POPULARITY
Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin's research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Exploring the DOMPurify library: Bypasses and Fixes (1/2)https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixesExploring the DOMPurify library: Hunting for Misconfigurations (2/2)https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurationsDom-Explorer toolhttps://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954fCT Episode 61: A Hacker on Wall Street - JR0ch17https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/====== Timestamps ======(00:00:00) Introduction(00:01:44) Kevin Mizu - Background and Bring-a-bug(00:15:09) DOMPurify(00:29:04) Misconfigurations - Dangerous allow-lists(00:39:09) Dangerous URI attributes configuration(00:46:08) Bad usage(00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute(01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS(01:36:51) Misc concepts for future research
[00:00:00] Jonathan Turley [00:18:26] Jason Chaffetz [00:36:50] Marc Thiessen [00:55:12] Katherine Boyle [01:13:36] Jon Taffer [01:32:00] Victor Davis Hanson Learn more about your ad choices. Visit podcastchoices.com/adchoices
Jill and Tom opened the show recapping the North American Car of the Year winning vehicles. Awards were presented in the car, utility, and truck categories. The conversation turned to a number of news stories, including Afeela's decision to distribute vehicles in the U.S. outside the traditional dealership system. Afeela is a joint venture between Honda and Sony, which is schedule to begin selling EVs in 2026. Tom also touched on the chronic shortage of automotive technicians in the U.S. Tom suggested that students thinking about career opportunities consider working with cars. Still in the first segment, Jill reviewed the 2025 Chevrolet Traverse, a roomy, 3-row crossover. Jill's take on the family friendly Chevy is mostly positive, but not everything is perfect. In the second segment, the hosts welcome Chicago late-night radio legends Steve and Johnnie to the show. The hosts shared their takes on a number of vehicles they've driven over the years. Listen in for details. In the last segment, Steve and Johnnie join Jill for Tom's “Fake Ford!” quiz. The crew wrapped up the show discussing cars that were offered with Levi's-licensed denim interiors.
Governor Gavin Newsom has signed an executive order that will make it easier for people in Southern California to rebuild homes and businesses damaged or destroyed by the fires. The order suspends two environmental laws that have been on the books since the 70's. For more, KCBS Radio news anchors Patti Reising and Bret Burkhart spoke with KCBS insider Phil Matier.
Join us in this expert interview of 2024 PAD guideline Co-Author Dr. Van de Water (Maastricht) and 2023 ZILVERPASS Author Dr. Bosiers (Bern) in this timely debate.References:- Bosiers M, De Donato G, Torsello G, et al. ZILVERPASS study: ZILVER PTX Stent vs Bypass Surgery in Femoropopliteal lesions. J Cardiovasc Surg. 2023. https://doi.org/10.23736/S0021- 9509.23.12607- RJ Vossen, TM Fokkema, AC Vahl, and R Balm. Systematic review and meta-analysis comparing the autogenous vein bypass versus a prosthetic graft for above-the-knee femoropopliteal bypass surgery in patients with intermittent claudication. Vascular. Sept 6 2022. Vol 32 issue 1. - Maxime Dubosq-Lebaz , Audrey Fels , Gilles Chatellier , Yann Gouëffic Systematic Review and Meta-analysis of Clinical Outcomes After Endovascular Treatment in Patients With Femoropopliteal Lesions Greater Than 150 mm. J Endovasc Ther. 2023 Sep 30:15266028231202709.- Alik Farber et al. Surgery or Endovascular Therapy for Chronic Limb-Threatening Ischemia (BEST-CLI). N Engl J Med. 2022 Dec 22;387(25):2305-2316.- Andrew W Bradbury et al. A vein bypass first versus a best endovascular treatment first revascularisation strategy for patients with chronic limb threatening ischaemia who required an infra-popliteal, with or without an additional more proximal infra-inguinal revascularisation procedure to restore limb perfusion (BASIL-2): an open-label, randomised, multicentre, phase 3 trial. Lancet. 2023 May 27;401(10390):1798-1809.- Nordanstig et al. European Society for Vascular Surgery (ESVS) 2024 Clinical Practice Guidelines on the Management of Asymptomatic Lower Limb Peripheral Arterial Disease and Intermittent Claudication. Eur J Vasc Endovasc Surg (2024) 67, 9e96)References:- Bosiers M, De Donato G, Torsello G, et al. ZILVERPASS study: ZILVER PTX Stent vs Bypass Surgery in Femoropopliteal lesions. J Cardiovasc Surg. 2023. https://doi.org/10.23736/S0021- 9509.23.12607- RJ Vossen, TM Fokkema, AC Vahl, and R Balm. Systematic review and meta-analysis comparing the autogenous vein bypass versus a prosthetic graft for above-the-knee femoropopliteal bypass surgery in patients with intermittent claudication. Vascular. Sept 6 2022. Vol 32 issue 1. - Maxime Dubosq-Lebaz , Audrey Fels , Gilles Chatellier , Yann Gouëffic Systematic Review and Meta-analysis of Clinical Outcomes After Endovascular Treatment in Patients With Femoropopliteal Lesions Greater Than 150 mm. J Endovasc Ther. 2023 Sep 30:15266028231202709.- Alik Farber et al. Surgery or Endovascular Therapy for Chronic Limb-Threatening Ischemia (BEST-CLI). N Engl J Med. 2022 Dec 22;387(25):2305-2316.- Andrew W Bradbury et al. A vein bypass first versus a best endovascular treatment first revascularisation strategy for patients with chronic limb threatening ischaemia who required an infra-popliteal, with or without an additional more proximal infra-inguinal revascularisation procedure to restore limb perfusion (BASIL-2): an open-label, randomised, multicentre, phase 3 trial. Lancet. 2023 May 27;401(10390):1798-1809.- Nordanstig et al. European Society for Vascular Surgery (ESVS) 2024 Clinical Practice Guidelines on the Management of Asymptomatic Lower Limb Peripheral Arterial Disease and Intermittent Claudication. Eur J Vasc Endovasc Surg (2024) 67, 9e96)
In this episode, we dive into a game-changing framework for creating potent messaging that moves hearts and minds. Kathryn Thompson shares her Human Consciousness Spiral, a tool that helps you connect with your audience on a profound level by addressing their experiences, beliefs, values, and identity.BY THE TIME YOU FINISH LISTENING TO TODAY's EPISODE, YOU'LL LEARN:The fundamental flaw in the traditional marketing approach that focuses on proving expertise, showcasing authority, and demonstrating why you're right (& how it's impacting your sales).The Human Consciousness Spiral framework - a revolutionary approach to crafting messaging that bypasses customer resistance and creates genuine, lasting connections.The truth about why people buy: they don't buy what you're selling; they buy what they believe, and to change beliefs, you must first understand them.The crucial perspective shift that most entrepreneurs need to make to create marketing messages that resonate and drive action.If this episode inspires you in some way, leave us a review on Apple Podcasts and let us know your biggest takeaway—whether it's created those aha moments or given you food for thought on achieving greater success.And while you're here, follow us on Instagram @creativelyowned for more daily inspiration on effortlessly attracting the most aligned clients without spending hours marketing your business or chasing clients. Also, make sure to tag me in your stories @creativelyowned.Selling the Invisible: Exactly how to articulate the value of your cosmic genius even if your message transcends the typical “10k months” & “Make 6-figures” types of promises.Free on-demand training >>> https://www.creativelyowned.co/watchnowTo find out how to own your unique edge, amplify who you truly are (& get paid for it), take your business to cosmic proportions, and have fun doing it, grab it here!!https://www.creativelyowned.com/quizOffer Architect: TURN YOUR ‘INVISIBLE' WISDOM INTO A COMPELLING OFFER THAT WILL SELL WITH A SINGLE EMAIL. >>>https://creativelyowned.com/offer-architect
What to expect at Blackhat/DEFCON, Identifying Explosives, OpenAI's new models, Llama 4 Timeline, and more… ➡ Check out Vanta and get $1000 off:vanta.com/unsupervised Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Discussed in this episode:Intro (00:00:00)OSINT and the Pizza Index (00:01:08)Agent Framework Development (00:02:12)State of Cybersecurity (00:04:08)Critical Security Vulnerabilities (00:05:27)Ransomware Trends (00:06:25)Data Breach Costs (00:07:29)AI Developments (00:08:40)California AI Regulation (00:09:42)OpenAI's GPT-4 Launch (00:11:01)Tech Company Updates (00:12:03)Shifts in Workforce Dynamics (00:13:07)Prisoner Swap News (00:17:06)Shark AI Model (00:18:03)Dementia Prevention Insights (00:19:03)Genetics of Self-Control (00:20:12)Name and Appearance Study (00:20:12)Alzheimer's Disease Research (00:20:12)Dungeons and Dragons Rulebooks (00:20:12)Novelists Writing Bug Reports (00:21:22)Recent UBI Study Analysis (00:21:22)Free-Range Kids Initiative (00:21:22)Discovery Farm Bot (00:22:13)Super Memory AI (00:22:13)Avi Shipman's AI Pendant (00:22:13)Installing Fabric (00:22:13)Fleet Open Source Tool (00:22:13)SOC2 Policy Templates (00:22:13)Clutch Security Platform (00:22:13)Black Hat Reminder (00:23:48)Aphorism of the Week (00:23:48)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Kamala Harris Bypasses Democracy On Road To President - HBTY 318. The pod discusses Kamala Harris running for President and whether if she is Black or not. Dr Umar has now been excommunicated from the Hotep Community, Amber Rose and the NDP and much much more
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:?. Tweethttps://x.com/garethheyes/status/1786836956032176215 NoWafPlshttps://github.com/assetnote/nowafplsRedacted Reportshttps://x.com/deadvolvo/status/1790397012468199651Breaking CORShttps://x.com/MtnBer/status/1794657827115696181Sandbox-iframe XSS challenge solutionhttps://joaxcar.com/blog/2024/05/16/sandbox-iframe-xss-challenge-solution/iframe and window.open magichttps://blog.huli.tw/2022/04/07/en/iframe-and-window-open/#detecting-when-a-new-window-has-finished-loadingdomloggerpphttps://github.com/kevin-mizu/domloggerppTimestamps(00:00:00) Introduction(00:03:29) ?. Operator in JS and NoWafPls(00:07:22) Redacting our own reports(00:11:13) Breaking CORS(00:17:07) Sandbox-iframes(00:24:11) Dom hook plugins
Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we're once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE's taking place. Then they cover CI/CD and drop some cool CSP Bypasses.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://twitter.com/NahamSechttps://www.nahamcon.com/Resources:Depihttps://www.landh.tech/depiYoutube CSP:https://www.youtube.com/oembed?callback=alert()Maps CSP:https://maps.googleapis.com/maps/api/js?callback=alert()-printGoogle APIs CSPhttps://www.googleapis.com/customsearch/v1?callback=alert(1)Google CSPhttps://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)//CSP Bypass for opener.child.child.child.click()https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/Timestamps:(00:00:00) Introduction(00:02:55) BSides Takeaways and hacking on Meta(00:12:12) NahamCon News(00:23:45) CI/CD and the launch of Depi(00:33:29) CSP Bypasses
AP Washington correspondent Sagar Meghani reports on United States-Israel-Gaza.
Free, ungated access to all 300+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to
Back in October 2021, President Joe Biden declared his position pertaining to defiance against a subpoena from the January 6 House Select Committee, stating that such refusal ought to lead to prosecution. Consequently, the refusal of his son, Hunter Biden, to comply with a congressional subpoena on a Wednesday appeared to challenge his father's decree. This defiance came in the form of Hunter Biden opting for a press conference on Capitol Hill rather than attending his deposition before the House Oversight Committee as commanded. President Biden's declaration in 2021, emphasizing legal consequences for those who defy subpoenas from the January 6 House Select Committee, recalled as the time when the Justice Department indicted Steve Bannon for a similar act in November 2021. Legal experts are now pointing out that while Hunter Biden could face similar consequences, for various reasons, it may not be the case. The Biden Justice Department's decision to prosecute or not lies in the intricacies of the situation. Hunter Biden, rather than attending the deposition, held a press conference on Capitol Hill. Philip Holloway, a criminal defense attorney and legal analyst, shared his views on this with the Daily Caller News Foundation. Holloway opined that the application of law must be universal for it to hold any weight. According to him, 'Hunter Biden needs to be held to the same standard as other recent people who have thumbed their noses at congressional subpoenas.' He further strengthened his argument by highlighting how Hunter Biden's press conference on Capitol Hill symbolized a blatant show of defiance towards the House of Representatives.See omnystudio.com/listener for privacy information.
1. Penn President, Liz Magill, Resigns Amid Backlash; Harvard Board Backs and Reaffirms Support for President Gay (2:06)2. Donald Trump's Last Minute Decision to Not Testify in Own Defense in NY Civil Fraud Trial (14:40)3. Quick Hitters (19:12)(Biden Admin Bypasses Congressional Authorization in Sending Emergency Tank Shells to Israel, Man Arrested for Threatening to Kill Vivek Ramaswamy, Hunter Biden Seeks Dismissal of Firearm Indictment.)4. SCOTUS Declines to Hear Challenge to Law Banning Conversion Therapy in Minors (27:38)5. Special Counsel Jack Smith Bypasses Appellate Court and Asks Supreme Court to Determine Trump's Absolute Immunity Claim (32:30)If you enjoyed this episode, please leave me a review and share it with those you know that also appreciate unbiased news!Subscribe to Jordan's weekly free newsletter featuring hot topics in the news, trending lawsuits, and more.Follow Jordan on Instagram and TikTok.All sources for this episode can be found here.
In this episode of The PDB Afternoon Bulletin: The Biden administration quietly bypassed a deadlocked Congress over the weekend to approve the sale of more than $100 million in tank ammunition to Israel for their war effort in Gaza. Harvard has announced that they will not fire their current president despite mounting criticism over her widely condemned testimony last week on antisemitism. Please remember to subscribe if you enjoyed this episode of The PDB Afternoon Bulletin. Email: PDB@TheFirstTV.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome to another installment of our stuck series. This episode discusses how to honor and address spiritual bypasses or blocks in the clinical process. Welcome to the Leading Edge in Emotionally Focused Therapy with Drs. James Hawkins, Ph.D., LPC, and Ryan Rana, Ph.D., LMFT, LPC, ICEEFT Therapists, Supervisors, and Trainers. Thank you for listening. We hope this experience helps you push the leading edge in your work to help people connect with themselves and each other. You can financially contribute to this podcast on Venmo (@leftpodcast). Type LEFT or Leading Edge in EFT in the comments or notes section. All financial contributions are greatly appreciated and will help us keep producing content to help you push your leading edge. We desire to use this podcast to help equip therapists with tools and encouragement to help them with relational distress. We are also part of a team that has created an online training program, Success in Vulnerability (SV). Success In Vulnerability is your premier online education experience that leads with innovative instruction to advance your therapeutic effectiveness through Success in Vulnerability's exclusive Modules and full-length Clinical Examples. You can follow us on our Facebook page @pushtheleadingedge You can follow Ryan on Facebook @ryanranaprofessionaltraining and his website You can follow James on Facebook and Instagram @dochawklpc. You can also check out his website, dochawklpc.com Check out our online training program, Success in Vulnerability (SV) You can follow George @ https://www.georgefaller.com/.
Bootcamp has launched!!! Join until Nov 11th: https://bit.ly/epiclifebootcamp All INFJ EPIC LIFE Programs: https://programs.wenzes.com/collections Free Resources: https://wenzes.com/INFJ-Free-Resource/ Get ready people! Today, we're diving into the five clever ways INFJs outsmart the world. INFJs often feel like they're carrying the weight of the world on their shoulders, thinking that things are tougher for them while others have it easy. But here's the twist: we've been doing it all wrong. Instead of playing by everyone else's rules, we need to tap into our own unique strengths. Once we embrace our true selves, we'll bypass those who struggle to live authentically and on their own terms. We can't control other people's paths, but we can inspire them by being the best version of ourselves. Website: http://www.wenzes.com/ Instagram: https://www.instagram.com/wenzes_ Facebook: https://www.facebook.com/CoachWenzes #INFJ #INFJLIFECOACH #LIFECOACHING
Senior Scientist at Bird Life International, previously the Principal Scientist at the RSPB, and before that at the BTO, Paul Donald is a world expert on things that fly. As such, it is perhaps somewhat surprising that he has focused this expertise into a groundbreaking book about roads, the things that travel upon them, and the damage they do to nature. This in depth discussion of two halves begins by showcasing how Paul helped re-establish the population of one of the world's most endangered birds - the Raso Lark of the Cape Verde Islands, how birds living within the EU have greater life expectancy than those living outside it, and how Buddhist beliefs may be inadvertently bolstering the illegal trade in rare birds. From then it's on to the “extinction driving, landscape splitting, wildlife slaughtering, soundscape shattering, pollution spewing, climate changing, health wrecking, global catastrophe” which Paul has labelled ‘Traffication'. Did you know that the area in a bird's brain dedicated to song learning is smaller in a bird exposed to road noise? Did you know the first electric car dates from 1888? And did you know that there is a species of Nightjar known to exist purely because of a single piece of feathered roadkill scraped up from the tarmacadam?! But most importantly, if you drive a car, what single thing can you do today to help our wildlife? This and much more in November's episode of Trees a Crowd. Why not become a "Subscription Squirrel" on our Patreon, and help support the production of this podcast? Hosted on Acast. See acast.com/privacy for more information.
Android Dropper-as-a-Service Bypasses Google's Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company's security. Sign up now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
Hour 2 - Nick Reed and Tom Martz are live at Scramblers Diner. Here's what they cover: Today is National sandwich day. What is your favorite sandwich? On this day in history. Quote of the day. Bypasses. Sovereign immunity.
zkFold is a project focused on wrapping Plutus scripts for Cardano with zero-knowledge proofs (ZKPs). Their product, zkWrapper, takes any Untyped Plutus Core (UPLC) script as input and generates a zero-knowledge version.Key features and benefits of zkWrapper include: No script length limit: Bypasses the Cardano transaction size limit. No CEK execution budget limit: The original script runs off-chain, and the on-chain wrapper script only verifies the proof of execution.No redeemer or datum size limit: The actual data is represented through short polynomial commitments, reducing transaction size. However, public data critical for smart contract state is not hashed, maintaining the trust model.Private Smart Contracts: zkWrapper allows for the creation of private smart contracts since the original script isn't submitted on-chain.Learn more about the platform at https://zkfold.io
The crew hears from listeners about gas stoves, screw-pile lighthouses, and LEDs. Discussion questions include roots lifting a garage, leaky porch ceilings, and central dehumidifiers.
HR2 Curriculum Service Newsela Bypasses State Bans on CRT | Streaming Services 9-12-23 by John Rush
The International Risk Podcast is a weekly podcast for senior executives, board members, and risk advisors. We speak with risk management specialists from around the world. Our host Dominic Bowen, originally from Australia, is one of Europe's leading international risk specialists. Having spent the last 20 years successfully establishing large and complex operations in the world's highest-risk areas and conflict zones, Dominic now joins you to speak with exciting guests from around the world.The International Risk Podcast – Reducing risk by increasing knowledgeFollow us on Facebook, Twitter, Instagram, and LinkedIn for all our great updates.In today's episode, we are joined by two impressive guests - Owais Arshad and Oleh Savytskyi. Owais Arshad is a geostrategist who advises on geopolitical developments, sanctions regimes, export controls, and international finance. His clients have spanned both public and private sector entities such as central banks, financial regulators, commodity traders, hedge funds, and private equity firms. He has spoken at leading industry fora on emerging risks such as DeFi protocols and writes on international security matters. His writings have appeared in journals such as Nikkei Asia and Al Jazeera and he is often requested to comment on topical issues such as sovereign risk, and international relations. Oleh Savytskyi is a world-class climate and energy policy expert. Oleh has 10 years of experience in the field – from youth climate activism to consulting the Ministry of Environment of Ukraine. Oleh participated in the UNFCCC conferences COP21 in Paris in 2015 and in Glasgow in 2021. Oleh is a fellow of the Michael Succow Nature Conservation Fund and alumni of Agora Energiewende EnerTracks training program for energy transition professionals. Since 2022 Oleh has mobilized to fight the Russian fossil fuel industry as Campaigns Manager at NGO Razom We Stand.Further reading:Global Witness identified that 1 in 20 flights in the UK is using Russian jet fuel:https://www.globalwitness.org/en/press-releases/billboards-across-london-reveal-estimated-1-20-uk-flights-running-russian-oil/Russian oil profits rise in July as G7 fails to tighten sanctions and revise the price cap: https://www.businessinsider.in/stock-market/news/russian-oil-smashes-through-the-g7-price-cap-as-crude-exports-in-july-hit-the-highest-level-of-2023/articleshow/102653684.cms
Andrea travelled through both Virginia and Carrick-on-Shannon over the weekend. The heavy traffic in both areas highlights the need for both towns to be bypassed. Plans have been in the pipeline for years but never implemented. Andrea was joined by Councillor TP Reilly, Patrick Farrelly, Chairperson of the Virginia Development Association, Carrick on Shannon Councillor Enda Stenson and other locals to discuss...
PEBCAK Podcast: Information Security News by Some All Around Good People
Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”
Why Saudi Arabia's crown prince is looking to Beijing not Washington as he goes into diplomatic overdrive. More violence at a Jerusalem holy site puts the Middle East on edge for Passover and Ramadan. U.S. recession fears stalk investors. Join us on the high seas with a migrant rescue ship in Europe.
President Macron's government invokes special article to overhaul the French pension system. Treasury Secretary Janet Yellen testifies to Senate Finance Committee after the collapse of two midsize banks and Ernst and Young breakup deal might be in trouble. Charlotte Gartenberg reports. Learn more about your ad choices. Visit megaphone.fm/adchoices
Is Pwn2Own worth it for bug bounty hunters? A handful of trivial command injections, and some awesome WAF bypasses. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/175.html [00:00:00] Introduction [00:00:34] Pwn2Own Toronto 2022 - Results [00:10:31] Cool vulns don't live long - Netgear and Pwn2Own [00:15:03] The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 [00:26:54] Abusing JSON-Based SQL to Bypass WAF [00:26:54] RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass [00:37:25] Abusing JSON-Based SQL to Bypass WAF [00:46:47] OTP Leaking Through Cookie Leads to Account Takeover [00:50:47] ChatGPT bid for bogus bug bounty is thwarted The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
The client's use of their spiritual values and religion in their therapy sessions can really be an asset to the client's mental health. However, sometimes, clients can use their religious values or spiritual beliefs as a block or an exit during sessions as a sort of bypass to avoid doing some of the deeper emotional work that's needed. Spirituality and Religion can be super helpful, and it can be very delicate to know what to do when you want to honor the client's beliefs but also recognize when it's coming up in session as a way to avoid doing deeper work. As therapists, we want to make sure that we don't dismiss a client's spiritual or religious beliefs, or that we also don't get stuck preaching to them either (be sure of your ethical best practices here!). Join We Heart Therapy host Dr. Belle and ICEEFT Certified EFT Trainer "Doc Hawk," James Hawkins Ph.D., as they discuss how to work with clients' use of spiritual/religious bypasses in session using EFT Emotionally Focused Therapy. For more information on ICEEFT & EFT, visit: http://www.iceeft.com http://www.drsuejohnson.com For more information on Arkansas EFT Trainer James Hawkins, Ph.D., LPC, find him at: https://www.arkansaseft.com Find James on his podcast, The Leading Edge in Emotionally Focused Therapy https://theleadingedgeineft.podbean.com/ Find Dr. James Hawkins & Dr. Belle on Success in Vulnerability: https://www.successinvulnerability.com To purchase a copy of Dr. Belle's Self of the Therapist book on Amazon, all about Harnessing the power of Empathy to connect with difficult clients, visit: https://a.co/d/7R1S76N For information on your host, Anabelle Bugatti, Ph.D., LMFT, visit: http://www.drbelle.com http://www.wehearttherapy.com http://www.snveft.com http://www.lasvegasmarriagecounseling...
Seth and Ken kickoff another unique discussion by looking at a recent scholarly paper on security bypasses and workarounds by health care workers. Followed by a demo of AppMap, a development tool that shows code traces based on dynamic use. Finally, a discussion of Portswigger's new Dastardly CI/CD tool and where it fits in the security SDLC.
We are subjected to phishing scams almost every day, and even the most seasoned professional must examine an email to ensure the links included are safe. Brown University and Federal Reserve Bank of Cleveland's Allen Dziwa says people are the weakest link and that customized messaging using regional language for targeted attacks is becoming more prevalent. Allen breaks down the many types of attacks (phishing, spear phishing, smishing, vishing, whaling) with ISACA's Kevin Keh. Tune in now to learn how to be vigilant when facing potential attacks from scammers. To read Allen's full article, please visit: www.isaca.org/how-social-engineering-bypasses-technical-controls To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts
No actual bounties this week, but we start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/157.html [00:00:00] Introduction [00:00:39] Comparing Semgrep and CodeQL [00:14:27] A Deep Dive of CVE-2022–33987 (Got allows a redirect to a UNIX socket) [00:20:18] Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style [00:28:23] [OpenJDK] Weak Parsing Logic in java.net.InetAddress and Related Classes [00:34:22] RCE via Phar Deserialisation [CVE-2022-41343]
When Russia shut down Ukraine's internet service, Elon Musk bypassed the Russians and ordered Starlink service to reconnect Ukraine. In 60-seconds, the story of how he's done it again, this time in Iran. Learn more about your ad choices. Visit megaphone.fm/adchoices
Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE. Links and summaries are available at https://dayzerosec.com/podcast/153.html [00:00:00] Introduction [00:00:31] Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library [00:10:31] Breaking Bitbucket: Pre Auth Remote Command Execution [CVE-2022-36804] [00:16:25] [Chrome] Sanitizer API bypass via prototype pollution [00:23:02] How we Abused Repository Webhooks to Access Internal CI Systems at Scale [00:35:03] WAF bypasses via 0days [00:42:40] Cloning internal Google repos for fun and… info? [00:43:19] How to turn security research into profit: a CL.0 case study
Front Line Covid-19 Critical Care Alliance President, Dr. Pierre Kory, discusses the dangers of Paxlovid.#PierreKory #Pavlovid #FLCCC
John Solomon and Amanda Head host ‘Just the News, Not Noise' delivering the pressing news of the day and giving you Information without indoctrination while rising above the rhetoric. Best of show interviews this week with: Country star John Rich, Rep. Jim Jordan (R-OH), Rep. James Comer (R-KY), Rep. Troy Nehls (R-TX), Ann Wood-Dorn, widow of Capt. David Dorn and Host of Hidden Heroes Radio Show. To see the daily show, go to americasvoice.news each Monday through Friday at 6pm Eastern Time or watch any time at JustTheNews.com/tv.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Free 5 Pillars to an INFJ EPIC LIFE Poster: http://bit.ly/5pillarsepiclife Get the INFJ Audio GUIDE TODAY!!! https://bit.ly/epiclifeaudio INFJ Life Coach Lesson: What's the key phrase for today? "Don't hate the player, change yourself." The INFJ is a person who can easily adapt and transform themselves to fit any situation. They're not just good at changing how other people see them; they also have this incredible ability of distortion inside themselves that allows them make an 180 degree turnaround on how they interpret a certain situation. Additional Free Material: Free "PRODUCTIVE WEEK FOR INFJ" Poster: http://bit.ly/2REtVyc Free INFJ Email Course: http://bit.ly/2VGAq8N 5 Pillars to an EPIC LIFE Poster: http://bit.ly/5pillarsepiclife Website: http://www.wenzes.com/ Instagram: https://www.instagram.com/wenzes_ Facebook: https://www.facebook.com/CoachWenzes #INFJ #INFJLIFECOACH #LIFECOACHING
So In this Episode of Interviews with Entrepreneurs show we're interviewing Gerbert. someone who Figured out how to Fix ios 14 problems with Facebook tracking and able to Create an awesome Software that Allows them to Bypass ios 14 tracking with Facebook...Not only that but also able to get 100% Tracking for conversions leads and sales which is Epic So We're Interviewing Gerbert Doronin Koltan. He's also Multiple 2 comma club award winner and also this Amazing software Called Capibox. we'll find out how it works out. Jaime's SOCIAL MEDIA: FB: https://www.facebook.com/gerbertdk CAPIBOX: https://www.capibox.com FOLLOW RJ SOCIAL MEDIA: Facebook: https://www.facebook.com/therjahmed FB Group: https://www.facebook.com/groups/AMHOE Instagram: https://www.instagram.com/itsrjahmed Get Free Copy of My Book Decades In Days: https://www.decadesindaysbook.com
PEBCAK Podcast: Information Security News by Some All Around Good People
Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”
HAPPY TUESDAY LOCKED ON CUBS FAMILY!The dream of Carlos Correa patrolling the shortstop position for the Chicago Cubs in 2022 is now gone after the slugger officially departs the Houston Astros and signs a 3-year contract with the Minnesota Twins. 3 year contract?! We thought the Cubs were in on Correa if he'd accept a shorter term deal! What happened? Join us and find out!Plus, how exactly did the Chicago Cubs land Japanese slugger Seiya Suzuki? The process was a long one, but patience is a virtue! We chronicle how they courted Seiya and made him feel confident enough in Chicago and the Cubs to get a deal done!Finally, let's head to Mesa, shall we?! Virtual Spring Training trip to catch up on all of the roster moves in the last couple days, and there have been plenty!!LISTEN: https://podcasts.apple.com/us/podcast/locked-on-cubs-daily-podcast-on-the-chicago-cubs/id1333234563 Learn more about your ad choices. Visit podcastchoices.com/adchoices
HAPPY TUESDAY LOCKED ON CUBS FAMILY! The dream of Carlos Correa patrolling the shortstop position for the Chicago Cubs in 2022 is now gone after the slugger officially departs the Houston Astros and signs a 3-year contract with the Minnesota Twins. 3 year contract?! We thought the Cubs were in on Correa if he'd accept a shorter term deal! What happened? Join us and find out! Plus, how exactly did the Chicago Cubs land Japanese slugger Seiya Suzuki? The process was a long one, but patience is a virtue! We chronicle how they courted Seiya and made him feel confident enough in Chicago and the Cubs to get a deal done! Finally, let's head to Mesa, shall we?! Virtual Spring Training trip to catch up on all of the roster moves in the last couple days, and there have been plenty!! LISTEN: https://podcasts.apple.com/us/podcast/locked-on-cubs-daily-podcast-on-the-chicago-cubs/id1333234563 Learn more about your ad choices. Visit podcastchoices.com/adchoices
Running Time 59:00 minutes In episode 1, "Pardon Me!" WGT interviews executive pardoned Border Patrol Agent, Gary Brugman. Officer Brugman was pardoned by Donald Trump in 2020. Many feel that Gary was the target of an over zealous prosecutor from the Bush administration. Highlights: Talks about medically retired, Special Agent Victor Avila and deceased partner, Jaime Zapata, receiving Federal Law Enforcement Protection Act plaque from US Senator John Cornyn and insult by President Joe Biden Growing up without a father in Bushwick, half Puerto Rican. Leaves home at 15, street kid. Joins Coast Guard for 9 years. Finally gets hired by United States Border Patrol/INS in 1998 Jan 14, 2001, Location, Roseta Farms Pecan Orchard near Eagle Pass, Texas.The Recon Shift when shit hit the fan. Patrolling 88 miles along Texas, Mexico border. Seismic Censors go off as 15 illegal aliens attempt to enter America illegally. Use of de minimis of minimal force usage. Partners (who later testified against Brugman) Newly hired, Marcelino Alegria & Senior Agent who later testifies from 80 to 100 yards, at night, as to what happened, Remberto Perez. "Why are you running?" The boot that resulted in Civil Rights charges against Agent Brugman filed by illegal alien, Miguel Angel Jimenez Saldana (later confused with Miguel Angel Rodriguez Silva.) March 22, 2001, "Positive 46" radioed, short for "narcotics transport suspected." some six weeks later, Brugman is in hot pursuit of 7 "mules" or Mexican Drug Runners. Gets in a life and death fight with Miguel Angel Rodriguez Silva who is given amnesty to testify against Brugman. No sworn statements ever taken until trial, which occurred some 3 years later in 2004 at the trial. 2001, Brugman's weapon is taken by his superintendent, and his was put on camera duty. No details were given Brugman as to why other than the Border Patrol said the investigation was not coming from them. No representation from his union was ever given. Receives letter from US Attorney stating Brugman was the "target of an investigation." Self Surrenders in Del Rio, Texas on the charge of violation of 18 U.S.C. 242 "Depriving another of his constitution rights while acting under color of law." A Civil Rights Violation. Prosecution uses "Similar Acts" rule to submit late evidence into the trial. Can't find an attorney that will defend him. Uses Yellow Pages to find attorney. $5,000 retainer paid. CASE NUMBER: 03-50294 March 26, 2004 84 year old, Justice, William Wayne (1920–2009), Presiding. Changes venue to Austin, bad omen. The role of the Mexican consulate in the entire process. Bypasses normal channels, goes straight to Department of Justice and then the Office of the Inspector General. Was there a revenge motive against Agent Brugman for being a highly successful agent disrupting drug flow to America.
In this episode, Jeremy Miller (Harbinger) catches up with Csaba Fitzl (@theevilbit), Lead Content Developer for macOS Control Bypasses (EXP-312) at OffSec. They start with how Csaba got into InfoSec, particularly macOS security. Csaba explains why he focuses on macOS and why OffSec decided to offer a course on this topic. They dive into the syllabus and Csaba walks us through what EXP-312 covers. He gives a brief description of many of the vulnerabilities and exploits covered and the different techniques employed. They also discuss what to expect in terms of labs as well as prerequisites for the course. Finally, Csaba reveals what surprising things he learned about macOS while preparing this course. For more information on macOS Control Bypasses (EXP-312), visit https://www.offensive-security.com/exp312-osmr/.