Forwarded from SHELL SHOCK
https://www.udemy.com/course/web-server-hacking-for-ethical-hacking/?couponCode=WHACK19
https://www.udemy.com/course/digital-forensics-for-ethical-hacking-course/?couponCode=DIGITAL-FORENSICS
https://www.udemy.com/course/cyber-security-web-application-exploitation/?couponCode=CYBER-HACK
https://www.udemy.com/course/ethical-hacking-artifacts-course/?couponCode=BE-HACKER
https://www.udemy.com/course/digital-forensics-for-ethical-hacking-course/?couponCode=DIGITAL-FORENSICS
https://www.udemy.com/course/cyber-security-web-application-exploitation/?couponCode=CYBER-HACK
https://www.udemy.com/course/ethical-hacking-artifacts-course/?couponCode=BE-HACKER
Udemy
Web Server Hacking For Ethical Hacking
Comprehensive course! A beginner's web hacking course.
HTB - Cascade
00:00 - Intro
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute which has a password
12:45 - Using CrackMapExec to test the credential found in LDAP
14:30 - Installing the latest CrackMapExec to gain access to the Spider_Plus Module
17:30 - Using the spider_plus module of CME (CrackMapExec) to crawl the SMB Share as R.Thompson
20:10 - Mounting the SMB Share as R.Thompson in order to view the files in Data share
26:10 - Discovering the VNC Install.reg file which contains an encrypted password
30:10 - Using Metasploit IRB to decrypt TightVNC's password
32:30 - Using the VNC Password to gain a WinRM Session to Cascade as s.smith discovering he is in the Audit Group
37:20 - Using DNSPY to decompile the CascAudit DotNet application
39:50 - Setting a breakpoint in DNSPY where the password is decrypted and viewing the variable after it decrypts the pw
42:10 - Gaining e remote shell as ArkSvc to discover this user is in the AD Recycle Bin Group
43:10 - Viewing deleted Active Directory items to see the TempAdmin has the CascadeLegacyPwd field and discovering this is the PW for administrator
https://www.youtube.com/watch?v=mr-fsVLoQGw
🧬 @Phantasm_Lab
00:00 - Intro
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute which has a password
12:45 - Using CrackMapExec to test the credential found in LDAP
14:30 - Installing the latest CrackMapExec to gain access to the Spider_Plus Module
17:30 - Using the spider_plus module of CME (CrackMapExec) to crawl the SMB Share as R.Thompson
20:10 - Mounting the SMB Share as R.Thompson in order to view the files in Data share
26:10 - Discovering the VNC Install.reg file which contains an encrypted password
30:10 - Using Metasploit IRB to decrypt TightVNC's password
32:30 - Using the VNC Password to gain a WinRM Session to Cascade as s.smith discovering he is in the Audit Group
37:20 - Using DNSPY to decompile the CascAudit DotNet application
39:50 - Setting a breakpoint in DNSPY where the password is decrypted and viewing the variable after it decrypts the pw
42:10 - Gaining e remote shell as ArkSvc to discover this user is in the AD Recycle Bin Group
43:10 - Viewing deleted Active Directory items to see the TempAdmin has the CascadeLegacyPwd field and discovering this is the PW for administrator
https://www.youtube.com/watch?v=mr-fsVLoQGw
🧬 @Phantasm_Lab
YouTube
HackTheBox - Cascade
00:00 - Intro
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute…
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute…
Falta de pessoal de cibersegurança afeta 70% das organizações
https://www.cisoadvisor.com.br/falta-de-pessoal-em-ciberseguranca-afeta-70-das-organizacoes/
A falta de mão de obra para segurança da informação e cibersegurança ocorreu em 70% das empresas, indica uma pesquisa publicada pelo Enterprise Strategy Group (ESG) e pela Information Systems Security Association (ISSA). Ela foi feita com entrevistas de 327 profissionais de segurança (92% da América do Norte, 4% da Europa, 3% da Ásia e 1% da América Latina). Pelas respostas, cerca de 45% acreditam que a escassez de habilidades em segurança cibernética piorou nos últimos anos, enquanto 48% dizem que a situação não mudou – apenas 7% acreditam que as coisas melhoraram.https://www.cisoadvisor.com.br/falta-de-pessoal-em-ciberseguranca-afeta-70-das-organizacoes/
CISO Advisor
Falta de pessoal de cibersegurança afeta 70% das organizações
As causas são muitas, variando desde falta de treinamento até falta de oportunidades de evolução nas empresas
DEF CON Safe Mode Red Team Village - Jonathan Helmus - Student Roadmap to Becoming a Pentester
https://youtu.be/V4hti6UlCf0
🧬 @Phantasm_Lab
This presentation will go through various steps on how students can bridge the gap between academia and becoming a penetration tester. This will include a breakdown of certifications to get, career fields to take on before getting in the industry, what to expect, and speed bumps and road blocks that students can expect to see in their journey.https://youtu.be/V4hti6UlCf0
🧬 @Phantasm_Lab
YouTube
DEF CON Safe Mode Red Team Village - Jonathan Helmus - Student Roadmap to Becoming a Pentester
This presentation will go through various steps on how students can bridge the gap between academia and becoming a penetration tester. This will include a breakdown of certifications to get, career fields to take on before getting in the industry, what to…
DEF CON Safe Mode - Jack Baker - Finding and Exploiting Bugs in Multiplayer Game Engines
🧬 @Phantasm_Lab
Unreal Engine 4 and Unity3D dominate the multiplayer gaming landscape. They're also complicated pieces of software written in C and C++. In this talk, Jack will share the results of months of bug hunting in multiplayer game networking protocols. Be prepared for memory disclosures, speedhacks, and WONTFIX vulnerabilities.
https://youtu.be/4weoWSzuCxs🧬 @Phantasm_Lab
YouTube
DEF CON Safe Mode - Jack Baker - Finding and Exploiting Bugs in Multiplayer Game Engines
Unreal Engine 4 and Unity3D dominate the multiplayer gaming landscape. They're also complicated pieces of software written in C and C++. In this talk, Jack will share the results of months of bug hunting in multiplayer game networking protocols. Be prepared…
Detectify Crowdsource
https://detectify.com/crowdsource
150+ white-hat hackers with superior combined automation & crowdsourcing. Detectify’s vulnerability scanner, founded by some of the worlds best white-hat hackers!https://detectify.com/crowdsource
Detectify
What is Crowdsource?
Crowdsource is a community of ethical hackers who submit vulnerability research to Detectify. Detectify then integrates these vulnerabilities into its products.
Reciclagem de linhas telefônicas: uma ameaça à privacidade dos brasileiros?
https://thehack.com.br/reciclagem-de-linhas-telefonicas-uma-ameaca-a-privacidade-dos-brasileiros/
Já deve ter acontecido contigo: ao comprar um novo chip de telefonia pré-pago, você começa a receber mensagens de texto sobre cartões que você não tem e dívidas que você não registrou. Isso acontece por um motivo simples — a operadora em questão resolveu te presentear com uma linha reciclada, ou seja, um número que já pertenceu a outro indivíduo e foi encerrado por algum motivo (geralmente, por falta de inserção de créditos ou por solicitação do próprio dono original).https://thehack.com.br/reciclagem-de-linhas-telefonicas-uma-ameaca-a-privacidade-dos-brasileiros/
The Hack
Reciclagem de linhas telefônicas: uma ameaça à privacidade dos brasileiros?
Prática de reutilizar um número para um novo cliente é permitida pela Anatel, mas pode gerar dores de cabeça e causar exposição de informações sensíveis.