September 2010
14 posts
WatchRevenge of the Bind Shell - Using Meterpreter and Teredo to make your perimeter useless.
myneus asked: Hello Mubix, hey have my blog up and rolling now which you are following on here but do you know any other good security tutorial based blogs you suggest on tumblr?
Anonymous asked: Dear Rob,
I've always wanted to learn the Spike fuzzing framework well enough to write my own fuzz scripts for whatever protocol I want. Although the documentation is difficult to understand and there seems to be none to very little tutorials/documentation on the web. Please help.
Sincerely,
Matt
I've always wanted to learn the Spike fuzzing framework well enough to write my own fuzz scripts for whatever protocol I want. Although the documentation is difficult to understand and there seems to be none to very little tutorials/documentation on the web. Please help.
Sincerely,
Matt
Anonymous asked: A step-by-step how to on the popular Dan kaminsky DNS Cache Poisioning Attack would be nice. :)
Anonymous asked: This isn't really a question, but I did my own malware analysis research recently and thought I could help with the metasploit encoding for AV evasion. I tested 8 payloads and 7 encoders with and without multiple encoding iterations. (up to 10 iterations as some payloads don't seem to work correctly with more.) AVG was the only oddball out of the 7 Anti-virus's tested. It found some...
Anonymous asked: Wonderful down-to-earth website on vulnerability testing! I tried the php shell demo verbatim and against a system that should have been vulnerable, but only receive "bad request in header" from burp.
Anonymous asked: How do you automatically activate a session in metasploit when you are using a generic/shell_reverse_tcp as for in, example, the java_signed_applet exploit? User interaction is required to actually type: sessions -i 1, whereas in the meterpreter/reverse_tcp the session can be automatically kicked off. Do you know of any method of sending that command -- sessions -i 1 -- to the keyboard so the...
Anonymous asked: Hi,
I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information.
Regards,
JD
I just recently got into exploits. Can you give us some insights which web pages you track for new exploits? Or in general what your main IT security "channels" are. I haven't found the right place for up-to-date information.
Regards,
JD
Anonymous asked: more on ipv6! joe klein has an interesting presentation on the dojosec blog (july), what are you working on?
Anonymous asked: Thanks for doing this. Great job!
One thing - can you make the name of your postings match the title of the post. As it is, when I bookmark one, the name of the bookmark name is "Practical Exploitation" rather than the title of the post.
Thanks!
Keep up the great work!
One thing - can you make the name of your postings match the title of the post. As it is, when I bookmark one, the name of the bookmark name is "Practical Exploitation" rather than the title of the post.
Thanks!
Keep up the great work!
Anonymous asked: Mubix, thx for all the precious knowledge and tech you share with us.
Lot of a videos i came a cross on net are about point to point attacks or similar, very simple demonstrations.
What i realy wanna see is a little bit complicated attacks with tunneling and proxy implementation on zombie host. And then attack vector thru zombie. Can u do some video about MSF and tunneling, proxy...
Lot of a videos i came a cross on net are about point to point attacks or similar, very simple demonstrations.
What i realy wanna see is a little bit complicated attacks with tunneling and proxy implementation on zombie host. And then attack vector thru zombie. Can u do some video about MSF and tunneling, proxy...
1 tag
Here goes. Do you know why spoonwep was dropped...
@purehate_ could probably answer that question a lot better since he is a BT dev. Also, I’ve used spoonwep before but it’s been a while. I would expect it to be a pretty easy install.
Ask me anything
1 tag
1+1
That inquiry is superior to my abilities of deduction. Please ask Wolfram Alpha.
Ask me anything
1 tag
If you only had exactly 24 hours left to live, no...
Sit and talk with all of my closest friends and family.
Ask me anything