Podtranscript
Log out

Le Comptoir Sécu: [SECHebdo] 14 avril 2021 - pwn2own, Project Discovery, AirStrike, μCornerVuln, GDPR, Ransomware, HackTheBox, etc.

L'équipe du Comptoir Sécu L'équipe du Comptoir Sécu 4/14/21 - Episode Page

<![CDATA[https://www.comptoirsecu.fr/images/covers/2021-04-14-sechebdo-vignette.jpg" />
]]>

<p>Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d&rsquo;habitude, si vous avez raté l&rsquo;enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio:</p>

<p>
<strong>Au sommaire de cette émission :</strong>
<ul><li>Todo <strong><a href="#t=00:01:30" onclick="location.reload()">(00:01:30)</a></strong></li></ul>
</p>

<script type="application/ld+json" id="podigee-settings">
{
"options": {
"theme": "default"
},
"extensions": {
"ChapterMarks": {
"disabled": false
},
"EpisodeInfo": {},
"Playlist": {
"disabled": true
},
"Transcript": {
"disabled": true
}
},
"podcast": {
"feed": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2021-04-14.m4a"
},
"episode": {
"media": {
"mp3": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2021-04-14.m4a"
},
"coverUrl": "https://www.comptoirsecu.fr/images/covers/2021-04-14-sechebdo-vignette.jpg",
"title": "[SECHebdo] 14 avril 2021",
"subtitle": "pwn2own, Project Discovery, AirStrike, μCornerVuln, GDPR, Ransomware, HackTheBox, etc.",
"description": "Épisode du 14 04 2021 - SECHebdo est une revue de l&#39;actualité cybersécurité réalisée en live sur Youtube, généralement le mercredi soir."

,"chaptermarks": [





{ "start": "00:01:30", "title": "Todo"}


]

}
}
</script>

<script type="text/javascript" src="https://www.comptoirsecu.fr/js/podigee-get-settings.min.192d4afa439903f73345b15d3d1b7132598bb1d2238d1f1fc91d39b516bf2ed2.js" integrity="sha256-GS1K&#43;kOZA/czRbFdPRtxMlmLsdIjjR8fyR05tRa/LtI="></script>
<script class="podigee-podcast-player" src="//cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js" data-configuration="podigee"></script>


<p>Notre discord : <a href="http://discord.comptoirsecu.fr">http://discord.comptoirsecu.fr</a></p>

<p>A bientôt pour d&rsquo;autres émissions/podcasts!</p>

<h3 id="liste-des-sources">Liste des sources :</h3>

<ul>
<li>Récap pwn2own 2021

<ul>
<li><a href="https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results">Zero Day Initiative — Pwn2Own 2021 - Schedule and Live Results</a></li>
<li><a href="https://twitter.com/thezdi">https</a></li>
</ul></li>
<li>Project Discovery on fire

<ul>
<li><a href="https://github.com/projectdiscovery/pd-actions">GitHub - projectdiscovery/pd-actions: Continuous recon and vulnerability assessment using Github Actions.</a></li>
<li><a href="https://github.com/projectdiscovery">ProjectDiscovery · GitHub</a></li>
</ul></li>
<li>HackTheBox youtubers

<ul>
<li><a href="https://www.youtube.com/channel/UClGm2C8Qi0_Wv68zfjCz2YA">xct - YouTube</a></li>
<li><a href="https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA">IppSec - YouTube</a></li>
</ul></li>
<li>Ca chauffe dans les browsers

<ul>
<li><a href="https://leethax0.rs/2021/04/ElectricChrome/">leethax0.rs | ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3</a></li>
<li><a href="https://github.com/r4j0x00/exploits">GitHub - r4j0x00/exploits</a></li>
</ul></li>
<li>Airstrike

<ul>
<li><a href="https://shenaniganslabs.io/2021/04/13/Airstrike.html">Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316) | Shenanigans Labs</a></li>
<li><a href="https://beta.hackndo.com/kerberos-silver-golden-tickets/">Silver &amp; Golden Tickets - hackndo</a></li>
</ul></li>
<li>Désinfection offerte par le FBI

<ul>
<li><a href="https://www.bleepingcomputer.com/news/security/fbi-nuked-web-shells-from-hacked-exchange-servers-without-telling-owners/">FBI nuked web shells from hacked Exchange Servers without telling owners</a></li>
</ul></li>
<li>CornerVuln

<ul>
<li><a href="https://www.bleepingcomputer.com/news/security/cs-go-valve-source-games-vulnerable-to-hacking-using-steam-invites/">CS:GO, Valve Source games vulnerable to hacking using Steam invites</a></li>
</ul></li>
<li>GDPR Corner

<ul>
<li><a href="https://www.bleepingcomputer.com/news/security/mozilla-flooded-with-requests-after-apple-privacy-changes-hit-facebook/">Mozilla flooded with requests after Apple privacy changes hit Facebook</a></li>
<li><a href="https://www.lemonde.fr/economie/article/2021/04/11/alibaba-mis-a-l-amende-par-pekin-qui-accentue-la-reprise-en-main-de-la-tech-chinoise_6076382_3234.html">L’amende de 2,3 milliards d’euros infligée à Alibaba, signe de la reprise en main des géants de la tech par Pékin</a></li>
<li><a href="https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-search-for-leaked-facebook-phone-numbers/">Have I Been Pwned adds search for leaked Facebook phone numbers</a></li>
<li><a href="https://www.bleepingcomputer.com/news/security/github-arctic-vault-likely-contains-leaked-meddata-patient-records/">GitHub Arctic Vault likely contains leaked MedData patient records</a></li>
</ul></li>
<li>Enquête statistiques infosec

<ul>
<li><a href="https://www.ssi.gouv.fr/actualite/lanssi-et-la-dgefp-en-collaboration-avec-lafpa-lancent-une-enquete-sur-les-professionnels-de-la-cybersecurite/">L’ANSSI et la DGEFP, en collaboration avec l’AFPA, lancent une enquête sur les professionnels de la cybersécurité | Agence nationale de la sécurité des systèmes d&rsquo;information</a></li>
</ul></li>
<li>Infos groupes ransomware

<ul>
<li><a href="https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel">Ransom Mafia Analysis of The World&rsquo;s First Ransomware Cartel - Analyst1</a></li>
<li><a href="https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf">PDF Document</a></li>
</ul></li>
<li>Rapport FireEye

<ul>
<li><a href="https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html">M-Trends Cyber Security Trends | FireEye</a></li>
<li><a href="https://twitter.com/uuallan/status/1379129560311201796/photo/1">https</a></li>
</ul></li>
<li>Découverte de la semaine, du mois, de la période quoi

<ul>
<li><a href="https://github.com/ANSSI-FR/DFIR-O365RC">GitHub - ANSSI-FR/DFIR-O365RC: PowerShell module for Office 365 and Azure AD log collection</a></li>
</ul></li>
</ul>