Jump to content

Video Tutorials on Hacking and Security


Vivek Ramachandran

Recommended Posts

Hello All,

Next 2 videos in this series are online now:

4. Disassembling Execve:

In this video we will look at how to invoke execve in assembly.

http://securitytube.net/Buffer-Overflow-Pr...cve)-video.aspx

5. Creating Shellcode for Execve:

In this video we will look at how to create shellode for invoking the execve syscall.

http://securitytube.net/Buffer-Overflow-Pr...cve)-video.aspx

More videos to come in this series!

Comments and Feedback welcome!

Link to comment
Share on other sites

Hello All,

I just completed a couple of more videos in this series. So here goes:

6. Exploiting a vulnerable program:

In this video we will understand how to overwrite the stack with our shellcode and exploit a vulnerable program.

http://securitytube.net/Buffer-Overflow-Pr...ram)-video.aspx

7. Demo of an actual exploitation:

This will consist of a demo of an actual exploitation based on the theory learnt in the previous video.

http://securitytube.net/Buffer-Overflow-Pr...emo)-video.aspx

8. Return to Libc theory:

2.6 kernel onwards the stack was made Non-Executable, thus rendering the tradional buffer overflow attacks useless. In this video we will understand how we can subvert this protection using a technique called "Return to Libc"

http://securitytube.net/Buffer-Overflow-Pr...ory)-video.aspx

9. Demo of exploiting using Return to Libc:

This will consist of an actual demo by using a vulnerable program.

http://securitytube.net/Buffer-Overflow-Pr...emo)-video.aspx

Comments and Feedback welcome!

Link to comment
Share on other sites

Just a note that you need to look at your webserver at securitytube.net... If you browse to securitytube.net you have a nasty ASP error and have server errors enabled... Not really the best idea for security. I would also suggest setting up a DNS forwarder for securitytube.net to www.securitytube.net

I do like the videos though just giving a heads up.

-Z

Link to comment
Share on other sites

  • 2 weeks later...
Just a note that you need to look at your webserver at securitytube.net... If you browse to securitytube.net you have a nasty ASP error and have server errors enabled... Not really the best idea for security. I would also suggest setting up a DNS forwarder for securitytube.net to www.securitytube.net

I do like the videos though just giving a heads up.

-Z

Thanks for the info zerosignal0! The reason for the errors is resource exhaustion on the shared hosting i am currently using. I am in the process of moving SecurityTube from shared to dedicated hosting. Hopefully, all these errors should disappear after that!

Link to comment
Share on other sites

Hello All,

Just wanted to add 2 more videos on Advanced Buffer Overflow techniques:

1. Exploiting Buffer Overflows on systems with linux kernel without ASLR

http://securitytube.net/Exploiting-Buffer-...ASLR-video.aspx

2. Exploiting Buffer Overflows on systems with ASLR enabled in the kernel using a Brute Force on the Stack

http://securitytube.net/Exploiting-Buffer-...ayer-video.aspx

These videos have been made by BlackLight from http://blacklight.gotdns.org/ .

Enjoy!

Link to comment
Share on other sites

  • 2 weeks later...

Reverse Engineering a Software Install Process

Most of us install software downloaded from both known and unknown sources. Sometimes, we might have a reason to suspect that the software in question may be doing some malicious activity on our PC - such as modifying a registry key, overwriting an important system DLL etc. In this video we will look at how to reverse engineer a software install process by using InstallWatch.

http://securitytube.net/Reverse-Engineerin...cess-video.aspx

Link to comment
Share on other sites

Thanks for these.
Thanks Seshan!

Format String Vulnerabilities Video Primer

Hello All,

After covering Assembly Language and Buffer Overflow basics in detail, I am now moving on to Format String Bugs. This will also be around a 8 part video series, so please bear with me. I will be posting the videos on this thread as I make them.

Video 1: The Basics

In this first video of the series, we will understand the basics of format strings and format functions and we will look at a simple case where information leakage happens due to a format string vulnerability being present.

http://securitytube.net/Format-String-Vuln...ics)-video.aspx

Thanks!

Link to comment
Share on other sites

Thanks @charm_quark!

@SomethingToChatWith - Please feel free to download the videos!

Hello All,

Here is the next set of videos:

1. Format String Vulnerabilities Primer (Part 2 Understanding Format Functions)

In this video we will try to understand why functions such as Printf are susceptible to Format String attacks. This video is very hands on in nature - we will explore the stack of a vulnerable program using GDB and see how the Printf function interprets the format string to decide on the number of arguments it should pick from the stack.

http://securitytube.net/Format-String-Vuln...ons)-video.aspx

2. Format String Vulnerabilities Primer (Part 3 Crashing the Program)

In this video we will look at how a Format String Vulnerability can be used to crash a program. This could be used by a remote attacker to launch a Denial of Service attack on a server running a vulnerable daemon.

http://securitytube.net/Format-String-Vuln...ram)-video.aspx

3. Format String Vulnerabilities Primer (Part 4 Viewing the Stack)

In this video we will look at how a Format String Vulnerability can be used to view the program stack.

http://securitytube.net/Format-String-Vuln...ack)-video.aspx

Comments and Feedback welcome!

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
thanks a LOT. I'm getting my head into network security but it's really nice to get into application side as well. Keep up the good work !!

Thanks! I am glad you liked the site :)

Hello All,

I will be posting interesting video on SecurityTube in this thread. It is important to note that these are videos which people have submitted / referred to SecurityTube and have not been made by me.

1. Hacker News Network: HNNCast for the 4th Week of June

http://securitytube.net/HNNCast-for-the-4t...June-video.aspx

2. Endianness Basics:

http://securitytube.net/Endianness-(Part-I)-video.aspx

http://securitytube.net/Endianness-(Part-II)-video.aspx

3. Is it safe to surf porn on an Apple MAC?

http://securitytube.net/Is-it-Safe-to-Surf...-Mac-video.aspx

4. Building a VNC Backdoor door from scratch

http://securitytube.net/Building-a-VNC-Bac...atch-video.aspx

More videos to be posted in this thread soon!

Enjoy!

Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...