Hacking a Docker Container Registry
Вставка
- Опубліковано 20 жов 2024
- jh.live/chaing... || Scale securely with minimal, hardened, and 0 CVE container images to run your workloads with Chainguard! jh.live/chaing...
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricet...
Learn Coding: jh.live/codecr...
WATCH MORE:
Dark Web & Cybercrime Investigations: • Tracking Cybercrime on...
Malware & Hacker Tradecraft: • Malware Analysis & Thr...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
I should have done a better job emphasizing that this trick worked without any credentials or existing account, so it is "pre-authentication privilege escalation" (I showed it at the end, but wish I stated that earlier) 🔥PS, check out Chainguard! jh.live/chainguard
@@thenextbigthing8998 Thank you! I am planning to get back to livestreaming after DEFCON, hopefully in the next two weeks 😊
Hi @_JohnHammond can you please do a video on the hack that happened on crypto exchange Wazirx in India?
@@Capt.Startrk that would be nice!
Hht@@thenextbigthing8998tt😢
It's these kind of walkthroughs that makes following you worth it. A clear, simple example of a known vulnerability and how to exploit is really usefull and worthwhile to watch when learning cybersecurity.
It's maybe an unusual way of doing things, but when I write Go API code I like to define a separate object for the API and DB object, and translate between the two in whatever code a given request is dispatched to. This forces me to consciously acknowledge each field that I'm letting through in both directions, and helps prevent both dirty data getting into the DB like here and also data leakage at the cost of additional verbosity.
That’s the correct way to do it, I believe they’re called a “data transfer object” where you define specific properties you want accessible/editable via your API and don’t include properties that shouldn’t be accessible outside of your own code
That's why one should use dedicated DTOs ;)
Finally a good content.
Can we have something about Browser Extensions acting as Infostealers ?
Great Video !
Thank you
Can you explain to us the road map for learning ethical hacking?
Ty master
Cool.
looking like vCenter ☠
this video: LGTM
Docker Container ?
Again ?
Help
🐐👑JOHN 🐹HAMMOND 👑🐐
💚
HoW tO hAcK a PdoCkEr cOmmtainer by me
YEAH,😀🎉
12 views blud fell off
What you mean blud
@@ODUyoutubesilly n-word ish
He just posted it when you viewed it. There are almost 5k views now. Yea, also “blud” WHAT??!!