Vivek Ramachandran

Thanks! I am glad you liked the first 15, and hope you like 16 (pass the hash) as well. Others, look forward to your feedback! Hope my accent is not too much of a problem :)

Hello All, Metasploit is probably one of the most useful tools to a hacker. Contains tons of well tested exploits which can be used with multiple payloads to break into systems. In this video series, I have tried to cover all the essential things one needs to know about Metasploit. I start from the very basics and slowly more towards covering intermediate and advanced functionality. I have already created over 300 mins of video. Note that this series is still in progress and you can keep checking for the latest videos on SecurityTube http://www.securitytube.net Below are the video links and a short description: 1. Metasploit Megaprimer (Exploitation Basics and need for Metasploit) Part 1 http://securitytube.net/Metasploit-Megapri...rt-1-video.aspx 2. Metasploit Megaprimer (Getting Started with Metasploit) Part 2 http://securitytube.net/Metasploit-Megapri...rt-2-video.aspx 3. Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi) http://securitytube.net/Metasploit-Megapri...api)-video.aspx 4. Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv) http://securitytube.net/Metasploit-Megapri...riv)-video.aspx 5. Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito) http://securitytube.net/Metasploit-Megapri...ito)-video.aspx 6. Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts) http://securitytube.net/Metasploit-Megapri...pts)-video.aspx 7. Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation) http://securitytube.net/Metasploit-Megapri...ion)-video.aspx 8. Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu) http://securitytube.net/Metasploit-Megapri...-Fu)-video.aspx 9. Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation) http://securitytube.net/Metasploit-Megapri...ion)-video.aspx 10. Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing) http://securitytube.net/Metasploit-Megapri...ing)-video.aspx 11. Metasploit Megaprimer (Post Exploitation and Stealing Data) Part 11 http://securitytube.net/Metasploit-Megapri...t-11-video.aspx 12. Metasploit Megaprimer Part 12 (Post Exploitation Backdoors and Rootkits) http://securitytube.net/Metasploit-Megapri...its)-video.aspx 13. Metasploit Megaprimer Part 13 (Post Exploitation Pivoting and Port Forwarding) http://securitytube.net/Metasploit-Megapri...ing)-video.aspx 14. Metasploit Megaprimer Part 14 (Backdooring Executables) http://securitytube.net/Metasploit-Megapri...les)-video.aspx 15. Metasploit Megaprimer Part 15 (Auxiliary Modules) http://securitytube.net/Metasploit-Megapri...les)-video.aspx 16. Metasploit Megaprimer Part 16 (Pass the Hash Attack) http://securitytube.net/Metasploit-Megapri...ack)-video.aspx Please do let me know your feedback!

It's already there my friend http://tools.securitytube.net/index.php?title=W3AF Please feel free to add anything you would like to it. After all the site is a collaborative WiKi :)

Dear All, We are excited to launch a brand new section - SecurityTube Tools! http://tools.securitytube.net ST Tools is a collaboratively edited community wiki which aims to list all the security and hacking tools out there. We have already listed over 280+ popular tools and need your help in building this index further and making it useful to everyone. Why did we start ST Tools? Though there are a couple of sites which maintain lists of tools, we feel the amount of information available there is limited. In most cases, it is just a 1-2 line description. ST Tools changes all this and aims to provide more useful information to the reader. For every tool listed on our site, the following information is given: 1. Description of the Tool: Short summary of the tool's functionality 2. Details: * Website : * Discussion Forum : * Mailing List : * Platforms : * License : * Author : * Contact Email : 3. Sample Usage : Screenshot or Text dump of the tool's usage or help pages 4. Tutorials and Demos : Links to Text and Video tutorials 5. Supporting Links : Links to documentation 6. Books : Links to books if applicable We have already populated most of this information for over 280+ tools. A sample tool's page would look like this: Nmap Tool Page http://tools.securitytube.net/index.php?title=Nmap How can you help us? You can help us by adding your tool if you are an author, or by adding other's tools if you use and like them. If you would like to add a tool, please read the Submission Process page first. Also, a lot of details for existing tools might be missing. We would request you to help us correct them.

LMAO!! :) When i was watching the video before posting it, somehow I had this weird feeling that I've seen this guy somewhere :D .... now i know :D

wow! 0 replies :( I was expecting some response from the Hak5 community. Flames are welcome too :)

Dear All, SecurityTube.net is pleased to announce the CFP for SecurityTubeCon, the first hacker conference, to be held completely online! SecurityTubeCon is aimed at democratizing hacker conferences by allowing any researcher, regardless of his physical location, to share his work with the community. Unlike other Cons we will not *accept / reject* speakers. If you have something interesting to share, you WILL be heard. The idea behind SecurityTubeCon is not to pass judgments on your work, instead, it aims at providing a platform for knowledge exchange. Once speakers send in their talk abstracts, we will put it online for the community members to decide which talks they want to attend. On the day of the conference, speakers will broadcast their talks using screencasting software and the interested participants will tune in. The participants will use IRC / chat rooms to ask questions to the speakers during the talks. What else is unique about SecurityTubeCon? a. This conference will be held completely online! b. Location No Barrier - speak / attend SecurityTubeCon from your bedroom :) c. Language No Barrier - though we would recommend English as the preferred language so you can address a global audience, feel free to speak in the language you are most comfortable with d. $0 is the conference registration fees - absolutely free For the CFP and other details please visit the conference site at http://www.securitytubecon.org Here is a quick summary of the CFP in an FAQ format: ----------------------------------------------------------- 1. When and Where will SecurityTubeCon be held? Venue: Cyberspace Dates: 6th, 7th and 8th November, 2009 2. How will it all work? a. Interested speakers will send us their talk details a. We will post the list of speakers and abstracts online b. Participants will register for talks and will receive webinar invitations c. Speakers will broadcast their talks using screencasting / web conferencing software and invited participants will join in d. The participants will use IRC / Chat rooms to ask questions to the speakers during the talks 3. Are there any requirements to become a speaker? Just two: 1. You should know what you are talking about :) 2. You will need to submit a video recording of your entire talk before the deadline. This will ensure that participants have something to watch in case there is a last minute technical issue or some other problem. These videos will be made available absolutely free to everyone a week after the conference. 4. Awesome! I want to register as a speaker! How do I apply? To Become a Speaker at SecurityTubeCon, please follow the following steps: a. Send an email to submissions@securitytubecon.org containing the following information: I. Talk Title II. Abstract: Minimum 250 words III. Language in which talk will be delivered in IV. Desired Duration: 15 mins / 30 mins / 60 mins? V. Speaker Names with Email addresses VI. Speaker Bios: As detailed as possible b. Once we receive your email, we will post your talk online and send you a confirmation c. You will need to submit the presentation, tools, other relevant material and a video of the entire talk by October 20th, 2009. We will send you the details on where to upload via email. d. If the material mentioned in © is not received by the deadline, your talk will be removed from the website e. For any additional questions, please contact us at submissions@securitytubecon.org 5. How long can a talk be? 15 mins, 30 mins and 60 mins talk slots are available 6. What are the Deadlines? 1. Deadline to Submit Abstracts: October 10th, 2009 2. Deadline to submit the full presentation and video: October 20th, 2009 3. Conference Dates: 6th, 7th and 8th November 7. What kind of talks will be accepted at SecurityTubeCon? Very broadly, there will be 4 tracks in SecurityTubeCon: a. Research Track: Show your bleeding edge research and zero days here b. Tutorials Track: In-depth Tutorials on security technologies can be given here by domain experts c. Tool Demos: Demonstration of new and cutting edge tools by their original authors d. Security Product Demos: Demos of state of the art security products by companies and organizations Topics can belong to a broad spectrum, here are a couple (neither exhaustive nor limited to): a. Protocol / Application based vulnerability in networks and computers b. Firewall Evasion techniques c. Intrusion detection/prevention d. Data Recovery and Incident Response e. Mobile Security (cellular technologies) f. Virus and Worms g. WLAN and Bluetooth Security h. Analysis of malicious code i. Cryptography and Cryptanalysis j. Computer forensics k. Cyber Crime & law ..... 8. How can I help? a. Please forward this CFP link / email to your friends in the security / hacking community b. Send this CFP to any mailing lists related to security c. Post a link to the conference website on forums, discussion groups you frequent d. Particpate either as a Speaker or as an Attendee :) 9. I have a question? Need more info? Write to us at info@securitytubecon.org ----------------------------------------- Hoping that all of you will attend and participate! Cheers! Vivek Ramachandran http://www.securitytube.net

Fuzzing 101 Detailed video tutorial http://securitytube.net/Fuzzing-101-Detail...imer-video.aspx

Just curious what the exploit was? and what do you mean by unrelated system? - was another website hosted on the same box, which got compromised?

Thanks! I am glad you liked the site :) Hello All, I will be posting interesting video on SecurityTube in this thread. It is important to note that these are videos which people have submitted / referred to SecurityTube and have not been made by me. 1. Hacker News Network: HNNCast for the 4th Week of June http://securitytube.net/HNNCast-for-the-4t...June-video.aspx 2. Endianness Basics: http://securitytube.net/Endianness-(Part-I)-video.aspx http://securitytube.net/Endianness-(Part-II)-video.aspx 3. Is it safe to surf porn on an Apple MAC? http://securitytube.net/Is-it-Safe-to-Surf...-Mac-video.aspx 4. Building a VNC Backdoor door from scratch http://securitytube.net/Building-a-VNC-Bac...atch-video.aspx More videos to be posted in this thread soon! Enjoy!

Thanks @charm_quark! @SomethingToChatWith - Please feel free to download the videos! Hello All, Here is the next set of videos: 1. Format String Vulnerabilities Primer (Part 2 Understanding Format Functions) In this video we will try to understand why functions such as Printf are susceptible to Format String attacks. This video is very hands on in nature - we will explore the stack of a vulnerable program using GDB and see how the Printf function interprets the format string to decide on the number of arguments it should pick from the stack. http://securitytube.net/Format-String-Vuln...ons)-video.aspx 2. Format String Vulnerabilities Primer (Part 3 Crashing the Program) In this video we will look at how a Format String Vulnerability can be used to crash a program. This could be used by a remote attacker to launch a Denial of Service attack on a server running a vulnerable daemon. http://securitytube.net/Format-String-Vuln...ram)-video.aspx 3. Format String Vulnerabilities Primer (Part 4 Viewing the Stack) In this video we will look at how a Format String Vulnerability can be used to view the program stack. http://securitytube.net/Format-String-Vuln...ack)-video.aspx Comments and Feedback welcome!

Thanks Seshan! Format String Vulnerabilities Video Primer Hello All, After covering Assembly Language and Buffer Overflow basics in detail, I am now moving on to Format String Bugs. This will also be around a 8 part video series, so please bear with me. I will be posting the videos on this thread as I make them. Video 1: The Basics In this first video of the series, we will understand the basics of format strings and format functions and we will look at a simple case where information leakage happens due to a format string vulnerability being present. http://securitytube.net/Format-String-Vuln...ics)-video.aspx Thanks!

Reverse Engineering a Software Install Process Most of us install software downloaded from both known and unknown sources. Sometimes, we might have a reason to suspect that the software in question may be doing some malicious activity on our PC - such as modifying a registry key, overwriting an important system DLL etc. In this video we will look at how to reverse engineer a software install process by using InstallWatch. http://securitytube.net/Reverse-Engineerin...cess-video.aspx

Hello All, Just wanted to add 2 more videos on Advanced Buffer Overflow techniques: 1. Exploiting Buffer Overflows on systems with linux kernel without ASLR http://securitytube.net/Exploiting-Buffer-...ASLR-video.aspx 2. Exploiting Buffer Overflows on systems with ASLR enabled in the kernel using a Brute Force on the Stack http://securitytube.net/Exploiting-Buffer-...ayer-video.aspx These videos have been made by BlackLight from http://blacklight.gotdns.org/ . Enjoy!

Thanks for the info zerosignal0! The reason for the errors is resource exhaustion on the shared hosting i am currently using. I am in the process of moving SecurityTube from shared to dedicated hosting. Hopefully, all these errors should disappear after that!

Hello All, I just completed a couple of more videos in this series. So here goes: 6. Exploiting a vulnerable program: In this video we will understand how to overwrite the stack with our shellcode and exploit a vulnerable program. http://securitytube.net/Buffer-Overflow-Pr...ram)-video.aspx 7. Demo of an actual exploitation: This will consist of a demo of an actual exploitation based on the theory learnt in the previous video. http://securitytube.net/Buffer-Overflow-Pr...emo)-video.aspx 8. Return to Libc theory: 2.6 kernel onwards the stack was made Non-Executable, thus rendering the tradional buffer overflow attacks useless. In this video we will understand how we can subvert this protection using a technique called "Return to Libc" http://securitytube.net/Buffer-Overflow-Pr...ory)-video.aspx 9. Demo of exploiting using Return to Libc: This will consist of an actual demo by using a vulnerable program. http://securitytube.net/Buffer-Overflow-Pr...emo)-video.aspx Comments and Feedback welcome!

Hello All, Next 2 videos in this series are online now: 4. Disassembling Execve: In this video we will look at how to invoke execve in assembly. http://securitytube.net/Buffer-Overflow-Pr...cve)-video.aspx 5. Creating Shellcode for Execve: In this video we will look at how to create shellode for invoking the execve syscall. http://securitytube.net/Buffer-Overflow-Pr...cve)-video.aspx More videos to come in this series! Comments and Feedback welcome!

Hello All, Here are the next 2 videos in the Buffer Overflow Primer Series: 2. Writing Shellcode - we will take a very simple case of converting the exit() syscall into shellcode http://securitytube.net/Buffer-Overflow-Pr...ode)-video.aspx 3. Executing Shellcode - we will look at how to write a simple C program to test the shellcode we wrote in the previous video http://securitytube.net/Buffer-Overflow-Pr...ode)-video.aspx Many more to come in this series!

Hello All, Hope you liked the Assembly Language Primer series I made before this. I will be adding a couple of more videos to it soon. In the meantime wanted to get started with some real fun - Buffer Overflow Primer Videos In this video series we will take an in-depth look into Buffer Overflow attacks - how they work and how to exploit them. I made the first video in the series today - a 30 minute session. Buffer Overflow Primer Part 1 (Smashing the Stack) In this video we will look at how the program stack can be corrupted by a buffer overflow, how the EIP can be made to point at an arbitrary location in code as a consequence and how one can exploit such a condition. http://www.securitytube.net/Buffer-Overflo...ack)-video.aspx Lots more videos to come in this series. Comments and Feedback welcome!

Thanks! I am happy you feel so :) Here are the next videos in the series: 9. Conditional Branching using the Jump family of instructions http://securitytube.net/Assembly-Primer-fo...hing-video.aspx 10. Writing Functions in Assembly http://securitytube.net/Assembly-Primer-fo...ions-video.aspx 11. Passing arguments to functions using the Stack http://securitytube.net/Assembly-Primer-fo...tack-video.aspx Enjoy!

Thanks Zimmer! The next 2 videos in the series are as follows: 7. Working with Strings: In this video we will look at how to work with strings in assembly using the MOVS, STOS, REP etc. instruction sets. http://securitytube.net/Assembly-Primer-fo...ings-video.aspx 8. Unconditional branching: In this video we will look at how to perform unconditional branching in assembly using the JMP and CALL instruction sets. http://securitytube.net/Assembly-Primer-fo...hing-video.aspx Comments and Feedback welcome ! I will try to complete the entire Assembly language videos in the next 2 weeks :)

Hello All, Just finished creating the next set of videos in the "Assembly Language Primer for Hackers" video series: 4. Writing your First Hello World Program in Assembly http://securitytube.net/Assembly-Primer-fo...orld-video.aspx 5. Understanding Data types in Assembly Language http://securitytube.net/Assembly-Primer-fo...ypes-video.aspx 6. Moving Data between registers and memory http://securitytube.net/Assembly-Primer-fo...Data-video.aspx Comments and Feedback welcome! I will be creating the next set of videos over the weekend. -Vivek

No, he is a different guy :)

Hello All, Assembly language is a must know before one can get into the world of code exploitation techniques, reverse engineering, virus writing etc. Unfortunately, as Assembly is also a bit tough to grasp for newbies as it is very low level. Thus, I decided to create a video tutorial series on "how to get started with Assembly for hackers". The series is far from complete yet. I will be posting follow up videos in this post as I make more. Here is the first couple I made today: 1. System Organization concepts: http://securitytube.net/Assembly-Primer-fo...tion-video.aspx In this first part, I explain the basics of computer organization, CPU registers - general purpose, segment and instruction pointer. Also covered is virtual memory organization, program memory organization, program stack and stack operations. 2. Virtual Memory Organization: http://securitytube.net/Assembly-Primer-fo...tion-video.aspx In this video we take an in-depth look at virtual memory organization concepts. We look at how one can use the /proc/PID/maps to peek into the layout of a program's virtual memory and interpret useful things. Also, we show how the Address Space Layout Randomization (ASLR) works in the latest 2.6 kernels and why this is significant from a security point of view. We also show how this can be disabled at runtime if the need be. This video is very important from an code exploitation perspective as it teaches us how to check for the presence of ASLR on a given system. 3. GDB Usage Primer: http://securitytube.net/Assembly-Primer-fo...imer-video.aspx In this video we go through a quick primer on how to use GDB to disassemble code, set breakpoints, trace through code, examine CPU registers and memory locations, examine the program stack and many other important use cases which will help us in later videos when we actually start coding in Assembly and want to debug our code. Comments and Feedback welcome! More videos to be added over the weekend.

Shonen, LauBen - Thanks for the encouragement! I was almost wondering why nobody was replying :P Maybe they did not like the videos :o Good to know at least a couple of folks liked it.