Como Um Garoto do Ensino Médio Hackeou o GitHub [Análise Detalhada]
https://www.youtube.com/watch?v=O7M_d46Zhxo
https://www.youtube.com/watch?v=O7M_d46Zhxo
YouTube
Como Um Garoto do Ensino Médio Hackeou o GitHub [Análise Detalhada]
✅ 𝗔𝗚𝗢𝗥𝗔 𝗘𝗨 𝗧𝗘𝗡𝗛𝗢 𝗨𝗠 𝗖𝗨𝗥𝗦𝗢 😍
▸ Olha que massa que ficou: https://curso.dev/
Hacker invade Github e ganha o maior Bug Bounty da história da empresa, só que tem um detalhe muito importante: ele é apenas um estudante do Ensino Médio. Então nesse vídeo eu faço…
▸ Olha que massa que ficou: https://curso.dev/
Hacker invade Github e ganha o maior Bug Bounty da história da empresa, só que tem um detalhe muito importante: ele é apenas um estudante do Ensino Médio. Então nesse vídeo eu faço…
Forwarded from @Phantasm_Lab
Security Learns to Sprint: DevSecOps by TanyaJanca
https://www.youtube.com/watch?v=9P-DzQwb1iQ
@Phantasm_Lab
https://www.youtube.com/watch?v=9P-DzQwb1iQ
@Phantasm_Lab
YouTube
[2019-Keynote] Security Learns to Sprint: DevSecOps by TanyaJanca
This talk will argue that DevOps could be the best thing to happen to application security since OWASP, if developers and operations teams are enabled to make security a part of their everyday work. With a ratio of 100/10/1 for Development, Operations, and…
Forwarded from @Phantasm_Lab ([L]uth1er)
Blue Team Library
Resources to help blue teamers to protect enviroments and improve their security, detect threats, harden their systems and catch the bad guys.
https://news.1rj.ru/str/blueteamlibrary
Resources to help blue teamers to protect enviroments and improve their security, detect threats, harden their systems and catch the bad guys.
https://news.1rj.ru/str/blueteamlibrary
Telegram
w0rk3r's Blue team Library
Resources to help blue teamers to protect enviroments and improve their security, detect threats, harden their systems and catch the bad guys.
For the reds, join @WindowsHackingLibrary
@Cyberwhitepapers
@SecTalks
@FromZer0toHero
Contact: @W0rk3r
For the reds, join @WindowsHackingLibrary
@Cyberwhitepapers
@SecTalks
@FromZer0toHero
Contact: @W0rk3r
Papo Binário #77 - Red team == pentest?
Alerta de entrevista necessária para quem deseja ingressar na área de pentest ou red team. Ou blue team. Ou, ah, só assista! A Marilia, que é do red team do Nubank, dá uma aula do que fazer e o que pensar da área!
https://youtu.be/K_IPrMb6uHg
Alerta de entrevista necessária para quem deseja ingressar na área de pentest ou red team. Ou blue team. Ou, ah, só assista! A Marilia, que é do red team do Nubank, dá uma aula do que fazer e o que pensar da área!
https://youtu.be/K_IPrMb6uHg
YouTube
Papo Binário #77 - Red team == pentest?
Alerta de entrevista necessária para quem deseja ingressar na área de pentest ou red team. Ou blue team. Ou, ah, só assista! A Marilia, que é do red team do Nubank, dá uma aula do que fazer e o que pensar da área!
-- Dúvidas sobre este vídeo? Chega no Discord…
-- Dúvidas sobre este vídeo? Chega no Discord…
Finding Your First Bug: Reading JSON and XML for Information Disclosure
https://youtu.be/992cxaPdaho
In this video we cover how to read JSON and XML specifically to find information disclosure vulnerabilities. We cover how to approach a target when a URL returns JSON or XML, how to know if you've found an info disclosure - and how to exploit it! I want to really demystify JSON/XML and make you feel more at ease with how JSON/XML works and how you can read it. We also cover other vulnerabilities that might exist when a URL returns JSON or XML.https://youtu.be/992cxaPdaho
YouTube
Finding Your First Bug: Reading JSON and XML for Information Disclosure
In this video we cover how to read JSON and XML specifically to find information disclosure vulnerabilities. We cover how to approach a target when a URL returns JSON or XML, how to know if you've found an info disclosure - and how to exploit it! I want to…
Finding Bugs in Mobile APIs
Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex technical skills, but instead perseverance!
https://youtu.be/N9YODrMUk5A
Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex technical skills, but instead perseverance!
https://youtu.be/N9YODrMUk5A
YouTube
Finding Bugs in Mobile APIs
Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex…
Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret-sharing. These include multi-party computation (MPC) and threshold signature schemes (TSS), which are a special case of MPC to sign data in a distributed, yet trustless manner. TSS has notably been tested and deployed in major organizations where secret key generation and digital signing are needed. But these techniques, although powerful and "magic" on paper, can prove fragile in practice, as this talk will show.
https://youtu.be/0Okqvm4lBQI
Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret-sharing. These include multi-party computation (MPC) and threshold signature schemes (TSS), which are a special case of MPC to sign data in a distributed, yet trustless manner. TSS has notably been tested and deployed in major organizations where secret key generation and digital signing are needed. But these techniques, although powerful and "magic" on paper, can prove fragile in practice, as this talk will show.
https://youtu.be/0Okqvm4lBQI
YouTube
Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret…
KitPloit Arsenal
About
It is a tool that brings together exploits and news about security and vulnerabilities, with the intention of contributing to the open source community, developed from the kitploit wbsite, All rights reserved.
https://github.com/Luth1er/KitPloit_Arsenal
About
It is a tool that brings together exploits and news about security and vulnerabilities, with the intention of contributing to the open source community, developed from the kitploit wbsite, All rights reserved.
https://github.com/Luth1er/KitPloit_Arsenal
GitHub
GitHub - Luth1er/KitPloit_Arsenal: It is a tool that brings together exploits and news about security and vulnerabilities, with…
It is a tool that brings together exploits and news about security and vulnerabilities, with the intention of contributing to the open source community, developed from the site http://www.kitploit....
Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling
This briefing will highlight the most recent expansion of the tools of the Syrian Electronic Army (SEA), which are now known to include an entire mobile surveillanceware family (SilverHawk).
https://youtu.be/BhYtyjjjxvM
This briefing will highlight the most recent expansion of the tools of the Syrian Electronic Army (SEA), which are now known to include an entire mobile surveillanceware family (SilverHawk).
https://youtu.be/BhYtyjjjxvM
YouTube
Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling
This briefing will highlight the most recent expansion of the tools of the Syrian Electronic Army (SEA), which are now known to include an entire mobile surveillanceware family (SilverHawk).
By Kristin Del Rosso & Michael Flossman
Full Abstract & Presentation…
By Kristin Del Rosso & Michael Flossman
Full Abstract & Presentation…
A Look Into Signal’s Encrypted Profiles
According to Signal, “Profiles allow you to add a picture and display name that will be shown alongside your existing phone number when communicating with other users. Conversations will feel more personal. Group threads will be less confusing. All of this is possible without sacrificing the privacy and security that you have come to expect from Signal.”
https://blog.0day.rocks/a-look-into-signals-encrypted-profiles-5491908186c1
According to Signal, “Profiles allow you to add a picture and display name that will be shown alongside your existing phone number when communicating with other users. Conversations will feel more personal. Group threads will be less confusing. All of this is possible without sacrificing the privacy and security that you have come to expect from Signal.”
https://blog.0day.rocks/a-look-into-signals-encrypted-profiles-5491908186c1
Medium
A Look Into Signal’s Encrypted Profiles
Can this feature get abused for OSINT discovery?