With children now back at school, it’s time to think about social media, and their use of it. Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all their social media needs. 1. Get to grips with default settings Most sites are in the business of making your data their business. EULAs and privacy policies are frequently terribly confusing for grown ups. Expecting...
Cybersecurity Academy
Free CyberSecurity Academy Resources | Pen-Testing Tutorials | Setups & Tools | Threat Intelligence | Honeypots | Kali Guides | Linux Guides
What is a CVE? A CVE, meaning Common Vulnerabilities and Exposure, is a publicly reported vulnerability in software products. Vulnerabilities are assigned CVE IDs to ensure clarity when discussing vulnerabilities in software products. Otherwise, it can be difficult to correlate reports of a single vulnerability since different organizations will assign them different names, and the same product may have multiple instances of the same vulnerability (buffer overflows, remote code execution and so on). The CVE reservation process The researcher that discovers a vulnerability has the ability to reserve a...
Every data breach begins with a phishing attack. To prevent your organization from becoming the next victim, you need to understand the different types of phishing attacks and how to identify them. Phishing is a type of cyberattack that uses fraudulent emails or websites to trick victims into sharing sensitive information, such as login credentials or financial information. According to a survey, 91% of cyberattacks begin with phishing emails. There are different phishing attacks, and each uses another method to trick victims. This blog will discuss the common types of phishing attacks...
Talks & Materials Presentation Slides and Extras Check out all the original and updated presentation slides, white papers, and accompanying files we received!DEF CON 30 Presentations (RAR) Presentation Audio and Video All DEF CON 30 Video on our Youtube Channel Villages – Speaker and Slides (video) Highlights DEF CON 30 Music DEF CON 30 Original Soundtrack (flac) (opus) DEF CON 30 Program Conference Printed Program from DEF CON 30Conference Pocket Guide from DEF CON 30 DEF CON 30 Photos and Video Tons of Photos from our Photo Corps and several other...
Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. The lockout policy was set to limit the number of failed sign-in attempts to 10, for 10 minutes. “Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome.” announced David Weston, Microsoft vice...
The popular open-source Linux distribution, Kali Linux, specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. Getting Kali Linux on Linode The infrastructure-as-a-service (IaaS) platform provider, recently acquired by Akamai, offers two ways to get Kali: A bare-install version in the form of an official Kali distribution (without a GUI and tools) that can be deployed on any Linode compute instance and used via a command line interface A Kali Linux Marketplace app (with an XFCE user interface, a full suite of tools, and...
Cross-site scripting is one of the most common and popular web attacks. XSS is a command injection of the client side, it can result in any action that can be performed by the user. Mostly XSS is used for session hijacking where the attacker using javascript makes the victim transmit session cookies to an attacker-controlled server and from there the attacker can perform “session riding”. However, XSS can also result in a complete application takeover. Consider a scenario in which you inject javascript and it gets stored. The admin...
What is XSS? Cross-Site Scripting in short XSS refers to the penetration of website security. A simple XSS vulnerability can act as a sitewide logger. To be honest, it does more damage to the user browsing the site than the web server itself. So yes, it is quite dangerous. Some people may confuse XSS with CSS, which is a very different thing. Cascading Style Sheets or CSS is used in the design functionality of a webpage. Simple JavaScript like this can cause a massive hole in security as an...
Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked, it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The Debricked team decided to find out. A forest full of fragile trees So, where do you even start? Firstly, there needs to be a way to fix the vulnerability, which, for indirect dependencies, is no walk in the park....
Businesses say that they take the security of customer data seriously but, when presented with a vulnerability, are often more concerned about their own reputation than the security of their customers. Handle disclosure correctly and you can do both: protect your customers and protect your reputation. Do it wrong and you damage both. By far the most painful part of vulnerability research is responsible disclosure. If we find something bad in a smart thing, it would be fairly irresponsible to publish a method to do bad things without giving...
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu