BeefYT

Sadly it's not abnormal i did a test on a Company about 2-3 weeks ish ago and called the admin team and ended up with the admins username and password which was then the same username and password for every login across the companies systems. Which would have given me full control. Took me 5 minutes to essentially own a multi million ££ comapny.

We do realise this is works if the password is bruteforcing using no salts or formulas to expand on the bruteforce and uses previous breahed passwords. All these tools are doing is marrying up against wordlists. For example my password is password. Someone will run my account against a wordlist a common wordlist is **** then soon as ****.txt comes across my password in the list it matches. Most attackers with some experience will run against salts and information they know about you. for example my password is password123! I will run my account against the same list but depending on the tool i use i will make the tool attempt every password on that list with 123, !, 123! after the words. until it matches. never use: 123 2022 / 2023 ! ? at the end of your passwords they are common when a website asks for a special character most people just add ! at the end and then wounder why the password is easily guessed. No password is uncrackable especially long passwords that are varied. But anything less than 12-15 characters long as a rule is crackable by an attacker with relative ease. as a rule for a secure password make a random password something completely irrelevant to you, String words together if you can, replace letters with numbers where you can instead of an A put 4, instead of using spaces use / and open and close your passwords with special characters for example {F34rl3ss/4ss4ss1ns} These tools are good against script kiddies but anyone else not great. https://haveibeenpwned.com/Passwords - Check your password to see if it's ever been pwned. If it has or you find a password that is similar your password can be cracked quickly.

I know most people most likely have an apple product make sure you run the most recent update! New exploit has been released CVE-2022-42856 That may give the attacker enough priveleges to run arbitrary code execution. While apple have said it's not exactly clear on how the vulnerability works, researchers have said they were able to infect devices but using an infected domain. While i have not verified the exploit myself on how it works i suggest updating all devices made by apple and being extremely careful what domain's you go to. I will at some point have a toy around with it myself this week and let you all know if i find out any more details. STAY UPDATED! Links: https://thehackernews.com/2022/12/new-actively-exploited-zero-day.html -- News reporting website. https://vuldb.com/?id.215748 -- Details for CVE-2022-42856

Most companies now have it as company policy to make sure tests are run on a clean VM. And .GIT uploads are very much a CTF thing still very existent on CTF's but as far as real world testing goes that practise was fazed out and rectified a long time ago. Companies are starting to realise or at least most that if you are hacked and data gets leaked the fine they receive will cripple the company more than the actual attack itself. Why good developers get paid a bunch of money because they can keep the company alive. And the same for any Cyber Security worker we get paid well because we keep businesses safe and alive. And that pay pool is only growing.

Will always be impossible to stay safe mate. TOR works against hackers that have a very limited skill set. For someone thats experienced it doesn't take long. I could probably catch up with some just running the TOR service in little amounts of time. Proxy chaining on the other hand can keep you hidden if you play to knowledge. For example if i wanted to attack a US based network/server i would push my traffic through a VPN for the encryption to proxies based in China, Russia etc. The chances of me being found are incredibly low. 99% of the time i browse the web in a contained envoirnment (VM) think at the moment i have 10 VM's on my main PC. At the first sign of a breach i burn the VM. That's how i stay safe. Running a good anti virus helps mitigate the pool of malware on the internet.

Doesn't always work just cuts the audience of people that can attack you by a substantial amount and it takes more time. Best way you can stay safe is staying up to date with everything, Only download credited apps with good active developers, check to see what ports you have open and what is listening on them ports and learn to run manual virus checks. No ones ever safe on the internet all you can do as a consumer is make an attackers life extremely difficult but everything is hackable. And if your ever not sure on an email or a download open it in a contained envoironment (such as a vm) check and clarify it's safe and then action it. (But this quickly turns into malware analysis and that's hard work for people that have no idea what to look for and can't read or write code.)

By default you should be on auto update and i believe it's under preferences but i haven't looked into it.. I don't use chrome at all just know how to exploit old versions xD

It's best to leave chrome on auto update. personally i don't use it. For several reasons really but 80% of PC owners most likely do have and use chrome why i let everyone know. To many other better browsers than chrome.

Your good.

Chrome have launched another update to properly patch CVE-2022-4135. Make sure you update and you are on version: .123 for windows or .122 for macOS and Linux. PS: That should be the end for CVE-2022-4135 until about 2-3 months time when .123 is vulnerable...

Gitbook! Free and just absolutely incredible to be honest. https://www.gitbook.com/

Why we make money mate and quite a bit for it because people will comprimise anything and everything in this day and age to make money.

It's incredibly likely that other browsers will be effected by it. Just be a case of different vectors and paths compared to Chrome. None the less it's why its so important to just update everything consistantly. And if the dev no longer supports it get shot of it.

Yeah... For this day and age for a overflow exploit to still work is shocking. People will take advantage of it was just lucky Google actually picked it up first rather than someone else. Well thats as far as we are aware someone may have known about it and just kept quiet. Every hacker has a card up his sleeve.

Hello mate, After that update. You may get another pop up for the update. You are quite a way behind and .107 Best thing to do is turn on auto updating. ALT + F4 while on Chrome. CTRL + ESC (Task manager) Scroll through processes make sure you have completely killed Chrome. Restart Chrome. The Boot up script will execute which triggers auto update scripts.

Couple days ago Google released an emergency security update for Google Chrome after another Zero Day exploit was published. If you wish to research a bit more on what the vulnerability is you can search CVE-2022-4135. This is the 8th Zero Day this year. The security risk: Attackers are able to execute and manipulate the file path that Chrome takes. This can lead to memory leaks and potential for Remote Code Execution which can lead to your entire system being exploited. These are the chrome versions you want to be at now: version 107.0.5304.121 for macOS and Linux version 107.0.5304.121/.122 for Windows If you are running any other browser you are advised to make sure they are updated which most will over the next week. Attackers will take advantage of this exploit it's incredibly easy to execute. I have tinkered with the vulnerabilty a little bit to see what it does and it took me 10 minutes to own another machine on my local network. This vulnerability is classed as being actively exploited. Updating: Chrome on the top right hand corner will display an update symbol click it and update. Make sure you have automatic updates on. This is googles quick fix release. Another vulnerabilty will more than likely come up in the next week or so. If i get hold of any more information ill post it here. Beef Offensive Cyber Security Engineer & Penetration Tester

New series for War Thunder from Noob to pro in top tier. I have spent hundreds of hours playing WWII and Cold war era tanks and jets. But next ever stepped into the modern day Top tier tanks. This series will cover from my very first game playing a completely new game dynamic all the way up to when i think im competent in top tier. Please Like, Comment and subscribe.

Just a quick montage i threw together on Insurgency Sandstorm on the =FA= Beginners server. Got another 3 other video's that have a bit more time spent on them just need to get intro's, outro's and tumbnails made for them. 2 videos are for War Thunder and the 3rd will be another INS: Sandstorm with =FA= video again. new release here: Like, Comment and do the subby wubby helps with the youtube algorithm nonsense.