Vivek Ramachandran

Thanks, i will try to see if this is available on google video or youtube, so that i can embed that into the collection.

we will have to really try it out and check. In some cases if the program code itself - prepends or appends some metadata to the credentials then that should remain the same always, else it might differ across architectures, OSs, program versions etc Will probably find some time next weekend to try it out and see. Let me know if you get a chance to try and get results..

Thanks, i am glad you liked the video. The link to Pmdump etc was mentioned in the summary of the video Quoting from the summary: "Please download a copy of the Pmdump programs and Strings program before continuing with this video. Also, we shall use the demo application MemPass.exe to show the vulnerability. The application is a very simple piece of code which takes the user input, clears the screen and pauses its execution. " Pmdump is a hyperlink to the downloadable binary.

Thanks! Looking forward to your feedback and comments!

I agree. I think a good way to solve this problem might be to first take the application, put your password in and check the surrounding memory bytes for a prefix or a postfix pattern. If there is a pattern which emerges (we can do this my running the program multiple times on say different machines), we can use it for searching the memory dump of a binary for which the password is unknown and then find it. Should work.

In this video i make a simple demonstration of how we can dump a program's memory and then use the strings program to find in memory passwords and other sensitive information. A large number of applications can fall prey to this security vulnerability and get their user's passwords hacked - web browsers, email clients, instant messengers etc fall in this category. The main idea behind the hack is that while the application is running, we should be able to dump its entire memory to file, without having to stop or tamper with the application in any way. http://securitytube.net/Dumping-Passwords-...dump-video.aspx

If there are any good ones i left out, please add a link in this post!

Enjoy! 1. History of Hacking: http://securitytube.net/History-of-Hacking-Part-1-video.aspx http://securitytube.net/History-of-Hacking-Part-2-video.aspx http://securitytube.net/History-of-Hacking-Part-3-video.aspx http://securitytube.net/History-of-Hacking-Part-4-video.aspx http://securitytube.net/History-of-Hacking-Part-5-video.aspx 2. Hackers are People Too http://securitytube.net/Hackers-are-People...tary-video.aspx 3. Hackers ( Outlaws and Angels ) http://securitytube.net/Hackers-(-Outlaws-...tary-video.aspx 4. Freedom Downtime (Kevin Mitnick Story) http://securitytube.net/Freedom-Downtime-(...ick)-video.aspx 5. Revolution OS (Story of Linux) http://securitytube.net/Revolution-OS-Documentary-video.aspx 6. Cyber Wars Documentary http://securitytube.net/Cyber-Wars-Documentary-video.aspx 7. Web Warriors Documentary http://securitytube.net/Web-Warriors-Docum...-CBC-video.aspx Please provide links to any other good documentaries i might have missed out.

In this video series we explore the basics of socket programming on linux based systems using C. In the first part we look into a detailed presentation which guides us through the basics of socket programming - things like network byte order, host byte order are explained in detail: http://securitytube.net/Socket-Programming...tion-video.aspx http://securitytube.net/Socket-Programming...-(2)-video.aspx http://securitytube.net/Socket-Programming...-(3)-video.aspx Once, the reader is familiar with the basics, i run you through 3 examples: A Hello World TCP Server Program: http://securitytube.net/Hello-World-TCP-Se...kets-video.aspx http://securitytube.net/Hello-World-TCP-Se...-(2)-video.aspx A TCP Echo Server program: http://securitytube.net/TCP-Echo-Server-us...kets-video.aspx and then a TCP Client program which interfaces with the server: http://securitytube.net/TCP-Echo-Client-us...kets-video.aspx Absolutely zero knowledge and experience is pre-requisite for this video series. Hopefully it will be of help to newbies. Comments and Feedback welcome! -ViVek

In this video series i cover the basics of packet injection using raw sockets. Packet injection is a very important concept if one wants to code a proactive security tool which can modify and mangle packets to influence the behavior of the underlying network. The links to the video tutorials are as follows: 1. Packet Injection Programming Basics presentation (please watch this before going through the other examples) http://securitytube.net/Packet-Injection-B...tion-video.aspx http://securitytube.net/Generic-Packet-Inj...-(2)-video.aspx 2. Ethernet Packet Injection programming: http://securitytube.net/Ethernet-Packet-Injection-video.aspx 3. IP Packet Injection: http://securitytube.net/IP-Packet-Injection-video.aspx http://securitytube.net/IP-Packet-Injection-(2)-video.aspx 4. TCP Packet Injection programming: http://securitytube.net/TCP-Packet-Injection-video.aspx http://securitytube.net/TCP-Packet-Injection-(2)-video.aspx Comments and feedback welcome! ViVek

I have a created an entire series on packet sniffer programming basics on linux based systems using C programming. I have started from simply opening a raw socket, receiving packets and printing the contents in hex. Then i have slowly moved up the layers and decoded every layer and shown how to code it. Hopefully, the tutorial should be easy to follow. All code is also available on the video pages. 1. Generic Packet Sniffer http://securitytube.net/Generic-Packet-Sni...ming-video.aspx http://securitytube.net/Generic-Packet-Sni...-(2)-video.aspx 2. Ethernet Packet sniffer http://securitytube.net/Ethernet-Packet-Sn...ing--video.aspx 3. IP Packet sniffer http://securitytube.net/IP-Packet-Sniffer-...ing--video.aspx 4. TCP Packet sniffer http://securitytube.net/TCP-Packet-Sniffer...ing--video.aspx 5. Data Packet Sniffer http://securitytube.net/Data-Packet-Sniffe...ing--video.aspx Feedback and suggestions welcome! -ViVek

1. Netcat Client mode: http://securitytube.net/Netcat-Basics-(Cli...ode)-video.aspx 2. Netcat Server mode: http://securitytube.net/Netcat-Basics-(Ser...ode)-video.aspx 3. Netcat Remote Bind Shell: http://securitytube.net/Netcat-Basics-(Bin...ell)-video.aspx Feedback welcome!

Hello All, I made a 2 part video on raw sockets fundamentals and how they can be used to build your own sniffers and packet injectors. http://securitytube.net/Raw-Sockets-Basics...tion-video.aspx http://securitytube.net/Raw-Sockets-Basics...-(2)-video.aspx Suggestions and Feedback welcome! Vivek

Hello All, A good place to start learning security and hacking using videos: http://www.securitytube.net -Vivek