Apr 112014
 
heartbleed

On the 7th of April 2014 a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security published information on a security issue in OpenSSL. OpenSSL is a piece of software used in the encryption process; it helps you in coding your computer traffic to ensure unauthorized people cannot understand what you are sending from one computer network to another. It is used in many applications: for example if you use on-line banking websites, code such as OpenSSL helps to ensure that your PIN code remains secret.
Continue reading »

Resetting Kali Root Password

 Posted by on January 12, 2014
Jan 122014
 
sOYIh

So I installed a clean VMWare image of Kali and integrated all of my tools into it. I do this so I can just copy a clean version of the virtual machine when starting a new project. Unfortunately I forgot my password. I changed it from "toor" to something else, but didn't know anymore what that something else was. If you want to know how to reset the password on your Kali Linux, then read further.
Continue reading »

About Secure Password Hashing

 Posted by on September 14, 2013
Sep 142013
 
687474703a2f2f692e696d6775722e636f6d2f6d7563734c2e6a7067

An often overlooked and misunderstood concept in application development is the one involving secure hashing of passwords. We have evolved from plain text password storage, to hashing a password, to appending salts and now even this is not considered adequate anymore. In this post I will discuss what hashing is, what salts and peppers are and which algorithms are to be used and which are to be avoided.

Continue reading »

May 092013
 
Selection_002

This is the sixth and for me final SLAE assignment before I will hand in everything (and hopefully get certified). The assignment consisted of generating polymorphic versions of shellcode found on shell-storm.org. I took three examples, the first adds a root account to /etc/passwd, the second
Continue reading »

May 092013
 
Selection_002

This is the first assignment in the Securitytube SLAE series. The assignment consists of writing your own reverse TCP shell. I wrote mine based on the analysis I made in a previous assignment. I also wrote a wrapper in python which generates the shellcode containing a custom IP and port.
Continue reading »

May 062013
 
Selection_002

This is the first assignment in the Securitytube SLAE series. The assignment consists of writing your own bind tcp shell. I've compiled a list of resources I used to better understand how this works and also taking parts of other people's shellcode which make your code better. My code included below is what I wrote, it's far from optimal as their are ways to compact the code so the length of the shellcode would be lower. Personally I wouldn't use my shellcode as there are tons of shorter and better variants available, however you are free to use it for whatever you want.
Continue reading »

May 062013
 
mysql-logo-296x300

I encountered a problem with MySQL and SQL alchemy when trying to run a large insert. Considering other inserts were working perfect it made me suspect that there was a tress hold in place which would not pass the large commit. I looked at the different settings and finally found out it was due to a too small max_allowed_packet value. I increased the value to 64M which solved my problem.
Continue reading »