877.791.9571 |

Monthly Archives: October 2012

  • laptop
    Permalink Gallery

    Legal and Technological Concerns Regarding the Use of BIOS Anti-theft Technologies

Legal and Technological Concerns Regarding the Use of BIOS Anti-theft Technologies

1. Introduction

In 2006, a laptop containing personal and health data of 26,500,000 veterans was stolen from a data analyst working for the US Department of Veterans Affairs. The data contained the names, dates of birth, and some disability ratings of the veterans. It was estimated that the process of […]

Free Web Application Scanners, Part 2

In the first part of this article, we have seen the need for free web application scanners and also we have looked into a few tools which are available in the market. We have also seen the features available in those tools, steps to use them and their limitations. […]

  • metsploit.png
    Permalink Gallery

    Q: A Collection of Metasploit Modules Not Accepted to Main Trunk for Various Policy or Quality Reasons

Q: A Collection of Metasploit Modules Not Accepted to Main Trunk for Various Policy or Quality Reasons

Introduction

I guess we all know what Metasploit is, so we don’t really need to present to the reader the basics of Metasploit. But it’s still useful if we present the type of modules the Metasploit has. Metasploit has the following types of modules:

Auxiliary Modules: perform scanning and sniffing and […]

By |October 31st, 2012|Other|4 Comments

Hacking SVN, GIT, and MERCURIAL

1. Introduction

We all know that when programming with a small or large team, having a revision control in place is mandatory. We can choose from a number of revision control systems. The following ones are in widespread use worldwide:

CVS

Was one of the first revision control systems, and is therefore […]

By |October 30th, 2012|Hacking|0 Comments
  • Abstract background with binary code.
    Permalink Gallery

    x86 Assembly Language Applicable To Reverse Engineering: The Basics – Part 2

x86 Assembly Language Applicable To Reverse Engineering: The Basics – Part 2

For part 1 of this series, please click here.

Introduction

We saw in the first article an introduction to the most common x86 assembly instructions seen when it comes to disassembling and analyzing programs. We talked about registers, the stack / pile, flags , conditional jumps and the instruction of comparison […]

  • android phone
    Permalink Gallery

    Transforming your Android Phone into a Network Pentesting Device

Transforming your Android Phone into a Network Pentesting Device

Lester: Hey Nash, are you scanning our school’s network with just your smartphone?

Nash: Well, yes I am! I’m using a network penetration suite just to check out if the students are aware and practicing what they learned from my network security class, and because I just told them about […]

  • crime scene
    Permalink Gallery

    Investigating the Crime Scene, Part 1: A Brief Introduction to Computer Forensics and Autopsy

Investigating the Crime Scene, Part 1: A Brief Introduction to Computer Forensics and Autopsy

Recommended reading

http://www.thestudymaterial.com/presentation-seminar/computer-presentation/239-computer-forensics-presentation.html?showall=1

First Responder’s Guide to Computer Forensics – CERT (search for it on Google)

Introduction

Sometimes out of curiosity you might happen to hack a government computer, and as the adrenaline is working, you forget to erase some of the traces you’ve done while making the breach. In short, you are […]

  • net.png
    Permalink Gallery

    Demystifying dot NET reverse engineering – PART 2: Introducing Byte Patching

Demystifying dot NET reverse engineering – PART 2: Introducing Byte Patching

For part 1 of this series, please click here.

Introduction

We covered in the first part the very basics regarding dot NET programs, how they are compiled (which we will see again a little bit more in depth) and how we can see inside them using Reflector. We saw how easy […]

Quick and Dirty BurpSuite Tutorial

In this article, we are going to see another powerful framework that is used widely in pen-testing. Burp suite is an integration of various tools put together to work in an effective manner to help the pen-tester in the entire testing process, from the mapping phase to identifying vulnerabilities […]

Free & Open Source Rootkit and Malware Detection Tools

A lot of sniffers, rootkits, botnets, backdoor shells and malwares are still on the wild today, which are used by malicious attackers after successfully pawning a certain server or any live network in order to maintain their access, elevate their access privilege, and spy other users in a network. […]

By |October 26th, 2012|Forensics|5 Comments

Hacking PDF: util.prinf() Buffer Overflow: Part 2

For part 1 of this series, click here.

1. Introduction

In the previous part we’ve seen the structure of the PDF document and extracted the JavaScript contained in object 6. We also determined that the extracted JavaScript is run when the PDF document is opened. Now it’s time to figure out […]

Estimating Projects, Part II

For part 1 of this series, please click here.

In the first part, our discussion of the estimation focused primarily on the general principles of creating any type of estimate. It also showed the importance of proper assessment to make your life easier and save you disagreements with clients and […]

By |October 26th, 2012|Other|0 Comments

Estimating Projects, Part I

Each of us who has ever worked in any programming project has had to deal with one of the biggest problems we face when creating projects. It is, of course, the execution time estimate. The question about the duration of the project appears in virtually every conversation prior. Definitely […]

By |October 25th, 2012|Other|0 Comments

Filter Evasion: Part 2

For part 1 of this series, please click here.

1. Methods for Bypassing a Filter

There is a number of different attack strings that can be used to bypass a filter and still pass malicious data to the target application. Before looking at them, it’s better to first look at the […]

  • App-Inventor-for-Android-Code
    Permalink Gallery

    Thoughts from My Three-Night Coding Excursion: Part 3 – Leveraging C# for Your Daily Reverse Engineering

Thoughts from My Three-Night Coding Excursion: Part 3 – Leveraging C# for Your Daily Reverse Engineering

For part 2 of this series, please click here.

C# is my favourite language and I definitely intend to stick with it, as the community is amazing and more and more programming paradigms are incorporated in .NET. From Eiffel to F#, IronPython to managed/unmanaged C++/CLI, you can’t go wrong with […]

By |October 25th, 2012|Other|0 Comments

Filter Evasion: Part 1

1. Introduction

First we must talk about vulnerabilities. We know that vulnerabilities that are present in any kind of software can be exploited by accepting the right input data, and parsing and executing it without checking it for malicious strings. Thus, vulnerabilities are present in software products because the programmers […]

  • App-Inventor-for-Android-Code
    Permalink Gallery

    Thoughts from My Three-Night Coding Excursion: Part 2 – Design in C#

Thoughts from My Three-Night Coding Excursion: Part 2 – Design in C#

For part 1 of this series, please click here.

Let’s get on to understanding the GDI+ library to leverage the use of C# and build any kind of visual unit you want. The moment you use GDI+, the confines of a form breaks down, at the very least visually. You […]

By |October 24th, 2012|Other|0 Comments
  • net.png_r2_c2
    Permalink Gallery

    Demystifying Dot NET Reverse Engineering, Part 1: Big Introduction

Demystifying Dot NET Reverse Engineering, Part 1: Big Introduction

DISCLAIMER

This, and all upcoming parts, are made with a strict and pure educational purpose just to gain insights into dot NET programs. What you’re going to do with this and all upcoming parts is your own responsibility. I will not be held responsible for your eventual action and use […]

Hacking PDF: util.prinf() Buffer Overflow: Part 1

1. Introduction

One of the first things we need to do is to remove the PDF Reader we currently have installed and reinstall the old version of PDF Reader.

The old version of PDF Reader can be found on various web pages, but most prominent web page is definitely oldapps. We […]

By |October 23rd, 2012|Exploit Development|Comments Off
  • App-Inventor-for-Android-Code
    Permalink Gallery

    Thoughts from My Three-Night Coding Excursion: Part 1 – Design Principles

Thoughts from My Three-Night Coding Excursion: Part 1 – Design Principles

I will discuss a few topics that motivate me to make software the way I like it. Currently I am writing an Android analysis tool and since I am using C# for the same, I do have a few things to share as notes from my daily excursions in […]

By |October 23rd, 2012|Other|2 Comments