#interview #Cybersecurity
🔶Who is vulnerable to buffer overflow attacks?
Certain coding languages are more susceptible to buffer overflow than others. C and C++ are two popular languages with high vulnerability, since they contain no built-in protections against accessing or overwriting data in their memory. Windows, Mac OSX, and Linux all contain code written in one or both of these languages.
More modern languages like Java, PERL, and C# have built-in features that help reduce the chances of buffer overflow, but cannot prevent it altogether.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶Who is vulnerable to buffer overflow attacks?
Certain coding languages are more susceptible to buffer overflow than others. C and C++ are two popular languages with high vulnerability, since they contain no built-in protections against accessing or overwriting data in their memory. Windows, Mac OSX, and Linux all contain code written in one or both of these languages.
More modern languages like Java, PERL, and C# have built-in features that help reduce the chances of buffer overflow, but cannot prevent it altogether.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
#interview #Cybersecurity
🔶How do attackers exploit buffer overflows?
An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.
For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.
useful link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶How do attackers exploit buffer overflows?
An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.
For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.
useful link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
YouTube
The Call Stack and Stack Overflows (example in C)
Patreon ➤ https://www.patreon.com/jacobsorber
Courses ➤ https://jacobsorber.thinkific.com
Website ➤ https://www.jacobsorber.com
---
The Call Stack and Stack Overflows (example in C) // Students usually hear about the stack early on, but many don't really…
Courses ➤ https://jacobsorber.thinkific.com
Website ➤ https://www.jacobsorber.com
---
The Call Stack and Stack Overflows (example in C) // Students usually hear about the stack early on, but many don't really…
#interview #Cybersecurity
🔶How do attackers exploit buffer overflows?
An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.
For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.
useful link 1
useful link 2
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶How do attackers exploit buffer overflows?
An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.
For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.
useful link 1
useful link 2
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔺دستاوردی در سرعت اینترنت
🔹طبق جدیدترین گزارش وب سایت SpeedTest سرعت اینترنت ثابت ایران ۳ پله سقوط کرده است
🔹۳ کشور تانزانیا، گینه نو و نیجریه حالا در ردهبندی ، بالای ایران هستند!
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔹طبق جدیدترین گزارش وب سایت SpeedTest سرعت اینترنت ثابت ایران ۳ پله سقوط کرده است
🔹۳ کشور تانزانیا، گینه نو و نیجریه حالا در ردهبندی ، بالای ایران هستند!
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🏆3👎1
#interview #Cybersecurity
🔶Google Chrome V8 Memory Corruption Vulnerability
Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user’s browser.
The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as “insufficient data validation in V8” but is keeping other details close to its vest.
However, Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn’t allow attackers to escape the sandbox where Chrome runs, meaning attackers can’t reach any of the other program, data and applications on the computer. Thus, CVE-2021-21227 would need to be chained with another vulnerability in order to successfully wreak havoc on a target’s machine beyond the browser itself.
The researcher that his discovery is related to prior, now-patched V8 vulnerabilities ( CVE-2020-16040 and CVE-2020-15965). The first allows a remote attacker to exploit heap corruption if a user visits, or is redirected to, a specially crafted web page. The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.
Meanwhile, according to another report , the implications of an attack using the bug depends on the privileges associated with the application: In the worst-case scenario, an attacker could view, change or delete data.
And, if someone has turned off sandboxing, all bets are off.
Google recently patched a zero-day in Chrome (link). That was another V8 issue that allowed RCE inside the browser app (but not sandbox escape).
An important mindset derives from this bug is that "Many V8 vulnerabilities exploited by real-world attackers are effectively 2nd order vulnerabilities: the root-cause is often a logic issue in one of the JIT compilers, which can then be exploited to generate vulnerable machine code (e.g. code that is missing a runtime safety check). The generated code can then in turn be exploited to cause memory corruption at runtime." Therefore, all vulnerabilities have their own importance in a real-world attack scenario.
Reference link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Successful exploitation may allow execution of arbitrary code.
🔶Google Chrome V8 Memory Corruption Vulnerability
Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user’s browser.
The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as “insufficient data validation in V8” but is keeping other details close to its vest.
However, Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn’t allow attackers to escape the sandbox where Chrome runs, meaning attackers can’t reach any of the other program, data and applications on the computer. Thus, CVE-2021-21227 would need to be chained with another vulnerability in order to successfully wreak havoc on a target’s machine beyond the browser itself.
The researcher that his discovery is related to prior, now-patched V8 vulnerabilities ( CVE-2020-16040 and CVE-2020-15965). The first allows a remote attacker to exploit heap corruption if a user visits, or is redirected to, a specially crafted web page. The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.
Meanwhile, according to another report , the implications of an attack using the bug depends on the privileges associated with the application: In the worst-case scenario, an attacker could view, change or delete data.
And, if someone has turned off sandboxing, all bets are off.
Google recently patched a zero-day in Chrome (link). That was another V8 issue that allowed RCE inside the browser app (but not sandbox escape).
An important mindset derives from this bug is that "Many V8 vulnerabilities exploited by real-world attackers are effectively 2nd order vulnerabilities: the root-cause is often a logic issue in one of the JIT compilers, which can then be exploited to generate vulnerable machine code (e.g. code that is missing a runtime safety check). The generated code can then in turn be exploited to cause memory corruption at runtime." Therefore, all vulnerabilities have their own importance in a real-world attack scenario.
Reference link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Successful exploitation may allow execution of arbitrary code.
CIS
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
<p>Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities…
#interview #Cybersecurity
🔶What is heap based overflow?
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
heap overflow happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data.
🔘Simple Example
🔘Types of Heap overflow
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶What is heap based overflow?
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
heap overflow happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data.
🔘Simple Example
🔘Types of Heap overflow
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍3
#interview #Cybersecurity
🔶Packet Traveling - How Packets Move Through a Network
⛓ link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶Packet Traveling - How Packets Move Through a Network
⛓ link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
YouTube
Packet Traveling - How Packets Move Through a Network
This video will illustrate everything that happens to describe how packets travel through a network. Specifically, we will look at every step to get a packet from a host, through a switch, then a router, then another switch, and finally to another host.
…
…
Forwarded from InfoSecTube
🖥 سری ویدیو های دوره مبانی امنیت وب
🎥 25-تحلیل ترافیک https
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/yaAHVUrdowA
🔉@infosectube
📌youtube channel
☣️instagram pageا
🎥 25-تحلیل ترافیک https
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/yaAHVUrdowA
🔉@infosectube
📌youtube channel
☣️instagram pageا
YouTube
25- https تحلیل ترافیک
web security fundamental دوره آموزشی
https تحلیل ترافیک
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
https://twitter.com/53cn3t
https://twitter.com/d3ath3at3r79
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
yout…
https تحلیل ترافیک
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
https://twitter.com/53cn3t
https://twitter.com/d3ath3at3r79
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
yout…
Forwarded from InfoSecTube
YouTube
How to install telegram on linux/kali
how to install telegram on linux/kali
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
اموزش نصب تلگرام روی لینوکس/کالی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
اموزش نصب تلگرام روی لینوکس/کالی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
Forwarded from InfoSecTube
YouTube
How to Install VLC player and mplayer on linux
How to Install VLC player and mplayer on Linux
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس vlc,mplayer اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about…
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس vlc,mplayer اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about…
Forwarded from InfoSecTube
YouTube
How to install Goldendict on Linux
How to install Goldendict on Linux
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس Goldendict اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس Goldendict اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
✅ Realtime Number Plate Detection using Yolov7 – Easiest Explanation
✳️
✳️ Dataset_1
✳️ Dataset_2
🔉@infosectube
📌youtube channel
☣️instagram pageا
✳️
YOLOv7 is the new state-of-the-art real-time object detection model. In this blog, we will see the step-by-step guide to Train YOLOv7 on custom dataset.
✅ Blog✳️ Dataset_1
✳️ Dataset_2
🔉@infosectube
📌youtube channel
☣️instagram pageا
🚀OSV-Scanner
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
Link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
Link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
GitHub
GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Vulnerability scanner written in Go which uses the data provided by https://osv.dev - google/osv-scanner
🖥 سری ویدیو های دوره مبانی امنیت وب
🎥 آشنایی با URL
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/z9Pk10x9oT8
🔉@infosectube
📌youtube channel
☣️instagram pageا
🎥 آشنایی با URL
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/z9Pk10x9oT8
🔉@infosectube
📌youtube channel
☣️instagram pageا
YouTube
23- آشنایی با مفهوم url
web security fundamental دوره آموزشی
اشنایی با مفهوم (url) و جمع بندی ان در دنیای واقعی
توی این جلسه با مطالب
url با خاصیتهای رایج اون اشنا میشیم و جمع بندی مفاهیم
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
http…
اشنایی با مفهوم (url) و جمع بندی ان در دنیای واقعی
توی این جلسه با مطالب
url با خاصیتهای رایج اون اشنا میشیم و جمع بندی مفاهیم
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
http…
🔥1
#interview #Cybersecurity
OSI Model practical part 1:
link
🔉@infosectube
📌youtube channel
☣️instagram pageا
OSI Model practical part 1:
link
🔉@infosectube
📌youtube channel
☣️instagram pageا
Forwarded from InfoSecTube
🖥 سری ویدیو های آموزشی باگ بانتی
🖥Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
👨💻مدرس : پویا حیدرآبادی
🧬لینک ویدیو:
⛓https://youtu.be/w9TLtBif_54
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🖥Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
👨💻مدرس : پویا حیدرآبادی
🧬لینک ویدیو:
⛓https://youtu.be/w9TLtBif_54
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
YouTube
Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
در این قسمت به بررسی و شرح اسیب پذیری های موجود در سطح دسترسی میپردازیم و قصد داریم که به اطلاعات دیگر کاربران که با توجه به پیکربندی اشتباه پیاده سازی شده اند دسترسی داشته باشیم
که به اصطلاح…
در این قسمت به بررسی و شرح اسیب پذیری های موجود در سطح دسترسی میپردازیم و قصد داریم که به اطلاعات دیگر کاربران که با توجه به پیکربندی اشتباه پیاده سازی شده اند دسترسی داشته باشیم
که به اصطلاح…
🚀OSV-Scanner
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
عملکرد کانال InfoSecTube در سال 2022 را چگونه ارزیابی کرده اید؟
Final Results
43%
خوب
38%
متوسط
19%
ضعیف
🖥 سری ویدیو های وبینار های آکادمیک
🎥آشنایی با حملات زنجیره تامین و پارادایم اعتماد صفر
👨💻مدرس : سعید قاسم شیرازی
🧬لینک ویدیو:
https://youtu.be/b3khwl5-DnQ
🔝 @InfoSecTube
🖥 youtube.com/c/InfoSecTube
🍁 instagram.com/info_sec_tube
🎥آشنایی با حملات زنجیره تامین و پارادایم اعتماد صفر
👨💻مدرس : سعید قاسم شیرازی
🧬لینک ویدیو:
https://youtu.be/b3khwl5-DnQ
🔝 @InfoSecTube
🖥 youtube.com/c/InfoSecTube
🍁 instagram.com/info_sec_tube
YouTube
آشنایی با حملات زنجیره تامین و پارادایم اعتماد صفر
آشنایی با حملات زنجیره تامین و پارادایم ZT
zero trust concept & supply chain attack
presenter: saeid ghasemshirazi
سعید قاسم شیرازی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
youtube.com/c/infosectube
https://t.iss.one/InfoSecTube
https://www.instag…
zero trust concept & supply chain attack
presenter: saeid ghasemshirazi
سعید قاسم شیرازی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
youtube.com/c/infosectube
https://t.iss.one/InfoSecTube
https://www.instag…