POPULARITY
In this conversation, FIlipi Pires shares his journey into cybersecurity, reflecting on his experiences at HackSpaceCon and discussing the importance of community and continuous learning. He emphasizes the critical issue of misconfigurations in identity management and the need for organizations to understand their vulnerabilities, particularly with legacy systems. Felipe also highlights the evolving nature of threats and the importance of being proactive in security measures. He provides insights into the future of red teaming and offers guidance for aspiring professionals in the field. In this conversation, Filipi Pires discusses the journey of growth in the cybersecurity field, emphasizing the importance of patience and continuous learning. He shares insights about his role at Segura, a company focused on identity solutions, and highlights the significance of community engagement. The discussion also touches on cultural aspects, including Brazilian cuisine and personal preferences, showcasing Filipi's vibrant personality and passion for his work.00:00 Introduction to Filipi Pires02:09 Reflections on HackSpaceCon05:03 Felipe's Journey into Cybersecurity11:01 Learning and Skill Development in Cybersecurity17:02 Current Trends and Misconfigurations in Cybersecurity19:38 Staying Current in Cybersecurity22:52 Understanding Threats and Attack Vectors28:46 The Future of Red Teaming32:46 Guidance for Aspiring Red Teamers36:44 The Journey in Cybersecurity43:59 Understanding Segura and Its Mission45:12 Connecting with the Community50:07 Cultural Insights and Personal PreferencesSYMLINKS[Filipi Pires - Official Website] - https://filipipires.comFilipi Pires' personal website, showcasing his professional background, speaking engagements, research, and cybersecurity insights. It serves as a central hub for his content, blog posts, and community contributions.[Filipi Pires on GitHub] - https://github.com/philip86Filipi Pires' GitHub profile where he shares open-source tools, projects, and potentially his upcoming event schedule. It's a place to follow his latest contributions to the cybersecurity community.[Filipi Pires on LinkedIn] - https://www.linkedin.com/in/filipipiresFilipi's professional profile for connecting with him and following his cybersecurity insights, talks, and global engagements.[Filipi Pires on YouTube] - https://www.youtube.com/@filipi-piresFilipi's YouTube channel featuring his recorded conference talks and cybersecurity presentations in Portuguese, Spanish, and English.[Burp Suite Academy] - https://portswigger.net/web-securityA free, hands-on learning platform created by PortSwigger that teaches web application security using the Burp Suite tool. Recommended by Filipi Pires as a foundational resource for aspiring red teamers and web security professionals.[TryHackMe] - https://tryhackme.com An interactive platform offering cybersecurity labs and learning paths focused on offensive and defensive security. Filipi recommends it for hands-on practice in red teaming and hacking fundamentals.[Hack The Box] - https://www.hackthebox.comA cybersecurity training platform that allows users to practice penetration testing skills in virtual environments. Mentioned as a useful resource for practical skill development in red teaming and ethical hacking.
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast Watch the walkthrough here: https://www.youtube.com/watch?v=-CvvtwKXYjEJoin us on Cyber Work Hacks as Katie Paxton-Fear, known as InsiderPhD, demonstrates how to hack APIs and uncover vulnerabilities in shopping apps. Paxton-Fear provides a visual walkthrough of common mistakes in API security, emphasizing problem-solving and creativity over technical skills. You'll learn how to use tools like Burp Suite and Repeater to exploit vulnerabilities, access personal information and make unauthorized transactions. Paxton-Fears' insights make API hacking an accessible entry point into cybersecurity, highlighting the path to becoming a bug bounty hunter. Plus, discover tips on starting your API hacking journey and utilizing Infosec resources to build a successful career in cybersecurity. Don't miss this comprehensive guide to API hacking!00:00 - Introduction to API security03:16 - Understanding APIs and their vulnerabilities05:26 - Live API hacking demonstration05:43 - Exploring Burp Suite and Repeater08:28 - Identifying and exploiting API vulnerabilities09:50 - Real-world API hacking examples17:21 - Tools and tips for aspiring hackers19:31 - Steps to start bug bounty hunting22:23 - Conclusion – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Welcome to Compromising Positions!The award-winning tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by Simon Painter a senior software engineer with nearly 20 years of experience in the industry and author of the book Functional Programming with C#.In this episode, There is no perfect cybersecurity but you could at least put a padlock on it! we look at how to get your first technical book published, what developers really need from the cybersecurity team (hint - its probability more than you are giving!) and what developers really think of security reviews!Key Takeaways:Everyone Has A Book In Them: Simon shares the 101 on how to get published with tech publishing legend, O'ReillyLearning Never Stops: Simon's MSc in Cybersecurity taught him that continuous learning is essential. If you're in a career rut, consider picking up a new skillBeyond Hackers: Infosec isn't just about thwarting hackers, sometimes it's about knowing what to do when someone ‘does a stupid!'No Padlocks, One Padlocks, 100 Padlocks, When Is it Enough?: Make yourself the ‘un-easy' target through automation tools like OWASP Zap, Burp Suite, and playing around with Kali Linux.Visibility And Collaboration For Happy Devs: Cybersecurity teams, step into the spotlight! Get involved in the code, engage with other teams, and demystify your work. Let's build bridges, not just firewalls!Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don't forget to ask yourself, ‘Am I the compromising position here?' Keywords: cybersecurity, devsecops, pentesting, kali linux, owasp, devs, software developmentSHOW NOTESSimon's Book, Functional Programming with C#Jeff's Book Recommendation, Grokking Artificial Intelligence AlgorithmsHow To Get The Community Edition of Immersive Labs (Try And Get Your Boss To Pay For The Full Thing - So Worth It!)Play Around With Hacking In a Safe Environment with HACK THE BOX and TRY HACK MEABOUT SIMON PAINTERWith nearly 20 years of software engineering experience across various industries, Simon is a Senior Software Developer at Müller UK & Ireland, one of the leading dairy companies in Europe. Simon is also a Microsoft Most Valuable Professional (MVP) since 2023, an O'Reilly technical book author, and a public speaker at IT events worldwide.His core competencies include C#, JavaScript, React.js, and Microsoft Azure, as well as ITIL and computer security.LINKS FOR SIMON PAINTERSimon's WebsiteSimon's Linkedin
New data shows that YouTube is dominating TV viewing as well. What can others like Disney+ and Netflix do to slow it down? We'll talk about what that means and cover the rest of the week's important tech news too. Enjoy! Watch on YouTube! INTRO (00:00) MAIN TOPIC: YouTube dominates streaming, forcing media companies to decide whether it's friend or foe (03:25) DAVE'S PRO-TIP OF THE WEEK: Siri can restart your device. You don't have to turn it off and turn it back on, you can just say “restart my iPhone” to Siri! (14:35) JUST THE HEADLINES: (23:00) Researchers craft smiling robot face from living human skin cells PortSwigger, the company behind the Burp Suite of security testing tools, swallows $112M Ikea is hiring Roblox players to run its virtual store Redbox owner Chicken Soup for the Soul files for Chapter 11 bankruptcy protection Toys R Us riles critics with AI-Generated commercial using Sora South African researchers test use of nuclear technology to curb rhino poaching Lego Bricks Made From Meteorite Dust 3D Printed by Europe's Space Agency TAKES: Amazon is about to take on Temu and Shein by copying them (25:25) Google scraps continuous scrolling in search results (28:15) United Airlines starts serving passengers personalized ads on seat-back screens (32:40) Microsoft blamed for million-plus patient record theft at US hospital giant (33:50) BONUS ODD TAKE: Remoji (37:30) PICKS OF THE WEEK: Dave: [Repick] Sony Alpha ZV-E10 Camera (41:10) Nate: 20 Pcs Miniature Led Lights, Mini Electric Lights for Dollhouse, Tiny Lights for Hand Craft, Miniature Lights Battery Operated, Miniature Lights for Toy Brick Building Blocks Cold White (45:35) RAMAZON PURCHASE - Giveaway! (51:15) BONUS SIDE STEP: Joey Chestnut Hot Dog Controversy (52:15) Joey Chestnut banned from Nathan's Hot Dog Contest Chestnut vs Kobayashi: Unfinished Beef Find us elsewhere: https://notpicks.com https://notnerd.com https://www.youtube.com/c/Notnerd https://www.instagram.com/n0tnerd https://www.facebook.com/n0tnerd/ info@Notnerd.com
A big shoutout to TCM Security for sponsoring this video. Register now to receive a 50% discount on your first month at the TCM Security Academy, potentially making your most significant step toward a career in ethical hacking. Go here: https://davidbombal.wiki/3vQsqWm Farah works at Meta and shares her amazing story of going from studying mass media, to hacking and now working at Meta. Did you know that Facebook and Meta have a bug bounty program that allows you to legally hack them and get paid? Go here: / whitehat // Farah Hawa's SOCIAL// YouTube: / @farahhawa LinkedIn: / farah-hawa-a012b8162 X: https://x.com/farah_hawaa Instagram: / farah_hawaa // Resources REFERENCE // YouTube videos: 2023 Path to Hacking Success: • 2023 Path to Hacking Success: Top 3 B... Bug Bounty: Get paid to hack PayPal and TikTok // Featuring Nahamsec: • Bug Bounty: Get paid to hack PayPal a... My updated bug bounty resources: • my updated bug bounty resources YouTube channels: thenewboston: / @thenewboston Websites: hackerone: https://www.hackerone.com/ hacker101: https://www.hacker101.com/ Burp Suite on PortSwigger: https://portswigger.net/support/burp-... PortSwigger Web Security Academy: https://portswigger.net/web-security Firefox Source Docs: https://developer.mozilla.org/en-US/ Pentester Land: https://pentester.land/ Infosec: https://infosec-conferences.com/ Vickie Li Blog: https://vickieli.dev/ Subfinder: https://github.com/projectdiscovery/s... Sublist3r: https://github.com/aboul3la/Sublist3r Frida: https://frida.re/ Meta Bug Bounty Program: / whitehat Books: Real World Bug Hunting by Peter Yaworski USA: https://amzn.to/3JmRven UK: https://amzn.to/4d3S5M0 Bug Bounty Bootcamp by Vickie Li USA: https://amzn.to/3xGa4rz UK: https://amzn.to/49PwPa0 // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #facebook #hack #hacking
Descubra as cinco principais ferramentas de segurança cibernética que todo profissional deve dominar! Este vídeo apresenta um guia prático sobre como utilizar o NMAP, Nessus, WireShark, Metasploit e Burp Suite para fortalecer sua defesa cibernética. Com demonstrações passo a passo, você aprenderá como essas ferramentas podem ajudar a identificar vulnerabilidades, monitorar redes e realizar testes de penetração eficazes. Não perca as dicas valiosas que facilitarão seu trabalho em segurança da informação. Quer aprofundar seus conhecimentos em segurança da informação e melhorar suas chances no mercado de trabalho? Baixe gratuitamente o ebook "Conquiste sua Vaga em Segurança da Informação" e obtenha dicas exclusivas sobre entrevistas, descoberta de empregos na área e estudos necessários para se destacar! Acesse https://blueteam-academy.com.br para fazer o download agora mesmo! Links para download das ferramentas mencionadas no vídeo: https://nmap.org/download.html https://www.tenable.com/products/nessus/nessus-professional https://www.wireshark.org/download.html https://www.metasploit.com/download https://portswigger.net/burp/communitydownload
In this very special year-end episode, we're cranking up the heat as we explore some of our favorite InfoSec tools of 2023. Guest Lineup: Drew Kirkpatrick - JS-Tap Unleashed Drew Kirkpatrick is the maestro behind "JS-Tap." He dropped this pentesting bombshell at Wild West Hackin' Fest this year with his talk, "JS-Tap: Weaponizing JavaScript for Red Teams." Skyler snagged an exclusive interview with Drew at the conference and we'll get to hear that discussion on this episode. Luke Bremer - Hackvertor Luke Bremer graces our podcast to dive into his blog, "What is Hackvertor (and why should I care?)." Get ready to dive into the use cases of this Burp Suite plugin and how you can utilize it on your next pentest! Ben Mauch (Ben Ten) - Unveiling Impede We end our discussion with Ben Mauch, aka @Ben0xA, as he unveils TrustedSec's latest software offering: Impede. Brace yourself for a deep dive into the features and innovations packed into this cybersecurity marvel. Gather 'round and settle in for our year-end episode of SECURITY NOISE!
Today we had a blast talking with Robert McCurdy about JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy)! JAMBOREE allows you to quickly spin up a portable Git/Python/Java environment and much more! From a pentesting POV, you can whip up an Android pentesting environment, BloodHound/SharpHound combo, Burp Suite...the list goes on!
I avsnitt 46 av Utveckla tar vi oss an säker utveckling tillsammans med Johan Persson, systemutvecklare på Consid i Linköping. Vad är skillnaden mellan offensivt och defensivt it-säkerhetsarbete, vad är det med de vita, svarta och gråa boxarna, varför ska it-avdelningen inte ha säkerhetsmonopol och hur håller vi hyfsat jämna steg med skurkarna? Det borrar vi djupare i tillsammans med Johan. Dessutom snackar Lily och Simon risker med att satsa allt på innehåll på gratisplattformar och Lily avslöjar hur hon blev blåst av Beyonce. 0.37 Programledarna Simon Zachrisson och Lily Tsui hälsar välkomna och blickar tillbaka på en blindtarmsoperation. 2.04 Dagens ämne: Säker utveckling! 7.22 Välkommen Johan Persson! 7.40 Detta jobbar Johan med just nu. 9.33 Johan berättar om hur han halkade in på säker utveckling. 10.56 Detta är cybersäkerhet. 11.24 Om defensiva angreppssätt. 12.42 Så får du in rutinerna vad gäller defensivt arbete på ett bra sätt i teamet. 14.55 Tänk på detta när du sätter upp ett API-anrop. 17.19 Om offensivt cybersäkerhetsarbete. 20.13 Så vanligt är det med ransomware. 21.40 Så skyddade och så bra koll har företagen på sitt it-säkerhetsarbete. 23.13 Därför bör alla utvecklare utbildas inom cybersäkerhet. 25.33 Har övergången till molnet förenklat säkerhetsarbetet? 27.07 Detta är SQL injection. 28.11 Vanliga missuppfattningar om cybersäkerhet. 29.55 Är det viktigt att ha en huvudansvarig för säkerhetsfrågor? 31.02 Strategier för att hitta säkerhetshål i teamen. 32.41 Detta innebär begreppen black box, white box och grey box. 35.00 Så ser Johans verktygslåda ut när han letar säkerhetsluckor. 38.10 Om Log4j som exempel på sårbarheter som både sprids och patchas snabbt. 39.42 Så får du snabbast reda på Zero day exploits. 41.45 Så vet Johan vad han har rätt att göra när han testar säkerheten hos en kund. 42.52 Blir Johan någonsin sugen på att testa bristerna i öppna nätverk på fritiden? 43.52 Håller AI på att bli ett problem på säkerhetssidan? 45.45 Hur håller man jämna steg med skurkarna? 47.44 Så motiverar du säkerhetstänk hos kunden. 49.25 Så kommer du igång med ditt säkerhetsarbete. 50.56 Tusen tack Johan Persson! 51.19 Simon och Lily efterlyser gästtips och debriefar efter avsnittet – detta har de lärt sig, detta är de avundsjuka på Johan för och så fick Beyonce Lily på fall. 54.16 Simon och Lily pratar om riskerna med gratissajter där vi skapar innehåll – när de lägger ner eller börjar ta betalt. 59.50 Tack för den här gången vi hörs igen om en månad! Relevanta länkar: OWASP (Open Worldwide Application Security Project), OWASP Top 10 sammanställer de 10 vanligaste hoten mot webapplikationer: https://owasp.org/www-project-top-ten/ CVE (Common Vulnerabilities and Exposures): https://vuldb.com/ BurpSuite, verktyg för pentest: https://portswigger.net/burp Kali, Linux distro framtaget för pentest: https://www.kali.org/ Metasploit, pentest framework: https://www.metasploit.com/ Nmap, port scanner:https://nmap.org/
Have you seen this New New AI-Powered Test Development Assistant? Want to know what your Automation Scorecard Assessment Score is? And what are some new security tools and AI features that are a must-have? Find out in this episode of the Automation in DevSecOps New Shows for the week of June 25th. So, grab your favorite cup of coffee or tea, and let's do this. Time News Title Rocket Link 0:21 Applitoools FREE Account Offer https://applitools.info/joe 0:42 Katalon StudioAssist https://testguild.me/rpw7nt 2:27 Nightwatch 3 https://testguild.me/ff7cn2 3:52 Automation Testing Scorecard Assessment https://testguild.me/th7nq5 4:15 Playwright 1.35 is out! https://testguild.me/5g3pyy 5:07 Debugging Production: eBPF Chaos https://testguild.me/oflo0c 6:12 Load Testing for Oracle EBS https://testguild.me/2cb2kp 7:14 Brpgpt https://testguild.me/62ctc5 8:32 Active Testing V2 leave no API untested. https://testguild.me/uafn5e
Episode 24: In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Daniel Miessler and Rez0 about the emergence and potential of AI in hacking. We cover AI shortcuts and command line tools, AI in code analysis and the use of AI agents, and even brainstorm about the possible opportunities that integrating AI into hacking tools like Caido and Burp might present. Don't miss this episode packed with valuable insights and cutting-edge strategies for both beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday's Guests:https://twitter.com/rez0__https://twitter.com/DanielMiesslerDaniel Miessler's Unsupervised Learninghttps://danielmiessler.com/Simon Willison's Python Function Search Toolhttps://simonwillison.net/2023/Jun/18/symbex/oobabooga - web interface for modelshttps://github.com/oobabooga/text-generation-webuiState of GPThttps://karpathy.ai/stateofgpt.pdf AI Canarieshttps://danielmiessler.com/p/ai-agents-canaries GPT3.5https://community.openai.com/t/gpt-3-5-turbo-0613-function-calling-16k-context-window-and-lower-prices/263263 GPT Engineerhttps://github.com/AntonOsika/gpt-engineerTimestamps:(00:00:00) Introduction(00:05:40) Using AI for hacking: Developing hacking tools and workflow shortcuts(00:11:40) GPT Engineer and Small Developer for Security Vulnerability Mapping(00:22:40) The potential dangers of centralized vs. decentralized finance(00:24:10) Ethical hacking and circumventing ChatGPT restrictions(00:26:09) AI Agents, Reverse API, and Encoding/Decoding Tools(00:31:45) Limitations of AI in context window and processing large JavaScript files(00:36:50) Meta-prompter: Enhancing prompts for accurate responses from GPT(00:41:00) GPT-35 and the new 616K context model(45:08) Creating a loader for Burp Suite files or Caido instances(00:54:02) Hacking AI Features: Best Practices(01:00:00) AI plugin takeover and the need for verification of third-party plugins and tools
Episode 20: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into the world of "hacker brain hacks'' and overcoming challenges in bug bounty hunting. We discuss custom word lists, the rising popularity of Caido as a potential Burp Suite replacement, and Cloudflared tunnels for hosting POCs. We also tackle the mental aspects of bug bounty hunting, from procrastination to imposter syndrome, and share tips for staying motivated and avoiding burnout. Don't miss this episode packed with valuable insights and advice for both beginners and seasoned bug bounty hunters!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCaido:https://caido.ioTweet from D3mondev on Sequence Diagram:https://twitter.com/d3mondev/status/1660803152755453952Sequence diagram software:https://sequencediagram.orgTimestamps:(00:00:00) Introduction(00:02:36) "Sequence Diagram": Sequence mapping for PoCs(00:04:10) "SubReconGPT": AI and GPT in Bug Bounty Hacking(00:08:30) "Caido": A Potential Replacement for Burp Suite(00:11:34) HackerOne's New Features(00:13:00) Cloudflared Tunnels for Red Team Assessments and Payload Hosting(00:16:07) Mental challenges in Bug Bounty Hunting(00:17:50) Procrastination Education: Letting fear of failure drive you into always learning, never doing.(00:22:46) Analysis Paralysis: Starting with Bug Bounty Programs vs VDPs(00:27:07) Automation Obsession: "When you're hacking, hack. When you're automating, automate."(00:14:34) Imposter Syndrome: You may not be the best, but you're not the worst either.(00:31:55) Motivation Deprivation: Stay curious, and set tiered goals(00:36:07) Automation Obsession pt2: Do we need to say it again?(00:37:25) Reconnaissance Cognizance: Spending too much time on recon and not enough time on hacking(00:40:00) Bad Rabbit Holes, RIP Your Goals: Identifying good and bad rabbit holes(00:46:01) Set Your Goal Poles: Setting specific goals for yourself.(00:48:29) Impact Lacked: Fixating on something that's funky, but simply doesn't really have impact(00:51:00) The Burn-out turn-out: Mending, maintenance, and finding identity and self-worth outside hacking(00:58:19) Responsibility Volatility: Balancing Responsibilities and Freedom as a Bug Bounty Hunter(01:00:30) Payout Phase-out: Don't stop once you've found one bug.(01:02:04) Report on URN Injection
Twitter Agarri: https://twitter.com/Agarri_FR Formation Burp Suite: https://hackademy.agarri.fr/ Twitter MasteringBurp : https://twitter.com/MasteringBurp Blog Agarri : https://www.agarri.fr/fr mpgn: https://twitter.com/mpgn_x64
Some audio issues this week, sorry for the ShareX sound. But we have a few interesting issues. A curl quirk that it might be useful to be aware of, Azure Pipelines vulnerability abusing attacker controlled logging. A look at a pretty classic Android/mobile bug, and a crazy auth misconfiguration (BingBang). Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/201.html [00:00:00] Introduction [00:00:39] The curl quirk that exposed Burp Suite and Google Chrome [00:03:33] Exploiting prototype pollution in Node without the filesystem [00:05:37] Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack [00:11:27] Attacking Android Antivirus Applications [00:20:59] BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
In this episode, Brad and Darrius discuss recent and upcoming changes made to the BurpSuite line of products. If you're a web application penetration tester or just interested in web application security, check this out, it's a game-changer.PortSwigger Post: https://portswigger.net/blog/burp-suite-roadmap-update-january-2023Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In this episode, Darrius and Brad talk about Portswigger's Burp Suite, how they use it, and why it's important. They also offer a sneak-peak into what's coming in 2023! Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
Want to know how to generate a customizable text summary of your playwright test results? How does Zoom do performance testing? I found a tool that allows you to create painless mobile UI automation that you need to see. Find out about these and other end-to-end full pipeline DevOps, software testing, automation testing, performance testing, and security testing in 10 minutes or less in this episode of the test guild news show for the week of Oct 30th.
Cybersecurity is the only technical, professional occupation I know of where practitioners routinely sharpen their skills through open competitions. The contests are based on the classic capture the flag game - except the flags are all virtual and capturing them involves hacking computers. Also unlike most other technical careers, cybersecurity is a high-paying profession that doesn't require a university degree or formal training. There are literally hundreds of thousands of unfilled cybersecurity jobs right now. You can also just dabble in cybersecurity, making money from bug bounty programs. Or you can just hack for the fun of it - in a completely safe and legal environment. Jordan will tell you all about it in today's show! Jordan Wiens has been a reverse engineer, vulnerability researcher, network security engineer, three-time DEF CON CTF winner, even a technical magazine writer but now he's mostly a has-been CTF player who loves to talk about them. He has been the CTF expert for the first three years of HackASat and he was one of the founders of Vector 35, the company that makes Binary Ninja. Interview Links Hack-A-Sat 3: https://hackasat.com/ Satellite hacked using $25 hardware: https://threatpost.com/starlink-hack/180389/ Decommissioned satellite hacked to broadcast movie: https://www.independent.co.uk/tech/hack-satellite-hijack-def-con-b2147595.html Student Rick-Rolls school: https://www.malwarebytes.com/blog/news/2021/10/high-school-student-rickrolls-entire-school-district-and-gets-praised Hack-A-Sat 2 interview: https://podcast.firewallsdontstopdragons.com/2021/06/21/hacking-satellites-for-fun-profit/ Plaid CTF: https://plaidctf.com/ CTFTime.org: https://ctftime.org/ Pwnable.kr: https://pwnable.kr/ Pwnable.tw: https://pwnable.tw/ Reversing.kr: http://reversing.kr/ Shodan: https://www.shodan.io/Burp Suite: https://portswigger.net/burp Wireshark: https://www.wireshark.org/ Binary Ninja: https://binary.ninja/ Metasploit: https://www.metasploit.com/ Nmap: https://nmap.org/ Live Overflow: https://liveoverflow.com/ TryHackMe: https://tryhackme.com/ Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don't Stop Dragons: https://www.amazon.com/gp/product/1484261887 Support my work! https://firewallsdontstopdragons.com/support/ Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequestGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:03: Interview setup0:04:25: What is Hack-A-Sat?0:08:44: How has the Hack-A-Sat program evolved?0:12:58: How did CTF's start out and when did they become popular?0:17:37: Why do we have so many unfilled cybersecurity jobs?0:21:15: Do you need a college degree to work in cybersecurity?0:29:39: What's a black hat hacker vs white hat? What's a red team or blue team?0:32:15: How do CTF's actually work? What is a flag and how do I capture it?0:38:05: Are they beginner CTFs that are free to try?0:44:38: What sorts of tools do hackers use in CTFs and in real hacking?0:51:57: How do hackers chain together multiple exploits?0:56:26: What's your advice to someone who would like to try a CTF?1:00:36: What's next for Hack-A-Sat?1:02:25: interview wrapup1:04:07: What is Rick-Rolling?1:05:23: Try a CTF, go to a hacker con!
How do you become a Cyber Security Expert? Hello and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we're going to talk about how to provide advice and mentoring to help people understand how to become a cybersecurity expert. As always, please follow us on LinkedIn, and subscribe to our podcasts. As a security leader, part of your role is to develop your people. That may not be written anywhere in your job description and will probably never be on a formal interview or evaluation, but after years of being entrusted with leadership positions, I have learned what differentiates true leaders from those who just accomplish a great deal is the making of the effort to develop your people. Now, you may have heard the phrase, "take care of your people," but I'll take issue with that. I take care of my dog. I take care of a family member who is sick, injured, or incapacitated. Why? Because they are not capable of performing all of life's requirements on their own. For the most part, your people can do this. If you are constantly doing things for people who could have otherwise done it themselves, you run the risk of creating learned helplessness syndrome. People, and even animals, can become conditioned to not do what they otherwise could do out of a belief that someone else will do it for them. I am NOT going to get political here, so don't worry about that. Rather, I want to point out that effective leaders develop their people so that they may become independent actors and eventually become effective leaders themselves. In my opinion, you should measure your success by the promotion rate of the people entrusted to you, not by your own personal career advancement or financial success. That brings me to the subject of today's podcast -- how do you counsel and mentor others on how to become a cyber security expert? If you are listening to this podcast, there's a very good chance that you already are an expert in our field, but if not, keep listening and imagine that you are mentoring yourself, because these lessons can apply to you without having seek out a mentor. Some people figure it out, and when asked their secret, they're like Bill Murray in the movie Stripes, "We trained ourselves, sir!" But most of the time, career mastery involves learning from a number of others. Today on CISO Tradecraft we are going to analyze the question, " How do you become a Cyber Security Expert?" I'm going to address this topic as if I were addressing someone in search of an answer. Don't tune out early because you feel you've already accomplished this. Keep listening so you can get a sense of what more you could be doing for your direct reports and any proteges you may have. Let's start at the beginning. Imagine being a high school kid with absolutely zero work experience (other than maybe a paper route -- do kids still do that?) You see someone that tells you they have a cool job where they get paid to ethically hack into computers. Later on, you meet a second person that says they make really good money stopping bad actors from breaking into banks. Somehow these ideas stick into your brain, and you start to say to yourself, you know both of those jobs sound pretty cool. You begin to see yourself having a career in Cyber Security. You definitely prefer it to jobs that require a lot of manual labor and start at a low pay. So, you start thinking, "how I can gain the skills necessary to land a dream job in cyber security that also pays well?" At CISO Tradecraft we believe that there are really four building blocks that create subject matter experts in most jobs. The four building blocks are: Getting an education Getting certifications Getting relevant job experience, and Building your personal brand So, let's explore these in detail. Number 1: Getting an education. When most people think about getting an education after high school, they usually talk about getting an associate's or a bachelor's degree. If you were to look at most Chief Information Security Officers, you will see the majority of them earn a bachelor's degree in Computer Science, an Information Systems or Technology degree from a college of business such as a BS in Management of Information Systems (MIS) or Computer Information Systems, or more recently a related discipline such as a degree in Cyber Security. An associate degree is a great start for many, particularly if you don't have the money to pay for a four-year university degree right out of high school. Tuition and debt can rack up pretty quickly, leaving some students deeply in debt, and for some, that huge bill is a non-starter. Fortunately, community colleges offer quality educational opportunities at very competitive rates relative to four-year degree institutions. For example, Baltimore County Community College charges $122 per credit hour for in-county residents. A couple of miles away, Johns Hopkins University charges $2,016 per credit hour. Now, that's a HUGE difference -- over 16 times if you do the math. Now, Hopkins does have some wonderful facilities and excellent faculty, but when it comes to first- and second-year undergraduate studies, is the quality and content of the education THAT different? Well, that's up to you to decide. The important take-away is, no one should decide NOT to pursue a cybersecurity education because of lack of money. You can get started at any age on an associate degree, and that may give you enough to go on to get your first job. However, if you want to continue on to bachelor's degree, don't give up. Later I'll explain about a program that has been around since 2000 and has provided over 3,300 students with scholarships AND job placement after graduation. Back to those going directly for a bachelor's degree. Now, the good news is that your chosen profession is likely to pay quite well, so not only are you likely to be able to pay off the investment you make in your education, but it will return dividends many times that which you paid, for the rest of your career. Think of financing a degree like financing a house. In exchange for your monthly mortgage payment, you get to enjoy a roof over your head and anything else you do with your home. As a cybersecurity professional, in exchange for your monthly student loan payment, you get to earn well-above average incomes relative to your non-security peers, and hopefully enjoy a rewarding career. And, like the right house, the value of your career should increase over time making your investment in your own education one of your best performing assets. Does this mean that you 100% need a bachelor's degree to get a job in cyber? No, it does not. There are plenty of cyber professionals that speak at Blackhat and DEF CON who have never obtained a college degree. However, if ten applicants are going for an extremely competitive job and only seven of the ten applicants have a college degree in IT or Cyber, you shouldn't be surprised when HR shortens the list of qualified applicants to only the top five applicants all having college degrees. It may not be fair, but it's common. Plus, a U.S. Census Bureau study showed that folks who have a bachelor's degree make half a million dollars more over a career than those with an associate degree, and 1.6 times what a high school diploma holder may earn over a lifetime. So, if you want more career opportunities and want to monetize your future, get past that HR checkbox that looks for a 4-year degree. Now, some people (usually those who don't want to do academic work) will say that a formal education isn't necessary for success. After all, Bill Gates and Mark Zuckerberg were college dropouts, and they're both worth billions. True, but that's a false argument that there's a cause-and-effect relationship there. Both were undergraduates at Harvard University when they developed their business ideas. So, if someone wants to assert a degree isn't necessary, counter with you'll agree once they are accepted into Harvard, and they produce a viable business plan as a teenager while attending classes. You see, completing four years of education in a field of study proves a few things. I've interviewed candidates that said they took all of the computer science and cybersecurity courses they wanted and didn't feel a need to "waste time" with fuzzy studies such as history and English composition. Okay, I'll accept that that person had a more focused education. But consider the precedent here. When a course looked uninteresting or difficult, that candidate just passed on the opportunity. In the world of jobs and careers, there are going to be tasks that are uninteresting or difficult, and no one wants to do them, but they have to get done. As a boss, do you want someone who has shown the pe d completed it with an A (or maybe even a B), or do you want someone who passed when the going got a little rough? The business world isn't academia where you're free to pick and choose whether to complete requirements. Stuff has to get done, and someone who has a modified form of learned helplessness will most likely not follow through when that boring task comes due. Remember I said I was going to tell you how to deal with the unfortunate situation where a prospective student doesn't have enough money to pay for college? There are a couple of ways to meet that challenge. It's time to talk to your rich uncle about paying for college. That uncle is Uncle Sam. Uncle Sam can easily finance your college so you can earn your degrees in Cyber Security. However, Uncle Sam will want you to work for the government in return for paying for your education. Two example scholarships that you could look into are the Reserve Officer Training Corps (ROTC) and Scholarship for Service (SFS). ROTC is an officer accession program offered at more than 1,700 colleges and universities across the United States to prepare young adults to become officers in the U.S. Military. For scholarship students, ROTC pays 100% of tuition, fees, books, and a modest stipend for living expenses. A successful degree program can qualify an Army second lieutenant for a Military Occupation Specialty (or MOS) such as a 17A Cyber Operations Officer, a 17B Cyber and Electronic Warfare Officer, or a 17D Cyber Capabilities Development Officer, a great start to a cybersecurity career. For the Navy, a graduating Ensign may commission as an 1810 Cryptologic Warfare Officer, 1820 Information Professional Officer, 1830 Intelligence Officer, or an 1840 Cyber Warfare Engineer. The Navy uses designators rather than MOS's to delineate career patterns. These designators have changed significantly over the last dozen years and may continue to evolve. The Marine Corps has a 1702 cyberspace officer MOS. Note that the Navy and the Marine Corps share a commissioning source in NROTC (Navy ROTC), and unlike the Army that has over 1,000 schools that participate in AROTC and the Air Force that has 1,100 associated universities in 145 detachments, there are only 63 Navy ROTC units or consortiums, although cross-town affiliates include nearly one hundred more colleges and universities. There are a lot of details that pertain to ROTC, and if you're serious about entering upon a military officer career, it's well worth the time and effort to do your research. Not all ROTC students receive a scholarship; some receive military instruction throughout their four years and are offered a commission upon graduation. Three- and four-year scholarship students incur a military obligation at the beginning of sophomore year, two-year scholarship students at the beginning of junior year, and one-year scholarship students at the start of senior year. The military obligation today is eight years, usually the first four of which are on active duty; the rest may be completed in the reserves. If you flunk out of school, you are rewarded with an enlistment rather than a commission. These numbers were different when I was in ROTC, and they may have changed since this podcast was recorded, so make sure you get the latest information to make an informed decision. What if you want to serve your country but you're not inclined to serve in the military, or have some medical condition that may keep you from vigorous physical activity, or had engaged in recreational chemical use or other youthful indiscretions that may have disqualified you from further ROTC consideration? There is another program worth investigating. The National Science Foundation provides educational grants through the Scholarship For Service program or SFS for short. SFS is a government scholarship that will pay up to 3 years of costs for undergraduate and even graduate (MS or PhD) educational degree programs. It's understood that government agencies do not have the flexibility to match private sector salaries in cyber security. However, by offering scholarships up front, qualified professionals may choose to stay in government service; hence SFS continues as a sourcing engine for Federal employees. Unlike ROTC, a participant in SFS will incur an obligation to work in a non-DoD branch of the Federal government for a duration equal to the number of years of scholarship provided. In addition to tuition and education-related fees, undergraduate scholarship recipients receive $25,000 in annual academic stipends, while graduate students receive $34,000 per year. In addition, an additional $6,000 is provided for certifications, and even travel to the SFS Job Fair in Washington DC. That job fair is an interesting affair. I was honored to be the keynote speaker at the SFS job fair back in 2008. I saw entities and agencies of the Federal government that I didn't even know existed, but they all had a cybersecurity requirement, and they all were actively hiring. SFS students qualify for "excepted service" appointments, which means they can be hired through an expedited process. These have been virtual the last couple of years due to COVID-19 but expect in-person events to resume in the future. I wrote a recommendation for a young lady whom I've known since she was born (her mom is a childhood friend of mine), and as an electrical engineering student in her sophomore year, she was selected for a two-year SFS scholarship. A good way to make mom and dad happy knowing they're not going to be working until 80 to pay off their kid's education bills. In exchange for a two-year scholarship, SFS will usually require a student to complete a summer internship between the first and second years of school and then work two years in a government agency after graduation. The biggest benefit to the Scholarship for Service is you can work at a variety of places. So, if your dream is to be a nation state hacker for the NSA, CIA, or the FBI then this offers a great chance of getting in. These three-letter agencies heavily recruit from these programs. As I mentioned, there are a lot of other agencies as well. You could find work at the State Department, Department of Health and Human Services, the Department of Education, the Federal Reserve Board, and I think I remember the United States Agency for International Development (USAID). Federal executive agencies, Congress, interstate agencies, and even state, local, or tribal governments can satisfy the service requirement. So, you can get paid to go to college and have a rewarding job in the government that builds a nice background for your career. How would you put all this together? I spent nine years as an advisor to the National CyberWatch Center. Founded as CyberWatch I in 2005, it started as a Washington D.C. and Mid-Atlantic regional effort to increase the quantity and quality of the information assurance workforce. In 2009, we received a National Science Foundation award and grants that allowed the program to go nationwide. Today, over 370 colleges and universities are in the program. So why the history lesson? What we did was align curriculum between two-year colleges and four-year universities, such that a student who took the designated courses in an associate degree program would have 100% of those credits transfer to the four-year university. That is HUGE. Without getting into the boring details, schools would certify to the Committee on National Security Systems (CNSS) (formerly known as the National Security Telecommunications and Information Systems Security Committee or NSTISSC) national training standard for INFOSEC professionals known as NSTISSI 4011. Now with the help of an SFS scholarship, a student with little to no financial resources can earn an associate degree locally, proceed to a bachelor's degree from a respected university, have a guaranteed job coming out of school, and HAVE NO STUDENT DEBT. Parents, are you listening carefully? Successfully following that advice can save $100,000 and place your child on course for success. OK, so let's fast forward 3 years and say that you are getting closer to finishing a degree in Cyber Security or Computer Science. Is there anything else that you can do while performing a summer internship? That brings us to our second building block. Getting certifications. Number Two: Getting a Certification Earning certifications are another key step to demonstrate that you have technical skills in cyber security. Usually, technology changes rapidly. That means that universities typically don't provide specialized training in Windows 11, Oracle Databases, Amazon Web Services, or the latest programming language. Thus, while you may come out of a computer science degree with knowledge on how to write C++ and JavaScript, there are a lot of skills that you often lack to be quite knowledgeable in the workforce. Additionally, most colleges teach only the free version of software. In class you don't expect to learn how to deploy Antivirus software to thousands of endpoints from a vendor that would be in a Gartner Magic quadrant, yet that is exactly what you might encounter in the workplace. So, let's look at some certifications that can help you establish your expertise as a cyber professional. We usually recommend entry level certifications from CompTIA as a great starting point. CompTIA has some good certifications that can teach you the basics in technology. For example: CompTIA A+ can teach you how to work an IT Help Desk. CompTIA Network+ can teach you about troubleshooting, configuring, and managing networks CompTIA Linux+ can help you learn how to perform as a system administrator supporting Linux Systems CompTIA Server+ ensures you have the skills to work in data centers as well as on-premises or hybrid environments. Remember it's really hard to protect a technology that you know nothing about so these are easy ways to get great experience in a technology. If you want a certification such as these from CompTIA, we recommend going to a bookstore such as Amazon, buying the official study guidebook, and setting a goal to read every day. Once you have read the official study guide go and buy a set of practice exam questions from a site like Whiz Labs or Udemy. Note this usually retails for about $10. So far this represents a total cost of about $50 ($40 dollars to buy a book and $10 to buy practice exams.) For that small investment, you can gain the knowledge base to pass a certification. You just need to pay for the exam and meet eligibility requirements. Now after you get a good grasp of important technologies such as Servers, Networks, and Operating Systems, we recommend adding several types of certifications to your resume. The first is a certification in the Cloud. One notable example of that is AWS Certified Solutions Architect - Associate. Note you can find solution architect certifications from Azure and GCP, but AWS is the most popular cloud provider, so we recommend starting there. Learning how the cloud works is extremely important. Chances are you will be asked to defend it and you need to understand what an EC-2 server is, types of storage to make backups, and how to provide proper access control. So, spend the time and get certified. One course author who provides a great course is Adrian Cantrill. You can find his course link for AWS Solutions Architect in our show notes or by visiting learn.cantrill.io. The course costs $40 and has some of the best diagrams you will ever see in IT. Once again go through a course like this and supplement with practice exam questions before going for the official certification. The last type of certifications we will mention is an entry cyber security certification. We usually see college students pick up a Security+ or Certified Ethical Hacker as a foundation to establish their knowledge in cyber security. Now the one thing that you really gain out of Security+ is a list of technical terms and concepts in cyber security. You need to be able to understand the difference between Access Control, Authentication, and Authorization if you are to consult with a developer on what is needed before allowing access to a site. These types of certifications will help you to speak fluently as a cyber professional. That means you get more job offers, better opportunities, and interesting work. It's next to impossible to establish yourself as a cyber expert if you don't even understand the technical jargon correctly. Number Three: Getting Relevant Job Experience OK, so you have a college degree and an IT certification or two. What's next? At this point in time, you are eligible for most entry level jobs. So, let's find interesting work in Cyber Security. If you are looking for jobs in cyber security, there are two places we recommend. The first is LinkedIn. Almost all companies post there and there's a wealth of opportunities. Build out an interesting profile and look professional. Then apply, apply, apply. It will take a while to find the role you want. Also post that you are looking for opportunities and need help finding your first role. You will be surprised at how helpful the cyber community is. Here's a pro tip: add some hashtags with your post to increase its visibility. Another interesting place to consider is your local government. The government spends a lot of time investing in their employees. So go there, work a few years, and gain valuable experience. You can start by going to your local government webpage such as USAJobs.Gov and search for the Career Codes that map to cyber security. For example, search using the keyword “2210” to find the job family of Information Technology Management where most cyber security opportunities can be found. If you find that you get one of these government jobs, be sure to look into college repayment programs. Most government jobs will help you pay off student loans, finance master's degrees in Cyber Security, or pay for your certifications. It's a great win-win to learn the trade. Once you get into an organization and begin working your first job out of college, you then generally get one big opportunity to set the direction of your career. What type of cyber professional do you want to be? Usually, we see most Cyber Careerists fall into one of three basic paths. Offensive Security Defensive Security Security Auditing The reason these three are the most common is they have the largest amount of job opportunities. So, from a pure numbers game it's likely where you are to spend the bulk of your career. Although we do recommend cross training. Mike Miller who is the vCISO for Appalachia Technologies put out a great LinkedIn post on this where he goes into more detail. Note we have a link to it in our show notes. Here's some of our own thoughts on these three common cyber pathways: Offensive Security is for those that like to find vulnerabilities in things before the bad guys do. It's fun to learn how to hack and take jobs in penetration testing and the red team. Usually if you choose this career, you will spend time learning offensive tools like Nmap, Kali Linux, Metasploit, Burp Suite, and others. You need to know how technology works, common flaws such as the OWASP Top Ten web application security risks, and how to find those vulnerabilities in technology. Once you do, there's a lot of interesting work awaiting. Note if these roles interest you then try to obtain the Offensive Security Certified Professional (OSCP) certification to gain relevant skill sets that you can use at work. Defensive Security is for the protectors. These are the people who work in the Security Operations Center (SOC) or Incident Response Teams. They look for anomalies, intrusions, and signals across the whole IT network. If something is wrong, they need to find it and identify how to fix it. Similar to Offensive Security professionals they need to understand technology, but they differ in the types of tools they need to look at. You can find a defender looking at logs. Logs can come from an Intrusion Detection System, a Firewall, a SIEM, Antivirus, Data Loss Prevention Tools, an EDR, and many other sources. Defenders will become an expert in one of these tools that needs to be constantly monitored. Note if you are interested in these types of opportunities look for cyber certifications such as the MITRE ATT&CK Defender (MAD) or SANS GIAC Certified Incident Handler GCIH to gain relevant expertise. Security Auditing is a third common discipline. Usually reporting to the Governance, Risk, and Compliance organization, this role is usually the least technical. This discipline is about understanding a relevant standard or regulation and making sure the organization follows the intent of the standard/regulation. You will spend a lot of time learning the standards, policies, and best practices of an industry. You will perform risk assessments and third-party reviews to understand how we certify as an industry. If you would like to learn about the information systems auditing process, governance and management of IT systems, business processes such as Disaster Recovery and Business Continuity Management, and compliance activities, then we recommend obtaining the Certified Information Systems Auditor (CISA) certification from ISACA. Ok, so you have a degree, you have certifications, you are in a promising job role, WHAT's Next? If you want to really become an expert, we recommend you focus on… Number Four: Building your personal brand. Essentially find a way to give back to the industry by blogging, writing open-source software, creating a podcast, building cybersecurity tutorials, creating YouTube videos, or presenting a lecture topic to your local OWASP chapter on cyber security. Every time you do you will get smarter on a subject. Imagine spending three hours a week reading books in cyber security. If you did that for ten years, think of how many books you could read and how much smarter you would become. Now as you share that knowledge with others two things happen: People begin to recognize you as an industry expert. You will get invited to opportunities to connect with other smart people which allows you to become even smarter. If you spend your time listening to smart people and reading their works, it rubs off. You will absorb knowledge from them that will spark new ideas and increase your understanding The second thing is when you present your ideas to others you often get feedback. Sometimes you learn that you are actually misunderstanding something. Other times you get different viewpoints. Yes, this works in the financial sector, but it doesn't work in the government sector or in the university setting. This feedback also helps you become smarter as you understand more angles of approaching a problem. Trust us, the greatest minds in cyber spend a lot of time researching, learning, and teaching others. They all know G Mark's law, which I wrote nearly twenty years ago: "Half of what you know about security will be obsolete in eighteen months." OK so let's recap a bit. If you want to become an expert in something, then you should do four things. 1) Get a college education so that you have the greatest amount of opportunities open to you, 2) get certifications to build up your technical knowledge base, 3) find relevant job experiences that allow you to grow your skill sets, and 4) finally share what you know and build your personal brand. All of these make you smarter and will help you become a cyber expert. Thanks again for listening to us at CISO Tradecraft. We wish you the best on your journey as you Learn to Earn. If you enjoyed the show, tell one person about it this week. It could be your child, a friend looking to get into cyber security, or even a coworker. We would love to help more people and we need your help to reach a larger audience. This is your host, G. Mark Hardy, and thanks again for listening and stay safe out there. References: https://www.todaysmilitary.com/education-training/rotc-programs www.sfs.opm.gov https://www.comptia.org/home https://www.whizlabs.com/ https://www.udemy.com/ https://learn.cantrill.io/p/aws-certified-solutions-architect-associate-saa-c03 https://www.linkedin.com/feed/update/urn:li:activity:6965305453987737600/ https://www.offensive-security.com/pwk-oscp/ https://mitre-engenuity.org/cybersecurity/mad/ https://www.giac.org/certifications/certified-incident-handler-gcih/ https://www.ccbcmd.edu/Costs-and-Paying-for-College/Tuition-and-fees/In-County-tuition-and-fees.aspx https://www.educationcorner.com/value-of-a-college-degree.html https://www.collegexpress.com/lists/list/us-colleges-with-army-rotc/2580/ https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104478/air-force-reserve-officer-training-corps/ https://www.netc.navy.mil/Commands/Naval-Service-Training-Command/NROTC https://armypubs.army.mil/pub/eforms/DR_a/NOCASE-DA_FORM_597-3-000-EFILE-2.pdf https://niccs.cisa.gov/sites/default/files/documents/SFS%20Flyer%20FINAL.pdf https://www.nationalcyberwatch.org/
A CISO's Guide to Pentesting References https://en.wikipedia.org/wiki/Penetration_test https://partner-security.withgoogle.com/docs/pentest_guidelines#assessment-methodology https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf https://pentest-standard.readthedocs.io/en/latest/ https://www.isecom.org/OSSTMM.3.pdf https://s2.security/the-mage-platform/ https://bishopfox.com/platform https://www.pentera.io/ https://www.youtube.com/watch?v=g3yROAs-oAc **************************** Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader. My name is G. Mark Hardy, and today we're going to explore a number of things a CISO needs to know about pentesting. As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. Now to get a good understanding of pentesting we are going over the basics every CISO needs to understand. What is it Where are good places to order it What should I look for in a penetration testing provider What does a penetration testing provider need to provide What's changing on this going forward First of all, let's talk about what a pentest is NOT. It is not a simple vulnerability scan. That's something you can do yourself with any number of publicly available tools. However, performing a vulnerability scan, and then acting on remediating what you find, is an important prerequisite for a pentest. Why pay hundreds of dollars per hour for someone to point out what you can find yourself in your bunny slippers sipping a latte? Now let's start with providing a definition of a penetration test. According to Wikipedia a penetration test or pentest is an authorized simulated cyber-attack on a computer system performed to evaluate the security of a system. It's really designed to show weaknesses in a system that can be exploited. Let's think of things we want to test. It can be a website, an API, a mobile application, an endpoint, a firewall, etc. There's really a lot of things you can test, but the thing to remember is you have to prioritize what has the highest likelihood or largest impact to cause the company harm. You need to focus on high likelihood and impact because professional penetration tests are not cheap. Usually, they will usually cost between $10,000-$30,000 but if you have a complex system, it's not unheard of to go up to $100,000. As a CISO you need to be able to defend this expenditure of resources. So, you will usually define a clear standard that our company will perform penetration tests on customer facing applications, PCI applications, and Financially Significant Application or SOX applications once per year. My friend John Strand, who founded Black Hills Information Security, pointed out in a recent webcast that sometimes you, the client, may not know what you mean by the term pentest. Sometimes clients want just a vulnerability scan, or sometimes an external scan of vulnerabilities to identify risk, or sometimes a compromise assessment where a tester has access to a workstation and tries to work laterally, or sometimes a red team where a tester acts like a threat actor and tries to bypass controls, or a collaborative effort involving both red teams and blue teams to document gaps and to help defenders do their job better. He goes on to state that your pentest objective should be to "provide evidence of the effectiveness of current defensive mechanisms and attack detection methodologies." Please do not confuse a penetration test with a Red Team exercise. A red team exercise just wants to accomplish an objective like steal data from an application. A penetration test wants to enumerate vulnerabilities in a scoped target system so the developer can patch and remediate. It's a subtle difference but consider that a red team only needs to find one vulnerability to declare success, whereas a penetration test keeps going to help identify potentially exploitable vulnerabilities. Now, is a pentest about finding ALL vulnerabilities? I would say no – there are vulnerabilities that might require a disproportionate amount of resources to exploit for little or no value – something with a CVSS score of 4.0 or the like. Those can often be left unpatched without consequence – the cost of remediating may exceed the value of the risk avoided. There really is a “good enough” standard of risk, and that is called “acceptable risk.” So, when scoping a pentest or reviewing results, make sure that any findings are both relevant and make economic sense to remediate. Let's take the example that you want to perform a web application pentest on your public website so you can fix the vulnerabilities before the bad actors find them. The first question you should consider is do you want an internal or an external penetration test. Well, the classic answer of "it depends" is appropriate. If this website is something of a service that you are selling to other companies, then chances are those companies are going to ask you for things like an ISO 27001 certification or SOC 2 Type 2 Report and both of those standards require, you guessed it, a penetration Test. In this case your company would be expected to document a pentest performed by an external provider. Now if your company has a website that is selling direct to a consumer, then chances are you don't have the same level of requirement for an external pentest. So, you may be able to just perform an internal penetration test performed by your company's employees. I'd be remiss if I didn't mention the Center for Internet Security Critical Controls, formerly know as the SANS Top 20. The current version, eight, has 18 controls that are listed in order of importance, and they include pentesting. What is the priority of pentesting, you may ask? #18 of 18 -- dead last. Now, that doesn't mean pentests are not valuable, or not useful, or even not important. What it does mean is that pentests come at the end of building your security framework and implementing controls. Starting with a pentest makes no sense IMHO, although compliance-oriented organizations probably do this more often than they should. That approach makes the pen testers job one of filtering through noise -- there are probably a TON of vulnerabilities and weaknesses that should have been remediated in advance and could have been with very little effort. Think of a pentest as a final exam if you will. Otherwise, it's an expensive way to populate your security to-do list. OK let's say we want to have an external penetration test and we have the 10-30K on hand to pay an external vendor. Remember this, a penetration test is only as good as the conductor of the penetration test. Cyber is a very unregulated industry which means it can be tricky to know who is qualified. Compare this to the medical industry. If you go to a hospital, you will generally get referred to a Medical Doctor or Physician. This is usually someone who has a degree such as a MD or DO which proves their competency. They will also have a license from the state to practice medicine legally. Contrast this to the cyber security industry. There is no requirement for a degree to practice Cyber in the workforce. Also, there is no license issued by the state to practice cyber or develop software applications. Therefore, you need to look for relevant Cyber certifications to demonstrate competency to perform a Penetration Test. There's a number of penetration testing certifications such as the Certified Ethical Hacker or CEH, Global Information Assurance Certification or GIAC GPEN or GWAP, and the Offensive Security Certified Professional or OSCP. We strongly recommend anyone performing an actual penetration test have an OSCP. This certification is difficult to pass. A cyber professional must be able to perform an actual penetration test and produce a detailed report to get the actual certification. This is exactly what you want in a pentester, which is why we are big fans of this certification. This certification is a lot more complicated than remembering a bunch of textbook answers and filling in a multiple-choice test. Do yourself a favor and ask for individuals performing penetration tests at your company to possess this certification. It may mean your penetration tests cost more, but it's a really good way to set a bar of qualified folks who can perform quality penetration tests to secure your company. Now you have money, and you know you want to look for penetration tests from companies that have skilled cyber professionals with years of experience and an OSCP. What companies should you look at? Usually, we see three types of penetration testing companies. Companies that use their existing auditors to perform penetration tests – firms like KPMG, EY, PWC, or Deloitte (The Big 4 1/2). This is expensive but it's easy to get them approved since most large companies already have contracts with at least one of these companies. The second type of company that we see are large penetration testing companies. Companies like Bishop Fox, Black Hills Information Security, NCC Group, and TrustedSec, focus largely on penetration testing and don't extend into other areas like financial auditing. They have at least 50+ penetration testers with experience from places like the CIA, NSA, and other large tech companies. Note they are often highly acclaimed so there is often a waitlist of a few months before you can get added as a new client. Finally, there are boutique shops that specialize in particular areas. For example, you might want to hire a company that specializes in testing mobile applications, Salesforce environments, embedded devices, or APIs. This is a more specialized skill and a bit harder to find so you have to find a relevant vendor. Remember if someone can pass the OSCP it means they know how to test and usually have a background in Web Application Penetration testing. Attacking a Web application means being an expert in using a tool like Burp Suite to look for OWASP Top 10 attacks like SQL injection or Cross Site Scripting. This is a very different set of skills from someone who can hack a Vehicle Controller Area Network (CAN) bus or John Deere Tractor that requires reverse engineering and C++ coding. Once you pick your vendor and successfully negotiate a master license agreement be sure to check that you are continuing to get the talent you expect. It's common for the first penetration test to have skilled testers but over time to have a vendor replace staff with cheaper labor who might not have the OSCP or same level of experience that you expect. Don't let this happen to your company and review the labor and contract requirements in a recurring fashion. Alright, let's imagine you have a highly skilled vendor who meets these requirements. How should they perform a penetration test? Well, if you are looking for a quality penetration testing guide, we recommend following the one used by Google. Google, whose parent company is called Alphabet, has publicly shared their penetration testing guidelines and we have attached a link to it in our show notes. It's a great read so please take a look. Now Google recommends that a good penetration test report should clearly follow an assessment methodology during the assessment. Usually, penetration testers will follow an industry recognized standard like the OWASP Web Security Testing Guide, the OWASP Mobile Security Testing Guide, the OWASP Firmware Security Testing Guide, the PCI DSS Penetration Testing Guide, The Penetration Testing Execution Standard, or the OSSTMM which stands for The Open Source Security Testing Methodology Manual. These assessment methodologies can be used to show that extensive evaluation was done, and a multitude of steps/attacks were carried out. They can also standardize the documentation of findings. Here you will want a list showing risk severity level, impact from a business/technical perspective, clear concise steps to reproduce the finding, screenshots showing evidence of the finding, and recommendations on how to resolve the finding. This will allow you to build a quality penetration test that you can reuse in an organization to improve your understanding of technical risks. If I can get good penetration tests today, perhaps we should think about how penetration testing is changing in the future? The answer is automation. Now we have had automated vulnerability management tools for decades. But please don't think that running a Dynamic Application Security Testing Tool or DAST such as Web Inspect is the same thing as performing a full penetration test. A penetration test usually takes about a month of work from a trained professional which is quite different from a 30-minute scan. As a cyber industry we are starting to see innovative Penetration Testing companies build out Continuous and Automated Penetration Testing tooling. Examples of this include Bishop Fox's Cosmos, Pentera's Automated Security Validation Platform, and Stage 2 Security Voodoo and Mage tooling. Each of these companies are producing some really interesting tools and we think they will be a strong complement to penetration tests performed by actual teams. This means that companies can perform more tests on more applications. The other major advantage with these tools is repeatability. Usually, a penetration test is a point in time assessment. For example, once a year you schedule a penetration test on your application. That means if a month later if you make changes, updates, or patches to your application then there can easily be new vulnerabilities introduced which were never assessed by your penetration test. So having a continuous solution to identify common vulnerabilities is important because you always want to find your vulnerabilities first before bad actors. Here's one final tip. Don't rely on a single penetration testing company. Remember we discussed that a penetration testing company is only as good as the tester and the toolbox. So, try changing out the company who tests the same application each year. For example, perhaps you have contracts with Bishop Fox, Stage 2 Security, and Black Hill Information Security where each company performs a number of penetration tests for your company each year. You can alternate which company scans which application. Therefore, have Bishop Fox perform a pentest of your public website in 2022, then Stage 2 Security test it in 2023, then Black Hills test it in 2024. Every penetration tester looks for something different and they will bring different skills to the test. If you leverage this methodology of changing penetration testing vendors each cycle, then you will get more findings which allows you to remediate and lower risk. It allows you to know if a penetration testing vendor's pricing is out of the norm. You can cancel or renegotiate one contract if a penetration testing vendor wants to double their prices. And watch the news -- even security companies have problems, and if a firm's best pentesters all leave to join a startup, that loss of talent may impact the quality of your report. Thank you for listening to CISO Tradecraft, and we hope you have found this episode valuable in your security leadership journey. As always, we encourage you to follow us on LinkedIn, and help us out by letting your podcast provider know you value this show. This is your host, G. Mark Hardy, and until next time, stay safe.
What do people normally do when they were 12 years old? Learning, playing, and maybe surviving?Joseph Harris, a former black hat hacker and now a white hat hacker, and bug bounty hunter, at age of 12 started stealing other people's game accounts, using social engineering to trick the email providers or game companies to hand him the data that he needs to hack and steal other people's account!In this episode, Joseph told the stories of how he went from stealing simple gaming accounts, into sim-swapping, and stealing millions in crypto altcoins, which ultimately resulted in him being in jail.He also recounts all the techniques that he used to hack into people's accounts, exploiting bugs on service providers' websites like Verizon, Gmail, Yahoo, AOL, and more. Make sure you follow Joseph onYouTube: https://www.youtube.com/channel/UCdcuF5Zx6BiYmwnS-CiRAngTwitter: @AkaD0c (https://twitter.com/akad0c)Listen to this episode, and tweet at me @jaltucher and Jay @jay_yow07 if you like this series, and if you or you know someone with interesting stories!If you like this series, please leave a review, likes, and subscribes on any podcast player of your choosing!Follow Brian's journey on Instagram and Bandcamp:IG: @brianlawloredSpotify: Brian LawlorBandcamp: BrianLawlor.bandcamp.comhttps://www.youtube.com/watch?v=usiTyS5bmtwVisit Notepd.com to read more idea lists, or sign up and create your own idea list!My new book Skip The Line is out! Make sure you get a copy wherever you get your new book!Join You Should Run For President 2.0 Facebook Group, and we discuss why should run for president.I write about all my podcasts! Check out the full post and learn what I learned at jamesaltucher.com/podcast.Thanks so much for listening! If you like this episode, please subscribe to “The James Altucher Show” and rate and review wherever you get your podcasts:Apple PodcastsStitcheriHeart RadioSpotify Follow me on Social Media:YouTubeTwitterFacebook
Time to dig in and start learning the tools. LINKS1. Kali Linux2. Nmap3. Shodan4. Gophish5. Zap6. Burp SuiteFIND US ON1. Twitter - DamienHull2. YouTube
FreeBSD Foundation Proposals, UNIX: On the Path to BSD, Fujitsu ends its mainframe and Unix services, Install burpsuite on FreeBSD using Linuxulator, new OpenBSD Webzine is out, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Project Proposal Overview (https://freebsdfoundation.org/get-involved/project-proposal-overview/) UNIX: On the Path to BSD (https://klarasystems.com/articles/unix-on-the-path-to-bsd/) News Roundup Fujitsu is ending its mainframe and Unix services (https://www.techradar.com/in/news/fujitsu-is-ending-its-mainframe-and-unix-services) TUTORIAL: Install burpsuite on FreeBSD using Linuxulator (https://forums.FreeBSD.org/threads/tutorial-install-burpsuite-on-freebsd-using-linuxulator.84310/) OpenBSD Webzine (https://webzine.puffy.cafe/issue-7.html) Beastie Bits • A Trio if OPNsense releases: ◦ [21.7.8](https://opnsense.org/opnsense-21-7-8-released/) ◦ [21.10.3](https://opnsense.org/opnsense-business-edition-21-10-3-released/) ◦ [22.1.1](https://opnsense.org/opnsense-22-1-1-released-2) • [FreeBSD 12.2 end-of-life](https://lists.freebsd.org/archives/freebsd-announce/2022-March/000018.html) • [DragonFly as a KVM guest](https://www.dragonflybsd.org/docs/howtos/HowToKvmGuest/) • [RIP Lorinda Cherry](https://lwn.net/ml/tuhs/CAKH6PiVi+JoxDG7ACMG5G+qnTkxTMsohGx6Wq3UNVkogO4N0Vg@mail.gmail.com/) • [Precursor: From Boot to Root](https://www.bunniestudios.com/blog/?p=6336) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions • No Feedback emails this week, so instead Tom can regale us with an entertaining BSD story. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***
News articles we covered this week: https://www.wired.com/story/belarus-railways-ransomware-hack-cyber-partisans/ https://www.hackingarticles.in/linux-privilege-escalation-polkit-cve-2021-3560/ https://old.reddit.com/r/msp/comments/s48iji/vmware_horizon_servers_being_actively_hit_with/ https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Whimmery's Walkthroughs: Join @whimmery on her twitch or on the @brakesec Youtube channel for walkthroughs on Burp Suite training and more! Twitter handles: Official Podcast: @brakesec Brian Boettcher: @boettcherpwned Amanda Berlin: @infosystir @hackersHealth @infosecroleplay Bryan Brake: @bryanbrake
Want to know what Cypress test studio is all about? What car companies crashed servers actually caused car owners to be unable to open their vehicle doors? And how can you use fuzz testing with the Mario brothers? Find out the answers to these and all other end and full pipeline DevOps, automation testing, performance testing, security testing. In this episode of the Test Guild new show for the week of November 21st. So grab yourself a cup of coffee or tea, and let's do this. TIME-STAMPED SHOW NOTES 0:00 Intro 0:25 Try Applitools FREE: https://rcl.ink/xroZw 0:56 Mabl: https://links.testguild.com/4OYW7 1:33 A/B Testing https://links.testguild.com/t2hZk 2:02 Github Report: https://links.testguild.com/VMzTR 2:43 Cypress Studio: https://links.testguild.com/c2pdT 3:45 Cypress Typescript: https://links.testguild.com/MX4Kb 4:16 TAU: https://links.testguild.com/OI3nP 4:49 Tesla: https://links.testguild.com/7Tc2L 5:35 Google: https://links.testguild.com/t1ovf 6:13 Promoetheus: https://links.testguild.com/KI5Fv 7:09 Burp Suite: https://links.testguild.com/HwAsI 7:47 Fuzz Testing: https://links.testguild.com/tqNiq 8:27 Now Secure https://links.testguild.com/yFZIc
@cktricky is _back_ with a newfound lease on life (and application security). The duo discusses in-person vs. virtual conferences, DEF CON 29, burnout, vulnerabilities in dating apps. A demonstration of using Burp Suite to fuzz a user enumeration vulnerability and brute-force an account.
Learn the basics of burpsuite. Start using Burp with web applications. Menu: What is Burp Suite is designed to do: 0:00 Introduction: 0:35 Versions of Burp Suite: 1:12 How does Burp Suite fit into Kali Tools: 2:04 Lab Demo: 4:39 What are we doing? 5:20 Start BurpSuite: 5:45 GUI: Lots of stuff! 8:28 Where to start: 9:00 Foxy Proxy: 10:44 Filter scope of information: 14:05 Burp Suite HTTPS / Certificate install: 15:07 Clear history: S19:00 What is Burp not designed to do: 19:57 Recommend courses: 22:02 Request and Response information: 23:24 View login information: 29:50 Repeater: 32:01 Manipulate website with repeater: 35:01 SQL Injection using intruder: 41:55 Sniper 46:30 What is fuzzing: 49:34 SQL fuzz: 50:23 SQL Injection result: 55:24 Decoder: 59:07 BApp Store (Extender): 1:01:20 ======================== Download software and VMs: ======================== VM used: https://www.vulnhub.com/entry/bwapp-b... Kali Linux: https://www.kali.org/downloads/ =========== Free training: =========== YouTube Playlist: http://davidbombal.wiki/daniel Burpsuite free training: http://davidbombal.wiki/burptraining ================ Links: ================ ITProTV Free Training: http://davidbombal.wiki/freeitprotv My ITProTV affiliate link: http://davidbombal.wiki/itprotv ================ Connect with me: ================ Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal ==================== Connect with Daniel: ==================== LinkedIn: https://www.linkedin.com/in/daniellowrie Blog: https://blog.itpro.tv/author/daniello... burp suite burp suite tutorial how to use burp suite kali linux burp suite kali linux ceh oscp itprotv ejpt cissp ceh v11 Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #burpsuite #kalilinux #cybersecurity
Web browser extensions give additional functionality to normal browsers, running in the background and helping users increase the efficiency of their tasks. Even security professionals and bug bounty hunters, while boasting more advanced and technical tools in their toolstacks, aren't skipping out on using browser extensions, plugins and add-ons for quick information gathering, Osint collection, and aiding in executing different attacks. These methods reduce the need for more separate tools for other pen testing and bug hunting tasks. We've already explored some of the most useful Osint browser extensions used by security researchers and pen testers, and today we'll be adding more functionality to your web browsers by exploring the most popular extensions used by bug bounty hunters. 12 most popular browser extensions for bug bounty hunting Before we dive into our list, make sure you're running the latest versions of Mozilla Firefox and Google Chrome web browsers (as we'll be focusing on them today) to ensure compatibility with these extensions. Additionally, download and install these extensions only from the Google Chrome Web Store and Firefox Add-ons pages. They're the only trusted sources that will ensure you are downloading safe extensions. This list is in no particular order and shows tools with different functionalities to aid in bug bounty hunting. 1. Wappalyzer During the information gathering phase, finding intel about a target web app, such as the programming language, frameworks, detected CMS, plugins and databases it uses, can be helpful for taking advantage of CVEs. Wappalyzer, an add-on available on both Chrome and Firefox, can detect all of these technology platforms running on any website. As mentioned, this technical data can be further used to hunt for active CVEs and find potential threats behind the technologies involved. 2. Shodan Shodan is the best search engine available for IoT devices and an excellent tool for information gathering. It also comes with Chrome and Firefox plugins. The Shodan plugin can help you discover where your target web app is hosted, the IP and who owns it, hostnames, operating system, and any open ports and services. Once installed, it will automatically check the Shodan API when you visit a website, and all of the information mentioned above will be viewable in the pop-up. 3. Foxyproxy If you're a bug bounty hunter, a reliable proxy will allow you to check applications from different locations. Burp Suite, for example, requires you to switch proxies manually, but with a tool like Foxyproxy, all that hassle is replaced by a single click. Foxyproxy comes as a Firefox and Chrome (along with many other browsers) extension that allows you to manage different proxy servers, and set them to run at intervals or turn off the proxy connection at a desired period. It automatically switches internet connection between the proxies according to URL rules. 4. HTTP Header Live HTTP Header Live is a worthy replacement for Live HTTP Headers, a browser extension once widely used in the bug bounty and pen testing community. Created by Martin Antrag, it comes in both Chrome and Firefox flavors and is used to view a website's live HTTP header information. It will display live headers of each http request, allowing you to edit data and resubmit it. 5. Mitaka Extracting relevant information about a target plays a significant role during bug bounty hunting, and Osint is an important concept that's used for recon by everyone from bug bounty hunters to red teams. Mitaka, created by Manabu Niseki, is a Chrome and Firefox extension that allows you to take a datapoint, an IoC from a page and spin it through a variety of search engines and sources to get additional information. Securitytrails is one of the sources you can use to pivot from Mitaka. Here are the inputs that Mitaka can recognize and inspect on a page: 6. Hackbar Hackbar is a browser extension that allows for testing simple SQL injection and XS...
Solarflare News Microsoft заявив, що російські хакери отримали доступ до їх мережі та кодів програм. Влада США формально звинуватили Росію в причетності до атаки Solarflare. Макс Козуб підготував переклад заяви українською. Російські хакери отримали доступ до поштового сервера Департаменту юстиції США. JetBrains заперечує відношення до атаки на Solarwinds. Докладно про головне Прихильники Трампа в ході штурму Капітолію отримали доступ до комп’ютерів політиків. Експерти не виключають, що мережу Капітолію треба перебудувати з нуля. Дональда Трампа заблокували в соцмережах, а Apple забрали з AppStore платформу для мікроблогів Parler Огляд новоствореного союзу працівників Google Коротко про важливе В’єтнам під ударом складної supply-chain атаки Ticketmaster має виплатити 10 мільйонів за атаку на конкурента Витік даних в Nissan через неправильно сконфігурований git репозиторій Metasploit та CobaltStrike склали більш ніж чверть C&C-серверів у 2020 році Четвертий за три роки витік даних в T-Mobile Розвиток справи по екстрадиції Джуліана Ассанжа Огляд найгірших хакерських атак 2020 року від Wired Вразливості тижня В пристроях Zyxel знайдено бекдор-акаунт Side-channel атака на другий фактор аутентифікації Google Titan Fortinet закрив SQL-ін’єкцію в WAF Статті та аналітика Експерти підрахували ціну неякісного програмного забезпечення Tools & Writeups BurpCustomizer - редактор тем графічного інтерфейсу BurpSuite Огляд сервісів безпеки AWS з нещодавньої конференції reInvent від Ігоря Кравчука Сміх%$чки Хакер замикав жертв в поясі вірності з блютузом
Episode #300 consacré à Burp Suite Avec Nicolas Grégoire (https://hackademy.agarri.fr/) The post Burp Suite appeared first on NoLimitSecu.
Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple […] The post Webcast: Getting Started with Burp Suite & Webapp Pentesting appeared first on Black Hills Information Security.
Charlamos con Pablo Blanco sobre seguridad informática, particularmente sobre pentesting. [1:15] - Introducción, ¿Qué es pentesting? ¿Dónde hacer pentesting? ¿Por qué hacer pentesting? [4:44] - Metodologías de pentesting. [10:18] - ¿Es realmente necesario hacer pentesting? ¿En qué etapa del desarrollo entra el pentesting? [13:00] - Herramientas para pentesting: Kali Linux, Burp Suite, ... [18:45] - Literatura recomendada sobre pentesting. [19:55] - Tipos de pentesting. [22:26] - Vulnerabilidades más comunes. Hecho con ❤️ en Rootstrap. Anfitrión: Danilo García @DaniloG79994040 Invitado: Pablo Blanco linkedin.com/in/pablo-blanco-a6b5a371/
In this episode #18, the hosts Naveen Samala & Sudhakar Nagandla have interacted with another guest Tri. Tribikram Rath is a distinctive leader in Testing/QA domain and brings vast experience in the areas of evaluation, implementation, and developing customized test automation solutions using industry tools like RPA/UI-Path, Jenkins, Selenium,Perfecto Mobile, Load Runner, Squish, EggPlant, Sikuli, script-less tools like WorkSoft and Qualitia, QAInspect, Burp Suite etc. covering Test Automation, Performance Engineering and Application security testing. In the last few years Tri has led QA/process maturity transformation for complex projects to deliver lasting testing solutions to end-customers. He introduced Touchless or Continuous testing to support the DevOps ecosystem. Tri also led and implemented ISO 9001:2000 and CMM for enterprises During his early career phase, Tri developed several .Net and Multimedia based applications and authored technical publications and articles for the Internet. Coming to the academics, Tri has done his Major in Production Engineering (Dr. B. A. Marathwada Univ, India), holds PG Diploma in Management (ICFAI) He is a certified Lean Six Sigma Black Belt, PMP & earned several Software Quality Assurance (SQA) certifications. Listen to Tri's inputs on: Is QA/Testing a good career option Current Tools & Technologies in QA Testing Career Progression in QA domain Technical & Soft skills required for a successful QA career Software vs Hardware Testing IoT Testing Book on breaking web software Tri's LinkedIn profile: https://www.linkedin.com/in/tribikram-rath-63a46a18/ Enjoy the episode! Do not forget to share your suggestions or feedback at theguidingvoice4u@gmail.com or by messaging at +91 9494 587 187 Subscribe to our YouTube Channel: https://www.youtube.com/c/TheGuidingVoice Also, follow The Guiding Voice on Social Media: LinkedIn: https://www.linkedin.com/company/theguidingvoice Facebook: http://facebook.com/theguidingvoice4u Twitter: http://twitter.com/guidingvoice Instagram: https://www.instagram.com/theguidingvoice4u/ Pinterest: https://in.pinterest.com/theguidingvoice4u/pins/ #softwareqa #quality #selenium #iot #testing #qualityassurance #qaengineer #testmanager #webtesting #uat #regressiontesting #QA #RPA #UIPath #Jenkins #Selenium #PerfectoMobile #LoadRunner #Squish #EggPlant #Sikuli #script-less #WorkSoft #Qualitia #QAInspect #BurpSuite #TestAutomation #PerformanceEngineering #Applicationsecuritytesting #software
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter
Our special guests today are Simon Bennetts and Rick Mitchell.Simon co-leads the OWASP Zed Attack Proxy (ZAP) project, which he started in 2009 and is a Distinguished Engineer at StackHawk, a SaaS company that uses ZAP to help users fix application security bugs before they hit production. He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac. Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.Rick is an IT Security professional from Canada. With over 20 years of experience in the IT industry focused on security for the majority of that time, he really believes in OWASP's mission and the importance of Application Security in the industry. He's co-led a number of community projects including ZAP, The Web Security Testing Guide, and the Vulnerable Web Apps Directory. He's a strong believer in learning by doing and that all community efforts are valuable and make us all strong.ZAP Home PageSimon and Rick are interviewed by Shayne Morgan and John L. Whiteman.Follow us:HomepageTwitterMeetupLinkedInYouTube- Become an OWASP member - Donate to our OWASP PDX chapterSupport the show (https://owasp.org/supporters/)
Nerds of Law 11 – Der Hacker mit dem weißen Hut Wenn Peter Echer von LemonPi zu Besuch kommt und aus dem Nähkästchen plaudert, ist der “Explicit-Tag” nicht weit. Von der Suche nach geldgierigen Vampiren zu untreuen Ehefrauen und der Frage: Sind Macs wirklich besser als PCs? Wir lernen auch viel über IT Security und was die Ausbildung zum White Hat Hacker mit der Rechtsanwaltsprüfung zu tun hat. LemonPi https://www.lemonpi.at Maltego https://www.maltego.com Kali Linux https://www.kali.org Burp Suite https://portswigger.net/burp Hack 5 https://shop.hak5.org Rubber Duckie https://shop.hak5.org/products/usb-rubber-ducky-deluxe Firefly https://de.wikipedia.org/wiki/Firefly_–_Der_Aufbruch_der_Serenity Serenity https://de.wikipedia.org/wiki/Serenity_–_Flucht_in_neue_Welten Doctor Who https://de.wikipedia.org/wiki/Doctor_Who Salvation (Netflix) https://www.netflix.com/title/80171099 Subscribe to the Podcast RSS Feed https://nerdsoflaw.libsyn.com/rss Apple Podcast https://podcasts.apple.com/de/podcast/nerds-of-law-podcast/id1506472002 SPOTIFY https://open.spotify.com/show/12D6osXfccI1bjAzapWzI4 Google Play Store https://playmusic.app.goo.gl/?ibi=com.google.PlayMusic&isi=691797987&ius=googleplaymusic&apn=com.google.android.music&link=https://play.google.com/music/m/Idvhwrimkmxb2phecnckyzik3qq?t%3DNerds_of_Law_Podcast%26pcampaignid%3DMKT-na-all-co-pr-mu-pod-16 YouTube https://www.youtube.com/playlist?list=PL7rmwzBy-IRGh8JkLCPIjyGMA-nHMtiAC Deezer https://www.deezer.com/de/show/1138852 Nerds of Law http://www.nerdsoflaw.com https://twitter.com/NerdsOfLaw https://www.instagram.com/nerdsoflaw/ https://www.facebook.com/NerdsOfLaw/ Music by Mickbordet www.mickbordet.com
Sponsor by SEC Playground Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support
Today's slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only Music and Miscellaneous Awesomeness. To kick things off, I'm super excited to share with you two new security-themed songs for some of my favorite security things! They are: Backdoors and Breaches - my favorite incident response card game. OWASP Juice Shop - my favorite vulnerable Web application. Enjoy! Backdoors and Breaches Backdoors and Breaches I love the way teaches me to think about security controls And their proper placement Backdoors and Breaches I can’t wait to blow my paycheck just to get myself a game deck and then move Out of my mother’s basement Soon I’ll be sittin’ down and playing it with my red and blue teams Or John and gang at Black Hills Info Security And when I go to bed tonight I know what’s gonna fill my dreams Backdoors and Breaches Juice Shop VERSE 1 When you want to shop online then you had better be sure The experience is safe and also secure Don't want to let no SQLi or cross-site scripting ruin your day No, you want to break into a joyous song and say: CHORUS 1 Juice Shop! Juice Shop! You can order tasty beverages in any quantity Juice Shop! Juice Shop! Just don't test the site with Burp Suite or you won't like what you see VERSE 2 Now if you're feeling kinda sneaky and you're inclined to explore You might find inside the Juice Shop...a hidden score board It will point you towards a vuln'rability or maybe two And when you're done you'll say, "This site should get a code review!" CHORUS 2 Juice Shop! Juice Shop! It has got more holes then a warehouse filled with gallons of Swiss cheese Juice Shop! Juice Shop! ...finish the songs at 7ms.us
Today I will discuss: 1. What is Burp Suite? 2. How can we hack the traffic with the help of Burp Suite? 3. How do hackers can crash your Whatsapp? Watch
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter
Today we'll be talking with Ryan Krause.Ryan is a penetration tester based Portland, Oregon. He's worked in various security areas for the past 11 years, including companies such as HP, eEye Digital Security, which is now BeyondTrust, and Comcast with a primary focus on app security and development. He's currently a consultant at NetSPI, where he performs web and network pen tests and assists clients with reducing their overall security exposure.Ryan will be presenting an introduction to Burp Suite at our next chapter meeting. Go to meetup.com and look up the OWASP Portland Chapter Group for more details. Today Ryan will talk about his experiences in pen testing along with great advice for those who want to break into this exciting field. Ryan is interviewed by John L. WhitemanSupport the show (https://www.owasp.org/index.php/Membership#tab=Other_ways_to_Support_OWASP)
On this podcast, Wes talks to John Xmas. Johnny works for Kasada, a company that offers a security platform to help ensure only your users are logging into your web applications. Johnny is a well-known figure in the security space. The two discuss common attack vectors, the OWASP Top 10, and then walk through what hackers commonly do attempting to compromise a system. The show is full of advice on protecting your systems including topics around Defense in Depth, Time-Based Security, two-factor authentication, logging/alerting, security layers, and much more. Why listen to this podcast: - While there are sophisticated web attacks out there that use things like PhantomJS or Headless Chome, the vast majority of the web application attacks are the same unsophisticated scripted attacks that you always hear about. These are simple scripts using tools like curl and BurpSuite with Python or JavaScript. These simple scripts are still incredibly effective. - OWASP Top 10 really hasn’t changed all that much in the last ten years. For example, despite being the number one approach used to educate defensive engineers on how to protect their apps, SQLI (SQL Injection) is still the most common attack. We continue to repeat the same mistakes that have exposed systems for a decade now. - Phishing is by and far the quickest way to compromise a system. Defensive in Depth, security boundaries, limiting local admin rights are all things that corporations can implement to minimize the blast radius. - Attackers have hundreds of gigs of actual username/password combinations that have been exposed from all the breaches over the past few years. These are often a first step when attempting to compromise a system. It’s more often likely that they will figure out a valid email pattern for a company and then feed actual names into that pattern to go after the username. From there, brute force attacks with those usernames against libraries of passwords is a common approach. - A common approach is to go after an email login. While the email can be a treasure trove of information, it’s more about using those credentials in other places. It’s pretty common, for example, to use those credentials to get into a network with a VPN. - Captcha/reCaptcha is not very effective and preventing these brute force attacks. There are a large number of bypasses and even Mechanical Turk companies that are available to bypass these tools. What can be effective is Time Based Security because it slows the attackers down. If you can slow them down, you can make the attack say long to succeed that they’ll go somewhere else. - Once inside the network, most companies often have little security on internal systems. Multi-factor authentication, not just on the front door, but on internal systems is a huge step in the right direction. Monitoring not only for failed login attempts but, in some situations, valid login attempts (such as when a domain admin logs into a domain controller) should absolutely be used. - When it comes to application security between services within a network, the best advice is to make sure developers really understand what is trying to be accomplished by something like JWT (JSON Web Tokens). Often its the lack of understanding of what they’re actually doing that leads to system vulnerabilities. More on this: Quick scan our curated show notes on InfoQ https://bit.ly/2MSIAXG You can also subscribe to the InfoQ newsletter to receive weekly updates on the hottest topics from professional software development. bit.ly/24x3IVq Subscribe: www.youtube.com/infoq Like InfoQ on Facebook: bit.ly/2jmlyG8 Follow on Twitter: twitter.com/InfoQ Follow on LinkedIn: www.linkedin.com/company/infoq Check the landing page on InfoQ: https://bit.ly/2MSIAXG
This week, we’re working on brute forcing login credentials. Here are some of the products that we used. Burp Suite: https://portswigger.net/ . OWASP Zap: https://github.com/zaproxy/zaproxy . Hydra: https://github.com/vanhauser-thc/thc-hydra . *Warning!!!! DO NOT USE ON MILITARY, GOVERNMENT, OR PRIVATE SITES. YOU WILL GO TO JAIL!!!!! . Visit our website: twotwenty8.com . Follow us on IG: @two_twenty_8 . Like the FB page: @twotwenty8 --- Support this podcast: https://anchor.fm/TwoTwenty8llc/support
Seth and Ken are joined by Tim Tomes, aka LaNMaSteR53. We discuss Tim's path into application security, his work on Recon-NG, and his analysis of Burp Suite Professional's version 2.
Seth and Ken are joined by Tim Tomes, aka LaNMaSteR53. We discuss Tim's path into application security, his work on Recon-NG, and his analysis of Burp Suite Professional's version 2.
This week, Keith and Paul interview Brent Dukes! Brent is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! In the Application Security News, Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Keith and Paul interview Brent Dukes! Brent is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! In the Application Security News, Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly
Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Keith and Paul discuss The Apache Struts2 RCE Vulnerability! In the news, Using Signal Sciences to defend against Apache Struts, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, Burp Suite 2.0 Beta released, even anonymous coders leave fingerprints, and more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
This week, Keith and Paul discuss The Apache Struts2 RCE Vulnerability! In the news, Using Signal Sciences to defend against Apache Struts, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, Burp Suite 2.0 Beta released, even anonymous coders leave fingerprints, and more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly
The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly
In the news, compromised JavaScript package caught stealing npm credentials, remote iOS bugs, a $39 device that can defeat iOS USB Restricted mode, Broadcom buys CA Technologies, Burp Suite Automation Tool, & more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode24 Follow us on Twitter: https://www.twitter.com/securityweekly
In the news, compromised JavaScript package caught stealing npm credentials, remote iOS bugs, a $39 device that can defeat iOS USB Restricted mode, Broadcom buys CA Technologies, Burp Suite Automation Tool, & more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode24 Follow us on Twitter: https://www.twitter.com/securityweekly
The Open Web Application Security Project (OWASP) group has created a Top 10 web applications vulnerability list since 2003. Normally the list gets updated every 3 years or so, with the previous release being 2013. Now with the 2017 list being finalized, I felt it was appropriate for us to go through it and look at it from a red and blue team perspective. This episode will cover the first 5 items on the list, from A1 (Injection) through to A5 (Broken Access Control). Some links of interest: OWASP Top 10 - https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf SQLMap - http://sqlmap.org/ Burp Suite - https://portswigger.net/burp OWASP Zed Attack Proxy (ZAP) - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time.Find out more at http://purplesquadsec.com
Session management in web applications is extremely important in regards to securing user credentials and integrity within the application. Sometimes session tokens can be predicted provided the overall randomness is weak. If this is possible a remote attacker may be able to compromise the session of an authenticated user. In this episode of Tradecraft Security Weekly both Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss the issues associated with creating session tokens with weak entropy.
Nous discutons avec Philippe Arteau de Roslyn Security Guard, un outil d'analyse statique de code C# open source s'intégrant à Visual Studio et permettant de valider des règles de sécurité. Philippe est un chercheur en cyber-sécurité pour GoSecure. Il est l'auteur de l'outil d’analyse statique Roslyn Security Guard qui supporte la revue de code C#. Il maintient un outil similaire pour le langage Java Find Security Bugs. Il a développé de nombreuses extensions pour les outils de proxy BurpSuite et ZAP. Il a découvert des vulnérabilités dans les logiciels populaires tels que Google Chrome, Dropbox, Paypal, RunKeeper et Jira. Il a également présenté dans différentes conférences incluant Black Hat USA, Black Hat Europe, ATL Sec Con, NorthSec, Confoo et JavaOne. Vous pouvez le rejoindre du Twitter et LinkedIn. Liens Roslyn Security Guard Blog GoSecure montrehack.ca Tutoriel pas-à-pas pour création d'un analyseur simple SDK pour le développement d'extension Roslyn dans Visual Studio FXCop DevTeach 2017 - Appel aux conférenciers
Interview with Dafydd Stuttard This week, we interview Dafydd Stuttard the creator of Burp Suite and the author of the Web Application hacker's Handbook. We talk about the source of the name "Burp" and the future of webapp scanning. Security News - Facebook Sex tapes and rooting the OnHub This week in security news, we talk about Stagefright 2.0, how to root your very own Google OnHub, breaking SHA-1, and AWS WAF's. For a full list of stories, vist our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode437#Stories_of_the_Week_-_7:00PM-8:00PM Security Weekly Web Site: http://securityweekly.com Hack Naked Gear: http://shop.securityweekly.com Follow us on Twitter: @securityweekly
This week, we interview Dafydd Stuttard the creator of Burp Suite and the author of the Web Application hacker's Handbook. We talk about the source of the name "Burp" and the future of webapp scanning. Security Weekly Web Site: http://securityweekly.comHack Naked Gear: http://shop.securityweekly.comFollow us on Twitter: @securityweekly
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Nadeem-Douba-BurpKit.pdf Extras here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Nadeem-Douba-Extras.rar BurpKit - Using WebKit to Own the Web Nadeem Douba Founding Principal, Red Canari Extra Materials available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Nadeem Douba/Extras/BurpKit.jar Today's web apps are developed using a mashup of client- and server-side technologies. Everything from sophisticated Javascript libraries to third-party web services are thrown into the mix. Over the years, we've been asked to test these web apps with security tools that haven't evolved at the same pace. A common short-coming in most of these tools is their inability to perform dynamic analysis to identify vulnerabilities such as dynamically rendered XSS or DOM-based XSS. This is where BurpKit comes in - a BurpSuite plugin that integrates the power of WebKit with that of BurpSuite. In this presentation we'll go over how one can leverage WebKit to write their own web pen-testing tools and introduce BurpKit. We'll show you how BurpKit is able to perform a variety of powerful tasks including dynamic analysis, BurpSuite scripting, and more! Best of all, the plugin will be free and open source so you can extended it to your heart's desire! Nadeem Douba is the founding principal of Red Canari, an information security consulting firm that specializes in the areas of technical security assessments. With over 15 years experience, Nadeem provides consulting and training services for organizations within the public and private sector. He has also presented at some of the world's largest security conferences and is the author of many well-known open source security tools, including PyMiProxy (used by the Internet Archive), Sploitego, and the Canari Framework (previously presented at DEF CON 20). His primary research interests include open source intelligence, application and operating system security, and big data. Twitter: @ndouba
I've been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today's episode!
AT&T Data Security Analysts discuss hacked pacemakers, Burp Suite, McAfee's Threat Report, Android ransomware, Citadel/Dridex arrests, Microsoft updates, new 0-days, and the Internet Weather Report. Originally recorded September 8th, 2015.
In this episode, James Jardine talks about web proxies and how they are used. Whether you are a developer, QA tester, or pen tester, web proxies are essential to your testing efforts. Some Proxies discussed: Burp Suite - http://portswigger.net/ Fiddler - http://www.telerik.com/download/fiddler Zap Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Some cool extensions mentioned: Co2 - http://co2.professionallyevil.com/ Watcher - http://websecuritytool.codeplex.com/
Have you heard of those scam phone calls from "Windows" where the person on the other end of the phone claims to know there's a problem with your computer ("Is it running more slowly lately?") and they even have you test it out by running some commands and referring to common files as viruses. Then they're so friendly that if you simply go to their web site and download a couple files, they'll clean it all up for you. Maybe one of the worst people they could possibly call would be the head guy at Black Hills Information Security, John Strand. Yep, and John was only too happy to give them just enough rope to hang themselves. Listen along for how John was also able to irritate the scammers. Then we tried to get going on the stories of the week and were off to a great start but very quickly got derailed with a story from Australia. Apparently the Australian government is looking to put a filter on the internet in their country that would completely block all perceived porn sites. If someone wants to be able to access porn web sites from inside Australia, they'd need to "opt out" of the filter by simply contacting the government. What could possibly go wrong with this idea? I'm certain that there wouldn't be any privacy issues whatsoever. Additionally, wasn't the internet basically invented for the purpose of porn consumption? Ok, back to the rest of the stories discussed. Remember a few weeks ago when we talked about a scumbag who intruded upon a family through their baby monitor and was able to shout at the baby and parents through the monitor. Well, the Federal Trade Commission (FTC) has slapped down a manufacturer of different brand of baby monitor and said they may no longer market their product as being "secure" until they fix these flaws. The flaws being that they say the feeds are private while anyone can view them on the internet at least in part because the authentication from the internet is clear-text and needs to be encrypted. Here we are already seeing where it seems like a great idea for manufacturers to internetify their product but don't completely understand all aspects of that or at least don't understand basic security needs. I don't know which is the chicken and which is the egg yet, but with the promise of IPv6, we're going to eventually see just about everything we own trying to have some sort of presence on the internet and these basic security precautions will need to be met. Allison alerted us to the fact that Burp Suite got an upgrade this week. I'm constantly amazed at how much Burp can do especially when you consider the $300 price. Sure, there's also ZAP available from OWASP for even cheaper (free) but I think Burp is one of those tools that just about everyone uses because of its awesomeness. If I had to pick out just one of the new features, I'd mention the "Plug 'n Hack". According to Portswigger: "This enables faster configuration of the browser to work with Burp, by automatically configuring the browser to use Burp as its proxy, and installing Burp's CA certificate in the browser." We also found out more details this week about another trojan called FinFisher by Gamma. The existence of FinFisher had been previously revealed but in a presentation by Mikko Hypponen, he talked about some of the things that the tool can do, including cracking WPA1 and WPA2, decrypting common email sites and even copying over a whole drive encrypted with TrueCrypt via a USB stick. Reportedly, the tool had only been available to governments in order to conduct their own national intelligence, but by now there's no way of knowing whether this has slipped out into the wild and in the hands of just anyone. At Black Hat this year, Mike Shema from Qualys talked about a new way to possibly prevent CSRF. As we've seen in the past, the only way to reliably prevent the attack is to place a token in the action and have the server validate that token. This requires that the developer of the application understand CSRF and understand an API for creating the token, and to also implement it properly. If you're in the training or penetration testing business, this sounds like a great thing for job security. However there are millions of developers worldwide and training all of them may take a while. Heck, look at how prevalent much simpler attacks like SQL injection and Cross Site Scripting are. Do we really think that we'll be able to "train away" CSRF? This is where Shema has the idea of "Session Origin Security" and put the token in the browser. Now instead of training millions of developers, we simply get about five browser developers to jump on board. But the gang was a little skeptical about other plugins to work around this as well as breaking valid sessions and backward compatibility. We also wondered whether it may make more sense to allow the browser to choose whether it wants the CSRF protection and turn it on by default and let the user turn it off if there's a good reason to. These all seem to be questions that Shema and his team are looking into. Jack told us about a post from Gunnar Peterson and the "Five Guys Burgers Method of Security". I don't think it means where it's so good for the first ten minutes and then you feel like crap about it for the next few hours. It's the idea that when you go to a Five Guys (and if you haven't yet, you should) they have two things, burgers and fries. They do these two things exceptionally well. They haven't morphed into also being a chicken place, and a fish place and a milkshake place and a coffee place and then letting the overall quality slip. They are focused on doing their two things and doing them extremely well. And I wondered if this is where so many in the security industry get frustrated and eventually burned out. As John brought up, the frustration often comes when there is so much compliance and documentation required, which yeah, I can see that as well. Who likes checking boxes and meeting with guys in ties to explain how you meet the PII, PCI, SOX and whatever other acronyms? I also wonder if there's also frustration in that we're hired to be "the security person" and we have areas that we're good at and enjoy. Whether that's network security, mobile security, web security or whichever. But due to budgets and many other reasons, we are expected to be experts in all areas, much unlike Five Guys. The Five Guys philosophy is if you want a great chicken sandwich, go to a chicken place. If you want a great milkshake, go to a milkshake joint. However in our jobs, we are the burgers and fries and chicken and fish and milkshakes and we're expected to be perfect at all of them. Anyway, it's an interesting take. Do you have a Web site? No? Ok, then you're probably safe. Robert "Rsnake" Hansen put together an infographic about all the different things that you need to worry about today when securing your web site. It started out as a joke but then got a bit too close to reality and finally just got head-shakingly scary. Finally, if you haven't already, check to see if your web site is "locked." Simply do a whois on your site and see if you have at a minimum a status of "ClientTransferProhibited." Some have said the recent NY Times hack was able to happen because the domain was not locked and the Syrian Electronic Army (SEA) was able to get the DNS credentials from someone and then change the DNS records to their own server. But if your DNS is locked, it'll take a bit more work to make the updates. Your registrar will go through additional validation steps before the DNS records are updated. This is likely enough that if someone is looking to hijack web sites, they'll realize yours isn't worth the both and move on to an easier target. With Congress possibly authorizing an attack on Syria and with the twelfth anniversary of the September 11, 2001 attacks upcoming, it would not be surprising to see another round of attacks on web infrastructure. So take this very easy step and protect your site.