Hax 4 BIOS, WordPress & Counter-Strike, oh my! - ThreatWire
Вставка
- Опубліковано 8 чер 2024
- Support ThreatWire → / threatwire
@endingwithali Twitch → / endingwithali
[!!] ThreatWire Patreon has moved to / threatwire
0:00 - Intro
0:27 - All your logos are belong to us
2:08 - Just another Wordpress vulnerability
2:55 - Counter-Strike 2 HTML Injection DOS attack?
LINKS
Story 1
binarly.io/posts/finding_logo...
binarly.io/posts/The_Far_Reac...
arstechnica.com/security/2023...
cyberscoop.com/logofail-vulne...
www.scmagazine.com/news/logof...
Story 2
www.bleepingcomputer.com/news...
www.wordfence.com/blog/2023/1...
www.cve.org/CVERecord?id=CVE-...
Story 3
www.bleepingcomputer.com/news...
www.hackread.com/gamers-warne...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - Наука та технологія
She’s doing fine. This isn’t hollowed out by any means. Keep it up guys.
I said it before, I'll say it again, give Ali some space between her and the back screen.
Weight your screen down so it doesn't flop around.
Light your back screen independently.
Darren, She's doing a fantastic job! She's taking over for a legend, Give her the tools to look her best on camera.
from what I saw in the intro/q&a video, Ali has like 0 room in her place. I would guess that she's using the widest lens she can get her hands on to record these segments and walking forward a foot would cause her to run into the camera. you gotta do what you gotta do, and imo, her on-screen personalit, passion for the subject matter, and awesome presentation easily makes up for mildly problematic lighting and background issues. I might perhaps recommend experimenting with using a digital version of the backdrop to increase perceived depth, however, and perhaps adding a large softbox so that you can stop down the camera a bit more to flatten focus which would make real-time keying (in something like obs studio) way easier... or if you can get a clean background of any kind, something like rtx broadcast in obs could do ai keying pretty cleanly as well. there are lots of modern options that shouldn't cost a lot.
@@CpgeekorgYeah if you've seen her stream, her apt is quite small
Agreed. She needs time to grow into the position which is totally fine; but they need to hook her up with a legit set. Her trying to pull this off in her flat makes threatwire feel very amateur.
@@BeWhoYouWant2she's working from a small apartment, and that's unlikely to change, so it's an optimization problem.
@@Cpgeekorg That's what I said yes... shes working out of her flat and they should really have provided her with a set to shoot threatwire. As in a different location where there is room to properly film.
I had no idea you were recording in your apartment, I was assuming you were recording in studio. Sorry for being critical, you're doing an excellent job Ali. Keep it up!
She will get better give her a few months and everything will flow better and her vocals will sound less rehearsed and more fluid. Watched many channels go through this with a brand new host.
Keep up the good work Ali, always appreciate your videos alongside Philip Defrancos and a good cup of tea 🍵
It's very misleading to say the logofail vulnerability affects all devices. I'm only aware of Lenovo and Asus providing a logo update side channel that actually allows one to take advantage of it. The vulnerability is technically present in image parsers that are widespread across manufacturers, but very few provide a means of replacing the logo. It makes it an unexploitable bug on most devices. Shame on Lenovo and Asus for increasing the firmware attack surface for such a frivolous feature.
To be honest, last week I did ask about LogoFAIL due to a article I saw. I have a customized Dell tower, it is a modified Dell laptop motherboard with on brand components besides the ram boards an m.2 chips. As well as typically prepaid (burner) Samsung devices. I can tell you that I experienced what can only be explained as a LogoFAIL on both a past Samsung device and the Dell tower, now I got the customized tower to mitigate wireless attacks, it lacks Bluetooth and wifi chips and I always use a secure wifi on the tower. When I first was attacked on my tower the Dell, I had geeksquad and a my local computer guy that at first glance knew it was acustom board look at why I was experiencing a LogoFAIL problem, I even got a new m drive and reset my CMOS but it wasn't fixed until I had left it with the local computer guy that said it booted right up for him without any issue which didn't make sense. I also use win10 atm but have a Ventoy I partitioned myself that has a large amount of options for Linux distros as well as a backup win10 and WinPE. Now, as for the Samsung devices I usually buy the burned phone in cash or with a prepaid card at a Walmart with a screen wrap case to easily drop the device with minimal bio forensic material left beside plus its a good phone and case for the price, now I've been doing g the burner technique for awhile since You do t need to say anything over the phone and it's not an agent switch board... I typically get Samsung for this since if you know the firmware to root its a nice device back when rooti g was a thing, I literally never let my phone die because when it does it doesn't matter if I set the dev options for a quick boot or not they can take up to an hour to boot, past devices, and sometimes they never will. I mean I've been targeted to have my Sim card just not be registered in the middle of an operation that was referring to Sim card attacks, ironic. But maybe since am a target and choose to use the same products that a tailored approach is possible, I've never had a Sim card just do that. But a LogoFAIL is possible on other devices I say that first hand, and not just desktops or laptops. Phones which means tablets to. But I would love someone that knows more about LogoFAIL to reach out, I want a better understanding of how it's carried out.
pay better attention
@@BeWhoYouWant2 excuse me? Did you not watch this video where she says twice that affects all devices? It's something the source claims and many other news outlets have repeated. The source is an ad for a product FYI. They have a serious incentive to play up the severity of this vulnerability.
Ali, don't feel like you have to step into a mold. My suggestion is to take the high level topics and make it your own. Love your personality and passion. Cheers
Ali looks so excited here, she lights up the screen :)
Damn 18 years snd still running. Legend
Good job! I find it interesting that they can hack you through a logo boot up. I am not a hacker but like to keep informed. I like tech. i forgot to add Happy holidays and a happy new year!
Today I learn the backdrop isn't a greenscreen.
Thank you!
Top Video!!!
God bless
What about if I inactivated the Boot logo on my computer, or is that still insecure? I don't see why anyone wants to waste their precious time with a damn boot logo, I'd rather look at what's happening when my system loads. I know of course that not all bios support inactivating it.
You gotta get closer to the camera.
as someone new to HAK5 world of things where should I begin, what kit or device to get started with?
I already learnt Python and Command Line...
I want to learn how to use the HAK5 devices specifically,
what devices should one start with?
Should I get a full kit or one device?
what is worth it?
and if so, which kit or device, and what courses are excellent for learning specifically Hak5 devices?
I feel excited and focused when I sit down with physical devices and like to learn more about how one can work with the HAK 5 arsenal of devices in cybersecurity.
thanks for the video! Hope you guys at HAK5 can reply to your potential customers here.:)
Learn the basics. Their tools are specialized but won't be as useful if you don't understand what's happening
Start by learning about shells, how networks work, ports, etc
Tryhackme has good beginner test
and if I like to choose a device or kit by Hak5, which one to get started with? thanks, I follow David Bombal's courses now... will follow his download Kali Linux to Mac and see how far I get to make it work@@FranzAntonMesmer
So I'd start out not worrying as much about specifically 'hacking' as I would worry about learning 'how things work'. If you're focused on systems, learn how to do everything in powershell and command line. If you're focused on network, start with learning about something small but impactful like magic packets and wake on lan. Look into wireshark and things like that.
Look first at what you want to do, then find different ways to solve that problem, and add that solution to your personal documentation tool kit.
hmm, I think you do not understand the question, to begin with. I was asking which of all their devices to start out with as a beginner of their devices.. no one said anything here about being worried about anything at all until you came online changing the context of the question...
if you are only here to harras and minimize people's interest to get started with Hak5 devices and think you are som coold dude, just continue elsewhere, no one got any need for your superior macho tactics.. just childish and dumb replies from you as I see it.. Anyone can start with a device, if that is what motivates people to learn that suggest accodring which device is best to get started with or go shut up somewhere else! the day I can haclk you I will come back and bite you!
@@IncendiarySolution
How can i bypass windows login if im signed in to my microsoft account not a locql account hirens HBCD and steallee bootable image dont seem to work
Don't use a Microsoft acc. Don't use windows. If you must, you can always use konboot
This is not new . Very old back in 90s
Doing a fine job, she'll do.
Well done Ali!
I am not subscribed
cool beans
Ali 💎!
❤🎉
It just feels like she's reading a script, no offense to Ali but I don't think this was a great change, I find it hard to believe she knows what's she talking about
I like my comment
No. Just, no. VPN and then tor all the time. Keep the ISP out of your business. If it makes you stick out like a sore thumb, good. Let whoever waste their time with analysing packets from cat pictures all they want.
Seems like a lot of hassle just to look at cat pics
First!
Ali, you are amazing at live streaming but this threatwire show doesn't do the justice to you personality. Snanno or dennis who are calm and collected tends to do threatwire better. I would suggest ali to threatwire in her own style.
She also is wearing a religious necklace and that just pathetic
Ali > Shannon
Woah lets not get crazy. Nice saber tho my friend.
yall sleeping on Ali crazy wait till she gets good @@BeWhoYouWant2
No disrespect to the host, but this isn't what I subscribed for. This feels like a real hollowing out of this channel.
Nothing has really changed though except for Ali doing what used to be done by Shannon 🤔
Legit question: What did you subscribe for that is now missing? Asking because unless it's Snubs, maybe HAK5/Ali will see the comment and use the feedback.
@@pudelz This is an underrated comment. Saying "I don't like change" isn't helpful. Let them know specifically what you don't like. Otherwise you're wasting space on here.
Shes doing her job which is giving us information... what's changed on this channel except for the host?
She also tries to be way too woke. Don't like her either
No you dont 🤣🤣🤣🤣🤣🤣