“Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a life time.”
– Felix “FX” Lindner
Hello Defcon,Â
I will be coming to you one day! 🙂
Damnn…. I need a better team. Each of them should specialize in one thing so that I don’t need to go around and check what they are doing. But where can I find those people? :((
Here is the list of free proxy servers. It is better to use with proxy chain || foxyproxy. Enjoy!
I put some time in and compiled a list in a course type layout to help people in process of learning exploit development. I hope my research will help others spend more time learning and less time searching.
First off I want to thank the corelan guys for the help they have provided me so far in the process.
layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning
desktop background Link to Backgrounds
Other Posts like this one:
Because of quality of these posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much.
past-present-future of windows exploitation
smashing the stack in 2010
IT-Sec-catalog
Part 1: Programming
Parallel learning #1:(complete this section before getting to the book “Hacking Art of exploitation”)
While going through the programming area I concentrate on core topics to help us later on with exploit writing. One area that is very good to pick up is some kind of scripting language. Listed below are some of the most popular scripting languages and ones I feel will prove to be the most useful.
Python: One of my favorite languages and growing in popularity python is a powerful language that is easy to use and well documented.
Learn Python the hard way
Ruby: If you plan on later on working inside of metasploit this may be the language you want to start with. I highly suggest this for exploit developers to learn.
Wikibooks Ruby
onlinecomputerbooks.com
Perl: An older language that still has a lot of use perl is one of the highest used scripting languages and you will see it used in many exploits. (I would suggest python over perl)
[book]
C and C++ programming:
It is very important to understand what you are exploiting so to get started let us figure out what we are exploiting. You do not need to go through all of these but when finished with this section you should have a good understanding of C and C++ programming.
Cprogramming.com
http://www.java2s.com/Tutorial/C/CatalogC.htm
X86 Assembly:
Ok now to understand what the computer reads when we compile C and C++. I am going to mostly stick to the IA-32(X86) assembly language. Read the first link to understand why. It explains it very well.
Skullsecurity: Assembly
Windows Assembly Programming Tutorial
http://en.wikibooks.org/wiki/X86_Assembly
[book]
Windows Programming:
This is to help understand what we are programming in and the structure of libraries in the OS. This area is very important far down the line
http://en.wikibooks.org/wiki/Windows_Programming
http://www.relisoft.com/win32/index.htm
[book]
[book]
Disassembly:
Dissassembly is not as much programming as it is what the computer understands and the way it is interpreted from CPU and memory. This is where we start getting into the good stuff.
http://en.wikibooks.org/wiki/X86_disassembly
Part 2: Getting started
Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation.
Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed.
Smash the stack for fun and profit (Phrack 49)
C function call conventions and the stack
Anatomy of a program in memory
Function Calls, Part 1 (the Basics)
[videos]
Code Audit from cryptocity.net
(Parallel learning #1 finished:
You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages)
[Book]
Hacking art of exploitation [Chapter 1&2]
Parallel learning #2:(complete this section before end of part 2)
(Read the first few posts on this blog has some good info)
Kspice blog
(Read some of the post from this blog they are very helpful with starting out with fuzzers.)
Nullthreat’s blog
(I am linked directly to a demo exploit for this area but this is a useful blog to keep track of for many things)
tenouk.com: Buffer overflow intro
The Tao of Windows Buffer Overflow
[Book]
[Book]
Hacking art of exploitation [Chapter 3]
SEH Based Exploits and the development process
((Parallel learning #2 finished:)
Part 3:Tools of the trade
This is a list of tools I have started using and find very useful.
Immunity Debugger
And here are some corelan posts on how to use them. I will supply more in future but this is a very good start.
Corelan: Immunity debugger cheatsheet
Part 4: Network and Metasploit
(Networking)
Beej.us network programming
[Book]
Hacking art of exploitation [Chapter 4]
(Metasploit)
[Video]
Security Tube: Metasploit Megaprimer
Metasploit.com
intern0t: developing my first exploit
DHAtEnclaveForensics: Exploit Creation in Metasploit
Wikibooks Metasploit/Writing Windows Exploit
Part 5: Shellcode
Corelan T9
projectShellcode: Shellcode Tutorial
[Book]
[Book]
Hacking art of exploitation [Chapter 5]
Shell-storm Shellcode database
Part 6: Engineering in Reverse
Parallel Learning #3:(constant place to reference and use for reversing)
Understanding Code
Room362.com reversing blog post
Ethicalhacker.net intro to reverse engineering
acm.uiuc.edu Intro to Reverse Engineering software
[Book]
Reversing: secrets of reverse engineering
Reverse Engineering from cryptocity.net
CrackZ’s Reverse Engineering Page
Reverse engineering techniques
CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View
[GAME]
Part 7: Getting a little deeper into BOF
Parallel Learning #4:(To the end of the course and beyond)
Find old exploits on
download them, test them, rewrite them, understand them.
(Part A: preventions)
Buffer overflow protection
The evolution of Microsoft’s Mitigations
Preventing the exploitation of SEH Overwrites with SEHOP
Wikipedia Executable space protextion
Defeating the Stack Based Buffer Overflow Prevention
(Part B: Advanced BOF)
Exploitation from cryptocity.net
Virtual Worlds – Real Exploits
[GAME]
[GAME]
Smash the stack wargaming network
Part 8: Heap overflow
[book]
Defcon 15 remedial Heap Overflows
heap overflow: ancient art of unlink seduction
Memory corruptions part II — heap
[book]
Read the rest of Shellcoder’s Handbook
Part 9: Exploit listing sites
Exploit-DB
National Vulnerability Database
(bonus: site that lists types of vulnerabilties and info)
Common Weakness Enumberation
Part 10: To come
1. Fuzzing
2. File Format
3. and more
If anyone has any good links to add post a comment and I will try to add them or send me the link and I will review and add it.
If anyone finds any bad or false information in any of these tutorials please let me know. I do not want people reading this getting bad information.
CREDIT TO: Â http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
I really love that post and I want to put into my collection. So, I copied from the link provided above.
Of the 16 numbers you see in the Visa or MasterCard credit card, the first 6 digits is the”issuer identifier”, ie the credit card type code. If the sixth digit is preceded by 4, meaning the credit card type is Visa. However, if the six digits are preceded by 5, meaning the creditcard type is MasterCard. Next, a last digit of 16 digit numbers on the credit card serves as a”check digit”, whose function is only for the validation checks credit card numbers. Since the initial 6 digits and last digit 1 is already a significance, meaning remaining 9 digits in the middle that serves as an “account number”. Therefore there were 10 possible numbers(from the digits 0 to 9) which can be inserted into each digit from 9 digit “account number” is, then the resulting combination of 9 digits amounted to 1 billion possible numbers foreach type of credit card (visa or MasterCard). The algorithm used to generate a row of 16 points for credit card numbers is called an algorithm “Luhn” or “Mod 10”. Back in 1954,Hans Luhn of IBM is the person who first proposed the application of algorithms to determine the validity of a credit card number. The workings of a simple algorithm (butexcellent) are as follows:
1.   Starting at the first digit, multiply two-digit occupies all odd numbers, so as a whole will have 8 digits that you multiply by 2, the digit to 1, 3, 5, 7, 9, 11, 13, and 15.
 2.  If the square 2 result in a number of two digits (10, 12, 14, 16, or 18), the sum of each digit numbers to produce a new digit, so that the results of the first and second steps are fixed in the form 8 the number.
3.  The next step, replace all the numbers (credit card number) located in the odd positiondigits with 8 new figures, to generate a new row of 16 points.
4.   The final step, add up to-16 figure.If the sum is a multiple of 10, meaning the credit card number is valid, and conversely, if nota multiple of 10, meaning the credit card number is invalid. Below I give examples of actualcalculations:
As you can see in the picture above this, the credit card number is 4552 7204 1234 5678,because it begins with 4, it means the card type Visa. Now we do the calculations.
If you have carefully calculated, it will be seen that the final count is 61, which is NOT amultiple of 10 numbers, so that we can be sure that the credit card number is invalid. If the “check digit” in the example is not 8, but 7, then the algorithm, the credit card number will bevalid, because the total sum will be changed to 60, a number is a multiple of 10. Here’s another example:
Once again, do the calculations according to Luhn algorithm above for MasterCard creditcard number is 5490 1234 5678 9123.
As you can count itself, the total sum is 65, so the credit card number is invalid, because thenumber 65 is NOT a multiple of 10.
If only, “check digit” credit cards instead of 3, but 8, then sum the results would be 70, which is a multiple of 10, so that the credit card number will be valid (the algorithm). Validunderstanding of the above is valid mathematical calculation, it does not mean that creditcard number is absolutely certain that the original credit card number.
Due to credit card checks (at the time of online transactions, for example) is required notonly a credit card number only, but also “expiry date”, and “card security code” or collectively, the CVV (Card Verification Value) or CVC (Card Verification code) which is the last 3 digits behind the credit card.
PS: For American Express credit card, the number of digits instead of 16, but only 15, andalways begin with 34 or 37 for the first 2 digits.As for the “account number” it only has a length of 8 digits, not 9 digits such as credit cardtype Visa or MasterCard.
Achieving goals is not a matter of having “discipline”. It’s a matter of motivating yourself, and keeping your focus on your goal. Follow these hacks, or any combination of them that works for you, and you should have the motivation and focus you need.
Here they are, in reverse order (links take you to more on each):
#20: Chart Your Progress. Recently I posted about how I created a chart to track my progress with each of my goals. This chart is not just for information purposes, for me to look back and see how I’m doing. It’s to motivate me to keep up with my goals. If I’m diligent about checking my chart every day, and marking dots or “x”s, then I will want to make sure I fill it with dots. I will think to myself, “I better do this today if I want to mark a dot.” Well, that’s a small motivation, but it helps, trust me. Some people prefer to use gold stars. Others have a training log, which works just as well. Or try Joe’s Goals. However you do it, track your progress, and allow yourself a bit of pride each time you give yourself a good mark.
Now, you will have some bad marks on your chart. That’s OK. Don’t let a few bad marks stop you from continuing. Strive instead to get the good marks next time.
#19: Hold Yourself Back. When I start with a new exercise program, or any new goal really, I am rarin’ to go. I am full of excitement, and my enthusiasm knows no boundaries. Nor does my sense of self-limitation. I think I can do anything. It’s not long before I learn that I do have limitations, and my enthusiasm begins to wane.
Well, a great motivator that I’ve learned is that when you have so much energy at the beginning of a program, and want to go all out — HOLD BACK. Don’t let yourself do everything you want to do. Only let yourself do 50-75 percent of what you want to do. And plan out a course of action where you slowly increase over time. For example, if I want to go running, I might think I can run 3 miles at first. But instead of letting myself do that, I start by only running a mile. When I’m doing that mile, I’ll be telling myself that I can do more! But I don’t let myself. After that workout, I’ll be looking forward to the next workout, when I’ll let myself do 1.5 miles. I keep that energy reined in, harness it, so that I can ride it even further.
#18: Join an online (or off-line) group to help keep you focused and motivated. When I started to run, more than a year ago, I joined a few different forums, at different times, on different sites, such as Men’s Health (the Belly-Off Runner’s Club), Runner’s World, Cool Running, and the running group at About.com. I did the same when I was quitting smoking.
Each time I joined a forum, it helped keep me on track. Not only did I meet a bunch of other people who were either going through what I was going through or who had already been through it, I would report my progress (and failures) as I went along. They were there for great advice, for moral support, to help keep me going when I wanted to stop.
#17: Post a picture of your goal someplace visible — near your desk or on your refrigerator, for example. Visualizing your goal, exactly how you think it will be when you’ve achieved it, whether it’s financial goals like traveling to Rome or building a dream house, or physical goals like finishing a marathon or getting a flat stomach, is a great motivator and one of the best ways of actualizing your goals.
Find a magazine photo or a picture online and post it somewhere where you can see it not only daily, but hourly if possible. Put it as your desktop photo, or your home page. Use the power of your visual sense to keep you focused on your goal. Because that focus is what will keep you motivated over the long term — once you lose focus, you lose motivation, so having something to keep bringing your focus back to your goal will help keep that motivation.
#16: Get a workout partner or goal buddy. Staying motivated on your own is tough. But if you find someone with similar goals (running, dieting, finances, etc.), see if they’d like to partner with you. Or partner with your spouse, sibling or best friend on whatever goals they’re trying to achieve. You don’t have to be going after the same goals — as long as you are both pushing and encouraging each other to succeed.
#15: Just get started. There are some days when you don’t feel like heading out the door for a run, or figuring out your budget, or whatever it is you’re supposed to do that day for your goal. Well, instead of thinking about how hard it is, and how long it will take, tell yourself that you just have to start.
I have a rule (not an original one) that I just have to put on my running shoes and close the door behind me. After that, it all flows naturally. It’s when you’re sitting in your house, thinking about running and feeling tired, that it seems hard. Once you start, it is never as hard as you thought it would be. This tip works for me every time.
#14: Make it a pleasure. One reason we might put off something that will help us achieve our goal, such as exercise for example, is because it seems like hard work. Well, this might be true, but the key is to find a way to make it fun or pleasurable. If your goal activity becomes a treat, you actually look forward to it. And that’s a good thing.
#13: Give it time, be patient. I know, this is easier said than done. But the problem with many of us is that we expect quick results. When you think about your goals, think long term. If you want to lose weight, you may see some quick initial losses, but it will take a long time to lose the rest. If you want to run a marathon, you won’t be able to do it overnight. If you don’t see the results you want soon, don’t give up … give it time. In the meantime, be happy with your progress so far, and with your ability to stick with your goals. The results will come if you give it time.
#12: Break it into smaller, mini goals. Sometimes large or longer-term goals can be overwhelming. After a couple weeks, we may lose motivation, because we still have several months or a year or more left to accomplish the goal. It’s hard to maintain motivation for a single goal for such a long time. Solution: have smaller goals along the way.
#11: Reward yourself. Often. And not just for longer-term goals, either. InHack #12, I talked about breaking larger goals into smaller, mini goals. Well, each of those mini goals should have a reward attached to it. Make a list of your goals, with mini goals, and next to each, write down an appropriate reward. By appropriate, I mean 1) it’s proportionate to the size of the goal (don’t reward going on a 1-mile run with a luxury cruise in the Bahamas); and 2) it doesn’t ruin your goal — if you are trying to lose weight, don’t reward a day of healthy eating with a dessert binge. It’s self-defeating.
#10: Find inspiration, on a daily basis. Inspiration is one of the best motivators, and it can be found everywhere. Every day, seek inspiration, and it will help sustain motivation over the long term. Sources of inspiration can include: blogs, online success stories, forums, friends and family, magazines, books, quotes, music, photos, people you meet.
#9: Get a coach or take a class. These will motivate you to at least show up, and to take action. It can be applied to any goal. This might be one of the more expensive ways of motivating yourself, but it works. And if you do some research, you might find some cheap classes in your area, or you might know a friend who will provide coaching or counseling for free.
#8: Have powerful reasons. Write them down. Know your reasons. Give them some thought … and write them down. If you have loved ones, and you are doing it for them, that is more powerful than just doing it for self-interest. Doing it for yourself is good too, but you should do it for something that you REALLY REALLY want to happen, for really good reasons.
#7: Become aware of your urges to quit, and be prepared for them. We all have urges to stop, but they are mostly unconscious. One of the most powerful things you can do is to start being more conscious of those urges. A good exercise is to go through the day with a little piece of paper and put a tally mark for each time you get an urge. It simply makes you aware of the urges. Then have a plan for when those urges hit, and plan for it beforehand, and write down your plan, because once those urges hit, you will not feel like coming up with a plan.
#6: Make it a rule never to skip two days in a row.This rule takes into account our natural tendency to miss days now and then. We are not perfect. So, you missed one day … now the second day is upon you and you are feeling lazy … tell yourself NO! You will not miss two days in a row! Zen Habits says so! And just get started. You’ll thank yourself later.
#5: Visualize your goal clearly, on a daily basis, for at least 5-10 minutes. Visualize your successful outcome in great detail. Close your eyes, and think about exactly how your successful outcome will look, will feel, will smell and taste and sound like. Where are you when you become successful? How do you look? What are you wearing? Form as clear a mental picture as possible. Now here’s the next key: do it every day. For at least a few minutes each day. This is the only way to keep that motivation going over a long period of time.
#4: Keep a daily journal of your goal. If you are consistent about keeping a journal, it can be a great motivator. A journal should have not only what you did for the day, but your thoughts about how it went, how you felt, what mistakes you made, what you could do to improve. To be consistent about keeping a journal, do it right after you do your goal task each day. Make keeping a journal a sensory pleasure.
#3: Create a friendly, mutually-supportive competition.We are all competitive in nature, at least a little. Some more than others. Take advantage of this part of our human nature by using it to fuel your goals. If you have a workout partner or goal buddy, you’ve got all you need for a friendly competition. See who can log more miles, or save more dollars, each week or month. See who can do more pushups or pullups. See who can lose the most weight or have the best abs or lose the most inches on their waist. Make sure the goals are weighted so that the competition is fairly equal. And mutually support each other in your goals.
#2: Make a big public commitment. Be fully committed. This will do the trick every time. Create a blog and announce to the world that you are going to achieve a certain goal by a certain date. Commit yourself to the hilt.
#1: Always think positive. Squash all negative thoughts. Monitor your thoughts. Be aware of your self-talk. We all talk to ourselves, a lot, but we are not always aware of these thoughts. Start listening. If you hear negative thoughts, stop them, push them out, and replace them with positive thoughts. Positive thinking can be amazingly powerful.
Source >>>Â http://zenhabits.net/top-20-motivation-hacks-overview/
A security nerd 