- Видео 40
- Просмотров 330 653
Netsec Explained
Добавлен 12 фев 2018
Unlock the secrets of leading security consultants!
Netsec Explained provides practical guides to advanced security topics. We show you the tools, techniques, and procedures to be successful in this field.
GTKlondike
Netsec Explained provides practical guides to advanced security topics. We show you the tools, techniques, and procedures to be successful in this field.
GTKlondike
Getting Started in AI CTFs
If you've ever wanted to learn about AI CTFs, this video should help you get started. Links below.
00:51 - Past AIV CTFs
03:27 - Adversarial Robustness Toolbox (ART)
04:08 - HopSkipJump Attack
06:46 - Model Inversion Attack
09:06 - How to Plan a Red Team
10:46 - An Introduction to NVIDIA's AI Red Team
12:50 - Universal Adversarial Attacks on LLMs
13:58 - A Cyberpunks Guide to Attacking Generative AI
* Kaggle - Past AI Village CTFs: www.kaggle.com/competitions/ai-village-capture-the-flag-defcon31/code
* Adversarial Robustness Toolbox (ART): github.com/Trusted-AI/adversarial-robustness-toolbox
* ART - HopSkipJump Attack: github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/attack_h...
00:51 - Past AIV CTFs
03:27 - Adversarial Robustness Toolbox (ART)
04:08 - HopSkipJump Attack
06:46 - Model Inversion Attack
09:06 - How to Plan a Red Team
10:46 - An Introduction to NVIDIA's AI Red Team
12:50 - Universal Adversarial Attacks on LLMs
13:58 - A Cyberpunks Guide to Attacking Generative AI
* Kaggle - Past AI Village CTFs: www.kaggle.com/competitions/ai-village-capture-the-flag-defcon31/code
* Adversarial Robustness Toolbox (ART): github.com/Trusted-AI/adversarial-robustness-toolbox
* ART - HopSkipJump Attack: github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/attack_h...
Просмотров: 2 117
Видео
The Cyberpunks Guide to Attacking Generative AI
Просмотров 1,2 тыс.Месяц назад
Companies are putting generative AI into their products, regardless of whether or not it makes sense to do so. And their poor security teams are stuck trying to figure out how they even work in the first place. AI may be the future, so here's your Cyberpunks Guide to Hacking GenAI! * Attacking and Defending Generative AI - github.com/NetsecExplained/Attacking-and-Defending-Generative-AI * Threa...
3 Things You Need to Know for Modern Application Hacking
Просмотров 1,6 тыс.8 месяцев назад
If you want to build a career hacking modern applications, then you absolutely need to know how they're made. Whether you're doing bounties or pentesting, understanding these three things will make you a much better bug hunter. In this video, we're going to walk through how modern applications are built so that you can better understand and exploit them. And, as a bonus, I'm going to give you a...
What Time is the 3 O' Clock Parade? | Soft Skills for Hackers
Просмотров 6179 месяцев назад
If you want to be successful in cybersecurity, you can't just rely on your technical skills, you need to work on your soft skills too. In this video, I show you an exercise that has greatly increased my ability to communicate with others by really understanding the questions they're asking. Enjoy! #ethicalhacking #infosec #cybersecurity
STRIDE Threat Modeling for Beginners - In 20 Minutes
Просмотров 29 тыс.10 месяцев назад
If I could save a company a million dollars on their security budget every year, this is how I'd do it! While most people don't think of threat modeling as the sexiest exercise, it can actually be pretty exciting. Trust me when I say this, I wish I had learned how to do threat modeling much earlier when I was first starting out in consulting and bug hunting. It would have saved a lot of time, a...
Little Known Web Hack for Quick Admin Access
Просмотров 1,9 тыс.10 месяцев назад
If you haven't heard of Mass Assignment, you're not alone. It's one of the best kept secrets in bug hunting, and that's why TODAY I want to tell you about it. Make sure you watch to the end of the video, where I show you how to pull this off in a real application. * How to run Juice Shop on Docker - ruclips.net/video/xwcPgeEFnuM/видео.html * UliCMS Docker lab - github.com/NetsecExplained/docker...
Master Burp Suite Like A Pro In Just 1 Hour
Просмотров 71 тыс.11 месяцев назад
One of the most common problems with modern tutorials for tools is that they tend to sound a lot like man-pages or documentation. For instance, they'll tell you all about the little command flags, all the little buttons you can click on; but something that they seem to miss out on is "WHY you would use each of these options?" So, for this video, we're going to do things a little different. Inst...
Hitting the Digital Wall - How to Deal With Burnout
Просмотров 29511 месяцев назад
Look, it's no secret that network security is hard - it's demanding. And it's very common for many of us in the field to go through burnout not once, but several times in our careers. In fact, I would say it's not a matter of IF but a matter of WHEN; and WHEN you go through burnout, I want to give you the skills to take care of yourself properly. By the end of this video, you're going to have a...
Pivot Through Multiple Networks | Master Network Pivoting
Просмотров 5 тыс.Год назад
OK, Here's the situation: You social engineered your way through the lobby and made it to the back office. You didn't have a lot of time to hang around, but you did manage to implant a jump host into their network. Now that you're back home, let's pivot through the network and steal the crown jewels. 0:00 The Scenario 0:47 Multi-hop Pivot 3:20 Detailed Explanation 5:50 RDP Through the Tunnel 9:...
ChatGPT for Cybersecurity | Step-by-Step Guide
Просмотров 1,1 тыс.Год назад
ChatGPT: Your Cybersecurity Ally In this talk, we'll dive into how ChatGPT can enhance your existing workflow and provide valuable insights. We'll start with a brief overview of what GPT models are, how to craft the perfect prompt, and then focus on cybersecurity specific use cases for day-to-day operations. Bio: Gavin Klondike (@GTKlondike) is the head of workshops and demos at the AI Village....
Tunneling Through Protected Networks | Master Network Pivoting
Просмотров 5 тыс.Год назад
It's late at night, and you've just gained remote code execution on another server. You have a foothold in their environment now, but how do you take this even further? This video is going to be the first in a short series, talking all about network pivoting. Throughout the series, we're going to be covering a number of common challenges that you'll face on a typical red team engagement. 0:00 T...
Full SQL Injection Tutorial | Episode 3: Blind SQL Injection A-Z
Просмотров 1,7 тыс.Год назад
In blind SQL injection, we can still query the database and cause some subtle changes in the way the application responds. The idea is that we craft special queries to ask yes/no questions. If the answer is YES, then we get response A. If the answer is NO, then we get response B. PortSwigger Blind SQL portswigger.net/web-security/sql-injection/blind ASCII Table www.asciitable.com/ Building a Ho...
Full SQL Injection Tutorial | Episode 2: In-band SQL Injection
Просмотров 1,3 тыс.Год назад
SQL injection happens when user input can be injected into database queries. As a result, attackers can retrieve all sorts of juicy information from the database. In fact, many of the worlds most high-profile data breaches were the result of SQL injection attacks. In this video, we have some fantastic demos so make sure you watch till the end. If you haven't already checked out Part 1, where we...
Full SQL Injection Tutorial | Episode 1: SQL Basics in 15 Minutes
Просмотров 1,3 тыс.2 года назад
I've recently had a few people asking for a full zero-to-hero course on SQL Injection. So, in the next 3 or 4 videos I'm going to cover what SQL injections are, how they work, and different ways to exploit them. The breakdown at this point is to use this first video to walk through a little background on SQL itself. In the next video, we're going to cover some SQL injection basics. After that, ...
Cloud Pentesting - IAM Enumeration for Privilege Escalation
Просмотров 2,1 тыс.2 года назад
If you haven't dabbled in Cloud Pentesting, I highly recommend it. It's a lot of fun and a great way to experience cloud in a way that most devops teams miss when managing IAM permissions. In this video, I'm going to show you two tools that are great for analyzing IAM permissions, and looking for privilege escalation within an AWS environment. Become an IAM Policy Master in 60 Minutes or Less -...
Advanced Local and Remote File Inclusion - PHP Wrappers
Просмотров 10 тыс.2 года назад
Advanced Local and Remote File Inclusion - PHP Wrappers
Bug Bounty and Pentesting with Docker
Просмотров 3 тыс.2 года назад
Bug Bounty and Pentesting with Docker
Exploit Java Deserialization | Exploiting JBoss 6.1.0
Просмотров 4,2 тыс.2 года назад
Exploit Java Deserialization | Exploiting JBoss 6.1.0
Exploit Java Deserialization | Discovering Insecure Deserialization
Просмотров 7 тыс.2 года назад
Exploit Java Deserialization | Discovering Insecure Deserialization
Exploit Java Deserialization | Understanding Serialized Data
Просмотров 7 тыс.3 года назад
Exploit Java Deserialization | Understanding Serialized Data
Advanced Nmap - Scanning Large Scale Networks
Просмотров 4,8 тыс.4 года назад
Advanced Nmap - Scanning Large Scale Networks
6 Types of Hackers That Don't Exist (and 5 More That Do)
Просмотров 7674 года назад
6 Types of Hackers That Don't Exist (and 5 More That Do)
Machine Learning for Security Analysts - Part 3: Malicious URL Predictor
Просмотров 12 тыс.4 года назад
Machine Learning for Security Analysts - Part 3: Malicious URL Predictor
Machine Learning for Security Analysts - Part 2: Building a Spam Filter
Просмотров 2,3 тыс.5 лет назад
Machine Learning for Security Analysts - Part 2: Building a Spam Filter
Machine Learning for Security Analysts - Part 1: The Machine Learning Process
Просмотров 3,1 тыс.5 лет назад
Machine Learning for Security Analysts - Part 1: The Machine Learning Process
Advanced Wireshark Network Forensics - Part 3/3
Просмотров 13 тыс.5 лет назад
Advanced Wireshark Network Forensics - Part 3/3
Advanced Wireshark Network Forensics - Part 2/3
Просмотров 18 тыс.5 лет назад
Advanced Wireshark Network Forensics - Part 2/3
Advanced Wireshark Network Forensics - Part 1/3
Просмотров 24 тыс.5 лет назад
Advanced Wireshark Network Forensics - Part 1/3
This is the most useful video on threat modeling on the internet! thank you for making it!
Beautiful, Congratulation Netsec, I have watched a lot of sec videos and this is very usefull
Thank You for the informational video! I'm currently studying network forensics from CCD, this video helped me understanding the concept bit clear. Please do more of these.
@NetsecExplained I have started new journey from CyberSecOps to AppSec/PT. This is a best ever Burp Suite tutorial I have gone through. Thank you so much for your great contribution. Keep going :)
@NetsecExplained I have started new journey from CyberSecOps to AppSec/PT. This is a best ever Burp Suite tutorial I have gone through. Thank you so much for your great contribution. Keep going :)
do you have any fiction book recommendations that is based on genAI, deep fake tech ?
I recommend the Sprawl Trilogy by William Gibson: Neuromancer, Count Zero, Mona Lisa Overdrive. You'll really like the way they used limiters on the AI systems to stop them from trying to take over the world. That and the "subluminal" that one of the characters use to manipulate the others. Think deepfakes irl.
This sounds so cool, I'm in my last 4 months at college studying data leaning heavy into AI / machine learning. I've used Kaggle some and really enjoy it. instantly subbed
Q: Do you have an interceptor on ?
Yes. In the video, there's a few places where I do use the Burp proxy interceptor.
This is simply magnificent ✨
Awesome content, bro! Just wondering, when can we expect the full pentesting methodology video? It's been about 10 months now
I'm putting the course together. Since it will be everything that I know about pentesting, I won't be able to release it for free on RUclips.
You did a good job, keep it up
Thank you very much, the explanation you have given is very helpful for me in learning the Burpsuite tool👍👍👍
Glad it was helpful!
The information you get from this video is a solid introduction. Great job!!! Thank you.
Hats Off this is the best explanation of the vulnerability ! Thanks For Video !
Thank you for a FANTASTIC overview of Burp Suite!
Thanks for the video man, really appreciate it.
Do for Wireshark, Nmap, OpenVAS, Nessus, Metasploit, BeEF, OWASP ZAP, Aircrack - ng, Kismet, Autopsy, Volatility
Great suggestions! I'll get right on those.
Make the full pentest methodology
Sir It's working or not
Thank you
Nice job G! Great video
Excellent video
This is cool info - thank you for sharing!
This is a fascinating video, big thanks
This is awesome. Thanks!
Music is perfect, not too loud and keeps your mind on the task 🎵 thanks for these videos
I just completed my graduation in AI/ML and I've been looking at this LLM pentesting for a while , this video really does provide a lot of stuff about it...
Glad this helps. If you're looking for doing actual AI/ML red teaming, there's a fantastic guide by Will Pearce on Nvidia's blog you should check out.
This was an amazing video , loved the concepts explained with the help of examples rather than a basic tutorial. Hey , I am learning cyber security from basics would you recommend a specific path or is there a wat i can contact you for guidance?
Depends on what you want to do. I recommend learning the basics and getting a strong foundation. Security+ is an OK place to start, Cisco has their Cyberops certification that I also highly recommend. Then decide if you want to do red team, blue team, forensics, GRC, etc. For blue team, blue team labs has decent training. For pentesting, I'd start with web apps and Portswigger Academy has good (free!) material. If you're not sure what to do, try them both.
Thank you .Even though it has been 5 years,seems to me that this video is amazing;Very helpful. I wish you would make more videos like this one.Also, lots of details,and links to different websites . Thank you
Glad this was helpful! I have so much info in my head I'd like to share but at some point I'd like to circle back around to network forensics. That's where I started and think it would be a good area to add more than just the basics.
This is awesome and I can't wait to watch your full pentest methodology! Hats up.
It is really good tutorial thank you. I will also be happy to fully understand what it is like to see a full steps in pentesting and I will wait with anticipation. Thank you again. Subscribing and liking the video.
PERFECT
I'm so glad I came across your video. It prepared me for a job interview. Thank you so much!
keep going and make more videos on web and pt plz
its awsome is there any way to donate so we can get more tutorial like this
Glad you liked it! Not quite yet, I'm balancing videos with a full time job at a high-paced startup. When I get to a point I can release more regularly, then I will absolutely pour more time into them. For now, give me ideas on topics.
how did your burp crashed and how did you fixed this
My VM ran out of memory 😞
I have something to comment. But I will leave as a homework for You
😆 It's really the only way to learn some of this stuff.
very good content I used burp suit doing ctf walks throughs but didn't understand what it was actually doing and had to assume what it was doing but I can actually say I understand some of it
Can you please help in the HW I made the intercept request of product id 38 but it's not comming Why ?
How has this been around for 5 years and old got this many views / likes !!!!!!😢
💯
need ansewers for homeworks as a beginner 😭
Well done. easy to understand and straight to the point.
Very informative 🙏
This is excellent material. I hope you’ll create more content like this or even consider developing a course. It’s very well explained.
Great video! it was pretty quick and covered a ton of useful stuff about Burp. You earned a sub. Now, How about one focusing on testing APIs?
Great idea! I'll do that soon.
Thank you, this was not explained well in other places with scenarios
Glad it helped!
@@NetsecExplained where I’m confused, is how you enumerate internal IPs from the DMZ
@@Zachsnotboard If you're in the DMZ, you likely won't be able to. Systems in the DMZ aren't supposed to talk to systems in the backend network. You can test for this, but that's the purpose of the DMZ.
very educative video
Thanks! You should check out the more detailed series. I do three whole videos on SQLi for you.
Thank you. Very practical application of Burp Suite
i wonder why i can't see the image on preview, yet its was fine on paint