Práticas da OWASP para Testes em Segurança Web
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
https://youtu.be/FhyLmDBdIO0
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
https://youtu.be/FhyLmDBdIO0
YouTube
Práticas da OWASP para Testes em Segurança Web
Mostrar a utilização de recursos da OWASP para testar a segurança em aplicações WEB.
What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
https://www.youtube.com/watch?v=1SpzS0WrNIA
https://www.youtube.com/watch?v=1SpzS0WrNIA
YouTube
What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
Microsoft just released a patch for a critical risk vulnerability in their server implementation of DNS, known as Windows DNS Server: CVE-2020-1350. The vulnerability, known as SIGRed, allows an unauthenticated user to execute code with SYSTEM level privileges…
DNS Cache Poisoning - Computerphile
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://youtu.be/7MT1F0O3_Yw
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://youtu.be/7MT1F0O3_Yw
YouTube
DNS Cache Poisoning - Computerphile
Poisoning the DNS cache is a sure way to serve malware to unsuspecting users. Dr Mike Pound explains some of the ways this has been accomplished.
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited…
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited…
Exploit Subdomain Takeover Vulnerability
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what are these vulnerabilities, examples and mitigation strategy.
https://youtu.be/FrleeNN-gXw
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what are these vulnerabilities, examples and mitigation strategy.
https://youtu.be/FrleeNN-gXw
YouTube
Exploit Subdomain Takeover Vulnerability
Thank you for watching the video about Exploit Subdomain Takeover Vulnerability
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what…
Subdomain and bucket sniping is very easy to find and dangerous vulnerability that attacker uses to exploit and perform phishing attacks. In this episode, we have discussed what…
CVE-2020-1350 SIGRed PoC Demo - Microsoft Windows DNS Server DoS Vulnerability
This vulnerability has been identified by researchers from CheckPoint and Microsoft as Critical with the ability to perform Remote Code Execution. In this Proof of Concept, the vulnerability is designed to crash the DNS Server as a Denial of Service.
https://youtu.be/gZo1EufWj-E
This vulnerability has been identified by researchers from CheckPoint and Microsoft as Critical with the ability to perform Remote Code Execution. In this Proof of Concept, the vulnerability is designed to crash the DNS Server as a Denial of Service.
https://youtu.be/gZo1EufWj-E
YouTube
CVE-2020-1350 SIGRed PoC Demo - Microsoft Windows DNS Server DoS Vulnerability
This vulnerability has been identified by researchers from CheckPoint and Microsoft as Critical with the ability to perform Remote Code Execution. In this Proof of Concept, the vulnerability is designed to crash the DNS Server as a Denial of Service.
➨ Versions…
➨ Versions…
DNS Amplification Attack
Attackers are taking advantage of weaknesses in the DNS protocol in order to launch a high bandwidth sophisticated attack on their victim using amplification effects. Learn more about how to prevent DNS amplification attacks
https://youtu.be/xTKjHWkDwP0
Attackers are taking advantage of weaknesses in the DNS protocol in order to launch a high bandwidth sophisticated attack on their victim using amplification effects. Learn more about how to prevent DNS amplification attacks
https://youtu.be/xTKjHWkDwP0
YouTube
DNS Amplification Attack
Attackers are taking advantage of weaknesses in the DNS protocol in order to launch a high bandwidth sophisticated attack on their victim using amplification effects. Learn more about how to prevent DNS amplification attacks. http://www.radware.com/Solutions/Security/
Security+ Cert. Training - DNS Amplification Attack
In this video we will be going over a DNS attack what to look out for and how to prevent it.
https://youtu.be/31lP8thRS3w
In this video we will be going over a DNS attack what to look out for and how to prevent it.
https://youtu.be/31lP8thRS3w
YouTube
DNS Amplification Attack
In this video we will be going over a DNS attack what to look out for and how to prevent it.
Join us as we take the month of April 2020 to prepare you for the Security+ exam in these videos were going to break down everything you're going to need to know…
Join us as we take the month of April 2020 to prepare you for the Security+ exam in these videos were going to break down everything you're going to need to know…
Spootniks - Muitos países erraram na luta contra o coronavírus. Ninguém errou mais que o governo chinês.
Este documentário foi produzido com um único objetivo: seguir os primeiros passos da maior pandemia do século vinte e um. Para isso, construímos uma linha do tempo com literalmente centenas de informações fundamentais para entender como saímos de um surto de pneumonia supostamente inofensivo numa cidade do interior da China para o maior perigo à humanidade desde o fim da Segunda Guerra Mundial.
https://youtu.be/_V4r5ibOm5g
Este documentário foi produzido com um único objetivo: seguir os primeiros passos da maior pandemia do século vinte e um. Para isso, construímos uma linha do tempo com literalmente centenas de informações fundamentais para entender como saímos de um surto de pneumonia supostamente inofensivo numa cidade do interior da China para o maior perigo à humanidade desde o fim da Segunda Guerra Mundial.
https://youtu.be/_V4r5ibOm5g
YouTube
Como a China encobriu a pandemia de COVID-19
Este documentário foi produzido com um único objetivo: seguir os primeiros passos da maior pandemia do século vinte e um. Para isso, construímos uma linha do tempo com literalmente centenas de informações fundamentais para entender como saímos de um surto…
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Breach: From Recon to penetrating the perimeter, to actions on the target
https://youtu.be/e99iQC-dod8
@SecTalks
https://youtu.be/e99iQC-dod8
@SecTalks
YouTube
May 2019 Pwn School - TinkerSec "Breach"
Breach: From recon to penetrating the perimeter, to actions on target.
XXE on www.publish.engelvoelkers.com
A XML External Entities vulnerability has been found on www.publish.engelvoelkers.com:8443. Initially a GET request was made to /dp/services and that returned a 500 Error with some XML data. Changing the HTTP request method to POST with some XML data produced a different response, so it appeared to process XML data.
https://hackerone.com/reports/914801
A XML External Entities vulnerability has been found on www.publish.engelvoelkers.com:8443. Initially a GET request was made to /dp/services and that returned a 500 Error with some XML data. Changing the HTTP request method to POST with some XML data produced a different response, so it appeared to process XML data.
https://hackerone.com/reports/914801
HackerOne
Engel & Völkers Technology GmbH disclosed on HackerOne: XXE on...
## Summary:
A XML External Entities vulnerability has been found on **www.publish.engelvoelkers.com:8443**. Initially a GET request was made to /dp/services and that returned a 500 Error with some...
A XML External Entities vulnerability has been found on **www.publish.engelvoelkers.com:8443**. Initially a GET request was made to /dp/services and that returned a 500 Error with some...
IDS / IPS - Conceitos Basicos
Vídeo da série Segurança em Redes de Computadores cujo assunto é IDS e IPS - Os Intrusion Detection Systems e os Intrusion Prevention Systems.
https://youtu.be/a_Vp0ca4G2g
Vídeo da série Segurança em Redes de Computadores cujo assunto é IDS e IPS - Os Intrusion Detection Systems e os Intrusion Prevention Systems.
https://youtu.be/a_Vp0ca4G2g
YouTube
IDS / IPS
Contribua com o canal, torne-se membro:
https://www.youtube.com/channel/UCz9M2hHURsenUWxXBk3TR8A/join
Conheça os Cursos da SegInfoBrasil
www.seginfobrasil.com.br/cursos
Vídeo da série Segurança em Redes de Computadores cujo assunto é IDS e IPS - Os Intrusion…
https://www.youtube.com/channel/UCz9M2hHURsenUWxXBk3TR8A/join
Conheça os Cursos da SegInfoBrasil
www.seginfobrasil.com.br/cursos
Vídeo da série Segurança em Redes de Computadores cujo assunto é IDS e IPS - Os Intrusion…
TikTok Careers Portal Account Takeover
The following (slightly modified) vulnerability report was sent to TikTok using Hackerone on 17th October 2020 and was resolved within 12 days.
https://security.lauritz-holtmann.de/advisories/tiktok-account-takeover/
The following (slightly modified) vulnerability report was sent to TikTok using Hackerone on 17th October 2020 and was resolved within 12 days.
https://security.lauritz-holtmann.de/advisories/tiktok-account-takeover/
(Web-)Insecurity Blog
TikTok Careers Portal Account Takeover
The following (slightly modified) vulnerability report was sent to TikTok using Hackerone on 17th October 2020 and was resolved within 12 days.
Starbucks - Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg
ko2sec discovered an .ashx endpoint on mobile.starbucks.com.sg intended for image files permitted unrestricted file type uploads which could lead to a potential RCE. ko2sec's thorough analysis provided additional endpoints on other out of scope domains that shared this vulnerability.
https://hackerone.com/reports/1027822
ko2sec discovered an .ashx endpoint on mobile.starbucks.com.sg intended for image files permitted unrestricted file type uploads which could lead to a potential RCE. ko2sec's thorough analysis provided additional endpoints on other out of scope domains that shared this vulnerability.
https://hackerone.com/reports/1027822
HackerOne
Starbucks disclosed on HackerOne: Unrestricted File Upload Leads to...
ko2sec discovered an .ashx endpoint on mobile.starbucks.com.sg intended for image files permitted unrestricted file type uploads which could lead to a potential RCE. ko2sec's thorough analysis...
Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations
In this video, we will take a look at how to perform reconnaissance on AWS S3 buckets and how to exploit S3 bucket permission configurations to list and dump the contents of a poorly configured S3 bucket.
https://youtu.be/ITSZ8743MUk
In this video, we will take a look at how to perform reconnaissance on AWS S3 buckets and how to exploit S3 bucket permission configurations to list and dump the contents of a poorly configured S3 bucket.
https://youtu.be/ITSZ8743MUk
YouTube
Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations
In this video, we will take a look at how to perform reconnaissance on AWS S3 buckets and how to exploit S3 bucket permission configurations to list and dump the contents of a poorly configured S3 bucket.
------------------------------------------------…
------------------------------------------------…
What is a Web Application Firewall (WAF)?
Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic.
https://youtu.be/p8CQcF_9280
Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic.
https://youtu.be/p8CQcF_9280
YouTube
What is a Web Application Firewall (WAF)?
Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic. Today, threat vectors are being introduced at all…
TOP FIREWALL MISCONFIGURATIONS THAT LEAD TO EASY EXPLOITATIONS BY ATTACKERS
Network security should be a major focus for companies moving to the cloud. Cloud networks are exposed to the Internet and companies don’t have direct control of the hardware running them. When not configured correctly, networks in the cloud could be attacked and breached.
https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
Network security should be a major focus for companies moving to the cloud. Cloud networks are exposed to the Internet and companies don’t have direct control of the hardware running them. When not configured correctly, networks in the cloud could be attacked and breached.
https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
HackerOne
Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers
Network security should be a major focus for companies moving to the cloud. Cloud networks are exposed to the Internet and companies don’t have direct control of the hardware running them. When not configured correctly, networks in the cloud could be attacked…