Jump to content

neox

Active Members
 View Profile  See their activity

  • Posts

    879

  • Joined

  • Last visited

  • Days Won

    24

 Content Type 

Posts posted by neox

  1. Buffer Overflow Attack in PDF ShapingUp.

    in Reverse engineering & exploit development

    Posted

    On 6/22/2020 at 10:51 PM, MrGrj said:

    Nu stiu care e parerea celorlalti, dar mie mi se pare incredibil ce faci acolo :D 

     

    Ai putea sa explici putin ce se intampla p-acolo si pentru noi astia mai slabuti?

     

    Thanks & really impressive work!

    Este un Buffer Overflow  în pdf software, dar bineînțeles a durat mai mult ca în video pana am exploatat vulnerabilitatea. 

     

    Pasul unul care este cel mai greu, este sa modifici pdf în asa fel încât sa se prăbușească și crash-ul să îl conduci pană poti executa codul shell.  

     

    în video era deja despărțit pdf-ul iar in kali convertez pdf iinteriorul in Hex code si pe urma e tipic Buffer Overflow.

    • Thanks 2
    • Upvote 2

  9. Udemy

    in Tutoriale video

  10. Help - PDF exploit development

    in Reverse engineering & exploit development

    Posted · Edited by neox

    Hello @Tiza to make pdf exploits or other format you need to know basic exploit development and you need strong knowledge Inside the PDF File Format.

     

    Top 10 PDF reader like Adobe, Foxit, Nitro etc.. is easy to crash but it's hard to jump in Dll library. Many Dll modules are Rebase or full with bad bits and can not execute shellcode.But it is not impossible if you have time and patience.

     

    a little demo for you 4 pdf programs for example.

     

     

    • Upvote 2

  11. Udemy

    in Tutoriale video

  13. Udemy

    in Tutoriale video

  14. Udemy

    in Tutoriale video

    Posted

    CompTIA A+ Certification Preparation: Learn the Basics of IT - Instructed by CyberTraining 365, Samy Mkacher
    https://www.udemy.com/comptia-aplus-certification-prep/?couponCode=APLUSFREEPASS

    CompTIA Network+ Cert (N10-006): Full Course
    Von Jason Dion, Cybersecurity Expert (CISSP, CEH, Security+, Network+, A+)
    https://www.udemy.com/comptia-network-cert-n10-006-full-course/?couponCode=BLACKHAT2016
    https://www.udemy.com/comptia-network-cert-n10-006-full-course/?couponCode=UDEMYSTUDIO2016

    Learn How to Fix Wi-Fi, Computer, and Networking problems! :)
    https://www.udemy.com/learn-how-to-fix-wi-fi-computer-and-networking-problems/?couponCode=GIFT001

    • Upvote 2

  16. Exploit Explained-Rapid7

    in Reverse engineering & exploit development

    Posted · Edited by neox

    Buffer Overflow Attacks Explained: Saved Return Pointer Overwrite

     

    In today’s Whiteboard Wednesday, David Maloney, Senior Security Researcher at Rapid7, will discuss buffer overflow attacks.

    David will walk you through a buffer overflow exploit called “saved return pointer overwrite” to show you specifically how buffer overflow attacks work.

    Watch this week’s Whiteboard Wednesday to learn more.

    https://www.rapid7.com/resources/videos/buffer-overflow-exploit-explained.jsp

     

    Mitigating Buffer Overflow Attacks with Stack Cookies

     

    In today’s Whiteboard Wednesday, David Maloney, Senior Security Researcher at Rapid7, will share a technique to help mitigate buffer overflow attacks.

    In a previous Whiteboard Wednesday, we explained how buffer overflow attacks work. This week, we are going to explain how to help mitigate buffer overflow vulnerabilities with stack cookies.

    Watch this week’s Whiteboard Wednesday to learn more.

     

    https://www.rapid7.com/resources/videos/mitigating-buffer-overflow-attacks-with-stack-cookies.jsp

     

    Exploit Explained: Structured Exception Handler Overwrite

     

    In today’s Whiteboard Wednesday, David Maloney, Sr. Security Engineer at Rapid7, will talk about structured exception handler overwrite vulnerabilities and how they work.

    Watch this week’s Whiteboard Wednesday to learn more.

     

    https://www.rapid7.com/resources/videos/structured-exception-handler-overwrite-explained.jsp

     

    SEHOP: Mitigating Structured Exception Handler Overwrite Vulnerabilities

     

    In today’s Whiteboard Wednesday, David Maloney, Sr. Security Researcher at Rapid7, will discuss how SEHOP can help you mitigate structured exception handler overwrite vulnerabilities.

     

    https://www.rapid7.com/resources/videos/mitigating-seh-overwrites-with-sehop.jsp

     

    Exploit Explained: Return Oriented Processing (ROP)

     

    In today’s Whiteboard Wednesday, David Maloney, Sr. Security Researcher at Rapid7, will discuss the ROP exploit technique for buffer overflow vulnerabilities.

     

    https://www.rapid7.com/resources/videos/rop-exploit-explained.jsp

     

    Mitigating Return Oriented Processing (ROP) Vulnerabilities

    In today’s Whiteboard Wednesday, David Maloney, Sr. Security Researcher at Rapid7, will discuss the ROP exploit technique for buffer overflow vulnerabilities and how to mitigate these security issues.

     

    https://www.rapid7.com/resources/videos/mitigating-rop-vulnerabilities.jsp
    • Upvote 3

  23. Metasploit Console web terminal

    in Tutoriale video

    Posted

    Da si mie imi place :)

    kali linux 2.0 install GoTTY

    nano /etc/apt/sources.list


    deb http://security.debian.org/   stable/updates  main contrib non-free
    deb http://security.debian.org/  testing/updates main contrib non-free

    service postgresql start

    msfdb init

    apt-get update

    apt-get install golang

    mkdir /root/gocode

    export GOPATH=/root/gocode/

    go get github.com/yudai/gotty

    gocode/bin/gotty

    gocode/bin/gotty -a 127.0.0.1 -w msfconsole

    127.0.0.1:8080

×
×
  • Create New...