Leaderboard
Popular Content
Showing content with the highest reputation on 02/26/18 in all areas
-
Hello everybody! I'm Dorian, 41 years old from Romania, I'm a web & graphic designer quite fond of cybersecurity intelligence and pentest. I've joined this community to offer and receive information on web applications security and vulnerability. I know, normally I should not care about security hence I'm just a designer, but in 20 years I've encountered numerous and various situations of defacing and hacking and I needed to learn how to protect my work or my client's websites. In time I succeeded to offer a minimal and required percent of security and now I'm offering this service to all my clients if they agree. I do web application pentest on my own work and usually I ask other people to pentest and/or give me an opinion. I'm present on a series of websites where I can exchange knowledge but no Romanian ones, thus I've joined RST and I'm greeting the community for a good work and activity. I know that because one of my friends has referred RST to me. My everyday activity consists of designing websites, offering counseling to my clients, pentesting applications, doing some social engineering for a few companies with 100s of employees and filter the weak ones. As tools I use two laptop PCs with Slackware ( Predator Helios 300 17" - for production) and Kali Linux in dual boot with Tails (ASUS Vivobook - for pentest related stuff). I run a couple of VMs, too - I have to (macOS and Windows). I use only FOSS for production and stay with it. I do my graphics using GIMP and Inkscape, I write my code with gEdit and Bluefish, check my mail and handle calendar with Evolution. For penetration testing I use the well-known tools provided by Kali Linux plus a few more like uniscan, SPF, Katana Framework, routerspolit, whatweb, airgeddon, weeman. When it's the case I "drop" the RubberDucky which I took the time to customise a bit, I'm not a pro in pentest (I'm a pro in design), but I've managed to create some scripts that brought me good enough results. Other than that, I have a small KIT of antenna's, loads of cables (perhaps too many, hehe), external drives with tools for cloning machines, extract information etc. Ah, and of course, the screw-driver KIT and pliers and a chocolate, you never know when you need it I'm not sure yet what my contribution will be for the RST community, but I'm glad I'm here and looking forward to make friends, read your threads and perhaps have some geek fun. Cheers, Dorian2 points
-
Sursa:http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html Spring 2014 Lectures & Videos This page contains all the lecture Lecture Slides and youtube videos for the Spring 2014 semester of this course. Course Lecture Videos / Slides / Reading: Below you can find and watch all the course videos, required reading, and lecture slides for each lecture (where applicable). The videos hosted on youtube are lower quality than the ones avaiable for direct download (see above). On the left you can find a navigation sidebar which will help you find the lectures relevant to each meta-topic. Week 1 (Intro / Overview): Lecture 1: Intro, Ethics, & Overview: This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics. Resources: [Lecture Slides] Required reading: 0x200 up to 0x260 (HAOE) Lecture 2: Secure C Coding 101: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Reading: 0x260 up to 0x280 (HAOE) Week 2 (Secure C / Code Auditing): Lecture 3: Secure C Coding 102: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Required reading: 0x280 up to 0x300 (HAOE) and 0x350 up to 0x400 Suggested reading:Understanding Integer Overflow in C/C++Integer Undefined Behaviors in Open Source Crypto Libraries Lecture 4: Code Auditing: Auditing C Code, basic tips / strategies / and exercises Resources: [Lecture Slides] Reading: article on file i/o security Week 3 (Permissions Spectrum): Holiday (No Class, Jan 20) MLK Day Holiday Lecture 5: The Permissions Spectrum: Intro to Vulnerability Research topics and the Permissions spectrum. Resources: [Lecture Slides] Week 4 (Reverse Engineering Week): Lecture 6: Reverse Engineering Workshop 1 Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Resources: [Slides (pdf)] [Slides (pptx)] Class RE Exercises (Archive) Lecture 7: Reverse Enginerring Workshop 2: Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Week 5 (Fuzzing Week): Lecture 8: Fuzzing Lecture 1 Coverage of Fuzzing techniques for SDL, VR, and other applications. [Slides] Lecture 9: MIDTERM REVIEW: [No class video, see slides!] [Midterm Review Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): MIDTERM 1 [no video for this class] Lecture 10: Fuzzing Lecture #2 and Exploitation Lecture 101: PART 1: PART 2: There are two videos for this lecture. The first half is a wrap up of fuzzing topics. The second half the beginning of the exploit development lectures. Resources: [Fuzzing Slides] [Exploitation Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): Lecture 11: Exploit Development 102 Second lecture in the exploit development lecture series. Covering the very very basics of exploitation. Concept of ret2libc is covered, examples with basic exit() shellcode, and some position-independent basic shellcode. Resources: [Slides] Reading: Read 0x500 up to 0x540 in HAOE (Writing shellcode) Read 0x6A0 up to 0x700 in HAOE This class was cancelled (postponed to next week) Week 7 (Exploit Development / Networking): Lecture 12: Exploit Development 103 Third lecture in the exploit development lecture series. Coverage of heap and format string exploition (with demos), as well as exploit mitigations (ASLR, NX/DEP, stack cookies, EMET, etc...) Resources: [Slides] Reading: Read 0x680 up to 0x6A0 in HAOE Lecture 13: Networking Lecture 101: This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122) Resources: [Lecture Slides] Required reading: Read 0x400 up to 0x450 in HAOE. Related reading (not required): Defcon 18 - How to hack millions of routers- Craig Heffner Week 8 (Exploit Dev / Web Application Hacking/Security) Lecture 14: Exploit Development 102 Resources: [Slides] Reading: Read 0x450 up to 0x500 in HAOE(27 pages) Read 0x540 up through 0x550 in HAOE(11 pages) Read Chapter 1 in WAHH (15 pages) Lecture 15: Wireshark and Web Application Hacking/Security 101 [Video on Wireshark coming soon] Its a bit shorter than other videos as the class time is split between this lecture and a wireshark/tcpflow demo. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics, as well as a very basic demo using BurpSuite as a HTTP Proxy. Resources: [SLIDES] Required Reading: Chapters 2-3 in WAHH OWASP Top 10 Related Reading: PHP: A Fractal of Bad Design Week 10 (Web Applications): Lecture 16: Web Application Hacking/Security 102 Coverage of SQLi, XSS, Metacharacter Injection, OWASP top 10, and demos. Resources: [Slides] Required Reading: Reading: Chapters 9 of WAHH Related Reading:Advaned SQLi Lecture 17: Web Application Hacking/Security 103 Resources: [SLIDES] Required Reading: "SSL and the future of Authenticity" Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL Read Chapter 10 in WAHH Week 11 (Web Applications and Exploitation): Lecture 18: Web Application Hacking/Security 104 and Exploitation 104 This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF. Resources: [Slides] Required Reading: Reading: Chapters 12 of WAHH Chapter 0x550 in HAOE Related Video: (IDS/IPS Detection, Evasion, VOIP hacking) Lecture 19: Midterm review #2 and Exploitation 105 ROP Lecture: This lecture covers ret2libc, return chaining, ROP, how calling conventions affect ROP, how ROP is used to defeat DEP, how ASLR affects ROP, how to defeat ASLR to enable ROP, stack pivoting, and etc... This lecture is just the concepts, next time is the demos. Resources: [Slides] Reading: ROPC blog post part 1 Week 12 (ROP and Metasploit): Lecture 21: Guest Lecturer Devin Cook on ROP and a brief history of exploitation Devin Cook presented a recap of all the exploitation techniques covered thusfar and lectured on ROP and presented demos on ROP exploitation. Lastly defenses against ROP were discussed. Resources: [Slides] Required Reading: ROPC part 2 blog post Lecture 22: Metasploit This lecture covers the Metasploit framework. Resources: [Slides] Week 13 (MIDTERM #2 and Post Exploitation): MIDTERM #2 [No video / lecture] Lecture 23: Meterpreter and Post Exploitation Post exploitation, Windows authentication / tokens, and pivoting techniques are covered. Demos of SET, Meterpreter, and etc are shared. Resources: Slides] Week 14 (Forensics and Incident Response): Lecture 24: Volatility and Forensics Old video covering Volatility and performing forensic analysis on hacked machines. Resources: [Slides] Lecture 25: Revisiting Old Topics Wrapping up the course, revisiting old topics: stack cookies and going in depth on how they are bypassed, covering the SSL bugs, digitally signed malware, and then the big picture. Resources: [Slides] Week 15 (Last Week: Physical Security and Social Engineering): Lecture 26: Social Engineering Lecture 27: Physical Security & Locks/Lockpicking This work is licensed under a Creative Commons license.2 points
-
1 point
-
@ManutaDeAur Haha, acum am inteles. Nu sunt sunt rumeno care nu mai stie cum se spune la "tigaie" aici la voi in Romania PS. Sanchiu pour le uelcam1 point
-
1 point
-
@dorianpro, @Ossian Nu a fost cu rautate, eram pur si simplu curios, am crezut ca esti Roman si ca ai crescut in alta parte . P.S: Welcome .1 point
-
1 point
-
sucul din ciorapi de cioban... Stadiul 4= plin de metastaze in diverse organe chimioterapia=reactii adverse N Sfatul meu este sa ii asiguri o "viata" cat mai buna pt ca nu va dura mult si va pleca dintre noi. Paliatie Nu inteleg dece postezi pe acest forum cand poti foarte bine sa mergi la diversi doctori oncologi care au decenii de studii si practica si experienta si ce vrei tu....postezi aici primesti raspuns de la x cu 4 clase dar care el le stie pe toate...ca deh are net si stie sa caute pe goagle.....dar nu ma crede pe cuvant...dai niste sfecla rosie poate poate. BTW dece nu asculti de sfatul medicului care il stie/la examinat etc si ceri aici parerea despre cancere pancreatice st4 hahahahaha As dori sa mai precizez ca in urma cu aproximativ un an, a suferit o operatie de hernie abdominala, in urma careia s-a montat o plasa. Noi banuim ca din cauza aceea ar fi facut cancer, din cauza ca au mai fost cazuri la noi in oras, in care la cateva luni de la operatie pacienti s-au ales cu forme de cancer sau poate este doar mostenire genetica, bunicul meu (tatal lui) a murit din cauza cancerului pancreatic. te contrazici singur prietene...cum sa zici ca, cancerul a plecat de la plasa cand terenul genetic iti indica clar asta sanatate nea sandule daca mergeti si voi macar o data pe an si faceti niste analize banale,rx,ecografie...niste investigatii de baza nu o sa va treziti cu cancer st4...poate intr un stadiu incipient...unde poti faci N tratamente pt a scapa de el.... Dar voi va duceti si pupati moaste ....si gata va scapa dumnezeu si anu asta de rele. Oilor1 point
-
din 2008 si nu stii sa scoti un watermark? Trist. Adica sa-ti dam conturile altora care au platit? Ba, eu m-am lamurit. Majoritatea de aici nu gandeste nici cat o ceapa degerata. Reusim sa formulam o intrebare intr-un mod inteligent? Am intrat pe profilul tau, prima pagina la Topics, numai Ajutor. Cand dai si tu ceva inapoi? Cat plm vreti sa mai mulgeti tu-va-n lampa de oieri?! Ultimul meu post pe forum, ramaneti in prostia voastra! MUIE!1 point
-
Ati gasit un hack functionabil pentru Triviador ca m-ar interesa sa cumpar dar sa fie pentru perioada nelimitata.-1 points
-
-1 points
-
-2 points