is this site shutdown? You have not posted anything to Practical Exploitation for a while, love the vids wish you would post more.

Sorry, I will be picking things back up soon.

Ask me anything

Revenge of the Bind Shell - Using Meterpreter and Teredo to make your perimeter useless.

Hello Mubix, hey have my blog up and rolling now which you are following on here but do you know any other good security tutorial based blogs you suggest on tumblr?

On Tumblr? Not that I know of

Dear Rob,

I've always wanted to learn the Spike fuzzing framework well enough to write my own fuzz scripts for whatever protocol I want. Although the documentation is difficult to understand and there seems to be none to very little tutorials/documentation on the web. Please help.



Added to the list of videos to do.

A step-by-step how to on the popular Dan kaminsky DNS Cache Poisioning Attack would be nice. :)

I’ll see what I can dig up as far as servers are concerned. But I’ll definitely add it to the list

This isn't really a question, but I did my own malware analysis research recently and thought I could help with the metasploit encoding for AV evasion. I tested 8 payloads and 7 encoders with and without multiple encoding iterations. (up to 10 iterations as some payloads don't seem to work correctly with more.) AVG was the only oddball out of the 7 Anti-virus's tested. It found some payloads but not others. The generic encoder was not flagged at all. The strange part is some of the more advanced encoders such as shikata-ga-nai we're flagged dirty on almost all payloads.

Kaspersky Internet Security 2010, Mcafee Security Suite, and Microsoft Security Essentials flagged all payloads as dirty.

Avast free, Avira free, and Norton Internet Security 2010 flagged none as dirty.

I hope this helps, and if you want I can send my spreadsheet covering each AV in depth as metasploit payloads weren't the only "dirty" programs that I tested.
Hope this helps!

Nice! Thanks for the info.

Wonderful down-to-earth website on vulnerability testing! I tried the php shell demo verbatim and against a system that should have been vulnerable, but only receive "bad request in header" from burp.

Did you ever find out why?

How do you automatically activate a session in metasploit when you are using a generic/shell_reverse_tcp as for in, example, the java_signed_applet exploit? User interaction is required to actually type: sessions -i 1, whereas in the meterpreter/reverse_tcp the session can be automatically kicked off. Do you know of any method of sending that command -- sessions -i 1 -- to the keyboard so the attacker does not have to sit around all day and interact with the session? Thanks.

You don’t have to interact with a session to have it active. Why would you want to interact with a shell if you weren’t there?

I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information.


I get information from all over. Blogs, Twitter, OSVDB, CVEDetails, PacketStorm, Exploit-DB, Full Disclosure. You never know where that information will hit first, or if it will make a wave enough to carry over to other media. Just got to keep an eye out.

Designs by DigiP