Forwarded from @Phantasm_Lab ([L]uth1er)
Forwarded from Red Team Alerts
Exploiting misconfigured OAuth to takeover accounts
https://infosecwriteups.com/exploiting-misconfigured-oauth-to-takeover-accounts-225a367bca43
https://infosecwriteups.com/exploiting-misconfigured-oauth-to-takeover-accounts-225a367bca43
Medium
Exploiting misconfigured OAuth to takeover accounts
Hi, in this writeup I will talk about two misconfigured OAuth flaws I found while looking for bugs, without further ado let’s begin.
Como Um Garoto do Ensino Médio Hackeou o GitHub [Análise Detalhada]
https://www.youtube.com/watch?v=O7M_d46Zhxo
https://www.youtube.com/watch?v=O7M_d46Zhxo
YouTube
Como Um Garoto do Ensino Médio Hackeou o GitHub [Análise Detalhada]
✅ 𝗔𝗚𝗢𝗥𝗔 𝗘𝗨 𝗧𝗘𝗡𝗛𝗢 𝗨𝗠 𝗖𝗨𝗥𝗦𝗢 😍
▸ Olha que massa que ficou: https://curso.dev/
Hacker invade Github e ganha o maior Bug Bounty da história da empresa, só que tem um detalhe muito importante: ele é apenas um estudante do Ensino Médio. Então nesse vídeo eu faço…
▸ Olha que massa que ficou: https://curso.dev/
Hacker invade Github e ganha o maior Bug Bounty da história da empresa, só que tem um detalhe muito importante: ele é apenas um estudante do Ensino Médio. Então nesse vídeo eu faço…
Forwarded from @Phantasm_Lab
Security Learns to Sprint: DevSecOps by TanyaJanca
https://www.youtube.com/watch?v=9P-DzQwb1iQ
@Phantasm_Lab
https://www.youtube.com/watch?v=9P-DzQwb1iQ
@Phantasm_Lab
YouTube
[2019-Keynote] Security Learns to Sprint: DevSecOps by TanyaJanca
This talk will argue that DevOps could be the best thing to happen to application security since OWASP, if developers and operations teams are enabled to make security a part of their everyday work. With a ratio of 100/10/1 for Development, Operations, and…
Forwarded from @Phantasm_Lab ([L]uth1er)
Blue Team Library
Resources to help blue teamers to protect enviroments and improve their security, detect threats, harden their systems and catch the bad guys.
https://news.1rj.ru/str/blueteamlibrary
Resources to help blue teamers to protect enviroments and improve their security, detect threats, harden their systems and catch the bad guys.
https://news.1rj.ru/str/blueteamlibrary
Telegram
w0rk3r's Blue team Library
Resources to help blue teamers to protect enviroments and improve their security, detect threats, harden their systems and catch the bad guys.
For the reds, join @WindowsHackingLibrary
@Cyberwhitepapers
@SecTalks
@FromZer0toHero
Contact: @W0rk3r
For the reds, join @WindowsHackingLibrary
@Cyberwhitepapers
@SecTalks
@FromZer0toHero
Contact: @W0rk3r
Papo Binário #77 - Red team == pentest?
Alerta de entrevista necessária para quem deseja ingressar na área de pentest ou red team. Ou blue team. Ou, ah, só assista! A Marilia, que é do red team do Nubank, dá uma aula do que fazer e o que pensar da área!
https://youtu.be/K_IPrMb6uHg
Alerta de entrevista necessária para quem deseja ingressar na área de pentest ou red team. Ou blue team. Ou, ah, só assista! A Marilia, que é do red team do Nubank, dá uma aula do que fazer e o que pensar da área!
https://youtu.be/K_IPrMb6uHg
YouTube
Papo Binário #77 - Red team == pentest?
Alerta de entrevista necessária para quem deseja ingressar na área de pentest ou red team. Ou blue team. Ou, ah, só assista! A Marilia, que é do red team do Nubank, dá uma aula do que fazer e o que pensar da área!
-- Dúvidas sobre este vídeo? Chega no Discord…
-- Dúvidas sobre este vídeo? Chega no Discord…
Finding Your First Bug: Reading JSON and XML for Information Disclosure
https://youtu.be/992cxaPdaho
In this video we cover how to read JSON and XML specifically to find information disclosure vulnerabilities. We cover how to approach a target when a URL returns JSON or XML, how to know if you've found an info disclosure - and how to exploit it! I want to really demystify JSON/XML and make you feel more at ease with how JSON/XML works and how you can read it. We also cover other vulnerabilities that might exist when a URL returns JSON or XML.https://youtu.be/992cxaPdaho
YouTube
Finding Your First Bug: Reading JSON and XML for Information Disclosure
In this video we cover how to read JSON and XML specifically to find information disclosure vulnerabilities. We cover how to approach a target when a URL returns JSON or XML, how to know if you've found an info disclosure - and how to exploit it! I want to…
Finding Bugs in Mobile APIs
Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex technical skills, but instead perseverance!
https://youtu.be/N9YODrMUk5A
Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex technical skills, but instead perseverance!
https://youtu.be/N9YODrMUk5A
YouTube
Finding Bugs in Mobile APIs
Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex…
Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret-sharing. These include multi-party computation (MPC) and threshold signature schemes (TSS), which are a special case of MPC to sign data in a distributed, yet trustless manner. TSS has notably been tested and deployed in major organizations where secret key generation and digital signing are needed. But these techniques, although powerful and "magic" on paper, can prove fragile in practice, as this talk will show.
https://youtu.be/0Okqvm4lBQI
Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret-sharing. These include multi-party computation (MPC) and threshold signature schemes (TSS), which are a special case of MPC to sign data in a distributed, yet trustless manner. TSS has notably been tested and deployed in major organizations where secret key generation and digital signing are needed. But these techniques, although powerful and "magic" on paper, can prove fragile in practice, as this talk will show.
https://youtu.be/0Okqvm4lBQI
YouTube
Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret…