Alh4zr3d - Type Jugging Leading to Auth Bypass!
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
https://youtu.be/vn-kHZcdnzQ
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
https://youtu.be/vn-kHZcdnzQ
YouTube
HacktheBox "Base" - Type Jugging Leading to Auth Bypass!
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
Twitch: https://twitch.tv/alh4zr3d…
Twitch: https://twitch.tv/alh4zr3d…
API hacking with postman - @TheXSSrat
https://www.youtube.com/watch?v=rdxVgV8dOnQ&list=PLd92v1QxPOprsg5fTjGBApq4rpb0G-N8L
https://www.youtube.com/watch?v=rdxVgV8dOnQ&list=PLd92v1QxPOprsg5fTjGBApq4rpb0G-N8L
YouTube
API hacking with postman Part 1 - getting the basics down
API's are everywhere and it can only do us good to learn how to hack them while it's still growing so fast. We can grow along! :D
Uncle rat's courses:
https://thexssrat.podia.com
Become a member of this channel to unlock special perks: https://www.you…
Uncle rat's courses:
https://thexssrat.podia.com
Become a member of this channel to unlock special perks: https://www.you…
DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
Bizzabo
DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
BloodHound versus Ransomware: A Defender’s Guide
https://posts.specterops.io/bloodhound-versus-ransomware-a-defenders-guide-28147dedb73b
@BlueTeamLibrary
https://posts.specterops.io/bloodhound-versus-ransomware-a-defenders-guide-28147dedb73b
@BlueTeamLibrary
Medium
BloodHound versus Ransomware: A Defender’s Guide
Intro
John McAfee, criador do antivírus McAfee, é encontrado morto em prisão de Barcelona
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
https://g1.globo.com/economia/tecnologia/noticia/2021/06/23/john-mcafee-criador-do-antivirus-mcaffe-e-encontrado-morto-dizem-jornais.ghtml
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
https://g1.globo.com/economia/tecnologia/noticia/2021/06/23/john-mcafee-criador-do-antivirus-mcaffe-e-encontrado-morto-dizem-jornais.ghtml
G1
John McAfee, criador do antivírus McAfee, é encontrado morto em prisão de Barcelona
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
Grupo Fleury é alvo de ataque cibernético
Os sistemas online do Grupo Fleury foram alvo de uma tentativa de ataque cibernético nessa terça-feira (22), ficando fora do ar desde então. Em nota divulgada à imprensa, a companhia confirmou a investida contra o seu ambiente de Tecnologia da Informação, deixando parte das suas operações indisponíveis.
https://www.tecmundo.com.br/seguranca/219831-grupo-fleury-alvo-ataque-cibernetico.htm
Os sistemas online do Grupo Fleury foram alvo de uma tentativa de ataque cibernético nessa terça-feira (22), ficando fora do ar desde então. Em nota divulgada à imprensa, a companhia confirmou a investida contra o seu ambiente de Tecnologia da Informação, deixando parte das suas operações indisponíveis.
https://www.tecmundo.com.br/seguranca/219831-grupo-fleury-alvo-ataque-cibernetico.htm
Tecmundo
Grupo Fleury é alvo de ataque cibernético
Vários serviços do site da empresa especializada em exames médicos ficaram indisponíveis após a tentativa de invasão externa
Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP
The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.
Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/
The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.
Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/
Unit 42
Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP
This post is also available in: 日本語 (Japanese)Executive Summary The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots. Since its discovery, the malware family has seen a couple…
Web Application Firewalls: Analysis of Detection Logic
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF, PHPIDS, QuickDefense, Libinjection) will be called into question.
https://youtu.be/dMFJLicdaC0
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF, PHPIDS, QuickDefense, Libinjection) will be called into question.
https://youtu.be/dMFJLicdaC0
YouTube
Web Application Firewalls: Analysis of Detection Logic
by Vladimir Ivanov
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF…
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF…
Práticas da OWASP para Testes em Segurança Web
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
https://youtu.be/FhyLmDBdIO0
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
https://youtu.be/FhyLmDBdIO0
YouTube
Práticas da OWASP para Testes em Segurança Web
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
https://www.youtube.com/watch?v=1SpzS0WrNIA
https://www.youtube.com/watch?v=1SpzS0WrNIA
YouTube
What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
Microsoft just released a patch for a critical risk vulnerability in their server implementation of DNS, known as Windows DNS Server: CVE-2020-1350. The vulnerability, known as SIGRed, allows an unauthenticated user to execute code with SYSTEM level privileges…
DNS Cache Poisoning - Computerphile
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://youtu.be/7MT1F0O3_Yw
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://youtu.be/7MT1F0O3_Yw
YouTube
DNS Cache Poisoning - Computerphile
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited…
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited…