- Видео 254
- Просмотров 48 114
Redfox Security
США
Добавлен 12 июл 2022
Have you ever heard of a fox guarding the hen house? That's us at Redfox Security - a team of expert pen testers dedicated to protecting your business from threats and helping it grow securely.
With over a decade of global security consulting experience, we know how to keep your business safe. We don't just identify and resolve security risks; we disrupt the status quo of security testing.
As a fast-growing penetration testing firm operating in four countries, we specialize in all aspects of penetration testing. From startups to large corporations, we've got you covered.
Our Services:
Web Application Penetration Testing
API Penetration Testing
Internal Network Penetration Testing
External Network Penetration Testing
Mobile Application Penetration Testing
Active Directory Security Assessments
PCI DSS Security Assessments
Red Teaming
Offensive Cyber Security Training
Let's partner to help your business grow securely. Contact Redfox Security today!
With over a decade of global security consulting experience, we know how to keep your business safe. We don't just identify and resolve security risks; we disrupt the status quo of security testing.
As a fast-growing penetration testing firm operating in four countries, we specialize in all aspects of penetration testing. From startups to large corporations, we've got you covered.
Our Services:
Web Application Penetration Testing
API Penetration Testing
Internal Network Penetration Testing
External Network Penetration Testing
Mobile Application Penetration Testing
Active Directory Security Assessments
PCI DSS Security Assessments
Red Teaming
Offensive Cyber Security Training
Let's partner to help your business grow securely. Contact Redfox Security today!
Understanding Insecure Data Storage
Learn how to identify and exploit insecure data storage vulnerabilities in mobile applications! This video breaks down the risks associated with improper data storage practices, such as saving sensitive information in unprotected locations on the device. Discover the tools and techniques used to detect insecure storage and understand the potential impact on app security. This guide is crucial for security professionals and penetration testers looking to safeguard mobile apps from data breaches.
🔐 Key Topics Covered:
▶️Overview of insecure data storage in mobile apps
▶️Common data storage vulnerabilities
▶️Tools to identify and exploit insecure storage
▶️Practical demonstrations of real-world s...
🔐 Key Topics Covered:
▶️Overview of insecure data storage in mobile apps
▶️Common data storage vulnerabilities
▶️Tools to identify and exploit insecure storage
▶️Practical demonstrations of real-world s...
Просмотров: 23
Видео
iOS: Broken Cryptography
Просмотров 292 часа назад
Delve into the critical issue of broken cryptography in mobile applications! This video explores how vulnerabilities in cryptographic implementations can expose sensitive data and compromise app security. Learn about common cryptographic flaws, their implications, and practical techniques to identify and exploit these weaknesses during penetration testing. This tutorial is essential for securit...
Want to MASTER Android Pentesting? Watch This Now!
Просмотров 4734 часа назад
Want to MASTER Android Pentesting? Watch This Now! In this video, we break down essential mobile app vulnerabilities and provide practical guidance on securing them. Starting with an overview, we dive into each vulnerability: * Hardcoded Credentials - What they are, how they’re exploited, and how to prevent them. * Insecure Logging - Risks of improper logging, exploitation methods, and secure l...
iOS Exploring SSL Pinning Bypass
Просмотров 1517 часов назад
Discover how to bypass SSL pinning in iOS applications and unlock full visibility into network traffic! This tutorial covers the mechanisms behind SSL pinning, why it's critical for app security, and demonstrates effective techniques to bypass it during penetration testing. Essential for security professionals, the video provides hands-on examples, using practical tools to bypass SSL pinning an...
You Won't Believe the EASY Way to Bypass Jailbreak Detection
Просмотров 1059 часов назад
Unlock the techniques to bypass jailbreak detection in iOS applications! This tutorial dives into the methods used by apps to detect jailbreak environments and demonstrates how to bypass these restrictions for deeper security testing and analysis. The video covers practical tools and strategies that every mobile security professional should know when performing penetration testing on iOS apps. ...
Exploit IDOR and File Upload Vulnerabilities Like a Pro with Burp Suite
Просмотров 8612 часов назад
Exploit IDOR and File Upload Vulnerabilities Like a Pro with Burp Suite
The Surprising Truth About Burp Suite's Collaborator Nobody Tells You
Просмотров 16814 часов назад
The Surprising Truth About Burp Suite's Collaborator Nobody Tells You
MASTERING CSRF Exploitation with Burp Suite
Просмотров 6916 часов назад
MASTERING CSRF Exploitation with Burp Suite
BURP SUITE SECRETS: Mastering Automated Scans and Repeater in 2024
Просмотров 9719 часов назад
BURP SUITE SECRETS: Mastering Automated Scans and Repeater in 2024
Expert Pentesters Reveal Top iOS Mobile App Vulnerabilities!
Просмотров 1,1 тыс.21 час назад
Expert Pentesters Reveal Top iOS Mobile App Vulnerabilities!
Automated Testing on STEROIDS with Burp Suite's Intruder!
Просмотров 134День назад
Automated Testing on STEROIDS with Burp Suite's Intruder!
ADCS Hacked: The ESC7 Attack Explained
Просмотров 150День назад
ADCS Hacked: The ESC7 Attack Explained
Install and Configure Burpsuite Like a PRO - Redfox Security
Просмотров 108День назад
Install and Configure Burpsuite Like a PRO - Redfox Security
Mastering Burp Suite: Your Guide to Web Security Testing
Просмотров 515День назад
Mastering Burp Suite: Your Guide to Web Security Testing
MIND-BLOWING Kerberos Secrets Revealed with Mimikatz [Silver Tickets]
Просмотров 17814 дней назад
MIND-BLOWING Kerberos Secrets Revealed with Mimikatz [Silver Tickets]
ADCS Hacked: The ESC6 Attack Explained
Просмотров 11014 дней назад
ADCS Hacked: The ESC6 Attack Explained
The Shocking Truth About ESC4, ESC5, ESC6 and ESC7 Attacks [Demo]
Просмотров 37914 дней назад
The Shocking Truth About ESC4, ESC5, ESC6 and ESC7 Attacks [Demo]
Mimikatz: The Tool That Changed Hacking Forever
Просмотров 24914 дней назад
Mimikatz: The Tool That Changed Hacking Forever
ADCS Hacked: The ESC5 Attack Explained
Просмотров 9814 дней назад
ADCS Hacked: The ESC5 Attack Explained
The Shocking Truth About ADCS Templates Nobody Tells You [ESC4]
Просмотров 9414 дней назад
The Shocking Truth About ADCS Templates Nobody Tells You [ESC4]
BloodHound BOOTCAMP From ZERO to HERO in 30 Days! (Part 1)
Просмотров 18421 день назад
BloodHound BOOTCAMP From ZERO to HERO in 30 Days! (Part 1)
STOP IPv6 DNS Takeover Attacks from RUINING Your Network
Просмотров 7121 день назад
STOP IPv6 DNS Takeover Attacks from RUINING Your Network
The Shocking Truth About ESC1, ESC2, ESC3 Attacks [Demo]
Просмотров 84221 день назад
The Shocking Truth About ESC1, ESC2, ESC3 Attacks [Demo]
You Won't Believe How Easy IPv6 DNS Takeover Attacks Are!
Просмотров 23521 день назад
You Won't Believe How Easy IPv6 DNS Takeover Attacks Are!
The SHOCKING Truth About DNS Takeover Attacks in IPv6
Просмотров 20121 день назад
The SHOCKING Truth About DNS Takeover Attacks in IPv6
ESC3 Explained | Practical Guide and Prevention Tips
Просмотров 6628 дней назад
ESC3 Explained | Practical Guide and Prevention Tips
ESC2: Practical Guide & Prevention Tips | Safeguard Your Enterprise from Cyber Threats
Просмотров 16028 дней назад
ESC2: Practical Guide & Prevention Tips | Safeguard Your Enterprise from Cyber Threats
Unlocking ESC1: Practical Guide and Security Tips
Просмотров 96Месяц назад
Unlocking ESC1: Practical Guide and Security Tips
Active Directory Enumeration & BloodHound: Mapping AD Like a Pro
Просмотров 416Месяц назад
Active Directory Enumeration & BloodHound: Mapping AD Like a Pro
Get Ready for the FASTEST ADCS Crash Course Ever
Просмотров 89Месяц назад
Get Ready for the FASTEST ADCS Crash Course Ever
I'm working as a pentester in one of the organizations and I'm following you guys almost all videos on RUclips just to enhance my knowledge. I'm now started learning Pentest for Mobile apps. Can I know what if we are not able to bypass Root detection and SSL pinning? Do we have to ask the dev team to remove them and send the APK or IPA back? Is it the process that all the organizations are doing currently? This is the second time I'm commenting same question, can I have a reply?
How can i contact with you brother?!
Thank you for reaching out! You can connect with us through our official website redfoxsec.com. Feel free to drop us a message, and our team will be happy to assist you!
@@redfoxsec is their any telegram contact
I didn’t know much about Android testing before watching this video, but it was a huge help! The explanation of the filesystem in Android was also super clear.
We're glad to hear that the video helped you better understand Android pen testing. The filesystem can be tricky, but it's great that you found the explanation clear.
What’s crazy is I was just looking into ssl pinning hours ago
I'm working as a pentester in one of the organisations and I'm following you guys almost all videos on RUclips just to enhance my knowledge. I'm now started learning Pentest for Mobile apps. Can I know what if we are not able to bypass Root detection and SSL pinning? Do we have to ask the dev team to remove them and send the APK or IPA back? Is it the process that all the organisations are doing currently?
Can I have a reply?
That neck movement 💯
😭😭
Right?! That neck movement was on point! 🔥👌 Glad you noticed it! 😄
Are you guys gonna make a video on ESC15?
Yes, ESC15 is definitely on our radar! It's in our bucket list, and we’re planning to drop a video on it soon. Stay tuned, it's coming! 💪🎥
@@redfoxsec that's great! Looking forward to it
👍
Good presentation
Thank you! We're glad you enjoyed the presentation!
👍
❤❤❤❤
Thanks for your interest! 🙌 Be sure to check out our channel, We've got some great penetration testing videos already up and more coming soon! 🔐💻
Kya baat hai Sashi babu❤❤❤
So once we get the NTLMv2 hash via PetitPotam, is there any other way to get the TGT without messing with ADCS ?
Also, it is mentioned that relaying to the same domain controller isn't possible, but what if we try relaying the NTLMv2 hash from DC01 to DC02 ?
@BlackwinghacksBlogspot To get a TGT, a certificate is required, and getting that certificate involves interacting with ADCS. However, if you already have the certificate, you can directly authenticate with the Domain Controller to obtain the TGT.
@BlackwinghacksBlogspot Yes, it is possible to relay the NTLMv2 hash from DC01 to DC02.
@@redfoxsec thanks guys
can you pls tell about if we get the parameter or endpoint and testing xss there how we will get to know that the parameter is vulnerable to xss and if it is vulnerable how we will determine the type of xss payload will going to work
To test if a parameter is vulnerable to XSS, start by injecting a basic payload like "<script>alert(1)</script>". If the alert pops up in the browser, the parameter is likely vulnerable. To determine the type of XSS: Reflected XSS: The payload is immediately reflected in the response and executed. Stored XSS: The payload is stored on the server and executed later. DOM-based XSS: The vulnerability occurs in the page's JavaScript itself. Tailor your payload based on where the input is reflected (HTML, attributes, or script tags). Keep adjusting based on how the application reacts to find the exact payload that works. It's common for the application to URL-encode characters like < (%3C) and > (%3E) to sanitize input. In such cases, you can try encoding your payload manually. For example, injecting %3Cscript%3Ealert(1)%3C%2Fscript%3E in Burp Suite's request could reveal vulnerabilities if the app decodes and executes it. Additionally, you can manually obfuscate XSS payloads to bypass filters or Web Application Firewalls (WAFs). If manual obfuscation doesn't work, consider using more advanced payloads available on GitHub specifically designed to bypass WAFs. Testing different encoding formats (e.g., URL-encoded, HTML-encoded) may also help expose vulnerabilities. XSS is a broad and complex topic, so we hope this helps answer your questions! In case of any further queries, feel free to ask. Don’t forget to like, share, and subscribe for more content like this.
@@redfoxsec ohkk now I understood thank you so much for such a nice explanation :)
Good try, sound could be better
Our mic was having an off day! We'll make sure it gets a pep talk before the next recording!
I have my research.... I want to ask few doubts.... how can I get in contact with your trainer and where I can find...... Btw very good video 💯
How can we help you?
❤❤❤❤
You are right bro
Thanks a million for priceless information
Glad it was helpful!
Hidden gem
❤❤❤👌👌👌👌👌👌
Great video! I think your English is fairly good, and the subtitles help a lot! Good luck with the channel, i'd say cut down on dead-air a bit more, lots of channels are doing this to keep retention time to the end of the clip!
Appreciate it! We'll be sure to keep the dead-air to a minimum-unless it's a super awkward pause for comedic effect! 😄
As a fresher can i get a job in Red fox security?
Only if you can outsmart a fox! Just kidding, freshers are welcome too - just bring your A-game! Please apply through our company website :)
other than Portswigger can you recommend me some labs?
When running the petitpotam i get unauthorized response from AD CS at relay server that is listening why is that? Also my CA and DC are in the same server
Relaying back to the same machine over the network is patched for all protocols (in your case, CA and DC are the same machines). Hope this helps :).
2024-09-11 18:23:33.326 ios-deploy[77678:3048952] [ !! ] Error 0xe8008015: A valid provisioning profile for this executable was not found. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0) getting this error when deploying dvia app
Great work guys! Any chance you could do a video on PXETHIEF?
Thanks so much for the kind words and for the suggestion! We appreciate your support and will look into PXETHIEF!
Great work man!!! Keep it up!!❤❤🎉🎉
너무 유익해요!!너무 유익해요!!너무 유익해요!!너무 유익해요!!너무 유익해요!!너무 유익해요!!너무 유익해요!!
Can we do these things without XCode? because not everyone has MAC right !! Also first one to comment lol😎🤧
Well you can do one thing 😉 Install mac on VMware
This work for iOS 17?
Yes, it should work.
@@redfoxsec thanks for your answer. I am going to try it this weekend. Are you going to release an iOS pentesting course soon?
Yes, It will be out soon
Very good content Gourav . Keep it up
Absolutely loved it! Looking forward to learn more from you :)
This tutorial is very informative . Kindly post more videos regarding iOS pentesting. keep it up 💪💪🦊
I always hear this sentence, 95% of the fortune 500 companies - can you explain this a little? Whenever going through any AD PDFs I see this sentence mentioned.
Ah, the elusive 95%! It's like the secret sauce in a hacking recipe-everyone knows about it, because 90% of the world use Windows operating system
@@redfoxsec got you.
We need an English version
Totally hear you! An English version would be awesome-let’s make it happen!
Red Teaming is the first love for all infosec people in their careers ❤😂. I don't think anyone ever moved to SOC at the beginning of his career.
Thank you for this brilliant video-I’ve learned so much! I have a small request: Would you consider creating a follow-up video on BloodHound enumeration? It could be an excellent addition to this fantastic series. The BloodHound tool, especially its dashboard, can feel quite overwhelming depending on the AD environment, and guidance on finding the shortest path to domain admin would be incredibly valuable. If possible, a deep dive into Mimikatz in a future video would also be greatly appreciated. I understand this might be a big ask, but your expertise would be incredibly helpful. Thank you for considering it!
Thank you so much for your kind words and insightful request! We are thrilled to hear you learned a lot from the video. We truly appreciate your suggestions and will definitely keep them in mind for future content!
Global outrage due to crowdsrike. How can these kinds of mistakes can be done by cybersecurity experts while delivering the updates to secure the system. Can't they rollback the updates
It’s like trying to fix a flat tire while driving-sometimes, you just end up with a bigger mess! Rollbacks should be a safety net, but they can be tricky to deploy.
Crystal clear concept for Active Directory ❤. Awesome.
As a beginner in AD what should be first approach for someone to jump in this topic?
Start by learning the fundamentals of Active Directory using the Microsoft guide- learn.microsoft.com/en-us/training/paths/active-directory-domain-services/ Once you have a good grasp of the basics, move on to understanding AD attacks and the tools used for them. To advance your skills and become an expert, consider enrolling in our Windows Red Teaming Course academy.redfoxsec.com
@@redfoxsec Amazing, team Redfox. I have shared your RUclips references in our org for training our new hires and students.
Interesting
Thanks for watching :)
Why are you not making a series? It's difficult for the viewers to know what you're discussing. Please give us a reminder of the topic prior to having a live session.
Thanks for the feedback. We will try to incorporate this in our process :).
Hex encoding is the best.
Great video buddy!! it will be good if you take any application rather than .Net application for further lectures as every where (Most of) only .Net application used to give lectures in RUclips
Great video!!
We really appreciate your kind words! Your support means a lot to me!
Understanding the accepted inputs is the first step.
I expect more information but it's like common search on Google.. but its reality I facing difficulty to find an search results.. same question and answer.. what is you provide?
Thanks for the feedback.
seo your video otherwise you wouldn't get views
Thanks for your feedback.
@@redfoxsec how are you?