Look for any podcast host, guest or anyone

Showing episodes and shows of

SQLI

Shows

🔴 RadioCSIRT : L’Actu Cyber Qui Protège Votre Quotidien ! ⚡️

🔴 RadioCSIRT : L’Actu Cyber Qui Protège Votre Quotidien ! ⚡️RadioCSIRT – Votre actu Cybersécurité du Mercredi 23 Avril 2025 (Ép. 266)🎙️ Au programme aujourd’hui : 🔹 Windows 10 : comment prolonger son support jusqu’en 2032 ? Les éditions LTSC de Windows 10 offrent des mises à jour jusqu’en 2032. Focus sur ces versions alternatives, souvent méconnues, qui permettent d’éviter une migration vers Windows 11 ou Linux. 📚 Source : https://www.theregister.com/2025/04/22/windows_10_ltsc/ 🔹 GCP Cloud Composer : élévation de privilèges via paquets PyPI malveillants La faille ConfusedComposer permettait à un attaquant d’obtenir des accès élevés sur GCP en modifiant l’environnement Cloud Composer. Corrigée le 13 avril 2025. 📚 Source : https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html 🔹 Tenable Security Center : vulnérabilit...2025-04-2316 min

Elk stapje telt

Elk stapje teltS2A10 - David Vernaillen: Verkopen zonder pitchen – waarom vragen stellen wél werkt🎙️ Verkopen zonder pitchen – waarom vragen stellen wél werktHoe maak je vandaag nog écht impact als salesprofessional, consultant of ondernemer? In deze aflevering van Elk stapje telt deelt David Vernaillen, sales director bij SQLI, zijn visie op mensgerichte verkoop – zonder druk, zonder pusherige pitch, maar mét verbinding, vragen en vertrouwen.We bespreken: ✅ Waarom klassieke verkooptechnieken vaak niet meer werken ✅ Hoe vragen stellen krachtiger is dan overtuigen ✅ De rol van vertrouwen in langetermijnrelaties ✅ Wat sales en marketing van elkaar kunnen leren ✅ Waarom ‘teamverkoop’ de toekomst is📌 Of je...2025-04-1535 min

Decoded: The Cybersecurity Podcast

Decoded: The Cybersecurity PodcastDecoded: Inside SQL Injection Vulnerabilities and Defenses by Edward HenriquezThis podcast script for "Decoded: The Cybersecurity Podcast" with host Edward Henriquez and ethical hacker Sentinel explains SQL Injection (SQLi), a prevalent web vulnerability. The discussion covers what SQLi is, detailing how malicious code can be inserted into input fields to manipulate database queries. The experts also explore attacker tools and step-by-step attack methodologies, alongside various types of SQLi attacks and real-world examples of significant data breaches caused by this exploit. Crucially, the script outlines essential defense strategies and recommends platforms for ethical hacking practice.Patreon Support:https://www...2025-04-1215 min

StoneCast

StoneCastSQL Injection: The Hacker’s Backdoor to Your DataDid you know a single line of malicious code could expose your entire database to hackers? SQL Injection (SQLi) remains one of the most dangerous and widely used cyberattack techniques, allowing attackers to manipulate databases, steal sensitive data, and even take full control of applications.In this episode, we dive deep into how SQL injection works—from classic attacks to advanced blind SQLi techniques used to evade detection. We’ll also explore real-world data breaches caused by SQL injection, including attacks that exposed millions of records from major companies.More importantly, we’ll discuss how busine...2025-03-2411 min

Decoded: The Cybersecurity Podcast

Decoded: The Cybersecurity PodcastPart 8 - CEH v12 Practice Questions: Web Application Attack Fundamentals: 15 QuestionsPart 8: Web Application Attacks (15 Questions)⸻Which attack exploits unsanitized user input to execute malicious SQL commands?• A) Cross-Site Scripting (XSS)• B) SQL Injection (SQLi)• C) Directory Traversal• D) Session HijackingAnswer: B) SQL Injection (SQLi)Which web attack aims to execute malicious scripts in a victim’s browser via trusted websites?• A) Cross-Site Scripting (XSS)• B) Cross-Site Request Forgery (CSRF)• C) Broken Authentication• D) IDOR AttackAnswer: A) Cross-Site Scripting (XSS)What is the primary...2025-03-1815 min

Geeking Out with Adriana Villela

Geeking Out with Adriana VillelaThe One Where We Geek Out on Sustainable Applications with Aicha LaafiaAbout our guest:Aicha Laafia Java Software Engineer with a love for coding, a taste for delicious food, and a heart for volunteering. Aicha is also a member of the Moroccan Association of Computing Science, a Women Techmakers and Girls Code ambassador, and an IAmRemarkable facilitator.Find our guest on:BlueskyLinkedInLinkTreeX (formerly Twitter)Find us on:All of our social channels are on bento.me/geekingoutAll of Adriana's social channels are on bento.me/adrianamvillelaShow notes:KCD PortoIx-chel Ruiz on Geeking OutEnterprise JavaBeans (EJB)J2EEZ Garbage Collector (ZCG...2025-01-1446 min

CyberWire Daily

CyberWire DailyGuarding the VoteCISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and diff...2024-10-3133 min

PEBCAK Podcast: Information Security News by Some All Around Good PeopleEpisode 177 - Airport Security Bypassed with SQLi, Russian Hackers Use NSO Group Exploits, Users Get Too Good Identifying Phishing, Career Goals Welcome to this week's episode of the PEBCAK Podcast! We’ve got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast TSA bypassed by SQL injection attack https://www.bleepingcomputer.com/news/security/researchers-find-sql-injection-to-bypass-airport-tsa-security-checks/ https://xkcd.com/327/ https://arstechnica.com/information-technology/2023/10/sob-story-about-dead-grandma-tricks-microsoft-ai-into-solving-captcha/ Russian APT29 uses commercial spyware exploits https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-use-ios-chrome-exploits-created-by-spyware-vendors/ https://www.darkreading.com/threat-intelligence/commercial-spyware-vendors-have-a-copycat-in-top-russian-apt People too good...2024-09-0955 min

Unsupervised Learning

Unsupervised LearningUL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...Becoming Attention, Weighting on OpenAI, Ozempic and Aging?, and more... ➡ Check out Vanta and get $1000 off:vanta.com/unsupervised Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.2024-09-0622 min

Unsupervised Learning

Unsupervised LearningUL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...Becoming Attention, Weighting on OpenAI, Ozempic and Aging?, and more... ➡ Check out Vanta and get $1000 off:vanta.com/unsupervised Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.2024-09-0622 min

Unsupervised Learning (Member Edition)

Unsupervised Learning (Member Edition)UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...Becoming Attention, Weighting on OpenAI, Ozempic and Aging?, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.2024-09-0621 min $WE\'RE IN!$ WE'RE IN!Anand Prakash on cloud security startups and next-gen hackingAnand Prakash on cloud security startups and next-gen hacking Anand Prakash, founder of startup PingSafe, shares his insights on building a successful cybersecurity business and his experience as a top bug bounty hunter. He emphasizes the importance of fast execution, accountability and learning from mistakes when growing the company acquired by SentinelOne, where he’s now a senior director of product management. In the latest episode of WE’RE IN!, Anand touches on India's prominence in global tech – particularly in security research and bug bounty programs – and he shares his personal journey into cybersecurity, which began with...2024-07-1728 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday July 12th, 2024Honeypot Fingerprinting; Veeam Exploited; Juniper Patches; VMWAre Aria SQLi; SMS Leak Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots https://isc.sans.edu/diary/Understanding%20SSH%20Honeypot%20Logs%3A%20Attackers%20Fingerprinting%20Honeypots/31064 Patch or Peril: A Veeam Vulnerability Incident https://www.group-ib.com/blog/estate-ransomware/ Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories] VMWare Aria Automation SQL Injection Vuln; https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598 Leaked SMS Messages https://www.ccc.de/de/updates/2024/2fa-sms keywords: ccc; sms; vmware; aria...2024-07-1107 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Friday June 28th, 2024Honeypot Lesons; TeamViewer Compromise; Fortra File Catalyst Vuln/PoC; GitLab Update; Vanna.AI RCE; What Setting Live Traps For Cybercriminals Taught Me About Security https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038 TeamViewer Compromise https://www.teamviewer.com/en-us/resources/trust-center/statement/ Fortra File Catalyst Vulnerability and PoC https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 https://www.tenable.com/security/research/tra-2024-25 GitLab Critical Update https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ When Prompts Go Rogue: Analyzing a Prompt...2024-06-2707 min

Cyber Morning Call

Cyber Morning CallCyber Morning Call - #572 - 27/06/2024[Referências do Episódio] Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806) - https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ Fortra FileCatalyst Workflow Unauthenticated SQLi - https://www.tenable.com/security/research/tra-2024-25 Multiple vulnerabilities in TP-Link Omada system could lead to root access - https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/ CHAMELGANG & FRIENDS | CYBERESPIONAGE GROUPS ATTACKING CRITICAL INFRASTRUCTURE WITH RANSOMWARE - https://assets.sentinelone.com/sentinellabs/chamelgang-friends-en Dados do Pedido à Casa Civil via Lei de Acesso à Informação - https://buscalai.cgu.gov.br/PedidosLai/DetalhePed...2024-06-2704 min

Critical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty PodcastEpisode 72: Research TLDRs & Smuggling Payloads in Well Known Data TypesEpisode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector featured from Monke!Follow us on twitter at: @ctbbpodcastShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast...2024-05-2352 min

Recap from Cogent2

Recap from Cogent2Ep3 - Cookiemageddon and Rewriting the eCommerce Rule BookThis bumper (well, bumper for us) episode covers the eComOne event on Cookies in Lincoln, UK from Thursday 2nd May and also my thoughts on the Rewriting the eCommerce Rule Book webinar put on by Klevu and SQL Digital on Wednesday 1st May. Get my thoughts on the key takeaways with regards to the impending cookiemageddon - spoiler - the world isn't actually ending. There's loads of technical detail in there, especially all the goodness shared from Kieran Wright, as well as thoughts from the session on Social Media and cookie impact there and...2024-05-0325 min

The Security Table

The Security TableSQLi All Over Again?Chris, Matt, and Izar discuss a recent Secure by Design Alert from CISA on eliminating SQL injection (SQLi) vulnerabilities. The trio critiques the alert's lack of actionable guidance for software manufacturers, and they discuss various strategies that could effectively mitigate such vulnerabilities, including ORMs, communicating the why, and the importance of threat modeling. They also explore potential ways to improve the dissemination and impact of such alerts through partnerships with organizations like OWASP, the various PSIRTs, and ISACs, and leveraging threat intelligence effectively within AppSec programs. Ultimately, the trio wants to help CISA maximize its effectiveness in the software...2024-04-0237 min

Cyber Security Headlines

Cyber Security HeadlinesChange Healthcare fallout, Fortinet SQL warning, Yacht company breachChange Healthcare - AHA asks for aid, HHS questions HIPAA compliance Fortinet warns of severe SQLi vulnerability in FortiClientEMS software Yacht company MarineMax announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate...2024-03-1507 min

Cyber Briefing

Cyber BriefingFebruary 27, 2024 - Cyber Briefing 👉 What's the latest in the cyber world today? 🚨 #CyberAlerts White House Urges Devs to Adopt Memory-Safe Languages Source : The White House 8,000+ Trusted Brands Domains Hijacked in Spam Operation Source : Nati Tal and Oleg Zaytsev via Guardio Labs Travelers Targeted by Booking.com Email Scam Distributing Agent Tesla Source : Mayur Sewani and Prashant Kumar via Forcepoint Critical SQLi Flaw in Popular WordPress Plugin Threatens 200K+ Websites Source : Istvan Marton via Wordfence New IDAT Loader Attacks Deploy Remcos RAT via Ste...2024-02-2709 min

Critical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty PodcastEpisode 55: Popping WordPress Plugins - Methodology BraindumpEpisode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.Follow us on twitterSend us any feedback here:Shoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------WordFence - Sign up as a researcher! https://ctbb.show/wf---Sign up for Caido using the referral...2024-01-251h 44

DIGINOV

DIGINOVÉpisode 9 - ChatBotUn chatbot, ou agent conversationnel, est un robot capable d’imiter le comportement humain pour mener une conversation avec un utilisateur, via une plateforme ou une application. Son principal objectif est d’apporter des réponses aux problèmes rencontrés par les internautes et ce, de manière automatisée. Dans cet épisode, nous accueillons à notre micro, Marius YOVO, Ingénieur logiciel et Business Analyst chez Hello Bank pour le compte de SQLi. Agréable écoute !2023-11-1710 min

ENERGIEZONE

ENERGIEZONEE#23 Martin Lass zum Inselnetz, Monopolrisiken und EnergiewendeWann wird Strom richtig billig? Martin Lass war bereits in zwei Energiezone Folgen zu Gast und hat die Zuhörer vollends überzeugt. In der dritten und vorerst letzten Folge mit Martin besprechen wir das Potential der Biogasanlage als CO2 Senke, dem Problem der Monopolpreise bei Wärmenetzen und dem Aufbau seines Inselstromnetzes mit er vorhat einer der günstigsten Anbieter der Region für Schnelllader zu werden. Boottour während der K5: https://go.sqli.com/de/sqli-e-com-spree-boats-adventure-night Community: https://kassenzone.de/discord Feedback zum Podcast? Mail an alex@kassenzone.de Disclaimer: https://www.kassenzone.de/dis...2023-10-311h 09 $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday July 10th, 2023DSSuite Update; New MoveIT Flaw; Nexus 9000 Flaw; DSSuite Didier Toolbox Cokcer Image Update https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Pack https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flaw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX keywords: nexus; 9000; encryption; moveit; sql injection; sqli; dssuite 2023-07-1004 min

Kassenzone | CEO Interviews

Kassenzone | CEO InterviewsK#476 Martin Lass zum Inselnetz, Monopolrisiken und Energiewende #ENERGIEZONEWann wird Strom richtig billig? Martin Lass war bereits in zwei Energiezone Folgen zu Gast und hat die Zuhörer vollends überzeugt. In der dritten und vorerst letzten Folge mit Martin besprechen wir das Potential der Biogasanlage als CO2 Senke, dem Problem der Monopolpreise bei Wärmenetzen und dem Aufbau seines Inselstromnetzes mit er vorhat einer der günstigsten Anbieter der Region für Schnelllader zu werden. Boottour während der K5: https://go.sqli.com/de/sqli-e-com-spree-boats-adventure-night Community: https://kassenzone.de/discord Feedback zum Podcast? Mail an alex@kassenzone.de Disclaimer: https://www.kassenzone.de/dis...2023-06-151h 09

Hack és LángosHnL281 - Hasonló ZIPőben járMai menü:BSides élmények Bélától és SzabitólQbot c2How SOCs can identify the threat actors behind the threatsMOVEit sqlizip es mov domainek ... mi baj lehetcikk2Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show 2023-06-091h 05

Kassenzone | CEO Interviews

Kassenzone | CEO InterviewsK#474 Domino's Pizza mit COO Alexander TauerWer liefert schneller + Rabatt für Husqvarna Aspire Serie Wer schon immer mal wissen wollte wie das Business von Pizza Lieferdiensten funktioniert, wird an diesem Podcast seine Freude haben. Dominos Pizza ist einer der weltweit erfolgreichsten Lieferdienste und die Expansion in Deutschland gestaltet sich äußerst erfolgreich. Für mein Heimatdorf Gettorf reicht es leider nicht. Warum das so ist und ob es sich lohnt selber ein Franchisenehmer zu werden, erfahrt ihr im Podcast. Boottour während der K5: https://go.sqli.com/de/sqli-e-com-spree-boats-adventure-night 10% auf die Husqvarna Aspire Produkte: http://husqvarna.com/de "KASSENZONE10" 2023-06-0156 min

Security Weekly Podcast Network (Audio)

Security Weekly Podcast Network (Audio)PSW #771 - Dan DeClossIn a recent survey on purple teaming, 89 percent of respondents who had used the method deemed purple teaming activities “very important” to their security operations. Purple teaming exercises conducted regularly have the power to improve collaboration across teams, ensure issues are identified and remediated more proactively, and provide a means to measure progress over time. With all these benefits, why isn’t everyone doing it? Purple teaming doesn’t have to be such a heavy lift. With the right mindset and tools, any team can get started regardless of resources. This talk will highlight practical tips for getting started with pur...2023-02-023h 11 $Paul\'s Security Weekly (Audio)$ Paul's Security Weekly (Audio)PSW #771 - Dan DeClossIn a recent survey on purple teaming, 89 percent of respondents who had used the method deemed purple teaming activities “very important” to their security operations. Purple teaming exercises conducted regularly have the power to improve collaboration across teams, ensure issues are identified and remediated more proactively, and provide a means to measure progress over time. With all these benefits, why isn’t everyone doing it? Purple teaming doesn’t have to be such a heavy lift. With the right mindset and tools, any team can get started regardless of resources. This talk will highlight practical tips for getting started with pur...2023-02-023h 11 $Paul\'s Security Weekly (Video)$ Paul's Security Weekly (Video)Super(conductive) Graphene, Yandex Leak, No Fly Lists, & Thinkpad Servers - PSW #771In the Security News for this week: defending against cleaning services, catastrophic mutating events and the future, myths and misconceptions, finding vulnerabilities in logs (And not log4j), SSRF leads to RCE with a PoC, SQLi with XSS bypasses WAF FTW, thinkpad as a server, RPC directory traversal for the win, just directory traversal for the win, Paul gets a Flipper Zero and how he thinkgs he's some sort of hero, sh1mmer your chromebook, and superconductive magic angle graphene! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: h...2023-02-022h 06 $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday January 5th, 2023RTRBK diff feature; Google Legacy Windows Support Ending; SHC Malware; ManageEngine SQLi; ForiADC command injection; Update to RTRBK - Diff and File Dates in PowerShell https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400 Google Chrome Sunsetting Legacy Windows Support https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en SHC used to compile cryptominer malware https://asec.ahnlab.com/en/45182/ ManageEngine Password Manager Pro SQL Injection https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory—important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability ForiADC Command Injection in Web Interface https://www.fo...2023-01-0507 min

Day[0]

Day[0][bounty] Tailscale RCE, an SQLi in PAM360, and Exploiting BackstageSome RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/171.html [00:00:00] Introduction [00:00:38] RCE in Tailscale, DNS Rebinding, and You [CVE-2022-41924] [00:17:55] SQL Injection in ManageEngine Privileged Access Management [CVE-2022-40300] [00:22:34] Unauthenticated Remote Code Execution in Spotify’s Backstage [00:36:28] Till REcollapse [00:41:19] Chat Question: Alternatives to IDA Freeware The...2022-11-2944 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday November 16th, 2022Packet Tuesday; Mastodon Bug; Zendesk SQLi; EV Charger Security; Packet Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp SQLi and Access Flaws in Zendesk https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws Electric Vehicle Charging Infrastructure https://newsreleases.sandia.gov/ev_security/ keywords: packets; packet tuesday; dns; idn; punycode; passwords; mastodon; csp; sqli; zendesk; graphql; ev; chargers 2022-11-1605 min $Le café de l\'e-commerce$ Le café de l'e-commerce124 - Paris Retail Week 2022 - Retour sur le salon incontournable du e-commerce🎙Épisode 124 : au cœur de l’actualité e-commerce, depuis le salon Paris Retail Week ! 🧐 Mais que s’est-il passé cette semaine à la Porte de Versailles ? Pourquoi des publicités pour Amazon Pay ou encore PayPlug ont envahi le 15ème arrondissement de Paris ? Paris Retail Week, 8ème édition. Laetitia et Adrien vous embarquent avec eux dans les allées du salon incontournable de cette rentrée 2022. ❓Quelles conférences fallait-il ne surtout pas manquer ? Quelles sont les tendances émergentes ? Pourquoi on parle de Retail Tech ? Et le métaverse, c’est responsable ou pas ? On vous dit tout ! Enfin, surtout Adrien, qui a essuyé comme...2022-09-2238 min

Hack és LángosHnL238 - Very Protected NetworkMai menü:Felmérés szerint az átlag amerikai naponta 6,5 alkalommal lép be gyanús oldalakraKínai hacker keresőKínai UEFI rootkitet találtak Gigabyte és Asus alaplapokon | SecurityWeek.ComHamisított git metaadatokAnti-vax társkereső webhely kitett adatok 3,500 felhasználók keresztül "hibakeresési mód" hiba - A VergeNoMoreRansom születésnapFBI lefoglal $500,000 Ransomware kifizetések és Crypto az észak-koreai hackerektőlAz XSS-sel történő hackelés tisztázásaKezdje el tanulni a biztonságot az SQLi segítségévelElérhetőségeink:TelegramTwitterInstagramFacebookMail: i...2022-08-051h 06 $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday July 25th, 2022SMS and Phishing; Sonicwall SQLi; SHA Errors; An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/ keywords: sms; phishing; mobile; sonicwall; sql injection; sha2; error checking; tls;2022-07-2505 min

Redefining CyberSecurity

Redefining CyberSecurityThe Real-World Value Of Telling Stories And The Role Of Visual Art In Ethical Hacking Videos | A Conversation With YouTuber SecAura | Redefining CyberSecurity Podcast With Sean MartinSecAura is an amateur YouTuber whose post I came across caught my attention. SecAura creates free educational videos for ethical hacking and does so while going the extra mile to hand-craft many of the animations used in the videos. All of this is done outside of the 9-5 job SecAura has as a penetration tester. Realizing that the technical subjects needed diagrams and that these elements were a core part of the videos being created, SecAura decided to hand-craft the animations for each of the subjects being prepared, teaching himself all that was required to do so while constantly t...2022-06-3039 min

Examining

Examining42: Educator ToolboxIn this episode, Erik and Kris share a repository of over 400 open education tools. Our co-hosts also discuss recent tech and education news including "the next Google", the pros and cons of using technology to improve education, SQLi vulnerabilities in higher ed institutions, new online learning entrepreneurs, and smartphones vs science. The app of the month is iA Writer.SHOW NOTES:Tools:*Innovations in Scholarly Communication by the University of Utrecht*List of 400 open education tools*TabulaNews articles*DKB: The Next Google*Entrepreneur: 5 edtech trends that will...2022-05-061h 06

Tech me higher

Tech me higherFødevarer i Kina -> om blockchain, plantemad og sikkerhedspolitikKina har sat ambitiøse mål for at reducere deres klimaaftryk. Mål der skal opnås både med kulturelle og teknologiske ændringer. Kineserne skal spise markant mindre kød, og blockchain skal højne fødevaresikkerheden. Mad er nemlig en vigtig brik i Kinas geopolitiske og indenrigspolitiske spil. Til at guide os igennem Kinas fødevare- og tech-scene har vi Peter Lisbygd, direktør i China Experience, med fra det corona-nedlukkede Shanghai. Shownotes: The Future of Food - China Experience report https://drive.google.com/file/d/1D9STxom5RiKevf2rINosXkp0iX...2022-04-0642 min

The E-Commerce Society

The E-Commerce SocietyL'impact de la data dans le secteur du e-commerce post pandémiePrès de deux ans après le début de la crise du Covid-19, une nouvelle ère se dessine : le “new normal”. Que ce soit d’un point de vue économique, social ou encore professionnel, les habitudes prises avant la crise sanitaire se transforment et l’adaptation au changement est devenue incontournable, tant pour les marques que pour les consommateurs. Dans cet épisode nous reviendrons sur les constats réels liés à ces impacts sur les marques et les consommateurs, ainsi que cinq recommandations pour préparer le rebond et performer de façon durable dans cette nouvelle ère...2022-04-0428 min

Day[0]

Day[0][bounty] Facebook Exploits, pfSense RCE, and MySQLjs SQLiLinks and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/facebook-exploits-pfsense-rce-and-mysqljs-sqli.html A few interesting issues you this week, a JS race condition in some auth related code for Facebook, some fake prepared queries, and a RCE through sed commands (in pfSense) [00:00:56] Remote Code Execution in pfSense (2.5.2 and earlier) [00:06:13] Finding an Authorization Bypass on my Own Website [00:17:43] More secure Facebook Canvas Part 2: More Account Takeovers [00:32:43] The perils of the “real” client IP The DAY[0] Podcast episodes are streamed live on T...2022-03-0850 min

Day[0]

Day[0]WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Hunting]Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/websocket-hijacking-github-review-bypass-and-sqli-to-rce.html Just a handful of traditional vulns this week: IDOR, CSRF, SQLi, a logic vuln and zi's boomer side starts to show. [00:00:18] Remote Chaos Experience [00:03:30] [Concrete CMS] Stored unauth XSS in calendar event via CSRF [00:08:47] ‘Websocket Hijacking’ to steal Session_ID of victim users [00:14:17] IDOR + Account Takeover leads to PII leakage [00:27:27] Bypassing required reviews using GitHub Actions [00:33:20] How I Escalated a Time-Based SQL Injection to RCE 2021-10-1945 min

Digital Causeurs

Digital CauseursMon job #05 - Florent démystifie le métier de Concepteur développeurConcepteur développeur. Un métier qui peut en apparence sembler mystique et solitaire... est-ce vraiment le cas ? Florent nous dit tout sur ce métier clé dans le domaine du digital. Souhaitez-vous le rejoindre et trouver ensemble des solutions créatives ? Retrouvez nos offres d'emploi 👉 https://www.sqli-carrieres.com/2021-10-1804 min

Digital Causeurs

Digital CauseursMon job #04 - Sharaf raconte son quotidien en tant que Chef de Projet mobileConnaissez-vous vraiment le métier de Chef de Projet mobile ? Découvrez-le en 2 minutes avec Sharaf. Vous avez envie de le rejoindre et de travailler ensemble sur des projets passionnants ? Nous recrutons 👉 https://www.sqli-carrieres.com/ 2021-10-0402 min

Podcast Ostrapiła

Podcast OstrapiłaORMy to tylko modaW tym odcinku pochylimy się nad ORMami. Czy obiecywane założenia, które były obiecywane wraz z ich wprowadzeniem tj. bez kosztowe i bezproblemowe wymienianie bazy danych jest faktem czy to tylko mrzonki i w ogóle można by ich się pozbyć z korzyścią dla projektów. A może jednak klepanie SQLi z palca to zamierzchłe czasy i już do nas nie wrócą? Chrzestni: Konrad Kokosa Piotr Karczmarz Michał Kuliński Książki: Stanisław Lem - Maska - https://ebookpoint.pl/view/112736/maska-s...2021-09-301h 40

Digital Causeurs

Digital CauseursMon job #03 - Nizar raconte son quotidien de Practice Leader Content & CollaborationConnaissez-vous le métier de Practice Leader ? Nizar en décrit les contours. Vous avez envie de rejoindre son équipe et de travailler ensemble sur des projets passionnants ? Nous recrutons ➡ https://www.sqli-carrieres.com/ 2021-09-2702 min

Digital Causeurs

Digital CauseursMon job #02 - Matthieu décrit son quotidien en tant que Consultant DevOpsEn quoi consiste le métier de Consultant DevOps ? Matthieu témoigne. Vous avez envie de le rejoindre et de travailler ensemble sur des projets passionnants ? Nous recrutons 👉 paris.recrutement@sqli.com 2021-09-2002 min

Digital Causeurs

Digital CauseursMon job #01 - Anne-Clémence raconte son quotidien de Chef de Projet e-CommerceA quoi ressemble le quotidien de Chef de Projet e-Commerce ? Anne-Clémence apporte sa réponse. Vous avez envie de la rejoindre et de travailler ensemble sur des projets passionnants ? Nous recrutons 👉 https://www.sqli-carrieres.com/2021-09-1403 min

Commerce Experience

Commerce ExperienceEpisode 36: The European E-Commerce Climate, with Victor TerpstraThough the impacts of the pandemic have been seen across the globe, it is clear that, while widespread, those impacts were not necessarily equal. One area where this is evident is in the disparity between US and EU/UK e-commerce growth, where increases in the EU and UK lag far behind that of the US. To learn more about the trends and business leader sentiment guiding EU e-commerce strategy through the pandemic and beyond, host Brian Walker speaks to Victor Terpstra, the Chief Commercial Officer at Amsterdam-based digital experience agency SQLI International. Together, they discuss the differences in both consumer...2021-09-0937 min

Digital Causeurs

Digital CauseursIA #04 - Frédéric raconte comment il a mis ses compétences au profit du monde associatifNous prenons part au programme Share AI de Microsoft, qui met l'IA au service d'entrepreneurs sociaux ! Frédéric, Architecte technique & Consultant Microsoft 365, revient sur le projet qu'il a mené pour soutenir les actions de La Cimade. Venant lui-même du monde associatif, allier intelligence artificielle et aide humanitaire était une évidence.2021-08-2304 min

Digital Causeurs

Digital CauseursIA #03 - Guillaume témoigne de son implication dans le programme Share AI pour combattre les troubles cognitifs chez l'enfantNous prenons part au programme Share AI de Microsoft, qui met l'IA au service d'entrepreneurs sociaux ! Guillaume, Chef de projet Data, témoigne de son accompagnement de la start-up Crocos Go Digital, spécialisée dans la détection des troubles "dys" chez l’enfant, en couplant les tests neuropsychologiques avec une intelligence artificielle.2021-08-1603 min

Digital Causeurs

Digital CauseursIA #02 - Lucette raconte comment l'IA sert l'insertion professionnelle des femmes dans le numériquePartenaire Gold de Microsoft et spécialiste de l'Intelligence Artificielle, c'est tout naturellement que nous nous sommes investis dans 4 projets de son programme Share AI qui met l'intelligence artificielle au service d'entrepreneurs sociaux. Lucette, Data Scientist en alternance, raconte son engagement auprès de Social Builder, à travers l'amélioration de l'assistant virtuel Adabot, qui guide les utilisatrices dans leurs parcours de reconversion. Retrouvez par ailleurs son portrait dressé par Microsoft.2021-08-0804 min

Digital Causeurs

Digital CauseursIA #01 - Jonathan explique comment il s'investit dans le programme Share AI de Microsoft pour la bonne causePartenaire Gold de Microsoft et spécialiste de l'Intelligence Artificielle, c'est tout naturellement que nous nous sommes investis dans 4 projets de son programme Share AI qui met l'intelligence artificielle (IA) au service d'entrepreneurs sociaux. Jonathan, Chef de projet, partage son expérience auprès de l'association L'autre Cercle, organisme leader pour l'inclusion et la gestion de la diversité LGBT+ au travail.2021-07-3003 min

Digital Causeurs

Digital CauseursCollaboration #01 - Marie-Pierre et Vahan racontent comment ils ont fait conjuguer leurs expertisesMarie-Pierre, Chef de projet de Bordeaux, et Vahan, Consultant en customer experience de Belgique, ont tous les deux fait conjuguer leurs expertises pour penser et déployer un CRM au sein d'une entreprise internationale agro-alimentaire.2021-07-2804 min

Tomの入門サイバーセキュリティ！

Tomの入門サイバーセキュリティ！#13 3月17日の情報セキュリティーニュース3月16日の情報セキュリティーニュース MS、「Exchange脆弱性」の影響を緩和する簡易ツールを公開 - 未修正なら活用を保管期間中の宿泊台帳が所在不明に - オリックス・ホテルマネジメント WP向け会員制サイト構築プラグインにSQLi脆弱性雑談情報セキュリティ 10 大脅威（個人)について 4位メールや SMS 等を使った脅迫・詐欺の手口による金銭要求 2021-03-1729 min

Application Paranoia

Application ParanoiaS2EP5 - AppScan 10.0.4 release, SQLi tips, Accellion FTA exploit and Golf is not green.Colin Bell, Rob Cuddy and Kris Duer bring you another Application Paranoia episode. This episode has guest Panellist Billy Weber helping to navigate through discussions about a bunch of exciting new AppScan features in the recent 10.0.4 release. There are also discussions about St. Patricks day being cancelled in Ireland, Why SQL Injection is still a thing, zero day vulnrabilities in Accellion's file transfer appliance (FTA), MS Exchange email exploits and that Golf is bad for the planet. So basically something for everyone...2021-03-1648 min

Day[0]

Day[0]Industrial Control Fails and a Package disguised in your own supply"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research. [00:00:59] Florida Water Treatment Facility Hacked https://twitter.com/Bing_Chris/status/1358873543623274499 [00:09:19] Have a domain name? "Beg bounty" hunters may be on their way https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way/amp/ [00:20:14] FootFallCam and MetaTechnology Drama https://twitter.com/_MG_/status/1359582048260743169 [00:28:33] Telegram privacy fails [CVE-2021-27204] [CVE-2021-27205] https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html [00:36:43] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies 2021-02-171h 44

Refactor (🇫🇷)

Refactor (🇫🇷)Philippe Charrière, Senior Technical Account ManagerDécouvrez Philippe Charrière, Senior Technical Account Manager du côté de GitLab. Philippe a 25 ans d'expérience dans la tech, en alternant des roles de technico-commercial, dans la technique, en chefferie de projets, en travaillant même dans de grandes ESN...Après une prépa vétérinaire et une école de commerce, spécialité gestion-finance, il réalise que c'est l'informatique qui l'anime. Sa première expérience professionnelle a été en tant que technico-commercial. Après quelques expériences en tant que chef de projet, consultant, il est recruté chez Astek où il y travaille pendant...2020-10-211h 04

Refactor (🇫🇷)Philippe Charrière, Senior Technical Account ManagerDécouvrez Philippe Charrière, Senior Technical Account Manager du côté de GitLab. Philippe a 25 ans d'expérience dans la tech, en alternant des roles de technico-commercial, dans la technique, en chefferie de projets, en travaillant même dans de grandes ESN...Après une prépa vétérinaire et une école de commerce, spécialité gestion-finance, il réalise que c'est l'informatique qui l'anime. Sa première expérience professionnelle a été en tant que technico-commercial. Après quelques expériences en tant que chef de projet, consultant, il est recruté chez Astek où il y travaille pendant...2020-10-211h 04

Refactor

RefactorPhilippe Charrière, Senior Technical Account ManagerDécouvrez Philippe Charrière (https://www.linkedin.com/in/phcharriere/), Senior Technical Account Manager du côté de GitLab (https://www.linkedin.com/company/gitlab-com/). Philippe a 25 ans d'expérience dans la tech, en alternant des roles de technico-commercial, dans la technique, en chefferie de projets, en travaillant même dans de grandes ESN... Après une prépa vétérinaire et une école de commerce, spécialité gestion-finance, il réalise que c'est l'informatique qui l'anime. Sa première expérience professionnelle a été en tant que technico-commercial. Après quelques expériences en tant que chef de projet, consultan...2020-10-211h 04

Day[0]

Day[0]Some Discord, a Bad Neighbor and a BleedingToothIt has been a while since we had an exploit extravaganza but here we are. Several binary-level issues from Bad Neighbor on Windows to BleedingTooth on Linux, and several vulns in Qualcomm SoCs, even a Discord RCE. [00:00:57] Introducing Edge Vulnerability Research [00:06:57] Cache Partitioning in Chrome [00:10:29] Magma: A Ground-Truth Fuzzing Benchmark [00:25:27] "Bits Please!" - CVE-2020-16938 [00:29:50] ContainerDrip [CVE-2020-15157] [00:40:01] Discord Desktop app RCE [00:52:34] Time Based SQLi via referrer header https://www.fedscoop.com/hack-the-army-2-results/ [00:57:35] PyYAML 0day [01:09:24] Phantom of the ADAS [01:15:03] Rollback Attack in Mozilla Maintenance Service [01:19:33] Glitching...2020-10-212h 16

Le Comptoir Sécu[SECHebdo] 07 octobre 2020 - Publis du Comptoir, Microsoft Digital Defense Report, Hunt Andoid, Zero Trust impos par la Justice, ZeroLogon, Corner Vuln, etc.2020-10-0700 min

Refactor

RefactorEric Taix, Développeur SeniorNouvelle rencontre aujourd'hui avec Eric Taix (https://www.linkedin.com/in/etaix/), architecte/ Lead développeur chez Nauticspot à Montpellier. De formation électronique avec un DUT GEII (Génie électrique et informatique industrielle), suivi d'un Master ESISAR (Ecole d'ingénieurs en systèmes embarqués -électronique, automatique et informatique- et en réseaux) en 1992, il se lance dans la programmation chez ESII Média en tant que Team Leader/Développeur. Eric, souhaitant arrêter de faire du client lourd et travailler sur des technologies web, décide de quitter l'entreprise dans un premier temps pour cette raison. Il se tourne vers SO...2020-10-0655 min

Refactor (🇫🇷)Eric Taix, Développeur SeniorNouvelle rencontre aujourd'hui avec Eric Taix, Architecte/Lead développeur chez Nauticspot à Montpellier.De formation électronique avec un DUT GEII (Génie électrique et informatique industrielle), suivi d'un Master ESISAR (Ecole d'ingénieurs en systèmes embarqués -électronique, automatique et informatique- et en réseaux) en 1992, il se lance dans la programmation chez ESII Média en tant que Team Leader/Développeur. Eric, souhaitant arrêter de faire du client lourd et travailler sur des technologies web, décide de quitter l'entreprise dans un premier temps pour cette raison. Il se tourne vers SOAMAI, en tant que dé...2020-10-0655 min

Refactor (🇫🇷)

Refactor (🇫🇷)Eric Taix, Développeur SeniorNouvelle rencontre aujourd'hui avec Eric Taix, Architecte/Lead développeur chez Nauticspot à Montpellier.De formation électronique avec un DUT GEII (Génie électrique et informatique industrielle), suivi d'un Master ESISAR (Ecole d'ingénieurs en systèmes embarqués -électronique, automatique et informatique- et en réseaux) en 1992, il se lance dans la programmation chez ESII Média en tant que Team Leader/Développeur. Eric, souhaitant arrêter de faire du client lourd et travailler sur des technologies web, décide de quitter l'entreprise dans un premier temps pour cette raison. Il se tourne vers SOAMAI, en tant que dé...2020-10-0655 min

Marketing & Innovation Archives - Marketing and Innovation

Marketing & Innovation Archives - Marketing and InnovationGrands projets : une informatique raisonnée pour mettre fin au « gâchis »Les grands projets IT ne sont pas un long fleuve tranquille. L’informatique raisonnée », on aurait tout aussi bien pu écrire « raisonnable », est un nouveau concept issu du dernier livre d’Alain Lefebvre, dont le but est justement de réparer les dégâts que l’on constate si souvent autour de ces énormes chantiers informatiques. Les lecteurs qui y auront été mêlés de près ou de loin, nous comprendrons aisément. Nous avons interviewé Alain dans le cadre de notre dossier sur l’environnement de travail du futur. Ceux de nos lecteurs qui le connaissent déjà ne seront...2020-09-2417 min

7 Minute Security

7 Minute Security7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches JingleToday's slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only Music and Miscellaneous Awesomeness. To kick things off, I'm super excited to share with you two new security-themed songs for some of my favorite security things! They are: Backdoors and Breaches - my favorite incident response card game. OWASP Juice Shop - my favorite vulnerable Web application. Enjoy! Backdoors and Breaches Backdoors and Breaches I love the way teaches me to think about security controls And their proper...2020-03-0907 min

Le Talk Décideurs

Le Talk DécideursSQLI: «Nous sommes entrés en Bourse pendant l’explosion de la bulle internet»Didier Fauque, directeur général de SQLI, est l’invité du Talk Décideurs.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.2020-02-1209 min

Linux Action News

Linux Action NewsLinux Action News 130Fedora arrives from the future, the big players line up behind KernelCI, and researchers claim significant vulnerabilities in Horde. Plus, Google's new dashboard for WordPress and ProtonMail's apps go open source.Support Linux Action NewsLinks:Fedora 31 is officially here! — This release features GNOME 3.34, which brings significant performance enhancements which will be especially noticeable on lower-powered hardware. Fedora Server brings the latest in cutting-edge open source server software to systems administrators in an easy-to-deploy fashion.Fedora 31 Performance Is Still Sliding In The Wrong DirectionDistributed Linux Testing Platform KernelCI Secures Funding and Long-Term Su...2019-11-0426 min

Linux Action News VideoLinux Action News 130Fedora arrives from the future, the big players line up behind KernelCI, and researchers claim significant vulnerabilities in Horde. Plus, Google's new dashboard for WordPress and ProtonMail's apps go open source.Links:Fedora 31 is officially here! — This release features GNOME 3.34, which brings significant performance enhancements which will be especially noticeable on lower-powered hardware. Fedora Server brings the latest in cutting-edge open source server software to systems administrators in an easy-to-deploy fashion.Fedora 31 Performance Is Still Sliding In The Wrong DirectionDistributed Linux Testing Platform KernelCI Secures Funding and Long-Term Sustainability — "Testing is trad...2019-11-0300 min

IT-säkerhetspodden

IT-säkerhetspoddenHacka en webbläsareDenna gång är Mattias och Erik ensamma i studion och en ny typ av attack står på avsnittets agenda. Cross Site Scripting (XSS). Kanske inte lika vanligt som SQLi men ändå värt att djupdyka i. Avsnittet avhandlar de olika typerna - Persistant och Reflected samt en lista med åtgärder som stoppar en attack, som faktiskt riktar sig i första hand mot slutanvändaren och dess webbläsare och inte systemet, men som måste lösas på servern. I vanlig ordning avviker duon från ämnet så sjökaptener på Tinder och scenskräck...2019-10-1326 min

IT-säkerhetspodden

IT-säkerhetspodden#45 - SQL-injektionerMattias och Erik pratar SQL Injection, en attack som tog sin form runt 1998. Då, när webbsidor blev mer avancerade med databasstruktur istället för rena webbservrar, lyckades hackare avbryta frågor till databasen genom att skicka sin egna frågor och på så vis få ut information om systemet. Vad är SQL injection? Hur stoppar man den? Vilka olika typer finns det? Finns det någon känd attack som är baserad på SQL Injection? Hur ser framtiden ut? Ja, allt det där besvaras faktiskt i avsnittet om "SQLi".2019-09-2930 min

The InfoQ Podcast

The InfoQ PodcastJohnny Xmas on Web Security & the Anatomy of a HackOn this podcast, Wes talks to John Xmas. Johnny works for Kasada, a company that offers a security platform to help ensure only your users are logging into your web applications. Johnny is a well-known figure in the security space. The two discuss common attack vectors, the OWASP Top 10, and then walk through what hackers commonly do attempting to compromise a system. The show is full of advice on protecting your systems including topics around Defense in Depth, Time-Based Security, two-factor authentication, logging/alerting, security layers, and much more. Why listen to this podcast: - While there are sophisticated web...2019-06-1731 min

Application Security PodCast

Application Security PodCastThe Extremely Unabridged History of SQLi and XSS(S04E19)On this episode, Jim Manico joins again to talk about the ways that AppSec has changed over the years and give us an in-depth look at the history of SQL Injection and XSS. You can find Jim on Twitter @manicode The post The Extremely Unabridged History of SQLi and XSS(S04E19) appeared first on Security Journey Podcasts.2018-12-0300 min

The Application Security Podcast

The Application Security PodcastJim Manico -- The Extremely Unabridged History of SQLi and XSSJim Manico joins again to talk about how AppSec has changed over the years and gives us an in-depth look at the history of SQL Injection and XSS. You can find Jim on Twitter @manicodeFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~2018-12-0330 min

BrakeSec Education Podcast

BrakeSec Education Podcast2018-042-Election security processes in the state of OhioWhere in the world is Ms. Amanda Berlin? Keynoting hackerconWV Election Security Cuyahoga County: Intro: Jeremy Mio (@cyborg00101 Name? Why are you here? Discussing Ohio does election operations. Walk through the process Pre-Elections Elections Night Post Elections All about the C.I.A. Votes must be confidential Votes must not be compromised (integrity) Voting should be available and without outage...2018-12-031h 24

Consejero Digital

Consejero DigitalEl nuevo iPhone, Google y una herramienta de hacking por $200 al mes.Los rumores indican que el nuevo iPhone costaría $1200: http://www.businessinsider.com/apple-iphone-8-oled-price-john-gruber-2017-7 Precios actuales: iPhone 7 32 GB: $649 iPhone 7 128 GB: $749 iPhone 7 256 GB: $849 iPhone 7 Plus 32 GB: $769 iPhone 7 Plus 128 GB: $869 iPhone 7 Plus 256 GB: $969 Google paga a investigadores para que escriban informes que les favorecen: https://consejerodigital.com/google-habria-pagado-a-investigadores-para-que-escriban-reportes-favorables-a-ellos/ Un reportaje del Bloomberg Businessweek reveló que Kasperky Labs, la firma que está detras de uno de los más populares antivirus con más de 400 millones de usuarios ha estado trabajando en conjunto con el servicio de inteligencia ruso FSB. https://consejerodigital.com/kaspersky-lab-ha-estado-trabajando-con-el-servicio-de-inteligencia-ruso/ Katyusha Scanner es una herramienta de hacking as a...2017-12-0605 min

Consejero Digital

Consejero DigitalEpisodio 1: El nuevo iPhone, Google y una herramienta de hacking por $200 al mes.Los rumores indican que el nuevo iPhone costaría $1200:http://www.businessinsider.com/apple-iphone-8-oled-price-john-gruber-2017-7Precios actuales:iPhone 7 32 GB: $649iPhone 7 128 GB: $749iPhone 7 256 GB: $849iPhone 7 Plus 32 GB: $769iPhone 7 Plus 128 GB: $869iPhone 7 Plus 256 GB: $969Google paga a investigadores para que escriban informes que les favorecen:https://consejerodigital.com/google-habria-pagado-a-investigadores-para-que-escriban-reportes-favorables-a-ellos/Un reportaje del Bloomberg Businessweek reveló que Kasperky Labs, la firma que está detras de uno de los más populares antivirus con más de 400 millones de usuarios ha estado trabajando en conjunto con el servicio de inteligencia ruso...2017-07-1305 min

Consejero Digital

Consejero DigitalEl nuevo iPhone, Google y una herramienta de hacking por $200 al mesLos rumores indican que el nuevo iPhone costaría $1200: http://www.businessinsider.com/apple-iphone-8-oled-price-john-gruber-2017-7 Precios actuales: iPhone 7 32 GB: $649 iPhone 7 128 GB: $749 iPhone 7 256 GB: $849 iPhone 7 Plus 32 GB: $769 iPhone 7 Plus 128 GB: $869 iPhone 7 Plus 256 GB: $969 Google paga a investigadores para que escriban informes que les favorecen: https://consejerodigital.com/google-habria-pagado-a-investigadores-para-que-escriban-reportes-favorables-a-ellos/ Un reportaje del Bloomberg Businessweek reveló que Kasperky Labs, la firma que está detras de uno de los más populares antivirus con más de 400 millones de usuarios ha estado trabajando en conjunto con el servicio de inteligencia ruso FSB. https://consejerodigital.com/kaspersky-lab-ha-estado-trabajando-con-el-servicio-de-inteligencia-ruso/ Katyusha Scanner es una herramienta de hacking as a...2017-07-1300 min

Unsupervised Learning

Unsupervised LearningUnsupervised Learning: No. 71Half of Android devices haven't been patched in over a year, Tavisclosure, NEST camera flaws, senate vs. privacy, electronics ban, bad Let's Encrypt certs, Moodle SQLi, infosec venture capital drying up, IBM employees heading into the office, Twitter going paid model, Google killing Talk, Quiet spaces, Age of the influencer, AI vs. jobs, tools, aphorisms, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.2017-03-2642 min

Unsupervised Learning

Unsupervised LearningUnsupervised Learning: No. 71Half of Android devices haven't been patched in over a year, Tavisclosure, NEST camera flaws, senate vs. privacy, electronics ban, bad Let's Encrypt certs, Moodle SQLi, infosec venture capital drying up, IBM employees heading into the office, Twitter going paid model, Google killing Talk, Quiet spaces, Age of the influencer, AI vs. jobs, tools, aphorisms, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.2017-03-2642 min

Unsupervised Learning

Unsupervised LearningT1SP: Episode 25 [ Subscribe to the Podcast: iTunes | Android | RSS ] News * [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet * [ ] SSH backdoor found in Fortinet firewalls * [ ] SSH client vulnerability * [ ] Australia’s Cybercrime Online Reporting Network (ACORN) received over 39K reports of criminal activity in 2015 * [ ] Hyatt names 250 hotels hit by malware, includes the one for DerbyCon * [ ] Web sense rebranding as Forepoint, acquires Intel’s firewall business * [ ] Twitter might be ending its 140 character limit * [ ] Major vulns still being found in Health and Fitness mobile apps * [ ] Angl...2016-01-1926 min

Unsupervised Learning

Unsupervised LearningT1SP: Episode 25 [ Subscribe to the Podcast: iTunes | Android | RSS ] News * [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet * [ ] SSH backdoor found in Fortinet firewalls * [ ] SSH client vulnerability * [ ] Australia’s Cybercrime Online Reporting Network (ACORN) received over 39K reports of criminal activity in 2015 * [ ] Hyatt names 250 hotels hit by malware, includes the one for DerbyCon * [ ] Web sense rebranding as Forepoint, acquires Intel’s firewall business * [ ] Twitter might be ending its 140 character limit * [ ] Major vulns still being found in Health and Fitness mobile apps * [ ] Angl...2016-01-1926 min

BrakeSec Education Podcast

BrakeSec Education Podcast2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf!When you receive a #pentest or vuln scan report, we think in terms of #SQLi or #XSS. Take that report to your dev, and she/he sees Egyptian hieroglyphics and we wonder why it's so difficult to get devs to understand. It's a language barrier folks. They think terms of defects or how something will affect the customer experience. We think in terms of #vulnerabilities, and what caused the issue. We need to find that common ground, and often, that will mean us heading into unfamiliar territory. It doesn't have to be 'us vs. them'. We are...2015-11-0446 min

DEF CON 23 [Audio] Speeches from the Hacker ConventionJason Haddix - How to Shot Web: Web and mobile hacking in 2015 - 101 TrackMaterials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Jason-Haddix-How-Do-I-shot-Web.pdf How to Shot Web: Web and mobile hacking in 2015 Jason Haddix Director of Technical Operations, Bugcrowd 2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and 2015 looks like a trendmaker. Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools, and tips make you better at hacking websites and mobile apps to claim those bounties. Convert edge-case vulnerabilities to practical pwnage even on presumably heavily...2015-09-2200 min

BrakeSec Education Podcast

BrakeSec Education Podcast2015-040; Defending against HTML 5 vulnerabilitiesLast week, we discussed with Shreeraj Shah about HTML5, how it came into being and the fact that instead of solving OWASP issues, it introduces new and wonderful vulnerabilities, like exploiting locally stored web site info using XSS techniques, and doing SQLI on the new browser WebSQL. So this week, it's all about defensive techniques that you can use to educate your developers against making mistakes that could get your company's web application on the front page of the news paper.2015-09-2100 min

DEF CON 22 [Materials] Speeches from the Hacker Convention.Eric (XlogicX) Davisson and Ruben Alejandro (chap0) - Abuse of Blind Automation in Security ToolsSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Davisson-Alejandro/DEFCON-22-Eric-Davisson-Ruben-Alejandro-Abuse-of-Blind-Automation-in-Security-Tools.pdf Abuse of Blind Automation in Security Tools Eric (XlogicX) Davisson SECURITY RESEARCHER Ruben Alejandro (chap0) SECURITY RESEARCHER It is impossibly overwhelming for security personnel to manually analyze all of the data that comes to them in a meaningful way. Intelligent scripting and automation is key. This talk aims to be a humorous reminder of why the word “intelligent” really matters; your security devices might start doing some stupid things when we feed them. This talk is about abusing signature dete...2014-12-1332 min

BrakeSec Education Podcast

BrakeSec Education PodcastOWASP Top Ten: Numbers 6 - 10As we wade through the morass of the Infosec swamp, we come across the OWASP 2013 report of web app vulnerabilities. Since Mr. Boettcher and I find ourselves often attempting to explain these kinds of issues to people on the Internet and in our daily lives, we thought it would be prudent to help shed some light on these. So this week, we discuss the lower of the top 10, the ones that aren't as glamorous or as earth shaking as XSS or SQLI, but are gotchas that will bite thine ass just as hard. Next week...2014-06-1645 min

Liquidmatrix Security Digest Podcast

Liquidmatrix Security Digest PodcastLiquidmatrix Security Digest Podcast - Episode 1AEpisode 0x1A -- Happy Holidays Everyone Upcoming this week... SCREW THE NEWS!!!!!!! and then our discussion topic-- Predictions and Prognostication And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.2012-12-241h 15

InfoSec Daily Podcast

InfoSec Daily PodcastInfoSec Daily Podcast Episode 791Episode 791 - 60 Seconds Arrests, .AU Post breached again, .ru cyberspy in Georgia, DDoS & SQLi lead on forums and UK Bank Phishers arrested 2012-11-0143 min

Down the Security Rabbithole Podcast (DtSR)

Down the Security Rabbithole Podcast (DtSR)DtR Episode 25 - Guests: Jim Manico, David Litchfield - From Black Hat 2012 with SQLiSend the hosts a message - try it now!Syhopsis When I caught up with these two gentlemen in Amsterdam over the week of Black Hat 2012, I knew we wouldn't run out of things to talk about! We ended up chatting for quite some time, and I think you'll find this conversation interesting from hearing of David's recent work with Oracle, and Jim's perspective on "the fix"... I kept the conversation going and am probably at last partially responsible for how long this podcast ended up being. It's well worth the time, in my opinion, as...2012-10-2250 min