Skip to content

hello and welcome to my computer security blog which will attempt to document my explorations as a student of ethical hacking

Well its been a while…..

But hey i have done few things while i’ve been away! Thailand was great fun, i really have to get back and see more of it, i guess i spent a bit too much time in Bangkok and in Chang Mai up in the north. Anyway, since i came back i started my final year of the degree and right now i am in limbo land waiting patiently for results.

The exams were back in December and the coursework was all handed in on the 14th January, would be good for financial purposes if i can get high enough grades to apply for a scholarship at the university i want to do a Msc at.

So.. so many things have/are happening in my personal life too atm; so we will see where this all goes. Right now i am investigating the possibility of doing my 4th year project and thesis on Social Engineering but i want to work in as much metasploit fun as possible, no doubt using the SET toys.

Exams, stress and whats to come afterwards

Quickie entry, its exam time and i am doomed, well probably but i still have to study today so we will see. Got everything to do in a few short weeks after them though, so i will be busy busy busy. Tomorrow programming and its my worst subject, then a few days home for the calm before the storm. Looking forward to Thailand in June ūüôā

Protected: Thinking Ahead…….

This content is password protected. To view it please enter your password below:

Protected: Summer dreams…in Thailand for a whole 6 weeks.

This content is password protected. To view it please enter your password below:

Basic Exploit steps Lecture and Tutorial:1 Completed almost(98%)

Well i returned to the buffer over flow stuff and spent a few days at it; got fed up took a few days off…then i¬† went to Aberdeen to see friends. Yesterday everything just came together, i managed the full working sploit but only with the calc payload so far. I do want to go further into it but it is pretty deep and would take a lot of time and consistent effort, which in truth sometimes i am not the greatest at, preferring mad full on bursts for short times. Anyway i have all i need and other needs must so time will tell. I did try to set it up in a VM but ran into debugging problems, shame as i could have installed a few programs and put my tutorials on it for a sort of hacklab.

I would also have liked to have the time to get an impressive looking payload to thrill the students (if there will actually be any i doubt it) with my 5 minute groovy example in the beginning of the tutorial.

I am still not decided what will be the Major and Minor projects but i am happy i have most of it done. Ncat or Sploit that tis the question.

The new Ncat and other BackDoors

Whilst, fully intending to finish what i started with BOF’s i decided to hedge my bets and follow another area as this will serve two purposes, well probably more than that but anyway the main thing is that i have something for my mini project that we were suddenly set as an additional uni task.

The paper and poster i have yet to write but i did a good?(extensive though) lecture and tutorial on the subject which will cover me in the event i don’t have success with my first chosen topic. They are based mainly on the new Ncat replacement/upgrade of the good old netcat tool and then extend to the use of port to process tools like TCP View which is all nothing new. I did however, touch on more advanced back doors, rootkit detection and gave at least some sound ground rules and tools to know where to look in the XP system.I guess it wouldn’t be fair not to mention the nice tutorial about Ncat i found on¬† irongeek’s site.

I must admit to being more than slightly intrigued with the advanced functionality of Ncat and the possibilities of its uses. All of my slides will be available on request… until or if¬† i decide to put them up.

Anyway im pretty tied up time wise for the foreseeable future so for now i will leave you with a quote from¬† Mr Gareth an old friend of mine i met on the road last time i was in India…. “expect the unexpected” !!!!

If you are into traveling and alternative lifestyles you can check out his Crusty_Blog

Protected: Skool reunion >>the aftermath

This content is password protected. To view it please enter your password below:

Protected: My Old_Skool Reunion coming up 19th Feb 2010

This content is password protected. To view it please enter your password below:

Writing tutorials for the course

Its fair to say i don’t have that much experience of teaching but i have had more than an average education. I am trying to cram a few chapters of “good” books and other sources into one lecture and tutorial. I don’t know if i am over loading it but i try to add any interesting points and things to make as exciting as possible. I will need to explore the limits of teaching through practice makes perfect and it could very well turn out to be “a case of suck it and see?”

Anyway as mentioned before my main subject will be buffer over flows but i had a change of thought over the weekend and started a back up course. This is for various reasons, one being we were set another mini-project as coursework in university  and i immediately knew which area i wanted to base it on. So my reasoning was if i just go ahead and make a whole new lecture and tutorial based on this, i can always just cut it down a bit for the mini-project. It will serve as a back up for the main project too just in case.

Its good to be actually busy and working so early in term. I can even try and think ahead for once and have a B plan for once.

Subject this time is Ncat the new Netcat and Back doors with countermeasures. I may put up the slides if anyone is interested and the tutorial or some links ive used.

Stack Based Buffer Over Flows

I am currently designing an advanced ethical hacking training course and if i can get some suitable demo’s to work in this area then it will become my first ever lectorial (yeah it’s a new term) but pretty self-explanatory. I am researching other fields at the moment, along with the stuff i have to do for my course works but this will be my main focus for the next while. Updates and interesting information to follow asap.

for the moment i will leave a few  GOOD links for anyone who wants to get on with it

http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/#more-2114

http://docs.google.com/viewer?a=v&q=cache:Np1eZuQzzDoJ:www.sans.org/reading_room/whitepapers/threats/buffer_overflows_for_dummies_481%3Fshow%3D481.php%26cat%3Dthreats+sans+buffer+over+flows+for+dummies&hl=en&gl=uk&pid=bl&srcid=ADGEESgKeVZJRqRXccJViYjQk5b6o5ID6tCP1tnIy5iYMger4Ocb6StODsZRoQnKhAx985Frd5OGMFvtPh-iBVUYIp3aQPQzYOY-3cQ2y3AFzWJSUFgDAotcvyIgRUIkIOqG4rTiIrzZ&sig=AHIEtbQN2fP-fC376UyLUu4RAJDiJzjeAQ