Тёмный
Z. Cliffe Schreuders
Z. Cliffe Schreuders
Z. Cliffe Schreuders
Подписаться
Mostly videos about computer security: including lectures I give at Leeds Beckett University. I am a computer security researcher, software engineer, and free culture advocate. Obligatory: like and subscribe!
Cross-site Request Forgery (CSRF) Examples
4:00
Cross-site Request Forgery (CSRF) Examples
3 года назад
Cross-site Request Forgery (CSRF) Prevention and Defence
16:03
Cross-site Request Forgery (CSRF) Prevention and Defence
3 года назад
Ambient Authority
3:51
Ambient Authority
3 года назад
The Confused Deputy Problem
4:11
The Confused Deputy Problem
3 года назад
Cross-site Request Forgery (CSRF)
12:51
Cross-site Request Forgery (CSRF)
3 года назад
Injection Attacks: Prevention
13:51
Injection Attacks: Prevention
3 года назад
Injection Attacks: SQL Injection (SQLi)
14:51
Injection Attacks: SQL Injection (SQLi)
3 года назад
Injection Attacks: OS Command Injection
7:39
Injection Attacks: OS Command Injection
3 года назад
Injection Attacks
6:50
Injection Attacks
3 года назад
Cross-Site Scripting (XSS): Demo
6:39
Cross-Site Scripting (XSS): Demo
3 года назад
Cross-Site Scripting (XSS): Part 2 Prevention
6:09
Cross-Site Scripting (XSS): Part 2 Prevention
3 года назад
Cross-Site Scripting (XSS): Part 1 Types of XSS
15:57
Cross-Site Scripting (XSS): Part 1 Types of XSS
3 года назад
Cookies, Sessions, and Security Part 3: Defences
8:22
Cookies, Sessions, and Security Part 3: Defences
3 года назад
Cookies, Sessions, and Security Part 2: Sessions and Attacks on Session Management
13:18
Cookies, Sessions, and Security Part 2: Sessions and Attacks on Session Management
3 года назад
Cookies, Sessions, and Security Part 1: Cookies
9:59
Cookies, Sessions, and Security Part 1: Cookies
3 года назад
Introduction to Web Security
42:20
Introduction to Web Security
3 года назад
Open source development and security practices
18:06
Open source development and security practices
3 года назад
Secure Development Lifecycles
30:24
Secure Development Lifecycles
3 года назад
Secure Design Principles
21:31
Secure Design Principles
3 года назад
Threat modeling using STRIDE and Attack Trees
25:40
Threat modeling using STRIDE and Attack Trees
3 года назад
STRIDE Threat Modeling using Microsoft Threat Modeling Tool
12:26
STRIDE Threat Modeling using Microsoft Threat Modeling Tool
3 года назад
Rule-based Sandboxing and Mandatory Access Controls
21:33
Rule-based Sandboxing and Mandatory Access Controls
3 года назад
Writing Exploits (Buffer Overflows Part 2)
18:40
Writing Exploits (Buffer Overflows Part 2)
3 года назад
Overflows and Stack Smashing Buffer Overflows
22:34
Overflows and Stack Smashing Buffer Overflows
3 года назад
Memory Management Vulnerabilities
12:31
Memory Management Vulnerabilities
3 года назад
Sandboxing and Virtualisation
31:37
Sandboxing and Virtualisation
3 года назад
Fuzzing Part 2
19:23
Fuzzing Part 2
3 года назад
Fuzzing Part 1
13:04
Fuzzing Part 1
3 года назад
Studying Cyber Security at Leeds Beckett University: including a look at Hacktivity and Hackerbot
17:53
Studying Cyber Security at Leeds Beckett University: including a look at Hacktivity and Hackerbot
3 года назад
Комментарии
@fancybeb
@fancybeb 12 дней назад
Thankz 4 EDU...
@aridonkrasniqi5538
@aridonkrasniqi5538 17 дней назад
Ta qifsha mikrofonin
@JP-Predictions
@JP-Predictions 20 дней назад
good video
@sputnikbreeze5590
@sputnikbreeze5590 2 месяца назад
how to identify functions if verbose logging and log calls notation not known? (has been changed)
@duvijan
@duvijan 2 месяца назад
how to export after saving the lib file ? user modifications are ignored , hwo ?
@gregdemko5732
@gregdemko5732 5 месяцев назад
Great video. Explained it very well and simply
@jadex9733
@jadex9733 6 месяцев назад
great video! keep it up
@vadim3
@vadim3 6 месяцев назад
Thanks! Helped me.
@andrejesus.
@andrejesus. 6 месяцев назад
But how to sanitize it then ?
@abohilmee6750
@abohilmee6750 7 месяцев назад
😇👍
@huddy-o9g
@huddy-o9g 8 месяцев назад
Thanks!
@Sohneg
@Sohneg 8 месяцев назад
I tried this on WSL2 and with C++ but I can't get it to work. It still outputs the correct code. If I enter LD_PRELOAD=$PWD/preload.so ./main nothing changes.
@travisv6431
@travisv6431 8 месяцев назад
Thanks!
@grain-bi8iu
@grain-bi8iu 9 месяцев назад
gr8 video bro inshallah
@gavriel_adi
@gavriel_adi 9 месяцев назад
Wow, just a question, who uses a GET request nowadays to change passwords haha, are you stoned or what???
@X21E0dayAbysiniya
@X21E0dayAbysiniya 7 месяцев назад
It's true that using a GET request to change passwords is not secure practice. Developers typically use POST requests for sensitive actions like changing passwords to ensure data confidentiality. However, hackers can exploit vulnerabilities by crafting HTML code with hidden inputs to alter passwords via auto-submit mechanisms. When users inadvertently access malicious URLs, their passwords could indeed be changed without their knowledge, highlighting the importance of secure coding practices and user awareness.
@Jesse_Johnson
@Jesse_Johnson 3 месяца назад
Are you? Did you watch the video.
@lucassilva-qk4iw
@lucassilva-qk4iw 10 месяцев назад
Do you believe that STRIDE is the most efficient threat modeling framework? The framework seems a little vague to me, even though I know that large corporations use it, I even work in one... Apart from the fact that the tool contains some bugs, it lacks stencils for the real world, I would rate it as 4/10 the framework and the tool, that's being generous. but your video is great :D
@SecurityMadeSimple
@SecurityMadeSimple 11 месяцев назад
Amazing content 👍👍
@EDW1NCM2008
@EDW1NCM2008 Год назад
Hi I want to know how to set up to search only lowercases and to put the Len of the password. let us say the password is 11 characters long and only have lowercases, how can I type that on Jhonny to make it work
@PCMrTrickster
@PCMrTrickster Год назад
It is really very interesting but you could put yourself in the top-right corner of the screen to let people see whole commands you entered
@manfrombritain6816
@manfrombritain6816 Год назад
subbed! your stuff is great, really helping me brush up for a sec architect interview
@suhassk100
@suhassk100 Год назад
Amazing stuff Cliffe! Is there a possibility that we can get the copy of your presentation? It would be helpful to note down those points
@chromerims
@chromerims Год назад
Got it 👍 Excellent video. For epochs, use rsync -flags source/ destinationX+0/ For diffs and increments, use rsync -flags source/ --compare-dest= {'X+0', 'X+1', . . . 'x+N'} destinationX+N+1/ Kindest regards, neighbours and friends.
@hlalanathimadotyeni2253
@hlalanathimadotyeni2253 Год назад
Hi @ZCliffeSchreuders, how can I add a missing element to the application. I do not have the Human User element and need it
@stoneeedman
@stoneeedman Год назад
thats good dude
@bartmax15
@bartmax15 Год назад
Great explanation, thanks!
@kijutonett
@kijutonett Год назад
thank pro
@edzioauditore8013
@edzioauditore8013 Год назад
I am working on this subject, currently. I would like to know how create a lab to prove this subject. Any ideas ? thanks!
@serhatkoroglu6708
@serhatkoroglu6708 Год назад
that's very nice thank you.
@rose.infosec
@rose.infosec Год назад
Very informative video. Thank you
@nickie17301
@nickie17301 Год назад
Nice job, I’ve been watching quite a few of your videos. Comprehensive and quick!
@EliotRecords
@EliotRecords Год назад
Thank you :) was very helpful
@0797cjm
@0797cjm Год назад
What is the previous video called where you talk about salts ant etc? Mentioned at the beginning of the video.
@shayjay1112
@shayjay1112 Год назад
Good presentation mate this really helped me so much
@mantle6311
@mantle6311 Год назад
Just about to sit my security+ exam and this video helped a lot to explain my weak areas (SSO, LDAP, SAML, etc)
@michallebel3236
@michallebel3236 Год назад
how did u get .so file
@sundayawo8767
@sundayawo8767 Год назад
Hey I have a school assessment on threat modelling,can you help me out pls,as I just start this class and can't do it myself
@lancemarchetti8673
@lancemarchetti8673 Год назад
Appreciated
@redbeardjunior
@redbeardjunior 2 года назад
Thank you ! +1
@rumildaolik4905
@rumildaolik4905 2 года назад
great video! question: what is an easy way to spot vulnerabilities by looking at the treat property screen? is that the title? For instance, "weak credential storage" that is pretty easy to determine it as vulnerability and the threat would be someone (hacker) tampering with such information. But in the case of the title "elevation by changing the execution flow /etc/passwd" what would be the vulnerability?
@JoKeRff-jg5eq
@JoKeRff-jg5eq 2 года назад
How to delete it
@domaincontroller
@domaincontroller 2 года назад
00:01 fuzzing
@domaincontroller
@domaincontroller 2 года назад
01:03 virus 02:18 worms 04:27 trojan 07:28 rootkit 08:08 zombies and botnets 09:09 spyware, adware 10:26 shareware and rogue antivurus ~ 11:30 ransomware 15:05 drive-by download 18:20 banking trojans
@domaincontroller
@domaincontroller 2 года назад
00:24 so
@moosegoose1282
@moosegoose1282 2 года назад
instead of csrf tokens, will having user enter current password on these forms safe?
@balintmucsanyi6322
@balintmucsanyi6322 2 года назад
Helpful video, great work
@onetwo234
@onetwo234 2 года назад
Wow the first person who actually knows what ldap is
@OKMRDX
@OKMRDX 2 года назад
is it safe to say that all AD's process data over LDAP, but not all LDAP are AD's processes? TIA!
@kalkulusrampage
@kalkulusrampage 2 года назад
when there is a symlink rsync copies just the symlink or the destination of the symlink?
@nex7053
@nex7053 2 года назад
I'm sorry but why everyone talking about attack trees is so boring. Is it the topic problem? 2 minutes in video and I want to rip my eyballs out.
@lynd6121
@lynd6121 2 года назад
hello, Please do you think this software is always accurate (specifically for iot threat modeling) ? and which is better using this software or manually collecting relevant threats and mitigations from standard libraries ? I'm new to this topic I'd love to hear your opinions / experiences . thanks