Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Talk:Hacking index"

From NetSec
Jump to: navigation, search
(sql injection)
(Subnetting)
Line 285: Line 285:
 
             1.2.2 COM objects (Windows)
 
             1.2.2 COM objects (Windows)
  
Anonymity
+
==Anonymity==
 
     1 General Services
 
     1 General Services
 
         1.1 Virtual Private Servers
 
         1.1 Virtual Private Servers
Line 338: Line 338:
 
         6.7 Taking it further
 
         6.7 Taking it further
  
Bash book
+
==Bash book==
 
     1 The Bash Shell - Simple usage
 
     1 The Bash Shell - Simple usage
 
         1.1 Before we dive
 
         1.1 Before we dive
Line 371: Line 371:
 
     3 Conclusion
 
     3 Conclusion
  
Bleeding Life
+
==Bleeding Life==
 
     1 Bleeding Life
 
     1 Bleeding Life
 
         1.1 Disclaimer
 
         1.1 Disclaimer
Line 414: Line 414:
 
             5.6.2 On x86-64
 
             5.6.2 On x86-64
  
C
+
==C==
 
     1 Overview
 
     1 Overview
 
         1.1 Basic Formatting
 
         1.1 Basic Formatting
Line 425: Line 425:
 
         1.6 Example Program
 
         1.6 Example Program
  
Cookies
+
==Cookies==
 
     1 Setting a cookie
 
     1 Setting a cookie
 
         1.1 Direct HTTP programming
 
         1.1 Direct HTTP programming
Line 446: Line 446:
 
         5.1 Stealing cookies through XSS
 
         5.1 Stealing cookies through XSS
  
Cryptography
+
==Cryptography==
 
     1 Cryptography
 
     1 Cryptography
 
         1.1 History
 
         1.1 History
Line 475: Line 475:
 
         4.2 ICMP Redirect
 
         4.2 ICMP Redirect
  
File Inclusion
+
==File Inclusion==
 
     1 Introduction
 
     1 Introduction
 
     2 Remote File Inclusion
 
     2 Remote File Inclusion
 
     3 Local File Inclusion
 
     3 Local File Inclusion
  
IPtables
+
==IPtables==
 
     1 iptables
 
     1 iptables
 
         1.1 1.0 - Introduction
 
         1.1 1.0 - Introduction
Line 486: Line 486:
 
         1.3 1.2 - Side Note - IPtables Module
 
         1.3 1.2 - Side Note - IPtables Module
  
LUA
+
==LUA==
 
     1 Comments
 
     1 Comments
 
     2 Variables
 
     2 Variables
Line 496: Line 496:
 
         4.3 Indexing Tables
 
         4.3 Indexing Tables
  
MySQL
+
==MySQL==
 
     1 MySQL Setup
 
     1 MySQL Setup
 
         1.1 Installing MySQL
 
         1.1 Installing MySQL
Line 515: Line 515:
 
         2.7 Dumping a database in Plesk
 
         2.7 Dumping a database in Plesk
  
NGINX
+
==NGINX==
 
     1 Nginx
 
     1 Nginx
 
         1.1 Basic HTTP Features
 
         1.1 Basic HTTP Features
Line 559: Line 559:
 
         7.4 SpawnFCGI Script
 
         7.4 SpawnFCGI Script
  
Nmap
+
==Nmap==
 
     1 Correct Usage
 
     1 Correct Usage
 
     2 Scan Types
 
     2 Scan Types
Line 568: Line 568:
 
     7 Conclusion
 
     7 Conclusion
  
Perl
+
==Perl==
 
     1 Basics
 
     1 Basics
 
         1.1 Development Environment
 
         1.1 Development Environment
Line 640: Line 640:
 
                 2.1.2.3 Server.pm
 
                 2.1.2.3 Server.pm
  
Postfix Notation
+
==Postfix Notation==
 
     1 Lesson
 
     1 Lesson
 
     2 1.0 - Introduction
 
     2 1.0 - Introduction
Line 652: Line 652:
 
     10 5.0 - Recommended Resource:
 
     10 5.0 - Recommended Resource:
  
Routing
+
==Routing==
 
     1 Subnetting Schemes
 
     1 Subnetting Schemes
 
     2 Real World Examples
 
     2 Real World Examples
Line 658: Line 658:
 
     4 Extras
 
     4 Extras
  
SMTP
+
==SMTP==
 
     1 Overview
 
     1 Overview
 
         1.1 What is SMTP
 
         1.1 What is SMTP
Line 664: Line 664:
 
         1.3 Applications that use SMTP
 
         1.3 Applications that use SMTP
  
SQL Backdoor
+
==SQL Backdoor==
 
     1 Concept
 
     1 Concept
 
         1.1 Subprocedures
 
         1.1 Subprocedures
Line 684: Line 684:
 
     4 Taking it further
 
     4 Taking it further
  
Tor
+
==Tor==
 
     1 How It Works
 
     1 How It Works
 
     2 Common Pitfalls
 
     2 Common Pitfalls
Line 692: Line 692:
 
     5 External Links
 
     5 External Links
  
Unsafe String Replacement
+
==Unsafe String Replacement==
 
     1 Overview
 
     1 Overview
 
     2 Examples
 
     2 Examples
Line 702: Line 702:
 
         3.3 Whitelisting using PCRE
 
         3.3 Whitelisting using PCRE
  
Vanguard
+
==Vanguard==
 
     1 Description
 
     1 Description
 
         1.1 Features
 
         1.1 Features
Line 721: Line 721:
 
     2 Download
 
     2 Download
  
Whois
+
==Whois==
 
     1 Lesson
 
     1 Lesson
 
         1.1 0.0 - Intro to Whois
 
         1.1 0.0 - Intro to Whois
Line 728: Line 728:
 
         1.4 3.0 - Domain Whois Example
 
         1.4 3.0 - Domain Whois Example
  
XSS
+
==XSS==
 
     1 Introduction
 
     1 Introduction
 
     2 Testing for XSS
 
     2 Testing for XSS
Line 757: Line 757:
 
     5 4.0 - Further Reading
 
     5 4.0 - Further Reading
  
CPP
+
==CPP==
 
     1 Syntax
 
     1 Syntax
 
         1.1 Includes
 
         1.1 Includes
Line 784: Line 784:
 
     5 Integrated Development Environment
 
     5 Integrated Development Environment
  
Command Injection
+
==Command Injection==
 
     1 Overview
 
     1 Overview
 
         1.1 Testing for Injection
 
         1.1 Testing for Injection
Line 792: Line 792:
 
         1.5 Perl
 
         1.5 Perl
  
Dmcrypt
+
==Dmcrypt==
 
     1 Getting Started
 
     1 Getting Started
 
     2 Encryption Ciphers and Algorithms
 
     2 Encryption Ciphers and Algorithms
Line 807: Line 807:
 
     7 External Links
 
     7 External Links
  
Forensic chain of custody
+
==Forensic chain of custody==
 
     1 Forensic Chain of Custody
 
     1 Forensic Chain of Custody
 
         1.1 Acquisition
 
         1.1 Acquisition
Line 813: Line 813:
 
         1.3 Active Memory Snapshots
 
         1.3 Active Memory Snapshots
  
Gentoo
+
==Gentoo==
 
     1 Virtual Machine Setup
 
     1 Virtual Machine Setup
 
     2 Hard Drive Setup
 
     2 Hard Drive Setup
Line 837: Line 837:
 
     18 Troubleshooting
 
     18 Troubleshooting
  
Hacking index
+
==Irssi Tutorial==
    1 Introduction
+
        1.1 System administration
+
        1.2 Networking
+
    2 Exploitation
+
        2.1 Applications
+
        2.2 Web applications
+
    3 Maintaining access
+
    4 Countermeasures
+
 
+
Irssi Tutorial
+
 
     1 Getting Irssi
 
     1 Getting Irssi
 
         1.1 Debian/Ubuntu
 
         1.1 Debian/Ubuntu
Line 859: Line 849:
 
     4 References
 
     4 References
  
Jynx Rootkit/1.0
+
==Jynx Rootkit/1.0==
 
     1 Jynx
 
     1 Jynx
 
         1.1 Introduction
 
         1.1 Introduction
Line 866: Line 856:
 
         1.4 Usage
 
         1.4 Usage
  
Linux Assembly
+
==Linux Assembly==
 
     1 32 bit syscall table
 
     1 32 bit syscall table
 
         1.1 Introduction
 
         1.1 Introduction
Line 875: Line 865:
 
         2.1 Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
 
         2.1 Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
  
MySQL Troubleshooting
+
==MySQL Troubleshooting==
 
     1 MySQL Troubleshooting
 
     1 MySQL Troubleshooting
 
         1.1 InnoDB Disabled
 
         1.1 InnoDB Disabled
Line 905: Line 895:
 
         6.4 Server with 8G+ RAM
 
         6.4 Server with 8G+ RAM
  
Physical Security
+
==Physical Security==
 
     1 Overview
 
     1 Overview
 
     2 Execution
 
     2 Execution
Line 911: Line 901:
 
         2.2 Attack Vectors
 
         2.2 Attack Vectors
  
Polymorphic
+
==Polymorphic==
 
     1 Reasons to write polymorphic code
 
     1 Reasons to write polymorphic code
 
     2 Techniques of polymorphic code writing
 
     2 Techniques of polymorphic code writing
Line 920: Line 910:
 
         4.1 poly.py
 
         4.1 poly.py
  
Python
+
==Python==
 
     1 Strengths and Weaknesses of Python
 
     1 Strengths and Weaknesses of Python
 
     2 Installation
 
     2 Installation
Line 973: Line 963:
 
             11.2.1 readlines()
 
             11.2.1 readlines()
  
RoR Patching
+
==RoR Patching==
 
     1 RoR Patching
 
     1 RoR Patching
 
         1.1 Vulnerabilities
 
         1.1 Vulnerabilities
Line 979: Line 969:
 
         1.3 Params Injection & Mass Assignment Abuse
 
         1.3 Params Injection & Mass Assignment Abuse
  
Snort
+
==Snort==
 
     1 Basic Packet Sniffing Utilities
 
     1 Basic Packet Sniffing Utilities
 
     2 Rules
 
     2 Rules
Line 986: Line 976:
 
         2.3 Example Rule
 
         2.3 Example Rule
  
Static ARP Configuration
+
==Static ARP Configuration==
 
     1 Reading your ARP Tables
 
     1 Reading your ARP Tables
 
     2 Prevention
 
     2 Prevention

Revision as of 19:58, 21 May 2012

keywords, keywords, keywords

bash

BASH

   1 Getting Started
   2 File System
       2.1 Directories
           2.1.1 /proc
           2.1.2 /etc
           2.1.3 /bin
           2.1.4 /sbin
           2.1.5 /var
           2.1.6 /home
           2.1.7 /tmp
       2.2 Files
           2.2.1 .bashrc
           2.2.2 .ssh/known_hosts
           2.2.3 /etc/motd
       2.3 Partitioning & Formatting
   3 Commands
       3.1 Text Manipulation
       3.2 File Manipulation
       3.3 Process Manipulation
       3.4 Debugging
       3.5 Network Manipulation
       3.6 Firewall Manipulation
       3.7 FileSystem Manipulation
       3.8 Pipes & Golfing in Bash


Bitwise math

coldfusion

Coldfusion hacking

   1 Injection
       1.1 Adobe ColdFusion
           1.1.1 Remote File Disclosure of Password Hashes
           1.1.2 Issues
           1.1.3 Logging In
           1.1.4 Writing Shell to File
           1.1.5 Issues
       1.2 Railo
   2 Privilege Escalation
   3 Patching
   4 Resources

Computer Forensics

   1 Cybercrime
       1.1 Investigation
       1.2 Preserving the evidence
       1.3 Where to find evidence
           1.3.1 Hardwarewise
           1.3.2 Softwarewise
   2 Forensic Imaging
       2.1 HardDisk Imaging

Cyberlaw

   1 Australian Cyberlaw
       1.1 Acts Applying to Cybercrime in Australia
       1.2 Cybercrime Act 2001 Offences
       1.3 Case Study: First Cybercrime Conviction in Australia
   2 European Cyberlaw
       2.1 Definititons of Cybercrime as per the Budapest Convention



dns

DNS

   1 DNS Basics
       1.1 DNS Recon
   2 Records
       2.1 MX Record
       2.2 CNAME Record
       2.3 DNAME Record
       2.4 A Record
   3 DNS Server Software
   4 DNS Utilities

Facebook

   1 Overview
   2 History
   3 FQL
   4 Content Forgery
       4.1 Screenshots & Video
       4.2 CIDR
           4.2.1 Websense
           4.2.2 Facebook
       4.3 Proof of Concept


Jynx Rootkit/2.0

   1 Features
   2 Archive Contents
   3 Configuration Options in Config.h
       3.1 MAGIC_STRING
       3.2 MAGIC_GID and MAGIC_UID
       3.3 REALITY_PATH
       3.4 CONFIG_FILE
       3.5 MULTI-FACTOR AUTHENTICATION
       3.6 LIBC_PATH
       3.7 ENV_VARIABLE
   4 Download & Installation
       4.1 Installation
       4.2 Usage
   5 Further Reading

Lfi autopwn.pl

   1 Requirements
   2 Description
       2.1 Features
       2.2 Usage
       2.3 httpdlogs.conf
       2.4 Other Execution/Interesting PHP Functions
   3 Source

MySql 5 Enumeration

   1 Info
       1.1 Example
       1.2 Description
       1.3 Disclaimer
   2 Source

Network Recon

   1 IP Addressing
   2 Subnet Masks
   3 Ports
   4 Routing
   5 Theory
   6 Tools

Null-free shellcode

   1 Introduction
   2 Assembly
   3 Conversion to shellcode
       3.1 String argument
       3.2 Null-byte removal
   4 Successful overflow test

Port Knocking

   1 1.0 - Introduction to Port Knocking
   2 2.0 - Knocking Sequences
   3 3.0 - Windows
   4 3.1 - Example:
   5 Single Packet Port Knock Example - Based on SYN/ACK Values

sql orientation

SQL orientation

   1 SQL Orientation
       1.1 Basic Database Navigation
           1.1.1 MySQL Navigation
           1.1.2 PostgreSQL
       1.2 Basic Queries
           1.2.1 SELECT - Select data from a table
           1.2.2 UPDATE - Modify rows in a table
               1.2.2.1 Updating multiple columns
           1.2.3 INSERT - Add rows to a table
           1.2.4 DELETE - Delete rows from a table

sql injection

   7 Advanced: manual boolean enumeration
       7.1 Using Ascii codes and the ascii() function for enumeration
           7.1.1 substring()
           7.1.2 Version fingerprinting with ascii-based enumeration
               7.1.2.1 In theory
               7.1.2.2 In Practice
       7.2 Using Regular Expressions for Boolean enumeration
           7.2.1 Getting started with regular expressions
           7.2.2 Version fingerprinting using compatible regular expressions
   8 Expert: Timing attacks for automated boolean enumeration
       8.1 MySQL boolean timing attacks
           8.1.1 benchmark() and related issues
           8.1.2 Evasive sleep() based boolean enumeration with regular expressions
               8.1.2.1 Testing for the ability to sleep():
               8.1.2.2 Controlling sleep() for enumeration:
               8.1.2.3 Using sleep() to map a table name with regular expressions
       8.2 PostgreSQL Boolean Timing Attacks
           8.2.1 Testing for access to pg_sleep()
           8.2.2 Using pg_sleep() with alternative comparisons for evasive boolean enumeration
   9 Expert: Automated Single-byte exfiltration
       9.1 Timing-based single-byte exfiltration
       9.2 The comparative precomputation attack
   10 Further penetration
       10.1 Obtaining direct database access
       10.2 Obtaining filesystem access
       10.3 Obtaining code execution
   11 Cheat Sheets
       11.1 Vulnerability testing
           11.1.1 Universal true and false statements
       11.2 MySQL syntax reference
           11.2.1 Mysql versions >= 5 user schema mapping (unprivileged)
           11.2.2 Privileged MySQL (any version) user
       11.3 PostgreSQL syntax reference
           11.3.1 PostgreSQL schema mapping
       11.4 Microsoft SQL syntax reference
           11.4.1 Microsoft SQL schema mapping (unprivileged)
           11.4.2 Privileged microsoft SQL injection
   12 Patching SQL Injection Vulnerabilities
   13 Further reading

Out of Order Code Execution

   1 What is it?
   2 Shellcode
   3 Detecting Breakpoints

Social Engineering

   1 Methods
       1.1 Email
       1.2 Telephone
       1.3 Examples
       1.4 Lesson 1
           1.4.1 - Preface by Wikipedia
           1.4.2 - Outline of Social Engineering
           1.4.3 - Analysing and Creating Milestones
           1.4.4 - Mantras for Social Engineering
           1.4.5 - Example
           1.4.6 - Other Uses
       1.5 Lesson 2 - Politeness
           1.5.1 - Introduction
           1.5.2 - Things To Keep in Mind
           1.5.3 - Putting Social Engineering to Work
           1.5.4 - Protecting Yourself From Social Engineering

Subnetting

   1 General Subnetting
   2 Real Life Example of Subnetting

Virtual machines

   1 Subsystems
       1.1 Hardware Virtualization
       1.2 Host Machine
       1.3 Guest Machine
   2 Virtualization Tools
   3 Creating Vulnerable VMs for Penetration Testing

Kolkata

   1 Description
       1.1 Dependencies
       1.2 Usage
   2 Source
   3 Signature Bundles
       3.1 Wordpress
       3.2 Joomla
       3.3 MediaWiki

API

   1 API technologies
       1.1 The Web
           1.1.1 Web services
           1.1.2 Remote Procedure Calls
       1.2 General software
           1.2.1 Software Libraries
           1.2.2 COM objects (Windows)

Anonymity

   1 General Services
       1.1 Virtual Private Servers
       1.2 Virtual Private Networks
       1.3 SSH Tunneling
           1.3.1 Basic Example of SSH Tunneling
       1.4 Shell Accounts
       1.5 FTP / Telnet
   2 Web-Browsing
       2.1 General
           2.1.1 Best Practices
       2.2 Firefox
           2.2.1 Recommended Extensions
       2.3 TODO
   3 Email Privacy
       3.1 PGP / GNUPG Encryption
       3.2 Anonymous Remailers
       3.3 Throw-away Accounts
   4 IM & Chat
       4.1 Instant Messaging
           4.1.1 Pidgin
               4.1.1.1 Using OTR
           4.1.2 TorChat
           4.1.3 TorPM
           4.1.4 ICQ
       4.2 Chat
           4.2.1 IRC
               4.2.1.1 Using OTR
           4.2.2 SILC
               4.2.2.1 Key based authentication
           4.2.3 Utilising IRC Bouncers
   5 Files & Hard-Disk Encryption
   6 Possible Downfalls
       6.1 Network Performance
       6.2 Personal Information
       6.3 IP Leaks
       6.4 DNS Leaks

Assembly

   1 Introduction
   2 Binary
   3 Number handling
   4 Data storage
   5 Memory Addressing
   6 Instructions
       6.1 Syntaxes
       6.2 Data manipulation basic primitives
       6.3 Basic arithmetic
       6.4 Bitwise mathematics operators
       6.5 Shifts and rotations
       6.6 Control flow operators
       6.7 Taking it further

Bash book

   1 The Bash Shell - Simple usage
       1.1 Before we dive
       1.2 Getting started
           1.2.1 Reading a file
           1.2.2 Navigating and searching through the filesystem
           1.2.3 Searching for files and directories
           1.2.4 Advanced find use
               1.2.4.1 Combining find with xargs
           1.2.5 Executing several commands in a row
           1.2.6 Chaining programs
           1.2.7 Writing to files
       1.3 Back on board
   2 Advanced use, loops, stream editing, shell programs
       2.1 Before we dive
       2.2 Advanced bash
           2.2.1 Sorting and removing duplicates
           2.2.2 Filtering output
           2.2.3 Displaying only part of lines
           2.2.4 Statistics on the output
       2.3 Variables, loops and conditional statements
           2.3.1 Variables
           2.3.2 Conditional statements
           2.3.3 Data ranges
           2.3.4 The for loop
           2.3.5 The while loop
       2.4 Stream editing
       2.5 Writing programs in bash
           2.5.1 Passing arguments to programs
           2.5.2 Defining functions and calling them
           2.5.3 Homework
   3 Conclusion

Bleeding Life

   1 Bleeding Life
       1.1 Disclaimer
       1.2 Features
           1.2.1 Exploits
               1.2.1.1 Adobe
               1.2.1.2 Java
           1.2.2 Statistics
       1.3 Server Requirements
       1.4 Installation & Configuration
       1.5 Download

Buffer Overflows

   1 Description
   2 Defenses
       2.1 ASLR
       2.2 DEP
       2.3 Containers
       2.4 Bypassing protections
   3 Maximum effectiveness
   4 Causes
   5 Example
       5.1 Disabling ASLR
       5.2 Test application
           5.2.1 bof.c
           5.2.2 Compiling
               5.2.2.1 Potential compile-time protections
               5.2.2.2 Solution for test application
       5.3 Testing
           5.3.1 On x86
           5.3.2 On x86-64
       5.4 Disabling DEP
       5.5 Debugging
           5.5.1 Shellcode analysis
               5.5.1.1 On x86
               5.5.1.2 On x86-64
           5.5.2 Finding the return address
               5.5.2.1 On x86
               5.5.2.2 On x86-64
       5.6 Exploitation
           5.6.1 On x86
           5.6.2 On x86-64

C

   1 Overview
       1.1 Basic Formatting
           1.1.1 Includes
           1.1.2 The main() Function
       1.2 Variables
       1.3 Loops
       1.4 If/Else
       1.5 Compilation
       1.6 Example Program

Cookies

   1 Setting a cookie
       1.1 Direct HTTP programming
       1.2 PHP (server side)
       1.3 Javascript (client side)
   2 Accessing a cookie
       2.1 Direct HTTP programming (server side)
       2.2 PHP
       2.3 Javascript
   3 Deleting a cookie
       3.1 Direct HTTP programming
       3.2 PHP
       3.3 JavaScript
   4 Flags
       4.1 Secure
       4.2 HttpOnly
       4.3 Path
       4.4 Domain
   5 Attacks
       5.1 Stealing cookies through XSS

Cryptography

   1 Cryptography
       1.1 History
       1.2 Salting
       1.3 Type of encryption
       1.4 Encryption Attack Methods
       1.5 Commandline Tools
           1.5.1 Linux Tools
           1.5.2 Windows Tools
       1.6 Algorithms
           1.6.1 Ciphers
           1.6.2 Hashes
           1.6.3 Modes

DDoS Attack

   1 Three way handshake and Connect State
   2 TCP Attacks
       2.1 Synflood
           2.1.1 Spoofed Synflood
           2.1.2 Dealing with Synfloods
       2.2 Advanced Attacks
           2.2.1 Optimistic ACK Floods
           2.2.2 Duplicate ACK Spoofing
   3 UDP Attacks
       3.1 Dealing with UDP floods
   4 ICMP Attacks
       4.1 ICMP Smurf
       4.2 ICMP Redirect

File Inclusion

   1 Introduction
   2 Remote File Inclusion
   3 Local File Inclusion

IPtables

   1 iptables
       1.1 1.0 - Introduction
       1.2 1.1 - Example
       1.3 1.2 - Side Note - IPtables Module

LUA

   1 Comments
   2 Variables
       2.1 Global Variables vs Local Variables
   3 Functions
   4 Tables
       4.1 Declaring an empty Table
       4.2 Declaring, and populating a Table
       4.3 Indexing Tables

MySQL

   1 MySQL Setup
       1.1 Installing MySQL
       1.2 Setup on a personal computer
           1.2.1 Setting Permissions
       1.3 Basic Database Operation
           1.3.1 Display
           1.3.2 Creating and Deleting Databases
           1.3.3 Creating and Deleting Tables
           1.3.4 Editing Tables
   2 MySQL Commands
       2.1 Create a backup of a database
       2.2 Restore an entire database
       2.3 Restore a single table
       2.4 Dump mysql user privileges
       2.5 Restore a single database from a full dump
       2.6 Extract sql for a single database from a full dump
       2.7 Dumping a database in Plesk

NGINX

   1 Nginx
       1.1 Basic HTTP Features
       1.2 Additional HTTP Features
       1.3 Mail Proxy Server Features
       1.4 Architecture and Scalability
   2 Nginx Configuration Directives
       2.1 error_log
           2.1.1 Disabling error logging
       2.2 access_log
       2.3 proxy_pass
       2.4 root
       2.5 Location Block
           2.5.1 Case-Insensitive
           2.5.2 Case-Sensitive
           2.5.3 Match "/"
           2.5.4 Match everything
           2.5.5 Regex Matching
   3 VirtualHost Equivalents
   4 Main Configuration
       4.1 Log Format
       4.2 Timeouts
       4.3 Socket settings
       4.4 Character Encoding
       4.5 Security
       4.6 Performance
       4.7 GZIP Compression
       4.8 Output Buffering
       4.9 DirectoryIndex Equivalent
       4.10 Upstream Example
   5 NGINX & CloudFlare
       5.1 HttpRealIpModule
   6 Troubleshooting
       6.1 .xml ISE 500
       6.2 Status Page
           6.2.1 Status Page Details
           6.2.2 Status Stub Variables
   7 Reverse Proxy & Load Balancer
       7.1 Upstream (proxy/load_balancer)
       7.2 LimitZone (DoS Prevention)
       7.3 Apache Rewrites to NGINX Rewrites
           7.3.1 Examples
       7.4 SpawnFCGI Script

Nmap

   1 Correct Usage
   2 Scan Types
   3 Options
   4 Evasion Techniques
   5 Target Specification
   6 Script Scanning
   7 Conclusion

Perl

   1 Basics
       1.1 Development Environment
           1.1.1 Linux & Unix
           1.1.2 Windows
           1.1.3 CPAN
       1.2 Your first program
           1.2.1 Code
           1.2.2 Analysis
       1.3 Variables & Data Types
           1.3.1 Scalars
           1.3.2 Arrays
               1.3.2.1 Helper Functions
                   1.3.2.1.1 join()
                   1.3.2.1.2 split()
                   1.3.2.1.3 push()
                   1.3.2.1.4 pop()
                   1.3.2.1.5 unshift()
                   1.3.2.1.6 shift()
           1.3.3 Hashes
               1.3.3.1 Introduction
               1.3.3.2 Helper Functions
                   1.3.3.2.1 each()
                   1.3.3.2.2 keys
           1.3.4 References
               1.3.4.1 Hash References
               1.3.4.2 Callback References
           1.3.5 Casting
       1.4 Boolean Logic
           1.4.1 Operators
               1.4.1.1 Mathematical
               1.4.1.2 Regular Expression
           1.4.2 Statements
               1.4.2.1 if
               1.4.2.2 unless
               1.4.2.3 AND an OR
               1.4.2.4 switch
               1.4.2.5 Golfing
           1.4.3 Helper Natives
               1.4.3.1 exists
               1.4.3.2 defined
               1.4.3.3 undef
           1.4.4 Bitwise Manipulations
               1.4.4.1 AND
               1.4.4.2 NOT
               1.4.4.3 OR
               1.4.4.4 XOR
               1.4.4.5 Bit Shifting
               1.4.4.6 Bit Rotation
       1.5 Loops
           1.5.1 While
           1.5.2 Until
           1.5.3 For
           1.5.4 Foreach
       1.6 User Input
           1.6.1 Command Line Arguments
               1.6.1.1 Getopt::Std
                   1.6.1.1.1 Code
                   1.6.1.1.2 Analysis
               1.6.1.2 Getopt::Long
                   1.6.1.2.1 Code
                   1.6.1.2.2 Analysis
           1.6.2 STDIN (Standard Input)
       1.7 User-Defined Functions
   2 Application configurations, logging, & Network Services
       2.1 Throughput
           2.1.1 Download
           2.1.2 Usage
               2.1.2.1 Config.pm
               2.1.2.2 Log.pm
               2.1.2.3 Server.pm

Postfix Notation

   1 Lesson
   2 1.0 - Introduction
   3 2.0 - So WTF is a stack?
   4 2.1 - PostFix Expression
   5 2.2 - Example
   6 2.3 - Back to PostFix
   7 3.0 - Binary Trees
   8 3.1 - Example
   9 4.0 - Conclusion
   10 5.0 - Recommended Resource:

Routing

   1 Subnetting Schemes
   2 Real World Examples
   3 Back to Subnetting
   4 Extras

SMTP

   1 Overview
       1.1 What is SMTP
       1.2 Port Information
       1.3 Applications that use SMTP

SQL Backdoor

   1 Concept
       1.1 Subprocedures
       1.2 Event Procedures
   2 Implementation
       2.1 MySQL
           2.1.1 Syntax
           2.1.2 Example A: phpBB3 backdoor (UPDATE hook)
               2.1.2.1 Code
               2.1.2.2 Analysis
           2.1.3 Example B: Wordpress backdoor (INSERT hook)
               2.1.3.1 Code
               2.1.3.2 Analysis
       2.2 Backdoor Installation
           2.2.1 Access/Configuration Requirements
           2.2.2 Writing to file and using "source"
           2.2.3 Writing directly into the command line
   3 Mitigation
   4 Taking it further

Tor

   1 How It Works
   2 Common Pitfalls
   3 Getting Tor and Extra Uses
       3.1 Proxychains and Tor-Resolve
   4 Hidden services
   5 External Links

Unsafe String Replacement

   1 Overview
   2 Examples
       2.1 PHP
       2.2 PCRE
   3 Defense
       3.1 PHP
       3.2 PCRE
       3.3 Whitelisting using PCRE

Vanguard

   1 Description
       1.1 Features
       1.2 Limitations
       1.3 Usage
       1.4 Installation
           1.4.1 Application Dependencies
           1.4.2 Perl Dependencies
       1.5 Configuration
           1.5.1 Main Configuration
           1.5.2 WebCrawler
           1.5.3 Nmap Module
           1.5.4 Local File Inclusion
           1.5.5 LDAP
           1.5.6 Remote File Inclusion
           1.5.7 Command Injection
           1.5.8 SQL injection
   2 Download

Whois

   1 Lesson
       1.1 0.0 - Intro to Whois
       1.2 1.0 - Picking a Server
       1.3 2.0 - Getting the information that you want
       1.4 3.0 - Domain Whois Example

XSS

   1 Introduction
   2 Testing for XSS
   3 XSS Exploitation
   4 External links

Zombies

   1 Definition
   2 Exploitation
   3 Types of Attacks
   4 Staying Safe
   5 Evolution

BGP

   1 Lesson 1
       1.1 Network Discovery with BGP
   2 Lesson 2
       2.1 ASN/BGP/RIP
           2.1.1 1.0 - Introduction
           2.1.2 2.0 - Example
           2.1.3 3.0 - RIP

Bcrypt

   1 Lesson
   2 1.0 - Introduction
   3 2.0 - Running bcrypt
   4 3.0 - General Talk
   5 4.0 - Further Reading

CPP

   1 Syntax
       1.1 Includes
       1.2 Main function
       1.3 Variables and Data Types
       1.4 Operators
           1.4.1 Assignment
               1.4.1.1 Compound Assignment
           1.4.2 Arithmetic
           1.4.3 Relational
           1.4.4 Logical
           1.4.5 Increment/Decrement
       1.5 If & Else
       1.6 Functions
       1.7 Loop Functions
       1.8 Classes
   2 Your first program: Hello World
       2.1 The code
       2.2 Compiling the Hello World
   3 Example Program: Functions
       3.1 The code
       3.2 Compiling Example Program
   4 Example Program: Classes
       4.1 The code
       4.2 Output
   5 Integrated Development Environment

Command Injection

   1 Overview
       1.1 Testing for Injection
       1.2 Example vulnerability
       1.3 Exploitation
       1.4 UNIX
       1.5 Perl

Dmcrypt

   1 Getting Started
   2 Encryption Ciphers and Algorithms
       2.1 Hashing Algorithms
       2.2 Ciphers
   3 Setting Up a Block Device
       3.1 Creating a Partition
       3.2 Creating a Flat File
   4 LVM and the Device Mapper
       4.1 Obtaining Support
       4.2 Creating Encrypted LVM Partitions
   5 Encrypting the Flat File
   6 Starting and Stopping the Service
   7 External Links

Forensic chain of custody

   1 Forensic Chain of Custody
       1.1 Acquisition
       1.2 Witnesses and Documentation
       1.3 Active Memory Snapshots

Gentoo

   1 Virtual Machine Setup
   2 Hard Drive Setup
   3 Base installation and Configuration
   4 CHROOT
   5 Installing Software
   6 Encrypted Home Dir
   7 Kernel
   8 Final Configurations
   9 Bootloader
   10 X Server
   11 BASH
       11.1 Part 1: Reading files
       11.2 Part 2: Navigation
       11.3 Other useful commands
       11.4 Directing output
   12 Screen
   13 Services
   14 Network Services
   15 Debugging Services
   16 Permissions and Security Basics
   17 Getting Help
   18 Troubleshooting

Irssi Tutorial

   1 Getting Irssi
       1.1 Debian/Ubuntu
       1.2 Gentoo
       1.3 Slackware
       1.4 Frugalware
       1.5 Solaris
       1.6 Arch Linux
   2 Connecting to the IRC
   3 Sample config file
   4 References

Jynx Rootkit/1.0

   1 Jynx
       1.1 Introduction
       1.2 Configuration & Features
       1.3 Exercise & Installation
       1.4 Usage

Linux Assembly

   1 32 bit syscall table
       1.1 Introduction
       1.2 Unlinked System Calls for 32bit systems
       1.3 Linked System Calls for 32bit systems
       1.4 Other Code Comparisons
   2 64 bit syscall table
       2.1 Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);

MySQL Troubleshooting

   1 MySQL Troubleshooting
       1.1 InnoDB Disabled
       1.2 Locked Tables
       1.3 Post-Upgrade - MySQL does not start
       1.4 MySQL Top Resources Script
       1.5 MySQL Datadir Migration
           1.5.1 If /var is full
       1.6 Post-migration
       1.7 Database Repair
           1.7.1 Repair Corrupted Database (REPAIR)
           1.7.2 Repair Corrupted Database (With FRM)
           1.7.3 Repair ALL Databases and Reindex Tables
       1.8 InnoDB Thread Issues
       1.9 Slow Query Log
   2 Optimization Scripts
       2.1 MySQL Tuning Primer
       2.2 MySQL Tuner
   3 Downgrading
       3.1 Downgrading MySQL
   4 Upgrading MySQL
   5 Configuration File Formulas
       5.1 Calculating Minimum Memory Needed
       5.2 Configuration Variables
   6 Premade Configs
       6.1 VPS
       6.2 Server with 1G-2G RAM
       6.3 Server with 3G-8G RAM
       6.4 Server with 8G+ RAM

Physical Security

   1 Overview
   2 Execution
       2.1 Prevention
       2.2 Attack Vectors

Polymorphic

   1 Reasons to write polymorphic code
   2 Techniques of polymorphic code writing
   3 Example in ruby
       3.1 pv.rb (polymorphic virus)
       3.2 md.rb (utility functions)
   4 Example in python
       4.1 poly.py

Python

   1 Strengths and Weaknesses of Python
   2 Installation
   3 Basic Application
       3.1 Python Operators
       3.2 Variable Definition
       3.3 Printing and Receiving Input
       3.4 Commenting
   4 Modules
       4.1 Third-Party and Custom Modules
       4.2 Calling on a function within a module
   5 Variable Operation
       5.1 List Operations
           5.1.1 Advanced List Operations
               5.1.1.1 append()
               5.1.1.2 insert()
               5.1.1.3 index()
       5.2 String Operations
           5.2.1 strip()
           5.2.2 split()
           5.2.3 find()
       5.3 Typecasting
   6 Statements and Loops
       6.1 If Statement
           6.1.1 If
           6.1.2 If-Else
           6.1.3 If-Elif
       6.2 While Loop
       6.3 For Loop
   7 Functions
   8 Classes
   9 File Handling
       9.1 Opening and closing a file
       9.2 Reading from a file
           9.2.1 read()
           9.2.2 readline()
           9.2.3 readlines()
   10 Socket Programming
       10.1 Creating a Socket
       10.2 Connecting a Socket
       10.3 Binding and Accepting
           10.3.1 Binding
           10.3.2 Listening
           10.3.3 Accepting
       10.4 Sending and Receiving
           10.4.1 Encoding
           10.4.2 Sending and Receiving
       10.5 SSL
   11 Ctypes
       11.1 Loading a Shared Object
       11.2 Calling a function from a loaded Shared Object
           11.2.1 readlines()

RoR Patching

   1 RoR Patching
       1.1 Vulnerabilities
       1.2 XSS
       1.3 Params Injection & Mass Assignment Abuse

Snort

   1 Basic Packet Sniffing Utilities
   2 Rules
       2.1 Rule Headers
       2.2 Rule Option Section
       2.3 Example Rule

Static ARP Configuration

   1 Reading your ARP Tables
   2 Prevention
       2.1 ProxyARP
           2.1.1 Uses
           2.1.2 Advantages
           2.1.3 Disadvantages
           2.1.4 Further reading
       2.2 Bonding

TCP Traceroute

   1 Overview
       1.1 vs. UDP/ICMP
       1.2 What you can do
           1.2.1 Windows
           1.2.2 Linux

Traceroute

   1 Performing a Traceroute
   2 Example of Tracert
   3 Options for Tracert
   4 Example of Traceroute
   5 Options for Traceroute

Wireless Security

   1 Basics
   2 Wired Equivalent Privacy (WEP)
   3 Wi-Fi Protected Access (WPA / WPA2-PSK)
   4 Tools
   5 Reaver

--Hatter 03:23, 21 May 2012 (MSK)