Paul's Security Weekly Subscribe

Exploiting Client-Side Node.js with Moses Hernandez – Paul’s Security Weekly #516

June 2, 2017

I know what you're thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, its vulnerable to attacks! Moses Hernandez is a Consulting Systems Engineer for Cisco Systems and an Instructor for pen testing courses at the SANS Institute. Moses shows us how to find Node.js on a system, locate the different versions, and exploit to bypass UAC! Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Full episode and show notes

Related

The Importance of OT Security: The Evolving Threat Landscape – Ken Townsend – CSP #170

April 16, 2024

Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches ...

Application security

Arg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome’s V8 Sandbox – ASW #281

April 15, 2024

A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more!

From Idea to Success: How to Operationalize a Startup from Zero to Exit – Seth Spergel – BSW #346

April 15, 2024

Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well. In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss h...