CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
🐉 @Phantasm_Lab
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
🐉 @Phantasm_Lab
Modern Vulnerability Exploitation: The Heap Overflow
https://www.youtube.com/watch?v=2LSL_vRyCKY
🐉 @Phantasm_Lab
https://www.youtube.com/watch?v=2LSL_vRyCKY
🐉 @Phantasm_Lab
YouTube
Modern Vulnerability Exploitation: The Heap Overflow
A look at the less infamous heap overflow vulnerability.
This video is for educational purposes only.
I did not create this video.
This video is for educational purposes only.
I did not create this video.
Forwarded from Cyber Threat Intelligence
New Ransomware Strain Halts Toll Group Deliveries - by @serghei
https://t.co/n70sVeu5fM http://twitter.com/BleepinComputer/status/1225093601790693376
https://t.co/n70sVeu5fM http://twitter.com/BleepinComputer/status/1225093601790693376
BleepingComputer
New Ransomware Strain Halts Toll Group Deliveries
Australian transportation and logistics company Toll Group confirmed today that systems across multiple sites and business units were encrypted by a new variant of the Mailto ransomware.
The Absolute AppSec Secure Code Review Framework by Seth Law
https://www.youtube.com/watch?v=Kepd1HsoE8o
🐉 @Phantasm_Lab
https://www.youtube.com/watch?v=Kepd1HsoE8o
🐉 @Phantasm_Lab
YouTube
[2019] The Absolute AppSec Secure Code Review Framework by Seth Law
Let’s face it, performing a manual review of someone else’s source code is hard. It takes time, effort, expertise, and grit to actually figure out what the application does, how the developer implemented it, and if there should be any changes. From an application…
Spot the vuln - Identifying security problems in source code by Eldar Marcussen
https://www.youtube.com/watch?v=85Yx4pNSkkY
🧬 @Phantasm_Lab
https://www.youtube.com/watch?v=85Yx4pNSkkY
🧬 @Phantasm_Lab
YouTube
[2019] Spot the vuln - Identifying security problems in source code by Eldar Marcussen
Do you know source code? or perhaps you know vulnerabilities? See where they intersect and how most vulnerabilities are created. This talk will present a ple...
SDLC - Understand the Software Development Life Cycle
https://stackify.com/what-is-sdlc/
🧬 @Phantasm_Lab
SDLC or the Software Development Life Cycle is a process that produces software with the highest quality and lowest cost in the shortest time. SDLC includes a detailed plan for how to develop, alter, maintain, and replace a software system.https://stackify.com/what-is-sdlc/
🧬 @Phantasm_Lab
Stackify
What Is SDLC? Understand the Software Development Life Cycle - Stackify
In this post, we'll diver deeper into how SDLC works, examine each of the phases, and how to choose an SDLC Model.
Git Feature Branch Workflow
https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow
🧬 @Phantasm_Lab
The core idea behind the Feature Branch Workflow is that all feature development should take place in a dedicated branch instead of the master branch. This encapsulation makes it easy for multiple developers to work on a particular feature without disturbing the main codebase.https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow
🧬 @Phantasm_Lab
Atlassian
Git Feature Branch Workflow | Atlassian Git Tutorial
A feature branch is a temporary branch used for development or testing purposes. Learn about the best way to manage them using this guide!
Gitflow Workflow
https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow
🧬 @Phantasm_Lab
Gitflow Workflow is a Git workflow design that was first published and made popular by Vincent Driessen at nvie. The Gitflow Workflow defines a strict branching model designed around the project release. This provides a robust framework for managing larger projects. https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow
🧬 @Phantasm_Lab
Atlassian
Gitflow Workflow | Atlassian Git Tutorial
A deep dive into the Gitflow Workflow. Learn if this Git workflow is right for you and your team with this comprehensive tutorial.
Barq: The AWS Cloud Post Exploitation framework!
https://github.com/Voulnet/barq
🧬 @Phantasm_Lab
barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS.https://github.com/Voulnet/barq
🧬 @Phantasm_Lab
GitHub
GitHub - Voulnet/barq: barq: The AWS Cloud Post Exploitation framework!
barq: The AWS Cloud Post Exploitation framework! Contribute to Voulnet/barq development by creating an account on GitHub.
Esp32 DNS Hijacking
https://www.youtube.com/watch?v=d228X5A_bG4
🧬 @Phantasm_Lab
how to implement simple DNS Hijacking server on the Esp32 chip. For this purpose I've written C library, packaged as a ESP-IDF component. This technique can be used to open Captive Portal on the Esp32.https://www.youtube.com/watch?v=d228X5A_bG4
🧬 @Phantasm_Lab
YouTube
Esp32 DNS Hijacking
In this video I've shown how to implement simple DNS Hijacking server on the Esp32 chip. For this purpose I've written C library, packaged as a ESP-IDF component. This technique can be used to open Captive Portal on the Esp32.
"Domain Name Server (DNS) hijacking…
"Domain Name Server (DNS) hijacking…
Caso Jumpshot: entenda a polêmica da controversa subsidiária da Avast
https://thehack.com.br/caso-jumpshot-entenda-a-polemica-da-controversa-subsidiaria-da-avast/
🏴☠️ @Phantasm_Lab
Uma bomba caiu no colo dos internautas que utilizam o antivírus tcheco Avast na última semana. Uma investigação conjunta da VICE e da PCMag revelou com exclusividade que a companhia europeia estaria comercializando dados altamente sensíveis de alguns de seus usuários através da Jumpshot, sua subsidiária especializada em marketing digital e inteligência de mercado. Entre os clientes de tal empresa secundária, encontram-se marcas como Google, Yelp, Microsoft, McKinsey, Pepsi e Condé Nast.https://thehack.com.br/caso-jumpshot-entenda-a-polemica-da-controversa-subsidiaria-da-avast/
🏴☠️ @Phantasm_Lab
The Hack
Caso Jumpshot: entenda a polêmica da controversa subsidiária da Avast
Empresa “obscura” vendia dados detalhados sobre hábitos de navegação web de usuários do antivírus tcheco.
Rede de lojas dos EUA deixa vazar 30 milhões de cartões de crédito de clientes
🏴☠️ @Phantasm_Lab
Criminosos cibernéticos já estão comercializando dados roubados da Wawa, rede de lojas de conveniência norte-americana, através de fóruns e marketplaces online. A companhia revelou, em dezembro do ano passado, ter sofrido um vazamento de dados após ter seu sistema de pagamento comprometido em 850 estabelecimentos ao redor dos Estados Unidos; porém, na época, nem a própria cadeia de lojas conseguiu estipular a real gravidade do incidente.
https://thehack.com.br/rede-de-lojas-dos-eua-deixa-vazar-30-milhoes-de-cartoes-de-credito-de-clientes/🏴☠️ @Phantasm_Lab
The Hack
Rede de lojas dos EUA deixa vazar 30 milhões de cartões de crédito de clientes
Criminosos já estão comercializando dados roubados da Wawa, que sofreu um incidente em dezembro de 2019.
Awesome GitHub Repos
1. Book of Secret Knowledge = https://lnkd.in/fWKCdi4
2. Awesome Hacking = https://lnkd.in/f7VPTEX
3. Awesome Bug Bounty = https://lnkd.in/fPrQiVD
4. Awesome Penetration Testing = https://lnkd.in/fAUZgu5
5. Awesome Web Hacking = https://lnkd.in/f5n2hSd
6. Awesome Hacking Resources = https://lnkd.in/fcJ6wFH
7. Awesome Pentest = https://lnkd.in/fNNSFeN
8. Awesome Red Teaming = https://lnkd.in/fGpievF
9. Awesome Web Security = https://lnkd.in/ffG73u2
10. Penetration Test Guide based on OWASP = https://lnkd.in/ffyBwzG
11. Pentest Compilation = https://lnkd.in/f5JwJTD
12. Infosec Reference = https://lnkd.in/fY6wNmX
🧪 @Phantasm_Lab
📬 @tani0m
1. Book of Secret Knowledge = https://lnkd.in/fWKCdi4
2. Awesome Hacking = https://lnkd.in/f7VPTEX
3. Awesome Bug Bounty = https://lnkd.in/fPrQiVD
4. Awesome Penetration Testing = https://lnkd.in/fAUZgu5
5. Awesome Web Hacking = https://lnkd.in/f5n2hSd
6. Awesome Hacking Resources = https://lnkd.in/fcJ6wFH
7. Awesome Pentest = https://lnkd.in/fNNSFeN
8. Awesome Red Teaming = https://lnkd.in/fGpievF
9. Awesome Web Security = https://lnkd.in/ffG73u2
10. Penetration Test Guide based on OWASP = https://lnkd.in/ffyBwzG
11. Pentest Compilation = https://lnkd.in/f5JwJTD
12. Infosec Reference = https://lnkd.in/fY6wNmX
🧪 @Phantasm_Lab
📬 @tani0m
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
Forwarded from DARKNET BR
🌐 #Cyberattack | #FBI | #Leaks
Wu Zhiyong, Wang Qian, Xu Ke e Liu Lei são supostamente responsáveis pela invasão dos sistemas de computador Equifax e dos dados pessoais roubados dos segredos comerciais americanos e Equifax. Eles são acusados pelo FBI de fraude informática, espionagem econômica e fraude eletrônica.
Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei are allegedly responsible for the invasion of Equifax computer systems and personal data stolen from American and Equifax trade secrets. They are accused by the FBI of computer fraud, economic espionage and electronic fraud.
China-backed hackers charged in massive Equifax data breach
https://www.youtube.com/watch?v=MpTpUO9qSU0
🏴☠️ @Phantasm_Lab
The Justice Department has charged four Chinese military officials in the massive 2017 Equifax data breach. Nearly 150 million people were affected as the hackers stole names, addresses, credit card and Social Security numbers. CBS News chief Justice and Homeland Security correspondent Jeff Pegues joins CBSN with the latest.https://www.youtube.com/watch?v=MpTpUO9qSU0
🏴☠️ @Phantasm_Lab
YouTube
China-backed hackers charged in massive Equifax data breach
The Justice Department has charged four Chinese military officials in the massive 2017 Equifax data breach. Nearly 150 million people were affected as the ha...