November 2011
1 post
Simple Framework Domain Token Scanner →
This is so much more than the title…
December 2010
1 post
1 tag
is this site shutdown? You have not posted...
Sorry, I will be picking things back up soon.
Ask me anything
September 2010
14 posts
WatchRevenge of the Bind Shell - Using Meterpreter and Teredo to make your perimeter useless.
myneus asked: Hello Mubix, hey have my blog up and rolling now which you are following on here but do you know any other good security tutorial based blogs you suggest on tumblr?
Anonymous asked: Dear Rob,
I've always wanted to learn the Spike fuzzing framework well enough to write my own fuzz scripts for whatever protocol I want. Although the documentation is difficult to understand and there seems to be none to very little tutorials/documentation on the web. Please help.
Sincerely,
Matt
I've always wanted to learn the Spike fuzzing framework well enough to write my own fuzz scripts for whatever protocol I want. Although the documentation is difficult to understand and there seems to be none to very little tutorials/documentation on the web. Please help.
Sincerely,
Matt
Anonymous asked: A step-by-step how to on the popular Dan kaminsky DNS Cache Poisioning Attack would be nice. :)
Anonymous asked: This isn't really a question, but I did my own malware analysis research recently and thought I could help with the metasploit encoding for AV evasion. I tested 8 payloads and 7 encoders with and without multiple encoding iterations. (up to 10 iterations as some payloads don't seem to work correctly with more.) AVG was the only oddball out of the 7 Anti-virus's tested. It found some...
Anonymous asked: Wonderful down-to-earth website on vulnerability testing! I tried the php shell demo verbatim and against a system that should have been vulnerable, but only receive "bad request in header" from burp.
Anonymous asked: How do you automatically activate a session in metasploit when you are using a generic/shell_reverse_tcp as for in, example, the java_signed_applet exploit? User interaction is required to actually type: sessions -i 1, whereas in the meterpreter/reverse_tcp the session can be automatically kicked off. Do you know of any method of sending that command -- sessions -i 1 -- to the keyboard so the...
Anonymous asked: Hi,
I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information.
Regards,
JD
I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information.
Regards,
JD
Anonymous asked: more on ipv6! joe klein has an interesting presentation on the dojosec blog (july), what are you working on?
Anonymous asked: Thanks for doing this. Great job!
One thing - can you make the name of your postings match the title of the post. As it is, when I bookmark one, the name of the bookmark name is "Practical Exploitation" rather than the title of the post.
Thanks!
Keep up the great work!
One thing - can you make the name of your postings match the title of the post. As it is, when I bookmark one, the name of the bookmark name is "Practical Exploitation" rather than the title of the post.
Thanks!
Keep up the great work!
Anonymous asked: Mubix, thx for all the precious knowledge and tech you share with us.
Lot of a videos i came a cross on net are about point to point attacks or similar, very simple demonstrations.
What i realy wanna see is a little bit complicated attacks with tunneling and proxy implementation on zombie host. And then attack vector thru zombie. Can u do some video about MSF and tunneling, proxy...
Lot of a videos i came a cross on net are about point to point attacks or similar, very simple demonstrations.
What i realy wanna see is a little bit complicated attacks with tunneling and proxy implementation on zombie host. And then attack vector thru zombie. Can u do some video about MSF and tunneling, proxy...
1 tag
Here goes. Do you know why spoonwep was dropped...
@purehate_ could probably answer that question a lot better since he is a BT dev. Also, I’ve used spoonwep before but it’s been a while. I would expect it to be a pretty easy install.
Ask me anything
1 tag
1+1
That inquiry is superior to my abilities of deduction. Please ask Wolfram Alpha.
Ask me anything
1 tag
If you only had exactly 24 hours left to live, no...
Sit and talk with all of my closest friends and family.
Ask me anything
August 2010
4 posts
1 tag
Hey Mubix! I was the guy who asked about CDC tool...
My best suggestion for Blue Teamers in an event such as CCDC is teamwork and preparation. Nothing beats practice.
Ask me anything
1 tag
Hello! I'm trying to find a free packer for my...
It really depends on what you want it to do. But definitely check out Polypack @ http://polypack.eecs.umich.edu/
Ask me anything
1 tag
Have you ever run a portable version of spyware...
All *-ware removers are only halfway decent at their job, they try but it’s just too hard to keep up. So, normally I just reimage the machine. I keep pretty decent nLite scripts for each host I’ll need to set up.
Ask me anything
1 tag
Hi Rob ,
this is a noob question How do i update...
Change directory into the “framework3” directory and run `svn up` that will update you to the latest SVN version. While this puts you on the cutting edge of updates to the framework, somethings may be broken, so always keep another copy of the framework a few revisions old.
Ask me anything
July 2010
1 post
1 tag
Hi there, My boss wanted me to deploy a cert for...
“Deploy a cert for Firefox” does he mean install your CA’s cert in all your Firefox installs? There needs to be a bit more context to what you are trying to accomplish, sorry.
Ask me anything
May 2010
2 posts
WatchL4amer takes us through 3 tools that do enumeration using null sessions. Metasploit, rpcclient, and smbenum.py
WatchBreaking in via SQLi (SQLNinja) and Metasploit with PTH and Token stealing.
March 2010
4 posts
WatchJason takes us through exploit a web application, uploading a php shell, and finally getting command line access and more.
Not a podcast
Please remember, this is not a podcast, we aren’t checking out a new tool, playing with it for a week, and then showing it off. Here are a list of our current projects though:
IPv6 Attacking
Trojans, RATs, and Malware
Fuzzing each layer of the OSI model
Adding features, and supplying patches to open source projects
WatchDNSMap vs Fierce2 vs Metasploit (dns_enum) A crucial step to any pentest, or information gathering session is DNS enumeration. This video shows you how 3 tools excel or fail at what they were designed to do.
Apology
I apologize for the lack of releases, sick kids and a failed drive have kept me pretty wrapped up. More soon though, plus a fresh new look for the site.
February 2010
10 posts
jeffhnet asked: Rob,
Could you cover anti-virus evasion? I was going through Metasploit Unleashed and they have a small section on this. I tried to create a payload of windows/shell/reverse_tcp using mfspayload. This wasn't supposed to be caught by AVG according to the course, but it was. I tried encoding it with mfsencode but it was still caught by AVG. Is there some vodoo to get around...
Could you cover anti-virus evasion? I was going through Metasploit Unleashed and they have a small section on this. I tried to create a payload of windows/shell/reverse_tcp using mfspayload. This wasn't supposed to be caught by AVG according to the course, but it was. I tried encoding it with mfsencode but it was still caught by AVG. Is there some vodoo to get around...
7h34pp12en7ic3 asked: Great Site, I love the concept of full disclosure of procedures! I was wondering if you could do a segment on what I've always found to be one of the most difficult parts of MSF. With so many exploits/payloads at your disposal, how do you sift through the list and know which will work best for each target?
Closer and muti-site upload
So we got it, all the videos from here on with be closer to the console to allow for non-full-screen playing.
Also there was a concern with the ability to download the video. Vimeo allows you to do so, I’ll double check to see if it’s a switch somewhere to turn it on. Either way, we will continue to upload to Blip, Vimeo and Youtube
Thanks
Video site of choice
Youtube has a 10 minute limit
Blip.tv transcodes into flash by the turn of the century
Vimeo seems to be working ok, I’ll embed the vimeo version instead if Blip isn’t fixed by morning.
Thanks for all the feedback.
UPDATE: We are officially swaped to Vimeo, although for some reason it doesn’t title the videos.. yay for web 2.0
WatchIn this video we go over resource files, the .msf3 directory, and how to get a ton of ways to get more information during your msfconsole experience.
Launch Tuesday
Just a quick reminder/notice. We launch this Tuesday. Starting with of course some Metasploit tricks, and then progressing to some white papers I’ve recently read. From there it depends on what you want to see. Let me know.
Practical Exploitation Facebook Fanpage →
Created a fan page on Facebook because so that more interaction can happen.
Hands to Keyboard
We are not about theoretical, what if scenarios that will never happen in the “real world”. Welcome to Practical Exploitation.
Hello
World..