Forwarded from Hacking Brasil
Só porque alguns pacotes estão disponíveis para instalar diretamente do Ubuntu Software Center não os torna seguros. Isto é provado por uma recente descoberta de malware em alguns pacotes instantâneos da loja Ubuntu Snaps.
https://hackingbrasil.wordpress.com/2018/05/14/malware-encontrado-no-ubuntu-snap-store/
https://hackingbrasil.wordpress.com/2018/05/14/malware-encontrado-no-ubuntu-snap-store/
Hacking Brasil
Malware encontrado no Ubuntu Snap Store
Só porque alguns pacotes estão disponíveis para instalar diretamente do Ubuntu Software Center não os torna seguros. Isto é provado por uma recente descoberta de malware em alguns pacotes instantân…
Forwarded from AlcyJones
Começando AGORA ... SecurityCast #55 - Proteção Legal de Dados Pessoais no Mundo Digital
Neste SecurityCast vamos conhecer como o mundo vem se posicionando frente ao constante monitoramento que sofremos com empresas coletando todo e qualquer dado sobre nós. Atualmente, a Europa deu um passo muito importante para impedir essas práticas com o EU General Data Protection Regulation (GDPR). Mas ainda fica uma questão: a lei é capaz de fornecer essa proteção?
https://www.youtube.com/watch?v=PIT1T2qzpFA
Neste SecurityCast vamos conhecer como o mundo vem se posicionando frente ao constante monitoramento que sofremos com empresas coletando todo e qualquer dado sobre nós. Atualmente, a Europa deu um passo muito importante para impedir essas práticas com o EU General Data Protection Regulation (GDPR). Mas ainda fica uma questão: a lei é capaz de fornecer essa proteção?
https://www.youtube.com/watch?v=PIT1T2qzpFA
YouTube
[SecurityCast] WebCast #55 - Protecao Legal de Dados Pessoais no Mundo Digital
Neste SecurityCast vamos conhecer como o mundo vem se posicionando frente ao constante monitoramento que sofremos com empresas coletando todo e qualquer dado...
Forwarded from @Phantasm_Lab
BSidesSF 2018 - Blue Team Fundamentals
https://youtu.be/4Di34iv388A
Noob friendly! While new technical vulnerabilities are found continuously, malicious actors often rely on tried and true methods to exploit. These exploits are surprisingly uncomplicated. In this talk, we’ll share attempts we’ve seen from malicious actors. We’ll break down actual attacks and share what’s been most effective in mitigating credential stuffing, phishing, and common RCE attempts. At the end of this talk, you’ll walk away with simple takeaways to raise the cost to attackers for these simple attacks.Categoria Ciência e tecnologiahttps://youtu.be/4Di34iv388A
YouTube
BSidesSF 2018 - Blue Team Fundamentals (Benjamin Hering)
Benjamin Hering - Blue Team Fundamentals Noob friendly! While new technical vulnerabilities are found continuously, malicious actors often rely on tried and ...
Seginfocast #53 – Livro Contagem Regressiva até Zero Day
https://seginfo.com.br/2018/03/01/seginfocast-52-livro-contagem-regressiva-ate-zero-day/
https://seginfo.com.br/2018/03/01/seginfocast-52-livro-contagem-regressiva-ate-zero-day/
SegInfo - Portal, Podcast e Evento sobre Segurança da Informação
Seginfocast #53 – Livro Contagem Regressiva até Zero Day
SegInfocast #53 – Faça o download aqui. (52:45 min, 38 MB) Neste episódio, Paulo Sant’anna recebe Alan Oliveira, que é um dos tradutores do livro Countdown to Zero Day: Stuxnet and the Launch of th…
Forwarded from Netsec
315 Red Team Tips
https://ift.tt/2Il19kP
Submitted May 16, 2018 at 03:30AM by piedpiperpivot
via reddit https://ift.tt/2wJG4uT
https://ift.tt/2Il19kP
Submitted May 16, 2018 at 03:30AM by piedpiperpivot
via reddit https://ift.tt/2wJG4uT
Vincent Yiu
Red Team Tips
Red Team Tips by Vincent Yiu (@vysecurity).
Forwarded from The Bug Bounty Hunter
PHP SSRF Techniques
How to bypass filter_var(), preg_match() and parse_url()
https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
How to bypass filter_var(), preg_match() and parse_url()
https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
Medium
PHP SSRF Techniques
How to bypass filter_var(), preg_match() and parse_url()
Forwarded from AlcyJones
CFP para OWASP LATAM TOUR - BRASÍLIA que será realizado no dia 26/04/2018!!! A data final de envio de proposta de palestra é dia 18/05 ... Clique no link e envie sua proposta!!! https://goo.gl/forms/uOKIhd7X05EcOa4Z2
Google Docs
OWASP LATAM TOUR 2018 - BRASÍLIA
Esta aberta até o dia 18/05/2018 a chamada de palestras para o OWASP LATAM TOUR 2018 - BRASÍLIA que ocorrerá dia 26 de maio de 2018 no auditório da faculdade JK no Guará.
Link de inscrição e maiores informações do evento: https://www.sympla.com.br/1-encontro…
Link de inscrição e maiores informações do evento: https://www.sympla.com.br/1-encontro…
#Perfil #HackerOne #Series
k0rpr1t_z0mb1e (korprit)
https://hackerone.com/korprit
🕴🏽 @Phantasm_Lab
k0rpr1t_z0mb1e (korprit)
Top 10 Hack the Pentagon; Dozens of CVEs (majority protected under NDA). OSCP, eCPPT, eWPTReputation: 1268 Rank: -https://hackerone.com/korprit
🕴🏽 @Phantasm_Lab
HackerOne
HackerOne profile - korprit
Top 10 Hack the Pentagon; Dozens of CVEs (majority protected under NDA). OSCP, eCPPT, eWPT - http://www.backwardlogic.com
How I hacked an online exam portal and gave my exam from my home?
https://medium.com/bugbountywriteup/how-i-hacked-an-online-exam-portal-and-gave-my-exam-from-my-home-dfcbdcd7df98
🕴🏽 @Phantasm_Lab
The whole idea of giving an exam without being monitored was that I should be able to access the exam portal page. The problem comes down to, how to do it? The first idea was to check if the centre had a wireless access point of its own, so that I could hack into it and then access the exam page. The second idea was to get into some other floor of the building and use a ethernet connection to get inside the network.https://medium.com/bugbountywriteup/how-i-hacked-an-online-exam-portal-and-gave-my-exam-from-my-home-dfcbdcd7df98
🕴🏽 @Phantasm_Lab
Medium
How I hacked an online exam portal and gave my exam from my home?
Ever had a bad exam which you know you could have aced if you gave it from the comforts of your room? or if you were allowed to cheat…
Forwarded from @Phantasm_Lab ([L]uŧh1er)
DEFCON 20: Owning Bad Guys {And Mafia} With Javanoscript Botnets
https://www.youtube.com/watch?v=xDslqMCaLZM
🕴 @Phantasm_Lab
https://www.youtube.com/watch?v=xDslqMCaLZM
🕴 @Phantasm_Lab
YouTube
DEFCON 20: Javanoscript Botnets
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ
Exploiting CORS Misconfigurations For Bitcoins And Bounties
https://youtu.be/wgkj4ZgxI4c
🕴 @Phantasm_Lab
https://youtu.be/wgkj4ZgxI4c
🕴 @Phantasm_Lab
YouTube
AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle
Cross-Origin Resource Sharing (CORS) is a mechanism for relaxing the Same Origin Policy to enable communication between websites via browsers. It's already widely understood that certain CORS configurations are dangerous. In this presentation, I'll skim over…
SSRF bible. Cheatsheet
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit#heading=h.t4tsk5ixehdd
🕴 @Phantasm_Lab
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit#heading=h.t4tsk5ixehdd
🕴 @Phantasm_Lab
Google Docs
SSRF bible. Cheatsheet
SSRF bible. Cheatsheet Revision 1.03 26 Jan 2017 Authors: @Wallarm @d0znpp research team Wallarm.com|lab.wallarm.com Try our new product. Wallarm FAST: security tests from traffic https://wallarm.com/wallarm-fast/ Table of contents Table of contents Basics…