Forwarded from BlackBox (Security) Archiv
Web Security and Web Hacking for Beginners
Welcome to the course on “Web Security and Web Hacking for Beginners”. This course is designed for beginners who wants to start their journey in web security and web hacking.
👉🏼 Part 1 (Introduction - 4 videos)
👉🏼 Part 2 (Deeper understanding of Web Security - 2 videos)
👉🏼 Part 3 (Various attacks on Web Security - 9 videos)
👉🏼 Part 4 (Conclusion - 1 video)
💡Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you don’t have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you don’t miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Welcome to the course on “Web Security and Web Hacking for Beginners”. This course is designed for beginners who wants to start their journey in web security and web hacking.
👉🏼 Part 1 (Introduction - 4 videos)
👉🏼 Part 2 (Deeper understanding of Web Security - 2 videos)
👉🏼 Part 3 (Various attacks on Web Security - 9 videos)
👉🏼 Part 4 (Conclusion - 1 video)
💡Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you don’t have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you don’t miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
Hackers have broken into Verkada, a popular surveillance and facial recognition camera company, and managed to access live feeds of thousands of cameras across the world, as well as siphon a Verkada customer list. The breach shows the astonishing reach of facial recognition-enabled cameras in ordinary workplaces, bars, parking lots, schools, stores, and more.
The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the "organization name" column. Verkada's cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.
"It's so abysmal," Tillie Kottman, one of the hackers claiming responsibility, told Motherboard in an online chat, referring to the ease of access to the cameras once they discovered a username and password online. Bloomberg first reported the news of the breach on Tuesday, and reported that the hackers had managed to access live video feeds from companies such as Tesla and Cloudflare, as well as jails and hospitals.
https://www.vice.com/en/article/wx83bz/verkada-hacked-facial-recognition-customers
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
#US #face #recognition #surveillance #privacy #hacker #hacking
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
Hackers have broken into Verkada, a popular surveillance and facial recognition camera company, and managed to access live feeds of thousands of cameras across the world, as well as siphon a Verkada customer list. The breach shows the astonishing reach of facial recognition-enabled cameras in ordinary workplaces, bars, parking lots, schools, stores, and more.
The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the "organization name" column. Verkada's cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.
"It's so abysmal," Tillie Kottman, one of the hackers claiming responsibility, told Motherboard in an online chat, referring to the ease of access to the cameras once they discovered a username and password online. Bloomberg first reported the news of the breach on Tuesday, and reported that the hackers had managed to access live video feeds from companies such as Tesla and Cloudflare, as well as jails and hospitals.
https://www.vice.com/en/article/wx83bz/verkada-hacked-facial-recognition-customers
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
#US #face #recognition #surveillance #privacy #hacker #hacking
Vice
Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
0xor0ne@infosec.exchange - Very cool research on Laser-Based Audio Injection on Voice-Controllable Systems
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
Testing a new encrypted messaging app's extraordinary claims – https://crnkovic.dev/testing-converso/
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso
#exploit #encryptedMessenger #Converso #hacking #SoftwareBreach
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso
#exploit #encryptedMessenger #Converso #hacking #SoftwareBreach
Awesome Cellular Hacking – Curated List - Woot3k /Github
#Cellular #Hacking
Awesome-Cellular-Hacking
Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community's knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers.
The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet - making it less accessible, and harder to find. Feel free to email me any document or link to add.#Cellular #Hacking
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away | Ars Technica –
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED – https://eprint.iacr.org/2023/923
#Hacking #Crypto #mobile
Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.
The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm.Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED – https://eprint.iacr.org/2023/923
#Hacking #Crypto #mobile
PhoneSploit Pro
https://github.com/AzeemIdrisi/PhoneSploit-Pro
#kali #nethunter #hacking #Metasploit #Android #ADB
An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework.
https://github.com/AzeemIdrisi/PhoneSploit-Pro
#kali #nethunter #hacking #Metasploit #Android #ADB
Ransomware Hackers Steal Millions From Vegas Casinos | Mental Outlaw
In this video I discuss how MGM and Cesar's Entertainment Resort/Casinos were hacked by a ransomware group and had sensitive customer data and company data exfiltrated from their servers. So far Cesar's Entertainment has paid half of the 30 million dollar to keep files from being released by MGM has paid nothing and the hackers are threatening to ruin MGM's reputation with a data leak
#Hacking #Casino #LasVegas
#Ransomware
In this video I discuss how MGM and Cesar's Entertainment Resort/Casinos were hacked by a ransomware group and had sensitive customer data and company data exfiltrated from their servers. So far Cesar's Entertainment has paid half of the 30 million dollar to keep files from being released by MGM has paid nothing and the hackers are threatening to ruin MGM's reputation with a data leak
#Hacking #Casino #LasVegas
#Ransomware
Media is too big
VIEW IN TELEGRAM
How Sim Swap Hackers Steal Millions | Mental Outlaw
In this video I explain how hackers are able to steal millions of dollars and access sensitive data in peoples accounts that are secured with #SMS 2 factor authentication and how you can defend yourself from sim swapping attacks by using 2 factor authentication
#Hacking #Hackers #Sim #2fA
In this video I explain how hackers are able to steal millions of dollars and access sensitive data in peoples accounts that are secured with #SMS 2 factor authentication and how you can defend yourself from sim swapping attacks by using 2 factor authentication
#Hacking #Hackers #Sim #2fA
Media is too big
VIEW IN TELEGRAM
Iridium Satellite Decoding Part 2: The Tutorial That Goes Over Your Head, Literally!
Recently I experienced an influx of emails in my inbox requesting help with Iridium decoding. So, I thought I would throw together a one or two part series on how to get started with receiving L-band signals from Iridium satellites using relatively cheap hardware and a couple of free software tools for Linux.
Iridium! It is a low earth orbiting constellation of communication satellites providing voice and data services to the surface of the Earth. Typical applications of the Iridium network are satellite phones and internet connectivity for aircraft and marine vessels.
Towards the end of the video, I demonstrate the ability to decode Iridium voice and SMS transmissions. But, be sure to watch the entire video, because there is heaps of other cool data we can extract with Iridium-Toolkit!
SOFTWARE: DragonOS FocalX R35 - Iridium-Toolkit - PyPy3- GoogleEarth- #Wireshark/#TShark
#Iridium #Interception #Hacking #LBand
Recently I experienced an influx of emails in my inbox requesting help with Iridium decoding. So, I thought I would throw together a one or two part series on how to get started with receiving L-band signals from Iridium satellites using relatively cheap hardware and a couple of free software tools for Linux.
Iridium! It is a low earth orbiting constellation of communication satellites providing voice and data services to the surface of the Earth. Typical applications of the Iridium network are satellite phones and internet connectivity for aircraft and marine vessels.
Towards the end of the video, I demonstrate the ability to decode Iridium voice and SMS transmissions. But, be sure to watch the entire video, because there is heaps of other cool data we can extract with Iridium-Toolkit!
SOFTWARE: DragonOS FocalX R35 - Iridium-Toolkit - PyPy3- GoogleEarth- #Wireshark/#TShark
#Iridium #Interception #Hacking #LBand
Forwarded from 🇵🇸 Automated Apartheid in Palestine
🇵🇸 Here’s how a collective of tech professionals shut down the Israeli army’s extortion website — twice | Mondoweiss
An international collective called The Zionism Observer, took down an IDF extortion website and reverse-engineered its evacuation map website. And it was easier than you might think.
In May this year, as part of its psychological torture campaign on the Palestinians of Gaza, Israel’s army rained down yet another batch of leaflets on the besieged population of Gaza. The leaflets stood out for many reasons, but most of all for the extortion website associated with them.
The Zionism Observer collective, made up of software developers, cartographers, translators, and archivists, traced the website’s registrar to NameCheap and the hosting service to Webflow. They immediately lodged a complaint with both companies.
Webflow removed the IDF’s extortion website within 24 hours.
https://zionism.observer/
#Gaza #Genocide #Hacking #Website #Leaflets #ZionismObserver
An international collective called The Zionism Observer, took down an IDF extortion website and reverse-engineered its evacuation map website. And it was easier than you might think.
In May this year, as part of its psychological torture campaign on the Palestinians of Gaza, Israel’s army rained down yet another batch of leaflets on the besieged population of Gaza. The leaflets stood out for many reasons, but most of all for the extortion website associated with them.
The Zionism Observer collective, made up of software developers, cartographers, translators, and archivists, traced the website’s registrar to NameCheap and the hosting service to Webflow. They immediately lodged a complaint with both companies.
Webflow removed the IDF’s extortion website within 24 hours.
https://zionism.observer/
#Gaza #Genocide #Hacking #Website #Leaflets #ZionismObserver