqvlju9ED1c
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to YARA Part 1 - What is a YARA Rule
In this OALABS Patreon tutorial we cover the basics of YARA, what is it, how is it used, and how to write your first rule.
Full notes have been unlocked on our Patreon here
https://www.patreon.com/posts/introduction-to-96636471
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=3BpIhbsDR_I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Windows Courses
Check out the official 13Cubed Investigating Windows training courses, with 365-day access and a certification/digital badge attempt included! If you're looking for affordable, comprehensive, online, on-demand digital forensics training with 4K video, subtitles, and more, you've come to the right place!
🎉 Enroll today at https://training.13cubed.com
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics
https://www.youtube.com/watch?v=BYmRdfmJPfY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Approaching Large Scope Targets Without Feeling Overwhelmed
In this video, we discuss how beginners can tackle large scope targets in bug bounty hunting. These targets offer more flexibility and potential for bug discovery, making them a great starting point for new hackers. However, they can be overwhelming due to their size and diversity. We suggest focusing on one part of the larger scope, which helps you understand the target's application development process without becoming overwhelmed. We also delve into different reconnaissance techniques, including subdomain enumeration, Google Dorking, API enumeration, OSINT, and more. Lastly, we emphasize that while reconnaissance is critical for large scope targets, it is just a stepping stone to actually hacking and finding vulnerabilities.
This series couldn't happen without the support of our sponsor...
https://www.youtube.com/watch?v=W4pafFxOOwc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New OWASP API Top 10 for Hackers
Blog article isn't done yet but I'll get it up ASAP!
Today we explore the new OWASP API Top 10 in detail, the new version is much more hacker friendly and focuses on bugs we can find rather than defenders but how can we start to study these bugs and actually find them? Let's take a look at some of the changes in the new OWASP API top 10 2023, which ones I recommend for beginners just starting out with API hacking and when to look out for specific bugs
There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when they are lurking in our code…it's not as fun
But that's where our sponsor Snyk comes in - Snyk scans your code, dependencies, containers, and configs, all in...
https://www.youtube.com/watch?v=sl1yqGhuVy4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
E-commerce Flaws and 0-1000 Bounties
We're continuing our stories of bad bugs theme with some business logic flaws. Unfortunately, I couldn't find the link to the whitepaper with the e-commerce flaws, but I remember it being quantity manipulation, price manipulation by changing the currency and guessing giftcards. In today's video we look at a pretty basic authentication issue, a pretty boring price manipulation issue and end with an utterly underwhelming order number adjustment. Each of these bugs got paid a bounty between 0-1000, though some were duplicates that were split between me and other hackers because they were bugs found at live hacking events)
There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when...
https://www.youtube.com/watch?v=IsBgaEWpqro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OALABS Holiday Variety Show 2023
𝘔𝘦𝘳𝘳𝘺 𝘐𝘋𝘈𝘮𝘢𝘴 𝘢𝘯𝘥 𝘢 𝘏𝘢𝘱𝘱𝘺 𝘉𝘪𝘯𝘫𝘢-𝘠𝘦𝘢𝘳
Join us for our holiday special reverse engineering variety show!
- Guess the prompt AI charades
- Random RE banter
- Suspicious liquids in bottles
We've got it all!
Merry Christmas everyone we will see you in 2024!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=XMVhX29AJbQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe Advent Of Cyber Day 20 - DevSecOps
DevSecOps has enabled developers to be much more efficient, committing code and deploying it automatically, but it's a fantastic tool for us to go exploring and hacking in their pipelines!
Advent of cyber is a yearly event run by TryHackMe, there are 24 days of cyber security challenges in December AND prizes for competing. Last year I finished every challenge soooooo, I think it's good. If you want to compete, join using this link: https://tryhackme.com/r/christmas
https://www.youtube.com/watch?v=wGO2dWVk1oM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
🔥Resume Roast from our Content Manager Rachel. #shorts #resume #career #hacking
https://www.youtube.com/watch?v=012h_SV0bRs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hyper-V Memory Forensics - MemProcFS to the Rescue!
In this episode, we'll learn how to properly acquire memory from Microsoft Hyper-V guest virtual machines.
🎉 Update
After I recorded this episode, Ulf Frisk, the author of MemProcFS, let me know that he has made some updates that no longer require you to copy the vmsavedstatedumpprovider.dll file to the MemProcFS directory if the SDK is installed in the ***default*** location. If installed to a different location, the file must still be copied. Additionally, the requirement to prepend the Hyper-V checkpoint file with hvsavedstate:// has also been removed. Both changes now make this process even easier!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
00:43 - Preparation
06:35 - Using MemProcFS
🛠 Resources
MemProcFS:
https://github.com/ufrisk/MemProcFS
MemProcFS...
https://www.youtube.com/watch?v=Wbk6ayF_zaQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated Beginners Guide to API Bug Bounty
If you're just getting started with bug bounty hunting, web APIs are a fantastic place to start, they're easy to approach, can't easily be automated and are full of bugs.
Join the free, API security live class on Zoom webinars https://www.traceable.ai/resources/lp/webinar-api-security-masterclass?utm_medium=org_social&utm_source=org_social&utm_campaign=tb
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they'll...
https://www.youtube.com/watch?v=85vdKS0vNN0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is there ageism in #cybersecurity? Matt thinks so! What do you think? #shorts #hacking #ageism
https://www.youtube.com/watch?v=PH9CCcRhUbk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Can an Attacker Actually Do With a Bug Anyway?
We explore the significance of understanding and explaining the impact of vulnerabilities in a bug bounty context. Using Flare.io, to peek into the dark web and see what attackers are actually doing with our vulnerabilities. We cover different vulnerabilities, provide guidelines on creating an effective impact statement, and offer three examples of impactful bug bounty reports. Before I give you my tips for explaining impact to triage and avoiding arguments over severity.
Thank you to our sponsor Flare.io. Know your exposed attack surface, track threat intelligence, and set prioritized alerts (that cut out the noise) for your own info leaked on the dark web with Flare! Try a free trial and see what is out there: https://hi.flare.io/katie-paxton-fear-free-trial/.
00:00 Introduction to Impact...
https://www.youtube.com/watch?v=4gjUby6LGFk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tips For Analyzing Delphi Binaries in IDA (Danabot)
Reverse Engineering Delphi is a nightmare ... or it can be if you don't have the right setup! In this clip we cover some easy tips that can help make some of the analysis a bit easier.
Full notes with links for tools are available here:
https://research.openanalysis.net/danabot/loader/delphi/2023/12/04/danabot.html
Full stream with analysis of the Danabot loader is available on Patreon here:
https://www.patreon.com/posts/live-stream-vod-94510766
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=04RsqP_P9Ss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Recognize Macro Encrypted Strings in Malware
How to identify when a macro is used to encrypt strings in malware... inferring source from disassembly!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=fEAGYjhKzJY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Important Change to ShellBags - Windows 11 2023 Update!
In this episode, we'll learn about an important change introduced with the September 26, 2023 Windows 11 Configuration Update, and how that change affects ShellBags!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
02:07 - Demo
07:34 - Recap
🛠 Resources
September 26, 2023 Windows 11 Configuration Update:
https://support.microsoft.com/en-us/topic/september-26-2023-windows-configuration-update-542780c2-594c-46cb-979d-11116fe164ba#:~:text=Note%20The%20update%20to%20Windows,to%20broaden%20availability%20over%20time
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
https://www.youtube.com/watch?v=M1nyMIu1Y18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]
Our live discord call-in show debates! Are indirect syscalls even required? What are they and how are they used?! What are EDR vendors doing to detect them and why you might care....
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=W2SeruUxhDs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]
Our live discord call-in show debates! Are red team tools really helping our industry or are they just giving malware operators a free lunch?!
-----
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=ur6csODQHKI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 12, 2023
https://www.youtube.com/watch?v=1GbAFa_i-bk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reverse Engineering With Unicorn Emulation
In this OALABS Patreon tutorial we will learn how to use the Unicorn Emulator to assist with reverse engineering! This is the second part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
Lab Notes
https://gist.github.com/herrcore/1a5af37f91a6f9b263a527c98c7b08bd
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=-CNy4qh08iU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied Ep88: The RISE of the CISO with Merike Kaeo
This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=FklaFGnBEyQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emulation Fundamentals - Writing A Basic x86 Emulator
In this OALABS Patreon tutorial we will explore how an emulator works by building one ourselves! This is the first part in a five-part tutorial series that can be found on our Patreon here...
https://www.patreon.com/oalabs/posts?filters%5Btag%5D=Applied+Emulation
The demo Jupyter Lab note can be found on GitHub here...
https://gist.github.com/herrcore/f25bcf55fa10fa8d04effc172eeb63c9
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
https://www.youtube.com/watch?v=HPrqOIdNlrQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 6 | Deconstructing Malware Attacks & Forging a Career in Cybersecurity
In this episode of Intruder Alert, Marcus Hutchins is joined by cybersecurity expert Caitlin Sarian, known for her role as the Global Lead of Cybersecurity Advocacy and Culture at TikTok and her expertise in data protection and privacy compliance. Marcus and Caitlin provide technical insight into the latest US malware attacks and share invaluable advice on breaking into the cybersecurity field.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=2aRgdmTdtK0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is your favorite on here?? #favorite #cybersecurity #hacker
https://www.youtube.com/watch?v=KPPH7vJZajQ
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Protecting Society and the Role of CERT with Tonu
In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=aYCyFDlK7vg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 5 | Community Uprising: Unravelling the Reddit Blackout
In the latest episode of Intruder Alert, Marcus Hutchins and Cybrary blue teamer, Marc Balingit, delve into the the uproar around Reddit's blackout. They unravel the intricacies of Reddit's contentious API changes, which have cornered third-party apps like Apollo, sparking a sweeping blackout protest across thousands of subreddits. Furthermore, they explore the impact of Twitch's fresh policy adjustments, which are a threat to streamers' ad revenue, and other news impacting online communities.
Follow us on Social!!
~Twitter
~Instagram
~FaceBook
~YouTube
~LinkedIn
Jump-start your cybersecurity career for FREE with Cybrary!
https://www.youtube.com/watch?v=8_CEqpKU8AA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trying to demo the #hacker side without getting 🤐🤐🤐 by the platform. Oops! #cybersecurity
https://www.youtube.com/watch?v=p_OgaSkmBMM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 85 | Key Takeaways from the Verizon DBIR with Tony Goulding
Join host Joseph Carson and guest Tony Goulding as they break down the annual Verizon breach report. With over 16,000 incidents and more than 5,200 data breaches, there's a lot to look at. Tony and Joe have some great takeaways from this critical annual report and share their expert insights on what's new, what's changed, and what we're not doing so bad at (hint: MFA goes a long way!)
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=luXnfWO_U7I
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack you exe's phone? 😂 #podcast #cybersecurity
https://www.youtube.com/watch?v=ufdeWuwsWaA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
401 Access Denied: Ep. 84 | The Best of RSAC & Cybersecurity Strategies with Bob Burns
RSAC was the place to be for cybersecurity in 2023, and Joe Carson is joined by Bob Burns to talk all about it. From the sessions that really resonated to the incredible human connections and networking, join Joe and Bob to deconstruct this year's most comprehensive conference. Were you at RSAC this year? Join us in the comments to let us know your favorite session!
Jump-start your cybersecurity career for FREE with Cybrary!
Follow us on Social!
~Cybrary Twitter
~Delinea Twitter
~Instagram
~Facebook
~YouTube
https://www.youtube.com/watch?v=qU40Yg7pfbo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
The AI Revolution with Diana Kelley | 401 Access Denied Podcast Ep. 83
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=the-ai-revolution-with-diana-kelley
Everybody's talking about it - the AI revolution is here. But given the rapid evolution in this field, it's hard to keep up with the sweeping effects this technology is causing. Luckily, Joe Carson is joined by longtime AI expert Diana Kelley to shed light on all of these changes. She addresses the many misconceptions and media misrepresentations surrounding AI, breaks down the different forms of this technology, and emphasizes the need for a better understanding of AI's capabilities and limitations. They also discuss the ethical and legal implications that will only become more potent as AI...
https://www.youtube.com/watch?v=ow9JszgoC1M
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Hacking the Government with Bryan Seely | 401 Access Denied Podcast Ep. 82
Join Us: https://www.cybrary.it/?utm_source=youtube&utm_medium=video&utm_campaign=hacking-the-government-with-bryan-seely
In this eye-opening episode, dive into the captivating world of cybercrime and social engineering with our host, Joe Carson, and special guest Bryan Seely! Bryan, a keynote speaker and cybersecurity expert best known for his Secret Service exposé, discusses his journey from a young computer enthusiast to a renowned public speaker. Join them as they investigate the mindset and techniques used by hackers, such as the use of aliases to deceive and manipulate their targets, as well as the importance of responsible disclosure and changing cybersecurity laws.
Follow us for exclusive updates:
~https://twitter.com/cybraryIT
~https://www.instagram.com/cybrary.it/
~https://www.facebook.com/cybraryit/
Follow...
https://www.youtube.com/watch?v=aagD2SxYUJM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intruder Alert Ep. 4 | Unmasking The New Global Malware Threat On Android Devices
Head to Cybrary.it to open your free account and start learning today!
In this episode of Intruder Alert, join host Marcus Hutchins, world-renowned hacker, and red teamer Matt Mullins while they discuss the millions of devices recently infected with malware during production, and whether or not our devices are spying on us.
For more information on how to jumpstart your career with the most cutting-edge cybersecurity training, head over to Cybrary.it to create your free account and get started on your learning journey!
Make sure to subscribe so that you don't miss the latest new episodes, premiering live every two weeks, and dropping on YouTube On Demand.
https://www.youtube.com/watch?v=wc8T_RcwOkY
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management Metrics: Top 10 KPIs To Measure Success
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
In this engaging interview, Walter shares valuable insights on:
🎯 Balancing costs and benefits while identifying metrics to guide decision-making in vulnerability management investments.
🌐 Maintaining consistency with strategies for aligning metrics across teams, departments, and locations.
⚖️ Adapting to the evolving threat landscape by staying ahead of emerging risks and continuously refining vulnerability management KPIs.
📈 Success stories...
https://www.youtube.com/watch?v=L-61ahYHdH8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Management SOP: Expert Reveals Top Tips
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs!
In this not-to-be-missed session, you'll:
🔑 Learn the essential components of effective vulnerability management SOPs
🛡️ Discover how to prioritize and remediate risks efficiently
🧠 Gain invaluable insights from real-life case studies shared by Kevin Donatelli
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=-yjsaxxrTxk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 10 Vulnerability Management Trends For 2024
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading: https://purplesec.us/learn/vulnerability-management-trends/
Chapters
---------------
00:00 - Introduction
00:20 - Joshua Copeland
02:47 - Automation Is Key
10:30 - Adoption Of Risk-Based Approaches
16:40 - Continuous Monitoring
21:40 - Increased Focus On Cloud Security
28:43 - Increased Use Of Threat Intelligence
35:10 - The Role Of Network Segmentation
43:30 - DevSecOps: Building Security From The...
https://www.youtube.com/watch?v=39XHupVxAY8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Techniques To Improve Vulnerability Visibility & Detection
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/
Read the full article: https://purplesec.us/learn/vulnerability-visibility/
Chapters
---------------
00:00 - Introduction
00:45 - Clement Fouque
01:36 - Importance Of Visibility In Vulnerability Management
02:51 - Why Is Poor Visibility An Issue?
04:40 - Common Blind Spots
06:55 - Improving Asset Inventories
09:30 - How Do You Know If You Have Poor Visibility?
13:20 - Techniques For Improving Visibility
15:05 - How To Ensure All Endpoints Are Being Scanned
18:25 - How Network Segmentation Improves Visibility
20:00 - Third-Party...
https://www.youtube.com/watch?v=3K6TLqyxit4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk-Based Vulnerability Management
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client.
👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read The Full Case Study
----------------------------------------
https://purplesec.us/case-studies/travel-services-provider/
High Level Findings
-------------------------------
PurpleSec's security “cyborgs” were empowered by automation and process improvements to deliver exceptional results in a 3 month period:
- 75% MTTR reduction.
- 86% vulnerability risk reduction.
- M average annual savings for the client.
- 1.6k average monthly man-hour...
https://www.youtube.com/watch?v=nu0US3xLEH4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Build A Vulnerability Management Program | #PurpleSec
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Read the full article... https://purplesec.us/learn/vulnerability-management-program/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters...
https://www.youtube.com/watch?v=nsvxcUsFnJo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Automate Your Vulnerability Remediation Process | PurpleSec
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/vulnerability-remediation/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify:...
https://www.youtube.com/watch?v=Bns79gIwxIA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users' accounts, which allowed attackers to gain access to the personal information of 5.4 million users.
The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID.
More technically, what the security researcher Zhirinovsky reported on HackerOne's bug bounty platform is that this vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=E5dLc98TeLg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is Vulnerability Management? (Explained By Experts)
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: https://purplesec.us/vulnerability-management-guide/?utm_source=newsletter&utm_medium=YouTube&utm_campaign=VM_2023&utm_id=guide
Continue reading... https://purplesec.us/learn/what-is-vulnerability-management/
Podcast Info
--------------------
Podcast website: https://purplesec.us/podcast/
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-beyond-the-checkbox/id1673807278
Spotify: https://open.spotify.com/show/610KAa5g4G0KhoZVwMyXqz
RSS: https://feeds.buzzsprout.com/2137278.rss
Chapters
---------------
00:00...
https://www.youtube.com/watch?v=RE6_Lo2wSIg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)