Published By
Created On
25 Dec 2021 17:38:29 UTC
Transaction ID
Cost
Safe for Work
Free
Yes
EP3 - Live Bug hunting (SSRF + Blind RCE + DNS Exfiltration) with Mr. Dhreeraj Madukar | RESETHACKER
RESETHACKER has taken the initiative to promote pen-testing and improve bug hunting. it'll give a rise to hacking as a career in India.
EP 3 : RESETHACKER is pleased to invite Dheeraj Madhuka to deliver a webinar on DNS Exfiltration attack.
0. SSRF + Blind RCE + DNS Exfiltration. (Practical)
1. We will learn how to create DNS (centOS 8).
2. Enable BIND logs to view queries.
3. Final exploitation for exfiltration.
Dheeraj Madhukar is an Application Security Engineer, Linux server engineer, corporate trainer, founder, and CEO of technolegends.
"There is just one way to do security: Together"
You can follow him on:
Twitter: /Dheerajmadhukar
Linkedin: /dheerajtechnolegends
Instagram: @me_dheeraj
RESETHACKER is India's crowdsourcing community of action for Ethical hackers, researchers, students, and hobbyists interested in learning, sharing & collaborating.
Be Social with #RESETHACKER
https://linktr.ee/RESETHACKER
Team & Contributor of Monthly webinar(#RESETBOUNTY) :
From Next Month HOST: Satya Prakash
YT Manager & Moderators: Vijay
Event Managers : Anugrah SR & Tushar Varma.
Community Co-ordinator: Sourabh Bagh
Community Content Director : Attr1b.
✅ What is DNS Exfiltration?
According to Wikipedia, DNS data exfiltration is a way to exchange data between two computers without any direct connection. The data is exchanged through the DNS protocol on intermediate DNS servers. During the exfiltration phase, the client makes a DNS resolution request to an external DNS server address.
✅ Why do Bug Hunters need to learn about Data Exfiltration Attack?
- Increase the probability to get your bug report triaged.
- Less risk to get duplicate as compared to other vulnerability.
1. Exfiltrate and mutate repository and project data through injected templated service.
Reported by Jobert
$11,000 Rewarded by Gitlab
https://hackerone.com/reports/446585
2. Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata -
Reported : Nahamsec
$4000 Rewarded by Snapchat
https://hackerone.com/reports/530974
...
https://www.youtube.com/watch?v=jL0_uyqIbAg
EP 3 : RESETHACKER is pleased to invite Dheeraj Madhuka to deliver a webinar on DNS Exfiltration attack.
0. SSRF + Blind RCE + DNS Exfiltration. (Practical)
1. We will learn how to create DNS (centOS 8).
2. Enable BIND logs to view queries.
3. Final exploitation for exfiltration.
Dheeraj Madhukar is an Application Security Engineer, Linux server engineer, corporate trainer, founder, and CEO of technolegends.
"There is just one way to do security: Together"
You can follow him on:
Twitter: /Dheerajmadhukar
Linkedin: /dheerajtechnolegends
Instagram: @me_dheeraj
RESETHACKER is India's crowdsourcing community of action for Ethical hackers, researchers, students, and hobbyists interested in learning, sharing & collaborating.
Be Social with #RESETHACKER
https://linktr.ee/RESETHACKER
Team & Contributor of Monthly webinar(#RESETBOUNTY) :
From Next Month HOST: Satya Prakash
YT Manager & Moderators: Vijay
Event Managers : Anugrah SR & Tushar Varma.
Community Co-ordinator: Sourabh Bagh
Community Content Director : Attr1b.
✅ What is DNS Exfiltration?
According to Wikipedia, DNS data exfiltration is a way to exchange data between two computers without any direct connection. The data is exchanged through the DNS protocol on intermediate DNS servers. During the exfiltration phase, the client makes a DNS resolution request to an external DNS server address.
✅ Why do Bug Hunters need to learn about Data Exfiltration Attack?
- Increase the probability to get your bug report triaged.
- Less risk to get duplicate as compared to other vulnerability.
1. Exfiltrate and mutate repository and project data through injected templated service.
Reported by Jobert
$11,000 Rewarded by Gitlab
https://hackerone.com/reports/446585
2. Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata -
Reported : Nahamsec
$4000 Rewarded by Snapchat
https://hackerone.com/reports/530974
...
https://www.youtube.com/watch?v=jL0_uyqIbAg
Author
Content Type
Unspecified
video/mp4
Language
English
More from the publisher
Controlling
VIDEO
SECUR
security-monday-3-solarwinds-hack,5g
#Resethacker #Cybersecnews #Hackingnews
RESETHACKER has taken the initiative to promote IT sectors in India. it'll give a rise to hacking as a career in India.
TIMESTAMPS
00:00 - Intro
???? ???????? ????
00:12 - The Great SolarWinds Hack
???? ???????? ????
01:14 - MoleRats using Facebook, Dropbox, Google Docs to spread malware
01:35 - SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online
01:52 - Research: Stealing data from air-gapped PC by turning RAM into Wi-Fi Card
???? ???????? ????
02:15 - Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices
02:44 - Defence tech service provider firm's data hacked, company claims Rs 50-cr loss
???? ???????? ????
03:04 - PyMICROPSIA Windows malware steals browsing data, record audio
03:50 - New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data
???? ???????? ????
04:06 - European Union unveils revamp of cybersecurity rules days after hack
04:31 - Companies may face 2% fine for breaching EU cybersecurity rules
???? ???????? ????
04:43 - DOJ Seizes $4 Million in Assets Tied to Phantom Secure
05:03 - Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download
???? ???????? ????
05:13 - Facebook bug exposed email addresses of Instagram users
05:34 - Outro
Who are we?
India's crowdsourcing community of action for professionals, Ethical hackers, researchers, students and hobbyists interested in learning, sharing & collaborating.
✅Workflow
Security Monday with RESETHACKER (QuiteHacker)
Monthly Webinar Series on Bug-bounty and pentesting
The RESETHACKER Show S2(With Host @cryptonic007)
Discord discussion(@cyberknight)
Article publish on medium
Social media Awareness
Organization CTF competition
Organizing Conference
Our professional and freelancing Team provide services to a small, intermediate and a large company. To know more about the service. Please visit us on https://resethacker.com or you can email us on info@resethacker.com
...
https://www.youtube.com/watch?v=0HRGKmIV45U
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
SECUR
security-monday-6-whatsapp-new-privacy
#Resethacker #Cybersecnews #Hackingnews
RESETHACKER has taken the initiative to promote IT sectors in India. it'll give a rise to hacking as a career in India.
TIMESTAMPS
00:00 - Intro
??? ??????? ????
00:18 - Few people leaked the zseano bug hunting paid methodology
??? ??????? ????
00:30 - Russian hackers hit 250 government agencies, firms in US: Report
00:44- 10 crore Indians' card data selling on Dark Web: Researcher
??? ??????? ????
01:12 - WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook
??? ??????? ????
01:28 - 3 more Indian firms hacked, data of over 10 million users up for sale on the dark web
01:41 - Hack the Army bug bounty challenge asks hackers to find vulnerabilities in military networks
??? ??????? ????
02:05 - Nissan source code leaked after it used “admin” as username, password
02:30 - New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
??? ??????? ????
02:50 - Twitter Permanently Suspends President Trump's Account
03:00 - Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant
03:22 - Outro
Who are we?
India's crowdsourcing community of action for professionals, Ethical hackers, researchers, students and hobbyists interested in learning, sharing & collaborating.
✅Workflow
Security Monday with RESETHACKER (QuiteHacker)
Monthly Webinar Series on Bug-bounty and pentesting
The RESETHACKER Show S2(With Host @cryptonic007)
Discord discussion(@cyberknight)
Article publish on medium
Social media Awareness
Organization CTF competition
Organizing Conference
Our professional and freelancing Team provide services to a small, intermediate and a large company. To know more about the service. Please visit us on https://resethacker.com or you can email us on info@resethacker.com
...
https://www.youtube.com/watch?v=MaS5xt6gOUk
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
FACEB
facebook-mobikwik-data-leak,-microsoft
#Resethacker #Cybersecnews #Hackingnews
RESETHACKER has taken the initiative to promote IT sectors in India. it'll give a rise to hacking as a career in India.
Who are we?
India's crowdsourcing community of action for professionals, Ethical hackers, researchers, students and hobbyists interested in learning, sharing & collaborating.
✅Workflow
Security Monday with RESETHACKER (@QuiteHacker )
Monthly Webinar Series on Bug-bounty and pentesting
The RESETHACKER Show S2(With Host @cryptonic007)
Discord discussion(@cyberknight)
Article publish on medium
Social media Awareness
Organization CTF competition
Organizing Conference
Our professional and freelancing Team provide services to a small, intermediate and a large company. To know more about the service. Please visit us on https://resethacker.com or you can email us on info@resethacker.com
Time Stamps:
00:00 - Intro
00:54 - Microsoft servers being hacked 'faster than anyone can count'
01:40 - Cyberattack on Australian broadcaster disrupts live show broadcast
02:11 - Trump's social media platform to debut in 3-4 months: Former aide
02:34 - Data of 10 crore Mobikwik users for sale on dark web, say cybersecurity experts
04:32 - PayPal allows US users to pay with Bitcoin, Ethereum & Litecoin
05:24 - Delhi 5th among cities that faced most cyber attacks in the world: Report
06:08 - Police close 'world's biggest' video-game-cheat operation in China
06:43 - Stolen Data of 533 Million Facebook Users across the world including India leaked: Report
07:31 - Outro
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Track: Kozah - Paradox [NCS Release]
Music provided by NoCopyrightSounds.
Watch: https://youtu.be/0QN9KLFWn7I
Free Download / Stream: http://ncs.io/Paradox
...
https://www.youtube.com/watch?v=kNX-9QB0xmA
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
APPSE
appsec-and-bugbounty
Application Security and Bug Bounty Hunting
This is Preview of SUNDAY 9PM,Our weekly " The @resethacker Show" i with an amazing Guest @harshbothra_ to discuss on " Appsec and Bugbounty".
Don't Forget that we're doing it
Every SUNDAY 9PM.
Guest: Harsh Bothra
Web: https://harshbothra.tech
Twitter: harshbothra_
LinkedIn: harshbothra
He is having a 3+ years of experience in application security and currently working as Security Engineer at Security Innovation. He is into Bugcrowd Top 200 Hackers and active Synack Red Teamer. He has authored two books on Hacking and sometimes blogs about his findings. .
Host: Mohit Khemchandani
IG: @cryptonic007
( CEHv10 Certified | Under top 60 player on tryhackme | Bug hunter | Penetration tester | Adobe hall of fame and helping Infosec community for 2 Year)
Moderator : Satyaprakash
IG: @xhackerboyy
Show Highlights:
What is Application Security explain in short.
What made you to mainly focus on appsec .
Is there is major difference between Appsec ve CyberSec ?
What is your favorite Vulnerability and what methodology do you use to find that Vulnerability .
How do you stay current with the security industry ?
Which is your favourite security tool and why ?
Most interesting Vulnerability you have found ?
What are your personal methodologies to find a Vulnerability ?
How can our viewers get started with bug bounty hunting ?
What is the future of bug bounty hunting ?
What is that key note that one should take care of when they are starting into bug bounty ?
? SUPPORT US:
SOCIAL NETWORKS:
Facebook: https://www.facebook.com/resethackero...
Twitter: https://twitter.com/resethacker
Instagram: https://www.instagram.com/resethacker/
...
https://www.youtube.com/watch?v=mXAB30D56tg
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
SECUR
security-monday-9-spotify-accounts
#Resethacker #Cybersecnews #Hackingnews
RESETHACKER has taken the initiative to promote IT sectors in India. it'll give a rise to hacking as a career in India.
Who are we?
India's crowdsourcing community of action for professionals, Ethical hackers, researchers, students and hobbyists interested in learning, sharing & collaborating.
✅Workflow
Security Monday with RESETHACKER (QuiteHacker)
Monthly Webinar Series on Bug-bounty and pentesting
The RESETHACKER Show S2(With Host @cryptonic007)
Discord discussion(@cyberknight)
Article publish on medium
Social media Awareness
Organization CTF competition
Organizing Conference
Our professional and freelancing Team provide services to a small, intermediate and a large company. To know more about the service. Please visit us on https://resethacker.com or you can email us on info@resethacker.com
...
https://www.youtube.com/watch?v=sTKqQ440O8A
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
WALK
walk-through-of-resethacker-mini-ctf
Hey Hacker! This is walkthrough of series "Let's Play CTF" by RESETHACKER
and We're organising CTF twice a Month if you're intrested in participating it.
JOIN us on Discord: https://discord.com/invite/FRQrKrQ
Thanks to our TEAM: @cyberknight00 , @cyberchiranjit
And do follow our
? SOCIAL MEDIA - To Stay updated from Us!
-------------------------------
Facebook: https://www.facebook.com/resethackero...
Twitter: https://twitter.com/resethacker
Instagram: https://instagram.com/resethacker
--------------------------------
Thanks for watching!
...
https://www.youtube.com/watch?v=VVkg5OD3ecI
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
SECUR
security-monday-4-windows-0-day,
#Resethacker #Cybersecnews #Hackingnews
RESETHACKER has taken the initiative to promote IT sectors in India. it'll give a rise to hacking as a career in India.
TIMESTAMPS
0:00 - Intro
???? ???????? ????
00:13 - iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit
00:30 - Ledger data breach: Hacker leaks stolen database on hacker forum
00:56 - Chinese hackers targeted shoppers during Flipkart festive sales
???? ???????? ????
01:28 - IMF could track your browsing history to determine credit score
01:45 - 72% of cyberattacks related to COVID-19 coming via fake emails
???? ???????? ????
02:03 - A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says
02:20 - Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace
02:39 - Microsoft, Google, Cisco, Dell join legal battle against hacking company NSO
???? ???????? ????
03:19 - US COVID-19 relief bill to make copyrighted content streaming a felony
03:30 - Fashion marketplace giant 21 Buttons exposes millions of users’ data
04:05- Indian pharma firms at high ransomware attack risk in 2021
???? ???????? ????
04:23 - Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
???? ???????? ????
04:52 - 62 per cent of cybercrime complaints in 2020 linked to financial frauds: Delhi Police
???? ???????? ????
05:05 - A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
05:28 - Ransomware 2.0: India and Australia logged the highest number of incidents across APAC region
05:43 - Outro
Who are we?
India's crowdsourcing community of action for professionals, Ethical hackers, researchers, students and hobbyists interested in learning, sharing & collaborating.
✅Workflow
Security Monday with RESETHACKER (QuiteHacker)
Monthly Webinar Series on Bug-bounty and pentesting
The RESETHACKER Show S2(With Host @cryptonic007)
Discord discussion(@cyberknight)
Article publish on medium
Social media Awareness
Organization CTF competition
Organizing Conference
Our professional and freelancing Team provide services to a small, intermediate and a large company. To know more about the service. Please visit us on https://resethacker.com or you can email us on info@resethacker.com
...
https://www.youtube.com/watch?v=LvQviYtgw98
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
INDIA
india-withdraw-whatsapp-policy,
#Resethacker #Cybersecnews #Hackingnews
RESETHACKER has taken the initiative to promote IT sectors in India. it'll give a rise to hacking as a career in India.
Who are we?
India's crowdsourcing community of action for professionals, Ethical hackers, researchers, students and hobbyists interested in learning, sharing & collaborating.
✅Workflow
Security Monday with RESETHACKER (@QuiteHacker )
Monthly Webinar Series on Bug-bounty and pentesting
The RESETHACKER Show S2(With Host @cryptonic007)
Discord discussion(@cyberknight)
Article publish on medium
Social media Awareness
Organization CTF competition
Organizing Conference
Our professional and freelancing Team provide services to a small, intermediate and a large company. To know more about the service. Please visit us on https://resethacker.com or you can email us on info@resethacker.com
Time Stamps:
00:00 - Intro
00:28 - CyberCrime
00:30 - Attackers Allegedly Target Russian Federal Networks
00:50 - FBI Analyst Charged With Stealing Counterterrorism and Cyber Threat Info
01:27 - Data Breaches
01:29 - Air India reports massive data breach
02:30 - Data of over 100 mn users exposed via 3rd-party Cloud services
03:27 - Ransomware Attack Hits Asian Unit of Insurer AXA
04:10 - Cyber Events
04:12 - Colonial Pipeline CEO Confirms $4.4 Million Ransom Payment
04:54 - Irish health system struggling to recover from cyberattack
05:27 - Scams and Fraud
05:29 - Hackers stealing money via 167 fake Android, iOS apps
06:08 - Vulnerabilities, Flaws, Bugs & their Patches
06:12 - Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild
06:57 - Malwares: Viruses, Botnets, Ransomware, Spyware & Other Malicious Programs
06:59 - India facing 213 weekly ransomware attacks per organisation: Report
07:26 - 70 European and South American Banks Under Attack By Bizarro Banking Malware
07:53 - This is how long hackers will hide in your network before deploying ransomware or being spotted
08:17 - Security & Privacy
08:20 - Mozilla Begins Rolling Out 'Site Isolation' Security Feature to Firefox Browser
09:07 - A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser
09:51 - Centre Asks WhatsApp To Withdraw 'discriminatory' Privacy Policy, Gives 7 Days To Respond
Time - Fake News or Misinformation
404 - Not Found
10:12 - Business: Fund Raising, Mergers & Acquisitions ****
10:15 - Cisco Plans to Acquire Kenna Security, Boost Security Offerings
10:39 - ThreatLocker raises $20M to secure enterprise endpoints
10:58 - Styra, the startup behind Open Policy Agent, nabs $40M to expand its cloud-native authorization tools
11:16 - Cynerio Raises $30M in Series B Funding
11:35 - Britive Raises $10M in Series A Funding
11:56 - Cloud governance and compliance startup Immuta raises $90M
12:20 -
...
https://www.youtube.com/watch?v=ISSoVF9Xg6Y
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
INTER
interview-with-udit-bhadauria-by
This is the priview of SUNDAY 9PM IST,Our weekly " The @resethacker Show" is Coming Live with an amazing Guest Udit Bhadauria and Host Mohit Kchandani .
.
Guest : Udit Bhadauria
Twitter: @udit_thakkur
21yr old youngest Respected BugHunter got HOF from 70+ Respected company ,Member of Synack Red Team and Brand Ambessder of bugcrowd.
Favarorite Platform : Bugcroud & Hackerone
Host: Mohit Khemchandani
Twitter: @mohitkchandani ( CEHv10 Certified | Under top 60 player on tryhackme | Bug hunter | Penetration tester | Adobe hall of fame)
.
Show Highlights:
1.Can you please give a short brief introduction about yourself to our sincere audience.
2. Cybersecurity field is still something new for the world and everyone has different story that how they started in this Hacking. So i want to ask you when did you first started in cybersecurity and how did you got the interest in this field ?
3. Usually we all get this question
How to start in this field of Ethical Hacking?
So can you guide our fellow audience reguarding this with you're experience.
4. There has been this orthodox among people that Hacking and Cybersecurity isn't a safest career or is ilegal, you have a tremendous mark in this field so can you please explain to people.
what are the pros of this field and how to sustain here.
5. People are always confused about how they should make money from this cybersecurity career path. Can you guide them what they should do to start earing from this field?
6. What and who is your motivation in the field of cybersecurity and how you are always active in this domain of cybersecurity.
Audience's questions regarding Bug Hunting.
1. Most important question people ask all the time
"How did you started in bug hunting.
2. what all things should be kept in mind while getting into bug hunting field?
3. What things will you recommend to our viewers to learn Bugbounty , any resources ?
4. A little about your synack journey, how can a individual join synack team if they are willing to be a part of it?
5. will bug hunting be in trend for the upcoming years or the increasing automation,AI and ML technology will replace the security researchers
6. can you give our audience any 3 piece of advice that will help them the most in this field of cyber security & bug hunting.
Conversation continued with audiance questions
Moderators : Satyaprakash ,TusharBweja ,GauravSingh.
JOIN us on Discord: https://discord.com/invite/FRQrKrQ
For KOTH Challenge
For BugHunting Live
Discuss with CTF player
Player share there screen while playing CTF,BugHunting etc
? SUPPORT US:
SOCIAL NETWORKS:
Instagram: https://www.instagram.com/resethacker/
Twitter: https://twitter.com/resethacker
Facebook: https://www.facebook.com/resethackero...
...
https://www.youtube.com/watch?v=ZxKsmXAWMrs
Transaction
Created
1 year ago
Content Type
Language
video/mp4
English