Course Review: Cracking the Perimeter by Offensive Security
Cracking the Perimeter (CTP) is the latest course offered by the team at Offensive Security. The course teaches expert level penetration skills including advanced tactics in web exploitation, binary manipulation and exploitation, and networking attacks. Building on material in the earlier course, Pentesting with Backtrack (PWB – Read Review), this offering provides intermediate students with a learning platform that can be used to become advanced practitioners of certain exploit methodologies. This review will attempt to provide a high-level overview of the course and set expectations for students who may be considering it. Divided into a registration puzzle, five sections, and an exam, the course provides a more in-depth view of common web application exploits, binary analysis and backdoors, anti-virus evasion, techniques for exploitation using memory concepts, exploit writing, and network exploitation techniques. Category: Linn
rtl-sdr.com - RTL-SDR (RTL2832U) and software defined radio news and projects. Also featuring Airspy, HackRF, FCD and more.
Vulnserver
Originally introduced here , Vulnserver is a Windows based threaded TCP server application that is designed to be exploited. The program is intended to be used as a learning tool to teach about the process of software exploitation, as well as a good victim program for testing new exploitation techniques and shellcode. What’s included? The download package includes the usual explanatory text files, source code for the application as well as pre compiled binaries for vulnserver.exe and its companion dll file. Running Vulnserver To run vulnserver, make sure the companion dll file essfunc.dll is somewhere within the systems dll path (keeping it in the same directory as vulnserver.exe is usually sufficient), and simply open the vulnserver.exe executable. The program supports no other command line options. Is there anything to be aware of when I run Vulnserver? Vulnserver doesn't actually do anything other than allow exploitation - there is no useful functionality. Exploiting Vulnserver
Google
[Review] Pentesting With BackTrack (PWB) & Offensive Security Certified Professional (OSCP)
The views and opinions expressed on this site are those of the author. Any claim, statistic, quote or other representation about a product or service should be verified with the seller, manufacturer or provider. Up until a month or so ago, everything I've learnt was done by using various free resources online. Last month however, I became an "offsec" student. I enrolled on the "Pentesting with BackTrack" (PWB) course, currently version 3 (syllabus). I wanted to do it for a few reasons:The challenge. We all learn differently and do so at different speeds. After looking at the syllabus, I set myself the goal of "getting into the admin network". In the last couple of days of lab time, I was ready to throw in the towel. My next mistake was to book the exam so soon after the Lab time ended. I should of known better than to go into an exam feeling so tired. There were a few "starting" problems to begin with - but there was an admin on hand in the IRC channel (as there seems to always be!)
Update - Comment cracker un mot de passe windows
Il y a quelques temps j'ai fait un screencast sur Youtube, où je présentais comment cracker un mot de passe windows avec Offline Empty Password Registry Editor. Valable pour la série, windows XP/Vista et 7. Depuis, la vidéo tourne bien et Romain, lecteur du blog, m'a contacté pour me dire que le soft était maintenant compatible windows 10. Du coup, pour tous ceux qui ont la mémoire qui flanche au moment de rentrer leurs mdp, je vous propose un petit flashback. J'avais réalisé l'opération sous windows 7 mais son utilisation ne change pas pour les versions windows 8 et windows 10. kiss ;) Rejoignez les 60094 korbenautes et réveillez le bidouilleur qui est en vous Suivez KorbenUn jour ça vous sauvera la vie..
Gibberbot: Free Secure Chat
Free unlimited messaging with your friends over Facebook Chat, Google Chat & more! Works with Android, iPhone, Mac, Linux or PC. PC Mag “100 Best Android Apps of 2013.” ★ COMPLETELY FREE, UNLIMITED MESSAGING: No charges, ever. Chat all day with your friends across the street or across the ocean. ★ CHAT WITH ANYONE, ANYWHERE: Chat with your friends on Google Chat (GChat), Facebook Chat, VKontakte, Yandex, Hyves, Odnoklassniki, StudiVZ, Livejournal, Jabber, and more! ★ WORKS ON EVERY PLATFORM: Android with Gibberbot, iPhone with ChatSecure, Mac with Adium, Linux with Jitsi, Windows with Pidgin, and more! ★ UNBEATABLE PRIVACY: We keep your messages 100% private using state of the art Off-The-Record (OTR) encryption. Don’t see your language? ***Disclaimer*** The Guardian Project makes apps that are designed to protect your security and anonymity.
Hidden Wiki - HiddenWiki.org
Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability
Introduction This is the fourth entry in my series of exploit tutorials. Part one is here , part two is here , and part three is here . In this entry, we will be reproducing the "aurora" Internet Explorer exploit using heap spraying. This vulnerability was originally discovered in the wild, and was used as part of the well publicised attack on Google that was (allegedly) performed by the Chinese. This is also the first time I have demonstrated a client side exploit in one of my tutorials - all previous tutorials have involved attacks on servers. Triggering the client side exploit usually involves the attacker enticing the user of the victim client system into visiting a malicious web site or opening a malicious document. In this tutorial I will be hosting the malicious files on a web server running on my attacking system and I will access my malicious web site from my victim system. Warning! Required Knowledge To follow this tutorial you will need to have basic knowledge of: System Setup
