 New Course: Adv. Win32 Exploitation |
New Course Available:
This multi-day software exploitation oriented course focuses on the Windows operating system as a primary target. The student will be immersed in advanced concepts regarding methods of taking control of a process through memory corruptions and and the abuse of logical constructs.
|
| |
|
New Course: Adv. Reversing Malware |
New Course Available: Advanced Reversing Malware
This new course focuses around the applied theory of reverse engineering in the analysis of modern-day threats such as those found in Malware. The labs within this course will target real world threats actually found within the wild. A student will learn to extract important behavioral information from captured Malware as well as how to defuse new age Malware anti-debugging measures.
|
| |
|
New Course: Pen. Testing Ops and Tactics |
New Course Available: Advanced Penetration Testing Tactics and Operations
In order to properly assess a computer network during a penetration test, proper methodologies must be applied to the penetration test so not toleave out or exclude any potential weak points and network assessment. This course details advanced preparation, time management, and planning required before a penetration test can commence.
|
| |
|
New Research: Bin. Export Analysis |
New Research Available: Overprototyping in Function Analysis
Programmers familiar with the C and C++ programming languages are typically familiar with the process of using precompiled binary libraries. Often times third parties will lease out binary libraries to development firms in order to speed up completion of application development. Reverse engineers however often times are never provided with any usable header information regarding these redistributable binary libraries which makes the process of determining what the individual libraries exported routines are actually used for, a mystery. This paper attempts to demonstrate how to use what we know about the Intel platform in order to make educated guesses about function behavior for the purpose of finding vulnerable binary function interfaces.
|
| |
|
New Course: Adv. Win32 Exploitation |
New Course Available: Advanced Windows32 Exploitation
The advanced Windows exploitation course is a five day course that focuses on the current state of the art in Microsoft process space exploitation. For penetration testers in the new age of Microsoft security mechanisms it becomes highly important for the sake of proper testing to be familiar with the current state of the art and exploitation technology. This course has been designed with an extremely technical theme detailing the majority of currently working process hijacking and subterfuge available.
|
| |
|
New Course: Juniper Firewalls |
New Course Available: Implementing Juniper Firewalls
This introductory course focuses around implementation of stand-alone Juniper firewalls. Students attending this course will be provided with hands on experience configuring SSG-5 and an NS-100 firewall appliances from Juniper.
|
| |
|
Presentation: L.A.M.P. Injections
|
presentation available: L. A. M. P. injections
Linux, Apache, my SQL, and PHP make up the four critical components of Linux Web server typically. This presentation attempts to describein the process through which a penetration tester can exploit SQL injections during penetration testing. This presentation was originally given for the DC619 local group here in San Diego.
|
| |
|
New Research: Auto. Exploit Dev |
New Research: Automated Exploit Development
This new paper attempts to describe the process behind our very own prototype-8 memory debugging and exploitation engine. This paper was originally written for the toorcon 2007 conference, and was presented by her senior researcher Jason Medeiros. It details several methods which an exploit engineer can utilize in order to automate the process of exploit development completely. Full debugging loops for Windows and Linux are provided free of charge in the appendices of this document
|
| |
