NTFS Alternate Data Streams (Defence Evasion)

In this video we'll be exploring how to attack, detect and defend against the abuse of NTFS alternate data streams. Originally designed for interoperability, this feature has been commandeered by attackers to hide data and malware in otherwise benign files.

https://youtu.be/S4MBzeni9Eo

Abusing Windows Admin Shares (Lateral Movement)

In this video we'll be exploring how to attack, detect and defend against the abuse of windows admin shares. The humble file share is a reliable lateral movement vector for attackers once they have their hands on valid credentials – especially with a little extra tooling such as PSEXEC.

https://youtu.be/41MUhlHGZ4E

[Vulnerability] - Cookie Stored injection - XSS at Heroic Third Service, call cookies!

the application calls an external service to create the cookies and they are sent back to the server!

https://youtu.be/maatBdt8TPY

Youtube: @Phatansm_Lab

Code Rush is a documentary following the lives of a group of Netscape engineers in Silicon Valley. It covers Netscape's last year as an independent company, from their announcement of the Mozilla open source project until their acquisition by AOL. It particularly focuses on the last minute rush to make the Mozilla source code ready for release by the deadline of March 31 1998, and the impact on the engineers' lives and families as they attempt to save the company from ruin.
Code Rush by David Winton is licensed under a CC 3.0 US License.

https://www.youtube.com/watch?v=4Q7FTjhvZ7Y

🕴 @Phantasm_Lab

Web Hacking Pro Tips #5 with @Jhaddix Jason Haddix

In this fifth Web Hacking 101 Pro Tips interview, I chat with @Jhaddix, Jason Haddix, Director of Technical Operations a Bugcrowd and former #1 Hacker on Bugcrowd to discuss:

- How he got started hacking
- The difference between pen tests and bug bounty hunting
- How he brute forces directories and files
- Tips for improving and automating your hacking
- Ways to improve as a bug hunter, including CTFs
- The importance of good communication
- The difference between good and great bounty hunters, or super hunters
- Advice for new hackers joining Bugcrowd
- How private invites work on Bugcrowd

https://youtu.be/dRF0BGgDnto

Mobile Network Hacking, IP Edition

We explore which protection measures are missing from the mobile network and discuss how to best bring them over from the IT security domain into mobile networks.

https://www.youtube.com/watch?v=3XUo7UBn28o&list=PLH15HpR5qRsXiPOP3gxN6ultoj0rAR6Yn&index=3

Simple Spyware: Androids Invisible Foreground Services and How to (Ab)use Them

This simple to implement spyware shows that Androids permission model can't prevent an excessive use of permissions and that the limitations do not prevent the collection of the user's sensitive data. In order to prevent such attacks, it would be necessary to constantly monitor the apps permission usage or to revoke the permissions after every use. Such prevention mechanisms already exist but aren't widely used, which sets the users privacy and security at risk. We will show what users can do in order to guard themselves against such spyware attacks. Furthermore, we will introduce our solution ideas to detect such spyware on Android. By Thomas Sutter and Bernhard Tellenbach

https://youtu.be/EuInUW77CPo

Zyxel "zyfwp" Backdoor Account (Hardcoded Credential)

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

https://www.rapid7.com/db/vulnerabilities/zyxel-cve-2020-29583/

AppDomainManager Injection and Detection

https://pentestlaboratories.com/2020/05/26/appdomainmanager-injection-and-detection

@WindowsHackingLibrary

🇺🇸 🇧🇷 🇪🇸