Tag.
WEB: Blind Elephant, web application scanner (SF).
WEB: Blind Elephant, web application scanner (Qualys).
WEB: Whisker (Rain Forest Puppy, RFP).
Databases and co:
Social:
- SE: users really do plug in USB drivers they find, University of Illinois.
- SE: CompTIA, find a flash drive, pick it up.
- SE: GoPhish, open source (demo) phishing tool.
- SE: Wikipedia on Punycode.
- SE: IDN in Chrome.
- SE/TOOL: Mailinator: millions of public, disposable email inboxes.
- SE/TOOL: Free SMS verification, receive SMS online.
- SE/TOOL: BurnerAPP - calling, texting, picture messaging.
- SE/TOOL: TempoPhone - temporary phone number.
- SE/TOOL: 10 minute mail.
- SE/TOOL: Guerrilamail.com.
- SE/TOOL: DisPostAble.
- SE/TOOL: Hushed, disposable numbers.
- SE/TOOL: King Phisher.
- SE/SPF: DMARC Analyzer: What is SPF?
- SE/SPF: DMARC Analyzer: SPF Record Check.
- SE/TOOL: Duck Toolkit.
- SE: USB IDs.
- SE/TOOL: Rubber Ducky Manual.
- SE: Bash Bunny by Hak5.
- SE: Bash Bunny Manual.
- SE: Bash Bunny: Quick Creds.
- SE/TOOL: Rubber Ducky Scripting Language.
- SE/TOOL: Rubber Ducky: obfuscation and optimalization.
- SE: Security Awareness with USB Rubber Ducky.
- SE: hak5darren, Rubber Ducky home and code.
- SE: PortaPow - Data Blocker.
- SE: Mitnick, LinkedIn 2 factor authentication.
- SE: USBNinja, a BadUSB remake.
- SE: Sneak Technology.
- SE: Lab401 gear.
- SE: Wikipedia on Juice Jacking.
- SE: _MG_ BadUSB Cable: https://twitter.com/_MG_/status/949684949614907395.
- SE: Wall of Sheep.
Research, researchers, PoCs:
Phreaks:
Wifi, bluetooth, ... :
Organizations and related:
Credentials:
Other, related tools:
- TOOL: Evilgrade Framework.
- TOOL: Hidden-Tear, open source ransomware honeypot.
- TOOL: Social Engineer Toolkit.
- TOOL: Fing App, free network scanner for IOS/Android.
- MALWARE DEMO: Hidden Tear.
- TOOL: Portswigger Web Security, Burp Suite Editions.
- TOOL: Hopper, MacOS and Linux disassembler.
- TOOL: Aircrack-ng, Airbase-ng.
- TOOL: Metasploit, penetration testing toolkit by Rapid7.
- TOOL/INFO: Metasploit MSF-RPC.
- TOOL: Charles, web application proxy.
- TOOL: MITM Proxy.
- TOOL: Fiddler, free web debugging proxy.
- TOOL: The Backdoor Factory (BDF), patching files with shellcode.
- TOOL/INFO: DerbyCon 2013, Midnite Runr: Patching windows executables with the backdoor factory.
- TOOL/NSA: Quantum Insert emulation tool by Fox-it.
- TOOL/TCP: Shijack.
- TOOL/TCP: HUNT.
- TOOL/MITM: Ettercap.
- TOOL/INFO: The Harvester.
- TOOL/INFO: The Harvester (github).
- TOOL/REPLAY: Firesheep by Codebutler.
- TOOL/REPLAY: Firesheep (github).
- TOOL/MITM: PuttyRider.
- TOOL/CRED: Meterpreter Incognito, impersonate Windows user tokens on a compromised machine.
- TOOL/CRED: Crunch - wordlist generator.
- TOOL: original home of Netcat.
- TOOL: original home of fscan.
- TOOL: BeEF, the Browser Exploitation Framework project.
- TOOL/WIKI: BeEF, wiki.
- TOOL: (List) SecTools.org.
- TOOL: Core Impact, solution for testing and assessing vulnerabilities.
- TOOL: Core Impact, open source tools.
- TOOL: SSH-MITM (proxy, github).
- TOOL: Recon-NG - OSINT gathering tool.
- TOOL: OllyDBG 32-bit assembler level debugger for Windows.
- TOOL: SecLists - various security related lists.
- TOOL: SSLStripv2.
- TOOL: Delorean, NTP spoofer.
µ
- TOOL: Eleven Path, home of The FOCA and other tools.
- TOOL: MWR Labs, Android, Ios, ...
- TOOL: Backbox Linux, penetration testing distribution.
Denial of Service (DoS):
Distributed Denial of Service:
- DDOS: Wikipedia, 2007 cyberattacks on Estonia.
- DDOS: Wikipedia, 2010 cyberattacks on Myanmar.
- DDOS: Wikipedia, US diplomatic cables leak.
- DDOS: Wikipedia: Operation Payback.
- DDOS: Arbor, understanding DDoS.
- DDOS: Wikipedia, 2012, Operation Ababil.
- DDOS: Radware - Operation Ababil.
- DDOS: Verisign.
- DDOS: Verisign DDOS 2017.
- DDOS: wikipedia on Mirai.
- DDOS: SMURF amplifier monitor.
- DDOS: BASHLITE.
- DDOS: incapsula, malware analysis Mirai DDoS botnet.
- PROT: Wikipedia on CHARGEN.
- PAPER: Berkeley, an analysis of using reflectors for Distributed Denial of Service attacks.
- DDOS: flawed router flood university of Wisconsin Internet Time Server.
- DDOS: open letter to D-LINK about NTP vandalism.
- DDOS: CVE-2013-5211, NTP MON_GETLIST issues.
- DDOS: Cisco - CVE-2013-5211.
- DDOS: Open Resolver Project (DNS).
- DDOS: Cloudflare, Memcrashed - major amplification attacks from UDP port 11211.
- DDOS: GITHUB, Memcashed protocol.
- DDOS: Nucleus.be, Memcached gebruiken: wie, wat, waar?.
Physical:
VoIP:
Tunneling & covert channels
Authentication:
Virtualization:
Intelligence:
Hardening:
Unsorted, various:
Forensics:
- FOR: Wikipedia, list of file signatures.
- FOR: Wikipedia, Windows Portable Executable (PE).
- FOR: Wikipedia, Dynamic Linker.
- FOR: Wikipedia, COF (UNIX).
- FOR: Microsoft, PE file format.
- FOR: MSDN, peering inside the PE file format.
- FOR: Wikipedia, Code Cave.
- FOR: Wikipedia, UPX packer.
- FOR: INFOSEC, demystifying PE file.
- FOR: why spot checking Cisco equipment for counterfeit signs is necessary.
- FOR: The Volatility Foundation.
- FOR: Wikipedia on Volatility.
- FOR: Wikipedia on Apple File System (AFS).
- FOR: SANS DFIR, Digital Forensics and Incident Response.
- FOR: Web browser user agents.
- FOR: HTTP USER AGENT string explained.
Software Defined Networking (SDN):
IDS, IDP, Honeypots:
X86/x64:
Storage:
Cloud:
Linux:
Microsoft:
Malware and related:
- MAL: EternalRocks, Github sources, captures and traces.
- MAL/YARA: YARA documentation.
- MAL/YARA: YARA pattern matching for malware researchers.
- MAL/YARA: repository of yara rules (main).
- MAL/YARA: repository of yara rules (github).
- MAL/YARA: Yara Rule Generator.
- MAL/ANA: PEid, dectect common packers, cryptors and compilers for PE files.
- MAL: EvilGrade, perform malicious updates (github).
- MAL: msfvenom = msfpayload + msfencode.
- MAL: how to use msfvenom (github).
- MAL: Wikipedia on Rogueware (security).
- MAL: The business of Rogueware, Panda security.
- MAL: Apple & Mac Defender.
- MAL/BOT: TrendMicro, SDbot.
- MAL/BOT: F-Secure, SDbot.
- MAL/WORM: wikipedia on Nimda.
- ENC: shikata_ga_nai, polymorphic XOR additive feedback encoder.
- ENC: Metasploit Blog: the odd couple: Metasploit and Antivirus Solutions.
- MAL: Heimdal, the ultimate guide to Angler exploit kit for non-technical people.
- MAL: Sophos News, a closer look at the Angler exploit kit.
- MAL: Palo Alto, understanding Angler exploit kit - part 1: exploit kit fundamentals.
- MAL: Wikipedia on Remote Access Trojan.
- MAL/HISTORICAL: Wikipedia on Cult of the Dead Cow.
- MAL/HISTORICAL: BO2K.
- MAL: Wikipedia on Dendroid.
- MAL: MalwareBytes, the state of malware, 2017.
- MAL: Android App stores investigation.
- MAL/TOOL: AVC UnDroid (Beta), submit android apps for analysis.
- MAL/PAPER: John Hopkins, manipulate the led light of camera by malware.
- MAL: Snacksforyourmind, exploring the limits of covert data.
- MAL: Naked Security, Memories of the Chernobyl virus.
- MAL: Wikipedia on Flame.
Crypto:
- PKI: OWASP, Certificate and public key pinning.
- PKI: SSL pinning for increased app security.
- PKI: Qualys, is http public key pinnign dead?
- PKI: HPKP, HTTP Public Key Pinning.
- PKI: Mozilla, public key pinning.
- PKI/TOOL: Google NoGoToFail, SSL/TLS network testing toolkit (MiTM).
- PKI/VULN: Apple iOS basic constraints.
- PKI/VULN: Apple IOS CVE 2011-0228, basic constraints.
- PKI/IOT: Internet of Sins: million more devices sharing known private keys for HTTPS, SSH admin.
- PKI/IOT: House of Keys: 9 months later ... 40% worse.
- PKI/IOT: House of Keys: industry-wide HTTPS certificate and SSH key reuse endangers millions of devices worldwide.
- PKI: Fox-it on the Diginotar case.
- PKI: Mozilla, comodo certificate issue follow up.
- PKI: comodo, Fraud Incident report.
- PKI: comodo, on the recent RA compromise.
- HASH: Hashcalc for Windows.
- CRYPTO: Wikipedia on S/MIME.
- CRYPTO: Wikipedia on CMS.
- CRYPTO: Public Key Cryptographic Standards (PKCS).
- HASH: Wikipedia on SHA2.
- HASH: NIST on SHA-3.
- HASH: Wikipedia on SHA-3.
- HASH: Wikipedia on Sponge Functions.
- HASH: "we have broken SHA-1" in practice.
- HASH: libray and command line tool to detect SHA-1 collisions in files.
- HASH: Schneier cryptoanalysis of SHA-1.
- HASH: MD5 considered harmful today, creating a rogue CA certificate.
- HASH: MD5 collisions (Selinger).
- HASH/TOOL: Slavasoft Hashcalc.
- HASH: hash collisions - creating a rogue CA certificate (CCC).
- HASH: The Register, boffins bust web authentication with game consoles.
- HTTP: Wikipedia on HTTP/2.
- HTTP: Wikipedia on SPDY (Google).
- SSL/TLS: Datagram Transport Layer Security (UDP) RFC.
- SSL/TLS: The HTTPS Only Standard (US/White House).
- PKI: Let's Encrypt, free, open and automated CA.
- PKI: Let's Encrypt, how does it work?
- SSL/TLS: nice introduction to SSL/TLS, recommended.
- CRYPTOCURRENCY: Map of Coins, map of some of the crypto currencies and forks.
- SSL/TLS: CERTSTREAM, real-time transparency logs.
- SSL/TLS: Cloudflare: introducing TLS 1.3.
- SSL/TLS: TLS 1.3 draft.
- SSL/TLS: Cloudflare: staying on top of TLS attacks.
- SSL/TLS: TLS 1.3 is approved, here's how it could make the entire Internet safer.
- SSL/TLS: cloudflare on TLS 1.3.
- SSL/TLS: ED25519.
- SSL/TLS: ED448-Goldilocks.
- SSL/TLS: ED448 GoldiLocks (SF).
- SSL/TLS: Cloudflare, introducing 0-RTT.
- SSL/TLS: OWASP 2018 - TLS 1.3 by Andy Brodie.
- HASH: Wikipedia on Poly1305.
- CRYPTO: Wikipedia on Galois Counter Mode (GCM).
- CRYPTO: Bypassing HTTP Strict Transport Security (Black Hat), paper.
- CRYPTO: Bypassing HTTP Strict Transport Security (Black Hat), presentation.
- CRYPTO: Breaking SSL using time synchronisation attacks (DEFCON), presentation.
- CRYPTO: Breaking SSL using time synchronisation attacks, Youtube video (DEFCON).
- CRYPTO: Breaking out HSTS (and HPKP) on Firefox, IE/Edge and (Possibly) Chrome.
- CRYPTO: New tricks for defeating SSL in practice, Moxie, Black Hat.
- CRYPTO: zero-config tool to make locally trusted development certificates.
- CRYPTO: Tradeoff Cryptanalysis of Memory-Hard Functions.
- CRYPTO: Password hashing competition, and our recommendation for hashing passwords: Argon2.
- CRYPTO: ARGON2.
- CRYPTO: CCMiner (GPU) on Github.
- CRYPTO: LastPass: how PBKDF2 strengthens your master password.
- CRYPTO: PBKDF2 calculator.
- CRYPTO BCrypt.
- CRYPTO: BCrypt calculator.
- CRYPTO: BitCoinWiki: Scrypt.
- CRYPTO: Argon2 in browser.
- CRYPTO: OWASP, password storage cheat sheet.
- CRYPTO: Australian Academy of Science: Quantum Computers Explained.
- CRYPTO: IBM Dr. Talia Gershon explains Quantum Computers.
Pentesting:
End user:
- END: Netcraft Toolbar, report/get information on dangerous sites.
- END: Have I been pwned by Troy Hunt, verify password compromise.
- END: Belgium, Safe On Web.
- CERT/CC: Who needs to exploit vulnerabilities when you have macros?
- END: No More Ransom.org, might help with decryption.
- END: identity theft resource center.
- END: Flexera Personal Software Inspector (formerly Secunia PSI).
- END: VirusTotal, analyze suspicious files and URLs.
- END/TOR: Tails, privacy oriented operating system.
- END: Microsoft Security TechCenter, security update guide.
- END: Use OpenDNS.
- END: Identity Theft Resource Center.
- END: use the free DNS filter from Cisco/OpenDNS.
- END: use Google DNS for enhanced speed (no filters).
- END: (Dutch) Meldpunt België: consumer/enterprise rights, fraud, deception, ...
- END: mailinator.com, free, disposable (and public) mailboxes to fight spam.
- END: Punycode converter, IDN converter, ...
- END: password manager, LastPass.
- END: KeePass.
- END: Phishing.org.
- END: How "HTTPS works", in a comic.
- END: urlscan.io - a sandbox of the web - service to scan and analyse websites: act as a regular user and record activity.
- END: TEDX, James Veitch, This is what happens when you reply to spam email.
Artificial Intelligence
Programming:
- PROG: Python, virtualenvs.
- PROG: Python, code with MU - a simple Python editor for beginner programmers.
- PROG: the Hitchhiker's Guide to Python!
- PROG: PY2, installating Python modules.
- PROG: Python for Everybody.
- PROG: Invent with Python, free books.
- PROG: Datacamp, learnpython.org.
- PROG: Code Academy, learn to code interactively for free.
- PROG: MIT 6.00SC Introduction to Computer Science and Programming.
- PROG: Python Course (P2 and P3).
- PROG: free books (IOT, Programming, Security, ...) by O'Reilly.
- PROG: O'Reilly, Python in Education (free).
- PROG: O'Reilly, functional programming in Python (free).
- PROG: Official Python 3 tutorial.
- PROG: the non-programmers tutorial for python 2.6.
- PROG: New Boston, Python programming tutorials.
- PROG: Python from Scratch.
- PROG: learn python the hard way.
- PROG: Green Tea Press, how to think like a computer scientist (free).
- PROG: PyGame.
- PROG: Microsoft Make Code - hands on computing education.
- VAR: ASCII chart.
- JUP: What is Jupyter?.
- JUP: Jupyter Notebook for beginners: a tutorial.
Fraud:
SFX:
MS Powershell:
Online learning:
- LEARN: Media Archive of the Chaos Computer Club (CCC).
- VBLOG: Cisco TechWise TV.
- YOUTUBE: Cisco.
- PYTHON: University of Waterloo (.CA), Python from scratch.
- PROGRAM: University of Waterloo (.CA), Open Computer Science.
- PROGRAM: Computer Science Circles.
- PROGRAM: PythonLearn.
- PROGRAM: official Python website.
- PROGRAM: run Python 3 in browser.
- PLAY: Cisco Devnet Sandbox.
- PLAY: VMware HOL Labs.
- PLAY: Microsoft Server 2016 Virtual Labs.
- PLAY: Cisco Dcloud Labs.
- PLAY: Mininet, an instant virtual network on your machine.
- LEARN: Media CCC.
- LEARN: F5 free courses.
- LEARN: Splunk 6.X fundamentals (free).
- LEARN: HTML & CSS.
- LEARN: LiveOverflow (Youtube) explanation on the art of memory attacks and exploits.
- LEARN: SecurityTube.
- LEARN: O'Reilly, Safari Books Online (video, courses, books, prepguides, ...).
- LEARN: LinkedIn Learning (mostly video).
- LEARN: Cybrary, free and open source learning.
- LEARN: MOOC, Coursera.
- LEARN: TED.
- LEARN: MOOC, MOOC.ORG.
- LEARN: MOOC, EDX.
- LEARN: MOOC, Standford Online.
- LEARN: MOOC, Khan Academy.
- LEARN: MOOC, Udacity.
- LEARN: MOOC, FutureLearn.
- LEARN: MOOC, OpenClassRooms.
- LEARN: MOOC, Open2Study.
- LEARN: MOOC, Udemy.
- LEARN: MOOC, MOOC LIST.
- LEARN: The Cisco Learning Network Store.
- LEARN: DataCamp - data science online.
- LEARN: Open Culture.
- LEARN: MIT Open CourseWare.
- LEARN: Class Central, free online learning.
- LEARN: Cisco, Virtual Internet Routing Lab (VIRL).
- LEARN: Cisco Packet Tracer, a free network and IoT simulation and visualization tool.
- LEARN: MS Learning Portal.
- LEARN: Plural Sight.
- YOUTUBE: Metasploit Rapid7 videos.
- LEARN: Net2Plan, the open-source network planner.
- LEARN: Cisco On-Demand Library (Cisco Live).
- LEARN: O'Reilly Radar Podcasts.
- LEARN: NICE, National Initiative for CyberSecurity Education NICE).
- LEARN: Amazon Re:Invent.
- LEARN: The TCP/IP Guide.
- LEARN: FutureProof from Microsoft.
- LEARN: Executive Level Courses.
- LEARN: Free Cuckoo's Egg course by Chris Sanders.
Certification stuff:
Various security topics:
Conferences and more:
Standards, compliancy, ...:
Firewalls, DLP, ...:
OSINT:
SIGINT:
Laws, organisations, standards, guides, ...:
Cyber Crime:
Framework:
Routing:
Mobile:
IoT:
Machine Learning:
Interesting video's and related:
Big Data:
General articles and reads, security:
- [07/2019 * PRIVACY] Forbes, the encryption debate is over - dead at the hands of facebook.
- [07/2019 * OPS] The Register, Operation Desert Sh!tstorm: routine test shoots down military's top-secret internets.
- [07/2019 * SLACK] The Register, 2015 database hack is the terrible gift that keeps giving for Slack.
- [07/2019 * CNN] FaceApp's viral success proves we will never take our digital privacy seriously.
- [07/2019 * APIS] The Register, patch now before you get your NAS kicked: Iomega storage boxes leave millions of files open to the Internet.
- [07/2019 * IDOR] The Register, Amadeus! Amadeus! Pwn me Amadeus! Airline check-in bug may have exposed all y'all boarding passes to spies.
- [07/2019 * C++] The Register, Rust in Peace: memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again.
- [07/2019 * LIBRA] Libra, official Libra White Paper.
- [07/2019 * LIBRA] WIRED, The ambitious plan behind facebook's cryptocurrency, Libra.
- [06/2019 * WETRANSFER] Wetransfer, update security notice.
- [06/2019 * BGP] MANRS, large European routing leak sends traffic through China telecom.
- [06/2019 * BGP] The Register, BGP super-blunder: how Verizon today sparked a "cascading catastrophic failure" that knackered Cloudflare, Amazon, etc."
- [06/2019 * VIM] Sophos, VIM devs fix system pwning text editor bug.
- [06/2019 * VIM] Medium, Exploit PoC: Linux command execution on Vim/Neovim vulnerability (CVE-2019-12735).
- [06/2019 * BGP] Cloudflare, How Verizon and a BGP optimizer knocked large parts of the Internet Offline today.
- [06/2019 * ML] The Verge, AI Deepfakes are now as simple as typing whatever you want your subject to say.
- [06/2019 * RANSOM] VRT NWS, Military secrets hacked in Zaventem (Asco).
- "[06/2019 * RANSOM] RTBF, L'entreprise ASCO paralysée par une cyberattaque, les activités mondiales à l'arrêt.
- [06/2019 * RANSOM] De Tijd, luchtvaartbedrijf Asco gehackt.
- [05/2019 * 0DAY] Security Boulevard, Sandboxescaper drops four Windows Zero-Days.
- [05/2019 * SIMPORT] CoinSpice, BitGo Engineer's Coinbase account hacked for more than $100K: "Expensive Lesson".
- [05/2019 * HUAWEI] Bloomberg, Huawei supply freeze points to US - China cold war.
- [05/2019 * LINUX] Bleeping Computer, Linux Kernel prior to 508 vulnerable to remote code execution.
- [05/2019 * HUAWEI] The Register, Trump declares national emergency, starts ball rolling to boot Huawei out of ALL US networks.
- [04/2019 * MALWARE] Tweakers, Security-onderzoeker die WannaCry stopte, bekent schuld over eigen malware.
- [04/2019 * Cisco] TALOS, Hiding in Plain Sight.
- [04/2019 * DDoS] NetScout, The Rise and Fall of Memcached.
- [04/2019 * INTEL] Eweek, new Intel Chip Bug can expose all data on a computer to hackers.
- [02/2019 * BIOMETRICS] Tweakers.net: vingerafdrukken op Belgische identiteitskaart onnodig en onveilig.
- [02/2019 * INNET] The Register: Russia preps to turn its internet into an intranet if West opens Cyber-Fire.
- [02/2019 * TLS] SC Magazine UK, TLS 1.3 vulnerability enables hackers to eavesdrop on encrypted traffic.
- [02/2019 * BREACH] ArsTechnica, "Catastrophic" hack on email provider destroys almost two decades of data.
- [02/2019 * WEB] Wires, Google takes its first steps toward killing the URL.
- [01/2019 * HASH] Medium, password hashing: scrypt, bcrypt and ARGON2.
- [01/2019 * CRYPTO] ArsTechnica, Digital Exchange loses $137 million as founder takes password to the grave.
- [01/2019 * IOT] Tweakers.net, Europese Commissie laat onveilig gps-horloge voor kinderen van de markt halen.
- [01/2019 * QUANTUM] Enterprises Project: Quantum Computing and security: 5 glooming questions.
- [01/2019 * HUAWEI] Wired, Huawei's many troubles: bans, alleged spieds, and backdoors.
- [01/2019 * PASSWORDS] Troy Hunt, The 773 Million Record "Collection #1" Data Breach.
- [01/2019 * FACEBOOK] Pew Research Center, Facebook Algorithms and Personal Data.
- [01/2019 * QUANTUM] IBTimes, IBM's Quantum computer first in the world to leave research labs: Unbelievable Facts.
- [01/2019 * FORENSICS] ZDNet, Hancom GMD, Explosion in digital evidence coming thanks to IoT and 5G.
- [12/2018 * EU] European Commission: EU negotiators agree on strengthening Europe's cybersecurity.
- [12/2018 * HUAWEI] De Tijd, België voert onderzoek naar Chinese Huawei.
- [12/2018 * FBI] ZDNet: ACLU wants court to release documents on the US'attempt at backdooring Facebook Messenger.
- [12/2018 * GCHQ] The Register: GCHQ pushes for "virtual crocodile clips" on chat apps - the ability to silently slip into private encrypted comms".
- [11/2018 * DRONE] VTM Nieuws: Hackers ontdekken veiligheidslek (XSS) by drones.
- [11/2018 * DRONE] TechCrunch: Security Flaw in DJI's website and apps exposed accounts to hackers and drone live feeds.
- [11/2018 * PHISH] Cisco TALOS, Persian Stalker pillages Iranian users of Instagram and Telegram.
- [11/2018 * CPU] Ars Technica, Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys.
- [10/2018 * ML/EDU] Harvert Business Review, The Chairman of Nokia on Ensuring Every Employee Has a Basic Understanding of Machine Learning - Including Him.
- [09/2018 * NSA] ZDNet, Ex-NSA employee gets 5.5 years in prison for taking home classified info.
- [09/2018 * AWARENESS] Medium, how a password changed my life.
- [09/2018 * NSA] De Tijd, Brise spionage bij Proximus op tafel regering.
- [09/2018 * CISCO] Cisco IOS XE Software Static Credential Vulnerability.
- [08/2018 * SNIFF] BleepingComputer, SonarSnoop Acoustic Side-Channel Attack can stel touchscreen interactions.
- [08/2018 * SNIFF] BleepingComputer, New Side-Channel Attack uses microphone to read screen content.
- [08/2018 * APPLE] Forbes, hackers are exposing an apple MAC Weakness in the Middle East Espionage.
- [08/2018 * IOT] Philips cardiovascular software found to contain privilege escalation, code execution bugs.
- [08/2018 * SOCIAL] Check Point Research, FakesApp: a vulnerability in WhatsApp.
- [08/2018 * USB] BBC News, This rigged charger can hijack your new laptop.
- [08/2018 * MACOSX] The mouse is mightier than the sword, Patrick Wardle on CVE-2017-7150.
- [07/2018 * MALWARE] Sophos: Red Alert 2.0: Android Trojan targets security-seekers.
- [07/208 * RANSOM] Ransomware Infection Cripples Shipping Giant COSCO's American Network.
- [07/2018 * IOT] The Register, I feel like my IoT enabled vacuum cleaner is spying on me.
- [07/2018 * Linux] Palo Alto, analysis of the DHCP client script code execution vulnerability (CVE-2018-1111).
- [07/2018 * ANDROID]l IBM SEC INT, Anubis Strikes again: mobile malware continues to plague users in official app stores.
- [07/2018 * SPOOF] Bleeping Computer, Researchers mount successful GPS spoofing attack against road navigation systems.
- [07/2018 * PENTEST] De Tijd, Nationale Bank gaat banken hacken.
- [07/2018 * SPECTRE] The Register, Google's Ghost Busters: we can scare off Spectre haunting Chrome tabs.
- [07/2018 * CPU] The Register, Another data-leaking spectre CPU flaw.
- [07/2018 * BREACH] The Register, US MIL manuals hawked on dark web after files left rattling in insecure FTP server.
- [07/2018 * BREACH] Recorded Future, Military Reaper Drone Documents Leaked on the Dark Web.
- [07/2018 * MALWARE] Cryptocurrency users on Discord and Slack hit by MacOS Malware.
- [07/2018 * PRIVACY] VanityFair, Tim Berners Lee - the man who created the World Wide Web has some regrets.
- [07/2018 * AngularJS] FinnWea, Stealing passwords from McDonald's users.
- [06/2018 * WIFI] The Register: WPA3 is the magic number? Protocol refresh promises tighter Wi-Fi security.
-
- [04/2018 * PHISH] Medium, an expertly crafted crypto phishing.
- [05/2018 * VULNERABILITY] The Register, Red Hat admin? Get off twitter and patch this DHCP client bug.
- [04/2018 * FINTECH] O'Reilly Radar, Simon Moss on Using Artificial Intelligence to fight financial crimes.
- [04/2018 * MALWARE] ArsTechnica, Intel & MS to use GPU to scan memory for malware.
- [04/2018 * VULN] Cisco TALOS, Critical infrastructure at risk: advanced actors target smart install client.
- [03/2018 * VULN] The Register, MS Windows 7 Meltdown fixes from January, February made PCS MORE INSECURE.
- [03/2018 * EXPLOIT] The Register, exploit kit development has gone sh$t...ever since Adobe Flash was kicked to the curb.
- [03/2018 * EDITORS] ThreatPost, security risk in extensible text editors enable hackers to abuse plugins and escalate privileges.
- [03/2018 * SE] RM IT, iOS camera QR code URL parser bug.
- [03/2018 * SE] The Register, how a QR code can fool iOS 11 camera app into opening evil.com rather than nice.co.uk.
- [03/2018 * FRAUD] Febelfin, Fraudsters seek out social environment of adolescents.
- [03/2018 * PRIVACY] NYTimes: Facebook's Surveillance Machine (Cambridge Analytica).
- [03/2018 * DDOS] Wired, Github survived the biggest ddos attack ever recorded.
- [02/2018 * QUANTUM] MIT Technology Review: serious quantum computers are finally here. What are we going to do with them?
- [02/2018 * CPU] The Register: Hate to ruin your day, but ... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits.
- [02/2018 * NSA] The Verge: don't use Huawei phones, say heads of FBI, CIA and NSA.
- [02/2018 * PRIVESC] The Register, Ghost in the DCL shell: OpenVMS touted as ultra reliable, had a local root hole for 30 years.
- [02/2018 * TOOL] EvilSocket, All hail bettercap 2.0, one tool to rule them all.
- [02/2018 * DDOS] Tweaker.net, een ddos'er betrapt.
- [02/2018 * CRYPTO] BBC.com, Russian nuclear scientists arrested for 'Bitcoin mining plot'.
- [01/2018 * DDOS] NRC.NL, ABN AMRO en ING opnieuw doelwit van DDoS-aanvallen.
- [01/2018 * HARDWARE] Krebs on Security, first "jackpotting" attack hits U.S. ATMs.
- [01/2018 * DDOS] Wired, Github survived the biggest DDoS attack ever recorded.
- [01/2018 * FOR] Darkreading, Hackers who disabled police cameras prior to Trump inauguaration left trail of clues.
- [01/2018 * OSINT] Wired, Strava heat map and the end of secrets.
- [01/2018 * OSINT] The Verge, Strava fitness tracker heat map reveals location of military bases.
- [01/2018 * MALWARE] The Register, after NotPetya, Maersk replaced everything.
- [12/2017 * AWS] The Register, Good News: unsecured S3 bucket discovery just got easier.
- [12/2017 * AWS] The Register, This week in 'Bungles in the AWS S3 privacy jungles', we preset Alteryx and 123 million households exposed.
- [01/2018 * MALWARE] ZDNet, Maersk forced to reinstall 4000 servers and 45000 pcs due to NotPetya attack.
- [11/2017 * AWS] The Register, US intelligence blabs classified Linux VM to world via leaky S3 silo.
- [11/2017 * MITM] Bleeping Computer: misconfigured Amazon S3 buckets expose users to stealthy MITM attacks.
- [11/2017 * MALWARE] Threatpost, new fileless attack using DNS queries to carry out powershell commands.
- [11/2017 * AWS] The Register, massive US military social media spying archive left wide open in AWS S3 buckets.
- [11/2017 * APPLE] ArsTechnica: MacOS bug lets you log in as admin with no password required.
- [11/2017 * AWS] The Register, Amazon's answer to all those leaky AWS S3 buckets: A dashboard warning light.
- [11/2017 * MALWARE] ZDNet, fileless attacks surge in 2017 and security solutions are not stopping them.
-
- [11/2017 * LAW] ZDNet, Trump administration releases secret rules on disclosing security flaws.
- [11/2017 * APT] ZDNet: DHS FBI describe North Korea use of FALLCHILL malware.
- [11/2017 * PHISH] ZDNet - how criminals clear your stolen iPhone for resale.
- [11/2017 * PENTEST] WIRED: He perfected a password-hacking tool - then the Russians came calling.
- [11/2017 * AWS] AWS News Blog: new Amazon S3 encryption and security features.
- [11/2017 * FUZZING] ZDNet: Linus Torvalds says targeted fuzzing is improving Linux security.
- [11/2017 * CRYPTO] MIT: Quantum computers pose imminent trheat to bitcoin security.
- [11/2017 * CRYPTO] MIT: Quantum breakthrough heralds new generation of perfectly secure messaging.
- [10/2017 * IOT] Wired, Reaper IOT botnet infected million networks.
- [10/2017 * MALWARE] BitDefender Labs, Bad Rabbit Ransomware strikes Ukraine, likely related to GoldenEye.
- [10/2017 * VULNERABILITY] The Register, Dnsmasq and the seven flaws: patch these nasty remote-control holes.
- [10/2017 * MacOS] The Register: dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box.
- [10/2017 * AWS] The Register, Et tu Accenture? Then fall S3er: consultancy leaks private keys, emails and more online.
- [10/2017 * NSA] Ars Technica: Russia reportedly stole NSA secrets with help of Kaspersky - what we know now.
- [10/2017 * NSA] Wall Street Journal: Russian Hackers stole NSA data on U.S. Cyber Defense.
- [09/2017 * DHS] US Department on Homeland Security: Directive 17-01 on Kaspersky.
- [09/2017 * DOS] CNN: Earth dodges a cosmic bullet -- for now.
- [09/2017 * MALWARE] Bleeping Computer: CCleaner compromised to distribute malware for almost a month.
- [09/2017 * MALWARE] Cisco Talos: CCleanup: a vast number of machines at risk.
- [06/2017 * MALWARE] Piriform Blog: Security notification for CCleaner.
- [09/2017 * BLUETOOTH] ArsTechnica: Billions of devices imperiled by new clickless Bluetooth attack.
- [08/2017 * MALWARE] The Register: Britisch snoops at GCHQ knew FBI as going to arrest Marcus Hutchins.
- [08/2017 * BGP] BGPMON: BGP leak causing Internet outages in Japan and beyond.
- [08/2017 * BGP] The Register: Google routing blunder sent Japan's Internet dark on Friday.
- [08/2017 * SNOWDEN]SecurityAffairs: a new batch of documents leaked by snowden has revealed a US facility in Australia for covertly monitoring communications and supporting drone missions.
- [08/2017 * BE] De Morgen: Belgische Bedrijfven hebben Cyberkopzorgen.
- [08/2017 * PHY] Bleeping Computer: USB devices vulnerable to crosstalk data leaks.
- [08/2017 * PHY] The Register: Infosec eggheads rig USB desk lamp to leak passwords via Bluetooth.
- [08/2017 * AWS] The Register: Don't panic, Chicago, but an AWS S3 config blunder exposed 1.8 million vote records.
- [08/2017 * BREACH] Reuters: HBO says probe of hack is ongoing.
- [08/2017 * BREACH] Future Tense: The HBO hackers are demanding $7.5 million to stop leaking Game of Thrones.
- [08/2017 * BREACH] The Verge: HBO hackers leak Game of Thrones star's phone numbers and addresses.
- [08/2017 * SEC] The Register: Salesforce sacks two top security engineers for their DEF CON talk.
- [08/2017 * ANDROID] The Register: it's August 2017 and your Android gear can be pwned by, oh look, just patch the things.
- [08/2017 * IoT] The Register: firmware update blunder bricks hundreds of home 'smart' locks.
- [07/2017 * AWS] The Register: 14 million Verizon subscribers' details leak from crappily configured AWS S3 data store.
- [07/2017 * FRAUD] The Verge: a dark web marketplace is down and users suspect foul paly.
- [07/2017 * FRAUD] Wired, the biggest dark web takedown yet sens black markets reeling.
- [07/2017 * MALWARE] OSX/Dok malware hits Macs; bypasses Apple' Gatekeeper.
- [07/2017 * FRAUD] Politie.NL: underground Hansa Market taken over and shut down.
- [07/2017 * FRAUD] The Verge, Dark Web drug marketplace AlphaBay was shut down by law enforcement.
- [07/2017 * MS] ThreatPost: Windows SMB Zero Day to be disclosed during DEF CON.
- [07/2017 * MS] The Register: Microsoft won't patch SMB flaw that only an idiot would expose.
- [07/2017 * BREACH] The Register: Game of Pwns: hackers invade HBO, 'leak Game of Thrones script'."
- [07/2017 * CRACK] The Telegraph UK: 'brute force' cyber attack on parliament compromised up to 90 email accounts.
- [07/2017 * MALWARE] Wired: latest ransomware hackers didn't make wannacry's mistakes.
- [07/2017 * FRAUD] Reuters, Germin firms lost millions of euros in 'CEO Fraud' scam: BSI.
- [07/2017 * AWS] The Register, US voter info stored on wide-open cloud box, thanks to bungling Republican contractor.
- [07/2016 * MALWARE] Wired: the botnet that broke the internet isn't going away.
- [06/2017 * DoS] The Register: management bug can crash Cisco IOS, IOS XE.
- [06/2017 * PII] Ars Technica: how a few yellow dots burned the Intercept's NSA leaker.
- [06/2017 * MALWARE] The Register, How to Pwn phones with shady replacement parts.
- [06/2017 * PII] National Post: 'Colour printers spy on you': barely visible yellow dots lead to arrest of Reality Winner alleged NSA leaker.
- [06/2017 * PII] Errata Security: how The Intercept outed Reality Winner.
- [05/2017 * MALWARE] The Guardian, what is WannaCry ransomware and why is it attacking global computers?
- [05/2017 * MALWARE] IBM XFORCE: Eternalrocks Worm.
- [04/2017 * MALWARE] The Register: Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools.
- [**/2017 * PHISH] Infosecurity Magazine: global banks hit by watering hole blitz.
- [02/2017 * MALWARE] Cisco TALOS, covert channels and poor decisions: the tale of DNSMessenger.
- [03/2017 * PENTEST] Threatpost, hackers take down reader, safari, edge, ubuntu linux at pwn2own 2017.
- [02/2017 * PENTEST]: Rapid7, under the hoodie.
- [02/2017 * CISCO] The Register, Cisco says Smart Install is not a bug, not a vuln, releases blocker anyway.
- [02/2017 * SQLi] HelpNetSecurity, hacker breached 60+ unis, govt agencies via SQL injection.
- [01/2017 * BOTNET] TechnologyReview.com: cybersecurity experts uncover dormant botnet of 350.000 twitter accounts.
- [01/2017 * LAW] Wolters Kluwer, wetgeving bijzondere opsporingsmethoden krijgt grondige update.
- [01/2017 * REPORT]: Shodan: Heartbleed Report (2017-01)(CVE-2014-0160).
- [01/2017 * MongoDB] DarkNet: MongoDB Ransack - over 33.000 databases hacked.
- [12/2016 * DDoS] The Register: DDoS script kiddies are also ... actual kiddies, Europol arrests reveal.
- [12/2016 * DEV] The Register, Macbook seized or stolen? But you've set a FileVault password, right? Ha, it's useless.
- [11/2016 * MALWARE] The Register, Mirai scan tool unleashed.
- [11/2016 * LINUX] The Hacker News, this hack gives Linux root shell just by pressing "ENTER" for 70 seconds.
- [10/2016 * LAW] Knack, ethisch hacking in België: illegaal, maar het tij keert.
- [10/2016 * ANDROID] Ars Technica: Android phones rooted by "most serious" Linux esclation bug ever.
- [10/2016 * PKI] Chrome: Announcement: Requiring Certificate Transparency in 2017.
- [10/2016 * DDoS] The Verge: Denial-of-Service attacks are shutting down major websites across the Internet.
- [09/2016 * IoT] The Register: Internet of Sins, million more devices sharing known private keys for HTTPS, SSH admin.
- [09/2016 * NEWS] Yahoo! Finance: An important message to Yahoo users on security.
- [08/2016 * PROXY] Computerworld: attackers use rogue proxies to hijack https traffic.
- [08/2016 * PROXY] Computerworld: disable WPAD now or have your accounts and private data compromised.
- [05/2016 * MALWARE] The Atlantic: the computer virus that haunted early AIDS researchers.
- [04/2016 * SOCIAL] Ars Technica: it's 2016, so why is the world still falling for Office macro malware?
- [04/2016 * FIREWALL] SC Media: "Multigrain" variant of POS malware crops up; uses DNS tunneling to steal data.
- [04/2016 * MONGODB] DarkNet: BeautifulPeople.com leak exposes 1.1M extermely private records.
- [04/2016 * SOCIAL] NakedSecurity: Almost half of dropped USB sticks will get plugged in.
- [04/2016 * SOCIAL] Trend Micro: Macro Malware: Here's what you need to know in 2016.
- [04/2016 * MALWARE] FireEye: MULTIGRAIN - PoS attackers make an unhealthy addition to the Pantry.
- [03/2016 * OS] Sophos: millions of people are still running Windows XP.
- [03/2016 * PENTEST] SecurityWeek: lateral movement, when cyber attacks go sideways.
- [03/2016 * ANDROID] HelpNetSecurity: malicious Chrome update actively targeting Android users.
- [02/2016 * MALWARE] The Register: medical superbugs: two german hospitals hit with ransomware.
- [02/2016 * SE] Symantec Blog: Russian bank employees received fake job offers in targeted email attack.
- [02/2016 * APT] Collaborative operation Blockbuster aims to send Lazarus back to the dead.
- [02/2016 * MALWARE] Los Angeles Times: Hollywood hospital pays $71,000 in bitcoin to hackers; FBI investigating.
- [01/2016 * NSA] PcWorld: the ultra-secure Tails OS beloved by Edward Snowden gets a major upgrade.
- [12/2015 * MARIANAS] Engadget: the myth of the marianas web, the darkest corner of the Internet.
- [10/2015 * NSA] Ars Technica, how the NSA can break trillions of encrypte web and vpn connections.
- [06/2015 * VOIP] The Register: Phone hacking blitz hammers UK.biz's poor VoIP handsets.
- [05/2015 * JUNIPER] Rapid7: CVE-2015-7755: Juniper ScreenOS Authentication Backdoor.
- [04/2015 * NSA] Fox-IT: deep dive into QUANTUM INSERT.
- [04/2015 * NSA] Wired: how to detect sneaky NSA QUANTUM INSERT attacks.
- [04/2015 * NSA] Wired: researchers uncover method to detect NSA quantum insert hacks.
- [03/2015 * MALWARE] TALOS: Angler lurking in the domain shadows.
- [03/2015 * MALWARE] MalwareBytes: domain shadowing.
- [03/2015 * DNS] Cloudflare, deprecating the DNS ANY meta-query type.
- [03/2015 * MALWARE] Threatpost: domain shadowing latest angler exploit kit evasion technique with a twist.
- [12/2014 * TOR] Wired: the FBI used the web's favorite hacking tool to unmask Tor users.
- [11/2014 * STUXNET] Wired: an unprecedented look at Stuxnet, the world's first digital weapon.
- [11/2014 * MITM] Zimperium discovers full icmp redirect attacks in the wild.
- [09/2014 * SHELLSHOCK] Lcamtuf: Quick notes about the bash bug, it's impact, and the fixes so far.
- [09/2014 * SHELLSHOCK] The Register: "SMASH the Bash bug! Apple and Red Hat scramble for patch batches."
- [09/2014 * MALWARE] PCWorld: hackers make drive-by download attacks stealthier with fileless infections.
- [07/2014 * NSA] Das Erste: Panorama, NSA targets the privacy-conscious.
- [07/2014 * NSA] Schneier on Security: NSA targets the privacy-conscious for surveillance.
- [07/2014 * MALWARE] Virus Bulletin: VBA is not dead!
- [05/2014 * MALWARE] Ars Technica: photos of an NSA "upgrade" factory show Cisco router getting implant.
- [04/2014 * NSA] INFOSEC: Turbine Quantum implants arsenal.
- [04/2014 * NSA] Wired: Out in the open: inside the operating system Edward Snowden used to evade the NSA.
- [03/2014 * NSA] ZDNET: Linux Tails: het OS waarmee Snowden de NSA te slim af was.
- [03/2014 * NSA] Wired: a clos look at the NSA most powerful internet attack tool.
- [03/2014 * NTML] Security Affairs, Experts at Imperva have illustrated how to exploit NTML flaws to conduct a Windows folder poisoning attack..."
- [03/20134 * DNS] Cisco Umbrella, DNS Amplification Attacks.
- [12/2013 * NSA] Der Spiegel: The NSA uses a powerful toolbox in effort to spy on global networks.
- [12/2013 * DDOS] Symentec Blog: hackers spend christmas breack launching large scale NTP-Reflection attacks.
- [08/2013 * NSA] Der Spiegel: Germany is both a partner to and a target of NSA surveillance.
- [09/2013 * MITM] Schneier on security: new NSA leak show MITM attacks against major Internet services.
- [03/2013 * AWS] Rapid7 Blog, There's a hole in 1.951 Amazon S3 buckets.
- [01/2013 * VULN] PWN2HACK: facebug bug allows password reset.
- [11/2012 * MALWARE] The Register: crooks inject malicious Java applet into FOREX trading website".
- [11/2012 * PKI] SecurityWeek: Hacker had total control over DigiNotar servers, Report.
- [10/2012 * HASH] NIST: NIST selects winner of Secure Hash Algorithm (SHA-3) competition.
- [06/2012 * HASH]Ars Technica: SHA1 crypto algorithm underpinning Internet security could fall by 2018.
- [05/2012 * MALWARE] Ars Technica, Flame malware hijacks Windows update to spread from PC to PC.
- [03/2012 * PII] Wired: Oops! Did Vice just give away John McAfee's location with photo metadata?
- [04/2012 * MALWARE] Ars Technica: "Flame" malware was signed by rogue Microsoft certificate.
- [03/2012 * OSINT] LiveScience, insurgents destroyed helicopters found in online photos.
- [03/2012 * MITB] BBC Technology, hackers outwit online banking identity security ssytems.
- [09/2011 * PKI] Arstechnica: Comodo hacker, I hacked Diginotar too...
- [07/2011 * BACKDOOR] ScaryBeasts: Alert, vsftpd download backdoored.
- [07/2011 * APPLE] PCWorld, a hacker speaks: how malware might blow up your laptop.
- [07/2011 * APPLE] WIRED, how a security researcher discovered the apple battery hack.
- [07/2011 * APPLE] Forbes, Apple laptops vulnerable to hack that kills or corrups batteries.
- [08/2011 * SE] WBUR: Master Hacker Keving Mitnick shares his 'addiction'.
- [06/2011 * PKI] The Register: inside operation "black tulip", Diginotar hack analyzed.
- [03/2011 * PKI] The Register: Comodo hacker brags about forged certificate exploit.
- [12/1010 * DDOS] NU.NL: verdachte van aanval op website OM aangehouden.
- [10/2010 * PHISHING] ZDNET: Crims used hacked email to steal house.
- [11/2010 * PHYSICAL] Gizmodo: how a burnt Lady Gaga CD helped leak thousands of intelligence files.
- [09/2010 * SOCIAL] ZDNET: crims used hacked email to steal house.
- [12/2008 * HASH] The Register: Boffins bust web authentication with game consoles: PS3 fleet spoofs SSL certs.
- [01/2008 * SCADA] The Register: Polish teen derails tram after hacking train network.
- [01/2007 * IOS] PocketLint, this simple text will crash any iPhone, here's how to recover.
- [06/2006 * VOIP] The Register: two charged with VoIP fraud.
- [06/2006 * MALWARE] Trend Micro: Phishing Trojan uses ICMP packets to send data.
- [05/2003 * DDoS] CNET: net attack crushes SCO web site.
- [03/2002 * MALWARE] The Register, law-enforcement DIRT Trojan released.
- [11/2002 * MALWARE] Wired, 'latern' backdoor flap rages.
- [- * -] Wikipedia: AntiSec Movement.
Learning Culture:
Leftovers:
General articles and reads, others:
Youtube:
##### SECURITY AWARENESS EXAMPLES (EDUCATIONAL) #####
    ↯
!# HG-0001 -
MALWARE DEMO - COMBINED. |
- Courses: PIA HEXID.
- What: Malware demo with
Trojans, Bots, Rootkits and crypters.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0002 -
METASPLOIT & ITUNES & WINAMP. |
- Courses: PIA HEXID.
- What: Metasploit Winamp attack,
iTunes attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0003 -
DDOS INTRO WITH SDBOT. |
- Courses: PIA HEXID.
- What: introduction to DDOS networks
with SDBot, Metasploit, Wireshark, ...
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0004 -
INTRODUCTION TO THE MSFCONSOLE. |
- Courses: PIA HEXID.
- What: introduction to the
Msfconsole, MS RPC, VNC Shell, ...
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0005 -
WEP. |
- Courses: PIA HEXID.
- What: WEP crackingwith
Aircrack-PTW, replay attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0006 -
NETBOT DDOS. |
- Courses: PIA HEXID.
- What: DDOS demo with the Netbot
malware, EvilHTTPServer, WireShark and DDoS.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0007 -
AANVAL CONSOLE. |
- Courses: PIA HEXID.
- What: running Snort with
the Openaanval console.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0008 -
INTRODUCTION TO IDS WITH SNORT. |
- Courses: PIA HEXID.
- What: introduction to SNORT
IDS.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0009
- DRIVE BY DOWNLOAD ATTACK. |
- Courses: PIA HEXID.
- What: script kiddie drive
by download attack with Beast.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0010
- TRIBAL FLOOD NETWORK (TFN). |
- Courses: PIA HEXID.
- What: first generation bot
network with TFN, Etherape and TCPdump.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0011 - HTTP
BASIC AUTHENTICATION. |
- Courses: PIA HEXID.
- What: HTTP basic
authentication cracking with Brutus.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0012 -
FOTKA THE TROJAN SHEEP. |
- Courses: PIA HEXID.
- What: Trojan horse
concepts.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0013 -
APACHE CHUNKED ATTACK ON FREEBSD. |
- Courses: PIA HEXID.
- What: Apache chunked attack
on FreeBSD.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0014 -
BLUESNARFING. |
- Courses: PIA HEXID.
- What: Bluetooth snarfing on
a Nokia 6310i.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0015 - RPC
ATTACK. |
- Courses: PIA HEXID.
- What: MS RPC service
attack, click kiddie style.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0016 - WIFI
WEP CRACKING. |
- Courses: PIA HEXID.
- What: WEP cracking with Network
Stumbler and Dstumbler, brute force.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0017 -
FTP BOUNCE ATTACK. |
- Courses: PIA HEXID.
- What: execution of a
classic FTP bounce attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0018 -
SSH PORTFORWARDING. |
- Courses: PIA HEXID.
- What: demo of SSH
portforwarding.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0019 -
ETTERCAP ARP SPOOFING. |
- Courses: PIA HEXID.
- What: performing a classic
ARP MiTM attack with Ettercap.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0020 -
PPTP CRACKING. |
- Courses: PIA HEXID.
- What: PPTP VPN
authentication cracking.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0021 -
OPENVPN. |
- Courses: PIA LISF.
- What: OpenVPN demo on
Endian FW.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0022 -
EXCELL PORTSCAN. |
- Courses: PIA HEXID
- What: portscanning in
limited environments with MS Excell.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0023 - MS
IIS. |
- Courses: PIA HEXID
- What: Microsoft IIS
exploitation with Extended Unicode. Privilege escalation
with .IDQ and SAM examples.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0024 -
SHOUTCAST EXPLOITATION. |
- Courses: PIA HEXID
- What: Shoutcast
exploitation with hash cracking (John The Ripper) and
rootkit installation.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0025 - REAL
VNC AUTHENTICATION BYPASS |
- Courses: PIA HEXID
- What: Real VNC
Authentication bypass.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0026 -
ANI EXPLOIT. |
- Courses: PIA HEXID
- What: Windows ANI exploit
with Irfanview.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0027 -
OPHCRACK. |
- Courses: PIA HEXID
- What: introduction to OPHCRACK.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0028 -
MERCUR MAIL SERVER. |
- Courses: PIA HEXID
- What: Mercur mail server
exploitation.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0029 - RIP
SPOOFING. |
- Courses: PIA HEXID
- What: routing, RIP
spoofing.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0030 -
HONEYPOT WITH HONEYD. |
- Courses: PIA HEXID
- What: HONEYD introduction.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0031 -
AGILENT ANALYZER - VOICE. |
- Courses: PIA HEXID
- What: VOIP snarfing with
the Agilent Analyzer.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0032 -
HTTPRINT. |
- Courses: PIA HEXID
- What: Enumeration.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0033 - LINUX
PTRACE PRIVILEGE ESCALATION. |
- Courses: PIA HEXID
- What: Linux ptrace local
privilege escalation.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0034 - HASH
COLLISION. |
- Courses: PIA HEXID
- What: demo of MD5 hash
collision.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0035 - CISCO
HTTP SERVER. |
- Courses: PIA HEXID
- What: cracking a Cisco IP
HTTP server, integer overflow.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0036 - MS
IIS. |
- Courses: PIA HEXID
- What: cracking MS IIS with
WebDAV and VNC.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0037
- MS TERMINAL SERVICES |
- Courses: PIA HEXID
- What: cracking MS Terminal
Services with MS Remote Desktop and "TSGrinder".
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0038
- SNARFING WITH OWNS |
- Courses: PIA HEXID
- What: snarfing.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0039
- ENUMERATION VISUAL ROUTE - TRACEROUTE |
- Courses: PIA HEXID
- What: enumeration.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0040
- CRACKING MS TERMINAL SERVICES. |
- Courses: PIA HEXID
- What: cracking MS Terminal Services
with "tscrack" and AI.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0041 - IKE
FINGERPRINTING. |
- Courses: PIA HEXID
- What: IKE fingerprinting.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0042 - STERM |
- Courses: PIA HEXID
- What: STERM deployment.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0043 - SERVU
- SEH attack.. |
- Courses: PIA HEXID
- What: executing an attack against
SERVU.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0044 - MS
TERMINAL SERVICES. |
- Courses: PIA HEXID
- What: executing a brute
forcing attack on MS terminal services.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.
|
|
!# HG-0045 -
SMB DICTIONARY ATTACK, SNMP |
- Courses: PIA HEXID
- What: executing a SNMP dictionary
attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0046 -
SMB DICTIONARY ATTACK. |
- Courses: PIA HEXID
- What: executing a SMB dictionary
attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0047 -
CDP SPOOFING. |
- Courses: PIA HEXID
- What: spoofing Cisco CDP
messages.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0049 -
CDP DOS. |
- Courses: PIA HEXID
- What: denial of service
through CDP messages.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0049 -
DICTIONARY ATTACK. |
- Courses: PIA HEXID
- What: word list generation
and dictionary attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0050 - URL
SPOOFING. |
- Courses: PIA HEXID
- What: classic URL spoofing
with Mozilla Firefox.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0051 -
BASIC MAIL SPOOFING. |
- Courses: PIA HEXID
- What: classic and basic
mail spoofing.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0052 -
METASPLOIT. |
- Courses: PIA HEXID
- What: Metasploit with a
VNCShell and MS DCOM exploit.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0053 -
SCRIPTKIDDIE DOS. |
- Courses: PIA HEXID
- What: DoS concept, script
kiddie style (SMB2/Negotiate DoS).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0054 -
DEBIAN OPENSSH ATTACK (PRNG). |
- Courses: PIA HEXID
- What: Debian PRNG OpenSSH attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0055 -
EVIL MAID. |
- Courses: PIA HEXID
- What: Evil Maid attack demonstration
on Truecrypt.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0056 -
PRIVILEGE ESCALATION (WINDOWS 7). |
- Courses: PIA HEXID
- What: privilege esclation
concept on Windows 7 (RING/CVE-2010-0232).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0057 -
FUZZING. |
- Courses: PIA HEXID
- What: fuzzing demonstration with
TAOF and WarFTP
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0058 -
RAINBOW TABLES. |
- Courses: PIA HEXID
- What: rainbow table demonstration on
the MS Windows platform.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0059 -
ZEUS/ZDBOT. |
- Courses: PIA HEXID
- What: malware demonstration
with ZEUS/ZDBOT, Metasploit (MS_IE_2010).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0060 -
PRIVILEGE ESCALATION ON UBUNTU. |
- Courses: PIA HEXID
- What: privilege escalation concept
on Ubuntu 10.X LTS using
PAM MOTD local privilege escalation vulnerability.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0061 -
BOTNET CREATION WITH IFRAMES. |
- Courses: PIA HEXID
- What: malware distribution
(SDBOT) by deploying iframes and Metasploit.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0062 -
NEXPOSE. |
- Courses: PIA HEXID
- What: introduction to
Nexpose of Rapid7.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0063 -
NESSUS v4. |
- Courses: PIA HEXID
- What: introduction to
Nessus v4.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0064 -
SCRIPT KIDDIE DDOS. |
- Courses: PIA HEXID
- What: introduction to
script kiddie style DoS feat. Ion Cannon (4Chan).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0065 -
CHECK POINT R71 IPS. |
- Courses: PIA Security
- What: introduction to Check
Point IPS (R71), short demo.
Featuring Traffic IQ Pro.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0066 -
CHECK POINT R71 IPS. |
- Courses: PIA Security
- What: introduction to Check
Point IPS (R71), long demo.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0067 -
BOTNET DETECTION WITH NIKSUN. |
- Courses: PIA HEXID
- What: introduction to
botnet detection with Niksun,
Arcsight, Tufin, full packet capture.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0068 -
INTRODUCTION TO STACK BASED BUFFER OVERFLOWS. |
- Courses: PIA HEXID
- What: introduction to stack
based buffer overflows (x86).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0069 -
SESSION HIJACKING.. |
- Courses: PIA HEXID
- What: introduction to
session hijacking with Firesheep (WiFi).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0070 -
SMBDIE. |
- Courses: PIA HEXID
- What: introduction to the
DoS attacks, CIFS SMBDIE.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0071 -
SLOWLORIS ATTACK. |
- Courses: PIA HEXID
- What: introduction to
the Slowloris/Pyloris, DoS attack.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0072 -
PRIVILEGE ESCALATION (PIPEUPADMIN) |
- Courses: PIA HEXID
- What: introduction to
privilege escalation concept(PipeUpAdmin).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0073 -
ESSENTIAL KERBEROS CRACKING. |
- Courses: PIA HEXID
- What: introduction to
cracking, Kerberos.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0074 -
ESSENTIAL RIP SPOOFING. |
- Courses: PIA HEXID
- What: introduction to
spoofing, RIP.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0075 -
DISTRIBUTED & CUDA CRACKING. |
- Courses: PIA HEXID
- What: introduction to
distributed cracking, CUDA, Elcomsoft, OpenOffice.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0076 -
CORE IMPACT |
- Courses: PIA HEXID
- What: introduction to CORE
IMPACT; explaining Rapid Penetration Test (RPT).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0077 -
CORE IMPACT (CLIENT SIDE). |
- Courses: PIA HEXID
- What: introduction to CORE
IMPACT; client side phishing campaign.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0078 -
SECURE EMAIL (S/MIME). |
- Courses: PIA Security
- What: secure email demo
with S/MIME and MS AD CS (PKI, OSCP, CRL, ...).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0079 - VASCO
DIGIPASS. |
- Courses: PIA Security
- What: authentication with VASCO
Digipass solutions (IDENTIKEY).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0080 - IPV6
RA DOS (CVE-2010-4669). |
- Courses: PIA HEXID.
- What: causing DoS using
IPv6 RA's.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0081 - CISCO
MDS 9000 - FIBER CHANNEL INTRO |
- Courses: PIA Storage Fundamentals.
- What: introduction to Fibre
Channel (FC) on Cisco MDS FC switches.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0082 - TREND
MICRO DEEP SECURITY 9. |
- Courses: PIA Data Center Security.
- What: introduction and
malware demo with Trend Micro Deep Security 9
on VMware ESXi.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0083 - CHECK
POINT GAiA R76, HA CLUSTER. |
- Courses: PIA Data Center Security.
- What: essential Check Point
GAiA HA cluster.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0084 - CHECK
POINT VE ON VMWARE ESXi. |
- Courses: PIA Data Center Security.
- What: essential Check Point
Virtual Edition (VE).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0085 -
MICROSOFT HYPER-V 2012R2 |
- Courses: PIA Data Center Security.
- What: essential Microsoft
Hyper-V 2012 R2 clustering and live migration.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0086 -
INTRODUCTION TO VSPHERE 5.5. |
- Courses: PIA Data Center Security.
- What: essential VMware
vSphere concepts.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0087 - IPSEC
CONFIGURATION ON CHECK POINT GAiA. |
- Courses: PIA Data Center Security.
- What: essential IPSEC concepts on
Check Point GAiA (Hide NAT).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0088 -
HIDE NAT CONFIGURATION ON CHECK POINT GAiA. |
- Courses: PIA Data Center Security.
- What: basic NAT concept on
Check Point GAiA (Hide NAT).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0089 -
FIREWIRE ATTACK. |
- Courses: PIA HEXID.
- What: exploiting firewire to get
access to remote memory (bus).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0090 -
ANDROID INFORMATION LEAK |
- Courses: PIA HEXID.
- What: exploiting an Android
information leak using Metasploit, Android
Development Toolkit, browser.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0091 -
NTLMv1 attack. |
- Courses: PIA HEXID.
- What: exploiting NTMLv1.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0092 - SMB
RELAY. |
- Courses: PIA HEXID.
- What: creating a basic Android
reverse shell.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0093 -
ANDROID REVERSE SHELL |
- Courses: PIA HEXID.
- What: creating a basic Android
reverse shell.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0094 -
ANDROID RAT |
- Courses: PIA HEXID.
- What: introduction Android
malware, Android RAT.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0095 -
ANDROID LOCKSCREEN PROTECTION |
- Courses: PIA HEXID.
- What: bypassing an Android
physical lock screen.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0096 -
ANDROID ASM ROOTING |
- Courses: PIA HEXID.
- What: introduction Android
Rooting with ASM.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0097 - SSH
CRACKING WITH CRUNCH. |
- Courses: PIA HEXID.
- What: introductionto Crunch
and deploying word lists against
SSH users.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0098 - SMTP
SPOOF. |
- Courses: PIA HEXID.
- What: old skool SMTP spoof.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0099 - SIP. |
- Courses: PIA HEXID.
- What: introduction to SIP
enumeration and account cracking.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0100 - SIP
CRACKING. |
- Courses: PIA HEXID.
- What: introduction to SIP
challenge-response cracking (MD5).
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0101 -
NESSUS INTRODUCTION ON KALI LINUX. |
- Courses: PIA HEXID.
- What: introduction to Nessus on Kali Linux
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0102 -
OPENVAS DEPLOYMENT ON KALI LINUX. |
- Courses: PIA HEXID.
- What: introduction to OpenVAS.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0103 - SQL
ENUMERATION AND METASPLOITABLE INTRODUCTION. |
- Courses: PIA HEXID.
- What: introduction to Metasploitable
and basic SQLi.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0104 -
MALICIOUS PDF |
- Courses: PIA HEXID.
- What: demonstration of a
malicious pdf.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0105 -
METASPLOIT KEYSCAN |
- Courses: PIA HEXID.
- What: demonstration of the
Metasploit keyscan feature.
- Play with
HTML5.
Play with
Flash.
Play on
Youtube.

|
|
!# HG-0106 - JAVA
AUTOPWN |
- Courses: PIA HEXID.
- What: demonstration of the
Metasploit Autopwn feature with Java.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0106 - JAVA
AUTOPWN |
- Courses: PIA HEXID.
- What: demonstration of the
Metasploit Autopwn feature with Java.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0107 - NFS +
JOHN THE RIPPER |
- Courses: PIA HEXID.
- What: demonstration of NFS
abuse with John the Ripper
and Metasploitable.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0108 - SQLi
(DVWA). |
- Courses: PIA HEXID.
- What: demonstration of SQLi
with DVWA.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0109 -
METASPLOIT CRASH COURSE |
- Courses: PIA HEXID.
- What: demonstration of the
Metasploit framework
with a quick overview.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0110 -
METASPLOIT + MSFVENOM |
- Courses: PIA HEXID.
- What: demonstration of the
Metasploit framework
with MSFVENOM.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0111 -
SSL MITM + ETTERCAP |
- Courses: PIA HEXID.
- What: demonstration of the
Ettercap NG framework with
a SSL MiTM attack.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0112 -
SSLSTRIP MITM. |
- Courses: PIA HEXID.
- What: demonstration of the
SSLSTRIP framework
to perform a MiTM.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0113 - VEIL
FRAMEWORK. |
- Courses: PIA HEXID.
- What: demonstration of the
Veil Framework and
basic AV evasion.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0114 -
SOCIAL ENGINEERING TOOLKIT (SET). |
- Courses: PIA HEXID.
- What: demonstration of the
Social Engineering Toolkit (SET)
with ARP & DNS spoofing.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0115 -
EVILGRADE. |
- Courses: PIA HEXID.
- What: demonstration of the
EvilGrade MiTM attack.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!# HG-0116 -
DRUPAL 7 SQLi |
- Courses: PIA HEXID.
- What: demonstration of the
script kiddie
SQL Injection exploitation of Drupal 7.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0117 - SHELLSHOCK RECON |
- Courses: PIA HEXID.
- What: demonstration of the
shellshock vulnerability
by abusing a web server using the Burp suite.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0118 - MAC OS X SUDO PRIVILEGE ESCALATION |
- Courses: PIA HEXID.
- What: demonstration of
privilege escalation concept
on Mac OS X using the
"sudo" vulnerability.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0119 - MAC OS X ROOTPIPE |
- Courses: PIA HEXID.
- What: demonstration of
privilege escalation concept
on Mac OS X using the "rootpipe" vulnerability.
Infection through malicious Java payload.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0120 - UAC PRIVILEGE ESCLATION |
- Courses: PIA HEXID.
- What: demonstration of
privilege escalation concept
on Windows 7 using an UAC vulnerability.
- Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0121 - TIMESHIFTER |
- Courses: PIA HEXID.
- What: demonstration of time-based,
cover network channels
using POC "Timeshifter".
- Play with
HTML5.
Play with
Flash.
Play on Youtube.
|
|
!#
HG-0122 - WIFITE |
- Courses: PIA HEXID WIFI.
- What: demonstration of automated
wifi attacks using the PoC "Wifite".
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0123 - ROGUE, SOFT-AP WITH AIRBASE-NG AND ALFA AWUS036H. |
- Courses: PIA HEXID WIFI.
- What: creating a rogue, software AP
for a single SSID by using
Airbase-NG and an ALFA wNIC on Kali Linux 2.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0124
- ROGUE, SOFT-AP WITH HOSTAPD AND ALFA AWUS036NHA. |
- Courses: PIA HEXID WIFI.
- What: creating a rogue, software AP
for a single SSID by using
Hostapd, Kali 2.x 32bit on a physical machine.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0125
- CAPTURING PROBE REQUESTS WITH THE ALFA AWUS036NHA. |
- Courses: PIA HEXID WIFI.
- What: capturing WiFi probe requests
with Kali 2.x 32bit on a physical machine.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0126 - AIRBASE-NG KARMA MODE WITH THE ALFA AWUS036NHA. |
- Courses: PIA HEXID WIFI.
- What: airbase-ng, with Karma Mode, Kali 2.x 32bit on a physical machine.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0127 - WEP CRACKING WITH AIRCRACK-NG. |
- Courses: PIA HEXID WIFI.
- What: aircrack-ng, Kali 2.x 32bit on
a physical machine and the ALFA wNIC
with atheros chipset. Executing the DEAUTH and ARP-replay attack.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0128 - WPA2/PSK CRACKING WITH AIRCRACK-NG. |
- Courses: PIA HEXID WIFI.
- What: aircrack-ng, Kali 2.x 32bit on
a physical machine and the ALFA wNIC
with atheros chipset. Executing a WPA2/PSK attack.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0129 - SHELLSHOCK - THE MISSING PRIVILEGE UPGRADE. |
- Courses: PIA HEXID.
- What: the missing privilege upgrade
after the Shell Shock attack ;).
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0130 - BLANCCO: DISK WIPING. |
- Courses: PIA HEXID/PIA DC SEC.
- What: secure disk wiping with
BLANCCO.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0131 - KARMA WITH PINEAPPLE Mk V |
- Courses: PIA HEXID.
- What: Karma attack and co with the
Pineapple Mk V.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0132 - GOPHISH |
- Courses: PIA HEXID.
- What: security awareness campaign
with phishing, using a test run
of GoPhish.
Play with
HTML5.
Play with
Flash.
Play on Youtube.

|
|
!#
HG-0133 HEXID T.R.E.N.C.H. - DIRTYCOW/POKEMON |

|
|
!#
HG-0134 HEXID T.R.E.N.C.H. - LSASS DoS (MS16-137) |

|
|
!#
HG-0135 HEXID T.R.E.N.C.H. - MS SMB Tree Connect DoS |

|
|
!#
HG-0136 HEXID T.R.E.N.C.H. - GENERIC RANSOMWARE DEMO. |

|
|
!#
HG-0137 HEXID T.R.E.N.C.H. - MACRO + PRIV. ESCALATION + PERSISTANT BACKDOOR. |

|
|
!#
HG-0138 HEXID T.R.E.N.C.H. - HPING3 ICMP TUNNEL. |

|
|
!#
HG-0139 HEXID T.R.E.N.C.H. - IODINE DNS TUNNEL. |

|
|
!#
HG-0140 HEXID T.R.E.N.C.H. - ON THE FLY BACKDOORS AND CODE CAVES. |

|
|
!#
HG-0141 HEXID T.R.E.N.C.H. - RESPONDER. |

|
|
!#
HG-0142 HEXID T.R.E.N.C.H. - RESPONDER AND WPAD SPOOFING. |

|
|
!#
HG-0143 HEXID T.R.E.N.C.H. - VSFTPD BACKDOOR. |

|
|
!#
HG-0144 HEXID T.R.E.N.C.H. - ETERNALBLUE AND PUTTY SSH HIJACKING. |

|
|
!#
HG-0145 HEXID T.R.E.N.C.H. - SMBLoris DOS AGAINST A WINDOWS 10 PHYSICAL HOST. |

|
|
!#
HG-0146 HEXID T.R.E.N.C.H. - SMBLORIS DoS AGAINST VMS ON ESXI 6.x. |

|
|
!#
HG-0147 HEXID T.R.E.N.C.H. - BeEF ESSENTIALS (Man In The Browser (MITB)). |

|
|
!#
HG-0148 HEXID T.R.E.N.C.H. - SSH MiTM PROXY. |

|
|
!#
HG-0148B HEXID T.R.E.N.C.H. - PKI PRIMER WITH TLS (MS 2012R2 AD & IIS). |
- Courses: PIA Cyber Security Explored / PKI Primer.
- What: introduction to PKI and TLS on a MS 2012R2 infrastructure
Play with
HTML5/FLASH (auto-detect).

|
|
!#
HG-0149 HEXID T.R.E.N.C.H.- HASH COLLISIONS (MD5 AND SHA-1). |

|
|
!#
HG-0150 HEXID T.R.E.N.C.H - SQLi basics. |

|
|
!#
HG-0151 HEXID T.R.E.N.C.H - forensic image creation: STUXNET. |
- Courses: PIA HEXID.
- What: creating a forensic target with a STUXNET related vulnerability.
Play with
HTML5/FLASH (auto-detect).

|
|
!#
HG-0152 HEXID T.R.E.N.C.H - introduction to Volatility (memory forensics). |

|
|
!#
HG-0153 HEXID T.R.E.N.C.H - classic lateral movement. |
- Courses: PIA HEXID.
- What: drive-by-download, priv. escalation, pass-the-hash, Metasploit Pivot.
Play with
HTML5/FLASH (auto-detect).

|
|
!#
HG-0154 - TraceWrangler. |

|
|
!#
HG-0155 - NTMLv1 SMB C/R and John The Ripper. |

|
|
!#
HG-0156 - traffic flows with Ntop and IDS with Security Onion. |

|
|
!#
HG-0157 - PTP-RAT, data exfiltration using colour codes (RDP) |
- Courses: PIA HEXID.
- What: deployment of PTP-RAT (PenTestPartners.com) to demonstrate data ex-filtration with color codes (steganography)
Play with
HTML5/FLASH (auto-detect).

|
|
!#
HG-0159 - Bettercap, SSL/TLS, HSTS |
- Courses: PIA HEXID.
- What: deployment of PTP-RAT (PenTestPartners.com) to demonstrate data ex-filtration with color codes (steganography)
Play with
HTML5/FLASH (auto-detect).

|
|
!#
HG-0160 - Red Hat Enterprise Linux, DHCP client exploitation |

|
|
!#
HG-0201 - Memcached, Python and Scapy |

|
|
!#
HG-0202 - Social Engineering, Bash Bunny, USB & Responder |

|
|
!#
HG-0203 - Social Engineering, Rubber Ducky HID & USB |

|
|
!#
HG-0204 - PoC test of Vi CVE-2019-12735 |

|
|
!#
HG-0205 - Core Impact Intro Demo (2019) |

|
|
All rights reserved - PIA, PCU, PXS, giechelbit.duister.org, 2001-2019.
Crazy Mouse Logo is a licensed logo of the related cyber security courses.
All examples were executed on private lab systems.
Information provided can only be used as educational and awareness examples.
Original authors and developers are mentioned where available.
Opinions, products, conclusions, ... referenced are not endorced.