Самая большая подборка видео, посвященных поиску и эксплуатации уязвимостей в современных автомобильных системах. В системах бесключевого доступа (когда ты с помощью брелка можешь открыть двери, багажник или запустить двигатель), мультимедийных системах и сигнализациях. Некоторые из них могут помочь реализовать слежку за владельцем машины, угнать его автомобиль или устроить аварию.
— Bluetooth Low Energy Link Layer Relay Attack on a Tesla
— CANSECWEST 2021: Tbone Drone vs Tesla
— I Hacked Into My Own Car
— COSIC researchers hack Tesla Model X key fob
— Analysis and Defense of Automotive Networks
— Phantom of the ADAS: Phantom Attacks on Driving Assistance Systems
— Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars
— Thieves caught using keyless hack to steal £90,000 Tesla in 30 seconds
— What REALLY happens when you sync your phone in a car
— Exploiting fitted car alarms that have insecure apps
— Car Infotainment Hacking Methodology, Attack Surfaces
— Def Con 26 Car Hacking Village - CANT Tool
— vRS Rolling Code bypass preview
— Tesla Model X Hack
— Elon Musk's view on Automotive Cyber-security
— Tesla CAN bus data logging
— How to steal a Tesla? (Uses fake WiFi hotspot and apps.)
— Canspy: A Platform for Auditing Can Devices
— Andy Davis & David Claire - Vehicle cyber security and innovative assessment techniques
— Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT
— Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab
— DEF CON 24 - Jianhao Liu, Chen Yan, Wenyuan Xu - Can You Trust Autonomous Vehicles?
— CAN Denial-of-Service Attack Demo on the Giulietta
— CANtact: An Open Tool for Automotive Exploitation
— State Of Automotive Cyber Safety - IATC - Joshua Corman
— Hacking a Car with an Ex-NSA Hacker: CYBERWAR
— Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab
— Hacking the Mitsubishi Outlander PHEV SUV
— The Current State of Automotive Security
— High-tech car theft: How to hack a car (CBC Marketplace)
— SAE Cyber Auto Challenge Webinar
— README 1st - Open Garages
— DEF CON 23 - Vehicle Hacking Village - Josh Corman - Safer Sooner Automotive Cyber Safety
— DEF CON 23 - Samy Kamkar - Drive it like you Hacked it: New Attacks and Tools to Wireless
— DEF CON 23 - Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S
— DEF CON 23 - Vehicle Hacking Village - Eric Evenchick - SocketCAN
— DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle
— Ford Focus ECU fuzzing at DEFCON 23 Car Hacking Village
— IATC - State of Automotive Cyber Safety - Josh Corman
— OwnStar - hacking cars with OnStar to locate, unlock and remote start vehicles
— Glitch allows hackers to control your car
— Hackers Remotely Kill a Jeep on the Highway—With Me in It
— Hopping on the CAN Bus introduces CANard by Eric Evenchick at Black Hat Asia 2015
— Car Hacking by UCSD
— DEF CON 22 - Charlie Miller & Chris Valasek - A Survey of Remote Automotive Attack Surfaces
— Car Automation with your Android Phone: OBDLink LX
— 2014 Connected Car Expo: Automotive Cybersecurity: A frank discussion.
— Another Korean car hacking demo.
— Black Hat USA 2014 - Embedded: A Survey of Remote Automotive Attack Surfaces
— Your car is a giant computer - and it can be hacked
— How to Hack a Car: Phreaked Out
— Vehicle Forensics - The Data Beyond the Dashboard
— Mazda RX8 CAN bus control demo of the instrument cluster
— DEF CON 21 - Charlie Miller and Chris Valasek - Adventures in Automotive Networks and Control Units
— Ford wants you to join it in hacking car software and hardware
— Two experts demonstrate carjacking gone digital
— Automotive Consortium for Embedded Security
— Digital Carjackers Show Off New Attacks
— Decoding CAN bus frames on a Toyota internal bus with SocketCAN and Linux
— Luxury car theft
— Malicious App to Control a Car (Korean)
— DARPA PM Kathleen Fisher, High Assurance Systems
— iDriver - iPhone remote controlled car
— Bluetooth Low Energy Link Layer Relay Attack on a Tesla
— CANSECWEST 2021: Tbone Drone vs Tesla
— I Hacked Into My Own Car
— COSIC researchers hack Tesla Model X key fob
— Analysis and Defense of Automotive Networks
— Phantom of the ADAS: Phantom Attacks on Driving Assistance Systems
— Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars
— Thieves caught using keyless hack to steal £90,000 Tesla in 30 seconds
— What REALLY happens when you sync your phone in a car
— Exploiting fitted car alarms that have insecure apps
— Car Infotainment Hacking Methodology, Attack Surfaces
— Def Con 26 Car Hacking Village - CANT Tool
— vRS Rolling Code bypass preview
— Tesla Model X Hack
— Elon Musk's view on Automotive Cyber-security
— Tesla CAN bus data logging
— How to steal a Tesla? (Uses fake WiFi hotspot and apps.)
— Canspy: A Platform for Auditing Can Devices
— Andy Davis & David Claire - Vehicle cyber security and innovative assessment techniques
— Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT
— Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab
— DEF CON 24 - Jianhao Liu, Chen Yan, Wenyuan Xu - Can You Trust Autonomous Vehicles?
— CAN Denial-of-Service Attack Demo on the Giulietta
— CANtact: An Open Tool for Automotive Exploitation
— State Of Automotive Cyber Safety - IATC - Joshua Corman
— Hacking a Car with an Ex-NSA Hacker: CYBERWAR
— Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab
— Hacking the Mitsubishi Outlander PHEV SUV
— The Current State of Automotive Security
— High-tech car theft: How to hack a car (CBC Marketplace)
— SAE Cyber Auto Challenge Webinar
— README 1st - Open Garages
— DEF CON 23 - Vehicle Hacking Village - Josh Corman - Safer Sooner Automotive Cyber Safety
— DEF CON 23 - Samy Kamkar - Drive it like you Hacked it: New Attacks and Tools to Wireless
— DEF CON 23 - Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S
— DEF CON 23 - Vehicle Hacking Village - Eric Evenchick - SocketCAN
— DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle
— Ford Focus ECU fuzzing at DEFCON 23 Car Hacking Village
— IATC - State of Automotive Cyber Safety - Josh Corman
— OwnStar - hacking cars with OnStar to locate, unlock and remote start vehicles
— Glitch allows hackers to control your car
— Hackers Remotely Kill a Jeep on the Highway—With Me in It
— Hopping on the CAN Bus introduces CANard by Eric Evenchick at Black Hat Asia 2015
— Car Hacking by UCSD
— DEF CON 22 - Charlie Miller & Chris Valasek - A Survey of Remote Automotive Attack Surfaces
— Car Automation with your Android Phone: OBDLink LX
— 2014 Connected Car Expo: Automotive Cybersecurity: A frank discussion.
— Another Korean car hacking demo.
— Black Hat USA 2014 - Embedded: A Survey of Remote Automotive Attack Surfaces
— Your car is a giant computer - and it can be hacked
— How to Hack a Car: Phreaked Out
— Vehicle Forensics - The Data Beyond the Dashboard
— Mazda RX8 CAN bus control demo of the instrument cluster
— DEF CON 21 - Charlie Miller and Chris Valasek - Adventures in Automotive Networks and Control Units
— Ford wants you to join it in hacking car software and hardware
— Two experts demonstrate carjacking gone digital
— Automotive Consortium for Embedded Security
— Digital Carjackers Show Off New Attacks
— Decoding CAN bus frames on a Toyota internal bus with SocketCAN and Linux
— Luxury car theft
— Malicious App to Control a Car (Korean)
— DARPA PM Kathleen Fisher, High Assurance Systems
— iDriver - iPhone remote controlled car
YouTube
NCC Group Demo Bluetooth Low Energy Link Layer Relay Attack on Tesla Model Y
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
https://github.com/cure53/HTTPLeaks/
This project aims to enumerate all possible ways, a website can leak HTTP requests. In one single HTML file.
Для эксфильтрации данных в обход CSP
This project aims to enumerate all possible ways, a website can leak HTTP requests. In one single HTML file.
Для эксфильтрации данных в обход CSP
GitHub
GitHub - cure53/HTTPLeaks: HTTPLeaks - All possible ways, a website can leak HTTP requests
HTTPLeaks - All possible ways, a website can leak HTTP requests - cure53/HTTPLeaks
[$165,174] Hacking into Google's Network for $133,337 by LiveOverflow
[$107,500] Turning Google smart speakers into wiretaps for $100k by Matt Kunze
[$58,837] Google Cloud Platform vulnerabilities - BugSWAT by Ezequiel Pereira
[$70,000] Accidental $70k Google Pixel Lock Screen Bypass by David Schütz
[$36,337] $36k Google App Engine RCE by Ezequiel Pereira
[$31,337] $31,337 Google Cloud blind SSRF + HANDS-ON labs by Bug Bounty Reports Explained
[$30,000] The mass CSRFing of *.google.com/* products.* by Missoum Said
https://github.com/xdavidhu/awesome-google-vrp-writeups
Репозиторий со всеми disclosed багами, которые заносили в баунти гугла.
[$107,500] Turning Google smart speakers into wiretaps for $100k by Matt Kunze
[$58,837] Google Cloud Platform vulnerabilities - BugSWAT by Ezequiel Pereira
[$70,000] Accidental $70k Google Pixel Lock Screen Bypass by David Schütz
[$36,337] $36k Google App Engine RCE by Ezequiel Pereira
[$31,337] $31,337 Google Cloud blind SSRF + HANDS-ON labs by Bug Bounty Reports Explained
[$30,000] The mass CSRFing of *.google.com/* products.* by Missoum Said
https://github.com/xdavidhu/awesome-google-vrp-writeups
Репозиторий со всеми disclosed багами, которые заносили в баунти гугла.
YouTube
Hacking into Google's Network for $133,337
In this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge about Google internals. We will learn about Google's Global Software…
BRUTEPRINT_Expose_Smartphone_Fingerprint.pdf
3.4 MB
Описание работы двух зиродеев от китайцев, позволяющих брутить и митмить отпечатки пальцев на смартфонах.
https://www.imdb.com/title/tt2201890/
magnet:?xt=urn:btih:6A4245BFAAFE9E3DEC4BC62078187504090619C0Первый сериал снятый в скринлайфе про варез, релизные группы и ФБР. Без нелепых хацкеров в капюшонах, вполне смотрибельный и сегодня.
IMDb
The Scene (TV Series 2004–2006) ⭐ 7.9 | Drama
The Scene: With Joe Testa, Dinarte de Freitas, Aaron Wilton, Kevin Kolack. Drosan is forced, by circumstances, to sell new movies before their release to commercial pirates in Asia.
— Allsafe
— InsecureShop
— OWASP: OMTG-Hacking-Playground
— Damn insecure and vulnerable App (DIVA)
— Damn-Vulnerable-Bank
— InjuredAndroid
— Damn Vulnerable Hybrid Mobile App (DVHMA)
— InsecureBankv2
— sievePWN
— Dodo vulnerable bank
— Android security sandbox
— OVAA (Oversecured Vulnerable Android App)
— SecurityShepherd
— OWASP-mstg
— Purposefully Insecure and Vulnerable Android Application (PIIVA)
— VulnDroid
— FridaLab
— Vuldroid
— DamnVulnerableCryptoApp
Подборка уязвимых Android приложений, чтобы потренироваться в анализе и научиться находить баги.
— InsecureShop
— OWASP: OMTG-Hacking-Playground
— Damn insecure and vulnerable App (DIVA)
— Damn-Vulnerable-Bank
— InjuredAndroid
— Damn Vulnerable Hybrid Mobile App (DVHMA)
— InsecureBankv2
— sievePWN
— Dodo vulnerable bank
— Android security sandbox
— OVAA (Oversecured Vulnerable Android App)
— SecurityShepherd
— OWASP-mstg
— Purposefully Insecure and Vulnerable Android Application (PIIVA)
— VulnDroid
— FridaLab
— Vuldroid
— DamnVulnerableCryptoApp
Подборка уязвимых Android приложений, чтобы потренироваться в анализе и научиться находить баги.
GitHub
GitHub - t0thkr1s/allsafe-android: Intentionally vulnerable Android application.
Intentionally vulnerable Android application. Contribute to t0thkr1s/allsafe-android development by creating an account on GitHub.
https://hackcompute.com/hacking-epp-servers/
Исследователи копнули в сторону EPP-протокола, по которому регистраторы доменов общаются с ccTLD-реестрами, и смогли скомпрометировать EPP-сервера, а вместе с ними и захватить зоны
Исследователи копнули в сторону EPP-протокола, по которому регистраторы доменов общаются с ccTLD-реестрами, и смогли скомпрометировать EPP-сервера, а вместе с ними и захватить зоны
.ai, .bj, .bw, .ci, .gl, .ke, .kn, .lb, .ly, .mr, .ms, .mz, .ng, .py, .rw, .so, .ss, .td, .zm, благодаря багам, что им удалось там найти.https://github.com/six2dez/reconftw
Один из лучших бесплатных оркестраторов для разведки и поиска уязвимостей.
Умеет автоматически собирать информацию о сервисе на наличие секретов, скрытых директорий, энпоинтов и виртуальных хостов.
После сбора данных, пытается эксплуатировать XSS, SSRF, SQLi, Prototype Pollution, SSTI, Open Redirect и другие популярные уязвимости, чтобы собрать по ним отчет.
Под капотом работают nuclei, sqlmap, katana, amass и другие сканеры. Интегрирован с axiom, благодаря чему можно распределить нагрузку на несколько серверов.
Один из лучших бесплатных оркестраторов для разведки и поиска уязвимостей.
Умеет автоматически собирать информацию о сервисе на наличие секретов, скрытых директорий, энпоинтов и виртуальных хостов.
После сбора данных, пытается эксплуатировать XSS, SSRF, SQLi, Prototype Pollution, SSTI, Open Redirect и другие популярные уязвимости, чтобы собрать по ним отчет.
Под капотом работают nuclei, sqlmap, katana, amass и другие сканеры. Интегрирован с axiom, благодаря чему можно распределить нагрузку на несколько серверов.
GitHub
GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of…
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities - six2dez/reconftw
breachforums.vc.sql
2.4 MB
База данных теневого форума с утечками Raidforums, одного из "наследников" BreachForums.
Утекла вчера.
Утекла вчера.
— CloudFoxable
— FLAWS
— FLAWS2
— AWS Well Architected Security Labs
— CloudGoat
— OWASP ServerlessGoat
— OWASP WrongSecrets
— AWS S3 CTF Challenges
— CTF 101 worklab
— Breaking and Pwning Apps and Servers on AWS and Azure
— Thunder CTF
— Sadcloud
— Damn Vulnerable Cloud Application
— AWS Detonation Lab
— Cfngoat - Vulnerable Cloudformation Template
— CdkGoat - Vulnerable AWS CDK Infrastructure
— IAM Vulnerable
— PenTesting.Cloud
— AWSGoat - A Damn Vulnerable AWS Infrastructure
— AzureGoat - A Damn Vulnerable Azure Infrastructure
— caponeme
— TerraGoat - Vulnerable Terraform Infrastructure
— The Big IAM Challenge by Wiz
— CONVEX
— GCP Goat
— Lambhack
Уязвимые лаборатории, на которых можно поучиться находить уязвимости в облачных приложениях, развернутых в средах AWS, Azure или Google Cloud.
— FLAWS
— FLAWS2
— AWS Well Architected Security Labs
— CloudGoat
— OWASP ServerlessGoat
— OWASP WrongSecrets
— AWS S3 CTF Challenges
— CTF 101 worklab
— Breaking and Pwning Apps and Servers on AWS and Azure
— Thunder CTF
— Sadcloud
— Damn Vulnerable Cloud Application
— AWS Detonation Lab
— Cfngoat - Vulnerable Cloudformation Template
— CdkGoat - Vulnerable AWS CDK Infrastructure
— IAM Vulnerable
— PenTesting.Cloud
— AWSGoat - A Damn Vulnerable AWS Infrastructure
— AzureGoat - A Damn Vulnerable Azure Infrastructure
— caponeme
— TerraGoat - Vulnerable Terraform Infrastructure
— The Big IAM Challenge by Wiz
— CONVEX
— GCP Goat
— Lambhack
Уязвимые лаборатории, на которых можно поучиться находить уязвимости в облачных приложениях, развернутых в средах AWS, Azure или Google Cloud.
GitHub
GitHub - BishopFox/cloudfoxable: Create your own vulnerable by design AWS penetration testing playground
Create your own vulnerable by design AWS penetration testing playground - BishopFox/cloudfoxable
Утечка московского туристического магазина sport-marafon.ru
Основные поля:
— ФИО
— телефон
— адрес эл. почты
— хешированный пароль
— адрес проживания
— пол
— дата рождения
— дата регистрации
— дата последнего захода
Всего записей: 361 987
Основные поля:
— ФИО
— телефон
— адрес эл. почты
— хешированный пароль
— адрес проживания
— пол
— дата рождения
— дата регистрации
— дата последнего захода
Всего записей: 361 987