Hey again! This is part 2 of my Introduction to x86 Exploit Development. If you didn’t check out my first part of this series, I highly recommend it before reading this. In this post, we go a little more in depth as to how things get laid out in memory from a program standpoint, now
Hey everyone! This post will serve as a supplement to my first of many tutorials on Buffer Overflows for Linux which will tie into my Exploit Development tutorials. I will try to keep this post focused on the minimum amount of knowledge needed to understand what a buffer overflow is, how it works, and how to
As a penetration tester, one of the first attacks I attempt during an internal assessment is that of LLMNR & NBT-NS poisoning. LLMNR (Link-Local Multicast Name Resolution) and NBT-NS (NetBIOS Name Service) are used to identify hosts when DNS fails to do so. A key flaw of LLMNR and NBT-NS is that both services utilize
Wanna chat? Add us on Twitter or me on LinkedIn! Veteran? Join our Slack!
Introduction Cybersecurity is a growing field in high demand; however, many estimates predict a shortage of approximately 3.5 million qualified cybersecurity candidates by 2021. This shortage is leaving many companies vulnerable to data breaches, ransomware, and other cyber-attacks. To address this shortage, the SANS Institute offers a program to help fill the impending cybersecurity skills
Hey guys! I figured that it would be beneficial to have an entire post dedicated to teaching some fundamentals about Computer Organization and the x86 Instruction Set Architecture, since I will be referencing this particular ISA (instruction set architecture) throughout most of my tutorials on Exploit Development and Reverse Engineering. This will be updated over
Part 3 of creating my Wargame to teach people exploit development and reverse engineering.
Introduction For years, Offensive Security (OffSec) certifications have been held as one of the gold standards in the ethical hacking/penetration testing community. Their certification exams have been praised for their difficulty and their “real-world” feel as testers are required to hack to gain their certification instead of the traditional multiple choice test. Having an OffSec
Video Walkthrough: Introduction: This week’s retiring machine is Bounty, which is a beginner-friendly box that can still teach a few new tricks. Bounty is rated 4.8/10, which I feel is pretty appropriate given the overall ease of the machine. In this walkthrough, we’ll do a little bit of dirbusting, learn a nifty trick to gain
Since making the switch from an Army Transportation Officer to a Supply Chain Management in the private sector and now working in Information/Cyber Security, I’ve done a lot of learning. Often, I am asked how I did it. Typically, I respond with the most hated two words in any language on the planet earth: hard