Samiux's Blog

Open Source is a great idea and it has changed the world! Open Source forever ....

While you do not know attack, how can you know about defense? (未知攻,焉知防?)

Do BAD things .... for the RIGHT reasons -- OWASP ZAP

It is easier to port a shell than a shell script. -- Larry Wall

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall

为天地立心, 为生民立命, 为往圣继绝学, 为万世开太平。 -- 王炜

Saturday, December 10, 2011

Exploit writing tutorial

The is the summary of the Corelan's Exploit writing tutorial offical site.

Part 1 : Stack Based Overflows

Part 2 : Stack Based Overflows - jumping to shellcode

Part 3 : SEH Based Exploits

Part 3b : SEH Based Exploits - just another example

Part 4 : From Exploit to Metasploit - The basic

Part 5 : How debugger modules & plugins can speed up basic exploit development

Part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Part 7 : Unicode - from 0x00410041 to calc

Part 8 : Win32 Egg Hunting

Part 9 : Introduction to Win32 shellcoding

Part 10 : Chaining DEP with ROP - the Rubik's Cube

Part 11 : Heap Spraying Demystified

That's all! See you.
Posted by Samiux at 17:55
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Labels: Exploit
Newer Post Older Post Home

Hack The Box

Member since Nov 1, 2018 but not active since the end of the year of 2018

Most updated badge :

samiux Hacker

Rank: 890 73 2

hackthebox.com



Outdated badge :

Hack The Box

Recommendation

  • 中国东方卫视官方频道 China DragonTV Official
  • 《另一个香港》
  • Weibo Official Channel
  • 青紅皂白 清楚明白
  • Jerry Kowal 我是郭杰瑞
  • 玛莎CN
  • CCTV 军事
  • 冼師傅講場
  • 陳穎欣 Joephy Chan
  • 大樹與木頭 ‧Y2K Channel
  • Chong San 沖さん
  • 环球时讯官方频道
  • 快看资讯
  • 快看歷史
  • CCTV 挑战不可能官方频道
  • 中國警用智能眼鏡
  • Where's Poppy
  • 厉害了我的国
  • 人物專訪:新加坡外交專家 馬凱碩
  • 馬恩國解讀認識基本法系列
  • 思甜憶苦 不忘貢獻
  • 時事觀察
  • 國家是甚麼?
  • [Video] This is China

InfoSec Inside Out

  • CISSP certification: Are multiple choice tests the best way to hire infosec pros?

About Me

My photo
Samiux
Somewhere in the Hell
View my complete profile

IRC Channel

  • Ninjas in Information Security! We are talking about InfoSec ....
  • IRC : irc.freenode.net
  • Channel : #infosec-ninjas
  • Select SSL and Port 6697

IRC Quick Access

  • Freenode #infosec-ninjas (Select SSL & Port 6697)

Apophthegm

The miracle isn't that I finished. ... The miracle is that I had the courage to start. -- John "The Penguin" Bingham

Think like a criminal and act as a professional.

99 percent secure is a 100 percent insecure.

Viruses don't harm, ignorance does! -- VX Heaven

Do BAD things .... for the RIGHT reasons -- OWASP ZAP

While you do not know attack,
how can you know about
defense? (未知攻,焉知防?)

It is easier to port a shell than a shell script. -- Larry Wall

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall

For a long time it puzzled me how something so expensive, so leading edge, could be so useless. And then it occurred to me that a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are, in short, a perfect match. -- Bill Bryson

In theory, theory and practice are the same. In practice, they’re not. -- Yoggi Berra

为天地立心, 为生民立命, 为往圣继绝学, 为万世开太平。 -- 王炜

The risk is not your system vulnerable, the risk is you thinking that your system is secured.

Working hard for something we don't care about is called stress. Working hard for something we care about is called passion.

Future is a concept, it doesn't exist. Tomorrow never comes, because time is always now. -- Liquid Soul

The quieter you become, the more you can hear. -- Ram Dass

Not only try harder but also try smarter!

大肚能容,容天下難容之事; 慈顏常笑,笑世間可笑之人。-- 彌勒佛

舉旗幟、聚民心、育新人、興文化及展形象。 -- 習近平

Contact Form

Name

Email *

Message *

My InfoSec Achievements

  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Wireless Professional (OSWP)

My Projects

  • InfoSec Ninjas - samiux.github.io
  • Hardening and Tuning Ubuntu 18.04 LTS
  • Catch Me If You Can
  • Catch Me If You Can 2
  • Catch Me If You Can 3
  • Catch Me If You Can 4
  • Croissants - Intrusion Detection and Prevention System
  • Longjing - Machine Learning Driven Web Application Firewall
  • NightHawk - Torified Ubuntu VPN Server
  • WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System
  • Highest secured Hiawatha Web Server 10.6 on Ubuntu Server 16.04 LTS

My Blogs

  • Almost Secure and Perfect Ubuntu Server
    HOWTO : Most secure web server (Hiawatha 6.17.1) on Ubuntu 9.04 Server
    15 years ago
  • Samiux's Blog (Previous)
    My blog is moved!
    15 years ago
  • Samiux's YouTube Channel
    CyberSecurity Ninjas
    1 year ago

Subscribe To Samiux's Blog

Posts
Atom
Posts
Comments
Atom
Comments

Followers

Total Pageviews

Google Search

Search This Blog

DIY Web Pentesting Tools on Ubuntu

  • Arachni on Ubuntu 14.04 LTS
  • BeEF on Ubuntu 14.04 LTS
  • Burp Suite on Ubuntu 14.04 LTS
  • CMSMap on Ubuntu 14.04 LTS
  • Commix on Ubuntu 14.04 LTS
  • HconSTF on Ubuntu 14.04 LTS
  • John on Ubuntu 14.04 LTS
  • Masscan on Ubuntu 14.04 LTS
  • Metasploit Framework on Ubuntu 14.04 LTS
  • NMap on Ubuntu 14.04 LTS
  • NetCat on Ubuntu 14.04 LTS
  • NoSQLMap on Ubuntu 14.04 LTS
  • Recon-ng on Ubuntu 14.04 LTS
  • SET on Ubuntu 14.04 LTS
  • SQLMap on Ubuntu 14.04 LTS
  • Spiderfoot on Ubuntu 14.04 LTS
  • THC-Hydra on Ubuntu 14.04 LTS
  • Weevely on Ubuntu 14.04 LTS
  • ZAP on Ubuntu 14.04 LTS

Online Free InfoSec Course

  • Exploit Development Course
  • Modern Binary Exploitation - CSCI 4968
  • SQL Injection

Kivy

  • kivy
  • Kivy Crash Course (Video)

Course Review

  • Offensive Security Infosec Certifications in the Job Market
  • Cracking the Perimeter (CTP)
  • Penetration Testing with BackTrack (PWB)
  • Am I ready for taking Penetration Testing with BackTrack (PWB)
  • Offensive Security Wireless Attacks (WiFu)

Vulnerable Test Websites

  • Acunetix Web Vulnerable Test Websites
  • Demo site for Web Vulnerability Scanner
  • ModSecurity Demonstration Projects

AirPwn-NG

  • AirPwn-NG GitHub
  • LANs.py GitHub
  • Youtube

Webshell

  • Quasibot - Complex Webshell Manager

CAPTCHA & reCAPTCHA

  • I’m not a human: Breaking the Google reCAPTCHA
  • Attacking Audio "reCaptcha" using Google's Web Speech API
  • Bypass Captcha using Python and Tesseract OCR engine
  • Bypassing CAPTCHAs by Impersonating CAPTCHA Providers (White Paper)
  • Captcha Intruder
  • Extending Burp Suite to solve reCAPTCHA
  • No CAPTCHA reCAPTCHA
  • clipcaptcha
  • hack_audio_captcha

OWASP Video

  • OWASP AppSec California 2014
  • OWASP AppSecUSA 2014
  • OWASP Global Webinars
  • OWASP Appsec Tutorial Series

YouTube PlayLists

  • Adrian Crenshaw Collections
  • Advanced Threat Tactics (2015)
  • BSides DC 2014
  • Black Hat USA 2015
  • BlackHat USA 2014
  • BlackHat USA 2015
  • BlackHat USA 2016
  • Burp Suite for Web Application Security
  • Def Con 22
  • Metasploitable 2 Series - by Japtron
  • SQLi-Lab - by Audi-1
  • Security Tube - Hack of the Day
  • SoureFire
  • Tradecraft - Red Team Operation

All about Shellshock

  • Shellshock: A Collection of Exploits seen in the wild
  • CGI Shellshock
  • CGI Shellshock 2
  • Pure-FTPd Metasploit Exploit Module
  • SIPShock Scanner
  • BashCheck
  • Bash漏洞再次演进:缓冲区溢出导致远程任意命令执行
  • Online Testing Tool
  • Everything you need to know about CVE-2014-6271
  • Shellshock proof of concept – Reverse shell
  • 威胁远胜“心脏出血”?国外新爆Bash高危安全漏洞

Hackers' Arsenal

  • CIDR IP Address Guide
  • CMSmap
  • CipherShed | Secure Encryption Software
  • DDoS Amplification Tool
  • Framework for Man-In-The-Middle Attacks
  • J3rge's Blog
  • LFI Freak
  • RIPS - A static source code analyser for vulnerabilities in PHP scripts
  • The Backdoor Factory
  • Using Windows Screensaver as a Backdoor with PowerShell

Free E-Book (Please Donate!!!)

  • Reverse Engineering for Beginners

香港佔中事件

  • 香港佔中事件分析與美國佔領一個國家的12個步驟 (Video)

ACLU

  • The NSA Archive

Exploit & Vulnerability Database

  • Exploit Database
  • Full Disclosure
  • National Vulnerability Database
  • Packet Storm
  • Secunia Advisory and Vulnerability Database
  • SecurityFocus Bugtraq
  • SecurityFocus Vulnerabilities Database
  • Vulnerability Notes Database

Reddit

  • Reddit - AskNetsec
  • Reddit - ComputerForensics
  • Reddit - HackBloc
  • Reddit - Infosec
  • Reddit - LockPicking
  • Reddit - Malware
  • Reddit - NightHawkTOR
  • Reddit - RELounge
  • Reddit - REMath
  • Reddit - ReverseEngineering
  • Reddit - Sysadmin
  • Reddit - TOR
  • Reddit - XSS
  • Reddit - antiforensics
  • Reddit - blackhat
  • Reddit - crypto
  • Reddit - cyberlaws
  • Reddit - hackers
  • Reddit - hacking
  • Reddit - lowlevel
  • Reddit - memoryforensics
  • Reddit - netsec
  • Reddit - netsecstudents
  • Reddit - onions
  • Reddit - psychology
  • Reddit - pwned
  • Reddit - rootkit
  • Reddit - securityCTF
  • Reddit - snowden
  • Reddit - socialengineering
  • Reddit - vrd
  • Reddit - wikileaks

Papers & Slides

  • Blind Return Oriented Programming (BROP)
  • DEP, ASLR bypass without ROP & JIT
  • Detecting Hidden Files - inodeyou
  • Emergency Self-Destruction of LUKS in Kali Linux
  • Faster Domain Escalation Using LDAP
  • Hardcoded Pointers for bypassing ASLR
  • Hashcrack
  • Heartbleed Mass Test
  • How I Got Root With Sudo
  • Javascript for Hackers
  • Just In Time Code Resue
  • KASLR Bypass Mitigations in Windows 8.1
  • Kali Tool
  • Linux Local Privilege Escalation via SUID /proc/pid/mem Write
  • Local Linux Enumeration & Privilege Escalation Basics
  • Metasploit Meterpreter and NAT
  • OptiROP: the art of hunting ROP gadgets
  • PWNStaller for Veil Framework
  • Phrack Magazine
  • Shell Is Coming
  • Shellcode building
  • Using Heartbleed PoC for Hijacking User Sessions En Masse
  • Windows Privilege Escalation Fundamentals
  • elsherei.com

My Favourites

  • Anonymity First - Tor & Metasploit
  • Anonymous Post-Compromise via Tor Hidden Services
  • Attacking Drupal
  • Automated SQL Injection Detection
  • Bug fix for Mutillidae on Metasploitable 2
  • Bugtraq Team
  • bwapp
  • Clickjacking
  • Cloudflare Watch
  • Cracking WPA2 Passpharse Made Easy
  • Exploiting XPath injection with Xcat
  • Free Proxy List Online
  • Hacking Tutorial
  • Hash Identifier
  • HashData
  • HOWTO : TP-Link TL-MR3020 as WiFi Pineapple Made Easy
  • HOWTO : TP-Link TL-WR1043ND as WiFi Pineapple Made Easy
  • Insecurety Research
  • ITSEC Games
  • Legal Music For Videos
  • Lockpicking - by Deviant Ollam
  • Matthew H Knight
  • Metasploit : Meterpreter HTTP/HTTPS Communication
  • Metasploit : reverse_https_proxy
  • Network Pivoting Techniques
  • Offensive Security Course Reviews
  • Offensive Security Spring 2013
  • Online Hash Crack
  • Open Cyber Challenge Platform
  • Penetration Testing Practice Lab
  • Practical Exploitation Using A Malicious Service Set Identifier (SSID)
  • Quick Blind TCP Connection Spoofing with SYN Cookies
  • Reiners' Weblog
  • Reverse SSL Backdoor with Socat
  • Security Idiots
  • SmoothSec IDS/IPS
  • SQLi Dorks
  • SQLi Lab Series
  • SSH Port Forwarding
  • SSH Tunnelling
  • The Backdoor Factory
  • The Corrs - What Can I Do?
  • To Linux and beyond - Suricata
  • VulnHUB
  • WAF Bypass - PDF
  • Why you need to learn hacking skills (2013 Edition)?

Ruby on Rails

  • Learn Ruby The Hard Way
  • Ruby On Rails - YouTube
  • Ruby on Rails Video Tutorials

Linux Rootkits Series

  • Azazel
  • Writing Linux Rootkits 101
  • Writing Linux Rootkits 201
  • Writing Linux Rootkits 301
  • Suterusu

Linux Exploit Writing

  • Advance ROP attacks (Slides)
  • An Introduction to Returned-Oriented Programming on Linux
  • Having fun with ROP - NX / ASLR Bypass (Linux)
  • Linux Interactive Exploit Development with GDB and PEDA (Slides)
  • Payload already inside - data reuse for ROP exploits
  • ROPME - ROP Exploit Made Easy
  • ROPgadget - Gadgets finder and auto-roper
  • Return-Oriented Programming on 64-bit Linux
  • Smashing the Stack, an example from 2013
  • elsherei.com Papers and Tutorials

Virus?

  • VX Heaven
  • Valhalla - VX Heaven
  • Valhalla 4 - VX Heaven

Debugger

  • DuxDebugger (for Windows x86_64)

IDS/IPS Series

  • Bypassing IDS/IPS Signatures
  • Pissing on Snort with Metasploit (Video)

Web Service Attack (SOAP)

  • Defcon 13 - Attacking Web Services
  • Defcon 19 - Don’t Drop the SOAP
  • OWASP - Testing for Web Services
  • OWASP - Web Service Security Cheat Sheet
  • OWASP Web Service Attack Community Project
  • OWASP Web Services Security Project
  • SOAP Web Service Attack (PDF)
  • SQL Injection in SOAP Service using SQLMap (Youtube)
  • sqlmap and SOAP based web services

HTML5 Security

  • HTML5 Security Cheatsheet
  • OWASP Guide on Secure HTML5

Burp Suite

  • Bypass WAF: Burp Plugin to Bypass Some WAF Devices
  • ActiveScan++
  • Articles about Burp Suite Plugins
  • Automate WAF Bypass with Burp
  • Blind SQLi (Video)
  • Brute Force
  • Burp Suite Plugin Development for Java Noob
  • Burp Suite Pro Tips and Tricks (Video)
  • Burp Suite sqlmap plugin on Windows
  • Burp Suite with Tor
  • BypassWAF (Plugin)
  • Comprehensive (Video)
  • CSRF (Video)
  • gason - BurpSuite Plugin's Project (Sqlmap plugin)
  • HanLee - CSRF PoC Burp Suite's Plugin Project
  • LFI to Shell (Video)
  • nVisium
  • Repeater (Video)
  • Sqlmap plugin (gason) for Burp Suite (Video)

Cross Site Scripting

  • BlackHat USA 2012 - BeEF Injection with MiTM
  • Cross Site Scripting (XSS) Attacks: Methodology and Prevention
  • HTML DOM Access
  • Inter-Protocol Exploitation with BeEF (Video)
  • OWASP Testing Guide V4
  • OWASP XSS Prevention Cheat Sheet
  • Tools - BeEF - The Browser Exploit Framework
  • Tools - XSS Proxy
  • Tools - Xenotix - XSS Exploit Framework (Windows)
  • Tutorials - BeEF and Metasploit
  • XSS Encoding Calculator
  • XSS Filter Evasion Cheat Sheet
  • XSS Payload Generator
  • XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation
  • XSScrapy
  • mXSS Attack (Video)

SQL Injection

  • Blackhat Library
  • MSSQL Injection Cheat Sheet
  • MySQL Injection Cheat Sheet
  • New Techniques in SQLi Obfuscation
  • OWASP SQL Injection Prevention Cheat Sheet
  • OWASP Testing Guide V4
  • SQL Injection Cheat Sheet
  • SQL Zoo
  • SQLMap for Cloudflare
  • SQLi via Ajax (Video)
  • Tools - BSQL Hacker (Windows)
  • Tools - NoSQL Exploitation Framework
  • Tools - Pangolin (Windows)
  • Tools - SQLi Hunter (Windows)
  • Tools - The Mole
  • Tools - sqlmap
  • Tutorials - SQL
  • sqlinjection.net

Cross-Site Request Forgery

  • OWASP Cross-Site Request Forgery
  • OWASP Testing Guide V4
  • Tools - Pinata CRSF Tool
  • Tutorials - CRSF (Video)
  • nVisium

DIY Penetration Testing on Ubuntu

  • HOWTO : Aircrack-ng on Ubuntu Desktop 12.04 LTS
  • HOWTO : BeEF and Metasploit Integration on Ubuntu 12.04 LTS
  • HOWTO : BeEF on Ubuntu Desktop 12.04 LTS
  • HOWTO : Burp Suite on Ubuntu Desktop 12.04 LTS
  • HOWTO : CERT Basic Fuzzing Framework (BFF) on Ubuntu Desktop 12.04 LTS
  • HOWTO : Crunch on Ubuntu Desktop 12.04 LTS
  • HOWTO : Cryptohaze on Ubuntu Desktop 12.04 LTS
  • HOWTO : CUDA on Ubuntu Desktop 12.04 LTS
  • HOWTO : DirBuster on Ubuntu Desktop 12.04 LTS
  • HOWTO : edb-debugger on Ubuntu Desktop 12.04 LTS
  • HOWTO : Fierce on Ubuntu Desktop 12.04 LTS
  • HOWTO : Freemind on Ubuntu Desktop 12.04 LTS
  • HOWTO : Hashcat on Ubuntu Desktop 12.04 LTS
  • HOWTO : Hiawatha on Ubuntu Desktop 12.04 LTS
  • HOWTO : Hydra on Ubuntu Desktop 12.04 LTS
  • HOWTO : John the Ripper on Ubuntu Desktop 12.04 LTS
  • HOWTO : Joomscan on Ubuntu Desktop 12.04 LTS
  • HOWTO : Mac Changer on Ubuntu Desktop 12.04 LTS
  • HOWTO : Make-PDF tools on Ubuntu Desktop 12.04 LTS
  • HOWTO : Metagoofil on Ubuntu Desktop 12.04 LTS
  • HOWTO : Metasploit on Ubuntu Desktop 12.04 LTS
  • HOWTO : Nessus on Ubuntu Desktop 12.04 LTS
  • HOWTO : Netcat on Ubuntu Desktop 12.04 LTS
  • HOWTO : Nmap on Ubuntu Desktop 12.04 LTS
  • HOWTO : OpenVAS on Ubuntu Desktop 12.04 LTS
  • HOWTO : OWASP Zaproxy on Ubuntu Desktop 12.04 LTS
  • HOWTO : Reaver on Ubuntu Desktop 12.04 LTS
  • HOWTO : SET on Ubuntu Desktop 12.04 LTS
  • HOWTO : SlowHTTPTest on Ubuntu Desktop 12.04 LTS
  • HOWTO : Sqlmap on Ubuntu Desktop 12.04 LTS
  • HOWTO : T50 on Ubuntu Desktop 12.04 LTS
  • HOWTO : theharvester on Ubuntu Desktop 12.04 LTS
  • HOWTO : Tor and Proxychains on Ubuntu Desktop 12.04 LTS
  • HOWTO : W3af on Ubuntu Desktop 12.04 LTS
  • HOWTO : Weevely on Ubuntu Desktop 12.04 LTS
  • HOWTO : Wireshark on Ubuntu Desktop 12.04 LTS
  • HOWTO : WPScan on Ubuntu Desktop 12.04 LTS

My MacBook Pro Retina

  • CPU : Intel i7 Quad Core 2.7GHz
  • Display : 15" Retina
  • RAM : 16GB
  • Storage : 768GB SSD
  • OS : macOS 10.13.2
  • Purchased on September 7, 2012

My MacBook Air

  • CPU : Intel Dual-Core i7 1.7GHz (Turbo Boost to 3.3 GHz)
  • RAM : 8GB DDR3
  • Storage : 512GB SSD
  • Display : 13" Intel HD Graphics 5000
  • OS : macOS 10.13.2
  • Purchased on June 19, 2013

My Lenovo ThinkPad X201s

  • CPU : Intel i7 640LM (2 cores with 4 Hyper-Threading)
  • RAM : 8GB DDR3
  • Storage : 500GB 7200RPM HDD
  • OS : Kali Linux Rolling Edition x86_64
  • Purchased on December 20, 2012

Pentester's Blogs

  • Samiux's Blog
    第三份歷史決議全文公布 習近平說明提三重點
    3 years ago
  • Blog of Osanda Malith | Security Researching and Informaton Security
    Executing Shellcode via Callbacks
    4 years ago
  • Vag Mour
    Google Open URL Redirection Vulnerability which does the Social Engineering part too.
    5 years ago
  • Lab of a Penetration Tester
    How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks
    6 years ago
  • Ole Aass
    Tidsklemma
    6 years ago
  • Ethicalhackers Blog – Welcome to my blog.
    Pentester Lab – From SQLi to Shell
    8 years ago
  • hacker for hire
    Installing Metasploit Framework on OS X El Capitan
    9 years ago
  • khax blog | Infosec, Ethical Hacking, Digital Forensics
    Beginning Powershell Part 1
    9 years ago
  • Ramblings
    InfoSec Topics
    10 years ago
  • From Dummy to Dummies
    Copying SAM and SYSTEM hives (Or locked files) from a running system by directly dumping sectors.
    11 years ago
  • this is dearmo.
    On Hiatus
    12 years ago
  • Buhl(etx)r – Network, Security, Tools, notes
  • g0tmi1k

My Links

  • 5x5 security
  • Absinthe SQLi Tool
  • Adobe SWF Investigator
  • Advanced Linux Programming
  • AnonEmail
  • Anonymously using The Onion Router
  • Anti-Forensics
  • Arachni - Web Application Security Scanner Framework
  • Audi-1's SQLi Tutorials
  • BBQ SQL
  • Base64 Decoder
  • Bernardo Damele A. G.
  • Binary to Decimal Conversion
  • Binary to Text (ASCII) Conversion
  • Blocking scanners to website
  • C Programming Tutorials
  • CodeAcademy
  • Computer Security Student
  • Convert Shellcode to EXE
  • Default Password Database
  • Didier Stevens Labs
  • Exploit writing tutorials
  • File Signature Table
  • Free Proxy List Online
  • GBD Tutorials
  • Gentoo Wiki Archives
  • Google Code University
  • Government Security - Wordlists
  • HTML URL Encoding Reference
  • HTML Upload tutorial
  • Hackvertor
  • Highest Secured Hiawatha Web Server
  • IP Address Converter
  • IT Sec Catalog
  • Intel® 64 and IA-32 Architectures Software Developer Manuals
  • JSP Tutorials
  • JavaScript Upload tutorial
  • Javascript Tutorials
  • Kaotic Creations
  • MEGA
  • Metasploit Framework WiKi
  • Monasploit
  • MySQL Tutorials
  • OWASP Bricks
  • Official SQLMap Video Series
  • Open Security Training
  • Open Security Training Info - CISSP
  • OverTheWire - Wargames
  • PHP Charset Encoder / String Encrypter
  • PHP Tutorials
  • PHP Uplad tutorial
  • Pentest Bookmarks
  • Pentester Lab
  • Python InlineEgg
  • Python Tutorials
  • Security Engineering (2nd Edition)
  • Security is just an illusion
  • Shells
  • Smash The Stack Wargaming Network
  • Storytelling | Xtranormal
  • TRANSLATOR, BINARY
  • The Beginners Guide to Codecaves
  • The Grey Corner
  • The METASM assembly manipulation suite
  • The Open Web Application Security Project
  • Tuts 4 You
  • UDF Repository for MySQL Explain
  • UDF Repository for MySQL Site
  • UDF Repository for MySQL Source
  • Undetectable backdoor
  • Using Metasm To Avoid Antivirus Detection
  • Web Application Attack
  • Web2PDF Convert
  • Win32 Exploitation with mona.py
  • WordPress CSRF Vulnerability Exploit Tool
  • Xenotix - XSS Exploit Framework
  • YEHG Security Lab! - Web Security Division
  • ceriksen.com
  • exploit exercises
  • g0tmi1k's Video Series
  • mattandreko.com
  • mimikatz blog
  • pentestmonkey
  • wpbf - WordPress Brute Force (Explain)
  • wpbf - WordPress Brute Force (Source Code)

Popular Posts

  • HOWTO : WPA/WPA2 cracking with Back|Track 5
    Don't crack any wifi router without authorization; otherwise, you will be put into the jail. (A) General Display card Step 1 : air...
  • HOWTO : DD-WRT on TP-Link TL-WR1043ND
    TP-Link TL-WR1043ND comes with 1 Gigabit WAN and 4 Gigabit LAN as well as 1 USB port. The USB port is for storage purpose. It is a 300Mbp...
  • HOWTO : TP-Link TL-MR3020 as WiFi Pineapple Made Easy
    PLEASE CONSIDER THIS ARTICLE IS OUT-DATED AS THE PINEAPPLE FIRMWARE IS NO LONGER SUPPORTED BY THE ORIGINAL AUTHOR. MEANWHILE, THE FIRMWARE...
  • HOWTO : Crack WPA/WPA2-PSK with John the Ripper
    At the moment, we need to use dictionaries to brute force the WPA/WPA-PSK. To crack WPA/WPA2-PSK requires the to be cracked key is in your ...
  • HOWTO : RealTek 8192SU USB dongle (RTL8192SU) on Ubuntu 10.04
    D-Link DWA-131 Nano USB Wireless N adapter (USB dongle) is using RealTek 8192SU chip. However, it does not work on Ubuntu 10.04. This chip...
  • HOWTO : Perfect Dual Boot Kali Linux 1.0.6 on MacBook Air (Mid 2013) with rEFInd 0.7.7
    IMPORTANT : DO NOT UPGRADE YOUR MAC OSX TO YOSEMITE (10.10) AS REFIND (Version 0.8.3) WILL NOT WORKING PROPERLY AND IT FAILS TO DUAL BOOT....
  • HOWTO : Kali Linux 1.0.6 on MacBook Air (Mid 2013) 13 inches
    I make a persistence USB pendrive for the Kali Linux 1.0.6 (x86_64). I boot it up and find out that almost everything is working out of the...
  • HOWTO : nVidia CUDA Toolkit 4.0 on Ubuntu 11.04 Desktop
    The CUDA Toolkit 4.0 is released on May 2011. If you have nVidia display card that have several CUDAs on it, you will interested in this tu...
  • HOWTO : Cracking WPA/WPA2 without dictionary
    This video is not created by me. It is created by Kardipapa. The original video is here . I upload here for my reference only. That...

Blog Archive

  • ►  2021 (92)
    • ►  November (2)
    • ►  October (7)
    • ►  September (6)
    • ►  August (8)
    • ►  July (10)
    • ►  June (14)
    • ►  May (4)
    • ►  April (9)
    • ►  March (17)
    • ►  February (6)
    • ►  January (9)
  • ►  2020 (137)
    • ►  December (15)
    • ►  November (19)
    • ►  October (19)
    • ►  September (13)
    • ►  August (31)
    • ►  July (12)
    • ►  June (4)
    • ►  May (7)
    • ►  April (5)
    • ►  March (3)
    • ►  February (6)
    • ►  January (3)
  • ►  2019 (49)
    • ►  October (5)
    • ►  September (3)
    • ►  August (10)
    • ►  July (9)
    • ►  June (5)
    • ►  May (5)
    • ►  April (1)
    • ►  March (4)
    • ►  February (3)
    • ►  January (4)
  • ►  2018 (53)
    • ►  December (3)
    • ►  November (1)
    • ►  October (3)
    • ►  September (6)
    • ►  August (6)
    • ►  July (2)
    • ►  June (7)
    • ►  May (12)
    • ►  April (7)
    • ►  March (2)
    • ►  February (1)
    • ►  January (3)
  • ►  2017 (46)
    • ►  December (5)
    • ►  November (3)
    • ►  October (4)
    • ►  September (12)
    • ►  August (3)
    • ►  July (2)
    • ►  June (4)
    • ►  May (3)
    • ►  April (4)
    • ►  March (3)
    • ►  February (2)
    • ►  January (1)
  • ►  2016 (31)
    • ►  December (4)
    • ►  November (4)
    • ►  October (1)
    • ►  September (3)
    • ►  August (6)
    • ►  July (1)
    • ►  June (2)
    • ►  May (1)
    • ►  April (3)
    • ►  March (1)
    • ►  February (4)
    • ►  January (1)
  • ►  2015 (74)
    • ►  December (1)
    • ►  November (2)
    • ►  October (6)
    • ►  September (4)
    • ►  August (30)
    • ►  July (5)
    • ►  June (5)
    • ►  May (1)
    • ►  April (2)
    • ►  March (5)
    • ►  February (10)
    • ►  January (3)
  • ►  2014 (46)
    • ►  December (7)
    • ►  November (1)
    • ►  October (4)
    • ►  September (5)
    • ►  August (1)
    • ►  July (4)
    • ►  June (5)
    • ►  May (2)
    • ►  April (3)
    • ►  March (5)
    • ►  February (3)
    • ►  January (6)
  • ►  2013 (97)
    • ►  December (3)
    • ►  November (2)
    • ►  September (5)
    • ►  August (8)
    • ►  July (13)
    • ►  June (6)
    • ►  May (37)
    • ►  April (3)
    • ►  March (10)
    • ►  February (3)
    • ►  January (7)
  • ►  2012 (56)
    • ►  December (5)
    • ►  November (3)
    • ►  October (4)
    • ►  September (6)
    • ►  August (3)
    • ►  July (11)
    • ►  June (3)
    • ►  May (5)
    • ►  April (2)
    • ►  March (5)
    • ►  February (3)
    • ►  January (6)
  • ▼  2011 (82)
    • ▼  December (4)
      • HOWTO : Android 4.0 (Galaxy Nexus) File Transfer o...
      • HOWTO : BackTrack 5 R1 on Intel X79 Express chipse...
      • HOWTO : Ubuntu 12.04 LTS on Intel X79 Express Chip...
      • Exploit writing tutorial
    • ►  September (33)
    • ►  August (2)
    • ►  July (11)
    • ►  June (1)
    • ►  May (16)
    • ►  April (8)
    • ►  March (3)
    • ►  February (2)
    • ►  January (2)
  • ►  2010 (57)
    • ►  December (5)
    • ►  November (9)
    • ►  October (1)
    • ►  September (7)
    • ►  August (9)
    • ►  July (6)
    • ►  June (1)
    • ►  May (6)
    • ►  April (3)
    • ►  March (1)
    • ►  February (9)
  • ►  2009 (15)
    • ►  December (8)
    • ►  November (1)
    • ►  October (2)
    • ►  September (4)

Labels

3G modem (1) 8812au (1) Adaptec (1) Adaptec Storage Manager (1) AES (1) AF_PACKET (1) Aircrack-ng (5) Ajenti (1) Akamai (1) Algorithm (1) alien (2) Allison Nixon (1) Almond Croissants (4) AMD (1) Anaconda (3) Anaglyph (1) Android (23) Android-x86 (1) Anti-Virus (4) Apache (2) Apache Guacamole (1) App Inventor for Android (1) Apparmor (10) Apple (1) Arachni (1) Archer T4UHP (1) Arist (1) Armitage (1) ARP (1) ArpON (5) Arsock (1) Asch conformity experiments (1) asleep (1) AsRock (1) atftpd (1) ATi (2) Atom D510 (1) Audi-1 (1) Azazel (1) Back|Track (44) BackBox (1) backdoor (3) BADONIONS (1) Banshee (1) BBC (1) bcmwl (1) BDF (1) BDFactory (1) BDFProxy (2) BeEF (3) Beini (1) BFF (1) Big Line Holiday (1) BitCoin (1) Black Hat (1) Blackhat (1) BlackHat 2013 (1) Bleachbit (1) Bonding (1) Botnet (2) brew (1) Broadcom (1) bugcrowd (1) Bugtraq (6) Bugtroid (1) bumblebee (1) Burp Suite (3) caches (1) CakePHP (1) CCTV (1) CDN (2) CEH (1) CentOS (1) Chameleon (2) chap2asleap.py (1) checkinstall (2) chmod (1) CI549 (1) CISSP (1) Clamav (4) Clear Quit (1) Cloudflare (5) Cloudflare-Recon (2) CMSMap (1) Commix (1) Common User Passwords Profiler (1) Compiz (2) compress (1) Conky (1) Course Review (4) cpu (2) Croissants (16) crontab (2) crunch (2) Cryptohaze (3) Cryptohaze-Multiforcer (1) cryptsetup (2) csipsimple (2) CSTCB (1) CUDA (22) cudaHashcat (2) CVE-2013-1763 (1) CVE-2014-0160 (3) CyanogenMod (2) D-Link DW-131 (1) DAPP Media Player (1) DBAN (1) DD-WRT (1) DDoS (3) Debian (3) Deepin (2) deface (1) DELL Streak (3) DEP (1) DerbyCon (1) DirBuster (3) Display Card (1) Django (1) DNS (2) Docker (3) docker-ce (1) Docky (1) DoS (1) downgrade (1) Dradis (1) DroidBooster (1) DroidSheep Guard (1) Drupal (2) DuckDuckgo (1) DVWA (3) Ebury SSH Rootkit (1) Eclipse (1) edb-debugger (4) eGalax (4) Ekiga (2) ElasticSearch (1) Elastix (1) email (1) Encrypt (1) Ethical Hacker (1) ethtool (1) ettercap (1) Evebox (1) Exercise (1) Exploit (1) Exploit Education (1) exploit writing (1) Exploit-DB (4) extundelete (1) Facebook (2) Fail2ban (2) FeedingBottle (1) fenix 3 HR (1) fierce (3) Filezilla (2) Firefly (1) Firefox (21) Firewall (1) Flash (7) For Want of a Nail (1) FoxyProxy (1) FreeDOS (1) Freemind (1) FreeNAS (1) Freenode (1) Froyo (1) Full HD (1) g0tmi1k (1) Garmin (1) gcc (2) Generic (1) Gigabyte M1028 (2) Gigabyte T1028X (6) GMail (2) Gnome (5) Gnome Shell Extension (2) Gnome Tweaks (1) GoDaddy (1) golang (2) GoldJoy Holidays (1) Google Apps (1) Google DNS (1) Google Nexus 5 (1) Google Play (2) GPS Grid Reference (1) Grey Hat (1) hacker (3) hackerone (1) hackthebox (1) Hacktivism (2) Hak5 (4) Hardening (1) hash (1) hashcat (5) HatCloud-ng (1) HconSTF (1) HD video (1) hdaps (1) Heartbleed (3) Hexchat (2) Hiawatha (15) HIT (1) HP Mini 110 (1) HPKP (3) HSBC (1) HSDPA (1) HSPA (1) HSTS (2) HTTPS (1) HUAWEI (1) Hydra (3) iBus (2) Iceweasel (1) ICMP Tunnel (1) IDPS (2) IDS (8) IEEE802.11w (1) Infosec (2) Intel (2) interview (1) iPad Mini 3 (1) IPS (8) irc (1) Jasager (4) Java (6) Java Compiler (1) Javascript (1) jemalloc (1) Joe McCray (1) John (3) John the Ripper (8) Jonh the Ripper (1) Joomscan (1) Kafeine (1) Kali (9) Kali Linux (52) Keras (1) Kernel (1) Kioptrix (1) knockknock (1) Ksplice (1) KVM (1) Lenovo (2) Let's Encrypt (3) LFI (1) LibreOffice (1) libssl1.1 (1) LimeChat (1) LinkBleed (1) Linksys SPA941 (1) Linux (6) Linux Malware Detect (1) LIT (1) LIVA (1) LMD (1) Logwatch (2) Longjing (3) love (1) Lua (1) LuaJIT (1) LulzSec (1) Mac OS X (5) Mac Pro (1) Macbook (1) MacBook Air (4) Macbook Pro (1) MacBook Pro Retina (2) macchanger (2) Machine Learning (2) macOS (1) make-pdf (1) Malicious Hacker (4) malware (4) Marcus Hutchins (1) MariaDB (1) Masscan (1) Meltdown (1) Metagoofil (1) Metasploit (12) Metasploit Framework (1) Metasploitable (1) MI549 (1) microcode (1) MITM (1) MitmProxy (1) MIUI 8 (3) Mobile Atlas Creator (1) modeline (1) Moonlight (2) MOTODEV Studio (1) mount (1) mpv (1) msfconsole (1) multiforcer (1) my-bnc.net (1) MyGica D689 (4) MySQL (6) NATO (1) Nessus (2) Netcat (3) netdata (1) Netdiscover (1) NetHunter (3) Nexus (2) Nexus Guard (1) Nexus One (5) NightHawk (4) NMap (11) noatime (1) nocloudallowed (2) Node.js (2) norelatime (1) NoSQLMap (1) NSA (1) Nuke (1) nVidia (36) Nvidia Jetson Nano Developer Kit (1) nvidia-docker2 (1) oclhashcat+ (1) Octoshape (1) OffSec (1) OnePlus One (4) OpenCL (2) OpenJDK (1) OpenSSH (1) OpenSSL (3) OpenVAS (3) OpenVPN (3) Optimus (4) Oracle (1) Oracle Java (1) Orbot (1) OSCE (1) OSCP (1) OSVDB (1) OSWP (1) OTA (1) OTR (2) overheat (2) OwnCloud (3) Parallels (1) Parrot Security OS (5) Parrot Securrity OS (1) password (1) paxctl (1) PBXes.org (1) PDF (1) Penetration Test (1) penetration tester (1) Pentesting (7) Pentoo (5) Perl (2) pfsense (1) Phishing (1) Phoenix (1) Phony (1) PHP (8) php5.6 (1) php7.0 (1) phpmyadmin (1) PHPVirtualBox (2) Pidgin (1) Pigsty (9) Pineapple (4) PMF (1) PMKID (1) poedit (1) Polledpork (1) Poodle (2) Postfix (4) powersave (2) PPStream (1) PPTP (1) prime-select (1) primus (1) Privoxy (5) programmer (1) Protected Management Frames (1) Proxmox VE (1) Proxy Mobile (1) proxychains (3) PTF (1) PulledPork (8) pure-ftpd (1) pyrit (6) Python (16) Quad9 (1) Quit smoking (1) r8192se_pci (2) Radeon (1) Radiotray-NG (1) RamDisk (1) Rapid7 (1) RC4 (1) Realtek (2) Reaver (2) rebuild (2) Recon-ng (2) Redmi Note 4 (1) rEFInd (3) remote desktop (1) remount (1) Rhythmbox (1) Robert Hansen (1) rootkit (1) Router (3) RouterCheck (2) RTHK (1) RTL8191SE (2) rtl8192su (1) ruby (3) SafeSEH (1) Sandbox (1) Scammer (1) scanner (1) Scapy (1) SCIM (2) Secure Headers (1) security (1) Self-Destructing Cookies (1) Self-signed Certificate (1) SET (2) Shellshock (2) Shellter (1) shield (1) Silverlight (2) SimpleStreak (1) SIP (1) sip2sip.info (1) SIPDroid (1) slowhttptest (1) smbclient (1) SmoothSec (8) Snorby (11) Snort (6) SopCast (1) spam (1) Spamhaus.org (1) Spectre (1) Spiderfoot (2) SPIKE (1) SQL Injection (4) SQLi (6) SQLmap (20) SSD (2) SSH (3) SSL (3) SSLv3 (1) Stack Overflows (2) Stagefright (1) Storage Manager (1) StreakDroid (1) Subsonic (1) Suricata (28) sysadmin (1) sysctl (1) sysdig (1) T50 (1) Tabnabbing (1) Tamper Data (1) TCP SYN Cookies (1) Teaming (1) TED (1) Tegaki (2) Tensorflow (3) THC-Hydra (2) THC-pptp-bruter (1) The Corrs (2) The Mole (1) theharvester (1) ThinkPad (4) ThinkPad X100e (2) ThinkPad X200 (1) This is China (1) TKIP (1) TLS (1) TLS/SSL (1) Tomcat (1) TopLeader (1) Tor (14) Tor Button (1) TorButton (1) TorGuard (1) Totem (1) touch screen (1) TP-Link (1) TP-Link TL-MR3020 (3) TP-Link TL-WR1043ND (2) Traditional Chinese (1) Trojan (2) Tsunami (1) Tuning (1) tzdata (1) Ubuntu (226) ulimit (1) UNetBootin (1) Unicornscan (5) uninstall (1) Unity (2) Unity 2D (1) Untangle (5) USB (1) UTM (1) uTouch (1) vdpau (2) Vega (2) Vidalia (2) Video (1) VideoLan (4) VirtualBox (12) Virtualization (1) ViuTV (1) VNC (1) VoIP (1) Vokoscreen (1) Volatility (1) VPN (3) VTS for Android (1) vulnerability (1) VulnHub (3) VulnImage (1) W3af (1) WAF (3) WAIDPS (4) WannaCry (1) Web Attack (1) Web Pentesting (19) web scanner (1) WebGoat (1) Weevely (2) Weevely3 (1) WEP (3) White Hat (1) Wicd (1) Wifi (1) Windows (7) Wired (1) Wireless (1) Wireshark (2) Wordpress (1) Wordpresscan (1) Worm (1) WPA (6) WPA2 (8) WPS (2) WPScan (2) X100p (1) X79 (4) XARP (1) xchat (3) Xenotix (1) xfce (2) Xiaomi Redmi Note 4 (1) XSS (3) YAMAS (1) Youtube (2) youtube-dl (1) ZAP (1) Zaproxy (1) ZBOX ID42 (1) Zenedge (1) Zimperium (1) znc (1) ZOTAC (3) 中華人民共和國網絡安全法 (1) 余非 (2) 優麒麟 (1) 只因少了一颗钉 (1) 國家是甚麼 (1) 挑战不可能 (1) 深度系統 (1) 烏合之眾 (1) 自主硏發 (1) 阿希從衆實驗 (1) 霍詠強 (4) 香港法例 (1) 香港逃犯條例修訂解釋 (1)
Copyright © Samiux 2009-2018. Awesome Inc. theme. Powered by Blogger.