This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Internet Radio Done Right
29 subscribers
Checked 1y ago
추가했습니다 eight 년 전
Security Weekly에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Security Weekly 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Tradecraft Security Weekly (Audio)와 비슷한 콘텐츠
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Daily Deals
Automating Screenshots to Quickly Assess Many WebApps - Tradecraft Security Weekly #12
Manage episode 183576185 series 1456935
Security Weekly에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Security Weekly 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
On penetration tests we are often-times faced with very large external or internal attack surfaces that are made up of multiple web applications. When there is a need to assess thousands of webapps quickly manually navigating each page with a browser would be very inefficient. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) details how to automatically screenshot multiple web applications for quick analysis.
Full Show Notes: https://wiki.securityweekly.com/TS_Episode12
LINKS: EyeWitness - https://github.com/ChrisTruncer/EyeWitness Rawr - https://bitbucket.org/al14s/rawr/wiki/Home httpscreenshot - https://github.com/breenmachine/httpscreenshot Peeping Tom - https://bitbucket.org/LaNMaSteR53/peepingtom/ PowerWebShot - https://github.com/dafthack/PowerWebShot
14 에피소드
공유Manage episode 183576185 series 1456935
Security Weekly에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Security Weekly 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
On penetration tests we are often-times faced with very large external or internal attack surfaces that are made up of multiple web applications. When there is a need to assess thousands of webapps quickly manually navigating each page with a browser would be very inefficient. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) details how to automatically screenshot multiple web applications for quick analysis.
Full Show Notes: https://wiki.securityweekly.com/TS_Episode12
LINKS: EyeWitness - https://github.com/ChrisTruncer/EyeWitness Rawr - https://bitbucket.org/al14s/rawr/wiki/Home httpscreenshot - https://github.com/breenmachine/httpscreenshot Peeping Tom - https://bitbucket.org/LaNMaSteR53/peepingtom/ PowerWebShot - https://github.com/dafthack/PowerWebShot
14 에피소드
모든 에피소드
×
1 Black Hat & DEF CON 2018 - Tradecraft Security Weekly #28 14:20
14:20 
나중에 재생 
나중에 재생 
리스트 
좋아요 
좋아요14:20
나중에 재생 나중에 재생 리스트 좋아요 좋아요This is the Hacker Summer Camp 2018 edition of Tradecraft Security Weekly. In this week's episode Beau Bullock (@dafthack) talks about some of the more interesting items he saw come out of the Black Hat and DEF CON conferences this year. For Show Links: https://wiki.securityweekly.com/TS_Episode28
1 Phishing 2FA Tokens with CredSniper - Tradecraft Security Weekly #25 19:06
19:06 나중에 재생 나중에 재생 리스트 좋아요 좋아요19:06
나중에 재생 나중에 재생 리스트 좋아요 좋아요Organizations are implementing two-factor on more and more web services. The traditional methods for phishing credentials is no longer good enough to gain access to user accounts if 2FA is setup. In this episode Mike Felch (@ustayready) and Beau Bullock (@dafthack) demonstrate a tool that Mike wrote called CredSniper that assists in cloning portals for harvesting two-factor tokens. Links: https://github.com/ustayready/CredSniper…
1 Evading Network-Based Detection Mechanisms - Tradecraft Security Weekly #24 19:41
19:41 나중에 재생 나중에 재생 리스트 좋아요 좋아요19:41
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pentesting tools like Nmap when no evasion options are used. Additionally, companies are doing a better job at detecting and blocking IP addresses performing password attacks. Proxycannon is a tool that allows pentesters to spin up multiple servers to proxy attempts through to bypass some of these detection mechanisms. Links: Nmap Evasion Options - https://nmap.org/book/man-bypass-firewalls-ids.html ProxyCannon - https://www.shellntel.com/blog/2016/1/14/update-to-proxycannon…
1 HTML5 Storage Exfil via XSS - Tradecraft Security Weekly #23 14:31
14:31 나중에 재생 나중에 재생 리스트 좋아요 좋아요14:31
나중에 재생 나중에 재생 리스트 좋아요 좋아요It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to navigate a site as the victim in the context of the web application. In this episode the hosts Beau Bullock (@dafthack) & Mike Felch (@ustayready) demonstrate how to exploit a XSS vulnerability to access HTML5 local storage to steal a cookie. (Sorry the camera video feed froze at 9 minutes)…
1 Leaking Windows Creds Externally Via MS Office - Tradecraft Security Weekly #21 12:56
12:56 나중에 재생 나중에 재생 리스트 좋아요 좋아요12:56
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this episode of Tradecraft Security Weekly, Mike Felch discusses with Beau Bullock about the possibilities of using framesets in MS Office documents to send Windows password hashes remotely across the Internet. This technique has the ability to bypass many common security controls so add it to your red team toolboxes. Mike Felch (@ustayready) Beau Bullock (@dafthack) LINKS: SensePost Blog - https://www.dropbox.com/s/hmna48mc6qodlrw/TSW%20Episode%2021.mp4?dl=0…
Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place. Links: Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/…
Domain fronting is a technique used to mask command and control (C2) traffic. It is possible for C2 channels to be proxied through CDN's like Cloudfront to make it appear like normal Internet traffic. It is very difficult to detect and block for defenders as it appears as if clients on a network are connecting to valid CDN domains. But, in reality it is transporting a command and control channel. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) is joined by Ralph May (@ralphte1) to talk about what domain fronting is and how to set it up using Cloudfront and PowerShell Empire. LINKS: https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/ https://signal.org/blog/doodles-stickers-censorship/ https://www.securityartwork.es/2017/01/24/camouflage-at-encryption-layer-domain-fronting/ https://trac.torproject.org/projects/tor/wiki/doc/meek http://bryceboe.com/2012/03/12/bypassing-gogos-inflight-internet-authentication/ Full Show Notes: https://wiki.securityweekly.com/TS_Episode18…
1 Cracking Password Hashes Efficiently - Tradecraft Security Weekly #17 16:00
16:00 나중에 재생 나중에 재생 리스트 좋아요 좋아요16:00
나중에 재생 나중에 재생 리스트 좋아요 좋아요If you are a penetration tester password cracking is something you will inevitably do. On most engagements we typically don't have months on end to crack passwords. In an effort to help be more efficient in your cracking techniques Beau Bullock (@dafthack) describes various ways to streamline your approach to cracking in episode 17 of Tradecraft Security Weekly. LINKS: Beau's blog post on password cracking - http://www.dafthack.com/blog/howtocrackpasswordhashesefficiently Hashcat Hash Examples - https://hashcat.net/wiki/doku.php?id=example_hashes…
1 Automating Screenshots to Quickly Assess Many WebApps - Tradecraft Security Weekly #12 9:29
9:29 나중에 재생 나중에 재생 리스트 좋아요 좋아요9:29
나중에 재생 나중에 재생 리스트 좋아요 좋아요On penetration tests we are often-times faced with very large external or internal attack surfaces that are made up of multiple web applications. When there is a need to assess thousands of webapps quickly manually navigating each page with a browser would be very inefficient. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) details how to automatically screenshot multiple web applications for quick analysis. Full Show Notes: https://wiki.securityweekly.com/TS_Episode12 LINKS: EyeWitness - https://github.com/ChrisTruncer/EyeWitness Rawr - https://bitbucket.org/al14s/rawr/wiki/Home httpscreenshot - https://github.com/breenmachine/httpscreenshot Peeping Tom - https://bitbucket.org/LaNMaSteR53/peepingtom/ PowerWebShot - https://github.com/dafthack/PowerWebShot…
1 Situational Awareness with HostRecon - Tradecraft Security Weekly #7 11:00
11:00 나중에 재생 나중에 재생 리스트 좋아요 좋아요11:00
나중에 재생 나중에 재생 리스트 좋아요 좋아요After exploiting a system on a remote & unfamiliar network it is extremely important to gain situational awareness as quickly, and quietly as possible. This will help ensure success moving forward with other attacks. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) will show how to use PowerShell to query information about the current computer, user, and domain to avoid running built-in commands like 'net', 'ipconfig', or 'netstat'. LINKS: HostRecon: https://github.com/dafthack/HostRecon More on HostRecon: https://www.blackhillsinfosec.com/?p=5824…
1 Windows Privilege Escalation Techniques - Tradecraft Security Weekly #2 11:11
11:11 나중에 재생 나중에 재생 리스트 좋아요 좋아요11:11
나중에 재생 나중에 재생 리스트 좋아요 좋아요 1 Meterpreter with Categorized Domains & Trusted Certs - Tradecraft Security Weekly #4 12:06
12:06 나중에 재생 나중에 재생 리스트 좋아요 좋아요12:06
나중에 재생 나중에 재생 리스트 좋아요 좋아요It is common for organizations to proxy web traffic so they can place restrictions on what websites can be visited by employees. To make the management of allowing or denying access to a large number of sites easier many web proxies utilize categorization engines to group sites into various subjects. Uncategorized sites are generally blocked. In this episode I show how it's easy to locate recently expired domains that have been categorized already, and can be utilized to get past web proxy filters. Additionally, I show how easy it is to set up a trusted certificate on the payload handler to encrypt the session using a custom cert. Links: DomainHunter - https://github.com/minisllc/domainhunter Brian Fehrman Blog Post - http://www.blackhillsinfosec.com/?p=5831…
1 Attacking Exchange/OWA to Gain Access to AD Accounts - Tradecraft Security Weekly #3 12:39
12:39 나중에 재생 나중에 재생 리스트 좋아요 좋아요12:39
나중에 재생 나중에 재생 리스트 좋아요 좋아요Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Security Weekly episode Beau Bullock (@dafthack) demonstrates how to utilize MailSniper to enumerate internal domains, enumerate usernames, perform password spraying attacks, and get the global address list from Exchange and Office365 portals. Links: MailSniper - https://github.com/dafthack/MailSniper…
1 Public File Metadata Analysis - Tradecraft Security Weekly #1 11:18
11:18 나중에 재생 나중에 재생 리스트 좋아요 좋아요11:18
나중에 재생 나중에 재생 리스트 좋아요 좋아요Public File Metadata Analysis with PowerMeta - It is very common for organizations to post files (docx, pdf, xlsx, etc.) to publicly available websites on the Internet. Often times these organizations have not taken the time to strip the metadata attached to these files. This leaves the potential for remote attackers to discover sensitive information from them including usernames, software used to create them, or system names. In this episode Beau demonstrates a PowerShell tool called PowerMeta that can be used to discover these files on a target site and extract the metadata from them. PowerMeta: https://github.com/dafthack/PowerMeta Strip Word Docs of Metadata: https://support.office.com/en-us/article/Remove-hidden-data-and-personal-information-by-inspecting-documents-356b7b5d-77af-44fe-a07f-9aa4d085966f Strip PDFs of Metadata: https://blog.joshlemon.com.au/protecting-your-pdf-files-and-metadata/ Strip Photos of Metadata: http://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/…
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
Daily Deals
Daily Deals
Daily Deals
Tradecraft Security Weekly (Audio)와 비슷한 콘텐츠
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
