Blue Team Library

Resources to help blue teamers to protect enviroments and improve their security, detect threats, harden their systems and catch the bad guys.

https://news.1rj.ru/str/blueteamlibrary

Papo Binário #77 - Red team == pentest?

Alerta de entrevista necessária para quem deseja ingressar na área de pentest ou red team. Ou blue team. Ou, ah, só assista! A Marilia, que é do red team do Nubank, dá uma aula do que fazer e o que pensar da área!

https://youtu.be/K_IPrMb6uHg

Finding Bugs in Mobile APIs

Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex technical skills, but instead perseverance!

https://youtu.be/N9YODrMUk5A

Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets

Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret-sharing. These include multi-party computation (MPC) and threshold signature schemes (TSS), which are a special case of MPC to sign data in a distributed, yet trustless manner. TSS has notably been tested and deployed in major organizations where secret key generation and digital signing are needed. But these techniques, although powerful and "magic" on paper, can prove fragile in practice, as this talk will show.

https://youtu.be/0Okqvm4lBQI

KitPloit Arsenal

About
It is a tool that brings together exploits and news about security and vulnerabilities, with the intention of contributing to the open source community, developed from the kitploit wbsite, All rights reserved.

https://github.com/Luth1er/KitPloit_Arsenal

Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling

This briefing will highlight the most recent expansion of the tools of the Syrian Electronic Army (SEA), which are now known to include an entire mobile surveillanceware family (SilverHawk).

https://youtu.be/BhYtyjjjxvM

A Look Into Signal’s Encrypted Profiles

According to Signal, “Profiles allow you to add a picture and display name that will be shown alongside your existing phone number when communicating with other users. Conversations will feel more personal. Group threads will be less confusing. All of this is possible without sacrificing the privacy and security that you have come to expect from Signal.”

https://blog.0day.rocks/a-look-into-signals-encrypted-profiles-5491908186c1

NSA - Projeto X: Ataque Atômico (Documentário de Laura Poitras - Narrado por Rami Malek) [Legendado]

O misterioso edifício 33 Thomas Street, é capaz de resistir a uma bomba atômica nele há bilhões de e-mails e registros de metadados, espionando mais de 38 países. A NSA (Agência de Segurança Nacional) coletou estes dados.

https://youtu.be/JLrtmPAV8I4

hacker:HUNTER - Wannacry: The Marcus Hutchins Story - All 3 Chapters

One day in May 2017, computers all around the world suddenly shut down.
A malware called WannaCry asks for a ransom. The epidemic suddenly stops,
because a young, British researcher finds a killswitch, by accident.

https://youtu.be/vveLaA-z3-o

🧬 @Phantasm_Lab

Who hacked the 2018 Winter Games?

hacker:HUNTER Olympic Destroyer tells the story of one of the most deceptive hacks in history – the 2018 Pyeongchang Olympic Games.
But what makes this hacking attempt so slippery? And what makes the response so ‘extraordinarily brilliant?’ Find out a

https://youtu.be/1jgdMY12mI8

Architecture: The Stuff That's Hard to Change - Dylan Beattie

In this talk, Dylan will share his own insights into the idea of architecture as part of a software development process. We’ll explore some popular architectural patterns and processes - and a couple of obscure ones as well - and look at how, and when, you can incorporate those patterns into your own projects. We’ll talk about how the idea of software architecture has changed over time, and share some tips and advice for developers who find themselves working with architecture as part of their role.

https://youtu.be/3LtQWxhqjqI

NDC Conferences

After launching in Oslo 2008, NDC quickly became one of Europe’s largest conferences
for .NET & Agile development. Since then, the conference has evolved to encompass all technologies relevant to Software Developers. NDC speakers come from all over the world and are recognized as experts and thought leaders in their field.

https://www.youtube.com/c/NDCConferences/videos

The Hacker PlayBook 3 - Pratical Guide To Penetration Testing

This is the third iteration of The Hacker Playbook (THP) series. Below is an overview of all the new vulnerabilities and attacks that will be discussed. In addition to the new content, some attacks and techniques from the prior books (which are still relevant today) are included to eliminate the need to refer back to the prior books. So, what's new? Some of the updated topics from the past couple of years include:

- Abusing Active Directory
- Abusing Kerberos
- Advanced Web Attacks
- Better Ways to Move Laterally
- Cloud Vulnerabilities
- Faster/Smarter Password Cracking
- Living Off the Land
- Lateral Movement Attacks
- Multiple Custom Labs
- Newer Web Language Vulnerabilities
- Physical Attacks
- Privilege Escalation
- PowerShell Attacks
- Ransomware Attacks
- Red Team vs Penetration Testing
- Setting Up Your Red Team Infrastructure
- Usable Red Team Metrics
- Writing Malware and Evading AV
- And so much more

🕴🏽 @Phantasm_Lab

Web Hacking Pro Tips #6 with @fransrosen

In the sixth Web Hacking 101 Interview, I chat with Frans Rosen, super bug bounty hacker. In it, we discuss how Frans got started hacking, how he approaches sites, what he looks for, tools he uses, how he improves his skills and why he is so generous with his information sharing.

https://www.youtube.com/watch?v=h55yTacK5HU&feature=youtu.be

🕴🏼 @Phantasm_Lab