877.791.9571 |

Monthly Archives: August 2012

Crack Me Challenge Part 4

First we must take a look at the following piece of code that will be presented in the code segment 5:

004017FC |. B8 40000000 mov eax,40

00401801 |. 33C9 xor ecx,ecx

00401803 |> 8B940C C000000>/mov edx,dword ptr ss:

0040180A |. 3B540C 70 |cmp edx,dword ptr ss:

0040180E 0F85 53010000 jnz main.00401967

00401814 |. 83E8 […]

WordPress Security

1. Introduction

There are numerous tools available when checking the security of the WordPress Content Management System (CMS). In the rest of the article we’ll mention the WPScan tool, which does a great job of scanning the WordPress installation and its plugins for security vulnerabilities.

2. WPScan

WPScan is a WordPress security […]

  • Keyboard
    Permalink Gallery

    CrackMe Challenge Part 3: The Logic Behind the First Challenge

CrackMe Challenge Part 3: The Logic Behind the First Challenge

If we take our predicate that we’ve seen in the end of part 2 into account and input at least 64 bytes (0×40) into the Key 1 field and leave the Name field at a value AAAAAAAA, a second message box is displayed as can be seen in the […]

Nmap Evade Firewall & Scripting

Nmap is the most powerful scanner that is used to perform so many functions including port scanning, service detection, and even vulnerability detection. Nmap from beginner to advanced has covered many basic concepts and commands, and in this second part of this series of articles I will discuss some […]

By |August 29th, 2012|Hacking|3 Comments

Using Log4Trail

A few weeks ago, I happened to read an article from pir8geek.com (a blog about Linux goodies and tips) about a new tool which is very useful to system administrators and users for monitoring their files, folders, configurations, backups, scripts and directories in Windows, Linux, FreeBSD, Mac OS, and […]

By |August 28th, 2012|Forensics|0 Comments

Interview: Marius Corici, CEO of Hack a Server

Marius Corici is the Co-Founder and CEO of Hack a Server. He is a serial entrepreneur and has been involved with various industries. In 2003 he started a business offline in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer in […]

CrackMe Challenge Part 2

The First Message Box

Let’s start our unpacked program with OllyDbg, run it, input eight A’s into the Name and Key 1 field and press CHECK STAGE 1. What happens is that a warning message is displayed saying that the key is invalid as is presented in the picture below:

When […]

  • keyboard
    Permalink Gallery

    ESET Rule the Code – CrackMe Challenge Part 1: The Unpacking Process

ESET Rule the Code – CrackMe Challenge Part 1: The Unpacking Process

1. Presenting the Problem

The CrackMe challenge was first observed on the ESET CrackMe web page, which looked like the the picture below:

On the web page we can observe that the challenge is being held at Black Hat 2012. The winner will receive free entry into one of the conferences, […]

By |August 27th, 2012|Hacking|9 Comments

Securing the Software Development Environment

In the February 2012 edition of Computer, a sidebar to an article on “Web Application Vulnerabilities” asks the question: “Why don’t developers use secure coding practices?” The sidebar provides the typical cliches that programmers feel constrained by security practices and suggests that additional education will correct the situation. […]

  • hr20
    Permalink Gallery

    IT Recruiter Interview: John Maughan and Chris Currie from ITHR

IT Recruiter Interview: John Maughan and Chris Currie from ITHR

Information Technology is the engine room of the modern business, according to recruitment consultancy ITHR (IT Human Resources) in London, England.

If that statement holds true, then it wouldn’t be a stretch to suggest that John Maughan, an ITHR senior recruiter focusing on the network-security arena, and Chris Currie, an […]

By |August 27th, 2012|Interviews|1 Comment

Vulnerable Applications

Introduction

How often have we found ourselves in need of a vulnerable application, which we could use for various purposes? We could use such applications to test the web application scanners to assess the effectiveness of each scanner. We could also use vulnerable applications to test our knowledge of specific […]

By |August 24th, 2012|Hacking|1 Comment

Chapter 11 – Identity Management and Access Controls

Access controls help us restrict whom and what accesses our information resources, and they possess four general functions: identity verification, authentication, authorization, and accountability. These functions work together to grant access to resources and constrain what a subject can do with them.

This chapter reviews each access control function, four […]

A Review of Selected Cryptographic Libraries

Cryptography is the science that deals with the problems of concealing information by encrypting it, and contains the set of methods for achieving such secrecy. With cryptography, we can transform a normal, plain text, or other type of message in a way that it becomes unintelligible to unauthorized recipients. […]

Sneak Peak into the Art of Exploitation

It’s a well-known saying that gathering maximum information about the enemy is half the work done in defeating him. The same holds true when you are about to attack a target (a potential victim); the first step is to gather as much information as possible. Information gathering can be […]

By |August 22nd, 2012|Hacking|2 Comments

Analyzing the German Trojan, Part 3: the Skype Component

Introduction

In the last two parts, available here and here, we looked at the dropper and one of its components (a small EXE file) in quite some detail. In this part we will now look at another of its components, called SkypeLauncher.exe. This file seems to be available on Offensive […]

Can We Have a Safe Election via the Internet?

In connection with the upcoming USA presidential elections in 2012, I would like to discuss holding the election via the Internet and the risks associated with it. This is not a technical text; it does not show a technician carrying out attacks on individual choices. It is an article […]

Nessus

Nessus is an automatic vulnerability scanner that can detect most known vulnerabilities, such as misconfiguration, default passwords, unpatched services, etc.

From the following picture, we can see that Nessus can be classified as a vulnerability scanner, which is in turn part of the automatic scanners.

Installing Nessus

To install Nessus we must […]

By |August 21st, 2012|Hacking|0 Comments

JBOSS Exploitation

JBoss Application Server is an open-source Java EE-based application server. JBoss is widely used and is deployed by many organizations on their web servers. There are various vulnerabilities and bugs have been found on JBoss, but today we will have a look at one of the most critical bug in the JBoss application […]

By |August 20th, 2012|Hacking|4 Comments
  • Tor_Project_Anonymity_Online_-_Google_Chrome_2011-05-01_09-59-43
    Permalink Gallery

    Achieving Anonymity with Tor Part 5: Tor Bridges and Hidden Services

Achieving Anonymity with Tor Part 5: Tor Bridges and Hidden Services

1. Introduction to Tor Bridging

Running a Tor bridge is essentially the same as running a Tor relay, as far as configuration is concerned. We already mentioned that the only difference is that Tor bridges are not listed in the Tor directory. We also said that using a bridge is […]

By |August 20th, 2012|Other|0 Comments

Achieving Anonymity with Tor Part 4: Tor Relays

1. Introduction

We’ve seen that Tor network is constituted from Tor nodes, through which we tunnel our traffic to reach anonymity. So far we didn’t bother with terminology, because it wasn’t important; all we wanted to achieve was anonymity, which we did. But when we’re trying to configure a Tor […]

By |August 17th, 2012|Other|0 Comments