Nytro Posted January 14, 2012 Report Posted January 14, 2012 Intro To Exploits - Part 1http://www.youtube.com/watch?v=NzGB-8Sntqc&feature=player_embeddedDescription: **This video and Part 2 Segment 1 are more lecture based videos**What's in this video? -Coding Practices -Defining Functions of Interest -Introduction To ShellcodeI recommend watching in full-screen due to quality issues. This is part 1 of 5. More to come over the next few weeks.Also, sorry about how I was talking in the video, I'm not a strong speaker.Sursa: Intro To Exploits - Part 1Intro To Exploits - Part 2 (Shellcode)http://www.youtube.com/watch?v=-QlaRVn1K1o&feature=player_embeddedDescription: I recommend watching in full-screen due to quality issues. This is the first of two videos for part 2 of 5.The topic of discussion for this video is an expanded explanation of shellcode. -How shellcode is executed -Architecture types -Assembly/hex examplesAlso, sorry about how I was talking in the video, I'm not a strong speaker.Sursa: Intro To Exploits - Part 2 (Shellcode)Intro To Exploits - Part 2 (Shellcode Cont.)http://www.youtube.com/watch?v=m-AxrZxvu8o&feature=player_embeddedDescription: ****This video demonstrates the concepts of how shellcode works****I recommend watching in full-screen due to quality issues. This is the second of two videos for part 2 of 5. This video expands even more on the previous video, and we end Part 2 with a visual example of how shellcode operates. -Different purposes of shellcode -Security evasion -Visual example of shellcode in action (bind and reverse shells)Sursa: Intro To Exploits - Part 2 (Shellcode Cont.)Intro To Exploits - Part 3 (Fuzzing)http://www.youtube.com/watch?v=v3wOMXZykrE&feature=player_embeddedDescription: The topic of this video is fuzzing. At the end of Part 3, we fuzz a simple tcp echo server. -Types of Fuzzers -How to know if a fuzzer was successful -Finding buffer sizeI hope you learned a lot as fuzzing is very undocumented outside of the security industry, and the technique itself is more used for auditing many programs with a generic testing tool.The downside of fuzzing is that it is very limited to what it can test, and how deep into a program it can test. Fuzzing is more for an entry point stress test, than it would be for full-on code auditing.Sursa: Intro To Exploits - Part 3 (Fuzzing)Intro To Exploits - Part 4 (Reverse Engineering)http://www.youtube.com/watch?v=kMWc1PiKWUQ&feature=player_embeddedDescription: ****Topic for the video is Reverse Engineering****This video covers the basics of disassembling/reverse engineering. This is a great video, as I show you how to explore different functions within gdb. This is an awesome tactic for determining what a program might be able to do. -Exploring the CPU -Differentiating functions from other stack procedures -Finding functions and disassembling them -Finding return addressesReverse Engineering is a very broad category, and in its own right deserves its own video series. The steps I go through in this video are more for mapping out a program, rather than editing asm code to change execution flow.Sorry for the pause half way through the video. I rage-quited half way through filming it.Sursa: Intro To Exploits - Part 4 (Reverse Engineering)Intro To Exploits - Part 5 (Scenario)http://www.youtube.com/watch?v=5iUaq_H6wf8&feature=player_embeddedDescription: ***This video is intended for learning purposes only. In no way, shape, or form, is the sole purpose of this video intended as a solution to the IO wargame.***What's in this video?In this video, we put together all of the information we have learned from the previous videos, and apply it to a practical (but very unlikely) buffer overflow situation. -On the fly exploitation (IO smashthestack level 5)Sursa: Intro To Exploits - Part 5 (Scenario)[h=4]Intro To Exploits - Part 5 (Scenario Cont.)[/h]http://www.youtube.com/watch?v=NzD67lD9OQU&feature=player_embeddedDescription: ***This video is intended for learning purposes only. In no way, shape, or form, is the sole purpose of this video intended to be used as a solution to the IO wargame.*** This video concludes the previous video, and the series. I hope I have helped new people learn a lot, and refresh the memories of the more seasoned folks. Thank you for watching! Sursa: http://www.securitytube.net/video/2649 Quote
