I am much interested in learning about the basics of malware's and it's behaviour and a lot regarding it...

Also i want to learn them from basics,so I prefer CBT video's for learning the basics..

I heared there are some of the course video available there regarding malware analysis,but i don't know much about this malware field, and also i dont know the exact course name ,so decided to ask here...

can any 1 suggest me some best CBT courses that is dealing with malware analysis?

hope i will get some suggestions..

I am just new to these hardware hacking field,
I am just wondering about this field,How actually an hardware is subjected to exploitation?

In software we have incorrect handling of input in the source,so we get some buffer overflows and things,but i don't know what  bug's actually present inside the hardware for exploitation?

Also can a hardware exploit can get us remote code execution?

Need a bit of explanation to make my self-clear...


hope i will get some...

again saying,i am not talking about arp poisoning the server, I am not
talking about intercepting client's traffic to server..,how can i do it?

Looking for some ideas....

Can i have a confirmation?

Does ssl stripping can also strip ssh keys too?

And can ettercap can ettercap  able to poison the server traffic in which i am connected to?

Arp poisoning the server and SSH key stripping?
As we all know what is arp poison,
but is there any ways to poison the traffic of the server.....

And also most of us knows ssl stripping,like that can we able to strip the ssh keys and can we able to hijack or decrypt the connection?

If it is possible what are the mechanism and tools i should use to do it?

hope i will find some help....

100% of us knows Ddos ,but have u ever faced Reflective Ddos attacks?

'I heared the attacker used some compromised servers(aka zombies) and constantly send's a large number of garbage packets with spoofed ip's and attacks a target,and also in return the target web-server also attacks(!?) via responding to the spoofed ip's,In this case what can we do to stop this attack?

even if the firewall admins started to block ip's,it leads to serious disaster right?

because if suppose the attacker uses the spoofed ip's starting from 1.1.1.1-254.254.254.254 means ,will it take take down the target server even tough it is having firewall protection?

Also if they started to ban ip's,they have to ban the entire internet right ?!!

Also i want to know,does any body here faced such massive reflective Ddos attacks?

Also indirectly the target web-server also attacking via responding to the spoofed ip's

Also how can we secure our-self against such massive sophisticated Ddos?

I am interested in learning understanding about the basics of buffer over flow ,how it works?
etc,can any one suggest me a good e-book or link or paper to understand the basic operation and functions of buffer overflow?


Hope i will get some help here...

can u tell me how spoofed e-mails willl help?
what sort of information we can get from the spoofed e-mails?
and My target is not hosted on the 3rd party hosting...
they have their own stuff..



hacking routers?I am in enumeration phase,I didn't hacked routers,with out hacking those routers can't we guess the presence of number of DMZ?
can't we get those information based on any error methods?



what can i do if it is a corporate or a  a target which is not an web-server?



The same question arises in my mind,what to do it is a non-web server?
And is there any ways to identify a kernel based on it's behaviour?
Like it's difference in  response and error to different stuff like ping,errors or any other things?

Is there any documents or papers out there regarding behaviour of each kernels?



NO ,They are not NATE'D
And i want to make sure one thing

If a fire-wall with a ip of 208.xxx.xxx.xxx acts a firewall for the following 4 web-servers with ip's 208.1xx.xxx.xxx,208.2xx.xxx.xxx,208.3xx.xxx.xxx,
208.4xx.xxx.xxx and they have smtp enabled on all of them,and like you said they have enabled port -forwarding on the router/firewall,

but why it is acting as an open port?(if i am noobish i am sorry)

and can all the 4 servers use the same port on the firewall?
Because it is not an NAT'd ,so using like this will cause any issues for them?




Yes there are such one,i had read some thing that it can be detected ,
based on the cookies,it's special behaviour in blocking certain things like that,As a expert hope u know,and also if possible  can u link me to some nice articles related to those,and also i seen in defcon 2008,one guys is doing a presentation on this..

And what about the traffic passing through 4 firewalls sir?
and why they have separate firewalls for filtering dns traffic and web-traffic?

any guesses sir?


I Hope i can get some more useful advice from you....


Hope u willl...

I just started to learn penetration-testing and i derived an important principle(my own one),i just dont want to learn to be a tool based guy,while i am learning a particular thing ,i just read and understand what the tool is doing while we are using for pentesting,and i just understood the laws,legal issues and what are the qualities of the pen tester,as a pen tester we must satisfy the client,that should be our first priority and we should do the penetration testing in a structural way and we should not trust any thing or any one during the penetration testing process,that is the key,
And regarding ethical hacking the answer is simple according to me  "i am authorized to do any hacking may be white hat or black hat stuff, according to the situattion before me..


yes this is not rude,i can understand what you are trying to say,
 i hope the above information is enough for you to understood my level(may be noobish)
,And i am in Network Reconnaissance stage,,So looking for some answers to my questions,Hope you will help me...

I have  ip range of my target  network,


Also i got a scene like this,

before my traffic entering in to the target web-server  it is being passed through 4 firewalls,

like this 208.xxx.xxx.xxx--->208.xxx.xxx.xxx----208.xxx.xxx.xxx--->208.xxx.xxx.xxx----> target web- server

when  i trace-routed all the ip's in the ip range, it is being passed through at-least 3 or 4 firewalls(cisco one's) and then reaching my target..

but to my surprise when i tracerouted the DNS server,it is being passed through different firewall ip's other then the firewall ip's of the web-server

like this 185.xxx.xxx.xxx--->185.xxx.xxx---->185.xxx.xxx.xxx--->target dns web server

I want know what sort of  network architecture they are using ?

how can i determine the number of DMZ they are having?

will they have a seperate DMZ for running database servers?if yes how to detect it?

Is it possible to get the kernel version of the linux-sever they are using?
Also,i already nmapped it,it is saying the kernel version is from 2.4-2.6 kernel,I need to know exact version of kernel ,what should i do?

Also i seen some smtp and pop3 services on the cisco firewalls/routers,
This looks strange to me,why a router/firewall is running smtp/pop3 services?


want to finger print the web-Application firewall being used on the target,how can i do it?


I know these are too many to ask,but i don't have may other options so decided to ask here,even if you answer for one of the above question,it will be helpful for me...


Hope i will get some help...

I tried to nmap scanning,tracert and banner grabbing and i found they are having 4 line of  cisco firewalls  ,i had found ICMP was enabled on those firewalls,and i tried to do banner grabbing on the router and i can't able to find any thing,when i scanned with namp and i found only 2 filtered ports

25 -smtp filtered port
53- dns  filtered port


i am trying to determine the ACL,exact version of the cisco IOS ,
want to find NAT is enabled on the router and want to know IDS is enabled on the router it-self...


Thanks a lot,i am going to try this,
also i heared NAT hosts can be detected based on ip-id values and ttl values.

but i have some troubles,those hosts are runninx linux ,so they hae ip-id value of 0 by default and icmp was disabled there,so i dont know what to do detect the presence of NAT,also i want to know they are running hardware or softwares IDS ,

can't a IDS can be detected based on it's signature testing?


Also i want to know what kind of routing protocol they are using on their routers?


hope i will get some more answers....

I am studying basics of network reconnaissance,

I need to confirm my target using a NAT router or not,
how can i finger print the print NAT router?

And also i need to finger print the type of IDS in the network?

can it can be detected based on the signature testing?But nowadays some networks enables IDS on the router it-self,I need to finger print where the IDS is located on the network?


I need some advice to find it ....

hope i will find some...