Security


• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)

• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknessesRead more..

Your rating: None Average: 3 (2 votes)

For this "tutorial" we will use a real program called PDF2Word.
I stumbled upon this program when trying to convert a pdf document to a word document (duh..).

The funny thing about this program is that it costs $39.95 and that it is released under the GPL.

Let's start shall we?

1: Obtain a copy of the program at http://www.verypdf.com/pdf2word/index.html
We will use version 2.6 in this tutorial.Read more..

Your rating: None Average: 2 (1 vote)



WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours. Read more..

Your rating: None Average: 4.3 (7 votes)


When analyzing the code of a Trojan horse it often contains  methods  and functions that can be assigned to typical function groups and modules.  Even if the code and inner organisation seems to be chaotic and hard to understand because of  its structureless appearance you can assign a function to at least one of these groups. I want to give you the big picture, an overview about the inner structure of a Trojan horse and taking the confusion a little.



Dropper

The Trojan horse is wrapped by its dropper which is not a core component in the proper sense. But because it plays an important role in propagation and the installation of  the Trojans it is worth mentioning it.Read more..

Your rating: None Average: 3.5 (2 votes)

Introduction

Writing a buffer overflow attack against a Windows program present several challenges that make it a bit more difficult than writing exploits on a Linux platform. In addition to not having popular tools such as gdb (the GNU Debugger) an attacker is faced with a closed box. Not only are most Windows applications closed source, but the operating system itself doesn't provide much transparency. When taken together this makes an attackers job fairly daunting.

Windows buffer overflow attacks are quite possible, however, and I'm writing this tutorial to walk you through developing one such attack. This article assumes some prior knowledge of assembly, x86 architecture, C and Perl programming. I hate to raise the bar like that, but if you're not familiar with these concepts then writing buffer overflows will be next to impossible as their inner workings hinge on all of these topics. While there are many tools you can use to assist in the process of finding and exploiting buffer overflow vulnerabilities, without a thorough understanding of how they work you're going to have a very hard time actually creating new exploits. Read more..

Your rating: None Average: 3.3 (9 votes)


Module 0: Introduction
Module 1: Business and Technical Logistics of Penetration Testing
Module 2: Information Gathering
Module 3: Linux Fundamentals
Module 4: Detecting Live Systems
Module 5: Reconnaissance -- Enumeration
Module 6: Cryptography
Module 7: Vulnerability Assessments
Module 8: Malware – Software Goes Undercover
Module 9: Hacking Windows
Module 10: Advanced Vulnerability and Exploitation Techniques
Module 11: Attacking Wireless Networks
Module 12: Networks, Firewalls, Sniffing and IDS
Module 13: Injecting the Database
Module 14: Attacking Web Technologies


Module 1: Business and Technical Logistics of Pen Testing

• Definition of a Penetration Test
• Benefits of a Penetration Test
• ID Theft Statistics
• Recent Hacking News
• The Evolving Threat
• Vulnerability Life Cycle
• Exploit Time Line
• Zombie Statistics
• Zombie Definition
• Botnet Definition
• Types of Penetration Testing
• Pen Testing Methodology
• Hacker vs. Penetration Tester
• Tools vs. Technique
• Penetration Testing Methodologies
• OSSTMM - Open Source Security Testing Methodologies
• Website Review
• SecurityNOW! SX
• Case Study and Lab

Module 2: Information Gathering
Read more..
Your rating: None Average: 3.8 (5 votes)

Search

Loading

Sponsered links

Bookmark Us!

Share/Save

Page Rank

Quotes

Knowledge is power" To obtain information is no crime, to use that information sometimes is ! 
— unknown

Explore Tags

Follow Us