If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
...
https://www.youtube.com/watch?v=Piqjiozc4F0
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
...
https://www.youtube.com/watch?v=cEhZqhc1Ync
https://j-h.io/sysdig || Use Sysdig to keep your runtime environments secure, across Kubernetes clusters, the CI/CD pipeline, and your production environment! https://j-h.io/sysdig
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
??SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
?️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
?Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
?Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
?Humble Bundle ➡ https://j-h.io/humblebundle
?Snyk ➡ https://j-h.io/snyk
?Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin ↔ https://j-h.io/instagram ↔ https://j-h.io/tiktok
?Contact me! (I may be very slow to respond or completely unable to)
?Sponsorship Inquiries ➡ https://j-h.io/sponsorship
? CTF Hosting Requests ➡ https://j-h.io/ctf
? Speaking Requests ➡ https://j-h.io/speaking
? Malware Submission ➡ https://j-h.io/malware
❓ Everything Else ➡ https://j-h.io/etc
...
https://www.youtube.com/watch?v=iD_klswHJQs
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
...
https://www.youtube.com/watch?v=an0da_ngMqc
https://j-h.io/opswat-academy Learn all about protecting critical infrastructure with OPSWAT Academy FOR FREE! Huge thanks to OPSWAT Academy for sponsoring this video -- please go show them some love and check out all that they can offer!
https://gophercises.com
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
?️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
?Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
?Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
?Zero2Automated ➡ MISP & Malware Sandbox https://j-h.io/zero2auto-sandbox
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
???7aSecurity ➡ Hacking Courses & Pentesting https://j-h.io/7asecurity
?Humble Bundle ➡ https://j-h.io/humblebundle
?Snyk ➡ https://j-h.io/snyk
?♀️SkillShare ➡ https://j-h.io/skillshare
?Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin ↔ https://j-h.io/instagram ↔ https://j-h.io/tiktok
?Contact me! (I may be very slow to respond or completely unable to)
?Sponsorship Inquiries ➡ https://j-h.io/sponsorship
? CTF Hosting Requests ➡ https://j-h.io/ctf
? Speaking Requests ➡ https://j-h.io/speaking
? Malware Submission ➡ https://j-h.io/malware
❓ Everything Else ➡ https://j-h.io/etc
...
https://www.youtube.com/watch?v=hs2acc8AibU
For another fireworks show, Ignacio Dominguez and Carlos Polop from HALBORN showcase how dependency confusion attacks can occur with the AWS CodeArtifact service -- potentially even having npm execute rogue code just upon install.
You can learn more about security assessments and cloud testing Halborn does at https://jh.live/halborn
00:00 Preview
00:22 Background on AWS Man-in-the-Middle
01:02 AWS CodeArtifact
02:34 Remote Code Execution with Dependency Confusion
04:34 You need to update old defaults!
05:22 Begin Demonstration
07:12 New Panel "Edit Origin Controls"
10:52 Finding Internal Package Names
12:50 How much damage does this do?
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
??SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7
?️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto
?Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev
?Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate
?Humble Bundle ➡ https://j-h.io/humblebundle
?Snyk ➡ https://j-h.io/snyk
?Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin ↔ https://j-h.io/instagram ↔ https://j-h.io/tiktok
?Contact me! (I may be very slow to respond or completely unable to)
?Sponsorship Inquiries ➡ https://j-h.io/sponsorship
? CTF Hosting Requests ➡ https://j-h.io/ctf
? Speaking Requests ➡ https://j-h.io/speaking
? Malware Submission ➡ https://j-h.io/malware
❓ Everything Else ➡ https://j-h.io/etc
...
https://www.youtube.com/watch?v=FBWpX8icMMo