Vivek Ramachandran

Hacking Barcodes Video explains the basics of barcodes and runs us through how one can crack various flawed implementations in Parking tickets, Recycling machines, Access control systems, DVD rentals, Newspaper Ads, Postal codes, Airline boarding tickets, Baggage tracking, etc. http://securitytube.net/Hacking-Barcodes-video.aspx A quick demo of how to use off the shelf software to read / write barcodes is available here: http://securitytube.net/Reading-and-Writin...odes-video.aspx

Thanks for the encouragement Shonen! I am glad you enjoyed the videos and that the accent did not get in your way :) Regarding the Caffe Latte Attack, i agree, the video does not provide too much info into the actual setting up on the honeypot. I will definitely make a video on setting up a honeypot using a wifi card in the next couple of days! Will update this post when i do that. Thanks for pointing this out.

Bypassing the Linux kernel ASLR using ret2esp Tutorial In this video tutorial BlackLight ( http://blacklight.gotdns.org/ ) illustrates how to exploit an application vulnerable to buffer overflow under a modern 2.6 Linux kernel with ASLR, bypassing stack layer randomization by search a jmp *%esp inside the executable file and forcing our program to jump there. http://securitytube.net/Bypassing-the-Linu...2esp-video.aspx

Hacker Documentaries 1. Hacker Attack Documentary traces through the early hacking scene, highlights include - phreaking, interview with Phiber Optic, early credit card number generators, identity theft using social security numbers, the 2600 club, early penetration testing and interview with a couple of ethical hackers, cloning of cellular phones and demonstration of early reconnaissance and hacking techniques such as using the finger daemon, rlogin, rsh, brute force password cracking etc http://securitytube.net/Hacker-Attack-Documentary-video.aspx 2. Attack of Cyber Pirates This documentary explores the piracy of online music and movies. It traces through the birth of the Napster program and how it was shut off because of lawsuits from the music industry. http://securitytube.net/Attack-of-Cyber-Pi...tary-video.aspx

Hijacking the Internet using a BGP MITM Attack Anton Kapela and Alex Pilosov gave this talk titled "Stealing the Internet - A Routed, Wide-area, Man in the Middle Attack" at Defcon 16. The talk begins with some background about BGP basics and how it is used to route traffic, then moves on to currently known attacks on BGP and then finally describes the attack discovered by the researchers using which it is possible to MITM traffic on the Internet for any target destination. The entire video of the entire talk is available here: http://securitytube.net/Hijacking-the-Inte...-16)-video.aspx

Nmap: Scanning the Internet How would you like to scan millions of hosts on the Internet and catalog all the interesting insights? This is exactly what Fyodor, the author of Nmap or Network Mapper did last summer. Thankfully, he then went on to share his finding with the community at Defcon 16 in his talk titled "Nmap: Scanning the Internet". Interestingly, as Fyodor notes in his talk that scanning such a large set of IP addresses did help him in uncovering many bugs in Nmap and also forced him to make enhancements and add new features to make the scanner really fast. This video contains the entire Defcon 16 talk: http://securitytube.net/Scanning-the-Inter...-16)-video.aspx

Demonstration of Hardware Trojans (Defcon 16) Talk and demonstration on how hardware trojans can use thermal, optical and radio based techniques to leak our secrets. The demo shows all these 3 kinds of trojans and describes how easy it is to smuggle these into common electronic goods such as mobile phones, music players and laptops. http://securitytube.net/Demonstration-of-H...-16)-video.aspx

PHP Shell Injection on a Website through Log Poisoning Many web administrators save the logs of their accesses on a PHP log file. This video shows the vulnerability of this kind of habit, as we can inject arbitrary PHP code into a log file simply by changing an information that we send to the web server and will be logged (like user agent). That code will be then executed on the server as soon as the web admin reads log files via browser. http://securitytube.net/PHP-Shell-Injectio...ning-video.aspx

Remote Command Execution on a web server through a reverse shell invoked by a RFI vulnerable script Great video by BlackLight from http://blacklight.gotdns.org http://securitytube.net/Remote-Command-Exe...ript-video.aspx

Thanks will-wtf! Henceforth, i will be posting all my videos here: http://hak5.org/forums/index.php?showtopic=12196

Bytecode Injection into a Running Process using Ptrace() BlackLight demonstrates how to modify the flow of a running process by injecting an arbitrary code into its EIP register under a Linux environment, using ptrace() system call. http://securitytube.net/Bytecode-Injection...ce()-video.aspx

Hello All, I will be posting all the latest videos I publish on SecurityTube.net here. Please reply to individual video posts to leave behind your comments about them. Comments and feedback are welcome! Thanks, Vivek

Guys, I will post all new videos in a single thread. Idea was not to spam. I make all these videos pretty enthusiastically and thus keep posting them as soon as i make them.

Sent you a unicast, as this message does not help the forum.

Calm down buddy! I have no such intention. I generally only post videos which i or my hacker friends have made. In this case, as the Moxie talk was quite a rage and the video was not available on any public site, i decided to make a post.

BlackLight, the author of Tcpsmash demonstrates how to kill the connection between two hosts on the same network from a third host, doing some ARP poisoning, packet sniffing and packet injection, and using tcpsmash and nemesis. http://securitytube.net/TCP-connection-res...tion-video.aspx

You also checkout SecurityTube.Net at http://www.securitytube.net . Has over 250 videos on hacking and security related topics.

Thanks All! I am glad you liked the video! I have created a followup video on how to store all this data into a database for future analysis. Its available as a separate post http://hak5.org/forums/index.php?showtopic=12122

As we have seen in the previous video ( http://securitytube.net/Crawling-the-Web-f...ofit-video.aspx ), the ability to mine data using automated bots is real fun! One could code automated ftp crawlers, web vulnerability scanners, port scanners etc and sweep through a large range of IP addresses on the Internet for Fun or for Profit ;) In this video we will go through a quick and dirty guide on how to store all that data into a postgresql database on Backtrack 3.0 for further analysis. The video is aimed at beginner and intermediate hackers who want to get started with using databases for integration with their hacking projects. http://securitytube.net/Storing-Mined-Data...ofit-video.aspx comments and Feedback welcome!

With billions of webpages out there on the web, it is somewhat interesting to see how one can mine them systematically and analyze them. This video is a programming guide to creating a very simple web crawler which can mine the web and extract content from the HTML file using a DOM parser. The video is a get started guide for beginner and intermediate programmers who would like to explore data mining possibilites over the WWW. http://securitytube.net/Crawling-the-Web-f...ofit-video.aspx

"Attacking Intel Trusted Execution Technology" was a talk given by Rafal Wojtczuk & Joanna Rutkowska from InvisibleThings in Blackhat DC this year. In their talk they describe what Intel® TXT is, how it works, and how it can be used to build more secure systems. They also show, however, weaknesses in current TXT implementations and how they can be practically exploited. They also show a working exploit code against tboot - Intel's implementation of trusted boot process for Xen and Linux. http://securitytube.net/Attacking-Intel-Tr...ska)-video.aspx

This presentation will demonstrate some new tools and techniques that allow attackers to silently alter, inject, and log traffic intended for secure transmission by SSL/TLS in common web applications such as online banking or secure webmail logins. It builds off of the SSL exploit tools and research on the failure of browsers to validate BasicConstraints that I published in 2002, and will include demonstrations of a new tool for exploiting current use patterns as well as some data gathered from field testing in the real world. Video of the entire presentation: http://securitytube.net/Defeating-SSL-usin...hat)-video.aspx Presentation slides: http://www.blackhat.com/presentations/bh-d...feating-SSL.pdf

In this 2 part series, i discuss how one can conduct an SSL MITM attack over wireless. To demonstrate it, i use a combination of DNSspoof and Delegated proxy after the actual Layer 2 hijacking has been done. SUch an attack can be easily orchestrated in public hotspot scenarios. 1. PPT on the basics of the attack: http://securitytube.net/SSL-MITM-Attack-Ov...less-video.aspx 2. A live demo of the attack: http://securitytube.net/SSL-MITM-Attack-Ov...Demo-video.aspx Comments and Feedback welcome!

http://securitytube.net/BSODomizer-in-Action-video.aspx

In this video series, we use the DIG utility to understand the DNS protocol better. We will run through a tutorial of the DIG utility usage, look at domain transfers, then how the DNS servers operate in an hierarchy and then finally how to do a reverse DNS with DIG. 1. DIG basics: http://securitytube.net/Domain-Information...sics-video.aspx 2. DNS Zone transfer using DIG: http://securitytube.net/DNS-Zone-Transfer-...-DIG-video.aspx 3. Hacking DNS lookup using DIG: http://securitytube.net/Hacking-DNS-Lookup...-DIG-video.aspx 4. Reverse DNS lookup with DIG: http://securitytube.net/Reverse-DNS-Lookup...-DIG-video.aspx Comments and Feedback welcome!