Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Breach: From Recon to penetrating the perimeter, to actions on the target
https://youtu.be/e99iQC-dod8
@SecTalks
https://youtu.be/e99iQC-dod8
@SecTalks
YouTube
May 2019 Pwn School - TinkerSec "Breach"
Breach: From recon to penetrating the perimeter, to actions on target.
Hack.lu 2018: The Path Towards Automated Heap Exploitation - Thaís Moreira Hamasaki
https://youtu.be/tSjzXyV5AEs
https://youtu.be/tSjzXyV5AEs
YouTube
Hack.lu 2018: The Path Towards Automated Heap Exploitation - Thaís Moreira Hamasaki
OSCP Prep - x86 Windows Stack-Based Buffer Overflow Full Tutorial - War-FTP 1.65
https://youtu.be/Z2pQuGmFNrM
https://youtu.be/Z2pQuGmFNrM
YouTube
OSCP Prep - x86 Windows Stack-Based Buffer Overflow Full Tutorial - War-FTP 1.65
Twitch: https://twitch.tv/alh4zr3d
Twitter: https://twitter.com/alh4zr3d
Discord: https://discord.gg/3kTQYxtGwR
All of the strange aeons of stack-based buffer overflow fundamentals entirely de-obfuscated! This video contains every shred of information required…
Twitter: https://twitter.com/alh4zr3d
Discord: https://discord.gg/3kTQYxtGwR
All of the strange aeons of stack-based buffer overflow fundamentals entirely de-obfuscated! This video contains every shred of information required…
George Hotz | Programming | Exploiting fontconfig CVE-2016-5384 with QIRA
https://youtu.be/7bv_DNRpHaY
https://youtu.be/7bv_DNRpHaY
YouTube
George Hotz | Programming | Exploiting fontconfig CVE-2016-5384 with QIRA
Date of stream 21 Mar 2019.
Live-stream chat added as Subnoscripts/CC - English (Twitch Chat).
Stream noscript: Exploiting fontconfig CVE-2016-5384 with github.com/geohot/qira
Source files:
- https://github.com/geohot/qira
Context:
- https://lists.freedesktop…
Live-stream chat added as Subnoscripts/CC - English (Twitch Chat).
Stream noscript: Exploiting fontconfig CVE-2016-5384 with github.com/geohot/qira
Source files:
- https://github.com/geohot/qira
Context:
- https://lists.freedesktop…
Apache ofbiz rce | CVE-2020-9496 PoC
#Apacheofbiz unauth rce vulnerability : #CVE-2020-9496
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
https://youtu.be/DO93Xc8sGWg
#Apacheofbiz unauth rce vulnerability : #CVE-2020-9496
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
https://youtu.be/DO93Xc8sGWg
YouTube
Apache ofbiz rce | CVE-2020-9496 PoC
#Apacheofbiz unauth rce vulnerability : #CVE-2020-9496
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
Technical…
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
Technical…
CVE-2020-7048 PoC | WordPress Database Reset Plugin Vulnerability
VULNERABILITIES IN WORDPRESS DATABASE RESET PLUGIN ALLOW TO CAPTURE OR ERASE A SITE DATABASE. Wordfence specialists report that at the beginning of January, dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed on more than 80,000 sites. This plugin, developed by WebFactory Ltd, is designed to invest in database setup and quick reset to default settings. As a result, bugs can be used to capture sites and reset tables in the database.
https://youtu.be/nj_dqcvrwp4
VULNERABILITIES IN WORDPRESS DATABASE RESET PLUGIN ALLOW TO CAPTURE OR ERASE A SITE DATABASE. Wordfence specialists report that at the beginning of January, dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed on more than 80,000 sites. This plugin, developed by WebFactory Ltd, is designed to invest in database setup and quick reset to default settings. As a result, bugs can be used to capture sites and reset tables in the database.
https://youtu.be/nj_dqcvrwp4
YouTube
CVE-2020-7048 PoC | WordPress Database Reset Plugin Vulnerability
VULNERABILITIES IN WORDPRESS DATABASE RESET PLUGIN ALLOW TO CAPTURE OR ERASE A SITE DATABASE. Wordfence specialists report that at the beginning of January, dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed…
From XSS in WordPress Core (CVE-2020-4046) to RCE
A long-lived XSS vulnerability was patched in WordPress 5.4.2. It allowed any authenticated user, with privileges to create or edit a post, to embed arbitrary JavaScript within the post. When the post was later viewed the code executed in the context of the site.
https://youtu.be/tCh7Y8z8fb4
A long-lived XSS vulnerability was patched in WordPress 5.4.2. It allowed any authenticated user, with privileges to create or edit a post, to embed arbitrary JavaScript within the post. When the post was later viewed the code executed in the context of the site.
https://youtu.be/tCh7Y8z8fb4
YouTube
From XSS in WordPress Core (CVE-2020-4046) to RCE
A long-lived XSS vulnerability was patched in WordPress 5.4.2. It allowed any authenticated user, with privileges to create or edit a post, to embed arbitrary JavaScript within the post. When the post was later viewed the code executed in the context of…
Alh4zr3d - Type Jugging Leading to Auth Bypass!
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
https://youtu.be/vn-kHZcdnzQ
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
https://youtu.be/vn-kHZcdnzQ
YouTube
HacktheBox "Base" - Type Jugging Leading to Auth Bypass!
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
Twitch: https://twitch.tv/alh4zr3d…
Twitch: https://twitch.tv/alh4zr3d…
API hacking with postman - @TheXSSrat
https://www.youtube.com/watch?v=rdxVgV8dOnQ&list=PLd92v1QxPOprsg5fTjGBApq4rpb0G-N8L
https://www.youtube.com/watch?v=rdxVgV8dOnQ&list=PLd92v1QxPOprsg5fTjGBApq4rpb0G-N8L
YouTube
API hacking with postman Part 1 - getting the basics down
API's are everywhere and it can only do us good to learn how to hack them while it's still growing so fast. We can grow along! :D
Uncle rat's courses:
https://thexssrat.podia.com
Become a member of this channel to unlock special perks: https://www.you…
Uncle rat's courses:
https://thexssrat.podia.com
Become a member of this channel to unlock special perks: https://www.you…
DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
Bizzabo
DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.