The following tutorials are created by Prateek Gianchandani who has interests in the field of Penetration Testing, Web Application Security and Intrusion Detection. He is currently a researcher for InfoSec Institute. In the past he has worked for security-based startups. In his pastime he maintains his website searching-eye.com.
Burp Suite Walkthrough
Inserting Vulnerabilities in Web Applications
Hacking Web Authentication – Part 1
Hacking Web Authentication – Part 2
W3af walkthrough and tutorial – Part 1
w3af walkthrough and tutorial part 2 – Discovery and Audit plugins
w3af walkthrough and tutorial part 3 – Remaining plugins
w3af walkthrough and tutorial part 4 – w3af tools, profiles and scripting
That's all! See you.
Sunday, September 30, 2012
HOWTO : SQLi Lab Series by Audi-1
The following is the SQLi Lab, which is created by Audi-1 who is an Offensive Security Certified Expert (OSCE). He explains how SQLi works.
SQLi Lab Series - Introduction
SQLi Lab Series - Error Based
SQLi Lab Series - Double Query / SubQuery
SQLi Lab Series - Blind Injection - Boolean Based
SQLi Lab Series - Blind Injection - Time Based
SQLi Lab Series - Using Outfile / Dumpfile
SQLi Lab Series - Post Based
SQLi Lab Series - Double Query
SQLi Lab Series - Update Query
SQLi Lab Series - Insert Query / Headers
SQLi Lab Series - Cookie Based
Second Order Injection
Bypassing blacklist filters (Part 1)
Bypassing blacklist filters (Part 2)
The whole series of the video of SQLi Lab Series
That's all! See you.
SQLi Lab Series - Introduction
SQLi Lab Series - Error Based
SQLi Lab Series - Double Query / SubQuery
SQLi Lab Series - Blind Injection - Boolean Based
SQLi Lab Series - Blind Injection - Time Based
SQLi Lab Series - Using Outfile / Dumpfile
SQLi Lab Series - Post Based
SQLi Lab Series - Double Query
SQLi Lab Series - Update Query
SQLi Lab Series - Insert Query / Headers
SQLi Lab Series - Cookie Based
Second Order Injection
Bypassing blacklist filters (Part 1)
Bypassing blacklist filters (Part 2)
The whole series of the video of SQLi Lab Series
That's all! See you.
Wednesday, September 26, 2012
Course Review - Cracking the Perimeter (CTP)
Before enroll for the course of Cracking the Perimeter, you need to solve a problem. This problem is to confirm you have some related skills before taking this course. This course is not designed for newbies.
If you do not have knowledge of penetration testing, I recommend you to take Penetration Testing with BackTrack.
The Course
Debugger for Windows are used mostly in the course for the purpose of Anti-virus bypass, backdooring and exploit writing. You should have some knowledge on x86 assembly language, Linux, Windows and web site scripting languages, such as PHP as well. You are also required to do a lot of researches on the topic of exploit writing. In addition, some more extra exercises to improve your skills are recommended. The course also cover web application attack.
One of the modules in the course I like most and hate most is HP Openview Network Node Manager NNM 7.5.0. In the beginning, I overlook this module and think that it is a very specific case. The solution will not apply to others exploit writing. Later, I find this module very interesting and I spend a lot of time to understand what is going on. Fortunately, I fully understand what it is finally.
Mati (the founder of Offensive Security) has a talk at DefCon 16 about this exploit writing where he states that he cannot solve this problem in the early beginning. Here you are :
You should enroll for the exam within 90 days after the lab access time expire. Otherwise, you need to pay for the exam.
The Challenge
The Challenge have 47 hours and 45 minutes for you to solve a series of problems. You need to submit the report within 24 hours after the challenge ends.
Finally, the exam was over and the report was submitted. Within 3 business days, I received an email telling me that I passed the challenge. I am now an Offensive Security Certified Expert (OSCE).
The Conclusion
In conclusion, this course will teach you about exploit writing and some skills of AV bypass and backdooring. You need to have some skills on Penetration Testing before taking this course. This course is an eye-opener, you can learn a lot of things during the course. Make sure you fully understand the course materials. Recommended!
If you do not have knowledge of penetration testing, I recommend you to take Penetration Testing with BackTrack.
The Course
Debugger for Windows are used mostly in the course for the purpose of Anti-virus bypass, backdooring and exploit writing. You should have some knowledge on x86 assembly language, Linux, Windows and web site scripting languages, such as PHP as well. You are also required to do a lot of researches on the topic of exploit writing. In addition, some more extra exercises to improve your skills are recommended. The course also cover web application attack.
One of the modules in the course I like most and hate most is HP Openview Network Node Manager NNM 7.5.0. In the beginning, I overlook this module and think that it is a very specific case. The solution will not apply to others exploit writing. Later, I find this module very interesting and I spend a lot of time to understand what is going on. Fortunately, I fully understand what it is finally.
Mati (the founder of Offensive Security) has a talk at DefCon 16 about this exploit writing where he states that he cannot solve this problem in the early beginning. Here you are :
You should enroll for the exam within 90 days after the lab access time expire. Otherwise, you need to pay for the exam.
The Challenge
The Challenge have 47 hours and 45 minutes for you to solve a series of problems. You need to submit the report within 24 hours after the challenge ends.
Finally, the exam was over and the report was submitted. Within 3 business days, I received an email telling me that I passed the challenge. I am now an Offensive Security Certified Expert (OSCE).
The Conclusion
In conclusion, this course will teach you about exploit writing and some skills of AV bypass and backdooring. You need to have some skills on Penetration Testing before taking this course. This course is an eye-opener, you can learn a lot of things during the course. Make sure you fully understand the course materials. Recommended!
Tuesday, September 04, 2012
HOWTO : Apparmor for VirtualBox on Ubuntu 12.04
Apparmor is a kind of application firewall which is similar to SELinux. Apparmor is installed by default for Ubuntu.
The apparmor for VirtualBox is not existed in
Step 1 :
Make sure Virtualbox is installed.
Step 2 :
usr.bin.VBox
Copy the captioned source code and placed it to
Step 3 :
That's all! See you.
REFERENCE
Apparmor manual for Ubuntu
The apparmor for VirtualBox is not existed in
/etc/apparmor.d/ and you should build your own. You can copy the following source code to the directory and enable it.Step 1 :
sudo apt-get install apparmor-utilsMake sure Virtualbox is installed.
Step 2 :
usr.bin.VBox
Copy the captioned source code and placed it to
/etc/apparmor.d/ and name them as the name that is underlined.Step 3 :
sudo aa-enforce /etc/apparmor.d/usr.bin.VBoxThat's all! See you.
REFERENCE
Apparmor manual for Ubuntu
HOWTO : Apparmor for xChat on Ubuntu 12.04
Apparmor is a kind of application firewall which is similar to SELinux. Apparmor is installed by default for Ubuntu.
The apparmor for xChat is not existed in
Step 1 :
Step 2 :
usr.bin.xchat
Make sure the line #19, #34 and #36 are match the installed version of Python. If you upgraded the Python to other version, make sure to change it accordingly; otherwise, xChat will not run as it is blocked by apparmor.
Copy the captioned source code and placed it to
Step 3 :
After making the changes (if any), then enable it.
That's all! See you.
REFERENCE
Apparmor manual for Ubuntu
The apparmor for xChat is not existed in
/etc/apparmor.d/ and you should build your own. You can copy the following source code to the directory and enable it.Step 1 :
sudo apt-get install apparmor-utilssudo apt-get install xchatStep 2 :
usr.bin.xchat
Make sure the line #19, #34 and #36 are match the installed version of Python. If you upgraded the Python to other version, make sure to change it accordingly; otherwise, xChat will not run as it is blocked by apparmor.
Copy the captioned source code and placed it to
/etc/apparmor.d/ and name it as "usr.bin.xchat"Step 3 :
After making the changes (if any), then enable it.
sudo aa-enforce /etc/apparmor.d/usr.bin.xchatThat's all! See you.
REFERENCE
Apparmor manual for Ubuntu
HOWTO : Apparmor for Firefox on Ubuntu 12.04
Apparmor is a kind of application firewall which is similar to SELinux. Apparmor is installed by default for Ubuntu.
The apparmor for Firefox is already installed to
Step 1 :
Step 2 :
Make sure the line #120 to #127 are match your language that is installed in your Ubuntu. The line #122 to #123 and #126 to #127 are showing the Traditional Chinese of
Step 3 :
After making the changes (if any), then enable it.
That's all! See you.
REFERENCE
Apparmor manual for Ubuntu
The apparmor for Firefox is already installed to
/etc/apparmor.d/ but it is not enabled by default.Step 1 :
sudo apt-get install apparmor-utilsStep 2 :
Make sure the line #120 to #127 are match your language that is installed in your Ubuntu. The line #122 to #123 and #126 to #127 are showing the Traditional Chinese of
Public and Downloads directories.Step 3 :
After making the changes (if any), then enable it.
sudo aa-enforce /etc/apparmor.d/usr.bin.firefoxThat's all! See you.
REFERENCE
Apparmor manual for Ubuntu
Subscribe to:
Posts (Atom)