On January 17th I had the privilege to present the HACK.ME project during a Black Hat Webcast with Travis Carelock as moderator and Karl Snider from IBM as sponsor of the event.
Hack.me, that we launched in October 9th during a live event with the Ethical Hacker Network community, is the platform where the commuinty can build and share with others, full-fledged vulnerable web applications.
How do you call a server that is up just to receive your code, and run it?
And by “code”, I mean your nasty code.
We called it Hack.me and we are really excited to have it launched in closed Beta to a bunch of passionate developers, who are already pouring lines and lines of vulnerable applications in it.
Yesterday we’ve announced our craziest project ever. We’ll release it on October 9th.
(Why crazy? Subscribe to our RSS)
If you still don’t know about it, please check it out here.
Ever since the first time I envisioned a platform where vulnerable web applications could be created and shared much like you do with a Mobile App on the Apple Store, me and Domenico Quaranta (@domequaranta), creator of Coliseum, would relentlessly put down notes and ideas on how this platform should have looked like.
Tools: Nessus, Metasploit, Nmap, proxychains.
Attention: In our tests proxychains works only on 32 bit Backtrack 5
One of the best features that Metasploit offers is the ability of “pivoting”. With this technique, an attacker can use a compromised machine as a “pivot” to attack other machines in the same or in other networks that the compromised host can reach.
We have got new 9 minutes of pwnage for you to enjoy in our Youtube channel
Hello everyone, new week, new video.
Here you can see the difference between using staged and non staged shellcodes from a functional point of view and under the perspective of a pentester who wants to evade AV’s. Then we dive into msfencode and its usage to bypass AV’s.
There’s a new video in our Youtube channel.
We are keeping up with our promise to deliver one free pentesting video every week.
So if you have not subscribed yet:
The new video will deal with Msfpayload, a handy utility shipped with Metasploit that lets you use shellcodes (payloads) and builds stand alone executables around them.
What’s new today? We have just opened our Youtube channel! And the best part is that we will host video tutorials and live hacking examples done by our students, for our students.
Someone says that the best way to learn is by teaching.
We’ve heard your suggestions, we’ve applied a number of bug fixes and improvements to our first version of the Penetration testing course Professional and released another updated version of our course:
It is amazing to see how many people are willing to employ much of their spare time noting down bugs and improvements.
Penetration testing course – Pro has probably the most complete and comprehensive coverage of System Security among the penetration testing training courses online.
Vipin Kumar and Nitin Kumar, authors of the system security section, covered shellcoding step by step and in great details.