martes, 30 de junio de 2020

Top 15 Hacker Blog list for Hackers 2018

  1. Black Hat: The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
  2. Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  3. Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  4. The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  5. HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  6. Phrack Magazine: Digital hacking magazine.
  7. SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
  8. Offensive Security Training: Developers of Kali Linux and Exploit DB, and the creators of the Metasploit Unleashed and Penetration Testing with Kali Linux course.
  9. KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  10. Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
  11. Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  12. DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
  13. Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
  14. NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
  15. SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Publicado por en No hay comentarios:

jueves, 11 de junio de 2020

Bypass Hardware Firewalls

This is just a collection of links about my DEF CON 22 presentation, and the two tools I released:

Slides:
http://www.slideshare.net/bz98/defcon-22-bypass-firewalls-application-white-lists-secure-remote-desktops-in-20-seconds

Tools:
https://github.com/MRGEffitas/Write-into-screen
https://github.com/MRGEffitas/hwfwbypass

Presentation video from Hacktivity:
https://www.youtube.com/watch?v=KPJBckmhtZ8

Technical blog post:
https://blog.mrg-effitas.com/bypass-hardware-firewalls-def-con-22/

Have fun!




More articles
  1. Hacking Websites
  2. Pentest With Kali Linux
  3. Hacking Games Online
  4. Pentest News
  5. Pentest With Metasploit
  6. Pentest Reporting Tool
Publicado por en No hay comentarios:

DOWNLOAD NANOCORE RAT 1.2.2.0 CRACKED – REMOTE ADMINISTRATION TOOL

NanoCore is one of the most powerful RATs ever created. It is capable of taking complete control of a victim's machine. It allows a user to control the system with a Graphical User Interface (GUI). It has many features which allow a user to access remote computer as an administrator. Download nanocore rat 1.2.2.0 cracked version free of cost.
NanoCore's developer was arrested by FBI and pleaded guilty in 2017 for developing such a malicious privacy threat, and sentenced 33 months in prison.

FEATURES

  • Complete Stealth Remote Control
  • Recover Passwords from the Victim Device
  • Manage Networks
  • Manage Files
  • Surveillance
  • Plugins (To take it to the next level)
  • Many advanced features like SCRIPTING

DOWNLOAD NANOCORE RAT 1.2.2.0 CRACKED – REMOTE ADMINISTRATION TOOL

Related news


Publicado por en No hay comentarios:

Hackable - Secret Hacker | Vulnerable Web Application Server

More info
  1. Pentest Questions
  2. Pentest Azure
  3. How To Pentest A Website With Kali
  4. Hacker Software
  5. Hacking Wifi
  6. Pentestmonkey
  7. Pentest Smtp
  8. Pentest Basics
  9. Hacking Script
  10. Hacking Lab
  11. Hacking Gif
  12. How To Pentest A Website With Kali
  13. Pentest Free
  14. Pentest Certification
  15. Pentest Wordpress
  16. Hacking Network
Publicado por en No hay comentarios:

DSploit

DSploit

After playing with the applications installed on the Pwn Pad, I found that the most important application (at least for me) was missing from the pre-installed apps. Namely, DSploit. Although DSploit has tons of features, I really liked the multiprotocol password sniffing (same as dsniff) and the session hijacking functionality.

The DSploit APK in the Play Store was not working for me, but the latest nightly on http://dsploit.net worked like a charm.

Most features require that you and your target uses the same WiFi network, and that's it. It can be Open, WEP, WPA/WPA2 Personal. On all of these networks, DSploit will sniff the passwords - because of the active attacks. E.g. a lot of email clients still use IMAP with clear text passwords, or some webmails, etc. 

First, DSploit lists the AP and the known devices on the network. In this case, I chose one victim client.


In the following submenu, there are tons of options, but the best features are in the MITM section. 


Stealthiness warning: in some cases, I received the following popup on the victim Windows:


This is what we have under the MITM submenu:


Password sniffing

For example, let's start with the Password Sniffer. It is the same as EvilAP and DSniff in my previous post. With the same results for the popular Hungarian webmail with the default secure login checkbox turned off. Don't forget, this is not an Open WiFi network, but one with WPA2 protection!


Session hijack

Now let's assume that the victim is very security-aware and he checks the secure login checkbox. Another cause can be that the victim already logged in, long before we started to attack. The session hijacking function is similar to the Firesheep tool, but it works with every website where the session cookies are sent in clear text, and there is no need for any additional support.

In a session hijacking attack (also called "sidejacking"), after the victim browser sends the authentication cookies in clear text, DSploit copies these cookies into its own browser, and opens the website with the same cookies, which results in successful login most of the time. Let's see session hijacking in action!

Here, we can see that the session cookies have been sniffed from the air:


Let's select that session, and be amazed that we logged into the user's webmail session.




Redirect traffic

This feature can be used both for fun or profit. For fun, you can redirect all the victim traffic to http://www.kittenwar.com/. For-profit, you can redirect your victim to phishing pages.


Replace images, videos

I think this is just for fun here. Endless Rick Rolling possibilities.


Script injection

This is mostly for profit. client-side injection, drive-by-exploits, endless possibilities.

Custom filter

If you are familiar with ettercap, this has similar functionalities (but dumber), with string or regex replacements. E.g. you can replace the news, stock prices, which pizza the victim ordered, etc. If you know more fun stuff here, please leave a comment (only HTTP scenario - e.g. attacking Facebook won't work).

Additional fun (not in DSploit) - SSLStrip 

From the MITM section of DSploit, I really miss the SSLStrip functionality. Luckily, it is built into the Pwn Pad. With the help of SSLStrip, we can remove the references to HTTPS links in the clear text HTTP traffic, and replace those with HTTP. So even if the user checks the secure login checkbox at freemail.hu, the password will be sent in clear text - thus it can be sniffed with DSniff.

HTML source on the client-side without SSLstrip:


HTML source on the client-side with SSL strip:


With EvilAP, SSLStrip, and DSniff, the password can be stolen. No hacking skillz needed.

Lessons learned here

If you are a website operator where you allow your users to login, always:
  1. Use HTTPS with a trusted certificate, and redirect all unencrypted traffic to HTTPS ASAP
  2. Mark the session cookies with the secure flag
  3. Use HSTS to prevent SSLStrip attacks
If you are a user:
  1. Don't trust sites with your confidential data if the above points are not fixed. Choose a more secure alternative
  2. Use HTTPS everywhere plugin
  3. For improved security, use VPN
Because hacking has never been so easy before.
And last but not least, if you like the DSploit project, don't forget to donate them!

Related word


  1. Pentest Nmap
  2. Pentestmonkey Sql Injection
  3. Hackintosh
  4. Pentesterlab
  5. Pentest Gear
  6. Pentest Tutorial
  7. Pentest Example Report
  8. Pentest Wifi
Publicado por en No hay comentarios:

miércoles, 10 de junio de 2020

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

More info

  1. Pentest Certification
  2. Pentest Jobs
  3. Pentest Documentation
  4. Pentest Open Source
  5. Hacker Prank
  6. Pentest Uk
  7. Hacker Computer
  8. Hackerx
  9. Hacking Simulator
  10. Hacker Tools
  11. Hacker Videos
  12. Pentest Wifi
  13. Pentest Checklist
  14. Pentest Process
Publicado por en No hay comentarios:

Web Hacking Video Series #4 MySQL Part 2 (Injection And Coding)

Video Lesson Topics:

  1. Setting up your victim application, databases and lab
  2. Attacking a simple injection with information Schema
  3. Automating your injections with python and beautiful soup
  4. Dealing with various web encoding in Python and PHP
  5. Bypassing LoadFile Size restrictions and automating it
  6. Decrypting sensitive data via PHP and Python interactions
  7. As always me rambling about stupid nonsense :P FTW

Part 2 of Mysql covers the topic of injecting a simple SQL injection example. Starts out slow then combines techniques and moves into more advanced topics. Prior to attempting this lesson make sure you have watched the videos in the previous blog or understand both SQL and basic python coding. I will show how to automate the injection process via python utilizing simple HTML processing abilities of beautiful soup.  I will cover many python libraries for encoding data and calling web based applications. I also talk about how to deal with encrypted data and methods of enumerating files and folders looking for possible implementation issues and attack points to decrypt sensitive data via PHP/Python interaction with whats available on the server. This is the 2nd part of a 3 part series on MySQL for attacking web applications.

Files Needed:
Lab Files
BT5

Video Lesson:

Whats Next:
PHP source code analysis
Recoding PHP applications to fix SQLi

Continue reading


Publicado por en No hay comentarios:

Tricks To Bypass Device Control Protection Solutions

Preface

As I wrote in a previous blog post, I had an engagement last year where my task was to exfiltrate data from a workstation on some sort of storage media. The twist in that task was Lumension Sanctuary Device Control, and the version was 4.3.2, but I am not sure how newer version work and this seems to be a more general problem with device control solution, for example with Symantec products.

But what is a device control solution? In short, they audit I/O device use and block the attempts to use unauthorized devices. This includes hardware such as USB, PS/2, FireWire, CD/DVD so basically every I/O port of a computer. In my opinion, these are pretty good things and they offer a better looking solution than de-soldering the I/O ports from the motherboards or hot-gluing them, but on the other hand, they can be bypassed.

Bypass

OK, so what is the problem? Well the way these device control solutions work is that they load a few kernel drivers to monitor the physical ports of the machine. However... when you boot up the protected computer in safe mode, depending on the device control solution software, some of these drivers are not loaded (or if you are lucky, none of those modules will be loaded...) and this opens up the possibility to exfiltrate data.

In theory, if you have admin (SYSTEM maybe?) privileges, you might as well try to unload the kernel drivers. Just do not forget, that these device control solutions also have a watchdog process, that checks the driver and automatically loads it back if it is unloaded, so look for that process and stop or suspend it first.

In my case with the Lumension Sanctuary Device Control, I have found that when I boot the Workstation protected by the device control software in Safe Mode where, software's key logger protection module is not running... so I was still unable to use a USB stick, or a storage media, but I could plug in a keyboard for example...hmmm :)

As some of you probably already figured it out, now it is possible to use a pre-programmed USB HID, for example a Teensy! : ) I know about three different project, that uses this trick like these two mentioned in a Hackaday post, or this one. Unfortunately, the site ob-security.info no longer seems to be available (well, at least it is no longer related to infosec :D ), but you can still find the blog post and the files with the Wayback Machine.

For the hardware part, the wiring of the Teensy and the SD card adaptor is the same as I showed in the post on Making a USB flash drive HW Trojan or in the Binary deployment with VBScript, PowerShell or .Net csc.exe compiler post, so I will not copy it here again.

I have to note here that there are other ways to bypass these device control solutions, like the method what Dr. Phil Polstra did with the USB Impersonator, which is basically looks for an authorized device VID/PID and then  impersonates that devices with the VID/PID.

Mitigation

Most probably, you will not need safe mode for the users, so you can just disable it... I mean, it is not that easy, but luckily there is a great blog post on how to do that. BTW, the first page of the post is for Windows XP, but you are not using XP anymore, aren't you? ;)

Alternatively, as I mentioned at the beginning, you might as well use some physical countermeasure (de-soldering/hot-gluing ports). That shit is ugly, but it kinda works.

Conclusion

Next time you will face a device control solution, try out these tricks, maybe they will work, and if they do, well, that's a lot of fun. :)

But don't get me wrong, these device control solutions and similar countermeasures are a good thing and you should use something like this! I know that they make doing business a bit harder as you are not able to plugin whatever USB stick you want, but if you buy a pile of hardware encrypted flash drives, and only allow  those to be plugged in, you are doing it right ;)

Continue reading


Publicado por en No hay comentarios:

Ransomware.OSX.KeRanger Samples


Research: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer by Claud Xiao

Sample credit: Claud Xiao


File information

d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 
1d6297e2427f1d00a5b355d6d50809cb 
Transmission-2.90.dmg

e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574 
56b1d956112b0b7bd3e44f20cf1f2c19 
Transmission

31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9
14a4df1df622562b3bf5bc9a94e6a783 
General.rtf

d7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5 
24a8f01cfdc4228b4fc9bb87fedf6eb7 
Transmission2.90.dmg

ddc3dbee2a8ea9d8ed93f0843400653a89350612f2914868485476a847c6484a
3151d9a085d14508fa9f10d48afc7016 
Transmission

6061a554f5997a43c91f49f8aaf40c80a3f547fc6187bee57cd5573641fcf153 
861c3da2bbce6c09eda2709c8994f34c 
General.rtf



Download
More info

Publicado por en No hay comentarios:

martes, 9 de junio de 2020

Social Engineering Pentest Professional(SEPP) Training Review

Intro:
I recently returned from the new Social Engineering training provided by Social-Engineer.org in the beautiful city of Seattle,WA, a state known for sparkly vampires, music and coffee shop culture.  As many of you reading this article, i also read the authors definitive book Social Engineering- The art of human hacking and routinely perform SE engagements for my clients. When i heard that the author of the aforementioned book was providing training i immediately signed up to get an in person glance at the content provided in the book. However, i was pleasantly surprised to find the course covered so much more then what was presented in the book.

Instructors:



I wasn't aware that there would be more then one instructor and was extremely happy with the content provided by both instructors. Chris and Robin both have a vast amount of knowledge and experience in the realm of social engineering.  Each instructor brought a different angle and use case scenario to the course content. Robin is an FBI agent in charge of behavioral analysis and uses social engineering in his daily life and work to get the results needed to keep our country safe. Chris uses social engineering in his daily work to help keep his clients secure and provides all sorts of free learning material to the information security community through podcasts and online frameworks.



Course Material and Expectation: 
I originally thought that the material covered in class would be a live reiteration of the material covered in Chris's book. However, I couldn't have been more wrong !!  The whole first day was about reading yourself and other people, much of the material was what Robin uses to train FBI agents in eliciting information from possible terrorist threats. Each learning module was based on live demo's, nightly labs, and constant classroom interaction. Each module was in depth and the level of interaction between students was extremely useful and friendly. I would say the instructors had as much fun as the students learning and sharing social techniques and war stories.
The class was heavily made up of ways to elicit personal and confidential information in a way that left the individuatial "Happier for having met you".  Using language, body posture and social truisms as your weapon to gather information, not intended for your ears, but happily leaving the tongue of your target.
Other class activities and materials included an in depth look at micro expressions with labs and free extended learning material going beyond the allotted classroom days.  Also break out sessions which focused on creating Phone and Phishing scripts to effectively raise your rate of success. These sessions were invaluable at learning to use proper language techniques on the phone and in email to obtain your objectives.

Nightly Missions/Labs: 
If you think that you are going to relax at night with a beer. Think again!! You must ensure that your nights are free, as you will be going on missions to gain information from live targets at venues of your choice.  Each night you will have a partner and a mission to gain certain information while making that persons day better then it started.  The information  you are requested to obtain will change each night and if done properly you will notice all of the material in class starting to unfold.. When you get to body language training you will notice which targets are open and when its best to go in for the kill. You will see interactions change based on a persons change in posture and facial expressions. Each day you will take the new techniques you have learned and put them into practice. Each morning you have to report your findings to the class..
During my nightly labs i obtained information such as door codes to secured research facilities, information regarding secret yet to be released projects.  On the lighter side of things i obtained much personal information from my targets along with phone numbers and invitations for further hangouts and events. I made many new friends inside and outside of class.
There were also labs within the confines of the classroom such as games used to solidify your knowledge and tests to figure out what kind of learner you are. Technical labs on the use of information gathering tools and ways to use phone and phishing techniques to your advantage via linguistically and technologically. Essentially the class was about 60% interaction and labs.


Proof it works:
After class i immediately had a phishing and phone based contract at my current employment. I used the email and phone scripts that we created in class with 100% click rate and 100% success in phone elicitation techniques. Gaining full unfettered access to networks through phone and email elicitation and interaction. Although I do generally have a decent SE success rate, my rates on return are now much higher and an understanding of what works and what doesn't, and why are much more refined.


Conclusion and Certification:
I paid for this class out of pocket, including all expenses, hotels, rentals cars and planes etc etc. I would say that the class was worth every penny in which i paid for it. Many extras were given including black hat passes, extended training from notable sources and continued interaction from instructors after class ended. I would highly recommend this class to anyone looking for a solid foundation in social engineering or a non technical alternative to training.  You will learn a lot, push yourself in new ways and have a blast doing it. However I did not see any sparkly vampires while in seattle.... Twilight lied to me LOL
The certification is a 48 hour test in which you will utilize your knowledge gained technologically and socially to breach a company.I am not going to give away to much information about the certification as i haven't taken it yet and I do not want to misspeak on the subject. However I will say that social-engineer.org has done an excellent job at figuring out a way to include Real World Social Engineering into a test with verifiable proof of results. I am going to take my test in a couple weeks and it should be a blast!!!

Thanks and I hope this review is helpful to all those looking for SE training.  I had a blast :) :)
Related links

Publicado por en No hay comentarios:

DOWNLOAD OCTOSNIFF 2.0.3 FULL VERSION – PLAYSTATION AND XBOX IP SNIFFER

OctoSniff is a network research tool that allows you to determine information about all the other players you're playing with. It is compatible with PS, XBox 360 and XBox One. It has many other features that make it a great sniffing tool. Some people think it might be a tool like Wireshark or Cain n Abel. No, it's not a tool like that. It simply sniffs players that let you know who's really playing. Download OctoSniff 2.0.3 full version. It's only for educational purposes to use.

FEATURES

  • VPN Optimized
  • Supports Wireless & Wired Spoofing
  • Detects Geo IP and Complete Location
  • Searches Usernames of Players in the Lobby
  • Really easy to setup

DOWNLOAD OCTOSNIFF 2.0.3 FULL VERSION

Continue reading
  1. Pentest Firewall
  2. Pentest Training
  3. Hacker Anonymous
  4. Pentest Ftp
  5. Pentest Windows 7
  6. Pentest Documentation
  7. Pentest Online Course
  8. Hacking Health
Publicado por en No hay comentarios:

Kali Linux 2018.3 Release - Penetration Testing And Ethical Hacking Linux Distribution



Kali 2018.3 brings the kernel up to version 4.17.0 and while 4.17.0 did not introduce many changes, 4.16.0 had a huge number of additions and improvements including more Spectre and Meltdown fixes, improved power management, and better GPU support.

New Tools and Tool Upgrades

Since our last release, we have added a number of new tools to the repositories, including:
  • idb – An iOS research / penetration testing tool
  • gdb-peda – Python Exploit Development Assistance for GDB
  • datasploit – OSINT Framework to perform various recon techniques
  • kerberoast – Kerberos assessment tools

In addition to these new packages, we have also upgraded a number of tools in our repos including aircrack-ng, burpsuite, openvas,wifite, and wpscan.
For the complete list of updates, fixes, and additions, please refer to the Kali Bug Tracker Changelog.

Download Kali Linux 2018.3


If you would like to check out this latest and greatest Kali release, you can find download links for ISOs and Torrents on the Kali Downloads page along with links to the Offensive Security virtual machine and ARM images, which have also been updated to 2018.3. If you already have a Kali installation you're happy with, you can easily upgrade in place as follows.
root@kali:~# apt update && apt -y full-upgrade
If you come across any bugs in Kali, please open a report on our bug tracker. It's more than a little challenging to fix what we don't know about.

Making sure you are up-to-date


To double check your version, first make sure your network repositories is enabled.
root@kali:~# cat</etc/apt/sources.list
deb http://http.kali.org/kali kali-rolling main non-free contrib
EOF
root@kali:~#

Then after running apt -y full-upgrade, you may require a reboot before checking:
root@kali:~# grep VERSION /etc/os-release
VERSION="2018.3"
VERSION_ID="2018.3"
root@kali:~#



Read more

  1. Pentest Blog
  2. Pentestgeek
  3. Basic Pentest 1 Walkthrough
  4. Hacking Page
  5. Pentest Aws
  6. Pentest App
  7. Pentest Free
  8. Pentestbox
  9. Hacking Simulator
  10. Hacker Attack
  11. Pentesting
  12. Pentest Web Application
  13. Hacking With Linux
  14. Pentest Tools Github
  15. Pentest Tools Github
  16. Hacking Site
  17. Pentest Os
Publicado por en No hay comentarios:

lunes, 8 de junio de 2020

Las 50 "Mejores" Conferencias De Chema Alonso @Chemaalonso

Ayer no llegué a publicar el post de El lado del mal, pero no es porque no estuviera trabajando. Estuve trabajando y mucho desde muy temprano, que es cuando más disfruto yo de ciclos de computación de calidad en mi CPU, pero cuando pude acabar con el trabajo que me había puesto se me había hecho muy tarde, así que decidí dejar para hoy la publicación del post.

Figura 1: Las 50 "mejores" conferencias de Chema Alonso

No llegué a tiempo a publicar el post, pero sí que hice el trabajo que me había propuesto, que no era otro que hacer una lista de "Las 50 mejores conferencias de Chema Alonso" en mi Canal Youtube, de esas que me gustan a mí y a mi mamá, y que dejé publicado.
No están todas las charlas, y alguna que he dejado fuera por ahora porque había decidido que solo fueran 40 los vídeos que tenían que estar, pero a lo mejor los cambio con el tiempo. Tampoco las he ordenado por ahora en un orden temático o especial, pero puede que lo haga en el futuro. Y también puede que luego haga una lista del Top 10, y lo mismo hago que esta lista de 50 acaba siendo de 10. Ya veremos. 

Figura 3: Las 50 mejores conferencias de Chema Alonso

Lo que sí es cierto es que ahora tienes esa lista con las 50 charlas que he elegido - y hay algunas de 3 minutos, otras de 5 minutos y otras de más de una hora -, pero si quieres verte "La Serie Completa", tienes temporada a temporada, todas las series ordenadas cronológicamente en listas. Los vídeos de charlas comienzan en el año 2007 - no he conseguido vídeos anteriores - donde está la primera charla de LDAP Injection & Blind LDAP Injection y un Webcast de ISA Server 2006.  Y así hasta 2020 con la charla de Gremlin Botnets y las que vaya a dar este año.















También tengo otras listas para entrevistas a cosas temáticas, y los vídeos que usamos en los artículos, y otros vídeos con explicaciones puntuales, pero subido al escenario dando charlas, tienes todo el material que he sido capaz de recuperar en esas listas, para que encuentres la charla que quieres ver.

Saludos Malignos!

Autor: Chema Alonso (Contactar con Chema Alonso)

Sigue Un informático en el lado del mal RSS 0xWord

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
Read more
  1. Pentest Ios
  2. Pentest Example Report
  3. Pentestmonkey Sql Injection
  4. Pentest Standard
  5. Pentest Basics
  6. Pentest Website
  7. Pentest Documentation
  8. Pentest Aws
  9. Pentest Report
  10. Pentest Certification
  11. Pentest News
  12. Pentest Meaning
  13. Hacking Google
  14. Pentest Security
  15. Pentest Checklist
  16. Pentest Box
  17. Hacking Names
Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)