dante

This thread is definitely going to be help me as I am teaching myself RE for CREA. I will document my journey once I complete the certification.

Thanks sil.

thanks for pointing out sil… i edited it …sorry satyr… i meant malware analysis and i really wanted someone to prove me wrong. I dont think packers/protectors are involved in exploit development anywhere except may be in writing shellcodes(encoding, polymorphic)…

I dont know what nelly is(Life; Unmanly, effeminate) ? 😉 ..

P.S: Wanted to…[Read more]

Exploit development and Malware analysis are quiet different topics and each requires its own steep learning curve. At advanced levels both requires to have a good knowledge in reverse engineering and os internals. There are several overlapping topics and few topics like Packers, protectors, anti-reversing techniques are discussed only in malware…[Read more]

http://en.wikibooks.org/wiki/X86_Disassembly
http://www.microsoft.com/msj/0298/hood0298.aspx

That should probably get you going.. Also try to answer H1t M0nk3y’s questions as we can probably guide you better if we know your goals..

@sil wrote:

Rutkowsa’s RP/BP doesn’t apply to what the initial question needed answered. I’ve spoken with people about her theories via the Daily Dave list once upon a time (http://seclists.org/dailydave/2008/q4/author.html) which is how I derived: “plague” which is a proof of concept undetectable backdoor. This came about after the…

[Read more]

Joanna’s blue pill and the conflict that rose among security researchers should be noted here.

This sums it up – http://www.zdnet.com/blog/ou/detecting-the-blue-pill-hypervisor-rootkit-is-possible-but-not-trivial/297.

When detecting that your program is running on a VM or not from within a VM is a difficult task, I guess determining a remote…[Read more]

It takes courage and very high self confidence to share failures H1t M0nk3y.  Go on. You will rock.

http://www.exploit-db.com/exploits/7444/

– This is the vulnerability being exploited.

openssl?

openssl s_client -connect :443
HEAD / HTTP/1.0

@mesho wrote:

@dante wrote:

@mesho wrote:

thanks for enlighting me What90
and i’m really sorry for not replying early.

actually SANS now offer a new course named “Advanced Exploit Development” 710

what are the differents between it and 709?

so confusing?!!!  ???

San 710 – seems to be 2 day course opposed to sans 709 – a 5 day elaborate course…

[Read more]

There are plenty of reverse shell scripts written in php available online to achieve this task. I dont think you need a link to one  😉

@mesho wrote:

thanks for enlighting me What90
and i’m really sorry for not replying early.

actually SANS now offer a new course named “Advanced Exploit Development” 710

what are the differents between it and 709?

so confusing?!!!  ???

San 710 – seems to be 2 day course opposed to sans 709 – a 5 day elaborate course on exploit development.
If…[Read more]

@scuccii wrote:

So once a site has HTTPS the credentials are safe from there?

Yes and No. If it steps down to HTTP and pass the cookies in HTTP,  its still vulnerable to session hijacking. For instance, you might think that static images does not require HTTPS, but the request to static images will still contain the cookie header and if it is…[Read more]

@don wrote:

Definitely worth fighting over it in the forums.  😉

God bless the forum with newbies or else there is gonna be blood ridiculous topics everywhere.. This should be fun to watch.

I will try to give a full picture on firesheep..

Wireless packets are encrypted using WEP/WPA keys. On a public wifi connection, the packets that are sent and back forth are unencrypted. The unencrypted wifi packets are perfectly normal and not the focus of the problem here.

A wireless card set in promiscuous mode would be able to sniff all the…[Read more]

Forensics(CHFI) will be under blue team.

One more to the list.
Reverse Engineering – CREA, GREM

Yes there are some certs(CEH) that are more recognized, easier to attain covers fundamentals but does not really say that you can do the job.

@H1t M0nk3y wrote:

2. Turn off DHCP and statically assign an address to each machine
3. Enable MAC Address Filtering on Router/Access Point and only allow devices MAC Addresses
4. Keep Access Point away from Windows and Doors

These three points cannot even stop script kiddies!!!

They could give a false sense of security…

H1t M0nk3y is right.…[Read more]

I believe you will be allowed to download the IOS from Cisco site if you purchase a cisco product . Not sure. Please confirm it before buying.

Also check this out
https://learningnetwork.cisco.com/message/17111

@Beckman11 wrote:

Just need to get my hands on the right equipment.  any ideas on equipment for a small home lab??? My whole goal here is to learn about security as much as possible I love it. 

Simulators are an option here.
http://www.gns3.net/
http://dynagen.org/ 

@Beckman11 wrote:

Anyone have any ideas on what else would peak my interest in t…

[Read more]

Its ideal to have all possible combination of OS version and SPs installed. As once you get into exploit development it will come handy. At the beginning you will not be needing any more than Windows XP sp2. Of course if you wanna try vista/windows 7 exploits from metasploit then you got to have it installed.

Add some debian, redhat, slackware OS…[Read more]