This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bluetooth technology | |
> bluetooth basic rate/enhanced data rate | |
>> High speed | |
> Low energy | |
> Attribute protocol/ generic attribute profile | |
------------ | |
V2.1 - 2007 + EDR | secure device pairing by button press | |
V3.0 - 2009 + HS | MAC/PHY | |
V4.0 - 2010 + LE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[This is the gist version of the wiki page of Shellcode.] | |
[For elaborated explaination, please visit:- en.wikipedia.org/wiki/Shellcode] | |
SHELLCODE is a small piece of code used as the payload in the exploitation of a spftware vulnerability | |
Its called shellcode because it typically starts a command shell from which attacker can control the compromised machines | |
TYPES: | |
Local - Used by attacker who has limited access to a machine but can exploit a vulnerability | |
Remote - Used to target a remote machine, if the shellcode establishes the connection, it called reverse-shell or connect-back shell. | |
If attacker establishes the connection, shellcode is called bindshell because it binds certain port of victim's machine | |
Download & execute - Type of remote shellcode that downloads and executes some form of malware on target system | |
Staged - When amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links SessionID: HTA-W02 | |
https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains | |
Recording of talk from CERN | |
https://indico.cern.ch/event/622483/ (click the recording button) | |
Past talks: | |
http://www.slideshare.net/KenJohnson61/aws-surival-guide |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> WordPress Plugin Quizlord 2.0 - XSS | |
> WordPress Plugin Jibu Pro 1.7 - XSS | |
> phpMyAdmin 4.7.x - XSRF | |
> WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection | |
> Responsive FileManager < 9.13.4 - Directory Traversal | |
> LiteCart 2.1.2 - Arbitrary File Upload | |
> Gleez CMS 1.2.0 - XSRF (Add Admin) | |
> WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQLi | |
> UltimatePOS 2.5 - RCE | |
> Twitter-Clone 1 - 'code' SQLi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Wmic syntax - [global switches] <command> | |
The following global switches are available: | |
-------------------------------------------------------------------------- | |
/NAMESPACE NAMESPACE - Path for the namespace the alias is to operate against. Namespaces are always relative i.e. if the namespace does not begin with a '\\' it will be assumed to be relative to the current namespace. | |
USAGE: | |
/NAMESPACE:<namespace> | |
-------------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduction | |
> Distributed DB used by TCP/IP applications to map bt Hostnames & IP addrs and provide email routing information | |
> Why DNS? An app must convert hostname->IP addr before it can as TCP/UDP to, open connection/send datagram | |
> Access to DNS is through a "Resolver", its a part of application not OS | |
> UNIX hosts has two library functions | |
- gethostname(3) : Hostname -> IP addr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import PyPDF2 | |
from PIL import Image | |
def mergePdfs(): | |
pdfs = ['sf_1.pdf', 'sf_2.pdf'] | |
merger = PyPDF2.PdfFileMerger() | |
for pdf in pdfs: | |
merger.append(pdf) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Learning Exploit Development from fuzzysecurity.com] | |
Tools Needed:- | |
> Immunity debugger | |
> Mona.py | |
> Pvefindaddr.py | |
> Metasploit | |
> Virtual Box | |
Overflows to play with:- | |
1. Buffer overflow - A memory location receives more data than it was meant to |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https[:]//docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2 | |
https[:]//blahcat.github.io/2019/03/17/small-dumps-in-the-big-pool/ | |
https[:]//www.fuzzysecurity.com/tutorials/16.html | |
https://blog.ropnop.com/hosting-clr-in-golang/ | |
https[:]//evasions.checkpoint.com/ | |
http[:]//www.catb.org/esr/faqs/hacker-howto.html | |
https[:]//vx-underground.org/ | |
http[:]//sq.ro/malwarez.htm# | |
https[:]//github.com/d30sa1/RootKits-List-Download | |
https[:]//github.com/christian-roggia/open-myrtus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
------------------------------------- | |
INITIAL ACCESS | |
------------------------------------- | |
$ Drive-by Compromise | |
A drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing. | |
Multiple ways of delivering exploit code to a browser exist, including: | |
> A legitimate website injected with JavaScript, iFrames, XSS. | |
> Malicious ads | |
> Built-in web application interfaces (e.g. forum posts, comments, and other user controllable web content) |
OlderNewer