RSSSpecial Events

Reverse Engineering 101 Contest Solution

| February 28, 2014 | 0 Comments

Reverse Engineering 101 - Newbie Contest Winner and Solution - eLS ARES LogoLate last year, EH-Net and eLearnSecurity threw out a little challenge to our readers as a way to make a gentle introduction to the topic of reverse engineering and also to announce eLS’s new course, Advanced Reverse Engineering Software (ARES). Below you will find the Reverse Engineering 101 Contest Solution not only in video format by challenge and course designer Kyriakos Economou but also the full winning entry by EH-Netter, Gerardo Iglesias Galvan. Congratulations to Gerardo and be sure to keep us posted on your progress through the free course you won through EH-Net.

Thanks to everyone who played, whether you submitted a solution or not. If you couldn’t solve it, no worries. It only means that you have the passion but you miss the knowledge, and this is what eLS guarantees to offer to you. Still, if you managed to solve it, then you know that there is so much still to learn. eLS guarantees that through the ARES course, you will learn much more in order to enhance your technical skills. If you didn’t try at all, now is your chance to start learning. Watch the video and read the write-up and hopefully it will spark your interest in diving deeper into this fantastic field of ethical hacking.

Continue Reading

Reverse Engineering 101 – Newbie Contest and Webcast with eLearnSecurity

| November 15, 2013 | 15 Comments

Reverse Engineering 101 - Newbie Contest and Webcast with eLearnSecurity - eLS ARES LogoDetails on the new training course from eLearnSecurity is out! There’s been some buzz about the new eLS course and what it could possibly be. As the above title indicates, one of the premier online training organizations is getting into RE. If you are interested in Software Reverse Engineering, either driven by curiosity or by the dream to become a professional in this subject, then the Advanced Reverse Engineering of Software (ARES) course is just what you need to get all the theoretical and practical knowledge to start your journey into the world of RE. And it starts right here with Reverse Engineering 101.

It’s been a while since we’ve had a webcast or a hacking contest, so why not combine them into one big EH-Net Special Event? And to get your Holiday Season rolling in proper EH-Net fashion, we’re also able to offer 5% Off with Coupon Code: EH-Net-5-eLS, even before the official launch date of Nov 26. So go reserve your seat now.

So here’s what we’ve cooked up for all of you EH-Netters out there. Just like you, eLS is also driven by passion, so they prepared a small challenge for their future students. Below is an executable just begging to be broken. You’ll have until Monday Dec 9 to break it. If you do, you’ll be entered into a pool of candidates where one of you will win the entire ARES course + Certification Exam for free! Then stay tuned for a future article with a full write-up as well as a video containing an Intro to RE, the solution to the challenge and the announcement of the winner. Good Luck.

Continue Reading

Video: Abusing Windows Remote Management (WinRM) with Metasploit

| December 14, 2012

Entire Webcast Now Available!!

rapid7_logo.jpgIn this technical webinar for penetration testers originally delivered on Dec 4, 2012, David Maloney discussed how you can use Windows Remote Management and Windows Remote Shell to obtain a session on a host while avoiding detection through anti-virus solutions. Participants learned:

• Capabilities of Windows Remote Management (WinRM) and Windows Remote Shell (WinRS)
• Discovering hosts running these services
• Brute forcing the services to obtain passwords
• Running WMI Queries and running commands
• Getting and migrating shells to a more persistent process

David Maloney, a Software Engineer on Rapid7’s Metasploit team, is responsible for development of core features for the commercial Metasploit editions. Before Rapid7, he worked as a Security Engineer and Penetration Tester at Time Warner Cable and as an Application Security Specialist for a global insurance company. David has been a long-time community contributor to the Metasploit Framework. He is one of the founders of Hackerspace Charlotte and is an avid locksport enthusiast.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Special Events}

Continue Reading

Webcast: Abusing Windows Remote Management (WinRM) with Metasploit

| November 21, 2012

Join us for a Free Webcast on Dec 4 

rapid7_logo.jpgIn this technical webinar for penetration testers, David Maloney discusses how you can use Windows Remote Management and Windows Remote Shell to obtain a session on a host while avoiding detection through anti-virus solutions. Participants will learn about:

• Capabilities of Windows Remote Management (WinRM) and Windows Remote Shell (WinRS)
• Discovering hosts running these services
• Brute forcing the services to obtain passwords
• Running WMI Queries and running commands
• Getting and migrating shells to a more persistent process

David Maloney, a Software Engineer on Rapid7’s Metasploit team, is responsible for development of core features for the commercial Metasploit editions. Before Rapid7, he worked as a Security Engineer and Penetration Tester at Time Warner Cable and as an Application Security Specialist for a global insurance company. David has been a long-time community contributor to the Metasploit Framework. He is one of the founders of Hackerspace Charlotte and is an avid locksport enthusiast.

Date:  Tuesday December 4, 2012
Time:  1:00 PM – 2:00 PM CST

webinar_button_registernow.gif
Register Now!

Even if you can’t join us live, please register anyway to get details on the video!

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Special Events}

Continue Reading

Video: eLS Launches Hack.me Free Virtual Labs for Web Application Security

| November 8, 2012

EH-Net EXCLUSIVE: eLearnSecurity Officially Launches Hack.me WebApp Labs

els_circle.pngImagine a security virtual lab that is run by the community for the community… Free of charge! This is Hack.me. Hack.me allows web application security researchers and instructors to create and share vulnerable web applications for testing and educational purposes. Users will be able to run and practice offensive techniques against always new vulnerable web applications provided by the community. Practicing the OWASP Top 10, testing vulnerabilities against CMSs, verifying the latest exploits against COTS will be just a click away. Hack.me is completely FREE for all to use, accessible online and hosted in the cloud. Based on the Coliseum Framework, every vulnerable application created on hack.me is run on the fly in an absolutely safe and isolated sandbox. Watch this webinar from October 2012 where Armando Romeo, founder of eLearnSecurity backing the Hack.me project, and Thomas MacKenzie, web application security specialist, unveiled the project and launched it to the world. 

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Special Events}

Continue Reading

Webcast Exclusive: eLS Launches Hack.me Free Virtual Labs for Web Application Security

| September 14, 2012

Join us for a Free Webcast on Oct 9 

EH-Net EXCLUSIVE: eLearnSecurity Officially Launches Hack.me WebApp Labs

Imagine a security virtual lab that is run by the community for the community… Free of charge! This is Hack.me. Hack.me allows web application security researchers and instructors to create and share vulnerable web applications for testing and educational purposes. Users will be able to run and practice offensive techniques against always new vulnerable web applications provided by the community. Practicing the OWASP Top 10, testing vulnerabilities against CMSs, verifying the latest exploits against COTS will be just a click away. Hack.me is completely FREE for all to use, accessible online and hosted in the cloud. Based on the Coliseum Framework, every vulnerable application created on hack.me is run on the fly in an absolutely safe and isolated sandbox. Join this webinar where Armando Romeo, founder of eLearnSecurity backing the Hack.me project, and Thomas MacKenzie, web application security specialist, will unveil the project and launch it to the world. 

Date:  Tuesday October 9, 2012
Time:  1:00 PM – 2:00 PM CDT

webinar_button_registernow.gif
Register Now!

Even if you can’t join us live, please register anyway to get details on the video!

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Special Events}

Continue Reading

Survey of Hacking Movies: Framing the Debate on the Gateway Drug into the Hacking Culture

| June 6, 2012

film-reel.jpgBy Rick Howard and Steve Winterfeld

As Steve and I were eating dinner at DEFCON last year, the usual topics came up: What were the best talks of the day? Who were the completely lame speakers? What was the best hacker outfit so far? What is the best T-Shirt slogan of the day? What parties are we going to crash tonight? What were the best hacker books (both fiction and non-fiction)? And of course, we debated about which hacker movie is the best of all time. Steve and I have been arguing for years about this one, and, although we never agree, it does not stop us from spending hours rehashing the subject. And we are not alone in this endeavor. This is a favorite subject for hackers of all sorts.  It turns out that there are so many ways to look at the question, that I am sure that Steve and I, and all nerds, will continue to ponder it for years to come.

Many hackers have a movie that is near and dear to their heart; a gateway drug so to speak that introduced the idea that hacking was a “thing” that loner losers like us could do it,  was cool and could make hot chicks like us. That last part never really came true for me or Steve or anybody we hung out with, but it gave us hope.

What gives you hope? What inspired you? What was your gateway drug in the hacking culture? Please help our research efforts by reading the rest of this article and then taking part in the Best Hacker Movies Survey

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Special Events}

Continue Reading

RUaNinja? Hacking Contest Solution

| May 30, 2012

Ninja Hacking Book COverBy Timothy E. Everson , OSCP, GPEN et al

So there I was, grabbing a bit of lunch, doing my daily catch up on the forums here at The Ethical Hacker Network (EH-Net), and Don, our Editor-in-Chief, posted the hacking challenge, RUaNinja? “Sweet!” I thought, “I’m always up for these skills tests, so let’s see what Don has for us today.”  Then, as I opened the thread, I realized I was in for a treat!  As a fun way to promote his Syngress book, Ninja Hacking (Co-Authored by Thomas Wilhelm), Jason Andress, author of some excellent reads and a well-known IT security aficionado, had put together a masterpiece of a challenge tasking the readers to dig deep in their toolboxes, reach outside the box, and get into the mindset of a seasoned strategist.

Much like ninjutsu, the challenge involved stealth, concealment, decryption, and even a little extra something… a keen sense of awareness both of your surroundings as well as those things lying right under your nose.  So without further ado, here’s the story of my struggles, and ultimately my successes, with the RUaNinja? Challenge.  Note: The events below were not all completed in one day.  I bow to Jason for giving me a workout.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Special Events}

Continue Reading