Jump to content

Video Tutorials on Hacking and Security


Vivek Ramachandran
 Share

Recommended Posts

PHP Shell Injection on a Website through Log Poisoning

Many web administrators save the logs of their accesses on a PHP log file. This video shows the vulnerability of this kind of habit, as we can inject arbitrary PHP code into a log file simply by changing an information that we send to the web server and will be logged (like user agent). That code will be then executed on the server as soon as the web admin reads log files via browser.

http://securitytube.net/PHP-Shell-Injectio...ning-video.aspx

Link to comment
Share on other sites

Demonstration of Hardware Trojans (Defcon 16)

Talk and demonstration on how hardware trojans can use thermal, optical and radio based techniques to leak our secrets. The demo shows all these 3 kinds of trojans and describes how easy it is to smuggle these into common electronic goods such as mobile phones, music players and laptops.

http://securitytube.net/Demonstration-of-H...-16)-video.aspx

Link to comment
Share on other sites

Nmap: Scanning the Internet

How would you like to scan millions of hosts on the Internet and catalog all the interesting insights? This is exactly what Fyodor, the author of Nmap or Network Mapper did last summer. Thankfully, he then went on to share his finding with the community at Defcon 16 in his talk titled "Nmap: Scanning the Internet". Interestingly, as Fyodor notes in his talk that scanning such a large set of IP addresses did help him in uncovering many bugs in Nmap and also forced him to make enhancements and add new features to make the scanner really fast. This video contains the entire Defcon 16 talk:

http://securitytube.net/Scanning-the-Inter...-16)-video.aspx

Link to comment
Share on other sites

Hijacking the Internet using a BGP MITM Attack

Anton Kapela and Alex Pilosov gave this talk titled "Stealing the Internet - A Routed, Wide-area, Man in the Middle Attack" at Defcon 16. The talk begins with some background about BGP basics and how it is used to route traffic, then moves on to currently known attacks on BGP and then finally describes the attack discovered by the researchers using which it is possible to MITM traffic on the Internet for any target destination.

The entire video of the entire talk is available here:

http://securitytube.net/Hijacking-the-Inte...-16)-video.aspx

Link to comment
Share on other sites

Hacker Documentaries

1. Hacker Attack

Documentary traces through the early hacking scene, highlights include - phreaking, interview with Phiber Optic, early credit card number generators, identity theft using social security numbers, the 2600 club, early penetration testing and interview with a couple of ethical hackers, cloning of cellular phones and demonstration of early reconnaissance and hacking techniques such as using the finger daemon, rlogin, rsh, brute force password cracking etc

http://securitytube.net/Hacker-Attack-Documentary-video.aspx

2. Attack of Cyber Pirates

This documentary explores the piracy of online music and movies. It traces through the birth of the Napster program and how it was shut off because of lawsuits from the music industry.

http://securitytube.net/Attack-of-Cyber-Pi...tary-video.aspx

Link to comment
Share on other sites

Bypassing the Linux kernel ASLR using ret2esp Tutorial

In this video tutorial BlackLight ( http://blacklight.gotdns.org/ ) illustrates how to exploit an application vulnerable to buffer overflow under a modern 2.6 Linux kernel with ASLR, bypassing stack layer randomization by search a jmp *%esp inside the executable file and forcing our program to jump there.

http://securitytube.net/Bypassing-the-Linu...2esp-video.aspx

Link to comment
Share on other sites

Damn Viv you have been a busy busy man indeed.

I have watched a few tutorials on your site and personally I enjoy the stuff you yourself have released, its straight to the point, informative and the naration isn't hard to understand/annoy the shit out of me.

I thourghly enjoyed the caffe latte attack, very resourceful use of existing apps for a differnt kind of attack vector. My only gripe with the tutorial was the lack of explanation of setting up the honey pot. I have always been interested in honey pots but have no idea how to set one up. In any case I got what was going on and I would love to do this in my home lab.

Link to comment
Share on other sites

Damn Viv you have been a busy busy man indeed.

I have watched a few tutorials on your site and personally I enjoy the stuff you yourself have released, its straight to the point, informative and the naration isn't hard to understand/annoy the shit out of me.

I thourghly enjoyed the caffe latte attack, very resourceful use of existing apps for a differnt kind of attack vector. My only gripe with the tutorial was the lack of explanation of setting up the honey pot. I have always been interested in honey pots but have no idea how to set one up. In any case I got what was going on and I would love to do this in my home lab.

Thanks for the encouragement Shonen! I am glad you enjoyed the videos and that the accent did not get in your way :)

Regarding the Caffe Latte Attack, i agree, the video does not provide too much info into the actual setting up on the honeypot. I will definitely make a video on setting up a honeypot using a wifi card in the next couple of days! Will update this post when i do that. Thanks for pointing this out.

Link to comment
Share on other sites

Hacking Barcodes

Video explains the basics of barcodes and runs us through how one can crack various flawed implementations in Parking tickets, Recycling machines, Access control systems, DVD rentals, Newspaper Ads, Postal codes, Airline boarding tickets, Baggage tracking, etc.

http://securitytube.net/Hacking-Barcodes-video.aspx

A quick demo of how to use off the shelf software to read / write barcodes is available here:

http://securitytube.net/Reading-and-Writin...odes-video.aspx

Link to comment
Share on other sites

Hello All,

Assembly language is a must know before one can get into the world of code exploitation techniques, reverse engineering, virus writing etc. Unfortunately, as Assembly is also a bit tough to grasp for newbies as it is very low level. Thus, I decided to create a video tutorial series on "how to get started with Assembly for hackers".

The series is far from complete yet. I will be posting follow up videos in this post as I make more. Here is the first couple I made today:

1. System Organization concepts:

http://securitytube.net/Assembly-Primer-fo...tion-video.aspx

In this first part, I explain the basics of computer organization, CPU registers - general purpose, segment and instruction pointer. Also covered is virtual memory organization, program memory organization, program stack and stack operations.

2. Virtual Memory Organization:

http://securitytube.net/Assembly-Primer-fo...tion-video.aspx

In this video we take an in-depth look at virtual memory organization concepts. We look at how one can use the /proc/PID/maps to peek into the layout of a program's virtual memory and interpret useful things. Also, we show how the Address Space Layout Randomization (ASLR) works in the latest 2.6 kernels and why this is significant from a security point of view. We also show how this can be disabled at runtime if the need be. This video is very important from an code exploitation perspective as it teaches us how to check for the presence of ASLR on a given system.

3. GDB Usage Primer:

http://securitytube.net/Assembly-Primer-fo...imer-video.aspx

In this video we go through a quick primer on how to use GDB to disassemble code, set breakpoints, trace through code, examine CPU registers and memory locations, examine the program stack and many other important use cases which will help us in later videos when we actually start coding in Assembly and want to debug our code.

Comments and Feedback welcome!

More videos to be added over the weekend.

Link to comment
Share on other sites

Hello All,

Just finished creating the next set of videos in the "Assembly Language Primer for Hackers" video series:

4. Writing your First Hello World Program in Assembly

http://securitytube.net/Assembly-Primer-fo...orld-video.aspx

5. Understanding Data types in Assembly Language

http://securitytube.net/Assembly-Primer-fo...ypes-video.aspx

6. Moving Data between registers and memory

http://securitytube.net/Assembly-Primer-fo...Data-video.aspx

Comments and Feedback welcome!

I will be creating the next set of videos over the weekend.

-Vivek

Link to comment
Share on other sites

Thanks Zimmer!

The next 2 videos in the series are as follows:

7. Working with Strings:

In this video we will look at how to work with strings in assembly using the MOVS, STOS, REP etc. instruction sets.

http://securitytube.net/Assembly-Primer-fo...ings-video.aspx

8. Unconditional branching:

In this video we will look at how to perform unconditional branching in assembly using the JMP and CALL instruction sets.

http://securitytube.net/Assembly-Primer-fo...hing-video.aspx

Comments and Feedback welcome !

I will try to complete the entire Assembly language videos in the next 2 weeks :)

Link to comment
Share on other sites

Vivek, you just very well may be the reason I'm finally getting around to learning assembly. Great work :)

Thanks! I am happy you feel so :)

Here are the next videos in the series:

9. Conditional Branching using the Jump family of instructions

http://securitytube.net/Assembly-Primer-fo...hing-video.aspx

10. Writing Functions in Assembly

http://securitytube.net/Assembly-Primer-fo...ions-video.aspx

11. Passing arguments to functions using the Stack

http://securitytube.net/Assembly-Primer-fo...tack-video.aspx

Enjoy!

Link to comment
Share on other sites

  • 2 weeks later...

Hello All,

Hope you liked the Assembly Language Primer series I made before this. I will be adding a couple of more videos to it soon. In the meantime wanted to get started with some real fun -

Buffer Overflow Primer Videos

In this video series we will take an in-depth look into Buffer Overflow attacks - how they work and how to exploit them. I made the first video in the series today - a 30 minute session.

Buffer Overflow Primer Part 1 (Smashing the Stack)

In this video we will look at how the program stack can be corrupted by a buffer overflow, how the EIP can be made to point at an arbitrary location in code as a consequence and how one can exploit such a condition.

http://www.securitytube.net/Buffer-Overflo...ack)-video.aspx

Lots more videos to come in this series.

Comments and Feedback welcome!

Link to comment
Share on other sites

Hello All,

Here are the next 2 videos in the Buffer Overflow Primer Series:

2. Writing Shellcode - we will take a very simple case of converting the exit() syscall into shellcode

http://securitytube.net/Buffer-Overflow-Pr...ode)-video.aspx

3. Executing Shellcode - we will look at how to write a simple C program to test the shellcode we wrote in the previous video

http://securitytube.net/Buffer-Overflow-Pr...ode)-video.aspx

Many more to come in this series!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...