DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
Bizzabo
DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
BloodHound versus Ransomware: A Defender’s Guide
https://posts.specterops.io/bloodhound-versus-ransomware-a-defenders-guide-28147dedb73b
@BlueTeamLibrary
https://posts.specterops.io/bloodhound-versus-ransomware-a-defenders-guide-28147dedb73b
@BlueTeamLibrary
Medium
BloodHound versus Ransomware: A Defender’s Guide
Intro
John McAfee, criador do antivírus McAfee, é encontrado morto em prisão de Barcelona
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
https://g1.globo.com/economia/tecnologia/noticia/2021/06/23/john-mcafee-criador-do-antivirus-mcaffe-e-encontrado-morto-dizem-jornais.ghtml
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
https://g1.globo.com/economia/tecnologia/noticia/2021/06/23/john-mcafee-criador-do-antivirus-mcaffe-e-encontrado-morto-dizem-jornais.ghtml
G1
John McAfee, criador do antivírus McAfee, é encontrado morto em prisão de Barcelona
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
Grupo Fleury é alvo de ataque cibernético
Os sistemas online do Grupo Fleury foram alvo de uma tentativa de ataque cibernético nessa terça-feira (22), ficando fora do ar desde então. Em nota divulgada à imprensa, a companhia confirmou a investida contra o seu ambiente de Tecnologia da Informação, deixando parte das suas operações indisponíveis.
https://www.tecmundo.com.br/seguranca/219831-grupo-fleury-alvo-ataque-cibernetico.htm
Os sistemas online do Grupo Fleury foram alvo de uma tentativa de ataque cibernético nessa terça-feira (22), ficando fora do ar desde então. Em nota divulgada à imprensa, a companhia confirmou a investida contra o seu ambiente de Tecnologia da Informação, deixando parte das suas operações indisponíveis.
https://www.tecmundo.com.br/seguranca/219831-grupo-fleury-alvo-ataque-cibernetico.htm
Tecmundo
Grupo Fleury é alvo de ataque cibernético
Vários serviços do site da empresa especializada em exames médicos ficaram indisponíveis após a tentativa de invasão externa
Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP
The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.
Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/
The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.
Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/
Unit 42
Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP
This post is also available in: 日本語 (Japanese)Executive Summary The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots. Since its discovery, the malware family has seen a couple…
Web Application Firewalls: Analysis of Detection Logic
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF, PHPIDS, QuickDefense, Libinjection) will be called into question.
https://youtu.be/dMFJLicdaC0
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF, PHPIDS, QuickDefense, Libinjection) will be called into question.
https://youtu.be/dMFJLicdaC0
YouTube
Web Application Firewalls: Analysis of Detection Logic
by Vladimir Ivanov
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF…
The presentation will highlight the core of Web Application Firewall (WAF): detection logic, with an accent on regular expressions detection mechanism. The security of 6 trending opensource WAFs (OWASP CRS 2,3 - ModSecurity, Comodo WAF…
Práticas da OWASP para Testes em Segurança Web
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
https://youtu.be/FhyLmDBdIO0
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
https://youtu.be/FhyLmDBdIO0
YouTube
Práticas da OWASP para Testes em Segurança Web
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
https://www.youtube.com/watch?v=1SpzS0WrNIA
https://www.youtube.com/watch?v=1SpzS0WrNIA
YouTube
What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
Microsoft just released a patch for a critical risk vulnerability in their server implementation of DNS, known as Windows DNS Server: CVE-2020-1350. The vulnerability, known as SIGRed, allows an unauthenticated user to execute code with SYSTEM level privileges…
DNS Cache Poisoning - Computerphile
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://youtu.be/7MT1F0O3_Yw
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://youtu.be/7MT1F0O3_Yw
YouTube
DNS Cache Poisoning - Computerphile
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited…
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited…
Exploit Subdomain Takeover Vulnerability
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what are these vulnerabilities, examples and mitigation strategy.
https://youtu.be/FrleeNN-gXw
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what are these vulnerabilities, examples and mitigation strategy.
https://youtu.be/FrleeNN-gXw
YouTube
Exploit Subdomain Takeover Vulnerability
Thank you for watching the video about Exploit Subdomain Takeover Vulnerability
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what…
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what…
CVE-2020-1350 SIGRed PoC Demo - Microsoft Windows DNS Server DoS Vulnerability
This vulnerability has been identified by researchers from CheckPoint and Microsoft as Critical with the ability to perform Remote Code Execution. In this Proof of Concept, the vulnerability is designed to crash the DNS Server as a Denial of Service.
https://youtu.be/gZo1EufWj-E
This vulnerability has been identified by researchers from CheckPoint and Microsoft as Critical with the ability to perform Remote Code Execution. In this Proof of Concept, the vulnerability is designed to crash the DNS Server as a Denial of Service.
https://youtu.be/gZo1EufWj-E
YouTube
CVE-2020-1350 SIGRed PoC Demo - Microsoft Windows DNS Server DoS Vulnerability
This vulnerability has been identified by researchers from CheckPoint and Microsoft as Critical with the ability to perform Remote Code Execution. In this Proof of Concept, the vulnerability is designed to crash the DNS Server as a Denial of Service.
➨ Versions…
➨ Versions…