- 40
- 331 272
Netsec Explained
Registrace 12. 02. 2018
Unlock the secrets of leading security consultants!
Netsec Explained provides practical guides to advanced security topics. We show you the tools, techniques, and procedures to be successful in this field.
GTKlondike
Netsec Explained provides practical guides to advanced security topics. We show you the tools, techniques, and procedures to be successful in this field.
GTKlondike
Getting Started in AI CTFs
If you've ever wanted to learn about AI CTFs, this video should help you get started. Links below.
00:51 - Past AIV CTFs
03:27 - Adversarial Robustness Toolbox (ART)
04:08 - HopSkipJump Attack
06:46 - Model Inversion Attack
09:06 - How to Plan a Red Team
10:46 - An Introduction to NVIDIA's AI Red Team
12:50 - Universal Adversarial Attacks on LLMs
13:58 - A Cyberpunks Guide to Attacking Generative AI
* Kaggle - Past AI Village CTFs: www.kaggle.com/competitions/ai-village-capture-the-flag-defcon31/code
* Adversarial Robustness Toolbox (ART): github.com/Trusted-AI/adversarial-robustness-toolbox
* ART - HopSkipJump Attack: github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/attack_hopskipjump.ipynb
* ART - Model Inversion Attack: github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/model_inversion_attacks_mnist.ipynb
* Planning an AI Red Team: learn.microsoft.com/en-us/azure/ai-services/openai/concepts/red-teaming
* Intro to AI Red Team: developer.nvidia.com/blog/nvidia-ai-red-team-an-introduction/
* Universal Adversarial Attacks paper: llm-attacks.org/
* The Cyberpunks Guide to Attacking Generative AI: czcams.com/video/_4Q980G4ZXI/video.html
* Attacking and Defending Generative AI: github.com/NetsecExplained/Attacking-and-Defending-Generative-AI
00:51 - Past AIV CTFs
03:27 - Adversarial Robustness Toolbox (ART)
04:08 - HopSkipJump Attack
06:46 - Model Inversion Attack
09:06 - How to Plan a Red Team
10:46 - An Introduction to NVIDIA's AI Red Team
12:50 - Universal Adversarial Attacks on LLMs
13:58 - A Cyberpunks Guide to Attacking Generative AI
* Kaggle - Past AI Village CTFs: www.kaggle.com/competitions/ai-village-capture-the-flag-defcon31/code
* Adversarial Robustness Toolbox (ART): github.com/Trusted-AI/adversarial-robustness-toolbox
* ART - HopSkipJump Attack: github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/attack_hopskipjump.ipynb
* ART - Model Inversion Attack: github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/model_inversion_attacks_mnist.ipynb
* Planning an AI Red Team: learn.microsoft.com/en-us/azure/ai-services/openai/concepts/red-teaming
* Intro to AI Red Team: developer.nvidia.com/blog/nvidia-ai-red-team-an-introduction/
* Universal Adversarial Attacks paper: llm-attacks.org/
* The Cyberpunks Guide to Attacking Generative AI: czcams.com/video/_4Q980G4ZXI/video.html
* Attacking and Defending Generative AI: github.com/NetsecExplained/Attacking-and-Defending-Generative-AI
zhlédnutí: 2 151
Video
The Cyberpunks Guide to Attacking Generative AI
zhlédnutí 1,2KPřed měsícem
Companies are putting generative AI into their products, regardless of whether or not it makes sense to do so. And their poor security teams are stuck trying to figure out how they even work in the first place. AI may be the future, so here's your Cyberpunks Guide to Hacking GenAI! * Attacking and Defending Generative AI - github.com/NetsecExplained/Attacking-and-Defending-Generative-AI * Threa...
3 Things You Need to Know for Modern Application Hacking
zhlédnutí 1,6KPřed 8 měsíci
If you want to build a career hacking modern applications, then you absolutely need to know how they're made. Whether you're doing bounties or pentesting, understanding these three things will make you a much better bug hunter. In this video, we're going to walk through how modern applications are built so that you can better understand and exploit them. And, as a bonus, I'm going to give you a...
What Time is the 3 O' Clock Parade? | Soft Skills for Hackers
zhlédnutí 620Před 9 měsíci
If you want to be successful in cybersecurity, you can't just rely on your technical skills, you need to work on your soft skills too. In this video, I show you an exercise that has greatly increased my ability to communicate with others by really understanding the questions they're asking. Enjoy! #ethicalhacking #infosec #cybersecurity
STRIDE Threat Modeling for Beginners - In 20 Minutes
zhlédnutí 29KPřed 10 měsíci
If I could save a company a million dollars on their security budget every year, this is how I'd do it! While most people don't think of threat modeling as the sexiest exercise, it can actually be pretty exciting. Trust me when I say this, I wish I had learned how to do threat modeling much earlier when I was first starting out in consulting and bug hunting. It would have saved a lot of time, a...
Little Known Web Hack for Quick Admin Access
zhlédnutí 2KPřed 10 měsíci
If you haven't heard of Mass Assignment, you're not alone. It's one of the best kept secrets in bug hunting, and that's why TODAY I want to tell you about it. Make sure you watch to the end of the video, where I show you how to pull this off in a real application. * How to run Juice Shop on Docker - czcams.com/video/xwcPgeEFnuM/video.html * UliCMS Docker lab - github.com/NetsecExplained/docker-...
Master Burp Suite Like A Pro In Just 1 Hour
zhlédnutí 72KPřed 11 měsíci
One of the most common problems with modern tutorials for tools is that they tend to sound a lot like man-pages or documentation. For instance, they'll tell you all about the little command flags, all the little buttons you can click on; but something that they seem to miss out on is "WHY you would use each of these options?" So, for this video, we're going to do things a little different. Inst...
Hitting the Digital Wall - How to Deal With Burnout
zhlédnutí 295Před 11 měsíci
Look, it's no secret that network security is hard - it's demanding. And it's very common for many of us in the field to go through burnout not once, but several times in our careers. In fact, I would say it's not a matter of IF but a matter of WHEN; and WHEN you go through burnout, I want to give you the skills to take care of yourself properly. By the end of this video, you're going to have a...
Pivot Through Multiple Networks | Master Network Pivoting
zhlédnutí 5KPřed rokem
OK, Here's the situation: You social engineered your way through the lobby and made it to the back office. You didn't have a lot of time to hang around, but you did manage to implant a jump host into their network. Now that you're back home, let's pivot through the network and steal the crown jewels. 0:00 The Scenario 0:47 Multi-hop Pivot 3:20 Detailed Explanation 5:50 RDP Through the Tunnel 9:...
ChatGPT for Cybersecurity | Step-by-Step Guide
zhlédnutí 1,1KPřed rokem
ChatGPT: Your Cybersecurity Ally In this talk, we'll dive into how ChatGPT can enhance your existing workflow and provide valuable insights. We'll start with a brief overview of what GPT models are, how to craft the perfect prompt, and then focus on cybersecurity specific use cases for day-to-day operations. Bio: Gavin Klondike (@GTKlondike) is the head of workshops and demos at the AI Village....
Tunneling Through Protected Networks | Master Network Pivoting
zhlédnutí 5KPřed rokem
It's late at night, and you've just gained remote code execution on another server. You have a foothold in their environment now, but how do you take this even further? This video is going to be the first in a short series, talking all about network pivoting. Throughout the series, we're going to be covering a number of common challenges that you'll face on a typical red team engagement. 0:00 T...
Full SQL Injection Tutorial | Episode 3: Blind SQL Injection A-Z
zhlédnutí 1,7KPřed rokem
In blind SQL injection, we can still query the database and cause some subtle changes in the way the application responds. The idea is that we craft special queries to ask yes/no questions. If the answer is YES, then we get response A. If the answer is NO, then we get response B. PortSwigger Blind SQL portswigger.net/web-security/sql-injection/blind ASCII Table www.asciitable.com/ Building a Ho...
Full SQL Injection Tutorial | Episode 2: In-band SQL Injection
zhlédnutí 1,3KPřed rokem
SQL injection happens when user input can be injected into database queries. As a result, attackers can retrieve all sorts of juicy information from the database. In fact, many of the worlds most high-profile data breaches were the result of SQL injection attacks. In this video, we have some fantastic demos so make sure you watch till the end. If you haven't already checked out Part 1, where we...
Full SQL Injection Tutorial | Episode 1: SQL Basics in 15 Minutes
zhlédnutí 1,3KPřed 2 lety
I've recently had a few people asking for a full zero-to-hero course on SQL Injection. So, in the next 3 or 4 videos I'm going to cover what SQL injections are, how they work, and different ways to exploit them. The breakdown at this point is to use this first video to walk through a little background on SQL itself. In the next video, we're going to cover some SQL injection basics. After that, ...
Cloud Pentesting - IAM Enumeration for Privilege Escalation
zhlédnutí 2,1KPřed 2 lety
If you haven't dabbled in Cloud Pentesting, I highly recommend it. It's a lot of fun and a great way to experience cloud in a way that most devops teams miss when managing IAM permissions. In this video, I'm going to show you two tools that are great for analyzing IAM permissions, and looking for privilege escalation within an AWS environment. Become an IAM Policy Master in 60 Minutes or Less -...
Advanced Local and Remote File Inclusion - PHP Wrappers
zhlédnutí 10KPřed 2 lety
Advanced Local and Remote File Inclusion - PHP Wrappers
Exploit Java Deserialization | Exploiting JBoss 6.1.0
zhlédnutí 4,2KPřed 2 lety
Exploit Java Deserialization | Exploiting JBoss 6.1.0
Exploit Java Deserialization | Discovering Insecure Deserialization
zhlédnutí 7KPřed 2 lety
Exploit Java Deserialization | Discovering Insecure Deserialization
Exploit Java Deserialization | Understanding Serialized Data
zhlédnutí 7KPřed 3 lety
Exploit Java Deserialization | Understanding Serialized Data
Advanced Nmap - Scanning Large Scale Networks
zhlédnutí 4,8KPřed 4 lety
Advanced Nmap - Scanning Large Scale Networks
6 Types of Hackers That Don't Exist (and 5 More That Do)
zhlédnutí 767Před 4 lety
6 Types of Hackers That Don't Exist (and 5 More That Do)
Machine Learning for Security Analysts - Part 3: Malicious URL Predictor
zhlédnutí 12KPřed 4 lety
Machine Learning for Security Analysts - Part 3: Malicious URL Predictor
Machine Learning for Security Analysts - Part 2: Building a Spam Filter
zhlédnutí 2,3KPřed 5 lety
Machine Learning for Security Analysts - Part 2: Building a Spam Filter
Machine Learning for Security Analysts - Part 1: The Machine Learning Process
zhlédnutí 3,1KPřed 5 lety
Machine Learning for Security Analysts - Part 1: The Machine Learning Process
Advanced Wireshark Network Forensics - Part 3/3
zhlédnutí 13KPřed 5 lety
Advanced Wireshark Network Forensics - Part 3/3
Advanced Wireshark Network Forensics - Part 2/3
zhlédnutí 18KPřed 5 lety
Advanced Wireshark Network Forensics - Part 2/3
Advanced Wireshark Network Forensics - Part 1/3
zhlédnutí 24KPřed 5 lety
Advanced Wireshark Network Forensics - Part 1/3