29 avsnitt

Want to learn about all of the latest security tools and techniques? This is the show for you! We show you how to install, configure and use a wide variety of security tools for both offense and defense. Whether you are a penetration tester or defending enterprise networks, this show will help you

Tradecraft Security Weekly (Video) Security Weekly

    • Teknologi

Want to learn about all of the latest security tools and techniques? This is the show for you! We show you how to install, configure and use a wide variety of security tools for both offense and defense. Whether you are a penetration tester or defending enterprise networks, this show will help you

    • video
    Evilginx2 Man-in-the-Middle Attacks - Tradecraft Security Weekly #29

    Evilginx2 Man-in-the-Middle Attacks - Tradecraft Security Weekly #29

    Evilginx2 is a man-in-the-middle framework that can be utilized to intercept credentials including two-factor methods victims utilize when logging in to a web application. Instead of just duplicating the target web application it proxies traffic to it making the experience seamless to the victim. In this episode Ralph May (@ralphte1) joins Beau Bullock to demo Evilginx2. LINKS: https://github.com/kgretzky/evilginx2 https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/

    • 22 min
    • video
    Black Hat & DEF CON 2018 - Tradecraft Security Weekly #28

    Black Hat & DEF CON 2018 - Tradecraft Security Weekly #28

    This is the Hacker Summer Camp 2018 edition of Tradecraft Security Weekly. In this week's episode Beau Bullock (@dafthack) talks about some of the more interesting items he saw come out of the Black Hat and DEF CON conferences this year.
    For Show Links: https://wiki.securityweekly.com/TS_Episode28

    • 14 min
    • video
    PXE Boot Attacks - Tradecraft Security Weekly #27

    PXE Boot Attacks - Tradecraft Security Weekly #27

    Network administrators often utilize Pre-boot Execution Environment (PXE) to rapidly deploy new systems on a network easily. Golden system images can be created with all the software and settings already in place for new systems. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses some of the potential attack vectors surrounding PXE boot deployments.
    Full Show Notes: https://wiki.securityweekly.com/TS_Episode27

    • 18 min
    • video
    OSINT & External Recon Pt. 2: Contact Discovery - Tradecraft Security Weekly #26

    OSINT & External Recon Pt. 2: Contact Discovery - Tradecraft Security Weekly #26

    During the reconnaissance phase of a penetration test being able to discover employee names and email addresses of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source techniques and tools it is possible to enumerate employee names and email addresses at an organization. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses some of the tools and techniques that can be used to do this. Full Show Notes: https://wiki.securityweekly.com/TS_Episode26

    • 12 min
    • video
    Phishing 2FA Tokens with CredSniper - Tradecraft Security Weekly #25

    Phishing 2FA Tokens with CredSniper - Tradecraft Security Weekly #25

    Organizations are implementing two-factor on more and more web services. The traditional methods for phishing credentials is no longer good enough to gain access to user accounts if 2FA is setup. In this episode Mike Felch (@ustayready) and Beau Bullock (@dafthack) demonstrate a tool that Mike wrote called CredSniper that assists in cloning portals for harvesting two-factor tokens.
    Links: https://github.com/ustayready/CredSniper

    • 19 min
    • video
    Evading Network-Based Detection Mechanisms - Tradecraft Security Weekly #24

    Evading Network-Based Detection Mechanisms - Tradecraft Security Weekly #24

    In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pentesting tools like Nmap when no evasion options are used. Additionally, companies are doing a better job at detecting and blocking IP addresses performing password attacks. Proxycannon is a tool that allows pentesters to spin up multiple servers to proxy attempts through to bypass some of these detection mechanisms.
    Links:
    Nmap Evasion Options - https://nmap.org/book/man-bypass-firewalls-ids.html
    ProxyCannon - https://www.shellntel.com/blog/2016/1/14/update-to-proxycannon

    • 19 min

Mest populära podcaster inom Teknologi

Andra som lyssnade prenumererar på