Linux X86 Assembly – How To Test Custom Shellcode Using a C Payload Tester
Travis Phillips | | ALSR, analysis, Application Security, architecture, ASM, cpu, debugging, DEP, function, gas, getpagesize, Hello World, Linux, mprotect, payload, Penetration Testing, pointers, Professionally Evil, programming, Reverse Engineering, Secure Ideas, shellcode, stub, syscalls, testing, training, x86
Overview In the last blog post in this series, we created a tool to make it easy to build our custom payloads and extract them. However, what if we want to test ...
It Was The Best Of Times, It Was The Worst Of Times…A Tale of Two Passwords
Kathy Collins | | Best Practices, Information Security, Password Security, Professionally Evil, Secure Ideas, security, Security Awareness, web app security
Two of the characters in Charles Dickens’ beloved novel, A Tale of Two Cities have such similar features that their identities are swapped. No one notices. One escapes and reunites with his ...
Low Hanging Fruit Ninja: Slashing the Risks of the Human Element
Kathy Collins | | Best Practices, Business, Human Element, Password, Password Security, Penetration Testing, Phishing, Privacy & Personal Security, removable media, security, social engineering, social networking, threats, training, wif-fi
A long time ago in a galaxy far, far away, I was not a Security Consultant. I was a Chef. And I worked as a corporate Chef for an organization that required ...
How to configure BurpelFish
Alex Rodriguez | | Application Security, Burp Extensions, Burp Suite, Penetration Testing, pentesting, translation, web app security, web application pentesting, Web Application Security, web penetration testing
I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I landed on BurpelFish, which adds ...
A New Consultant’s 1st Con – Wild West Hackin Fest – Way West 2021
Kathy Collins | | 2021, conference, consultants first con, current-events, Cybersecurity, Penetration Testing, Red Team, Reviews, sdr, security, swag, training, way west, wild west hacking fest, wwhf
Last month, I found myself Googling: Is weed legal in Nevada? This was the day after arriving in Reno for Wild West Hacking Fest – Way West 2021. I kept noticing that ...
Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload
Travis Phillips | | analysis, Application Security, architecture, ASM, call, cpu, exit, gas, Hello World, int, jmp, Linux, mov, objdump, optimize, payload, Penetration Testing, PoP, Professionally Evil, programming, push, Registers, Reverse Engineering, Secure Ideas, shellcode, syscalls, training, write, x86, xchg, xor
Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly. While this can help us learn x86 assembly, it isn’t viable as a ...
The Best Way to Capture Traffic in 2021
Eric Kuehn | | capture dns traffic, capture traffic windows 10, capture traffic without wireshark, capturing network traffic, how to capture network traffic, Linux, Microsoft Message Analyzer alternative, microsoft message analyzer replacement, netmon alternative, network, Penetration Testing, tcdump in windows, tcpdump on windows, Windows
There are times when you need to capture some network traffic. Maybe you’re troubleshooting a communication issue or maybe you’re doing something a little more suspect on a penetration test (looking for ...
Run as Admin: Executive Order on Cybersecurity
Ochaun Marshall | | current-events, executive order cybersecurity, executive order cybersecurity 2020, executive order cybersecurity 2021, executive order improving critical infrastructure cybersecurity, executive order on cybersecurity, executive order promoting private sector cybersecurity information sharing, president cybersecurity executive order, presidential executive order cybersecurity, white house executive order cybersecurity framework
On May 12, 2021, President Biden issued an executive order on cybersecurity. This new order combines many trends we’re already seeing in the Fortune 500 and bringing that into the public sector ...
Linux X86 Assembly – How to Build a Hello World Program in GAS
Overview In the last tutorial, we covered how to build a 32-bit x86 Hello World program in NASM. Today, we will cover how to do the same thing, but this time using ...
AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start
Ochaun Marshall | | Application Security, AppSec, left shift vs right shift, shift left application security, shift left devops, shift left security, shift left testing, shift right security, Web Application Security
Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development process. Leif Dreizler wrote a great article suggesting that not ...