#interview #Cybersecurity
🔶Google Chrome V8 Memory Corruption Vulnerability
Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user’s browser.
The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as “insufficient data validation in V8” but is keeping other details close to its vest.
However, Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn’t allow attackers to escape the sandbox where Chrome runs, meaning attackers can’t reach any of the other program, data and applications on the computer. Thus, CVE-2021-21227 would need to be chained with another vulnerability in order to successfully wreak havoc on a target’s machine beyond the browser itself.
The researcher that his discovery is related to prior, now-patched V8 vulnerabilities ( CVE-2020-16040 and CVE-2020-15965). The first allows a remote attacker to exploit heap corruption if a user visits, or is redirected to, a specially crafted web page. The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.
Meanwhile, according to another report , the implications of an attack using the bug depends on the privileges associated with the application: In the worst-case scenario, an attacker could view, change or delete data.
And, if someone has turned off sandboxing, all bets are off.
Google recently patched a zero-day in Chrome (link). That was another V8 issue that allowed RCE inside the browser app (but not sandbox escape).
An important mindset derives from this bug is that "Many V8 vulnerabilities exploited by real-world attackers are effectively 2nd order vulnerabilities: the root-cause is often a logic issue in one of the JIT compilers, which can then be exploited to generate vulnerable machine code (e.g. code that is missing a runtime safety check). The generated code can then in turn be exploited to cause memory corruption at runtime." Therefore, all vulnerabilities have their own importance in a real-world attack scenario.
Reference link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Successful exploitation may allow execution of arbitrary code.
🔶Google Chrome V8 Memory Corruption Vulnerability
Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution (RCE) within a user’s browser.
The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from Singular Security Lab. Google describes the bug as “insufficient data validation in V8” but is keeping other details close to its vest.
However, Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn’t allow attackers to escape the sandbox where Chrome runs, meaning attackers can’t reach any of the other program, data and applications on the computer. Thus, CVE-2021-21227 would need to be chained with another vulnerability in order to successfully wreak havoc on a target’s machine beyond the browser itself.
The researcher that his discovery is related to prior, now-patched V8 vulnerabilities ( CVE-2020-16040 and CVE-2020-15965). The first allows a remote attacker to exploit heap corruption if a user visits, or is redirected to, a specially crafted web page. The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.
Meanwhile, according to another report , the implications of an attack using the bug depends on the privileges associated with the application: In the worst-case scenario, an attacker could view, change or delete data.
And, if someone has turned off sandboxing, all bets are off.
Google recently patched a zero-day in Chrome (link). That was another V8 issue that allowed RCE inside the browser app (but not sandbox escape).
An important mindset derives from this bug is that "Many V8 vulnerabilities exploited by real-world attackers are effectively 2nd order vulnerabilities: the root-cause is often a logic issue in one of the JIT compilers, which can then be exploited to generate vulnerable machine code (e.g. code that is missing a runtime safety check). The generated code can then in turn be exploited to cause memory corruption at runtime." Therefore, all vulnerabilities have their own importance in a real-world attack scenario.
Reference link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Successful exploitation may allow execution of arbitrary code.
CIS
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
<p>Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities…
#interview #Cybersecurity
🔶What is heap based overflow?
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
heap overflow happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data.
🔘Simple Example
🔘Types of Heap overflow
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶What is heap based overflow?
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
heap overflow happens when a chunk of memory is allocated to the heap and data is written to this memory without any bound checking being done on the data.
🔘Simple Example
🔘Types of Heap overflow
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍3
#interview #Cybersecurity
🔶Packet Traveling - How Packets Move Through a Network
⛓ link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶Packet Traveling - How Packets Move Through a Network
⛓ link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
YouTube
Packet Traveling - How Packets Move Through a Network
This video will illustrate everything that happens to describe how packets travel through a network. Specifically, we will look at every step to get a packet from a host, through a switch, then a router, then another switch, and finally to another host.
…
…
Forwarded from InfoSecTube
🖥 سری ویدیو های دوره مبانی امنیت وب
🎥 25-تحلیل ترافیک https
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/yaAHVUrdowA
🔉@infosectube
📌youtube channel
☣️instagram pageا
🎥 25-تحلیل ترافیک https
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/yaAHVUrdowA
🔉@infosectube
📌youtube channel
☣️instagram pageا
YouTube
25- https تحلیل ترافیک
web security fundamental دوره آموزشی
https تحلیل ترافیک
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
https://twitter.com/53cn3t
https://twitter.com/d3ath3at3r79
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
yout…
https تحلیل ترافیک
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
https://twitter.com/53cn3t
https://twitter.com/d3ath3at3r79
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
yout…
Forwarded from InfoSecTube
YouTube
How to install telegram on linux/kali
how to install telegram on linux/kali
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
اموزش نصب تلگرام روی لینوکس/کالی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
اموزش نصب تلگرام روی لینوکس/کالی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
Forwarded from InfoSecTube
YouTube
How to Install VLC player and mplayer on linux
How to Install VLC player and mplayer on Linux
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس vlc,mplayer اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about…
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس vlc,mplayer اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about…
Forwarded from InfoSecTube
YouTube
How to install Goldendict on Linux
How to install Goldendict on Linux
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس Goldendict اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
●▬▬▬۩❁ @InfoSecTube❁۩ ▬▬▬▬●
روی لینوکس Goldendict اموزش نصب
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
https://bit.ly/2AONyvP
Subscribe to this channel if… you enjoy fun and educational videos about technology…
✅ Realtime Number Plate Detection using Yolov7 – Easiest Explanation
✳️
✳️ Dataset_1
✳️ Dataset_2
🔉@infosectube
📌youtube channel
☣️instagram pageا
✳️
YOLOv7 is the new state-of-the-art real-time object detection model. In this blog, we will see the step-by-step guide to Train YOLOv7 on custom dataset.
✅ Blog✳️ Dataset_1
✳️ Dataset_2
🔉@infosectube
📌youtube channel
☣️instagram pageا
🚀OSV-Scanner
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
Link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
Link
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
GitHub
GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Vulnerability scanner written in Go which uses the data provided by https://osv.dev - google/osv-scanner
🖥 سری ویدیو های دوره مبانی امنیت وب
🎥 آشنایی با URL
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/z9Pk10x9oT8
🔉@infosectube
📌youtube channel
☣️instagram pageا
🎥 آشنایی با URL
👨💻مدرس : پویا حیدرابادی
📜لینک ویدیو:
https://youtu.be/z9Pk10x9oT8
🔉@infosectube
📌youtube channel
☣️instagram pageا
YouTube
23- آشنایی با مفهوم url
web security fundamental دوره آموزشی
اشنایی با مفهوم (url) و جمع بندی ان در دنیای واقعی
توی این جلسه با مطالب
url با خاصیتهای رایج اون اشنا میشیم و جمع بندی مفاهیم
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
http…
اشنایی با مفهوم (url) و جمع بندی ان در دنیای واقعی
توی این جلسه با مطالب
url با خاصیتهای رایج اون اشنا میشیم و جمع بندی مفاهیم
این دوره برای افراد علاقه مند به حوزه امنیت تهیه شده
بدون پیشنیاز
مدرسین:
http…
🔥1
#interview #Cybersecurity
OSI Model practical part 1:
link
🔉@infosectube
📌youtube channel
☣️instagram pageا
OSI Model practical part 1:
link
🔉@infosectube
📌youtube channel
☣️instagram pageا
Forwarded from InfoSecTube
🖥 سری ویدیو های آموزشی باگ بانتی
🖥Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
👨💻مدرس : پویا حیدرآبادی
🧬لینک ویدیو:
⛓https://youtu.be/w9TLtBif_54
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🖥Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
👨💻مدرس : پویا حیدرآبادی
🧬لینک ویدیو:
⛓https://youtu.be/w9TLtBif_54
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
YouTube
Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
Horizontal Privilege Escalation | روش افقی ارتقاع سطح دسترسی
در این قسمت به بررسی و شرح اسیب پذیری های موجود در سطح دسترسی میپردازیم و قصد داریم که به اطلاعات دیگر کاربران که با توجه به پیکربندی اشتباه پیاده سازی شده اند دسترسی داشته باشیم
که به اصطلاح…
در این قسمت به بررسی و شرح اسیب پذیری های موجود در سطح دسترسی میپردازیم و قصد داریم که به اطلاعات دیگر کاربران که با توجه به پیکربندی اشتباه پیاده سازی شده اند دسترسی داشته باشیم
که به اصطلاح…
🚀OSV-Scanner
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🪝Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
🚧OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
عملکرد کانال InfoSecTube در سال 2022 را چگونه ارزیابی کرده اید؟
Final Results
43%
خوب
38%
متوسط
19%
ضعیف
🖥 سری ویدیو های وبینار های آکادمیک
🎥آشنایی با حملات زنجیره تامین و پارادایم اعتماد صفر
👨💻مدرس : سعید قاسم شیرازی
🧬لینک ویدیو:
https://youtu.be/b3khwl5-DnQ
🔝 @InfoSecTube
🖥 youtube.com/c/InfoSecTube
🍁 instagram.com/info_sec_tube
🎥آشنایی با حملات زنجیره تامین و پارادایم اعتماد صفر
👨💻مدرس : سعید قاسم شیرازی
🧬لینک ویدیو:
https://youtu.be/b3khwl5-DnQ
🔝 @InfoSecTube
🖥 youtube.com/c/InfoSecTube
🍁 instagram.com/info_sec_tube
YouTube
آشنایی با حملات زنجیره تامین و پارادایم اعتماد صفر
آشنایی با حملات زنجیره تامین و پارادایم ZT
zero trust concept & supply chain attack
presenter: saeid ghasemshirazi
سعید قاسم شیرازی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
youtube.com/c/infosectube
https://t.iss.one/InfoSecTube
https://www.instag…
zero trust concept & supply chain attack
presenter: saeid ghasemshirazi
سعید قاسم شیرازی
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
youtube.com/c/infosectube
https://t.iss.one/InfoSecTube
https://www.instag…
🖥 سری ویدیو های آموزشی Node.Js
👨💻مدرس : میثم منصف
🔹آشنایی مقدماتی با nodejs
⛓https://youtu.be/Vjb6l8xNRAQ
🔹آشنایی با معماری نود جی اس(Node.js)
⛓https://youtu.be/guOhZ20ZGwg
🔹نصب محیط برنامه نویسی نود جی اس
⛓https://youtu.be/6n3ebW3z0rc
🔹نصب نود جی اس روی لینوکس
⛓https://youtu.be/f_fgncga6qQ
🔹راه اندازی phpstorm و Nodemon
⛓https://youtu.be/Fb6t4GeYbHM
🔹متغییر ها در نود جی اس
⛓https://youtu.be/-XxYjeFCRqA
🔹توابع در نود جی اس
⛓https://youtu.be/0yRI2rcAMdc
🔹تعیین سطح دسترسی و محدوده در نود جی اس
⛓https://youtu.be/Xy1P58RXWKY
🔹آشنایی با لاگ در نود جی اس
⛓https://youtu.be/xo4IFyoLs4U
🔹آشنایی با Async در نود جی اس
⛓https://youtu.be/-697ez4e6vw
🔝 @InfoSecTube
🖥 🖥 youtube
🍁 instagram.com/info_sec_tube
👨💻مدرس : میثم منصف
🔹آشنایی مقدماتی با nodejs
⛓https://youtu.be/Vjb6l8xNRAQ
🔹آشنایی با معماری نود جی اس(Node.js)
⛓https://youtu.be/guOhZ20ZGwg
🔹نصب محیط برنامه نویسی نود جی اس
⛓https://youtu.be/6n3ebW3z0rc
🔹نصب نود جی اس روی لینوکس
⛓https://youtu.be/f_fgncga6qQ
🔹راه اندازی phpstorm و Nodemon
⛓https://youtu.be/Fb6t4GeYbHM
🔹متغییر ها در نود جی اس
⛓https://youtu.be/-XxYjeFCRqA
🔹توابع در نود جی اس
⛓https://youtu.be/0yRI2rcAMdc
🔹تعیین سطح دسترسی و محدوده در نود جی اس
⛓https://youtu.be/Xy1P58RXWKY
🔹آشنایی با لاگ در نود جی اس
⛓https://youtu.be/xo4IFyoLs4U
🔹آشنایی با Async در نود جی اس
⛓https://youtu.be/-697ez4e6vw
🔝 @InfoSecTube
🖥 🖥 youtube
🍁 instagram.com/info_sec_tube
YouTube
1-آشنایی مقدماتی با nodejs
سری ویدیو های اموزشی دوره برنامه نویسی node.js
مدرس: میثم منصف
عنوان: آشنایی مقدماتی با Node.Js
Node.js for beginners Tutorials
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
youtube.com/c/infosectube
https://t.iss.one/InfoSecTube
https://www.instagram.c…
مدرس: میثم منصف
عنوان: آشنایی مقدماتی با Node.Js
Node.js for beginners Tutorials
●▬▬▬۩❁ @InfoSecTube ❁۩ ▬▬▬▬●
Telegram Channel:
youtube.com/c/infosectube
https://t.iss.one/InfoSecTube
https://www.instagram.c…
🚧لیست بزرگی از پیامرسانهای امن و غیرمتمرکز توزیع شده و منبع باز
1. E2EE
Session
Delta Chat
Simplex Chat
Silence
Wire
Safe Text
2. Matrix
Element
Syphon
FluffyChat
SchildiChat
3. (mesh)
berty
dIM Chat
Rumble
Serval Mesh
FireChat
Fireside
Meshenger
Berkanan
Mesh
4. Tor massage
Tinfoil Chat
Ricochet Refresh
Briar
Tox
Speek
cwtch.im
5. بلاکچین
Status
Mixin
Adamant
iMe Messenger & Crypto Wallet
6. فورک
Molly (Signal)
DarkMessenger (Conversations)
aTox 0.6.0 (Tox)
Taranis (Jami)
Protox (Tox)
7. VOIP/SIP/تماس ویدئویی
Jami
Pryvate Now
Rocket.Chat
Jitsi Meet
Sipnetic
Linphone
VIPole
8. XMPP (OTR/OMEMO)
Conversations
CoyIM
Dino.
Pidgin
Gajim
blabber
Beagle
conversejs
MirandaNG
Wime
ChatSecure
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
1. E2EE
Session
Delta Chat
Simplex Chat
Silence
Wire
Safe Text
2. Matrix
Element
Syphon
FluffyChat
SchildiChat
3. (mesh)
berty
dIM Chat
Rumble
Serval Mesh
FireChat
Fireside
Meshenger
Berkanan
Mesh
4. Tor massage
Tinfoil Chat
Ricochet Refresh
Briar
Tox
Speek
cwtch.im
5. بلاکچین
Status
Mixin
Adamant
iMe Messenger & Crypto Wallet
6. فورک
Molly (Signal)
DarkMessenger (Conversations)
aTox 0.6.0 (Tox)
Taranis (Jami)
Protox (Tox)
7. VOIP/SIP/تماس ویدئویی
Jami
Pryvate Now
Rocket.Chat
Jitsi Meet
Sipnetic
Linphone
VIPole
8. XMPP (OTR/OMEMO)
Conversations
CoyIM
Dino.
Pidgin
Gajim
blabber
Beagle
conversejs
MirandaNG
Wime
ChatSecure
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Session
Session | Send Messages, Not Metadata. | Private Messenger
Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.
#interview #cybersecurity
🔶What is RFC?
A Request for Comments (RFC) is a formal document from the Internet Engineering Task Force (IETF) that contains specifications and organizational notes about topics related to the internet and computer networking, such as routing, addressing and transport technologies.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔶What is RFC?
A Request for Comments (RFC) is a formal document from the Internet Engineering Task Force (IETF) that contains specifications and organizational notes about topics related to the internet and computer networking, such as routing, addressing and transport technologies.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
#interview #cybersecurity #Terminology
Node: A device that implement IPV6
Router: A node that forwards IPV6 packets not explicitly addressed to itself.
Host: Any node that is not a router
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Node: A device that implement IPV6
Router: A node that forwards IPV6 packets not explicitly addressed to itself.
Host: Any node that is not a router
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube