Mostly videos about computer security: including lectures I give at Leeds Beckett University. I am a computer security researcher, software engineer, and free culture advocate. Obligatory: like and subscribe!
I tried this on WSL2 and with C++ but I can't get it to work. It still outputs the correct code. If I enter LD_PRELOAD=$PWD/preload.so ./main nothing changes.
It's true that using a GET request to change passwords is not secure practice. Developers typically use POST requests for sensitive actions like changing passwords to ensure data confidentiality. However, hackers can exploit vulnerabilities by crafting HTML code with hidden inputs to alter passwords via auto-submit mechanisms. When users inadvertently access malicious URLs, their passwords could indeed be changed without their knowledge, highlighting the importance of secure coding practices and user awareness.
Do you believe that STRIDE is the most efficient threat modeling framework? The framework seems a little vague to me, even though I know that large corporations use it, I even work in one... Apart from the fact that the tool contains some bugs, it lacks stencils for the real world, I would rate it as 4/10 the framework and the tool, that's being generous. but your video is great :D
Hi I want to know how to set up to search only lowercases and to put the Len of the password. let us say the password is 11 characters long and only have lowercases, how can I type that on Jhonny to make it work
Got it 👍 Excellent video. For epochs, use rsync -flags source/ destinationX+0/ For diffs and increments, use rsync -flags source/ --compare-dest= {'X+0', 'X+1', . . . 'x+N'} destinationX+N+1/ Kindest regards, neighbours and friends.
great video! question: what is an easy way to spot vulnerabilities by looking at the treat property screen? is that the title? For instance, "weak credential storage" that is pretty easy to determine it as vulnerability and the threat would be someone (hacker) tampering with such information. But in the case of the title "elevation by changing the execution flow /etc/passwd" what would be the vulnerability?
hello, Please do you think this software is always accurate (specifically for iot threat modeling) ? and which is better using this software or manually collecting relevant threats and mitigations from standard libraries ? I'm new to this topic I'd love to hear your opinions / experiences . thanks