DEF CON Safe Mode Red Team Village - Jonathan Helmus - Student Roadmap to Becoming a Pentester
https://youtu.be/V4hti6UlCf0
🧬 @Phantasm_Lab
This presentation will go through various steps on how students can bridge the gap between academia and becoming a penetration tester. This will include a breakdown of certifications to get, career fields to take on before getting in the industry, what to expect, and speed bumps and road blocks that students can expect to see in their journey.https://youtu.be/V4hti6UlCf0
🧬 @Phantasm_Lab
YouTube
DEF CON Safe Mode Red Team Village - Jonathan Helmus - Student Roadmap to Becoming a Pentester
This presentation will go through various steps on how students can bridge the gap between academia and becoming a penetration tester. This will include a breakdown of certifications to get, career fields to take on before getting in the industry, what to…
DEF CON Safe Mode - Jack Baker - Finding and Exploiting Bugs in Multiplayer Game Engines
🧬 @Phantasm_Lab
Unreal Engine 4 and Unity3D dominate the multiplayer gaming landscape. They're also complicated pieces of software written in C and C++. In this talk, Jack will share the results of months of bug hunting in multiplayer game networking protocols. Be prepared for memory disclosures, speedhacks, and WONTFIX vulnerabilities.
https://youtu.be/4weoWSzuCxs🧬 @Phantasm_Lab
YouTube
DEF CON Safe Mode - Jack Baker - Finding and Exploiting Bugs in Multiplayer Game Engines
Unreal Engine 4 and Unity3D dominate the multiplayer gaming landscape. They're also complicated pieces of software written in C and C++. In this talk, Jack will share the results of months of bug hunting in multiplayer game networking protocols. Be prepared…
Detectify Crowdsource
https://detectify.com/crowdsource
150+ white-hat hackers with superior combined automation & crowdsourcing. Detectify’s vulnerability scanner, founded by some of the worlds best white-hat hackers!https://detectify.com/crowdsource
Detectify
What is Crowdsource?
Crowdsource is a community of ethical hackers who submit vulnerability research to Detectify. Detectify then integrates these vulnerabilities into its products.
Reciclagem de linhas telefônicas: uma ameaça à privacidade dos brasileiros?
https://thehack.com.br/reciclagem-de-linhas-telefonicas-uma-ameaca-a-privacidade-dos-brasileiros/
Já deve ter acontecido contigo: ao comprar um novo chip de telefonia pré-pago, você começa a receber mensagens de texto sobre cartões que você não tem e dívidas que você não registrou. Isso acontece por um motivo simples — a operadora em questão resolveu te presentear com uma linha reciclada, ou seja, um número que já pertenceu a outro indivíduo e foi encerrado por algum motivo (geralmente, por falta de inserção de créditos ou por solicitação do próprio dono original).https://thehack.com.br/reciclagem-de-linhas-telefonicas-uma-ameaca-a-privacidade-dos-brasileiros/
The Hack
Reciclagem de linhas telefônicas: uma ameaça à privacidade dos brasileiros?
Prática de reutilizar um número para um novo cliente é permitida pela Anatel, mas pode gerar dores de cabeça e causar exposição de informações sensíveis.
Forwarded from DARKNET BR
👁 #NSA | #Vigilance | #EdwardSnowden
https://telegra.ph/Sete-anos-depois-Tribunal-dos-EUA-reconhece-ilegalidade-da-NSA-denunciada-por-Snowden-09-03
A decisão foi tomada por três magistrados do Tribunal de Apelações do 9º Circuito e considerou que este órgão ligado à CIA, a partir das informações apresentadas pelo seu ex-funcionário, realmente realizou atividades ilegais.
O resultado foi fruto de processo que surgiu de uma iniciativa da ACLU a favor de Snowden.
https://telegra.ph/Sete-anos-depois-Tribunal-dos-EUA-reconhece-ilegalidade-da-NSA-denunciada-por-Snowden-09-03
Telegraph
Sete anos depois, Tribunal dos EUA reconhece ilegalidade da NSA denunciada por Snowden
Juízes consideraram que fatos denunciados pelo ex-espião, relatados em série de reportagens de Glenn Greenwald em 2013, configuram violação das leis de vigilância dos Estados Unidos. A decisão foi tomada por três magistrados do Tribunal de Apelações do 9º…
Forwarded from DARKNET BR
"Sete anos atrás, quando o noticiário declarou que eu estava sendo acusado de criminoso por falar a verdade, nunca imaginei que viveria para ver nossos tribunais condenarem as atividades da NSA como ilícitas e, na mesma decisão, me darem crédito por expô-las. E ainda assim esse dia chegou."
Algumas tools de osint
https://github.com/instant-username-search/instant-username-search
https://github.com/khast3x/h8mail
https://github.com/jofpin/trape
https://github.com/s0md3v/Photon
https://github.com/thewhiteh4t/FinalRecon
https://github.com/ex0dus-0x/doxbox
https://github.com/laramies/theHarvester
https://github.com/Cignoraptor-ita/cignotrack
https://github.com/sundowndev/PhoneInfoga
https://github.com/thewhiteh4t/seeker
https://github.com/initstring/linkedin2username
https://github.com/Ekultek/WhatBreach
https://github.com/m4ll0k/Infoga
https://github.com/instant-username-search/instant-username-search
https://github.com/khast3x/h8mail
https://github.com/jofpin/trape
https://github.com/s0md3v/Photon
https://github.com/thewhiteh4t/FinalRecon
https://github.com/ex0dus-0x/doxbox
https://github.com/laramies/theHarvester
https://github.com/Cignoraptor-ita/cignotrack
https://github.com/sundowndev/PhoneInfoga
https://github.com/thewhiteh4t/seeker
https://github.com/initstring/linkedin2username
https://github.com/Ekultek/WhatBreach
https://github.com/m4ll0k/Infoga
GitHub
GitHub - instantusername/instant-username-search: ⚡ Instantly search for the availability of your username on more than 100 social…
⚡ Instantly search for the availability of your username on more than 100 social media sites. - instantusername/instant-username-search
Forwarded from Programmer Humor
from alert(1) to uid=0(root) | Chaining XSS & command injection for root on Lenovo NAS
https://youtu.be/ixO7D1-B-aY
🦠 @Phantasm_Lab
Embedded device researchers often come across traditionally valuable vulnerabilities, such as command injection, whose exploitation is limited to authenticated, LAN-side users. From an attacker’s point of view, these restrictions are less than ideal for remote compromise. How can such bugs be weaponized for use in actual exploits? For the Lenovo ix4-300d NAS, the key to a successful attack lies in the victim’s web browser. In this livestream, ISE Labs will demonstrate the chaining of two unrelated vulnerabilities against the ix4-300d—cross-site noscripting and command injection—to show how remote, unauthenticated adversaries can abuse the browser to gain root access to LAN targets.https://youtu.be/ixO7D1-B-aY
🦠 @Phantasm_Lab
YouTube
LIVESTREAM: from alert(1) to uid=0(root) | Chaining XSS & command injection for root on Lenovo NAS
Follow us on:
https://twitter.com/ISEsecurity
https://twitter.com/iotvillage
Website:
https://www.securityevaluators.com
https://blog.securityevaluators.com
Embedded device researchers often come across traditionally valuable vulnerabilities, such as…
https://twitter.com/ISEsecurity
https://twitter.com/iotvillage
Website:
https://www.securityevaluators.com
https://blog.securityevaluators.com
Embedded device researchers often come across traditionally valuable vulnerabilities, such as…