background preloader

Cybrary - Free Online IT and Cyber Security Training, Forever!

Related:  Hacking && Hackers && H(a)cktivismSecurity/Encryptionsecurity and hackingAndroidFree & Open Education Resources

Too Curious For My Own Good: Jam Intercept and Replay Attack against Rolling Code Key Fob Entry Systems using RTL-SDR For the past 6 months I have been developing a proof of concept attack against rolling code key fob entry systems. Some examples of affected systems would be the key fob you use to unlock your car. Or the key fob you use to disarm your home security system. Or even open the garage door. The oscillators used in these key fobs are typically low cost, meaning that they may not operate at exactly their design frequency throughout the full temperature range.

An Encrypted Internet Is a Basic Human Right Nico Sell is co-founder and co-chairman of Wickr Inc. This Op-Ed is part of a series provided by the World Economic Forum Technology Pioneers, class of 2015. Sell contributed this article to Live Science's Expert Voices: Op-Ed & Insights. The Real Science Behind Cracking Passwords b46f685f85e0af830d82ddbbe795eff3 By adding a unique salt, I can do something about that. I created a quick Javascript program that takes the user’s name, and pulls the first and last three letters from their username and makes them into a salt. Then, the program takes the salt, plus the user’s password, and runs them through the MD5 algorithm and produces the hash that will be their password.

Free Malware Analysis Training Class from Cybrary Get started with Malware Analysis by viewing the course videos below. If you are looking to learn how to perform dynamic and static analysis on major files types, carve malicious executables from documents, and how to recognize common malware tactics, this course is the one. Start learning by clicking on a module below! WeBWorK - Introduction What is WeBWorK? WeBWorK is an open-source online homework system for math and science courses. WeBWorK is supported by the MAA and the NSF and comes with a National Problem Library (NPL) of over 20,000 homework problems. Problems in the NPL target most lower division undergraduate math courses and some advanced courses. Supported courses include college algebra, discrete mathematics, probability and statistics, single and multivariable calculus, differential equations, linear algebra and complex analysis. WeBWorK is used successfully at over 700 colleges and universities from large research institutions to small teaching colleges.

mitmproxy — mitmproxy 0.17 documentation mitmproxy is a console tool that allows interactive examination and modification of HTTP traffic. It differs from mitmdump in that all flows are kept in memory, which means that it’s intended for taking and manipulating small-ish samples. Use the ? shortcut key to view, context-sensitive documentation from any mitmproxy screen. hackme: Deconstructing an ELF File A friend recently asked me to find the password for a little hard-to-hack program he had written and I agreed to it. The short journey of a few hours that led me to its password were extremely interesting and this article describes the process as well as some of the new techniques learnt along the way. Few minutes after accepting his challenge, I received a binary called "hackme" in an E-mail and I got started! Those interested in giving it a shot can download the binary file and get back to this article later. Do let me know if you find anything interesting along the way that I did not think of or missed!

Free and Open Source Cyber Security Learning Cybrary | 0P3Nuser generated content What is 0P3N? 0P3N is content you won't find anywhere else on the web. Free Penetration Testing and Ethical Hacking Training Course Watch the Course Intro Video Get started with Ethical Hacking by viewing our course videos below. If you are looking to become a pen tester, this course explains the fundamentals necessary for advancement.

MyOpenMath MyOpenMath is designed for mathematics, providing delivery of homework, quizzes, and tests with rich mathematical content. Students can receive immediate feedback on algorithmically generated questions with numerical or algebraic expression answers. And it can do so much more, providing a full course management system, including file posting, discussion forums, and a full gradebook, all designed with mathematics in mind. MyOpenMath can be used to web-enhance an on-campus course, as part of hybrid course, or to run a fully online course. To get some idea how the system can be used by instructors, watch this quick three minute video [+]

Extremely severe bug leaves dizzying number of software and devices vulnerable Researchers have discovered a potentially catastrophic flaw in one of the Internet's core building blocks that leaves hundreds or thousands of apps and hardware devices vulnerable to attacks that can take complete control over them. The vulnerability was introduced in 2008 in GNU C Library, a collection of open source code that powers thousands of standalone applications and most distributions of Linux, including those distributed with routers and other types of hardware. A function known as getaddrinfo() that performs domain-name lookups contains a buffer overflow bug that allows attackers to remotely execute malicious code.

backdooring your javascript using minifier bugs In addition to unforgettable life experiences and personal growth, one thing I got out of DEF CON 23 was a copy of POC||GTFO 0x08 from Travis Goodspeed. The coolest article I’ve read so far in it is “Deniable Backdoors Using Compiler Bugs,” in which the authors abused a pre-existing bug in CLANG to create a backdoored version of sudo that allowed any user to gain root access. This is very sneaky, because nobody could prove that their patch to sudo was a backdoor by examining the source code; instead, the privilege escalation backdoor is inserted at compile-time by certain (buggy) versions of CLANG. That got me thinking about whether you could use the same backdoor technique on javascript. JS runs pretty much everywhere these days (browsers, servers, arduinos and robots, maybe even cars someday) but it’s an interpreted language, not compiled.

Related:  Technology