Textbook

CNIT 124
Advanced Ethical Hacking

Summer 2009 Sam Bowne

Wardriving Results: 11-19-08    4-25-09

Schedule · Lecture Notes · Projects · Links · Forum · CEH Flashcards · Home Page


CRN 38558 Sat 2-5 SCIE 215

Catalog Description

Advanced techniques of defeating computer security, and countermeasures to protect Windows and Unix/Linux systems. Hands-on labs include Google hacking, automated footprinting, sophisticated ping and port scans, privilege escalation, attacks against telephone and Voice over Internet Protocol (VoIP) systems, routers, firewalls, wireless devices, Web servers, and Denial of Service attacks.

Prerequisites: CNIT 123.

Upon successful completion of this course, the student will be able to:
  1. Use Google and automated footprinting tools to locate vulnerable Web servers, passwords, open VNC servers, database passwords, and Nessus reports
  2. Perform sophisticated ping and port scans with several tools, and protect servers from the scans
  3. Enumerate resources on systems using banner-grabbing and specific attacks against common Windows and Unix/Linux services including FTP, Telnet, HTTP, DNS, and many others, and protect those services
  4. Use authenticated and unauthenticated attacks to compromise Windows and Unix/Linux systems and install backdoors and remote-control agents on them, and protect the systems from such attacks
  5. Enter networks through analog phone systems, defeating many authentication techniques, and defend networks from such attacks
  6. Penetrate PBX, voicemail, Virtual Private Network (VPN), and Voice over Internet Protocol (VoIP) systems, and defend them
  7. Perform new wireless attacks, including denial-of-service and cracking networks using Wi-Fi Protected Access (WPA) and WPA-2
  8. Identify firewalls and scan through them
  9. Perform classical and modern Denial of Service (DoS) attacks, and defend networks from them
  10. Locate Web server vulnerabilities, exploit them, and cure them
  11. Describe many ways Internet users are attacked through their browsers and other Internet clients, and the protective measures that can help them

Textbooks

Hacking Exposed, Sixth Edition by Stuart McClure, Joel Scambray, and George Kurtz -- ISBN-10: 0071613749 Buy from Amazon

CNIT 124: Advanced Ethical Hacking -- Lecture Notes and Projects (Spring 2009) by Sam Bowne (buy it at the CCSF Bookstore)



Schedule

DateTopic
Monday, July 13 Ethical Principles & Ch 1: Advanced Footprinting
Ch 2: Advanced Scanning
Ch 3: Advanced Enumeration
Tuesday, July 14 Ch 4: Hacking Windows
Ch 5: Hacking Unix/Linux
Wednesday, July 15 Ch 6: Remote Connectivity and VoIP Hacking
Ch 7: Network Devices
Ch 8: Wireless Hacking
Thursday, July 16 Ch 9: Hacking Hardware
Ch 10: Hacking Code
Ch 11: Web Hacking
Friday, July 17 Ch 12: Hacking the Internet User
Back to Top


Lectures

Policy
Student Agreement
Code of Ethics
Ch 1: Footprinting (From 5th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 2: Scanning (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 3: Enumeration (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions      Demo notes
Ch 4: Hacking Windows (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 5: Unix/Linux (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 6: Remote Connectivity and VoIP Hacking (6th Ed.) (revised 3-18)     PowerPoint     Powerpoint with iClicker Questions
Ch 7: Network Devices (6th Ed.) (revised 3-25)     PowerPoint     Powerpoint with iClicker Questions
Ch 8: Wireless Hacking (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 9: Hacking Hardware (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 10: Hacking Code (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Ch 11: Web Hacking (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions     Exploitable Message Board     WebGoat Instructions
Web 2.0 Vulnerabilities PowerPoint     Web 2.0 Vulnerabilities Document
Ch 12: Hacking the Internet User (6th Ed.)     PowerPoint     Powerpoint with iClicker Questions
Download All CNIT 123 Projects as a big Word document
Download All CNIT 124 Projects as a big Word document
Download All CNIT 124 Lecture Notes as a big Word document
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you will need to install the
Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.


Back to Top


Projects


Project Corrections

How to Read Your CCSF Email
How to Get your Windows XP Activation Code from MSDNAA
Downloading MSDNAA Software
Virtual Machines at Home
Fixing Ubuntu Virtual Machine Problems

Proj 1: Setting up a Windows Machine (10 pts)
Proj 2: HTTP Headers (10 pts)
Proj 3: Hacking into a Kiosk (20 pts)
Proj 4: Hacking into Kiosk2 (20 pts)
Proj 5: Port Knocking (20 pts) (rev. 7-15-09)
Proj 6: SideJacking Gmail (15 pts)
Proj 7: Password Recovery on Vista (10 pts)
Proj 8: Firewalk (20 pts)
Proj 9: Web Application Hacking: Hacme Travel (20 pts)
Proj 10: Web Application Hacking: Hacme Bank (20 pts)
Proj 11: Buffer Overflows with Damn Vulnerable Linux (15 pts) (revised 3-22-09)        Download DVL 1.0 (142 MB)
Proj 12: Nikto and Cross-Site Scripting (XSS) (15 pts)
Proj 13: Independent Project (20 pts)
Proj 14: USB Switchblade (15 pts)        Download PocketKnife_v0870        Download Universal_Customizer
Proj 15: Stealing Cookies with Persistent XSS (15 pts)
Proj 16: VoIP (20 pts)
Proj 17: Fuzzing X-Lite with VoIPER (20 pts)
Proj 18: SIPVicious scanning 3CX and Asterix PBX Servers (20 pts)
Proj 19: Capturing RAM Contents with Helix (15 pts)

Proj X1: SideJacking Gmail on a Switched Network (10 pts)
Proj X2: Automatic Pwn with BackTrack 2 (20 pts)
     Proj X2 Alternate: FastTrack with BackTrack 4 Pre-Final (20 pts)
Proj X3: SSLstrip (15 pts)
Proj X4: Cracking Cisco Passwords (15 pts)

Projects from CNIT 123

Project 1: Preparing a Trusted Windows XP Virtual Machine (10 pts.) (revised 1-28-09)
Project 2: Using Metasploit 3 to Take Over a Windows XP Computer (Ch 3, 15 pts.)
Project 3: Stealing Passwords with a Packet Sniffer (Ch 3, 15 pts.)
Project 4: Installing Ubuntu Linux (20 pts.) (revised 9-10-08)
Project 5: Port Scans and Firewalls (Ch 5, 15 pts.)
Project 6: Analyzing Types of Port Scans (Ch 5, 20 pts.)
Project 7: Using a Software Keylogger (10 pts.)
     Download SC Keylog Pro Demo
Project 8: Programming in C on Ubuntu Linux (Ch 7, 15 pts.)
Project 9: Programming in Perl on Ubuntu Linux (Ch 7, 10 pts.)
Project 10: Programming with Python on Windows (Ch 7, 15 pts.)
Project 11: Rootkitting Windows (Ch 7, 15 pts.)
     hxdef100r (you need to use 7-zip to open it, with password sam
Project 12: Cracking Windows XP Passwords with Ophcrack (15 pts.)
Project 13: Using the Ultimate Boot CD to Create Administrator Accounts (10 pts.)
Project 14: Rootkitting Ubuntu Linux (Ch 9, 20 pts.)      fix-fu
Project 15: Using a Hardware Keylogger (10 pts.)
Project 16: Setting up a Web Server (15 pts.) (revised 10-17-08)      Big Image
Project 17: Performing a Denial of Service Attack With Nmap (15 pts.)
Project 18: Cracking Windows Passwords with Cain and Abel (Ch 12, 15 pts.)
Project 19: John the Ripper on Ubuntu Linux (Ch 12, 10 pts.)
Project 20: Cracking WEP with BackTrack 2 (20 pts.)
Project 21: Sniffing Passwords with ettercap on Ubuntu Linux (15 pts.) (revised 10-16-08)
Project 22: Stealing Passwords from HTTPS Sessions with a Man-in-the-Middle Attack Using Cain (15 pts.)

Project X1: Subnet Exercises (Ch 2, 10 pts. extra credit)
Project X2: HackThisSite (Ch 10, 15 pts. extra credit)
Project X3: Getting into Ubuntu Linux Without a Password (15 pts. extra credit)
Project X4: Protecting Your Privacy with The Onion Router (TOR) (10 pts. extra credit)
Project X5: Sniffing Cleartext Passwords with Cain and Abel (Ch 12, 10 pts. extra credit)
Project X6: Microsoft Baseline Security Analyzer (MBSA) (Ch 8, 10 pts. extra credit)
Project X7: Winfingerprint (Ch 8, 10 pts. extra credit)
Project X8: OpenPGP on Ubuntu Linux (Ch 12, 15 pts. extra credit)
Project X9: Cracking WPA (15 pts)

Back to Top


Links

Links

CEH Certification Resources

CEH Tips
CEH: Certified Ethical Hacker - Taking the Exam
CEH: Practice Exams
CEH: TechExams -- Certified Ethical Hacker (CEH) exam
EC-Council - Certified Ethical Hacker (312-50) Practice Exam - This is the one I used

Chapter Links

Ch 1a: Google Hacking Database
Ch 1b: A search that finds password hashes
Ch 1c: Nessus Reports from Google
Ch 1d: More Passwords from Google
Ch 1e: Google Hacks Volume III by Halla - Interesting but highly irresponsible
Ch 1f: G-Zapper Blocks the Google Cookie to Search Anonymously
Ch 1g1: Get the .NET Framework 1.1
Ch 1g2: Download details: .NET Framework Version 1.1 Redistributable Package
Ch 1g: SiteDigger 2.0 searches Google’s cache to look for vulnerabilities
Ch 1h: BeTheBot - View Pages as the Googlebot Sees Them
Ch 1i: An experts-exhange page to demonstrate the Googlebot
CH 1j: HTTP Header Viewer
Ch 1k: Masquerading Your Browser
Ch 1l: User Agent Switcher :: Firefox Add-ons
Ch 1m: Modify Headers :: Firefox Add-ons
Ch 1n: User Agent Sniffer for Project 1
Ch 1o: GNU Wget - Tool to Mirror Websites
Ch 1p: Teleport Pro - Tool to Mirror Websites
Ch 1q: Google Earth
Ch 1r: Finding Subdomains (Zone Transfers)
Ch 1s: N. Dakota Judge rules that Zone Transfers are Hacking
Ch 1t: Internet Archive - Wayback Machine
Ch 1u: Wikto - Web Server Assessment Tool - With Google Hacking
Ch 1v: VeriSign Whois Search from VeriSign, Inc.
Ch 1w: uwhois.com
Ch 1x: ARIN: WHOIS Database Search
Ch 1y: Border Gateway Protocol (BGP) and AS Numbers
Ch 1z0: Internic | Whois - the only one that finds hackthissite.org
Ch 1z1: Teenager admits eBay domain hijack
Ch 1z2: NeoTrace
Ch 1z3: VisualRoute traceroute: connection test, trace IP address, IP trace, IP address locations
Ch 1z4: oxid.it - Cain and Abel
Ch 1z5: Snort - the de facto standard for intrusion detection/prevention
Ch 1z6: RotoRouter 1.0 - Traceroute log & fake
Ch 1z7: SiteDigger McAfee Free Tools
Ch 1z8: SensePost - Wikto
Ch 1z9: FOCA searches metadata
Ch 1z10: HolisticInfoSec: OSINT: large email address list imports with Maltego
Ch 1z11: InfoSec Resources -- DNS Hacking (Beginner to Advanced)
Ch 1z12: 1 Million Domain DNS Zone Transfer Test -- 14 percent vulnerable
Ch 1z13: DNS zone transfer tools
Ch 1z14: ZoneTransfer.me - teaching tool for DNS Zone Transfer Demos
Ch 1z15: ICANNIANAASO Explained
Ch 1z16: Whois server compromised? Try whois microsoft.com

Ch 2a: Man page of fping
Ch 2b: Fping download for Windows
Ch 2c: SuperScan - for Windows 2000 and XP Without SP 2
Ch 2d: Network Management Software Products - SolarWinds
Ch 2e: How to enable ICMP echo requests (Ping) in Windows XP (Service Pack 2)
Ch 2f: Can't Ping the Server 2003 SP 1
Ch 2g: What is port 113 used for?
Ch 2h: RPC Scan (- sR)
Ch 2h: THC-AMAP - fast and reliable application fingerprint mapper
Ch 2i: Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources
Ch 2j: Icmpenum information
Ch 2k: Download Icmpenum 1.0 for Linux - Icmpenum sends ICMP traffic for host enumeration. - Softpedia
Ch 2l: SANS Institute - Intrusion Detection FAQ: How can attacker use ICMP for reconnaissance?
Ch 2m: Phrack Magazine - Loki - ICMP Covert Channel
Ch 2n: ICMPQuery, remote host-type detection
Ch 2v: TCP Header Format
Ch 2w: Window Scan (- sW)
Ch 2x9: SourceForge.net: hping2
Ch 2x: The Window Scan explained very well
Ch 2y: How an RPC Scan Works
Ch 2z1: FTP Bounce Attack
Ch 2z2: IPEye - TCP port scanner (for Windows 2000 / XP Pre SP2)
Ch 2z3: ScanLine from Foundstone - Windows Command-Line Port Scanner
Ch 2z4: PortSentry and LogCheck from SourceForge.net: Sentry Tools
Ch 2z5: The Siphon Project: The Passive Network Mapping Tool
Ch 2z6: the new p0f
Ch 2z7: Cheops- ng - Screenshots
Ch 2z8: Tutorial: Hping2 Basics
Ch 2z9: ICMP Ping Sweep Detection on Windows

Ch 3a: dnsenum - DNSenum is a pentesting cool created to enumerate DNS info about domains
Ch 3b: Backtrack 5- DNSenum Information Gathering Tool
Ch 3c: How to use Fierce -- DNS Analysis perl script
Ch 3d: Restricting DNS Cache Snooping with Bind Configuration
Ch 3e: Grendel Scan Web Application Security Scanner -- in BackTrack
Ch 3f: Microsoft RPC Services
Ch 3f: Microsoft RPC Services
Ch 3g: winfingerprint
Ch 3h: Host Name Resolution in Windows
Ch 3i: nbtscan - NETBIOS nameserver scanner
Ch 3j: DumpSec download
Ch 3k: Project Camelot interviews Gary McKinnon
Ch 3l: Windows Enumeration: USER2SID & SID2USER
Ch 3m: NBTEnum 3.3 Download
Ch 3n: How to restrict access to the registry from a remote computer
Ch 3o: SNMP Tutorial

Ch 4a: 10 Most Common Passwords
Ch 4a1: Comprehensive List of password-guessing software
Ch 4b: IPsec filters in Windows
Ch 4c: IDS finds niche as analytical tools - Network World (2003)
Ch 4d: Setting Up an Intrusion Detection System - Networking Center - Network Computing (2004)
Ch 4e: Top 10 Password Crackers
Ch 4f: Elcomsoft Distributed Password Recovery
Ch 4f1: MITM Attack on Terminal Server (pdf)
Ch 4f2: Top 3 Vulnerability Exploitation Tools
Ch 4g: Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
Ch 4h: Microsoft Security Bulletin MS03-026
Ch 4i: eEye announcement of the LSASS Buffer Overflow
Ch 4j: Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)
Ch 4k: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Ch 4l: Denmark builds XML-based Web services commerce network
Ch 4m: OASIS Security Services (SAML) TC - an XML-based framework
Ch 4n: Securing ASP Data Access Credentials Using the IIS Metabase
Ch 4o: ADOConn.Open - Google Code Search
Ch 4q: Security Guidance for IIS
Ch 4r: Gaining Administrator Access on NT with getadmin.exe
Ch 4s: MS03-013 - Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges
Ch 4t: Service Changes for Windows Vista -- Session 0 Isolation means SYSTEM tasks can't be interactive
Ch 4u: Cracking Windows Vista Beta 2 Local Passwords (SAM and SYSKEY)
Ch 4v: Cracking Syskey and the SAM on Windows XP, 2000 and NT 4 using Open Source Tools
Ch 4w: How to use the SysKey utility to secure the Windows Security Accounts Manager database
Ch 4x: Windows NT/2000/XP/2003/Vista password crackers - recovery, auditing, and PWDUMP tools
Ch 4y: Password Recovery Software, ElcomSoft
Ch 4z-4: CacheDump - Recovering Windows Password Cache Entries
Ch 4z01: Full Disclosure: Windows XP Home LSA secrets stores XP login passphrase in plain text
Ch 4z02: Administrators can display contents of service account passwords in Windows NT
Ch 4z03: Auditing Cached Credentials With Cachedump
Ch 4z04: CacheDump - Recovering Windows Password Cache Entries
Ch 4z05: More information about Cachedump and countermeasures from Arnauld Pilon
Ch 4z06: cachebf - Tool for cracking Cached Logon Hashes
Ch 4z07: PsExec - remote execution tool
Ch 4z08: VNC feature comparison and download selector
Ch 4z09: RatForge.NET R.A.T and Computer Security Community
Ch 4z10: GoToMyPC : Remote Access to Your PC from Anywhere -- Secure PC Remote Access Software
Ch 4z11: LogMeIn Hamachi - Instant VPN Software for your PC
Ch 4z12: Foundstone, Inc.© Fpipe - Port Redirection Tool
Ch 4z13: Tripwire - Configuration Audit & Control Solutions
Ch 4z14: Process Explorer
Ch 4z15: Fport - Shows processes and ports
Ch 4z16: LADS - List Alternate Data Streams
Ch 4z17: BITLOCKER HACKED - Hard disk encryption defeated by recovering the key from RAM
Ch 4z18: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
Ch 4z19: TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet
Ch 4z20: NTLM Hash is MD4
Ch 4z21: Different Types of Hashes and Salts -- EXCELLENT RESOURCE
Ch 4z22: Mac OS X 10.8 Mountain Lion password hash algorithm
Ch 4z23: EFS doesn't set a default Data Recovery Agent in Win XP

Ch 5a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch 500: CORE IMPACT demonstration video - professional penetration testing toolkit
Ch 500a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch 501: CrackLib-2.8.12
Ch 501a: THC-HYDRA - fast and flexible network login hacker
Ch 502: Secure remote password protocol - Wikipedia
Ch 503: SRP JavaScript Demo
Ch 504: Linux IPCHAINS-HOWTO: Introduction
Ch 505: grsecurity
Ch 506: Solaris 10 Security Features (with historical context, and Trusted Solaris 8)
Ch 507: Heap Overflow Exploits
Ch 508: Saint Jude for Linux - Intrusion Prevention
Ch 509: WWW Security FAQ: CGI Scripts
Ch 510: Ubuntu: Enabling remote X-windows
Ch 511: Finjan uncovers database storing more than 8,700 stolen FTP credentials
Ch 512: nfsshell - NFS auditing tool
Ch 512a: XSECURE.TXT - Crash Course in X Windows Security
Ch 513: Sun Solaris Telnet Remote Authentication Bypass Vulnerability
Ch 514: Dan Kaminsky Reveals DNS Flaw At Black Hat
Ch 515: Caching bugs exposed in djbdns (2-27-09)
Ch 516: Detecting use after free() on windows. (dangling pointers)
Ch 517: Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)
Flaw in Oracle Logon Protocol Leads to Easy Password Cracking -- SECURITY TEST PROJECT
Ch 518: Sendmail--Anti-Spam Configuration Control
Ch 519: Apache Killer

Ch 6a: Robtex
Ch 6b: PhishTank Statistics about phishing activity and PhishTank usage
Ch 6c: MoonSols Windows Memory Toolkit
Ch 6d: CurrPorts: Monitoring TCPIP network connections on Windows
Ch 6e: Process Explorer
Ch 6f: Process Monitor
Ch 6g: VMMap
Ch 6h: Remote Desktop Connection Bitmap Cache Viewer
Ch 6i: New IE zero day exploit circulating, used to install Poison Ivy (From Sept. 2012)
Ch 6j: Poison Ivy - Remote Administration Tool
Ch 6k: How Malware hides and is installed as a Service

Ch 7a: WarVOX
Ch 7b: Phone hacking: timeline of the scandal
Ch 7c: sipvicious - Tools for auditing SIP based VoIP systems
Ch 7d: Uncovering spoken phrases in encrypted VoIP conversations
Ch 7e: Microsoft says don't use PPTP and MS-CHAP
Ch 7f: Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure

Ch 8a: Wireless chipsets and drivers
Ch 8b: How-To: Build a WiFi biquad dish antenna
Ch 8c: Fortinet manual, Rogue Access Point Suppression on page 53
Ch 8d: Reaver cracking WPS in 19 hours
Ch 8e: HotSpotter
Ch 8f: Divide and Conquer: Cracking MS-CHAPv2 with a 100 success rate
Ch 8g: Microsoft says don't use PPTP and MS-CHAP
Ch 8h: FreeRADIUS-WPE -- RADIUS server impersonation attack on 802.1x
Ch 8i: 'Validate server certificate' option in PEAP properties
Ch 8j: Vistumbler
Ch 8k: Lawsuits Mount Over Google Wi-Fi Sniffing

Ch 920: Lock bumping - Wikipedia
Ch 921: White House High-Security Locks Broken: Bumped and Picked at DefCon
Ch 922: Magnetic stripe card - Wikipedia
Ch 923: Magnetic Stripe Reader/Writer (encoder)
Ch 924: Portable Credit Card Hacking, Portable Credit Card Hacking Software
Ch 925: Passport RFIDs cloned wholesale by $250 eBay auction spree
Ch 926: MIFARE - Wikipedia
Ch 927: Mifare--Little Security, Despite Obscurity
Ch 928: DefCon: Boston Subway Officials Sue to Stop Talk on Fare Card Hacks -- Update: Restraining Order Issued; Talk Cancelled
Ch 929: Parallel ATA - Wikipedia
Ch 930: ATA_Security_Roadblock_to_Computer_Forensics.pdf
Ch 931: Laptop Password Removal : Vogon Password Cracker Pod
Ch 932: Password Cracker Pod: for laptop hard drive passwords
Ch 933: RISE Security - ASUS Eee PC Rooted Out of the Box
Ch 934: Default Password List
Ch 935: Eavesdropping on Bluetooth Headsets -- Video
Ch 936: Two Arrested in First Bust for ATM Reprogramming Scam | Threat Level from Wired.com
Ch 937: Microsoft Pushes Fix to Disable AutoRun (from 2011)
Ch 939: ATM security problem at LayerOne conference (from May 2012)

Ch_10a: Foundstone White Papers - Including Hacme Bank Solution Guide
Ch_10b: Hacme Travel User Guide (pdf)
Ch_10c: Foundstone Free Tools including Hacme Bank and Hacme Travel
Ch_10d2: Netcat for Windows - Alternate Link
Ch_10d: Netcat for Windows
Ch_10e: Strings v2.40 - reads strings from enecutable files
Ch_10f: Process Explorer
Ch_10g: Wireshark Protocol Analyzer
Ch_10h: Foundstone - Resources - Videos of Hacme Lessons
Ch_10i: xkcd - Little Bobby Tables
Ch_10k: IBM WebSphere - Wikipedia
Ch_10l: Fortune 1000 Research: Top 1000 Web Servers Survey
Ch_10m: Web Server Survey Archives - Netcraft
Ch_10n: Watchfire products including AppShield
Ch_10o: URLScan Security Tool
Ch_10p: Macromedia - Allaire Security Bulletin (ASB99-01) - ColdFusion Expression Evaluator patch
Ch_10q: Microsoft Security Bulletin (MS00-031): IIS HTR File Fragment Reading vulnerability
Ch_10r: IIS ASP::$DATA Vulnerability (Canonicalization attack)
Ch_10s: New in IIS 7 - App Pool Isolation
Ch_10t: Understanding IIS 7.0 URL Authorization: Configuring Security
Ch_10u: Microsoft IIS 5.0 Translate: f Source Disclosure Vulnerability
Ch_10v: Exploit code for the Translate: f bug
Ch_10z01: Nikto Web Server Vulnerability Scanner
Ch_10z02: TRACE vulnerability explained (pdf)
Ch_10z03: Wget - Wikipedia
Ch_10z04: Parosproxy.org - Web Application Security
Ch_10z05: Hijacking a Macbook in 60 Seconds or Less - Jon Elich and David Maynor
Ch_10z06: XSS (Cross Site Scripting) Cheat Sheet
Ch_10z07: URL Encoded Attacks - Double Decoding Attack Examples
Ch_10z08: Damn Vulnerable Linux 1.0 - download here - create an account
Ch_10z09: How main() is executed on Linux

Ch 11a: Android 4.1 'Jelly Bean' reaches 1.8 percent market share
Ch 11b: sqlite encryption for android
Link Ch 11c: Using DDMS Android Developers
Ch 11d: shortfuse.org Official Home of SuperOneClick!
Ch 11e: APP z4root - xda-developers
Ch 11f: GingerBreak APK (root for GingerBread) - xda-developers
Ch 11g: BurritoRoot for Kindle Fire
Ch 11h: What is the NDK? Android Developers
Ch 11i: android-apktool - A tool for reverse engineering Android apk files
Ch 11j: DefCon 18 - These Aren't the Permissions You're Looking For on Vimeo
Ch 11k: Get -- Google Wallet
Ch 11l: iBooks Not Working on Jailbroken iPhones: Here's the Fix
Ch 11m: iOS dictionary apps posting false piracy 'confessions' onto users' Twitter accounts
Ch 11n: Just How Much Of A Problem Is Android Malware? (Aug. 2012)
Ch 11o: About the security content of iOS 4.3.4 Software Update
Ch 11p: iKee--the first iPhone worm (2009)
Ch 11q: CVE-2009-1683: iPhone DoS via ICMP

Links from Previous Textbook Edition

Ch 3a: Droop's Box: Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup, and Other Tools
Ch 3b: CAN numbers and CVE numbers
Ch 3c: Vista: Install or Enable the Telnet Client or Server
Ch 3d: Netcat for Windows
Ch 3d1: Local mirror of netcat for windows
Ch 3d2: Local mirror of netcat for windows- encrypted with 7-zip - password sam
Ch 3d3: Netcat in windows (another site)
Ch 3e: TCP Wrappers (Wikipedia)
Ch 3f: TCP Wrappers (more details)
Ch 3g: Microsoft Security: IIS Lockdown Tool
Ch 3h: URLScan Security Tool
Ch 3i: Port knocking - Wikipedia
Ch 3j: PORTKNOCKING - A system for stealthy authentication across closed ports. : IMPLEMENTATIONS : implementations
Ch 3k: PortKnocking - Community Ubuntu Documentation
Ch 3l: IPTables HowTo - Community Ubuntu Documentation
Ch 3m: How to change eth1 to eth0 in a VMware Linux Machine
Ch 3n: Download epdump scanner
Ch 3v: Host Name Resolution in Windows XP and Server 2003
CH 3w: nbtscan - NETBIOS nameserver scanner
Ch 3x: Null session attacks: Who's still vulnerable?
Ch 3y: Registry Keys to Control Null Sessions in XP and 2003
Ch 3z00: The effects of removing null sessions from the Microsoft Windows 2000 and Microsoft Windows NT environment
Ch 3z01: Null Sessions don't apply to Win 95, 98, or Me
Ch 3z02: SystemTools.com -DumpSec and Hyena
Ch 3z03: Project Camelot interviews Gary McKinnon
Ch 3z04: Windows Enumeration: USER2SID & SID2USER
Ch 3z05: Download Winfo - Null Session Enumeration Tool - Runs on Vista
Ch 3z06: SNMP Enumeration and Hacking
Ch 3z07: Understanding MIBs
Ch 3z08: Using SNMP for Reconnaissance
Ch 3z09: Get SNMPUTIL here and learn how to use it
Ch 3z10: Novell NetWare - Wikipedia
Ch 3z11: How to make characters visible in Windows Telnet
Ch 3z12: How Security Identifiers Work (SIDs)
Ch 3z13: RIDs and the RID Master role
Ch 3z14: Install and Enable SNMP Service in Windows XP, Vista and 2003
Ch 3z15: NBTEnum 3.3 -- New tool for NetBIOS Enumeration
Ch 3z16: How to restrict access to the registry from a remote computer

Ch 601: Sandstorm Enterprises - PhoneSweep
Ch 602: Symantec pcAnywhere 12.1: Remote Computer Access - PC Remote Control
Ch 603: pcAnywhere 12.0 - Reviews by PC Magazine
Ch 604: pcAnywhere Password Recovery Service
Ch 605: M4PHR1K.COM - WHITE HAT War Dialers, PBX, and Voicemail Box testing
Ch 606: Default Password List
Ch 607: RSA / RSA SecurID / SecurID Tokens / Two-Factor Authentication | RSAGuard.com
Ch 608: PBX (Private branch exchange) - Wikipedia
Ch 609: Procomm Plus Discontinued - Symantec Corp.
Ch 610: Aspect Scripting
Ch 611: Virtual private network - Wikipedia
Ch 612: B. Schneier and Mudge's paper breaking Microsoft PPTP
Ch 613: The Crumbling Tunnel - aleph1 reveals PPTP flaws
Ch 614: Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
Ch 615: A Cryptographic Evaluation of IPsec
Ch 616: H.323 - Wikipedia
Ch 617: Session Initiation Protocol - Wikipedia
Ch 618: Abstract Syntax Notation One - Wikipedia
Ch 619: Blind Teenage Hacker accused of Swatting - Spoofing Caller ID on VoIP calls to police
Ch 620: vomit - voice over misconfigured internet telephones
Ch 621: Scapy - powerful interactive packet manipulation program
Ch 622: Free VOIP phone software for Windows - free download
Ch 623: RTP Tools 1.18
Ch 624: Java SE Desktop Technologies - Java Media Framework API (JMF)
Ch 625: Anyone up for Cisco password cracking?
Ch 626: IKECrack - Bruteforce crack for IPSec
Ch 627: Online Cisco VPN GroupPwd Decryption
Ch 628: Cisco VOIP Commands Cheat Sheet from John C. Samuel
Ch 629: Advanced Routing Commands Cheat Sheet from John C. Samuel
Ch 630: Recovering phrases from encrypted Skype calls by examining the bitrate

Ch 701: Internet Routing Insecurity::Pakistan Nukes YouTube with DNS Record Change
Ch 702: Pakistan removed from the Internet
Ch 703: nslookup / host Dns Client Testing Command Not Found on Debian / Ubuntu Linux
Ch 704: Types of DNS records
Ch 705: DNS SRV records for SIP and XMPP
Ch 706: Port Forwarding in andlinux
Ch 707: OSI model - Wikipedia
Ch 708: What is an APDU?
Ch 709: AT&T Fiber Optic Splitter Used to Spy on Internet
Ch 710: Virtual LAN - Wikipedia
Ch 711: IEEE 802.1Q - Wikipedia
Ch 712: Ethernet - Wikipedia
Ch 713: VLAN Tagging
Ch 714: VLAN Jumping Attack
Ch 715: VoIP Hopper...Jumping from one VLAN to the next!
Ch 716: Making unidirectional VLAN and PVLAN jumping bidirectional
Ch 717: Bypassing and hacking switches using VLAN
Ch 718: IP Spoofing: An Introduction
Ch 719: Windows NT Patch Available to Improve TCP Initial Sequence Number Randomness
Ch 720: Slashdot | TCP/IP Sequence Number Analysis
Ch 721: IPsec - Wikipedia
Ch 722: Cisco Support Lists
Ch 723: Cisco IOS Password Encryption Facts - Cisco Systems
Ch 724: Looking Glass Overview - Web sites that show live routing information
Ch 725: ILAN Looking Glass--useful for trace demo with ASN values
Ch 726: CERN Looking Glass--also shows ASN values on a trace
Ch 727: Big list of looking glass pages sorted by ASN
Ch 727: Hacker writes rootkit for Cisco's routers
Ch 728: Manpage of TCPDUMP
Ch 729:\'arpwatch\' for security and administration
Ch 730: How to setup Arpwatch
Ch 731: arp-sk -- ARP traffic generators and arpwatch for Windows
Ch 732: arp-sk,WinARP Watch - arpwatch tools for Vista/XP/2003/2000
Ch 733: DecaffeinatID: Simple IDS / ARPWatch For Windows--works on Windows 7!

Ch 801: WildPackets - OmniPeek Product Family - Free Demo Version
Ch 802: WildPackets - Wireless Drivers
Ch 803: Orinoco Monitor Mode Patch Page
Ch 804: AbsoluteValue Systems, Inc. - linux-wlan Page - Prism2 Card Compatibility Information Here
Ch 805: Cisco/Aironet driver for Linux
Ch 806: Quad Stacked Omni 2.4 GHz Antenna
Ch 807: Non Line-Of-Sight (NLoS) Multi-Polarized Antennas
Ch 808: Global Positioning System - Wikipedia
Ch 809: Skyhook Wireless - Find Location from Wi-Fi Access Points
Ch 810: NetStumbler.com
Ch 811: Kismet
Ch 812: SMAC MAC Address Spoofer / Changer for Windows VISTA, XP, 2003, 2000
Ch 813: An introduction to LEAP authentication
Ch 814: IEEE 802.1X - Wikipedia
Ch 815: Mac MakeUp - MAC Address spoofing tool - do not use auto-cycle adapter option
Ch 816: Debunking the Myth of SSID Hiding
Ch 817: VistaStumbler--Wardriving software optimized for Windows Vista
Ch 818: Vistumbler--Better than Vista Stumbler
Ch 819: CACE Technologies - AirPcap Wireless Capture Adapter for Windows
Ch 820: Apple - iPhone - Features - Maps with GPS
Ch 821: Android WiFi Scan & War Driving
Ch 822: Google Maps Mashup Showing WiFi Scan Android Wardriving Results
Ch 823: Android Wifiscan available here
Ch 824: Hotspotter--Like SSLstrip, silently replaces a secure WiFi connection with an insecure one
Ch 825: WiGLE - Wireless Geographic Logging Engine - Plotting WiFi on Maps
Ch 826: Lawsuits Mount Over Google Wi-Fi Sniffing - PCWorld

Ch 901: ippl - IP Protocols Logger - detects port scans
Ch 902: Firewalk - Scan behind a firewall
Ch 903: Use Firewalk in Linux/UNIX to verify ACLs and check firewall rule sets
Ch 904: Fpipe v2.01 Port Redirector
Ch 905: Firewall/IDS Evasion and Spoofing with Nmap
Ch 906: What is application gateway? - Webopedia
Ch 907: WinGate Proxy Server / Firewall / Email server / Gateway Management Solution
Ch 908: WinGate - Wikipedia
Ch 909: Astaro Internet Security - Astaro Security Gateway Software Appliance

Ch_10a: Foundstone, Inc.© UDPFlood
Ch_10b: Application-layer DDoS Attacks: Detection and Resiliency (ppt file)
Ch_10c: Five percent of Web traffic caused by DDoS attacks
Ch_10d: Hacktics Presentation on Application-Layer DOS from OWASP (pdf)
Ch_10e: Cisco Guard DDoS Mitigation Appliances
Ch_10f: SYN Cookies - a mathematical way to resist SYN Floods
Ch_10g: Cisco - Strategies to Protect Against Distributed Denial of Service ( DDoS) Attacks
Ch_10h: Bogons - Invalid Source Addresses - Team Cymru
Ch_10i: Sinkhole_Tutorial_June03.pdf
Ch_10j: RadView - SoftwareTesting Tools. Performance Testing and Load Testing for Web Applications
Ch_10k: Web Test Tools Compared
Ch_10l: DDoS Attack Protection - Service Provider Network Visibility, Peakflow SP - Arbor Networks, Inc.
Ch_10m: Foundstone Network Security - DDOSPing - Free tool to detect DDoS Bots
Ch_10n: Creating a Computer Security Incident Response Team: A Process for Getting Started
Ch_10o: Akamai: The Leader in Web Application Acceleration and Performance Management, Streaming Media Services and Content Delivery
Ch_10p: SAVVIS, Inc - Built to Respond
Ch_10q: SYN flood - Wikipedia
Ch_11a: Mudge - Wikipedia
Ch_11b: How to write Buffer Overflows - Mudge, 1995
Ch_11c: Smashing the Stack for Fun and Profit by Aleph One
Ch_11d: Stack (data structure) - Wikipedia
Ch_11e: Damn Vulnerable Linux - The most vulnerable and exploitable operating system ever - Your First Damn Vulnerable Linux Lesson
Ch_11f: Video Tutorial for DVL Buffer Overflow Exploit
Ch_11g: GDB (Gnu Debugger) Tutorial
Ch_11h: Debugging with gdb - gdb Commands
Ch_11i: Debugging with GDB
Ch_11j: Titan Ftp Server Long Command Heap Overflow
Ch_11k: w00w00 on Heap Overflows
Ch_11l: Format String Attacks
Ch_11m: Hijacking a Macbook in 60 Seconds or Less
Ch_11n: Address space layout randomization - Wikipedia
Ch 11o: Cenzic Hailstorm Enterprise ARC Receives High Marks From Information Security Magazine
Ch 11p: Cenzic Hailstorm Professional

Ch_13_01: The Exploder Control Frequently Asked Questions (FAQ)
Ch_13_02: ActiveX 'Safe for Scripting' vulnerability - scriptlet.typelib and Eyedog Vulnerability (1999)
Ch_13_03: Sony Rootkit ActiveX control incorrectly marked "safe for scripting" (2005)
Ch_13_04: ActiveX - Active Exploitation | ASTALAVISTA
Ch_13_05: SiteLock 1.14 Template for ActiveX Controls
Ch_13_06: How to stop an ActiveX control from running in Internet Explorer with the Kill Bit
Ch_13_07: Brown Orifice - Java vulnerability from 2000
Ch_13_08: Java Virtual Machine remote compromise through a heap overflow
Ch_13_09: Internet Explorer Vulnerabilities
Ch_13_10: CERT Advisory CA-2000-05 Netscape Navigator Improperly Validates SSL Sessions
Ch_13_10: What's an IFrame attack and why should I care?
Ch_13_11: Microsoft Security Bulletin MS01-027 - Flaws in Web Server Certificate Validation Could Enable Spoofing
Ch_13_12: IE SSL Vulnerability (2002)
Ch_13_13: Homograph attacks
Ch_13_14: SANS Institute - SSL Man-in-the-Middle Attacks
Ch_13_15: Auto-Start Extensibility Points (ASEPs)
Ch_13_16: MyDoom
Ch_13_17: The Nimda Worm - automatic execution of MIME attachments
Ch_13_18: Instant Messaging Viruses - Avoid IM Viruses - Microsoft Security
Ch_13_19: Microsoft GDI Library JPEG Segment Length Integer Underflow Vulnerability
Ch_13_20: An Analysis of the 180 Solutions Trojan
Ch_13_21: How to strengthen the security settings for the Local Machine zone in Internet Explorer
Ch_13_22: Demonstration of an obscured URL trick
Ch_13_23: rootkit.com
Ch_13_24: bluepillproject.org
Ch_13_25: Jamie Butler's PPT file - DKOM (Direct Kernel Object Manipulation)
Ch_13_26: ActiveX - Active Exploitation -- Uninformed - vol 9 article 2
Ch_13-27: Firefox Security--Firefox Doesn\'t Properly Check for Revoked certificates!
2009-05-08: Ch 13_28: Imperva Web Application Firewall Demo
Ch 13_28: Imperva Web Application Firewall Demo
Ch_13_29: Jeremiah Grossman: Let\\\'s talk Web Application Firewalls (WAFs)

Miscellaneous Links

Securely Erasing Partitions | Novell User Communities
DEFCON Capture The Flag Solutions
Freeware Hex Editor XVI32 - Excellent Windows Hex Editor
Hacker Challenge Websites
Hacking IIS 4 Tutorial
Hacking Video: Exploiting MySpace with a SWF and WMF file attack
Hacking Video: TSGrinfer - RDP Brute Force
Hacking Video: Wirelessly hacking Gmail and more - tutorial
MD5 Collision Demo - How to create files with identical MD5 hashes
Root Hack Survival Guide
RootHack: How to Secure Linux Servers :: Basic Linux Server Security
RootHack: NMAP Scanning and PortSentry Evasion
SmbRelay captures NTLM hashes
Solaris - OpenPKG Project - Unix software packages
Solaris DHCP Client (Solaris DHCP Administration Guide)
Solaris: Basic Setup For Apache In Solaris 10
Solaris: Blastwave.org packages
Solaris: Change DNS Client Settings
Solaris: How do I find the name of the current shell
Solaris: How To Get Started with Blastwave.org - for Solaris 10 Users
Solaris: Install Date of Solaris Machine
Solaris: Installing apps/packages with pkg-get
Solaris: pkg-get man page
Solaris: Set the Date and Time on Solaris
Solaris: Sudoers Manual
Solaris: Update error - Cacao - Many workarounds, no real solution
Solaris: UTF-8 and Unicode FAQ
Solaris: VMware Tools for Solaris 10
VOIPSA : Resources : VoIP Security Tools
Web hacking: Turning firefox into a Web App assault kit
X001: Binary and other number systems
Wardriving software for Windows XP: inSSIDer: Copy and Paste Results Into Excel
Technical Analysis of the Recent Adobe Flash Zero-Day Vulnerability--Excellent explanation of mutated base fuzzing
Create a NC Backdoor with Metasploit Meterpreter Tutorial
edb - Linux debugger, easier to use than gdb--important for Advanced Hacking class
Creating Metasploit Exploit Modules Step By Step (Tutorial!)
Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit
Evilgrade 2.0 - the update explotation framework is back--CNIT 124 Project!
Kittens and revenge on wi-fi freeloaders <-- good CNIT 124 Project
Online WPA cracker with stats - CNIT 124 Project
Instructions for the Pass-the-hash attack with Metasploit - CNIT 124 Project
Evilgrade -- fake Java updates and more - CNIT 124 Project
Evilgrade -- fake Java updates and more - CNIT 124 Project
Skypher - Heap Spray Generator
The Evil Access Point! - CNIT 124 Project
PyLoris--SlowLoris for Windows! <--CNIT 124 Project
Honeywall--bootable honeypot CD - CNIT 124 Project
2010-11-25: OWASP HTTP Post Tool makes your laptop a sniper rifle <--CNIT 124 Project
Excellent OWASP slides explaining the Slow HTTP POST Layer 7 DoS--IIS & Apache vulnerable, load-balancers don\'t save you
Armitage - Cyber Attack Management for Metasploit - CNIT 124 Project
Tarpit (networking) - another way to use a Layer 7 DoS sort of effect for good - CNIT 124 Project
New HTTP POST DDoS Attack Tools Released - CNIT 124 Project
2010-12-01: .: ArpON - Blocks ARP Poisoning - CNIT 124 Project
NetWitness Investigator Software Download - CNIT 124 Project
SourceForge.net: NetworkMiner - CNIT 124 Project
Metasploit: Capturing Windows Logons with Smartlocker - CNIT 124 Project
Jeremiah Grossman: Spoofing Google search history with CSRF <--Great simple POC
XSS proof of concepts using different character encodings; Chrome does not get fooled - CNIT 124 Project
Arbor Peakflow: DDoS Protection - CNIT 124 Project
2010-12-24: Twitter Password Decryptor - CNIT 124 Project
Firefox vulns--highlights the need for whitelisting to stop XSS -- CNIT 124 Project
Packetstan: Scapy, and Random Acts of Packety Violence - CNIT 124 Project
Pitbull--simple attack bot in Perl <==CNIT 124 Project
Pitbull--simple attack bot in Perl - CNIT 124 Project
Security Onion: Intrusion Detection LiveDVD <--CNIT 124 Project
ICSI Netalyzr <-- Excellent, detailed information about your network--try it out! <--CNIT 124 Project
Drive By Exploitation With Metasploit! <--CNIT 124 Project
Universal HTTP DoS - Are You Dead Yet? - CNIT 124 Project
r-u-dead-yet - Layer 7 DoS Tool - CNIT 124 Project
Wireless LAN Penetration Testing Course<--CNIT 124 Project
Mantra - Free and Open Source Browser based Security Framework<--CNIT 124 Project
ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks <--CNIT 124 Project
ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks <--CNIT 124 Project
How to set up HTTP Tunnels <--CNIT 124 Project
How to set up HTTP Tunnels <--CNIT 124 Project
ISR Trinity Bomb DDoS Tool on Vimeo <--Possible CNIT 124 Project
@jduck1337 Using Metasploit and another stuxnet/windows privilege escalation vuln (CVE-2010-2743) - CNIT 124 Project
Microsoft Attack Surface Analyzer - CNIT 124 Project
2011-01-19: Wi-Foo - The Secrets of Wireless Hacking <--CNIT 124 Project
Example nginx.conf gile
Linux Guru: How to install NGINX
Anonymous IRC Logs: A Moment in Time
Hiding Malicious PDFs from AVs - CNIT 124 Project
XSS--A Complete XSS reversing/scanner tool <--CNIT 124 Project
DDoS threat raised as Darkness bot is given away for free <--CNIT124 project
Web Form Password Brute Force with FireForce <--CNIT 124 project
WS-Attacker : framework for web services penetration testing - CNIT 124 Project
Reverse Engineering for Beginners - CNIT 124 Project
OpenDLP Pass-The-Hash <--CNIT 124 Project
Exploiting Dynamic Routing Protocols with Loki on Backtrack 4 R2 - CNIT 124 Project
[WEB SECURITY] CSRF: Flash 307 redirect = Game Over - CNIT 124 Project
Analyzing Suspicious PDF Files With PDF Stream Dumper--CNIT 124 Project
Having fun with BeEF, the browser exploitation framework - CNIT 124 Project
Instructions for Windows Buffer Overflows - CNIT 124 Project
Metasploit Mac OS X Post Exploitation : Enumeration and Hash Dump <--CNIT 124 Project
2011-02-25: Pentest lab vulnerable servers-applications list <--CNIT 124 Projects
Microsoft Attack Surface Analyzer <--CNIT 124 Project
2011-03-06: MacNikto <--CNIT 124 Project
2011-03-07: Mitigating Slow HTTP DoS Attacks with ModSecurity
hashkill -- open source password hash cracker <- CNIT 124 Project
DenyHosts: SSH Brute Force Protection <--CNIT 124 Project
A Web Application Hacker's Toolkit - timtux.net
Arch Linux Forums / Need to specify full path as root
Arch Linux Installation Guide
Arch Linux Installation Guide (official)
ArchWiki :: Daemons - ArchWiki
ArchWiki :: Disable root password and gain su sudo with no password
ArchWiki :: Installing archlinux in VMWare - ArchWiki
ArchWiki :: Pacman - ArchWiki
BackTrack - Setting up networking in Slackware
CCIE lessons in PDF files

New Unsorted Links

2011-03-18: Offensive-Security Ohio Chapter (OSOC) <--Excellent project ideas here
Errata Security: Verifying the Comodo Hacker\\\'s Key <--CNIT 124 Project
Free version of Retina vuln scanner - CNIT 124 Project
A great set of add-on scripts for Jasager <--CNIT 124 Projects
Detecting Vulnerable Software Using SCAP/OVAL - CNIT 124 Project
Secure Your Wireless Networks with Scapy Packet Manipulation
Credential Harvesting With Facebook and the Social Engineering Toolkit - CNIT 124 Project
Credential Harvesting With Facebook and the Social Engineering Toolkit - CNIT 124 Project
Reverse connection: ICMP shell - CNIT 124 Project
FREE On-Line CEH by Shon Harris
TOR hammer -- Slow POST and run through Tor
How to Turn Off Linux Security Mechanisms
Advanced Nmap Security Aegis. <-- Excellent description of Nmap tools, lots of good projects here
Freenet6 Routing Problem -- demonstration of IPv6 Routing Loops in Tunnels
2011-11-24: St0rm dump of uni melboune data, dammit I thought he was gonna go straight
0entropy: Powershell, metasploit meterpreter and dns -- PROJECT IDEA
How to bypass Anti-Virus Systems --PROJECT IDEA
SpiderLabs Vulnerable SQL & XSS Testbeds -- CNIT 124 PROJECT
Evilgrade -- MUST TRY THIS
HP Fortify -- FREE DEMO VERSION - Source Code Review
Metasploitable: Gaining Root on a Vulnerable Linux System
Routerpwn -- PROJECT
jasagerpwn - Jasager attack vector script for BackTrack 5 and Ubuntu
PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion
BotHunter
Decrypting SSL packet dumps with Chrome and Wireshark --PROJECT IDEA
Advanced Exploitation of Mozilla Firefox Use-after-free Vulnerabilities (MFSA 2012-22 CVE-2012-0469)
Crypto & Block Cipher Modes (OpenSSL, AES 128, ECB, CBC) --Video with Linux commands. PROJECT IDEA
Hydra tutorial
CMOS De-Animator -- Clear BIOS Passwords -- PROJECT IDEa
Web Application Pen-testing Tutorials With Mutillidae -- OVER 50 PROJECTS
Images can be used to hide PHP malicious code -- GOOD PROJECT IDEA
PHP Code into JPEG Metadata: From hide to unhide
XlogicXExplosive-Steganography -- Makes fake viruses & bombs -- EICAR plus Virus detects as EICAR only by AV -- PROJECT IDEAS
ReverseEngineeringMalware -- free class materials!
How to Encrypt Cloud Storage on Linux and Windows with EncFS -- PROJECT IDEA
OpenVAS (Open Vulnerability Assessment System) -- PROJECT RESOURCE
Antivirus evasion with syringe -- PROJECT IDEA
WhatWeb -- Identifies Versions and Finds SQL Errors -- PROJECT IDEA
Install NetworkMiner with apt-get - PROJECT IDEA
Malware Analysis as a Hobby slides --Cuckoo looks great! -- PROJECT IDEA
Joe McCray's Hacking Videos
Deliberately insecure Linux distributions as practice targets LWN.net
Scanning Vulnerable Linux Distributions With Nessus
2012-10-13: FedElite Cyber Challenge Application Form
2012-10-13: FedCTE: ASPIRE TO BECOME THE CYBER ELITE: JOIN THE CHALLENGE


Ch 938: IEEE 1667 pledges secure portable storage for all (from 2008)

Ch_10_z10: Apache on Windows Canonicalization Vulnerability from 2006

Ch_10z11: Abusing URL Encoding

Ch 10z12: Huge portions of the Web vulnerable to hashing denial-of-service attack

Ch 10z13: HTTrack Website Copier

Ch 10z14: The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code

SideJacking with Ferret and Hamster in BackTrack 5! --Works on Gmail Accts that allow HTTP :)

dSploit - Android Network Penetration Suite -- PROJECT IDEA

DoS vulnerability affects older iPhones, Droids, even a Ford car -- PROJECT IDEA

2012-11-03: PasteBay.com - Free uncensored text hosting
2012-11-03: AnonPaste

CSE6990 Reverse Engineering class from @McGrewSecurity -- GREAT RESOURCES

Port Scanning using Scapy - InfoSec Institute

Python Network Programming

17.2. socket -- Low-level networking interface -- Python v2.7.6 documentation

UdpCommunication - Python Wiki

CodingBat -- Java and Python exercises

Advanced Penetration Testing Software - Cobalt Strike -- 21-day trial available -- PROJECT IDEA

WhisperSystems -- Encrypted Calls for Android -- GOOD PROJECT

Ch 3p: DNS Version Scan Results

MaxKeepAliveRequests: keep it high

Ch 4z24: Pass the Hash on Windows 8.1 with Instructions

Ch 4z25: Password Cracking, Hashes Dumping, Brute-Forcing, Auditing and Privileges Escalation Daniela Elmi IT Space

Ch 4z26: KerbCrack --cracks Windows Kerberos password hashes

Ch 4z27: Cracking Kerberos Passwords with KerbCrack -- DEMO

Ch 4z28: Attacking Kerberos Deployments (from 2010) -- GOOD EXPLANATION OF PREAUTHENTICATION

Ch 4z29: Excellent explanation of Pass The Hash, NTLM, and Kerberos from 2012

SS64 Command line reference

Sewing Patches in the Veil AV Evasion Framework

Creating Remote Shells that Bypass Anti-Virus with 'Veil'

           Linking provided by Blogrolling

Back to Top


Valid XHTML 1.0!      
Last Updated: 7-165-09 1 pm