🖥 سری ویدیو های اموزشی متخصص متاسپلویت

🎥28-حملات سمت کاربر در متاسپلویت


👨‍💻مدرس : میلاد کهساری الهادی
🧬لینک ویدیو:
https://youtu.be/gQ6yxHRr2_c

🔝 @InfoSecTube
🖥 youtube.com/c/InfoSecTube
🍁 instagram.com/info_sec_tube

🔸gitlab-subdomains
Find subdomains on GitLab
🕸
https://github.com/gwen001/gitlab-subdomains


🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

Psiphon

ویندوز اندروید
فیلترشکن سایفون
چندروزی هست که دوباره کانکت میشه


وبسایت رسمی
https://psiphon.ca/

لینک دانلود ویندوز
https://psiphon.ca/psiphon3.exe

لینک دانلود اندروید
https://psiphon.ca/PsiphonAndroid.apk

یا به [email protected]
ایمیل خالی بزنید
برای دانلود به بات رسمی سایفون فارسی برید
@Psiphon_FA_Bot

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

استگانوگرافی چیست؟

استگانوگرافی علم نوشتن پیام های پنهان است به گونه ای که هیچ کس به جز فرستنده و گیرنده مورد نظر حتی متوجه وجود یک پیام پنهان نمی شود.


Steganography Tools
یک سرویس آنلاین است که همین کار را انجام می دهد، اما برای استفاده از آن نیازی به مهارت های کنسول نیست. قادر به مخفی کردن متن نه تنها در یک تصویر، بلکه در یک فایل صوتی.

برای مخفی کردن داده ها:
1. روی "Encode an image" کلیک کنید.
2. فایل jpeg، .wav یا .au مورد نظر را انتخاب کنید.
3. یک رمز عبور برای رمزگشایی تنظیم کنید.
4. متن مخفی را وارد کنید یا کل فایل را آپلود کنید و روی «ارسال» ضربه بزنید.

برای رمزگشایی فایل به دست آمده، به تب "Decode an image" بروید و از رمز عبور رمزگشایی که قبلا تنظیم شده است استفاده کنید.
https://futureboy.us/stegano/

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#interview #Cybersecurity

🔶What is buffer overflow with example?

In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information.

A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.

Most of the time, a buffer overflow raises a memory access violation, causing the application where the overflow occurred to crash. Successful exploitation of an overflow by an attacker can allow arbitrary code execution which can lead to malware installation.

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#Cybersecurity #interview

🔶What are the different types of buffer overflow attacks?

🔸Stack overflow attack - This is the most common type of buffer overflow attack and involves overflowing a buffer on the call stack*.

🔸Heap overflow attack - This type of attack targets data in the open memory pool known as the heap*.

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#interview #Cybersecurity

🔶How to protect against buffer overflow attacks?

Luckily, modern operating systems have runtime protections which help mitigate buffer overflow attacks. Let’s explore 2 common protections that help mitigate the risk of exploitation:

🔸Address space randomization - Randomly rearranges the address space locations of key data areas of a process. Buffer overflow attacks generally rely on knowing the exact location of important executable code, randomization of address spaces makes that nearly impossible.

🔸Data execution prevention - Marks certain areas of memory either executable or non-executable, preventing an exploit from running code found in a non-executable area.

Software developers can also take precautions against buffer overflow vulnerabilities by writing in languages that have built-in protections or using special security procedures in their code.

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#interview #Cybersecurity

🔶Who is vulnerable to buffer overflow attacks?

Certain coding languages are more susceptible to buffer overflow than others. C and C++ are two popular languages with high vulnerability, since they contain no built-in protections against accessing or overwriting data in their memory. Windows, Mac OSX, and Linux all contain code written in one or both of these languages.

More modern languages like Java, PERL, and C# have built-in features that help reduce the chances of buffer overflow, but cannot prevent it altogether.

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#interview #Cybersecurity

🔶How do attackers exploit buffer overflows?
An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.

For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.

useful link

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#interview #Cybersecurity

🔶How do attackers exploit buffer overflows?
An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.

For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.

useful link 1
useful link 2

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

🔺دستاوردی در سرعت اینترنت

🔹طبق جدیدترین گزارش وب سایت SpeedTest سرعت اینترنت ثابت ایران ۳ پله سقوط کرده است

🔹۳ کشور تانزانیا، گینه نو و نیجریه حالا در رده‌بندی ، بالای ایران هستند!


🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#interview #Cybersecurity

🔶Google Chrome V8 Memory Corruption Vulnerability

Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user’s browser.

The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as “insufficient data validation in V8” but is keeping other details close to its vest.

However, Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn’t allow attackers to escape the sandbox where Chrome runs, meaning attackers can’t reach any of the other program, data and applications on the computer. Thus, CVE-2021-21227 would need to be chained with another vulnerability in order to successfully wreak havoc on a target’s machine beyond the browser itself.

The researcher that his discovery is related to prior, now-patched V8 vulnerabilities ( CVE-2020-16040 and CVE-2020-15965). The first allows a remote attacker to exploit heap corruption if a user visits, or is redirected to, a specially crafted web page. The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.

Meanwhile, according to another report , the implications of an attack using the bug depends on the privileges associated with the application: In the worst-case scenario, an attacker could view, change or delete data.

And, if someone has turned off sandboxing, all bets are off.

Google recently patched a zero-day in Chrome (link). That was another V8 issue that allowed RCE inside the browser app (but not sandbox escape).

An important mindset derives from this bug is that "Many V8 vulnerabilities exploited by real-world attackers are effectively 2nd order vulnerabilities: the root-cause is often a logic issue in one of the JIT compilers, which can then be exploited to generate vulnerable machine code (e.g. code that is missing a runtime safety check). The generated code can then in turn be exploited to cause memory corruption at runtime." Therefore, all vulnerabilities have their own importance in a real-world attack scenario.

Reference link

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

Successful exploitation may allow execution of arbitrary code.

#interview #Cybersecurity

🔶What is heap based overflow?

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


heap overflow happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data.

🔘Simple Example
🔘Types of Heap overflow

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

#interview #Cybersecurity

🔶Packet Traveling - How Packets Move Through a Network


⛓ link

🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube

🖥 سری ویدیو های دوره مبانی امنیت وب

🎥 25-تحلیل ترافیک https

👨‍💻مدرس : پویا حیدرابادی

📜لینک ویدیو:

https://youtu.be/yaAHVUrdowA

🔉@infosectube
📌youtube channel
☣️instagram pageا

✅ Realtime Number Plate Detection using Yolov7 – Easiest Explanation

✳️ YOLOv7 is the new state-of-the-art real-time object detection model. In this blog, we will see the step-by-step guide to Train YOLOv7 on custom dataset.

✅ Blog

✳️ Dataset_1
✳️ Dataset_2

🔉@infosectube
📌youtube channel
☣️instagram pageا