New threats emerge faster than any security team can fight them, which is why implementing an always-on vulnerability disclosure program (VDP) is not just a wise decisionβit’s becoming a standard practice mandated by government regulations and global compliance frameworks. Having a VDP openly demonstrates your organization’s commitment to security, showcasing transparency, accountability, and a proactive approach to safeguarding your systems.
Category: Youtube
This malware development tutorial delves into the fundamentals of C programming, focusing specifically on data types and code workflow essential for creating malicious software.
By examining how key C programming concepts such as primitive data types, memory allocation, and control structures are used in malware, viewers will gain a solid understanding of how low-level operations are manipulated to achieve malicious outcomes. Whether you’re a beginner in malware development or looking to enhance your skills in C programming, this tutorial provides valuable insights into the techniques used to craft and execute malware efficiently.
SUPPORT MY WORK BY BECOMMING PATREON
—————————————————
https://patreon.com/Lsecqt
β οΈ DISCLAIMER: This video is for educational purposes only. The techniques demonstrated are intended solely for ethical hacking and lawful security testing on systems where you have explicit permission. Always follow legal guidelines and obtain proper authorization before conducting any security tests.
If you’re interested in deepening your knowledge of cybersecurity, ethical hacking, or just want to see what goes into creating a powerful C2 agent, this stream is for you! Donβt forget to like, comment, and subscribe for more content on ethical hacking, penetration testing, and advanced cybersecurity topics.
FOLLOW ME
—————————————————
Patreon: https://patreon.com/Lsecqt
Twitter: https://twitter.com/lsecqt
Twitch: https://www.twitch.tv/lsecqt
Reddit: https://www.reddit.com/user/lsecqt
Medium: https://medium.com/@lsecqt
Support my Work: https://www.buymeacoffee.com/lsecqt
Red Teaming Army Discord Server: https://discord.gg/dWCe5ZMvtQ Red Teaming Army Blog: https://lsecqt.github.io/Red-Teaming-Army/
Red Teaming Army Blog: https://lsecqt.github.io/Red-Teaming-Army/
malware development
maldev
creating c2 agent
coding malware
hacking
ethical hacking
#EthicalHacking #MythicC2 #MalwareDevelopment #RedTeam #Cybersecurity #C2Agent #PenetrationTesting #LiveCoding
In part 05, we continue to our deep dive into Lockbit’s runtime-linking. In this video, you’ll see how Lockbit uses the DLL name to create a seed. This seed is used in the actual computation of the API name, which is a twist on a standard malware technique. You’ll see how this technique is used and I’ll discuss the broader impact it has on your reversing efforts.
Join this channel to get access to perks:
https://www.youtube.com/channel/UCI8zwug_Lv4_-KPT62oeDUA/join
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
π Courses on Pluralsight ππ» https://www.pluralsight.com/authors/josh-stroschein
πΆοΈ YouTube ππ» Like, Comment & Subscribe!
ππ» Support my work ππ» https://patreon.com/JoshStroschein
π Follow me ππ» https://twitter.com/jstrosch, https://www.linkedin.com/in/joshstroschein/
βοΈ Tinker with me on Github ππ» https://github.com/jstrosch
π€ Join the Discord community and more ππ» https://www.thecyberyeti.com
0:30 Finding the image_base
1:25 Parsing the image dos header
3:36 DATA Directories
5:30 The IMAGE_EXPORT_DIRECTORY
6:40 AddressOf*
8:21 Checksum from a DLL name – where the seeds come from
9:15 Brief note on the UNICODE structure
β¬οΈ OPEN FOR LINKS TO ARTICLES TO LEARN MORE β¬οΈ
@endingwithali β
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? [email protected]
[β] Join the Patreonβ https://patreon.com/threatwire
00:00 0 – INTRO
00:12 1 – Rabbits vs Hackers
04:57 2 – Polyfill Supply Chain Attack
07:16 3 – OpenSSH RCE Found
09:08 4 – OUTRO
LINKS
π Story 1: Rabbits vs Hackers
https://rabbitu.de/articles
https://x.com/xyz3va/status/1801201370843750708
https://www.rabbit.tech/security-investigation-062524
π Story 2: Polyfill Supply Chain Attack
https://sansec.io/research/polyfill-supply-chain-attack
https://x.com/triblondon/status/1761852117579427975
https://web.archive.org/web/20240625212549/https://github.com/formatjs/formatjs/issues/4363
https://web.archive.org/web/20240229113710/https://github.com/polyfillpolyfill/polyfill-service/issues/2834
π Story 3: OpenSSH RCE Found
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://www.openssh.com/releasenotes.html
https://github.com/acrono/cve-2024-6387-poc
—–β—–β—–β—–β—–β—–β—–β—–β—–β—–β
Our Site β https://www.hak5.org
Shop β http://hakshop.myshopify.com/
Community β https://www.hak5.org/community
Subscribe β https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support β https://www.patreon.com/threatwire
Contact Us β http://www.twitter.com/hak5
____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community β where all hackers belong.
Let’s explore the “most exciting” CPU vulnerability affecting Zen2 CPUs from AMD.
Watch part 1 about fuzzing: https://www.youtube.com/watch?v=neWc0H1k2Lc
buy my font (advertisement): https://shop.liveoverflow.com/
This video is sponsored by Google: https://security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html
Original Zenbleed Writeup: https://lock.cmpxchg8b.com/zenbleed.html
Grab the code: https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed
cvtsi2ss: https://www.felixcloutier.com/x86/cvtsi2ss.html
AMD Security Bulletin: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
RIDL Video: https://www.youtube.com/watch?v=x_R1DeZxGc0
Tavis Ormandy: https://twitter.com/taviso
Chapters:
00:00 – Intro
02:27 – zenleak.asm Patterns
03:56 – The C Exploit Code
05:20 – Assembly Generation with Compiler Preprocessor
07:40 – What are XMM and YMM Registers?
11:56 – Zenbleed: Trigger Merge Optimization
14:28 – Register File & Register Allocation Table
16:39 – Register Renaming
17:55 – Speculative Execution
18:55 – vzeroupper and SSE & AVX History
21:22 – Zenbleed Explanation
23:55 – How to fix Zenbleed?
=[ β€οΈ Support ]=
β per Video: https://www.patreon.com/join/liveoverflow
β per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ π Social ]=
β Twitter: https://twitter.com/LiveOverflow/
β Streaming: https://twitch.tvLiveOverflow/
β TikTok: https://www.tiktok.com/@liveoverflow_
β Instagram: https://instagram.com/LiveOverflow/
β Blog: https://liveoverflow.com/
β Subreddit: https://www.reddit.com/r/LiveOverflow/
β Facebook: https://www.facebook.com/LiveOverflow/
Just how simple can a web server be? Laurence Tratt, Shopify / Royal Academy of Engineering Research Chair in Language Engineering at Kings College London builds it up.
More about Laurie: https://bit.ly/C_LaurenceTratt
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: https://bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran’s Numberphile. More at https://www.bradyharanblog.com
Thank you to Jane Street for their support of this channel. Learn more: https://www.janestreet.com
// Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: https://www.youtube.com/channel/UC1szFCBUWXY3ESff8dJjjzw/join
// Courses //
Full Ethical Hacking Course: https://www.udemy.com/course/full-web-ethical-hacking-course/
Full Web Ethical Hacking Course: https://www.udemy.com/course/full-web-ethical-hacking-course/
Full Mobile Hacking Course: https://www.udemy.com/course/full-mobile-hacking-course/
// Books //
Kali Linux Hacking: https://amzn.to/3IUXaJv
Linux Basics for Hackers: https://amzn.to/3EzRPV6
The Ultimate Kali Linux Book: https://amzn.to/3m7cutD
// Social Links //
Website: https://www.loiliangyang.com
Facebook: https://www.facebook.com/Loiliangyang/
Instagram: https://www.instagram.com/loiliangyang/
LinkedIn: https://www.linkedin.com/in/loiliangyang/
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.
Learn more about IBM SkillsBuild β https://skillsbuild.org/
The role of AI in the classroom is evolving rapidly. When students and teachers embrace this technology, it has the ability to democratize access to education through programs like IBM SkillsBuild.
In this episode of Smart Talks with IBM, Dr. Laurie Santos, host of Pushkinβs The Happiness Lab podcast, spoke with two innovators in the space. Justina Nixon-Saintil is Vice President and Chief Impact Officer, IBM Corporate Social Responsibility, and April Dawson is an Associate Dean of Technology and Innovation and a professor of law. They discuss the importance of lifelong learning, upskilling, and the ethical implications of AI in education.
AI news moves fast. Sign up for a monthly newsletter for AI updates from IBM. β AI news moves fast. Sign up for a monthly newsletter for AI updates from IBM β https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120
This is a paid advertisement from IBM. The conversations on this podcast don’t necessarily represent IBM’s positions, strategies or opinions.
I started with zero AWS knowledge and went on to achieving all 12 AWS certifications, earning the coveted AWS Golden Jacket. But let me tell you, it wasnβt all smooth sailing β there were plenty of challenges and unknowns that I wish Iβd known earlier. In this video, Iβll share 5 tips to help you avoid those pitfalls, from navigating tricky exam domains to managing AWS services hands-on. If youβre tired of feeling overwhelmed or unsure about where to start, stick around β Iβve got a bonus tip at the end that could be your secret weapon for AWS certification success!
// Courses //
Full Ethical Hacking Course: https://www.udemy.com/course/full-web-ethical-hacking-course/
Full Web Ethical Hacking Course: https://www.udemy.com/course/full-web-ethical-hacking-course/
Full Mobile Hacking Course: https://www.udemy.com/course/full-mobile-hacking-course/
Watch the full episode β https://youtu.be/FnO6TD9LtPY
Navigating the world of cybersecurity education can be overwhelming. With so many certifications, academic programs, and free resources, it’s easy to get lost. But how do you find the right path without breaking the bank or wasting time?
Join us for a live AMA with cybersecurity experts Ryan Chapman and Aaron Rosenumd. They’ll discuss everything from online training platforms and in-person options like Pluralsight and SANS to advanced PhD programs. Have questions about specific certifications, academic paths, or free resources? Ask away!
Don’t miss this chance to get expert advice and learn how to make the most of your cybersecurity education. Subscribe, like, and share to stay updated on the latest cybersecurity news and insights.”
Thieves stole NFTs with Instagram
#cybersecurity #scam #NFT #crypto #podcast
Listen to the full episode π How to Protect Your Crypto Assets From Thieves
DESCRIPTION BOX
β¬οΈ OPEN FOR LINKS TO ARTICLES TO LEARN MORE β¬οΈ
@endingwithali β
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? [email protected]
[β] Join the Patreonβ https://patreon.com/threatwire
0:00 0 – Intro
00:08 1 – Scattered Spider Arrest
00:28 2 – Furry Hacker Are Back
01:21 3 – CVE Of the Week
01:38 4 – CrowdStrike
07:29 – Outro
LINKS
π Story 1: Scattered Spider Arrest
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/alphv-hackers-reveal-details-of-mgm-cyber-attack/
https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html
π Story 2: Furry Hacker Are Back
https://deadline.com/2024/07/disney-investigating-hack-of-internal-slack-channnels-1236011145/
https://nullbulge.se/ (TW: inappropriate anthropomorphic furry artwork )
https://simple.wikipedia.org/wiki/Tebibyte
π Story 3: CVE Of the Week
https://www.redthreatsec.com/blog/give-me-the-green-light-part2-dirty-little-secrets
π Story 4: CrowdStrike
The Technicals
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://x.com/troyhunt/status/1814174010202345761
https://x.com/_JohnHammond/status/1814188265756393698
The Cybersecurity Fallout
https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html
The Social Fallout
https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
https://www.reuters.com/business/autos-transportation/tesla-halted-some-production-lines-due-global-it-outage-business-insider-reports-2024-07-19/
https://www.beckershospitalreview.com/cybersecurity/worse-than-a-cyberattack-10-notes-on-the-microsoft-crowdstrike-it-outage.html
https://www.cnet.com/tech/services-and-software/microsoft-crowdstrike-outage-causes-chaos-for-flights-hospitals-and-businesses-globally/
Thank you to @ludandschlattsmusicalempor6746 for the music !
—–β—–β—–β—–β—–β—–β—–β—–β—–β—–β
Our Site β https://www.hak5.org
Shop β http://hakshop.myshopify.com/
Community β https://www.hak5.org/community
Subscribe β https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support β https://www.patreon.com/threatwire
Contact Us β http://www.twitter.com/hak5
____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community β where all hackers belong.
Not every security issues can be fixed. There exist (what I call) “unfixable” bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money!
Buy my terrible font (ad): https://shop.liveoverflow.com
Learn hacking (ad): https://hextree.io
What is a vulnerability? https://www.youtube.com/watch?v=866olNIzbrk
hackerone reports:
https://hackerone.com/reports/812754
https://hackerone.com/reports/6883
https://hackerone.com/reports/223337
https://hackerone.com/reports/819930
https://hackerone.com/reports/224460
https://hackerone.com/reports/160109
https://hackerone.com/reports/557154
OWASP: https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks
Chapters:
00:00 – Intro
00:30 – Denial of Service with loooong passwords
03:18 – Invalid vs. Valid DoS Reports
05:11 – Deployment Differences
06:54 – Denial of Service vs. Bruteforce Protection
09:27 – IP Rate-Limiting “fix”
12:06 – Locking User Accounts?
13:59 – The Circle of Unfixable Security Issues
15:25 – Vulnerability vs. Weakness
16:49 – The Cybersecurity Industry
19:03 – Conclusion: Cybersecurity vs. Hacking
21:34 – Outro
=[ β€οΈ Support ]=
β per Video: https://www.patreon.com/join/liveoverflow
β per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ π Social ]=
β Twitter: https://twitter.com/LiveOverflow/
β Streaming: https://twitch.tvLiveOverflow/
β TikTok: https://www.tiktok.com/@liveoverflow_
β Instagram: https://instagram.com/LiveOverflow/
β Blog: https://liveoverflow.com/
β Subreddit: https://www.reddit.com/r/LiveOverflow/
β Facebook: https://www.facebook.com/LiveOverflow/
From simple rules, complex ‘organisms’ can emerge. PhD candidate Zachariah Garby has been studying the papers to find out what it’s all about.
This was formerly called: Digital Plants (L-Systems)
EXTRA BITS: https://youtu.be/oFqbVJm8gw0
Zac’s code: https://bit.ly/C_Zac_L-systems
https://www.facebook.com/computerphile
https://twitter.com/computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: https://bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran’s Numberphile. More at https://www.bradyharanblog.com
Thank you to Jane Street for their support of this channel. Learn more: https://www.janestreet.com