Podcasts about Sandboxie

NÚKIB vydal varování před hrozbou kybernetických útoků na nemocnice a jiné významné cíle ČR, opravené zranitelnosti v Microsoft Windows, Sandboxie jako open source a další.

Starting off the week with a discussion about the disappointing IDA Home, before moving into a few easy command injections, code-reuse attacks applied to XSS, detecting trojaned hardware and ending with a subtle crypto-bug. [00:00:45] DAY[0] Episode Transcripts now Available [00:02:53] Microsoft Buys Corp.com to Keep It Safe from Hackers (Over $1.7 Million Deal) [00:05:42] Hack for Good: Easily Donate Bounties to WHO’s COVID-19 Response Fund [00:10:55] RetDec v4.0 is out [00:17:33] IDA Home is coming https://www.sophia.re/Binary-Rockstar/index.htmlhttps://nostarch.com/GhidraBook [00:33:44] Sandboxie Open Source Code is available https://github.com/xanasoft/Sandboxie [00:38:01] Exploiting the TP-Link Archer A7 [00:46:50] Exploiting the Starcraft 1 EUD Bug [00:51:23] OhMyZsh dotenv Remote Code Execution [00:56:19] Symantec Web Gateway 5.0.2.8 Remote Code Execution [00:59:15] VMware vCenter Server Sensitive Information Disclosure [CVE-2020-3952] [01:01:39] Bypassing modern XSS mitigations with code-reuse attacks [01:07:49] Practical Data Poisoning Attack against Next-Item Recommendation [01:11:40] Hardware Trojan Detection Using Controlled Circuit Aging [01:16:18] A "Final" Security Bug [01:27:05] RCEed version of computer malware / rootkit MyRTUs / Stuxnet. https://github.com/christian-roggia/open-myrtus/blob/master/rootkit/FastIo.chttps://xkcd.com/350/ Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

A small company has amassed over 3 billion online photos from social media and other public sources, creating perhaps the largest facial database in existence - far larger than even the FBI's database. The images are often connected to a person's full name, address, and people they know. The company, called Clearview, has sold access to this database to over 600 law enforcement agencies, allowing them to quickly identify someone from a single picture. While this has allowed them to solve several cases, it also means that we have basically lost the ability to be anonymous in public. There are no rules around this - but there need to be. In other news, if you haven't updated Windows in the last week, you need to do it right now; same goes for Internet Explorer (though you should really just switch to Firefox); Apple and FBI are once again facing off over iPhone encryption; the vast majority of modern cable modems are vulnerable to a devastating hack; and for at least this year, you shouldn't abbreviate with just "20" on anything important. Further Info: NY Times article on Clearview: https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html Sandboxie: https://www.sandboxie.com/ VirtualBox: https://www.virtualbox.org/ CableHaunt: https://cablehaunt.com/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0]) [1573502643] Blog launched, stream schedule, discord [1573503151] Pwn2Own Tokyo 2019 [1573503418] Blog launched, stream schedule, discord [00:01:56] Pwn2Own Tokyo 2019 https://www.zerodayinitiative.com/Pwn2OwnTokyo2019Rules.html [00:07:22] Pwn2Own Tokyo 2019 [00:08:46] Google Begins Testing Extension manifest v3 in Chrome Canary [00:12:03] Rogue Trend Micro Employee Sold Customer Data for 68K Accounts [00:14:54] The DoJ charges former Twitter employees for allegedly accessing thousands of accounts on behalf of Saudi Arabia. [00:23:02] OpenTitan – Open sourcing transparent, trustworthy, and secure silicon https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ [00:26:34] OpenTitan – Open sourcing transparent, trustworthy, and secure silicon [00:29:33] Sandboxie transitioning to open source https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ https://securelist.com/titanium-the-platinum-group-strikes-again/94961/ https://arstechnica.com/information-technology/2019/11/newly-discovered-titanium-backdoor-employs-clever-ways-to-go-undetected/ [00:44:06] Facebook Groups API flaw exposed data to 100 developers [00:47:47] Laser-Based Audio Injection on Voice-Controllable Systems [00:54:07] Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems [00:54:20] Laser-Based Audio Injection on Voice-Controllable Systems [00:57:11]

“Together we can make IT” oder “Together we make IT” Ja, was stimmt denn nun? Viele waren dadurch ein wenig verwirrt, was ich auch nachvollziehen kann. Das Problem war, dass sich, warum auch immer, das Wörtchen can eingeschlichen hat. Richtig heißt es “Together we make IT” Das habe ich nun so weit wie möglich wieder … Continue reading Episode 006 – Sandboxie und Malwarebytes →

Wi-Fi security, Internet privacy (slipping away fast), Sandboxie (a good sandbox option), installing a new Wi-Fi router (must register with ISP), channel agnostic customer service (customer selects the channel for everything), Profiles in IT (Randy Pausch, co-founder Alice programming initiative, last lecture went viral), mindful leadership (new trend in Silicon Valley, leads to emotional intelligence, level 5 leadership), another drone violation (drone crashes near police seige in Australia, owner fined), first 3D printer tool in space (NASA just emailed the file for the socket wrench), drones for Christmas (Hubsan X4 Quadcopter $80, Parrot AR Drone 2.0 $500, DJI Phantom 2 Vision $1125), robots for Christmas (iRobot Create 2 Prgrammable Robot $200, Parrot Minidrones Jumping Sumo $160, WowWee MiP $100, Modular Robotics Exofabulatronixx $100, Obrotix Ollie $100). This show originally aired on Saturday, December 20, 2014, at 9:00 AM EST on WFED (1500 AM). This show originally aired on Saturday, December 20, 2014, at 9:00 AM EST on WFED (1500 AM).

Wi-Fi security, Internet privacy (slipping away fast), Sandboxie (a good sandbox option), installing a new Wi-Fi router (must register with ISP), channel agnostic customer service (customer selects the channel for everything), Profiles in IT (Randy Pausch, co-founder Alice programming initiative, last lecture went viral), mindful leadership (new trend in Silicon Valley, leads to emotional intelligence, level 5 leadership), another drone violation (drone crashes near police seige in Australia, owner fined), first 3D printer tool in space (NASA just emailed the file for the socket wrench), drones for Christmas (Hubsan X4 Quadcopter $80, Parrot AR Drone 2.0 $500, DJI Phantom 2 Vision $1125), robots for Christmas (iRobot Create 2 Prgrammable Robot $200, Parrot Minidrones Jumping Sumo $160, WowWee MiP $100, Modular Robotics Exofabulatronixx $100, Obrotix Ollie $100). This show originally aired on Saturday, December 20, 2014, at 9:00 AM EST on WFED (1500 AM). This show originally aired on Saturday, December 20, 2014, at 9:00 AM EST on WFED (1500 AM).

This week, we find ways to increase security when browsing the EWW (Evil Wide Web). We give a shout-out to WhiteHatSec's Aviator browser as a way for everyone to have an eleveated security posture with very little configuration required. And Mr. Boettcher and I talk about some of the plugins we use to make ourselves more secure. And Mr. Boettcher surprises me with his proclivities toward farmyard animals.   Aviator Browser: https://www.whitehatsec.com/aviator/ Sandboxie: http://www.sandboxie.com/ Browser plugins: Firefox --- Request Policy: https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/ Google --- Notscript: http://www.dedoimedo.com/computers/google-chrome-notscript.html     Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Sandboxie er et program, som du installerer på din egen pc. Det tillader dig at åbne dine programmer eller filer i en såkaldt virtuel sandkasse, som kører fuldstændig uafhængigt  og som ikke har adgang til selve din computer. Det betyder f.eks. at hvis du bruger sandboxie til at surfe internet med og kommer ind på en ondsindet […]

Sorry for the delay in getting this episode out this time.  Anthony got stuck with doing some actual work and then we all got hit by the holidays.  We do hope you enjoy the show this week. Mubix attended the CSI Conference and no not CSI on TV, the CSI Anual conference. The topic he found intriguing is Security and Responsibility.  If something happens how and to what extent as security professionals are we responsible and accountable.  This is a topic he brought up on twitter as well and got a lot of replies back.  Some agreeing and some not, Feel free to weigh in on this one. Some of the references that were brought up in response to this topic were Sandboxie, castlecops, and Web of Trust. After the break we went into a discussion on DD Images and using live view on them, but since that was a fail, Chris used QEMU.   You can even go get some test images at ProjectHoneypot.org and convert them using a tool dd2vmdk .  The conversation went into WPA is not Busted.  We referenced Steven Gibson's explantion and Joel Eslers blog posts on the subject.  During the break we discussed a great site as well from Josh Wright about Wireless Vulnerabilities & Exploits After the Break we were able to bring in the real Joel Esler.  Joel is part time batman as well and Joel has aggred to give us at least one batmobile, but we digress.  He actually works for sourcefire.  This is an organzation that you should take a look at, it is well worth your time.  He also is an avid security blogger and has his own blog at Joel Esler.net  Joel talks about he IPS's of today are simply not the same as many of the original IPS's. We lose Joel a little bit during the break and we cut a little more abruptly to break than we normally do.  Sorry about that!  But we kind of ran out of content and time. SecuraBit would like to make sure everyone has a Happy Holidays and don't forget to leave us feedback on Itunes even if you don't listen via Itunes.  We want to get some of these casts out of there that have not posted in years. Hosts: Rob Fuller - Mubix, room362.com Anthony Gartner - AnthonyGartner.com Chris Gerling - Hak5Chris, Chrisgerling.com Chris Mills - ChrisAM Jason Mueller - SecurabitJay Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.phishtank.com/ http://projecthoneypot.org/ http://www.sourcefire.com/products/3D/?semg=USSFR2&gclid=CISstozXgpcCFQVKtAodijdxXQ http://www.joelesler.net/finshake/Blog/Blog.html http://www.wirelessve.org/news_entries http://en.wikipedia.org/wiki/Dd_(Unix) http://en.wikipedia.org/wiki/QEMU http://isc.sans.org/diary.html?rss http://isc.sans.org/diary.html?storyid=5300 http://www.clamav.net/ http://sandboxie.com/ http://www.castlecops.com/ http://en.wikipedia.org/wiki/Web_of_trust