Shows
CyberCode AcademyCourse 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 9: Understanding and Finding SQL Injection VulnerabilitiesIn this lesson, you’ll learn about:SQL Injection (SQLi) — definition & importance: what SQL is (Structured Query Language) and why data-driven apps are high-value targets for injection attacks.Core mechanism: how attackers inject malicious input into dynamic SQL statements (queries built from runtime parameters) to alter logic — e.g., commenting out parts of a query or appending always-true conditions.Types of SQLi: error-based, blind (boolean), time-based, and union-based injections — each exploits the DB engine differently and requires different discovery/exploitation techniques.Potential impact: full database disclosure (dumping data), modifying/inserting/deleting records...
2025-11-1211 min
Certified - The CompTIA A+ Audio CourseEpisode 114: Threats and Vulnerabilities — Zero-Day, SQLi, XSSThis episode explains the technical underpinnings of some of the most dangerous threats and vulnerabilities in modern systems. We start with zero-day exploits, where attackers take advantage of unknown software flaws before patches can be released. These are especially damaging because traditional defenses often can’t detect them. Next, we explore structured query language injection—SQLi—an attack that targets poorly secured databases.We also explain cross-site scripting, or XSS, which allows attackers to inject scripts into web pages viewed by others. These vulnerabilities are tested on the A Plus exam in the context of prevention, detection, and ap...
2025-08-1714 min
RadioCSIRT : Edition FrançaiseRadioCSIRT – Votre actu Cybersécurité du Vendredi 18 Juillet 2025 (Ép. 359)📌 Au programme aujourd’hui :🛠️ CISA ajoute une faille Fortinet à son catalogue KEVLa CVE-2025-25257, une vulnérabilité SQLi affectant FortiWeb, fait désormais partie des vulnérabilités activement exploitées selon la CISA.🔗 https://www.cisa.gov/news-events/alerts/2025/07/18/cisa-adds-one-known-exploited-vulnerability-catalog📱 Massistant : nouvel outil chinois de forensic mobileSuccesseur de MFSocket, l’outil accède aux SMS, photos, audio, GPS et contacts. Développé par Meiya Pico et détectable sur les appareils ciblés.🔗 https://www.schneier.com/blog/archives/2025/07/new-mobile-phone-forensics-tool.html⚖️ Meta règle un recours collectif sur Cambridge AnalyticaP...
2025-07-1809 min
économie et numérique Archives - Marketing and InnovationIA générative : entre effet de mode et véritable révolution
L’IA générative est-elle un effet de mode ou une véritable « révolution« ? La révolution de l’IA fait couler beaucoup d’encre depuis l’avènement de ChatGPT, mais, derrière les discours marketing et les effets d’annonce, que se cache-t-il vraiment ? Pour décrypter cette transformation technologique majeure, j’ai eu le plaisir de recevoir deux experts reconnus du secteur : Alain Lefebvre, pionnier de l’informatique et fondateur de SQLi, réputé pour son regard critique et acéré, et Frédéric Cavazza, consultant spécialisé dans la transformation digitale et fondateur d’acculturation numériqu...
2025-06-271h 03Les Podcasts de Visionary MarketingIA générative : entre effet de mode et véritable révolutionL’IA générative est-elle un effet de mode ou une véritable « révolution« ? La révolution de l’IA fait couler beaucoup d’encre depuis l’avènement de ChatGPT, mais, derrière les discours marketing et les effets d’annonce, que se cache-t-il vraiment ? Pour décrypter cette transformation technologique majeure, j’ai eu le plaisir de recevoir deux experts reconnus du secteur : Alain Lefebvre, pionnier de l’informatique et fondateur de SQLi, réputé pour son regard critique et acéré, et Frédéric Cavazza, consultant spécialisé dans la transformation digitale et fondateur d’acculturation numériqu...
2025-06-271h 03
Seemposium PodcastSeemposium lowlevel_3 | CVE nel caos e LLM che ragionano davvero?In questo nuovo episodio, Andrea e Gabriele analizzano le vulnerabilità più critiche delle ultime settimane, tra cui il caso SAP e la gestione disastrosa del supporto VPN in casa Fortinet. A fare da sfondo, il caos nel progetto CVE del Mitre, che rischia di mettere in crisi l’intero sistema di classificazione delle vulnerabilità.La discussione si allarga poi al futuro della sicurezza informatica con AI: l’intelligenza artificiale può davvero “ragionare”? Le ultime ricerche di Anthropic suggeriscono di sì. Ma quali sono i rischi, i bias, e le derive distopiche dietro l’adozione di questi sistemi anche in ambito...
2025-05-091h 20RadioCSIRT : Edition FrançaiseRadioCSIRT – Votre actu Cybersécurité du Mercredi 23 Avril 2025 (Ép. 266)🎙️ Au programme aujourd’hui :🔹 Windows 10 : comment prolonger son support jusqu’en 2032 ?Les éditions LTSC de Windows 10 offrent des mises à jour jusqu’en 2032. Focus sur ces versions alternatives, souvent méconnues, qui permettent d’éviter une migration vers Windows 11 ou Linux.📚 Source : https://www.theregister.com/2025/04/22/windows_10_ltsc/🔹 GCP Cloud Composer : élévation de privilèges via paquets PyPI malveillantsLa faille ConfusedComposer permettait à un attaquant d’obtenir des accès élevés sur GCP en modifiant l’environnement Cloud Composer. Corrigée le 13 avril 2025.📚 Source : https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html🔹 Tenable Security Center : vulnérabilit...
2025-04-2316 min
Elk stapje teltS2A10 - David Vernaillen: Verkopen zonder pitchen – waarom vragen stellen wél werkt🎙️ Verkopen zonder pitchen – waarom vragen stellen wél werktHoe maak je vandaag nog écht impact als salesprofessional, consultant of ondernemer? In deze aflevering van Elk stapje telt deelt David Vernaillen, sales director bij SQLI, zijn visie op mensgerichte verkoop – zonder druk, zonder pusherige pitch, maar mét verbinding, vragen en vertrouwen.We bespreken: ✅ Waarom klassieke verkooptechnieken vaak niet meer werken ✅ Hoe vragen stellen krachtiger is dan overtuigen ✅ De rol van vertrouwen in langetermijnrelaties ✅ Wat sales en marketing van elkaar kunnen leren ✅ Waarom ‘teamverkoop’ de toekomst is📌 Of je...
2025-04-1535 min
Decoded: The Cybersecurity PodcastDecoded: Inside SQL Injection Vulnerabilities and Defenses by Edward HenriquezThis podcast script for "Decoded: The Cybersecurity Podcast" with host Edward Henriquez and ethical hacker Sentinel explains SQL Injection (SQLi), a prevalent web vulnerability. The discussion covers what SQLi is, detailing how malicious code can be inserted into input fields to manipulate database queries. The experts also explore attacker tools and step-by-step attack methodologies, alongside various types of SQLi attacks and real-world examples of significant data breaches caused by this exploit. Crucially, the script outlines essential defense strategies and recommends platforms for ethical hacking practice.Patreon Support:https://www...
2025-04-1215 min
Critical Thinking - Bug Bounty PodcastEpisode 118: Hacking Happy Hour: 0days on Tap and SQLi ShotsEpisode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!You can also find some hacker swag!====== Resources ======p4fg passed 1 Million!/reports/:id.json...
2025-04-1058 min
StoneCastSQL Injection: The Hacker’s Backdoor to Your DataDid you know a single line of malicious code could expose your entire database to hackers? SQL Injection (SQLi) remains one of the most dangerous and widely used cyberattack techniques, allowing attackers to manipulate databases, steal sensitive data, and even take full control of applications.In this episode, we dive deep into how SQL injection works—from classic attacks to advanced blind SQLi techniques used to evade detection. We’ll also explore real-world data breaches caused by SQL injection, including attacks that exposed millions of records from major companies.More importantly, we’ll discuss how busine...
2025-03-2411 minDecoded: The Cybersecurity PodcastPart 8 - CEH v12 Practice Questions: Web Application Attack Fundamentals: 15 QuestionsPart 8: Web Application Attacks (15 Questions)⸻Which attack exploits unsanitized user input to execute malicious SQL commands?• A) Cross-Site Scripting (XSS)• B) SQL Injection (SQLi)• C) Directory Traversal• D) Session HijackingAnswer: B) SQL Injection (SQLi)Which web attack aims to execute malicious scripts in a victim’s browser via trusted websites?• A) Cross-Site Scripting (XSS)• B) Cross-Site Request Forgery (CSRF)• C) Broken Authentication• D) IDOR AttackAnswer: A) Cross-Site Scripting (XSS)What is the primary...
2025-03-1815 minDecoded: The Cybersecurity PodcastPart 6 - CEH v12 Practice Questions: Web Attack Vulnerabilities and Exploits1. What type of attack manipulates query parameters to exploit web databases? • A) Cross-Site Scripting • B) Command Injection • C) SQL Injection • D) Clickjacking Answer: C) SQL Injection Explanation: SQL Injection inserts malicious SQL queries into web forms to manipulate backend databases.2. Which technique exploits web page scripts to execute malicious code in browsers? • A) SQL Injection • B) Cross-Site Scripting (XSS) • C) Remote File Inclusion • D) DNS Spoofing Answer: B) Cross-Site Scripting (XSS) Explanation...
2025-03-1616 min
Geeking Out with Adriana VillelaThe One Where We Geek Out on Sustainable Applications with Aicha LaafiaAbout our guest:Aicha Laafia Java Software Engineer with a love for coding, a taste for delicious food, and a heart for volunteering. Aicha is also a member of the Moroccan Association of Computing Science, a Women Techmakers and Girls Code ambassador, and an IAmRemarkable facilitator.Find our guest on:BlueskyLinkedInLinkTreeX (formerly Twitter)Find us on:All of our social channels are on bento.me/geekingoutAll of Adriana's social channels are on bento.me/adrianamvillelaShow notes:KCD PortoIx-chel Ruiz on Geeking OutEnterprise JavaBeans (EJB)J2EEZ Garbage Collector (ZCG...
2025-01-1446 min
Chaos Computer Club - recent audio-only feedWhat the PHUZZ?! (38c3)PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications
Fuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities.
However, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities.
In this talk, we present our academic fuzzing framework, "PHUZZ," and the challenges we faced in bringing coverage-guided fuzzing to PHP web applications. Our experiments show that PHUZZ outperforms related works and state-of-the-art vulnerability scanners in discovering...
2024-12-271h 00Chaos Computer Club - recent events feed (high quality)What the PHUZZ?! (38c3)PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications
Fuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities.
However, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities.
In this talk, we present our academic fuzzing framework, "PHUZZ," and the challenges we faced in bringing coverage-guided fuzzing to PHP web applications. Our experiments show that PHUZZ outperforms related works and state-of-the-art vulnerability scanners in discovering...
2024-12-271h 00Chaos Computer Club - recent events feed (low quality)What the PHUZZ?! (38c3)PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications
Fuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities.
However, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities.
In this talk, we present our academic fuzzing framework, "PHUZZ," and the challenges we faced in bringing coverage-guided fuzzing to PHP web applications. Our experiments show that PHUZZ outperforms related works and state-of-the-art vulnerability scanners in discovering...
2024-12-271h 00
CyberWire DailyGuarding the VoteCISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and diff...
2024-10-3133 min
PEBCAK Podcast: Information Security News by Some All Around Good PeopleEpisode 177 - Airport Security Bypassed with SQLi, Russian Hackers Use NSO Group Exploits, Users Get Too Good Identifying Phishing, Career Goals
Welcome to this week's episode of the PEBCAK Podcast! We’ve got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW)
Follow us on Instagram @pebcakpodcast
TSA bypassed by SQL injection attack
https://www.bleepingcomputer.com/news/security/researchers-find-sql-injection-to-bypass-airport-tsa-security-checks/
https://xkcd.com/327/
https://arstechnica.com/information-technology/2023/10/sob-story-about-dead-grandma-tricks-microsoft-ai-into-solving-captcha/
Russian APT29 uses commercial spyware exploits
https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-use-ios-chrome-exploits-created-by-spyware-vendors/
https://www.darkreading.com/threat-intelligence/commercial-spyware-vendors-have-a-copycat-in-top-russian-apt
People too good...
2024-09-0955 min
Unsupervised LearningUL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...Becoming Attention, Weighting on OpenAI, Ozempic and Aging?, and more... ➡ Check out Vanta and get $1000 off:vanta.com/unsupervised Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
2024-09-0622 min
Unsupervised Learning (Member Edition)UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...Becoming Attention, Weighting on OpenAI, Ozempic and Aging?, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
2024-09-0621 min
WE'RE IN!Anand Prakash on cloud security startups and next-gen hackingAnand Prakash on cloud security startups and next-gen hacking Anand Prakash, founder of startup PingSafe, shares his insights on building a successful cybersecurity business and his experience as a top bug bounty hunter. He emphasizes the importance of fast execution, accountability and learning from mistakes when growing the company acquired by SentinelOne, where he’s now a senior director of product management. In the latest episode of WE’RE IN!, Anand touches on India's prominence in global tech – particularly in security research and bug bounty programs – and he shares his personal journey into cybersecurity, which began with...
2024-07-1728 min![Talkin\' Bout [Infosec] News](https://img.transistorcdn.com/HsNi7EkqWVMo2UdyyQ_7NHASn0mPDnYJzkyYoNXKQo0/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82YWMx/YTMwMDkzMmI4NGQw/NjI1NGU3MzhhMWQ2/ZjI1Yy5qcGc.jpg)
Talkin' Bout [Infosec] News2024-07-01 - Ice Cream Season00:00 - PreShow Banter™ — Ice Cream Season07:22 - BHIS - Talkin’ Bout [infosec] News 2024-07-0107:48 - Story # 1: TeamViewer’s corporate network was breached in alleged APT hack09:11 - Story # 1b: TeeamViewer Security Update – June 28, 2024, 12:10 PM CEST16:33 - Story # 2: Supreme Court orders new look at Texas, Florida social media laws21:32 - Story # 3: New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems24:52 - Story # 4: CISA: Most critical open source projects not using memory safe code40:03 - Story # 5: Exploit for critical Fortra FileCatalyst Workflow SQLi flaw relea...
2024-07-031h 00
Cyber Morning CallCyber Morning Call - #572 - 27/06/2024[Referências do Episódio]
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806) - https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Fortra FileCatalyst Workflow Unauthenticated SQLi - https://www.tenable.com/security/research/tra-2024-25
Multiple vulnerabilities in TP-Link Omada system could lead to root access - https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/
CHAMELGANG & FRIENDS | CYBERESPIONAGE GROUPS ATTACKING CRITICAL INFRASTRUCTURE WITH RANSOMWARE - https://assets.sentinelone.com/sentinellabs/chamelgang-friends-en
Dados do Pedido à Casa Civil via Lei de Acesso à Informação - https://buscalai.cgu.gov.br/PedidosLai/DetalhePed...
2024-06-2704 minCritical Thinking - Bug Bounty PodcastEpisode 72: Research TLDRs & Smuggling Payloads in Well Known Data TypesEpisode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector featured from Monke!Follow us on twitter at: @ctbbpodcastShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast...
2024-05-2352 min
Recap from Cogent2Ep3 - Cookiemageddon and Rewriting the eCommerce Rule BookThis bumper (well, bumper for us) episode covers the eComOne event on Cookies in Lincoln, UK from Thursday 2nd May and also my thoughts on the Rewriting the eCommerce Rule Book webinar put on by Klevu and SQL Digital on Wednesday 1st May.
Get my thoughts on the key takeaways with regards to the impending cookiemageddon - spoiler - the world isn't actually ending. There's loads of technical detail in there, especially all the goodness shared from Kieran Wright, as well as thoughts from the session on Social Media and cookie impact there and...
2024-05-0325 min
The Security TableSQLi All Over Again?Chris, Matt, and Izar discuss a recent Secure by Design Alert from CISA on eliminating SQL injection (SQLi) vulnerabilities. The trio critiques the alert's lack of actionable guidance for software manufacturers, and they discuss various strategies that could effectively mitigate such vulnerabilities, including ORMs, communicating the why, and the importance of threat modeling. They also explore potential ways to improve the dissemination and impact of such alerts through partnerships with organizations like OWASP, the various PSIRTs, and ISACs, and leveraging threat intelligence effectively within AppSec programs. Ultimately, the trio wants to help CISA maximize its effectiveness in the software...
2024-04-0237 min
Cyber BriefingFebruary 27, 2024 - Cyber Briefing
👉 What's the latest in the cyber world today?
🚨 #CyberAlerts
White House Urges Devs to Adopt Memory-Safe Languages
Source : The White House
8,000+ Trusted Brands Domains Hijacked in Spam Operation
Source : Nati Tal and Oleg Zaytsev via Guardio Labs
Travelers Targeted by Booking.com Email Scam Distributing Agent Tesla
Source : Mayur Sewani and Prashant Kumar via Forcepoint
Critical SQLi Flaw in Popular WordPress Plugin Threatens 200K+ Websites
Source : Istvan Marton via Wordfence
New IDAT Loader Attacks Deploy Remcos RAT via Ste...
2024-02-2709 minCritical Thinking - Bug Bounty PodcastEpisode 55: Popping WordPress Plugins - Methodology BraindumpEpisode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.Follow us on twitterSend us any feedback here:Shoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------WordFence - Sign up as a researcher! https://ctbb.show/wf---Sign up for Caido using the referral...
2024-01-251h 44
DIGINOVÉpisode 9 - ChatBotUn chatbot, ou agent conversationnel, est un robot capable d’imiter le comportement humain pour mener une conversation avec un utilisateur, via une plateforme ou une application. Son principal objectif est d’apporter des réponses aux problèmes rencontrés par les internautes et ce, de manière automatisée.
Dans cet épisode, nous accueillons à notre micro, Marius YOVO, Ingénieur logiciel et Business Analyst chez Hello Bank pour le compte de SQLi.
Agréable écoute !
2023-11-1710 min
ENERGIEZONEE#23 Martin Lass zum Inselnetz, Monopolrisiken und EnergiewendeWann wird Strom richtig billig?
Martin Lass war bereits in zwei Energiezone Folgen zu Gast und hat die Zuhörer vollends überzeugt. In der dritten und vorerst letzten Folge mit Martin besprechen wir das Potential der Biogasanlage als CO2 Senke, dem Problem der Monopolpreise bei Wärmenetzen und dem Aufbau seines Inselstromnetzes mit er vorhat einer der günstigsten Anbieter der Region für Schnelllader zu werden.
Boottour während der K5: https://go.sqli.com/de/sqli-e-com-spree-boats-adventure-night
Community: https://kassenzone.de/discord
Feedback zum Podcast? Mail an alex@kassenzone.de
Disclaimer: https://www.kassenzone.de/dis...
2023-10-311h 09
Kassenzone | CEO InterviewsK#476 Martin Lass zum Inselnetz, Monopolrisiken und Energiewende #ENERGIEZONEWann wird Strom richtig billig?
Martin Lass war bereits in zwei Energiezone Folgen zu Gast und hat die Zuhörer vollends überzeugt. In der dritten und vorerst letzten Folge mit Martin besprechen wir das Potential der Biogasanlage als CO2 Senke, dem Problem der Monopolpreise bei Wärmenetzen und dem Aufbau seines Inselstromnetzes mit er vorhat einer der günstigsten Anbieter der Region für Schnelllader zu werden.
Boottour während der K5: https://go.sqli.com/de/sqli-e-com-spree-boats-adventure-night
Community: https://kassenzone.de/discord
Feedback zum Podcast? Mail an alex@kassenzone.de
Disclaimer: https://www.kassenzone.de/dis...
2023-06-151h 09
Hack és LángosHnL281 - Hasonló ZIPőben járMai menü:BSides élmények Bélától és SzabitólQbot c2How SOCs can identify the threat actors behind the threatsMOVEit sqlizip es mov domainek ... mi baj lehetcikk2Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show
Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show
2023-06-091h 05
Kassenzone | CEO InterviewsK#474 Domino's Pizza mit COO Alexander TauerWer liefert schneller + Rabatt für Husqvarna Aspire Serie
Wer schon immer mal wissen wollte wie das Business von Pizza Lieferdiensten funktioniert, wird an diesem Podcast seine Freude haben. Dominos Pizza ist einer der weltweit erfolgreichsten Lieferdienste und die Expansion in Deutschland gestaltet sich äußerst erfolgreich. Für mein Heimatdorf Gettorf reicht es leider nicht. Warum das so ist und ob es sich lohnt selber ein Franchisenehmer zu werden, erfahrt ihr im Podcast.
Boottour während der K5: https://go.sqli.com/de/sqli-e-com-spree-boats-adventure-night
10% auf die Husqvarna Aspire Produkte: http://husqvarna.com/de "KASSENZONE10"
2023-06-0156 min
Security Weekly Podcast Network (Audio)PSW #771 - Dan DeClossIn a recent survey on purple teaming, 89 percent of respondents who had used the method deemed purple teaming activities “very important” to their security operations. Purple teaming exercises conducted regularly have the power to improve collaboration across teams, ensure issues are identified and remediated more proactively, and provide a means to measure progress over time. With all these benefits, why isn’t everyone doing it? Purple teaming doesn’t have to be such a heavy lift. With the right mindset and tools, any team can get started regardless of resources. This talk will highlight practical tips for getting started with pur...
2023-02-023h 11
Paul's Security Weekly (Audio)PSW #771 - Dan DeClossIn a recent survey on purple teaming, 89 percent of respondents who had used the method deemed purple teaming activities "very important" to their security operations. Purple teaming exercises conducted regularly have the power to improve collaboration across teams, ensure issues are identified and remediated more proactively, and provide a means to measure progress over time. With all these benefits, why isn't everyone doing it? Purple teaming doesn't have to be such a heavy lift. With the right mindset and tools, any team can get started regardless of resources. This talk will highlight practical tips for getting started with purple...
2023-02-023h 11
Paul's Security Weekly (Video)Super(conductive) Graphene, Yandex Leak, No Fly Lists, & Thinkpad Servers - PSW #771In the Security News for this week: defending against cleaning services, catastrophic mutating events and the future, myths and misconceptions, finding vulnerabilities in logs (And not log4j), SSRF leads to RCE with a PoC, SQLi with XSS bypasses WAF FTW, thinkpad as a server, RPC directory traversal for the win, just directory traversal for the win, Paul gets a Flipper Zero and how he thinkgs he's some sort of hero, sh1mmer your chromebook, and superconductive magic angle graphene! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: h...
2023-02-022h 06![Day[0]](https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_nologo/1589585/1589585-1553556841291-2e3a293ad9c2e.jpg)
Day[0][bounty] Tailscale RCE, an SQLi in PAM360, and Exploiting BackstageSome RCE chains starting with DNS rebinding, always fun to see, a fairly basic SQL injection, and a JS sandbox escape for RCE in Spotify.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/171.html
[00:00:00] Introduction
[00:00:38] RCE in Tailscale, DNS Rebinding, and You [CVE-2022-41924]
[00:17:55] SQL Injection in ManageEngine Privileged Access Management [CVE-2022-40300]
[00:22:34] Unauthenticated Remote Code Execution in Spotify’s Backstage
[00:36:28] Till REcollapse
[00:41:19] Chat Question: Alternatives to IDA Freeware
The...
2022-11-2944 min
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Wednesday, November 16th, 2022Packet Tuesday
https://packettuesday.com
Stealing Passwords From Infosec Mastodon - Without Bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
SQLi and Access Flaws in Zendesk
https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws
Electric Vehicle Charging Infrastructure
https://newsreleases.sandia.gov/ev_security/
2022-11-1605 min
SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Wednesday November 16th, 2022Packet Tuesday; Mastodon Bug; Zendesk SQLi; EV Charger Security; Packet Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp SQLi and Access Flaws in Zendesk https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws Electric Vehicle Charging Infrastructure https://newsreleases.sandia.gov/ev_security/ keywords: packets; packet tuesday; dns; idn; punycode; passwords; mastodon; csp; sqli; zendesk; graphql; ev; chargers
2022-11-1605 min
Le café de l'e-commerce124 - Paris Retail Week 2022 - Retour sur le salon incontournable du e-commerce🎙Épisode 124 : au cœur de l’actualité e-commerce, depuis le salon Paris Retail Week !
🧐 Mais que s’est-il passé cette semaine à la Porte de Versailles ? Pourquoi des publicités pour Amazon Pay ou encore PayPlug ont envahi le 15ème arrondissement de Paris ? Paris Retail Week, 8ème édition. Laetitia et Adrien vous embarquent avec eux dans les allées du salon incontournable de cette rentrée 2022.
❓Quelles conférences fallait-il ne surtout pas manquer ? Quelles sont les tendances émergentes ? Pourquoi on parle de Retail Tech ? Et le métaverse, c’est responsable ou pas ? On vous dit tout ! Enfin, surtout Adrien, qui a essuyé comme...
2022-09-2238 minHack és LángosHnL238 - Very Protected NetworkMai menü:Felmérés szerint az átlag amerikai naponta 6,5 alkalommal lép be gyanús oldalakraKínai hacker keresőKínai UEFI rootkitet találtak Gigabyte és Asus alaplapokon | SecurityWeek.ComHamisított git metaadatokAnti-vax társkereső webhely kitett adatok 3,500 felhasználók keresztül "hibakeresési mód" hiba - A VergeNoMoreRansom születésnapFBI lefoglal $500,000 Ransomware kifizetések és Crypto az észak-koreai hackerektőlAz XSS-sel történő hackelés tisztázásaKezdje el tanulni a biztonságot az SQLi segítségévelElérhetőségeink:TelegramTwitterInstagramFacebookMail: i...
2022-08-051h 06
Redefining CyberSecurityThe Real-World Value Of Telling Stories And The Role Of Visual Art In Ethical Hacking Videos | A Conversation With YouTuber SecAura | Redefining CyberSecurity Podcast With Sean MartinSecAura is an amateur YouTuber whose post I came across caught my attention. SecAura creates free educational videos for ethical hacking and does so while going the extra mile to hand-craft many of the animations used in the videos. All of this is done outside of the 9-5 job SecAura has as a penetration tester. Realizing that the technical subjects needed diagrams and that these elements were a core part of the videos being created, SecAura decided to hand-craft the animations for each of the subjects being prepared, teaching himself all that was required to do so while constantly t...
2022-06-3039 min
Examining42: Educator ToolboxIn this episode, Erik and Kris share a repository of over 400 open education tools. Our co-hosts also discuss recent tech and education news including "the next Google", the pros and cons of using technology to improve education, SQLi vulnerabilities in higher ed institutions, new online learning entrepreneurs, and smartphones vs science. The app of the month is iA Writer.SHOW NOTES:Tools:*Innovations in Scholarly Communication by the University of Utrecht*List of 400 open education tools*TabulaNews articles*DKB: The Next Google*Entrepreneur: 5 edtech trends that will...
2022-05-061h 06
Tech me higherFødevarer i Kina -> om blockchain, plantemad og sikkerhedspolitikKina har sat ambitiøse mål for at reducere deres klimaaftryk. Mål der skal opnås både med kulturelle og teknologiske ændringer. Kineserne skal spise markant mindre kød, og blockchain skal højne fødevaresikkerheden. Mad er nemlig en vigtig brik i Kinas geopolitiske og indenrigspolitiske spil. Til at guide os igennem Kinas fødevare- og tech-scene har vi Peter Lisbygd, direktør i China Experience, med fra det corona-nedlukkede Shanghai. Shownotes: The Future of Food - China Experience report https://drive.google.com/file/d/1D9STxom5RiKevf2rINosXkp0iX...
2022-04-0642 min
The E-Commerce SocietyL'impact de la data dans le secteur du e-commerce post pandémiePrès de deux ans après le début de la crise du Covid-19, une nouvelle ère se dessine : le “new normal”. Que ce soit d’un point de vue économique, social ou encore professionnel, les habitudes prises avant la crise sanitaire se transforment et l’adaptation au changement est devenue incontournable, tant pour les marques que pour les consommateurs. Dans cet épisode nous reviendrons sur les constats réels liés à ces impacts sur les marques et les consommateurs, ainsi que cinq recommandations pour préparer le rebond et performer de façon durable dans cette nouvelle ère...
2022-04-0428 min![Day[0]](https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_nologo400/1589585/1589585-1553556839912-eab6d0a98132a.jpg)
Day[0][bounty] Facebook Exploits, pfSense RCE, and MySQLjs SQLiLinks and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/facebook-exploits-pfsense-rce-and-mysqljs-sqli.html
A few interesting issues you this week, a JS race condition in some auth related code for Facebook, some fake prepared queries, and a RCE through sed commands (in pfSense)
[00:00:56] Remote Code Execution in pfSense (2.5.2 and earlier)
[00:06:13] Finding an Authorization Bypass on my Own Website
[00:17:43] More secure Facebook Canvas Part 2: More Account Takeovers
[00:32:43] The perils of the “real” client IP
The DAY[0] Podcast episodes are streamed live on T...
2022-03-0850 minDay[0]WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Hunting]Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/websocket-hijacking-github-review-bypass-and-sqli-to-rce.html
Just a handful of traditional vulns this week: IDOR, CSRF, SQLi, a logic vuln and zi's boomer side starts to show.
[00:00:18] Remote Chaos Experience
[00:03:30] [Concrete CMS] Stored unauth XSS in calendar event via CSRF
[00:08:47] ‘Websocket Hijacking’ to steal Session_ID of victim users
[00:14:17] IDOR + Account Takeover leads to PII leakage
[00:27:27] Bypassing required reviews using GitHub Actions
[00:33:20] How I Escalated a Time-Based SQL Injection to RCE
2021-10-1945 min
Digital CauseursMon job #05 - Florent démystifie le métier de Concepteur développeurConcepteur développeur. Un métier qui peut en apparence sembler mystique et solitaire... est-ce vraiment le cas ? Florent nous dit tout sur ce métier clé dans le domaine du digital.
Souhaitez-vous le rejoindre et trouver ensemble des solutions créatives ? Retrouvez nos offres d'emploi 👉 https://www.sqli-carrieres.com/
2021-10-1804 minDigital CauseursMon job #04 - Sharaf raconte son quotidien en tant que Chef de Projet mobileConnaissez-vous vraiment le métier de Chef de Projet mobile ? Découvrez-le en 2 minutes avec Sharaf.
Vous avez envie de le rejoindre et de travailler ensemble sur des projets passionnants ? Nous recrutons 👉 https://www.sqli-carrieres.com/
2021-10-0402 min
Podcast OstrapiłaORMy to tylko modaW tym odcinku pochylimy się nad ORMami. Czy obiecywane założenia, które były obiecywane wraz z ich wprowadzeniem tj. bez kosztowe i bezproblemowe wymienianie bazy danych jest faktem czy to tylko mrzonki i w ogóle można by ich się pozbyć z korzyścią dla projektów. A może jednak klepanie SQLi z palca to zamierzchłe czasy i już do nas nie wrócą?
Chrzestni:
Konrad Kokosa
Piotr Karczmarz
Michał Kuliński
Książki:
Stanisław Lem - Maska - https://ebookpoint.pl/view/112736/maska-s...
2021-09-301h 40Digital CauseursMon job #03 - Nizar raconte son quotidien de Practice Leader Content & CollaborationConnaissez-vous le métier de Practice Leader ? Nizar en décrit les contours.
Vous avez envie de rejoindre son équipe et de travailler ensemble sur des projets passionnants ? Nous recrutons ➡ https://www.sqli-carrieres.com/
2021-09-2702 minDigital CauseursMon job #02 - Matthieu décrit son quotidien en tant que Consultant DevOpsEn quoi consiste le métier de Consultant DevOps ? Matthieu témoigne.
Vous avez envie de le rejoindre et de travailler ensemble sur des projets passionnants ? Nous recrutons 👉 paris.recrutement@sqli.com
2021-09-2002 minDigital CauseursMon job #01 - Anne-Clémence raconte son quotidien de Chef de Projet e-CommerceA quoi ressemble le quotidien de Chef de Projet e-Commerce ? Anne-Clémence apporte sa réponse.
Vous avez envie de la rejoindre et de travailler ensemble sur des projets passionnants ? Nous recrutons 👉 https://www.sqli-carrieres.com/
2021-09-1403 min
Commerce ExperienceEpisode 36: The European E-Commerce Climate, with Victor TerpstraThough the impacts of the pandemic have been seen across the globe, it is clear that, while widespread, those impacts were not necessarily equal. One area where this is evident is in the disparity between US and EU/UK e-commerce growth, where increases in the EU and UK lag far behind that of the US. To learn more about the trends and business leader sentiment guiding EU e-commerce strategy through the pandemic and beyond, host Brian Walker speaks to Victor Terpstra, the Chief Commercial Officer at Amsterdam-based digital experience agency SQLI International. Together, they discuss the differences in both consumer...
2021-09-0937 min
Digital CauseursIA #04 - Frédéric raconte comment il a mis ses compétences au profit du monde associatifNous prenons part au programme Share AI de Microsoft, qui met l'IA au service d'entrepreneurs sociaux !
Frédéric, Architecte technique & Consultant Microsoft 365, revient sur le projet qu'il a mené pour soutenir les actions de La Cimade. Venant lui-même du monde associatif, allier intelligence artificielle et aide humanitaire était une évidence.
2021-08-2304 minDigital CauseursIA #03 - Guillaume témoigne de son implication dans le programme Share AI pour combattre les troubles cognitifs chez l'enfantNous prenons part au programme Share AI de Microsoft, qui met l'IA au service d'entrepreneurs sociaux ! Guillaume, Chef de projet Data, témoigne de son accompagnement de la start-up Crocos Go Digital, spécialisée dans la détection des troubles "dys" chez l’enfant, en couplant les tests neuropsychologiques avec une intelligence artificielle.
2021-08-1603 minDigital CauseursIA #02 - Lucette raconte comment l'IA sert l'insertion professionnelle des femmes dans le numériquePartenaire Gold de Microsoft et spécialiste de l'Intelligence Artificielle, c'est tout naturellement que nous nous sommes investis dans 4 projets de son programme Share AI qui met l'intelligence artificielle au service d'entrepreneurs sociaux.
Lucette, Data Scientist en alternance, raconte son engagement auprès de Social Builder, à travers l'amélioration de l'assistant virtuel Adabot, qui guide les utilisatrices dans leurs parcours de reconversion.
Retrouvez par ailleurs son portrait dressé par Microsoft.
2021-08-0804 minDigital CauseursIA #01 - Jonathan explique comment il s'investit dans le programme Share AI de Microsoft pour la bonne causePartenaire Gold de Microsoft et spécialiste de l'Intelligence Artificielle, c'est tout naturellement que nous nous sommes investis dans 4 projets de son programme Share AI qui met l'intelligence artificielle (IA) au service d'entrepreneurs sociaux. Jonathan, Chef de projet, partage son expérience auprès de l'association L'autre Cercle, organisme leader pour l'inclusion et la gestion de la diversité LGBT+ au travail.
2021-07-3003 minDigital CauseursCollaboration #01 - Marie-Pierre et Vahan racontent comment ils ont fait conjuguer leurs expertisesMarie-Pierre, Chef de projet de Bordeaux, et Vahan, Consultant en customer experience de Belgique, ont tous les deux fait conjuguer leurs expertises pour penser et déployer un CRM au sein d'une entreprise internationale agro-alimentaire.
2021-07-2804 min
Tomの入門サイバーセキュリティ!#13 3月17日の情報セキュリティーニュース3月16日の情報セキュリティーニュース
MS、「Exchange脆弱性」の影響を緩和する簡易ツールを公開 - 未修正なら活用を
保管期間中の宿泊台帳が所在不明に - オリックス・ホテルマネジメント
WP向け会員制サイト構築プラグインにSQLi脆弱性
雑談
情報セキュリティ 10 大脅威(個人)について
4位 メールや SMS 等を使った脅迫・詐欺の手口による金銭要求
2021-03-1729 min
Application ParanoiaS2EP5 - AppScan 10.0.4 release, SQLi tips, Accellion FTA exploit and Golf is not green.Colin Bell, Rob Cuddy and Kris Duer bring you another Application Paranoia episode. This episode has guest Panellist Billy Weber helping to navigate through discussions about a bunch of exciting new AppScan features in the recent 10.0.4 release. There are also discussions about St. Patricks day being cancelled in Ireland, Why SQL Injection is still a thing, zero day vulnrabilities in Accellion's file transfer appliance (FTA), MS Exchange email exploits and that Golf is bad for the planet. So basically something for everyone...
2021-03-1648 min
Absolute AppSecEpisode 125: Interviews, SQLi, Concurrency, WordpressSeth and Ken discuss interviewing techniques for technical resources, SQL injection in the media and Github's recent concurrency vulnerability. Also a discussion on recent WordPress plugin vulnerabilities and why they are always so devastating.
2021-03-0900 minDay[0]Industrial Control Fails and a Package disguised in your own supply"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research.
[00:00:59] Florida Water Treatment Facility Hacked
https://twitter.com/Bing_Chris/status/1358873543623274499
[00:09:19] Have a domain name? "Beg bounty" hunters may be on their way
https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way/amp/
[00:20:14] FootFallCam and MetaTechnology Drama
https://twitter.com/_MG_/status/1359582048260743169
[00:28:33] Telegram privacy fails [CVE-2021-27204] [CVE-2021-27205]
https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html
[00:36:43] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
2021-02-171h 44
Refactor (🇫🇷)Philippe Charrière, Senior Technical Account ManagerDécouvrez Philippe Charrière, Senior Technical Account Manager du côté de GitLab. Philippe a 25 ans d'expérience dans la tech, en alternant des roles de technico-commercial, dans la technique, en chefferie de projets, en travaillant même dans de grandes ESN...Après une prépa vétérinaire et une école de commerce, spécialité gestion-finance, il réalise que c'est l'informatique qui l'anime. Sa première expérience professionnelle a été en tant que technico-commercial. Après quelques expériences en tant que chef de projet, consultant, il est recruté chez Astek où il y travaille pendant...
2020-10-211h 04
Refactor (🇫🇷)Philippe Charrière, Senior Technical Account ManagerDécouvrez Philippe Charrière, Senior Technical Account Manager du côté de GitLab. Philippe a 25 ans d'expérience dans la tech, en alternant des roles de technico-commercial, dans la technique, en chefferie de projets, en travaillant même dans de grandes ESN...Après une prépa vétérinaire et une école de commerce, spécialité gestion-finance, il réalise que c'est l'informatique qui l'anime. Sa première expérience professionnelle a été en tant que technico-commercial. Après quelques expériences en tant que chef de projet, consultant, il est recruté chez Astek où il y travaille pendant...
2020-10-211h 04Day[0]Some Discord, a Bad Neighbor and a BleedingToothIt has been a while since we had an exploit extravaganza but here we are. Several binary-level issues from Bad Neighbor on Windows to BleedingTooth on Linux, and several vulns in Qualcomm SoCs, even a Discord RCE.
[00:00:57] Introducing Edge Vulnerability Research
[00:06:57] Cache Partitioning in Chrome
[00:10:29] Magma: A Ground-Truth Fuzzing Benchmark
[00:25:27] "Bits Please!" - CVE-2020-16938
[00:29:50] ContainerDrip [CVE-2020-15157]
[00:40:01] Discord Desktop app RCE
[00:52:34] Time Based SQLi via referrer header
https://www.fedscoop.com/hack-the-army-2-results/
[00:57:35] PyYAML 0day
[01:09:24] Phantom of the ADAS
[01:15:03] Rollback Attack in Mozilla Maintenance Service
[01:19:33] Glitching...
2020-10-212h 16
Le Comptoir Sécu[SECHebdo] 07 octobre 2020 - Publis du Comptoir, Microsoft Digital Defense Report, Hunt Andoid, Zero Trust impos par la Justice, ZeroLogon, Corner Vuln, etc.
2020-10-0700 min
Refactor (🇫🇷)Eric Taix, Développeur SeniorNouvelle rencontre aujourd'hui avec Eric Taix, Architecte/Lead développeur chez Nauticspot à Montpellier.De formation électronique avec un DUT GEII (Génie électrique et informatique industrielle), suivi d'un Master ESISAR (Ecole d'ingénieurs en systèmes embarqués -électronique, automatique et informatique- et en réseaux) en 1992, il se lance dans la programmation chez ESII Média en tant que Team Leader/Développeur. Eric, souhaitant arrêter de faire du client lourd et travailler sur des technologies web, décide de quitter l'entreprise dans un premier temps pour cette raison. Il se tourne vers SOAMAI, en tant que dé...
2020-10-0655 min
Refactor (🇫🇷)Eric Taix, Développeur SeniorNouvelle rencontre aujourd'hui avec Eric Taix, Architecte/Lead développeur chez Nauticspot à Montpellier.De formation électronique avec un DUT GEII (Génie électrique et informatique industrielle), suivi d'un Master ESISAR (Ecole d'ingénieurs en systèmes embarqués -électronique, automatique et informatique- et en réseaux) en 1992, il se lance dans la programmation chez ESII Média en tant que Team Leader/Développeur. Eric, souhaitant arrêter de faire du client lourd et travailler sur des technologies web, décide de quitter l'entreprise dans un premier temps pour cette raison. Il se tourne vers SOAMAI, en tant que dé...
2020-10-0655 minMarketing & Innovation Archives - Marketing and InnovationGrands projets : une informatique raisonnée pour mettre fin au « gâchis »Les grands projets IT ne sont pas un long fleuve tranquille. L’informatique raisonnée », on aurait tout aussi bien pu écrire « raisonnable », est un nouveau concept issu du dernier livre d’Alain Lefebvre, dont le but est justement de réparer les dégâts que l’on constate si souvent autour de ces énormes chantiers informatiques. Les lecteurs qui y auront été mêlés de près ou de loin, nous comprendrons aisément. Nous avons interviewé Alain dans le cadre de notre dossier sur l’environnement de travail du futur. Ceux de nos lecteurs qui le connaissent déjà ne seront...
2020-09-2417 min
7 Minute Security7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches JingleToday's slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only Music and Miscellaneous Awesomeness. To kick things off, I'm super excited to share with you two new security-themed songs for some of my favorite security things! They are: Backdoors and Breaches - my favorite incident response card game. OWASP Juice Shop - my favorite vulnerable Web application. Enjoy! Backdoors and Breaches Backdoors and Breaches I love the way teaches me to think about security controls And their proper...
2020-03-0907 min
Le Talk DécideursSQLI: «Nous sommes entrés en Bourse pendant l’explosion de la bulle internet»Didier Fauque, directeur général de SQLI, est l’invité du Talk Décideurs.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
2020-02-1209 min
Shared Security PodcastPhone and Voice Fraud, Twitter Account Purge, Adobe Magento Marketplace Data BreachIn episode 97 for December 2nd 2019: How to prevent phone and voice fraud, Twitter’s inactive account purge, and the Adobe Magento Marketplace data breach.
** Show notes and links mentioned on the show **
Don’t become a victim of phone and voicemail fraud
https://www.darkreading.com/7-ways-to-hang-up-on-voice-fraud—/d/d-id/1336427
Twitter’s inactive account purge
https://www.cnn.com/2019/11/27/tech/twitter-inactive-account-delete/index.html
https://twitter.com/TwitterSupport/status/1199777313300209664
Adobe Magento Marketplace data breach
https://nakedsecurity.sophos.com/2019/11/29/adobes-magento-marketplace-suffers-data-breach/
https://magento.com/blog/magento...
2019-12-0209 min
Linux Action NewsLinux Action News 130Fedora arrives from the future, the big players line up behind KernelCI, and researchers claim significant vulnerabilities in Horde.
Plus, Google's new dashboard for WordPress and ProtonMail's apps go open source.Support Linux Action NewsLinks:Fedora 31 is officially here! — This release features GNOME 3.34, which brings significant performance enhancements which will be especially noticeable on lower-powered hardware.
Fedora Server brings the latest in cutting-edge open source server software to systems administrators in an easy-to-deploy fashion.Fedora 31 Performance Is Still Sliding In The Wrong DirectionDistributed Linux Testing Platform KernelCI Secures Funding and Long-Term Su...
2019-11-0426 min
Linux Action News VideoLinux Action News 130Fedora arrives from the future, the big players line up behind KernelCI, and researchers claim significant vulnerabilities in Horde.
Plus, Google's new dashboard for WordPress and ProtonMail's apps go open source.Links:Fedora 31 is officially here! — This release features GNOME 3.34, which brings significant performance enhancements which will be especially noticeable on lower-powered hardware.
Fedora Server brings the latest in cutting-edge open source server software to systems administrators in an easy-to-deploy fashion.Fedora 31 Performance Is Still Sliding In The Wrong DirectionDistributed Linux Testing Platform KernelCI Secures Funding and Long-Term Sustainability — "Testing is trad...
2019-11-0300 min
The Application Security PodcastJim Manico -- The Extremely Unabridged History of SQLi and XSSJim Manico joins again to talk about how AppSec has changed over the years and gives us an in-depth look at the history of SQL Injection and XSS. You can find Jim on Twitter @manicodeFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-12-0330 min
Application Security PodCastThe Extremely Unabridged History of SQLi and XSS(S04E19)On this episode, Jim Manico joins again to talk about the ways that AppSec has changed over the years and give us an in-depth look at the history of SQL Injection and XSS. You can find Jim on Twitter @manicode
The post The Extremely Unabridged History of SQLi and XSS(S04E19) appeared first on Security Journey Podcasts.
2018-12-0300 min
BrakeSec Education Podcast2018-042-Election security processes in the state of OhioWhere in the world is Ms. Amanda Berlin? Keynoting hackerconWV Election Security Cuyahoga County: Intro: Jeremy Mio (@cyborg00101 Name? Why are you here? Discussing Ohio does election operations. Walk through the process Pre-Elections Elections Night Post Elections All about the C.I.A. Votes must be confidential Votes must not be compromised (integrity) Voting should be available and without outage...
2018-12-031h 24
Consejero DigitalEl nuevo iPhone, Google y una herramienta de hacking por $200 al mes.Los rumores indican que el nuevo iPhone costaría $1200:
http://www.businessinsider.com/apple-iphone-8-oled-price-john-gruber-2017-7
Precios actuales:
iPhone 7 32 GB: $649
iPhone 7 128 GB: $749
iPhone 7 256 GB: $849
iPhone 7 Plus 32 GB: $769
iPhone 7 Plus 128 GB: $869
iPhone 7 Plus 256 GB: $969
Google paga a investigadores para que escriban informes que les favorecen:
https://consejerodigital.com/google-habria-pagado-a-investigadores-para-que-escriban-reportes-favorables-a-ellos/
Un reportaje del Bloomberg Businessweek reveló que Kasperky Labs, la firma que está detras de uno de los más populares antivirus con más de 400 millones de usuarios ha estado trabajando en conjunto con el servicio de inteligencia ruso FSB.
https://consejerodigital.com/kaspersky-lab-ha-estado-trabajando-con-el-servicio-de-inteligencia-ruso/
Katyusha Scanner es una herramienta de hacking as a...
2017-12-0605 min
Consejero DigitalEpisodio 1: El nuevo iPhone, Google y una herramienta de hacking por $200 al mes.Los rumores indican que el nuevo iPhone costaría $1200:http://www.businessinsider.com/apple-iphone-8-oled-price-john-gruber-2017-7Precios actuales:iPhone 7 32 GB: $649iPhone 7 128 GB: $749iPhone 7 256 GB: $849iPhone 7 Plus 32 GB: $769iPhone 7 Plus 128 GB: $869iPhone 7 Plus 256 GB: $969Google paga a investigadores para que escriban informes que les favorecen:https://consejerodigital.com/google-habria-pagado-a-investigadores-para-que-escriban-reportes-favorables-a-ellos/Un reportaje del Bloomberg Businessweek reveló que Kasperky Labs, la firma que está detras de uno de los más populares antivirus con más de 400 millones de usuarios ha estado trabajando en conjunto con el servicio de inteligencia ruso...
2017-07-1305 min
Consejero DigitalEl nuevo iPhone, Google y una herramienta de hacking por $200 al mesLos rumores indican que el nuevo iPhone costaría $1200:
http://www.businessinsider.com/apple-iphone-8-oled-price-john-gruber-2017-7
Precios actuales:
iPhone 7 32 GB: $649
iPhone 7 128 GB: $749
iPhone 7 256 GB: $849
iPhone 7 Plus 32 GB: $769
iPhone 7 Plus 128 GB: $869
iPhone 7 Plus 256 GB: $969
Google paga a investigadores para que escriban informes que les favorecen:
https://consejerodigital.com/google-habria-pagado-a-investigadores-para-que-escriban-reportes-favorables-a-ellos/
Un reportaje del Bloomberg Businessweek reveló que Kasperky Labs, la firma que está detras de uno de los más populares antivirus con más de 400 millones de usuarios ha estado trabajando en conjunto con el servicio de inteligencia ruso FSB.
https://consejerodigital.com/kaspersky-lab-ha-estado-trabajando-con-el-servicio-de-inteligencia-ruso/
Katyusha Scanner es una herramienta de hacking as a...
2017-07-1300 minUnsupervised LearningUnsupervised Learning: No. 71Half of Android devices haven't been patched in over a year, Tavisclosure, NEST camera flaws, senate vs. privacy, electronics ban, bad Let's Encrypt certs, Moodle SQLi, infosec venture capital drying up, IBM employees heading into the office, Twitter going paid model, Google killing Talk, Quiet spaces, Age of the influencer, AI vs. jobs, tools, aphorisms, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
2017-03-2642 minUnsupervised LearningT1SP: Episode 25 [ Subscribe to the Podcast: iTunes | Android | RSS ] News * [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet * [ ] SSH backdoor found in Fortinet firewalls * [ ] SSH client vulnerability * [ ] Australia’s Cybercrime Online Reporting Network (ACORN) received over 39K reports of criminal activity in 2015 * [ ] Hyatt names 250 hotels hit by malware, includes the one for DerbyCon * [ ] Web sense rebranding as Forepoint, acquires Intel’s firewall business * [ ] Twitter might be ending its 140 character limit * [ ] Major vulns still being found in Health and Fitness mobile apps * [ ] Angl...
2016-01-1926 minBrakeSec Education Podcast2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf!When you receive a #pentest or vuln scan report, we think in terms of #SQLi or #XSS. Take that report to your dev, and she/he sees Egyptian hieroglyphics and we wonder why it's so difficult to get devs to understand.
It's a language barrier folks. They think terms of defects or how something will affect the customer experience. We think in terms of #vulnerabilities, and what caused the issue. We need to find that common ground, and often, that will mean us heading into unfamiliar territory. It doesn't have to be 'us vs. them'. We are...
2015-11-0446 min![DEF CON 23 [Audio] Speeches from the Hacker Convention](http://www.defcon.org/images/defcon-23/dc-23-itunes-logo-Audio.jpg){kind=logo}
DEF CON 23 [Audio] Speeches from the Hacker ConventionJason Haddix - How to Shot Web: Web and mobile hacking in 2015 - 101 TrackMaterials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Jason-Haddix-How-Do-I-shot-Web.pdf
How to Shot Web: Web and mobile hacking in 2015
Jason Haddix Director of Technical Operations, Bugcrowd
2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and 2015 looks like a trendmaker. Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools, and tips make you better at hacking websites and mobile apps to claim those bounties. Convert edge-case vulnerabilities to practical pwnage even on presumably heavily...
2015-09-2200 minBrakeSec Education Podcast2015-040; Defending against HTML 5 vulnerabilitiesLast week, we discussed with Shreeraj Shah about HTML5, how it came into being and the fact that instead of solving OWASP issues, it introduces new and wonderful vulnerabilities, like exploiting locally stored web site info using XSS techniques, and doing SQLI on the new browser WebSQL.
So this week, it's all about defensive techniques that you can use to educate your developers against making mistakes that could get your company's web application on the front page of the news paper.
2015-09-2100 min
Ruby Rogues219 RR Brakeman and Rails Security with Justin Collins02:40 - Justin Collins IntroductionTwitter GitHub BlogBrakeman@brakemanSurveyMonkeyBrakeman Pro@brakemanpro03:40 - Brakeman & Static Analysis 04:02 - Common Security Vulnerabilities (and Definitions)Cross-site ScriptingSQL Injection rails-sqli.orgMass AssignmentOpen Redirects08:57 - The Inspiration for Brakeman09:47 - Getting Brakeman Working (Process)10:41 - Learning About SecurityThe Rails Cheat SheetsThe Open Web Application Security Project (OWASP)The OWASP Top Ten 13:01 - Security and The Rails Core TeamJustin Collins: The World of Ruby on Rails Security @ RailsConf 2015 15:19 - Should Brakeman be integrated into Rails?16:29 - Running Brakeman On Your CI Machineguard-brakeman17:43 - Are there specific types of vulnerabilities that are hard to find with static analysis?19:18 - Rails Engines20...
2015-08-0559 min![DEF CON 22 [Materials] Speeches from the Hacker Convention.](https://www.defcon.org/images/defcon-22/dc-22-itunes-logo-materials.jpg){kind=logo}
DEF CON 22 [Materials] Speeches from the Hacker Convention.Eric (XlogicX) Davisson and Ruben Alejandro (chap0) - Abuse of Blind Automation in Security ToolsSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Davisson-Alejandro/DEFCON-22-Eric-Davisson-Ruben-Alejandro-Abuse-of-Blind-Automation-in-Security-Tools.pdf
Abuse of Blind Automation in Security Tools
Eric (XlogicX) Davisson SECURITY RESEARCHER
Ruben Alejandro (chap0) SECURITY RESEARCHER
It is impossibly overwhelming for security personnel to manually analyze all of the data that comes to them in a meaningful way. Intelligent scripting and automation is key. This talk aims to be a humorous reminder of why the word “intelligent” really matters; your security devices might start doing some stupid things when we feed them.
This talk is about abusing signature dete...
2014-12-1329 min
BrakeSec Education PodcastOWASP Top Ten: Numbers 6 - 10As we wade through the morass of the Infosec swamp, we come across the OWASP 2013 report of web app vulnerabilities. Since Mr. Boettcher and I find ourselves often attempting to explain these kinds of issues to people on the Internet and in our daily lives, we thought it would be prudent to help shed some light on these.
So this week, we discuss the lower of the top 10, the ones that aren't as glamorous or as earth shaking as XSS or SQLI, but are gotchas that will bite thine ass just as hard.
Next week...
2014-06-1645 min
Liquidmatrix Security Digest PodcastLiquidmatrix Security Digest Podcast - Episode 1AEpisode 0x1A -- Happy Holidays Everyone
Upcoming this week...
SCREW THE NEWS!!!!!!!
and then our discussion topic-- Predictions and Prognostication
And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
2012-12-241h 15
InfoSec Daily PodcastInfoSec Daily Podcast Episode 791Episode 791 - 60 Seconds Arrests, .AU Post breached again, .ru cyberspy in Georgia, DDoS & SQLi lead on forums and UK Bank Phishers arrested
2012-11-0143 min