underground.org.mx
0
  • Febrero 22, 2020, 08:19:04 pm
  • Bienvenido(a), Visitante
Por favor ingresa o regístrese.

Ingresar con nombre de usuario, contraseña y duración de la sesión
Búsqueda Avanzada  

Mostrar Mensajes

Esta sección te permite ver todos los mensajes hechos por este usuario, recuerda que solo puedes ver los mensajes en áreas en donde tu tienes acceso.

Temas - hkm

Páginas: [1] 2 3 4
1
Noticias y Eventos / Beca M3x4s @ DEFCON
« on: Febrero 21, 2020, 09:30:16 am »


Ciber Seguridad es un tema muchas veces estigmatizado, sin embargo, siempre habrá amenazas informáticas y gente que que queremos hacer el Internet y el mundo un lugar más seguro.


¿Qué queremos lograr?

Queremos Becar a 2 Jóvenes promesas de la Ciberseguridad. Es decir, dos estudiantes en la carrera de sistemas o similar, que comparta el gusto por la seguridad. Para que vaya con todos los gasto pagados al ¡DEFCON28 en LAS VEGAS! que será del 6 al 9 de Agosto del 2020.

Esto incluye Avión, Estancia, entrada al evento ($280USD) y un per diem para comidas de $45USD diarios.

¿Quienes podrán participar en el selectivo?

- Estudiantes de cualquier carrera afín a sistemas
- Contar con VISA  y Pasaporte con vigencia para viajar durante el evento
- Ser mayor de edad (18 años)
- Vivir en territorio mexicano (no necesita ser mexican@)
- Hacer un ensayo
- Las bases finales se decidirán entre el grupo de manera democrática

¿Por qué pedimos tu ayuda?

Como lo comentamos más abajo en la sección de "¿Quiénes somos? Simplemente queremos hacer esto por gusto y porque queremos un mundo y un internet más seguro. Todos estaremos apoyando.

 Es por eso que cualquier ayuda será de mucha utilidad y estarás apoyando a jóvenes estudiantes que quizá, de otra manera, no pudieran tener la oportunidad de tener esta experiencia.


¿Quiénes somos?

Somos un grupo de profesionales y aficionados a la ciberseguridad que año con año hacemos presencia en el evento comunitario más importante de seguridad en las vegas: DEFCON.

Somos un grupo multidiciplinario mayoritariamente de México pero tambien hay gente de todas partes de LATAM. La idea es compartir nuestros gustos, ponernos de acuerdo para ir al DEFCON cada año y pasar 4 días de aprendizaje, experiencias y buenos ratos con amigos de antaño y nuevos.

No somos ninguna organización, ni empresa, ni Asociación Civil, ni nada por el estilo, solo amig@s que tenemos algo en común: El gusto por la ciberseguridad y las ganas de seguir aprendiendo.

¿Por qué el DEFCON?

El DEFCON es el evento de ciberseguridad por excelencia, se ha hecho durante 28 años en Las Vegas, es un evento hecho por la comunidad en donde los temas e investigaciones son muy interesantes si quieres saber más sobre el evento puedes consultar su página oficial en www.defcon.org

Más info: ¡Búscame como @GnuOwned twitter y respondo todas tus preguntas!

Soy estudiante ¡Quiero aplicar! ¿Cómo le hago?

La convocatoria y bases las puedes encontrar acá:

https://forms.gle/3pyqQEnjPE9AnndB8

¡Aplica!

2
compilado de los mejores writeup del programa de recompensas del progama de Google Bug bounty (GoogleVRP) https://github.com/xdavidhu/awesome-google-vrp-writeups



# Awesome Google VRP Writeups
🐛 A list of writeups from the Google VRP Bug Bounty program

*\*writeups: **not just** writeups*

## Contributing:

If you have/know of any Google writeups not listed in this repository, feel free to open a Pull Request. If the writeup is new, add it to the top of the list, if it is not, to the end.

The template to follow when adding new writeups:
```
- [TITLE](URL) by [NAME](TWITTER_URL)
```
*If no Twitter account is available, try finding something similar, like other social media page or website.*

### Contributors:
[David Schütz](https://twitter.com/xdavidhu), [Alex Birsan](https://twitter.com/alxbrsn), `YOUR_NAME_HERE`

Thank you! 🎉

## Blog posts:
- [$36k Google App Engine RCE](https://www.ezequiel.tech/p/36k-google-app-engine-rce.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) by [Alex Birsan](https://twitter.com/alxbrsn)
- [XSS in GMail’s AMP4Email via DOM Clobbering](https://research.securitum.com/xss-in-amp4email-dom-clobbering/) by [Michał Bentkowski](https://twitter.com/SecurityMB)
- [$10k host header](https://www.ezequiel.tech/p/10k-host-header.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Into the Borg – SSRF inside Google production network](https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/) by [Enguerran Gillier](https://twitter.com/opnsec)
- [SSRF in Google Cloud Platform StackDriver](https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/) by [Ron Chan](https://twitter.com/ngalongc)
- [$7.5k Google services mix-up](https://www.ezequiel.tech/p/75k-google-services-mix-up.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD](https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/) by [Omar Espino](https://twitter.com/omespino)
- [Bypassing Google’s authentication to access their Internal Admin panels](https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3) by [Vishnu Prasad P G](https://twitter.com/vishnuprasadnta)
- [Creative bug which result Stored XSS on m.youtube.com](http://sasi2103.blogspot.com/2015/12/creative-bug-which-result-stored-xss-on.html) by [Sasi Levi](https://twitter.com/sasi2103)
- [$7.5k Google Cloud Platform organization issue](https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Gsuite Hangouts Chat 5k IDOR](https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
- [$5k Service dependencies](https://www.ezequiel.tech/p/5k-service-dependencies.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Open redirects that matter](https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter) by [Tomasz Bojarski](https://bughunter.withgoogle.com/profile/c25fa487-a4df-4e2e-b877-4d31d8964b82)
- [Google VRP : oAuth token stealing](http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html) by [Harsh Jaiswal](https://twitter.com/rootxharsh)
- [Combination of techniques lead to DOM Based XSS in Google](http://sasi2103.blogspot.com/2016/09/combination-of-techniques-lead-to-dom.html) by [Sasi Levi](https://twitter.com/sasi2103)
- [Unauth meetings access](https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Deleting/Altering All Google Cloud Budget Monitors](https://secreltyhiddenwriteups.blogspot.com/2019/12/deletingaltering-all-google-cloud.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
- [Youtube Editor XSS Vulnerability](https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [Google bugs stories and the shiny pixelbook](https://bughunt1307.herokuapp.com/googlebugs.html) by [Missoum Said](https://twitter.com/missoum1307)
- [$500 getClass](https://www.ezequiel.tech/p/500-getclass.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Google Webmaster Markup Helper Framed Application XSS](https://jasminderpalsingh.info/google-webmaster-markup-helper-framed-application-xss/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions](https://sites.google.com/site/voicevpasec/) by ???
- [Stored XSS on biz.waze.com](https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
- [XSSing Google Code-in thanks to improperly escaped JSON data](https://appio.dev/vulns/google-code-in-xss/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Writeup for the 2019 Google Cloud Platform VRP Prize!](https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204) by [Missoum Said](https://twitter.com/missoum1307)
- [Blind XSS against a Googler](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Youtube XSS Vulnerability [Stored -> Self Executed]](https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [How I could have hijacked a victim’s YouTube notifications!](https://hackademic.co.in/youtube-bug/) by [Yash Sodha](https://twitter.com/y_sodha)
- [Bypassing Firebase authorization to create custom goo.gl subdomains](https://appio.dev/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Multiple XSSs on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Reflected XSS in Google Code Jam](https://appio.dev/vulns/reflected-xss-in-google-code-jam/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Auth Issues on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Waze remote vulnerabilities](http://blog.appscan.io/index.php/2018/05/25/waze-remote-vulnerability-technical-report/) by [PanguTeam](https://twitter.com/PanguTeam)
- [Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org](https://appio.dev/vulns/stored-xss-in-webcomponents-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [G Suite - Device Management XSS](https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management) by [Rojan Rijal](https://twitter.com/mallocsys)
- [XSS in YouTube Gaming](http://respectxss.blogspot.com/2015/10/xss-in-youtube-gaming.html) by [Ashar Javed](https://twitter.com/soaj1664ashar)
- [Exploiting Clickjacking Vulnerability To Steal User Cookies](https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [Inserting arbitrary files into anyone’s Google Earth Projects Archive](https://appio.dev/vulns/google-earth-studio-vulnerability/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Stored, Reflected and DOM XSS in Google for Work Connect (GWC)](http://respectxss.blogspot.com/2016/02/stored-reflected-and-dom-xss-in-google.html) by [Ashar Javed](https://twitter.com/soaj1664ashar)
- [Clickjacking DOM XSS on Google.org](https://appio.dev/vulns/clickjacking-xss-on-google-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Billion Laugh Attack in https://sites.google.com](https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html) by [Antonio Sanso](https://twitter.com/asanso)
- [Again, from Nay to Yay in Google Vulnerability Reward Program!](https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html) by [Ahmad Ashraff](https://twitter.com/yappare)
- [I hate you, so I pawn your Google Open Gallery](https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html) by [Ahmad Ashraff](https://twitter.com/yappare)
- [XSRF and Cookie manipulation on google.com](https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/) by [Michele Spagnuolo](https://twitter.com/mikispag)
- [The 5000$ Google XSS](https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/) by [Patrik Fehrenbach](https://twitter.com/itsecurityguard)

## Videos:
- [Best Of Google VRP 2018](https://www.youtube.com/watch?v=mJwZfRXs83M) by [Daniel Stelter-Gliese](https://ch.linkedin.com/in/daniel-stelter-gliese-170a70a2)
- [Great Bugs In Google VRP In 2016](https://www.youtube.com/watch?v=zs_nEJ9fh_4) by [Martin Straka and Karshan Sharma](https://nullcon.net/website/goa-2017/about-speakers.php)
- [Google Cloud Platform vulnerabilities](https://www.youtube.com/watch?v=9pviQ19njIs) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Google Paid Me to Talk About a Security Issue!](https://www.youtube.com/watch?v=E-P9USG6kLs) by [LiveOverflow](https://twitter.com/LiveOverflow/)
- [War Stories from Google’s Vulnerability Reward Program](https://www.youtube.com/watch?v=QoE0M7v84ZU) by [Gábor Molnár](https://twitter.com/molnar_g)
- [Secrets of the Google Vulnerability Reward Program](https://www.youtube.com/watch?v=ueEsOnHJZ80) by [Krzysztof Kotowicz](https://ch.linkedin.com/in/kkotowicz)
- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) by [LiveOverflow](https://twitter.com/LiveOverflow/)

3
Noticias y Eventos / OWASP Vancouver [Febrero 20]
« on: Enero 28, 2020, 11:28:48 am »
https://www.eventbrite.ca/e/owasp-vancouver-exploit-your-way-through-vulnerabilities-and-learn-application-security-concepts-tickets-90919323143

Description
Overview: want to test your skills in identifying web application vulnerabilities? How about learning and applying real application security concepts? Here is your chance to do so using the CMD+CTRL cyber range, a unique, immersive environment where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defence is all about thinking on your feet.

For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard for a chance to win fantastic prizes! CMD+CTRL is ideal for development teams to train and develop skills, but anyone involved in keeping your organization’s data secure can play - from developers and managers and even CISOs.

Requirements: participants will need the following:
• A laptop to connect to the CMD+CTRL website
• Download and install Burp Suite (Community is okay) or OWASP ZAP

Live streaming: not available for this session.

Thank you: we would like to thank Security Innovation for coming to Vancouver and bringing us the CMD+CTRL platform for this session, Hootsuite for hosting and providing pizza + pop, and all the volunteers for helping make this happen!

OWASP Vancouver Web site can be found here, where you can find more info and stay connected with us.

Date And Time
Thu, 20 February 2020

6:00 PM – 9:00 PM PST

Add to Calendar

Location
Hootsuite

5 East 8th Avenue

Vancouver, BC V5T 1R6

Canada

https://www.eventbrite.ca/e/owasp-vancouver-exploit-your-way-through-vulnerabilities-and-learn-application-security-concepts-tickets-90919323143

4
Sin Categoría / Descarga de libros: libgen.is y b-ok.cc
« on: Enero 25, 2020, 12:42:40 pm »
The world's largest ebook library.

https://b-ok.cc/

https://libgen.is/


Para convertirlo en formato PDF para Kindle o algún otro dispositivo puedes usar herramientas en línea como  Zamzar o descargar Calibre.


Saludos.

5
Noticias y Eventos / Mexico City IoT Meetup 2020 [Febrero 6]
« on: Enero 25, 2020, 12:33:51 pm »


Salud@s. Ya tenemos fecha y tema para nuestra próxima reunión de IoT.
pwnagotchi.ai
Uso de redes neuronales para escaneo de redes WiFi Activo usando Raspberry Pi.

Referencia: https://pwnagotchi.ai/
PWNAGOTCHI: DEEP REINFORCEMENT LEARNING FOR WIFI PWNING!

Los esperamos.

Thursday, February 6, 2020
7:00 PM to 9:00 PM
KMMX Centro de Capacitación en TI, Web y Mobile

Campeche 300, Piso 1, Condesa, 06100 · México City


Mas información en: https://www.meetup.com/Mexico-City-Internet-of-Things-Meetup/events/268179741/

6
Seguridad y Hacking / Lista de bug bounties del 2020
« on: Enero 20, 2020, 12:41:29 pm »
    (ISC)²
    .nz Registry
    0x Project
    123 Contact Form
    18F
    1Password Game
    23 And Me
    ABN Amro
    Accenture
    Accredible
    Acquia
    Actility
    Active Campaign
    Active Prospect
    ActiVPN
    Adapcare
    Adobe
    Adyen
    Aerohive
    Affiliate Coin
    Aion
    Air Force Mining
    Air VPN
    Airbnb
    Aircloak
    Airdropster
    AIrMiles Shop
    Airswap
    Aisi
    Alcyon
    Algolia
    Alibaba
    Alien Vault
    Aliexpress
    Altervista
    Amara
    Amazon Web Services
    Ancient Brain
    Android
    Android Open Source
    Anghami
    AntiHack
    AOL
    Apache
    Appcelerator
    Apple
    Apple (Dev)
    Appoptics
    Aptible
    Aragon
    Arch Linux
    Ark
    ARM mbed
    Armis
    Artifex
    Artsy
    Asana
    Asterisk
    Asus
    AT&T
    Atlassian
    Augur
    Auth0
    AuthAnvil
    Automattic
    Avast!
    Aventus
    Aventus Protocol Foundation
    Avesta
    Avira
    Badoo
    Bancor
    Barracuda Networks
    Base
    Basecamp
    BASF
    Battle.Net
    Beamery
    Beanstalk
    Belastingdienst
    Belden
    Belgian Rail
    Belgium Telenet
    Betcoin
    Beyond Security
    Bime
    BiMserver
    Binance
    Binary.com
    Bing
    Bit My Money
    BitAccess
    BitBNS
    Bitcoin
    Bitcoin.DE
    BitDefender
    Bitonic
    Bitpay
    Bittrex
    BItwage
    BitWarden
    Bizmerlin
    BL3P
    Blackboard
    Blackcoin
    Blesta
    BlinkSale
    Blockchain
    Blockchain Technology Research Innovations Corporation (BTRIC)
    Blogger
    Booking.com
    Bosch
    Boston Scientific
    Bounty Guru
    BountyFactory
    BountySource
    Box
    Boxug
    Braintree
    BRD
    BTX Trader
    Buffer
    Bug Crowd
    Bynder
    C2FO
    C2L
    Campaign Monitor
    Cappasity
    Carbon Black
    Card
    Cargocoin
    Carnegie Mellon University Software Engineering Institute
    Cayan
    Central NIC
    Centrify
    CERT EU
    Chalk
    ChargeOver
    Chargify
    Chase
    Chiark
    Chill Project
    Chrome
    ChronoBank
    CircleCi
    Cisco
    Cisco Meraki
    CJIB
    ClickUp
    Clojars
    Cloudflare
    Coalition Inc
    Cobalt
    Code Climate
    Codex WordPress
    Coin Janitor
    Coinbase
    Coindrawer
    Coinhive
    CoinJar
    Coinpayments
    CoinSpectator
    CoinStocks
    CoinTal
    Commons Ware
    Compose
    Constant Contact
    CoreOS
    Coupa
    CPanel
    Craigslist
    Credit Karma
    Crowdfense
    CrowdShield
    Crypto Angel
    CryptoNinja
    Customer Insight
    Custos Tech
    CyLance
    Danske Bank
    Dash
    Dato Capital
    De Nederlandsche Bank
    de Volksbank
    Debian Security Tracker
    Deco Network
    Deconf
    Defensie
    Deliveroo
    DeliveryHero
    Dell
    Deribit
    Detectify
    Deutsche Telekom
    Digital Ocean
    Discord App
    Discourse
    Distilled ODN
    Django
    DJI
    DNN Corporation
    DNSimple
    Docker
    DOD
    DoorKeeper
    DPD
    Drager
    Drchrono
    DropBox
    Drupal
    Duo Labs
    Duo Lingo
    Duo Security
    Dyson
    eBay
    Eclipse
    ee.Oulo
    eero
    Electronic Arts (Games)
    Electronic Frontier Foundation (EFF)
    Eligible
    EMC
    Emptrust
    Enterprise XOXO Today
    Envato
    Erasmus
    ESEA
    ESET
    Ethereum bounty
    Etherscan
    ETHfinex
    ETHLend
    ETHNews
    EthnoHub
    ETHorse
    Etsy
    EVE
    Event Espresso
    Eventbrite
    Evernote
    Evident
    Expatistan
    Express VPN
    ExpressIf
    Expression Engine
    F Secure
    Facebook
    FanDuel
    FastMail
    FCA
    Firebase
    Firebounty
    Fireeye
    First
    FitBit
    FlexiSPY
    FlexLists
    Flow Dock
    Fluxiom
    Fog Creek
    Foursquare
    Fox IT
    Foxycart
    Free Software Foundation
    Freedom of Press
    Freelancer
    FreshBooks
    FUGA CLOUD
    Gamma
    Garanti Bank
    Garmin
    GateCoin
    GateHub
    Gemfury
    Genesis ICO
    Ghost
    Ghostscript
    Gimp
    Github
    Gitlab
    GlassWire
    GLX
    Gnome
    Gnosis
    GoDaddy
    GolemProject
    Google
    Google PRP
    Google PRR
    Grabtaxi Holdings Pte Ltd
    Greenhouse Software Inc
    Grok Learning
    Guidebook
    Hackenproof
    Hackerearth
    HackerOne
    Hackner Security
    Harmony
    Havest
    HelloSign
    Help Scout
    Heroku
    Hex-Rays
    HID Global
    Hidester
    Hirschmann
    HIT BTC
    Honeycomb
    Honeywell
    Honour
    Hootsuite
    Hostinger
    HTC
    Huawei
    Humble Bundle
    Hunter
    Hybrid Saas
    HyperLedger
    I SIgn This
    IBM
    Icon Finder
    ICS
    ICT Institute
    iFixit
    IIT-G
    IKEA
    Imgur
    Impact Earth
    Indeed
    Indorse
    Inflectra
    InfoPlus Commerce
    Infovys
    ING
    Instacart
    Instamojo
    Instasafe
    Instructure
    IntegraXor (SCADA)
    Intel
    Intercom
    Intercom
    Internet Bug Bounty
    Internetwache
    Intigriti
    Intrasurance
    Invision App
    IOTA
    IPSWitch
    Issuu
    IT BIT
    Jet.com (API)
    JetApps
    Jetendo
    Jewel Payment Tech
    Joomla
    jruby
    JSE Coin
    Jumplead
    Juniper
    Kaseya
    Kaspersky
    Keep Key
    Keepass
    Keeper Chat
    Keeper Security
    Keming Labs
    Kentico
    KissFlow
    Kraken
    Kryptocal
    Kuna
    Kyber
    Kyup
    Ladesk
    Lahitapiola
    LastPass
    LaunchKey
    League of Legends
    LeaseWeb
    Ledger
    Legal Robot
    Lenovo
    Leverj
    LibSass
    LifeOmic
    Liferay
    Line
    LinkedIn
    Linksys (Belkin)
    LiveAgent
    Local Bitcoins
    Local Monero
    Logentries
    LZF
    Magento
    Magix AG
    MailChimp
    MailRu
    Malwarebytes
    Manage WP
    Manalyzer
    Martplaats
    Massachusetts Institute of Technology
    MassDrop
    Matomo
    Mattermost
    Maximum
    Mbed
    McAfee
    MediaWiki
    Medium
    Meraki
    Merchant Shares
    Meta Calculator
    Meteor
    Microsoft (bounty programs)
    Microsoft (Online Services)
    Microweber
    Mime Cast
    MIT Edu
    Mobile Vikings
    Mollie
    Monetha
    Moneybird
    Motorola
    Mozilla
    Muchcoin
    My Trove
    MyStuff2 App
    N26
    NCC Group
    NCSC
    NDIX
    Nearby
    NEM
    Nest
    NetApp
    NetBeans
    netf
    Netflix
    Netgear
    New Relic
    NextCloud
    Nimiq
    Nitro Token
    NMBRS
    NN Group
    Nocks
    Nokia Networks
    NordVPN
    Nugit
    Nuxeo
    Nvidia
    NXP
    Oath
    Observu
    OCCRP
    Odoo
    Offensive Security
    Olark
    OneLogin
    Onfido
    Open Bounty
    Open Office
    Open Source University
    Open SUSE
    OpenBSD
    OpenSSL
    OpenText
    OpenVPN
    OpenXchange
    Opera
    Oracle
    Orange
    Orion Health
    Outbrain
    Outreach
    OVH
    OWASP
    Owncloud
    Packet Storm Security
    PagerDuty
    Panasonic Avionics
    Panic
    Panzura
    PaperTrail App
    Paragon Initiative Enterprises
    Parity Tech
    PasteCoin
    Paychoice
    Payiza
    Paymill
    Paypal
    PaySera
    Paytm
    Peerio
    Pentu
    Perl
    Philips
    PHP
    Phrendly
    Pidgin
    Pinoy Hack News
    Pinterest
    Plesk
    Pocket
    POLi Payments
    Polyswarm
    Port of Rotterdam
    PostMark App
    PowerDNS
    Prezi
    Private Internet Access
    Proof Work
    Proto VPN
    Puppet Labs
    PureVPN
    PushWhoosh
    QEMU
    Qiwi
    Qmail
    Qualcomm
    Quantopian
    QuantStamp
    Quickx
    Quora
    Qwilr
    Rabo bank
    Rackspace
    Rainforest
    Raise
    Rapid7
    Razer
    RCE Security
    Recht Spraak
    Red Sift
    RedHat
    Regionale Belasting Groep
    Release Wire
    Report Garden
    Request Network
    Rev Next
    Rhino Security Labs
    Ribose
    RightMesh
    Rijskoverheid
    Riot Games
    Ripple
    Rocket-Chat
    Roll Bar
    Royal Bank of Scotland
    Rust
    SafeHats
    SalesForce
    Samsung – Mobiles
    SAP
    Saveya
    Scaleft
    Secure Pay
    Secureworks
    Security Escape
    Segment
    Sellfy
    Sentry
    ShareLaTex
    Shivom
    Shopify
    ShowMax
    Shuberg Philis
    Sifter
    Sifter
    SIgnify
    Silent Circle
    Silver Gold Bull
    Silver Gold Bull CA
    Simpplr
    SiteGround
    SiteLock
    Skoodat
    Skuid
    Slack
    Sli Do
    Smartling
    Smokescreen
    SNS Bank NL
    Snyk
    Socrata
    Solar Accounts
    Solve 360
    Solve 360
    Solvinity
    Sonatype
    Sony
    Sophos
    SoundCloud
    Sphero
    Spilgames
    SplitWise
    Splunk
    Spokeo
    Sporty Co
    Spotcap
    Spotify
    Spreaker
    Spring Role
    Sprout Social
    Sqreen
    Square
    Starbase
    Starbucks
    Starleaf
    StatusPage.io
    Stellar
    Stellar Gold
    StopTheHacker
    Studielink
    StudiVZ (Report)
    Swachh Coin
    Swiggy
    SwissCom
    Symantec
    Synack
    Synapse
    Synology
    Synosys
    Takealot
    Talent LMS
    TarSnap
    Taxi Butler
    TeeSpring
    Telecom Italia
    Telegram
    Telekom
    Telenet Belgium
    Tendermint
    TenX
    Teradici
    Tesla
    TestBirds
    The Atlantic
    Thinkful
    ThisData
    Thuisbezorgd
    Tictail
    Tinder
    Token Valley
    Tokia
    TorGuard VPN
    TransLoadIt
    Traveloka
    Trend Micro
    Trezor
    Tron Network
    Trustly
    TrustPay
    Tuenti
    Tumblr
    Twilio
    Twitch Interactive
    Twitter
    Typo3
    Uber
    Ubnt
    Ubuntu Server
    Umbraco
    Unchained
    Unitag
    United Airlines
    United Nations
    Unity
    Unocoin
    Uphold
    Upscope
    Upscope
    Upwork
    Valve
    Van Lanschot
    Vanilla
    Vasco
    Venmo (App)
    Verizon
    Viadeo
    ViewPost
    Vimeo
    Virtual Box
    Visma Enterprise Oy
    VK
    Vodafone Security DE
    VSR
    Vu
    Vulnerability Laboratory
    Walmart
    Wamba
    Wave Stone
    We Transfer
    Weave Work
    Web GUI
    Webconverger
    Weblate
    Webmini
    Websecurify
    WeiFund
    Werken Bij Defensie
    Western Union
    WhatRuns
    White Hat Securities
    Wickr
    Winding Tree
    Windows
    Windthorst ISD
    WINGS DAPP
    WINK
    WordPress
    XenProject
    Xiaomi
    XYO Network
    Yahoo
    Yahoo
    Yandex
    Yelp
    YouTube
    Zapier
    Zcoin
    Zenmate
    Zerobrane
    Zerodium
    Zeta
    Zetetic
    Zimbra
    Zimperium
    Zipline
    Zoho
    Zomato
    Zynga


    Fuente:  https://www.vpnmentor.com/blog/the-complete-list-of-bug-bounty-programs/[/list]

    7
    Lista de las mejores técnicas de hacking web del 2019

    Exploiting SSRF in AWS Elastic Beanstalk
    Get pwned by scanning QR Code
    Exploiting Null Byte Buffer Overflow for a $40,000 bounty
    Infiltrating Corporate Intranet Like NSA: Pre-Auth RCE On Leading SSL VPNs
    Unveiling vulnerabilities in WebSocket APIs
    Reverse proxies & Inconsistency
    Abusing HTTP hop-by-hop request headers
    DOMPurify 2.0.0 bypass using mutation XSS
    PHP-FPM RCE(CVE-2019-11043)
    Security analysis of portal element
    Exploiting prototype pollution - RCE in Kibana
    At Home Among Strangers
    HostSplit: Exploitable
    Finding and Exploiting .NET Remoting over HTTP using Deserialisation
    Microsoft Edge (Chromium) - Elevation of Privilege to Potential RCE
    Remote Code Execution via Insecure Deserialization in Telerik UI
    Cross-Site Leaks por SirDarckCat
    Exploiting Spring Boot Actuators
    Owning The Clout Through Server Side Request Forgery
    The world of Site Isolation and compromised renderer
    XSS in GMail's AMP4Email via DOM Clobbering
    Common Security Issues in Financially-Oriented Web Applications
    A Tale of Exploitation in Spreadsheet File Conversions
    Uploading web.config for Fun and Profit 2
    Far Side of Java Remote Protocols
    All is XSS that comes to the .NET
    The Cookie Monster in Your Browsers
    Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
    Exploring Continuous Integration Services as a Bug Bounty Hunter
    Exploiting Deserialisation in ASP.NET via ViewState
    Don't open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, ...
    Bypassing SOP Using the Browser Cache
    SSRF Protocol Smuggling in Plaintext Credential Handlers : LDAP
    Exploiting JNDI Injections in Java
    Reusing Cookies
    Abusing autoresponders and email bounces
    HTTP Desync Attacks: Request Smuggling Reborn
    Let's Make Windows Defender Angry: Antivirus can be an oracle!
    SSO Wars: The Token Menace
    XSS-Auditor — the protector of unprotected and the deceiver of protected
    DoS via Web Cache Poisoning
    Facebook Messenger server random memory exposure through corrupted GIF
    Exploiting padding oracles with fixed IVs
    Getting Shell with XAMLX Files
    Apache Solr Injection Research
    ESI Injection Part 2: Abusing specific implementations
    Backchannel Leaks on Strict Content-Security Policy
    Google Search XSS
    IIS Application vs. Folder Detection During Blackbox Testing

    Fuente y votación por el Top 10: https://portswigger.net/polls/top-10-web-hacking-techniques-2019
    *La votación termina el 27 de enero.

    8
    Seguridad y Hacking / Getting Started With ATT&CK [Ebook]
    « on: Enero 14, 2020, 08:05:49 am »
    "Getting Started With ATT&CK" es un Ebook (PDF) que contiene un compilado de publicaciones de MITRE sobre como utilizar correctamente el framework.


    ...during summer 2019 we decided to write a series of blog posts around getting
    started with ATT&CK. The posts, inspired by Katie Nickels’ Sp4rkcon talk “Putting MITRE
    ATT&CK into Action with What You Have, Where You Are,” were written by members of
    the ATT&CK team and focused on what we consider ATT&CK’s four primary use cases.
    For each use case, the authors laid out advice on how an organization could get started
    with ATT&CK based on available resources and overall maturity.
    This publication pulls together their collective wisdom, originally posted on Medium, into
    a single package. We hope you read it and get some new ideas on getting started with
    ATT&CK. Let us know what you think—we’d love to hear your feedback.

    Adam Pennington
    Principal Cybersecurity Engineer
    ATT&CK Blog Editor in Chief
    MITRE


    https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf

    9
    Noticias y Eventos / DEF CON Las Vegas [Agosto 6 - 9]
    « on: Enero 13, 2020, 09:23:09 pm »
    DEF CON is what you make of it.

    https://defcon.org/

    10
    Noticias y Eventos / Black Hat USA [Agosto 1 - 6]
    « on: Enero 13, 2020, 09:11:45 pm »
    https://www.blackhat.com/index.html

    Black Hat is the most technical and relevant information security event series in the world. For more than 20 years, Black Hat Briefings have provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.

    From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.

    WHAT WE DO
    Briefings
    Black Hat Briefings were created more than 20 years ago to provide security professionals a place to learn the very latest in information security risks, research and trends. Each year, internationally leading security researchers take the stage to share their latest work and exploits in a friendly, vendor-neutral environment. Vulnerabilities are often exposed that impact everything from popular consumer devices to critical international infrastructure and everything in between. Black Hat seeks groundbreaking research to fill both 25 and 50-minute speaking slots for each annual show.

    Trainings
    Black Hat Trainings offer attendees individual technical courses on topics ranging from the latest in penetration testing to exploiting web applications and even defending and building SCADA systems. Often designed exclusively for Black Hat, these hands-on attack and defense courses are taught by industry and subject matter experts from all over the world with the goal of defining and defending tomorrow's information security landscape.

    Review Board + Content Selection
    The Black Hat Review Board is comprised of over 24 of the industry's most credible and distinguished security professionals and thought leaders throughout various areas of the information security community. The Review Board advises Black Hat on its strategic direction, reviewing and programming conference content and providing unparalleled insight into the research community. You can find more information on the Review Board here: www.blackhat.com/review-board.html.

    Black Hat strives to deliver one of the most empirical content selection processes in the industry. All submissions are vetted thoroughly by the Black Hat Review Board. Each submission is reviewed for uniqueness, overall content expertise and accuracy before any selections are made. Through the course of this dynamic review process, the Black Hat Review Board members will frequently ask researchers for clarity on any areas of question in their submissions – whether it be about the uniqueness or audacity of claims made. The best submissions come with academic-grade papers, proof-of-concept code and/or video demonstrations of the work done. Of note, Black Hat does not support pay-for-play Briefings. The Black Hat Briefings are and always have been independently selected based on quality of content and area of expertise rather than sponsorship.

    Attracting Top Talent and Research
    Black Hat is proud of the level of research and vulnerability disclosures that happen onsite each year. We also strongly support and encourage responsible disclosure. To this end, Black Hat has a strong partnership with the Electronic Frontier Foundation (EFF) to provide pro-bono legal consultations to security researchers on the legality of any research or data they plan to present at the annual shows. Black Hat and EFF are dedicated to defending free speech and privacy rights to facilitate the boundary–pushing research and vulnerability disclosure that attendees have come to know and love at each annual show.

    WHO SHOULD ATTEND
    Security Practitioners
    (IT Specialists, Security Analysts, Risk Managers, Security Architects/Engineers, Penetration Testers, Security Software Developers, Cryptographers, Programmers, Government Employees and many more)
    Hone your skills with the latest tools and techniques being used in the industry through Black Hat's intensely technical and relevant Briefings and Trainings. Explore challenges and successes others in the field are experiencing, while collaborating on uses for emerging platforms, development models and best practices.

    Security Executives, Business Developers and Venture Capitalists
    (CISOs, CEOs, Presidents, Directors, VPs, Consultants)
    Take advantage of a multi-billion-dollar industry by networking with other top information security executives, practitioners and potential investors. Gain knowledge of opportunities in the constantly growing information security industry while engaging with the community that is molding the future of the field and trailblazing new ventures. The Black Hat CISO Summit, an exclusive gathering of 200 top industry executives and security industry leaders, ignites open conversations and "think tank" style breakout sessions. This full day of discussions is unique to Black Hat and provides unmatched opportunities for networking and learning.

    Vendor Companies and Sponsors
    (Hardware, Software, Middleware, Services, More)
    Black Hat attracts more than 17,000 of the world's most renowned security experts, executives and attendees, creating the industry's most dynamic and concentrated information security community. Engage this audience over the course of two days by showcasing your latest and greatest innovations, expertise, services and products.

    The Business Hall is the epicenter of where business happens at Black Hat, featuring more than 150 of the industry's top solution providers and start-ups showcasing the latest tools, technologies and services supporting the security community.

    Career Seekers and Recruiters
    (Seasoned Veterans, Students, Schools, Expanding Companies)
    Black Hat provides an opportunity for you to get your name out to the best new and seasoned talent in the industry. Meet face-to-face with the top international talent committed to defining and defending the future of security. Job seekers, meet with the most influential companies and recruiters who are hiring now. Bring your resumes and business cards and make game-changing connections.

    Academia
    (Professors, Students Aged 18+)
    Black Hat provides students with the opportunity to interact with and learn from top industry professionals through conference sessions, networking activities, Business Hall Sessions, and more. There is an academic rate for students and full-time university professors interested in attending.

    https://www.blackhat.com/index.html

    11
    Noticias y Eventos / REcon Montreal [Junio 28 - Julio 4]
    « on: Enero 13, 2020, 09:05:52 pm »
    https://recon.cx/

    WHAT
    REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. It offers a single track of presentations over the span of three days with a focus on reverse engineering and advanced exploitation techniques.

    For more information, including pricing and hotel reservation details, head over to the conference page.

    WHEN
    Conference: June 28 - 30, 2019

    Training: June 24 - 27, 2019

    Training: July 1 - 4, 2019

    WHERE
    REcon will be held in downtown Montreal, Canada at the Hilton Double Tree.

    Some training will be held at Monville a block away from Hilton Double Tree. Training location will be annouced when registration open

    Important Note: As of last year many foreign travelers to Canada will require an Electronic Travel Authorization (eTA) prior to entering the country. Please check the following website to find out if this applies to you: http://www.cic.gc.ca/english/visit/visas.asp

    The second round of talks have been accepted
    We’d like to congratulate the submitters who have been selected for the second phase of the CFP!

    Attacking Hexagon: Security Analysis of Qualcomm's ADSP by Dimitrios Tatsis
    Automating the exploit primitive discovery process in embedded devices by Christopher Roberts
    Automation Techniques in C++ Reverse Engineering by Rolf Rolles
    Burned in Ashes: Baseband Fairy Tale Stories by Guy
    Defeating APT10 Compiler-level Obfuscations by Takahiro Haruyama
    MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection by Colin O'Flynn
    Mining Disputed Territories: Studying Attacker Signatures for Improved Situational Awareness by Juan Andres Guerrero-Saade
    Open-Source Ghidra: The First Few Months by emteere and ghidracadabra
    Reversing and Exploiting Broadcom Bluetooth by Dennis Mantz and jiska
    Seeing Inside the Encrypted Envelope by Natalie Silvanovich
    Snow Crashing Virtual Reality, 2019 Edition by Alex Radocea
    The (Long) Journey To A Multi-Architecture Disassembler by Joan Calvet
    The Backdoor Foundry: A Toolchain for Building Application Specific Implants by Evan Jensen
    The Last Generic Win32k KASLR Defeat in Windows 10 by Alex Ionescu
    The Path to the Payload: Android Edition by Maddie Stone
    The ROM matrix revolutions: Unscrambling bits by Chris Gerlinsky
    The road to Qualcomm TrustZone apps fuzzing by Slava Makkaveev
    Unveiling the underground world of Anti-Cheats by Joel Noguera
    Using WPP and TraceLogging Tracing to Facilitate Dynamic and Static Windows RE by Matt Graeber
    Vectorized Emulation: Putting it all together by Brandon Falk
    April 23, 2019
    The first round of talks have been accepted
    We’d like to congratulate the submitters who have been selected for the first phase of the CFP!

    Burned in Ashes: Baseband Fairy Tale Stories by Guy (@shiftreduce)
    The ROM matrix revolutions: Unscrambling bits by Chris Gerlinsky
    Unveiling the underground world of Anti-Cheats by Joel Noguera
    The Backdoor Foundry: A Toolchain for Building Application Specific Implants by Evan Jensen
    The Path to the Payload: Android Edition by Maddie Stone
    MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection by Colin O'Flynn
    Seeing Inside the Encrypted Envelope by Natalie Silvanovich
    Open-Source Ghidra: The First Few Months by emteere and ghidracadabra
    Attacking Hexagon: Security Analysis of Qualcomm's ADSP by Dimitrios Tatsis

    https://recon.cx/

    12
    Noticias y Eventos / IEEE SP 2020 San Francisco [Mayo 18 - 20]
    « on: Enero 13, 2020, 06:43:27 pm »
    https://www.ieee-security.org/TC/SP2020/index.html

    MAY 18-20, 2020 AT THE HYATT REGENCY, SAN FRANCISCO, CA

    41st IEEE Symposium on
    Security and Privacy

    Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association for Cryptologic Research

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The 2020 Symposium will mark the 41st annual meeting of this flagship conference.

    The Symposium will be held on May 18-20, 2020, and the Security and Privacy Workshops will be held on May 21, 2020. Both events will be in San Francisco, CA at the Hyatt Regency.

    https://www.ieee-security.org/TC/SP2020/index.html

    13
    Noticias y Eventos / NorthSec Montreal [Mayo 10 - 17]
    « on: Enero 13, 2020, 06:39:54 pm »
    https://www.nsec.io/

    Training
    May 10-11-12-13, 2020
    Training
    High-quality training sessions, given by the absolute best experts in their field. We strive to provide the highest level of exclusive content, giving you a unique opportunity to improve your applied security knowledge.

    Conference
    May 14-15, 2020
    Conference
    Subjects covered will be as diverse as pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware and cryptography.

    Competition (CTF)
    May 15-17, 2020
    Competition (CTF)
    Our applied security contest (also called "Capture The Flag") opposes 75 teams of 8 people trying to obtain the most points by capturing flags.


    NorthSec is pleased to announce its high-quality training sessions, given by the absolute best experts in their field. We strive to provide you with the highest level of exclusive content, giving you a unique opportunity to improve your applied security knowledge during NorthSec.

    Training Sessions include
    Full ticket to the NorthSec Conference
    Full ticket to the NorthSec Conference
    Coffee, refreshments, snacks and lunch
    Coffee, refreshments, snacks and lunch
    Special Networking Event
    Special Networking Event
    2020 Sessions
       
    Crypto Attacks and Defenses
    JP Aumasson
    Teserakt
    Philipp Jovanovic
    EPFL DEDIS Lab
    May 12, 13th
    This training familiarizes developers and security professionals of any level with modern cryptography concepts and best practices. It covers basic notions, including randomness generation, authenticated encryption, and elliptic curves, as well as applications like TLS 1.3, password security protocols, libraries and APIs, and software side-channel attacks. Finally, our training offers an overview of advanced topics including post-quantum cryptography. More information

    Mastering Burp Suite Pro 100% Hands-On
    Nicolas Gregoire
    Agarri
    May 11, 12 and 13th
    Burp Suite Pro is the leading tool for auditing Web applications at large. Mastering it allows users to get the most out of the tool, optimizing time spent. Work will be faster, more effective and more efficient. What’s more, advanced automation techniques allow detection of additional vulnerabilities whether complex or subtle. Attendees will also learn to measure the quality of their attacks, a crucial skill in real-life engagements. More information

    Advanced Web Hacking
    Dhruv Shah
    NotSoSecure
    May 11, 12 and 13th
    Advanced Web Hacking class talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This class focuses on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). This hands-on class covers neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. In this class vulnerabilities selected are ones that typically go undetected by modern scanners or the exploitation techniques are not so well known. More information

    Mastering Container Security
    Rory McCune
    NCC Group
    May 12, 13th
    Containers and container orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they really work and how can you attack or secure them? This course takes a deep dive into the world of Linux containers, covering fundamental technologies and practical approaches to attacking and defending container-based systems such as Docker and Kubernetes. In the 2020 version of the course we'll be focusing more on Kubernetes as it emerges as the dominant core of cloud native systems and looking at the wider ecosystem of products which are used in conjunction with Kubernetes. More information

    Dark Side Ops: Malware Dev
    SilentBreak Security
    May 10, 11th
    Dark Side Ops: Malware Dev focuses on the goals, challenges, architecture, and operations of advanced persistent threat (APT) tooling. Participants will dive deep into source code to gain a strong understanding of execution vectors, payload generation, automation, staging, command and control, and exfiltration. More information

    Adversary Tactics: Detection
    SpecterOps
    May 10, 11, 12 and 13th
    Enterprise networks are under constant attack from adversaries of all skill levels. Blue teamers are facing a losing battle; as the attacker only needs to be successful once to gain access. This course builds on standard network defense and incident response (which target flagging known malware) by focusing on abnormal behaviors and the use of attacker Tactics, Techniques, and Procedures (TTPs). We will teach you how to create threat hunting hypotheses based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will use free and open source data collection and analysis tools (Sysmon, ELK and Automated Collection and Enrichment Platform) to gather and analyze large amounts of host information to detect malicious activity. You will use these techniques and toolsets to create threat hunting hypotheses and perform threat hunting in a simulated enterprise network undergoing active compromise from various types of threat actors. More information

    Adversary Tactics: Red Team Ops
    SpecterOps
    May 10, 11, 12 and 13th
    Upgrade your Red Team engagements with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach students how to infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary. Students will use the skillsets taught in Adversary Tactics: Red Team Ops to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Students will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses. More information

    Fine print
    Dates
    Training sessions take place right before the conference from Sunday til Wednesday. Dates vary by individual training, make sure to check. Training sessions start at 9am and finish at 5pm. Trainers can lengthen the schedule if they want to.

    Included
    Full ticket to the NorthSec Conference (Thursday and Friday)
    Coffee, refreshments, snacks and lunch
    Access to a special networking event with drinks on May 12th
    If you already purchased your conference ticket, write us un email at registration@nsec.io to get a refund. Note that we reserve the right to cancel a training if a minimum number of participants isn’t met.

    Pricing
    See individual training pages for pricing.

    Early bird until December 31st: 20% off*
    Not-so Early bird until February 29th: 10% off*
    Student pricing (50% off) is available upon request and on selected training. Contact us for details.
    Prices are in $CAD before taxes and eventbrite fees
    * NEW: There is a 5 ticket per training limit on the number of early bird and not-so early bird tickets. The next early bird pricing will be automatically available when the previous one is sold out.

    Venue
    The training sessions will be hosted at the Downtown Holiday Inn Hotel this year. See our Venue page for details.

    Continuing Professional Education (CPE) Credits
    We can emit proof of CPE credits for those who are certified through (ISC)2 upon request.

    16 CPE credits for a two-day training session
    24 CPE credits for a three-day training session
    32 CPE credits for a four-day training session


    https://www.nsec.io/

    14
    Noticias y Eventos / THOTCON Chicago [Mayo 8 - 9]
    « on: Enero 13, 2020, 06:36:46 pm »

    ***************************************************************************
    ***BEGIN THOTCON TRANSMISSION**********************************************
      _____     _   _      U  ___ u   _____      ____     U  ___ u   _   _     
     |_ " _|   |'| |'|      \/"_ \/  |_ " _|  U /"___|     \/"_ \/  | \ |"|   
       | |    /| |_| |\     | | | |    | |    \| | u       | | | | <|  \| |>   
      /| |\   U|  _  |u .-,_| |_| |   /| |\    | |/__  .-,_| |_| | U| |\  |u   
     u |_|U    |_| |_|   \_)-\___/   u |_|U     \____|  \_)-\___/   |_| \_|   
     _// \\_   //   \\        \\     _// \\_   _// \\        \\     ||   \\,-.
    (__) (__) (_") ("_)      (__)   (__) (__) (__)(__)      (__)    (_")  (_/ 

    What: THOTCON 0xB - Chicago's Hacking Conference

    When: May 8th & 9th, 2020

    Where: TOP_SECRET (no joke!) / совершенно секретно / 絕密

    Tickets: SOLD OUT!

    Call For Papers/Villages: CLOSED!
    Subscribe to our mailing list:

    Email Address
     


    B3 S0c14l: Twitter * IRC/freenode/#THOTCON
    THOTCON is a hacking conference based in Chicago IL, USA. This is a non-pro
    fit, non-commercial event looking to provide the best conference possible o
    n a limited budget.

    Once you attend a THOTCON event, you will have experienced one of the best
    information security conferences in the world combined with a uniquely casu
    al and social experience.

    THOTCON 0xB is the eleventh incarnation of this event and will be held on a
     Friday and Saturday, May 8th and 9th, 2020.

    The conference will be held at a location only to be disclosed to attendees
    and speakers during the week before the event. For more information, explor
    e this site or contact us at info@thotcon.org.

    Выпить все бухло, взломать все вещи!

    THOTCON is produced by THOTCON Infinity NFP, a tax-exempt 501(c)(3) nonprof
    it organization.
    Make a tax deductible donation to help create a sustainable THOTCON!

    We value inclusion and diversity at our events and strictly enforce
    our Code of Conduct.

    *** THOTCON Future Hacker Scholarship ***

    This is a unique, one-time $5,000.00 USD award designed to help a future ha
    cker with their higher education ambitions.

    For more information please visit our Scholarship page.
    ***END THOTCON TRANSMISSION************************************************
    ***************************************************************************

    THOTCON INFOBLOX v.B BUB-RC75
    312K RAM FREE

    Ready.

    15
    Noticias y Eventos / SANS 2020 Orlando [Abril 3 - 10]
    « on: Enero 13, 2020, 06:34:43 pm »
    https://www.sans.org/event/sans-2020

    Learn how to prevent, detect and respond to today’s cyber threats with cyber security training in Orlando
    SANS provides practical training that addresses the challenges you face daily as a cyber security professional. Join us in Orlando at SANS 2020 (April 3-10), and experience relevant training that will help you sharpen your skills and become more effective at your job. Choose from more than 50 courses!

    Please check the schedule for course dates. Courses may begin and end on different days during the week of training.

    Two-Day Courses Begin: Friday, April 3
    Welcome Reception & Early Check-In: Saturday, April 4
    Four-, Five- and Six-Day Courses Begin: Sunday, April 5
    NetWars: Wednesday, April 8 and Thursday, April 9
    Don't miss this opportunity to strengthen your information security skillset with cutting-edge training from SANS in Orlando! Choose your course and register now.

    What attendees say about their SANS training experience:
    “Top-notch, up-to-date security training taught by industry leaders.” - Randy Jackson, Amazon

    “I left SANS with a deeper understanding of each topic we covered, and new long-term career goals. I've attended a 5-day training course with a different organization in the past, and the quality of teaching and content doesn't begin to compare to SANS.” - Nicholas Marquez CenterState Bank

    Nothing beats the SANS live training experience but if you are unable to attend learn how you can attend remotely.

    https://www.sans.org/event/sans-2020

    Páginas: [1] 2 3 4