Monday, May 30, 2011

Buffer Overflows

It has been a while since I posted anything.   It has been a busy time.  I have been able to sneak in some time to work on my OffSec skills.  Hey I am working on it.  Anyway, to prepare for the OSCE course, I am looking through the 'www.exploit-db.com' site and trying to re-exploit applications that are available using python.  I like python a lot and trying to get better at it currently so it looked like the obvious choice.  I am running into some confusion on the Savant 3.1 Web Server.  I understand that when exploiting SEH, we are looking for a POP, POP, return.  I understand that when you have a stack exploit, you look for a JMP into a CPU register.  But somehow, I am getting lost on the POP, RET.  Is it just the same logic behind SEH?  Are we just popping the last entry in the stack and putting the last memory entry in EIP? I have reviewed the exploit code from "http://www.exploit-db.com/exploits/10434/".  Also, there is a great tutorial for EggHunters and Buffer Overflows at "http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html".  Just a side note, this blog has helped me in the past understand SEH exploits along with the site "https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/".   That site is incredible too.  If you want to know about buffer overflows, these are the sites to go to.  Anyway, I am kind of stuck right now, but the irony is that the person who found the vulnerability to Savant is Muts, teacher and founder of OffSec of OSCP and OSCE courses.  I know I have a lot of learning in store for me with the OSCE.  Hopefully, I can get some more headway with this.  On a more depressing note, I am sure I cannot afford any big CONs this year like I planned if I want to get the OSCE course and move by next year.  But the good news, I am sure there will be great CONs then too.

Wednesday, May 18, 2011

Education: 2011

I have been gathering, watching and reading more and more info-sec data from everywhere including great books, from Amazon of course and it has been helping a lot.  I just wanted to mention some of the things I have been using to learn, just in case you are starting out like me.  Most of the information has been leaning towards social engineering and browser exploits.  For example, if you start looking at enough YouTube clips of DefCons and presentations by the elite security researchers and pentesters, you learn that nowadays, most attacks are done on layer 7 and 8 of the OSI model. The recent Playstation PSN hack was reported to have started from a Spear Phishing attack.  It seems that a little social engineering goes a long way.  All it takes is one click.  Depending on the vulnerability, it might even be easier.  With SQLi and XSS, you can move the browser for your victim to introduce an exploit.  A user is directed to the wrong page or opens the wrong email.  It can happen and it obviously does.  Ask Sony.  Here is my list:

Books:
Dissecting the Hack: The Forb1dd3n Network (Half way done)
Python Network Programming (Just beginning)
Social Engineering: The Art of Human Hacking (Just bought)
KingPin (Just bought)
Fuzzing: Brute Force Vulnerability Discovery (Just bought)
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
(Just beginning)

Videos:
Elearning Security
Malware Analysis - http://youtu.be/fqf5LfPwmm4
Malware Analysis - http://youtu.be/jake9ibMIpc

Joe McCray
PenTesting - http://www.youtube.com/watch?v=tJsNu0VRKYY
Advanced SQL Injection - http://www.youtube.com/watch?v=rdyQoUNeXSg
Advanced SQL Injection (LayerOne 2009) http://www.youtube.com/watch?v=WkHkryIoLD0

Sam Kamkar
Hacking Facebook/PHP - http://www.youtube.com/watch?v=fEmO7wQKCMw&feature=related

IronGeek (Adrian Crenshaw)
Numberous Videos -*.*- http://www.irongeek.com/i.php?page=security/hackingillustrated
Dakykilla, Purehate and Irongeek
Password Exploitation Class - http://www.irongeek.com/i.php?page=videos/password-exploitation-class

SecurityTube
Numberous Videos -*.*- http://www.securitytube.net/

Python Programming
Computer Science Class - http://www.cse.msu.edu/~cse231/PracticeOfComputingUsingPython/index.php



Member of EthicalHacker.net
PenTesting Steps  - http://www.infiltrated.net/pentesting101.html


EthicalHacker
Great Forum w/ videos,links,articles for Pentesting - http://ethicalhacker.net

Hopefully, this helps other people in the quest for knowledge.  Good Night

Monday, May 16, 2011

Education: 2011

I just wanted to make a quick post about my studies for this year.  I plan on taking a few courses and certification exams this year, like any other year really. I have been slowly preparing to be a better security and IT professional for my company and for myself.  There is a lot of great information out there to learn if anyone is willing to put in the time and energy.  Anyway, so far, I have taken two exams already.  The first, OSCP, was very exciting, informative, fun and difficult.  I will include a review about it in a later post which it definitely deserves.  The next exam was the CASP exam which is targeted to be the next "level" from the Security+ exam.  It was a free beta exam so I figured why not.  It was a little difficult since it hit on topics I have not researched before.  It still just seems like a waste of time compare to an exam like the OSCP which is more hands-on.

The remaining two exams for this year are the OSCE and CCNA.  The OSCE is the next course of the OffSec group after the OSCP.  I must say, I am dying to take this course.  I know it can take me to that next stage of offensive security such as evading anti-virus, attacking web applications, buffer overflows with staged exploits and writing in assembly language.  It will be a painfully exciting time I am sure.  Finally, I will take the CCNA exam.  I have put this off for years now.  I just want to get it out of the way to be honest.  I am just having a hard time getting my hands on either the Cisco IOSs' or the Cisco hardware.  The hardware would cost more than the exam.  I tried to go the cheaper route by using the cisco emulator GNS3.  Of course, you need to be able to get a copy of the IOS.  FAIL.  I do not have access to the IOSs' yet.  Legally anyway.  I will end up just buying the hardware.  If you see late night flashes of light and power surges going in your neighborhood, it is probably because I live near you.  I have seen some good deals on ebay and ciscokits.com.  Oh, before I forget, I am also practicing programming in python. It seems to be great when you want to do network programming.  I am just using homework assignments from computer science courses on the Internet to practice.  It seems to be working.  I will post as I go along.  Good Night...


OSCP: Offensive Security Certified Professional
OSCE: Offensive Security Certified Expert
CCNA: Cisco Certified Network Associate
CASP: CompTIA Advanced Security Practitioner
OSWP: Offensive Security Wireless Professional
GPEN: GIAC Certified Penetration Tester

Saturday, May 14, 2011

Agoonie's first post

This is my first post.  Of course, in my first post, I have to describe my first project.  I was having a discussion about security and a friend of mine asserted something interesting.  The first assertion was that "hacking" or cyber crime, statistically, rarely happens and secondly, that when it does, it does not have a major effect on people, particularly the victims.  I have to argue those opinions.  I figured that it would be a good idea to write a paper about it and post it on my blog.  Why not?  So I shall be writing the paper on my computer and put it on one of my blog posts in the future.  Oh, yeah, hello everyone.