Last January, I wrote an article about the SOLDIERX Hacker Database entitled Welcome to the World’s Largest Public Hacker Database which was about some of HDB’s hacker or security profiles, interesting resources and its significance to the OSINT (Open Source Intelligence) community. I received both criticisms and praises about […]
In this paper we will talk about a non-common vector of SQL injections.
Did you say a “Cookie” ?
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to […]
Once you have control over a target and go into the post-exploitation phase, you start thinking on how to keep future access and most importantly how to stay undetected.
This article will present some insight on the talk “The Listening” presented at Infiltrate 2011. For that presentation a […]
This article talks about novel security vulnerabilities of IPv6 tunnels – an important type of migration mechanisms from IPv4 to IPv6 implemented by all major operating systems and routers. The vulnerabilities allow an attacker to form routing loops which can easily produce DoS attacks. I will describe the principles […]
SSL and network monitoring aren’t the most compatible of partners – even with the most sophisticated detection infrastructure in the world, you’ll not derive many useful indicators from the barren randomness of encrypted traffic. Consider the plight of the Sguil sensor shown below:
The webserver’s use of SSL means that […]
In these two videos, we will demonstrate how to write an exploit of the Structured Exception Handler. The video assumes you already understand how SEH and exploits work.
We will exploit an Easy Chat Server using OllyDbg. First we will use a skeleton of an exploit to find a SEH […]
In this video we will demonstrate how to crack WPA2 using the Airmon-ng suite. We will do it by:
Identifying an access point
Capturing traffic from that access point
Attempt to capture the handshake. We have two options for doing this.
We can wait for a client to connect […]
In this video, we will demonstrate the adobe_utilprintf exploit. We will show how to set up a PDF within Metasploit that will deliver an exploit via an HTML link. That exploit will have a victim connect back to you with a reverse TCP connection to shell.
Once connected, we will […]
What is Creepy ?
So what is Creepy actually and how does it come into the “Geolocation” picture ? Creepy is a geolocation information aggregation tool. It allows users to gather already published and made publicly available geolocation information from a number of social networking platforms and image hosting services. […]
Following their presentation at Infiltrate 2011, Jon Oberheide and Dan Rosenberg answered a few questions about the talk they gave.
Jon Oberheide is the CTO of Duo Security, an Ann Arbor-based startup developing kick-ass two-factor authentication. In his free time, Jon dabbles in kernel exploitation, mobile security, and beer brewing. […]
There was a lot of attention paid to a new type of browser attack recently called the Boy in the Browser. To find out more about this technique, we contacted Amichai Shulman of Imperva to answer a few questions.
Shulman is Co-Founder and CTO of Imperva, where […]
This is a brief intro to automating recon through bash scripting. This example uses nmap scans that we’re automating. We teach this and much more in our penetration testing and ethical hacking courses. This is on the list of my ideal skill-sets for penetration testing – so you can […]