recrutamento da ELT
https://ctf.tecland.com.br/files/recrutamento2018/
O ELT está abrindo uma oportunidade de ingresso em sua line-up, via processo seletivo, que ocorrerá dia 01 de maio (feriado),
durante 12 horas consecutivas. Começará terça, às 10h37, até às 22h37. Os interessados devem se inscrever em
https://ctf.tecland.com.br/Pwn2Win/, indo em Cadastro. Como time, use seu nickname. Esse tipo de competição demanda muito tempo dos players, se você não possui, não adianta tentar entrar no time! :)As categorias dos challenges serão: Exploitation, Reversing e Crypto, apenas! O
vencedor será convidado para um período de testes jogando conosco, até ser (ou não), oficializado. Dependendo do rendimento, outros players também poderão ser convidados, além do vencedor.https://ctf.tecland.com.br/files/recrutamento2018/
GIMP e Inkscape para criação de layouts.
https://www.youtube.com/channel/UCEQXp_fcqwPcqrzNtWJ1w9w/videos
🕴🏼 @Phantasm_Lab
https://www.youtube.com/channel/UCEQXp_fcqwPcqrzNtWJ1w9w/videos
🕴🏼 @Phantasm_Lab
L.U.C.I v3.1 | Bitcoin check and tranfer | April Update
https://vimeo.com/266948665
🕴🏼 @Phantasm_Lab
This is "L.U.C.I v3.1 | Bitcoin check and tranfer | April Update" by t1m3 on Vimeo, the home for high quality videos and the people who love them.https://vimeo.com/266948665
🕴🏼 @Phantasm_Lab
Vimeo
L.U.C.I v3.1 | Bitcoin check and tranfer | April Update
This is "L.U.C.I v3.1 | Bitcoin check and tranfer | April Update" by t1m3 on Vimeo, the home for high quality videos and the people who love them.
Gabriel Engel - Como um projeto open source se transformou em uma empresa de 60 milhões
https://youtu.be/hXG5R15Uc-E
🕴🏼 @Phantasm_Lab
Conheça a história de como um time de brazucas utilizou o poder do open source para transformar um side-project em uma Startup de US$17 milhões, recebendo investimento de um dos maiores Venture Capitalists americanos e mantendo um crescimento exponencial. Uma jornada que mostra o poder de uma visão ousada e da coragem de quebrar paradigmas para mudar o mundo dos chats.https://youtu.be/hXG5R15Uc-E
🕴🏼 @Phantasm_Lab
YouTube
Gabriel Engel - Como um projeto JS open source se transformou em uma empresa de 60 milhões
Conheça a história de como um time de brazucas utilizou o poder do open source para transformar um side-project em uma Startup de US$17 milhões, recebendo investimento de um dos maiores Venture Capitalists americanos e mantendo um crescimento exponencial.…
0day.Today?
https://0day.today/
🕴🏼 @Phantasm_Lab
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.This was written solely for educational purposes. Use it at your own risk. The author will be not responsible for any damage. // r0073r0day.today Available within TOR: http://mvfjfugdwgc5uwho.onionhttps://0day.today/
🕴🏼 @Phantasm_Lab
Web Hacking Pro Tips #6 with @fransrosen
https://www.youtube.com/watch?v=h55yTacK5HU&feature=youtu.be
🕴🏼 @Phantasm_Lab
In the sixth Web Hacking 101 Interview, I chat with Frans Rosen, super bug bounty hacker. In it, we discuss how Frans got started hacking, how he approaches sites, what he looks for, tools he uses, how he improves his skills and why he is so generous with his information sharing.https://www.youtube.com/watch?v=h55yTacK5HU&feature=youtu.be
🕴🏼 @Phantasm_Lab
YouTube
Web Hacking Pro Tips #6 with @fransrosen
Web Hacking 101: https://goo.gl/BGhTAz
In the sixth Web Hacking 101 Interview, I chat with Frans Rosen, super bug bounty hacker. In it, we discuss how Frans got started hacking, how he approaches sites, what he looks for, tools he uses, how he improves his…
In the sixth Web Hacking 101 Interview, I chat with Frans Rosen, super bug bounty hacker. In it, we discuss how Frans got started hacking, how he approaches sites, what he looks for, tools he uses, how he improves his…
BSidesSF 2018 - Blue Team Fundamentals
https://youtu.be/4Di34iv388A
Noob friendly! While new technical vulnerabilities are found continuously, malicious actors often rely on tried and true methods to exploit. These exploits are surprisingly uncomplicated. In this talk, we’ll share attempts we’ve seen from malicious actors. We’ll break down actual attacks and share what’s been most effective in mitigating credential stuffing, phishing, and common RCE attempts. At the end of this talk, you’ll walk away with simple takeaways to raise the cost to attackers for these simple attacks.Categoria Ciência e tecnologiahttps://youtu.be/4Di34iv388A
YouTube
BSidesSF 2018 - Blue Team Fundamentals (Benjamin Hering)
Benjamin Hering - Blue Team Fundamentals Noob friendly! While new technical vulnerabilities are found continuously, malicious actors often rely on tried and ...
BSidesSF 2018 - The Memory of a Meltdown
https://youtu.be/ue3NNunRLBc
Software bugs can be patched as soon as the vendor pushes an update and the user updates their system. Hardware bugs are a bit more difficult to patch. Within the past few months, Spectre and Meltdown have provided hackers the ability to access memory outside the scope of their permissions. We will be getting our hands dirty with memory to demonstrate how both these vulnerabilities work and how we use a PoC to exploit these vulnerabilities.https://youtu.be/ue3NNunRLBc
YouTube
BSidesSF 2018 - The Memory of a Meltdown (Shane Cota • Chris Magistrado)
Shane Cota • Chris Magistrado - The Memory of a Meltdown, and No We Don't Mean Britney Software bugs can be patched as soon as the vendor pushes an update an...
BSidesSF 2018 - From Bounties to Bureaucracy
https://youtu.be/6KZGmPpUvLI
Bug bounty programs are nearly ubiquitous today, but that wasn’t always the case. When the Zero Day Initiative (ZDI) was founded in 2005, bug bounty programs were considered to be a rare and somewhat controversial commodity. Now they are seen as an indispensable means for companies to acquire bug reports. Our initial goals were similar. The ZDI program extended our own research team by leveraging the methodologies, expertise, and time of others around the globe. Imagine adding more than 3,000 independent researchers from around the world to your team. Having the program asymmetrically enhanced our research capabilities through vulnerability acquisition. The program also provided the data needed to protect our customers while the affected vendor worked on a patch. Since that time, the program has awarded more than $15 million USD while ensuring nearly 4,000 0-day exploits were patched by vendors, all of which makes the computing landscape a safer space and makes ZDI the world’s largest vendor-agnostic bug bounty program.https://youtu.be/6KZGmPpUvLI
YouTube
BSidesSF 2018 - From Bounties to Bureaucracy (Brian Gorenc)
Brian Gorenc - From Bounties to Bureaucracy - The Hidden Market Factors of Exploit Economics Bug bounty programs are nearly ubiquitous today, but that wasn’t...
BSidesSF 2018 - Keep it Like a Secret: When Android Apps Contain Private Keys
https://youtu.be/-VjK0FMmGm4
We all have secrets. And the way we keep them secrets is by not telling them to others. Either because of inappropriate design, or by sheer accident, many publicly-available Android applications include private keys in them. By processing over 1 million applications from the Google Play Store, I have found thousands of private key files that are not private. Discovered private keys include PGP private keys, SSH private keys, OpenVPN keys, Android app signing keys, iOS app signing keys, HTTPS web server keys, and more. Password cracking techniques will also be discussed. Especially with password-protected private keys that are not used by the Android applications themselves, the key details and potential uses for them cannot be known until they are cracked.https://youtu.be/-VjK0FMmGm4
YouTube
BSidesSF 2018 - Keep it Like a Secret: When Android Apps Contain Private Keys (Will Dormann)
Will Dormann - Keep it Like a Secret: When Android Apps Contain Private Keys We all have secrets. And the way we keep them secrets is by not telling them to ...
BSidesSF 2018 - Simple. Open. Mobile: A Look at the Future of Strong Authentication
https://youtu.be/vKrYYOSlriA
In recent years, a growing demand to replace passwords and better protect online users has fueled the creation of new, open authentication standards that would deliver on the simplicity and security consumers require. Unlike early predecessors, newly-developed FIDO U2F and FIDO 2 standards provide strong authentication and high privacy with characteristics that have eluded previous hardware tokens – elegance and simplicity. Impossible you think? This session will change your mind and eventually protect your online accounts.https://youtu.be/vKrYYOSlriA
YouTube
BSidesSF 2018 - Simple. Open. Mobile: A Look at the Future of Strong Authentication (Jerrod Chong)
Jerrod Chong - Simple. Open. Mobile: A Look at the Future of Strong Authentication In recent years, a growing demand to replace passwords and better protect ...
BSidesSF 2018 - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels
https://youtu.be/QnFOuDiihpU
Cybercriminals deploy crimeware for conducting nefarious operations on the Internet. Crimeware is managed on a large scale through deployment of centralized portals known as Command and Control (C&C) panels. C&C panels are considered as attackers’ primary operating environment through which crimewave is controlled and updated at regular intervals of time. C&C panels also store information stolen from the compromised machines as a part of the data exfiltration activity. This empirical study highlights the analysis of thousands of real world C&C web Uniform Resource Locators (URLs) used for deployment of Crimeware such as botnets, key-loggers, ransomware, Point-of-Sales (PoS) malware, etc., to unearth the characteristics of HTTP-based C&C panels. This study gives a statistical view on design and technologies opted by the crimeware authors to deploy HTTP-based C&C panels.https://youtu.be/QnFOuDiihpU
YouTube
BSidesSF 2018 - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels (Aditya K Sood)
Aditya K Sood - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels Cybercriminals deploy crimeware for conducting nefarious operations on th...
Forwarded from Netsec
Trump administration may throw out PPD-20, the approval process for cyber warfare - CyberScoop
https://ift.tt/2KtUwKs
Submitted May 02, 2018 at 08:46PM by ga-vu
via reddit https://ift.tt/2w8chvG
https://ift.tt/2KtUwKs
Submitted May 02, 2018 at 08:46PM by ga-vu
via reddit https://ift.tt/2w8chvG
Cyberscoop
Trump administration may throw out the approval process for cyberwarfare
The White House is looking to rescind PPD-20, a memorandum that helps guide the use of government-backed hacking operations.
Secure your Cookies (Secure and HttpOnly flags)
https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/
Cookies are omnipresent all over the web as they let publishers store data directly on the user’s web browser. Especially used to identify the user session allowing the web server to recognize him all along his browsing, cookies usually contain sensitive data. You have to properly protect them.https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/
Dareboost Blog
Secure your Cookies (Secure and HttpOnly flags)
Cookies are widely used throughout the Web because they allow publishers to store data directly on the user's Web browser. They're particularly used to identify the user's session, allowing the web server to recognize the user as they navigate through the…