background preloader

Cyber Security

Facebook Twitter

ToolsWatch.org – The Hackers Arsenal Tools Portal. Best Hacker Tools Online - Wireless, Wifi Hacking, firewall hacking, digital forensic tools fuzzers, intrusion detection, packet crafting, password crackers, port scanners and rootkit detectors. Vulnerable By Design ~ VulnHub. Vulnerable By Design ~ VulnHub. Kook Sec. Windows Privilege Escalation Fundamentals. Not many people talk about serious Windows privilege escalation which is a shame.

Windows Privilege Escalation Fundamentals

I think the reasons for this are probably (1) during pentesting engagements a low-priv shell is often all the proof you need for the customer, (2) in staged environments you often pop the Administrator account, (3) meterpreter makes you lazy (getsystem = lazy-fu), (4) build reviews to often end up being --> authenticated nessus scan, microsoft security baseline analyser... Contrary to common perception Windows boxes can be really well locked down if they are configured with care. On top of that the patch time window of opportunity is small. So lets dig into the dark corners of the Windows OS and see if we can get SYSTEM. It should be noted that I'll be using various versions of Windows to highlight any commandline differences that may exist. Basic Linux Privilege Escalation - g0tmi1k.

Before starting, I would like to point out - I'm no expert.

Basic Linux Privilege Escalation - g0tmi1k

As far as I know, there isn't a "magic" answer, in this huge area. This is simply my finding, typed up, to be shared (my starting point). Below is a mixture of commands to do the same thing, to look at things in a different place or just a different light. Logging with ELK and Docker · @ehazlett. Fri, Nov 21, 2014 Elasticsearch, Logstash and Kibana (known as the “ELK” stack) provide the ability to visualize data from any source.

Logging with ELK and Docker · @ehazlett

This is a follow up to my previous Logstash post. This is updated with the latest versions of the components and “dockerized” for easy use and deployment. Elasticsearch Elasticsearch is a distributed, real-time, indexed datastore. We will start a Docker container based off an Elasticsearch image I have on the Docker Hub ( docker run -it --rm \ -p 9200:9200 \ -p 9300:9300 \ --name es \ ehazlett/elasticsearch. ELK Stack for Network Operations [RELOADED] Update.

ELK Stack for Network Operations [RELOADED]

How To Install Elasticsearch, Logstash, and Kibana 4 on Ubuntu 14.04. Introduction In this tutorial, we will go over the installation of the Elasticsearch ELK Stack on Ubuntu 14.04—that is, Elasticsearch 1.4.4, Logstash 1.5.0, and Kibana 4.

How To Install Elasticsearch, Logstash, and Kibana 4 on Ubuntu 14.04

We will also show you how to configure it to gather and visualize the syslogs of your systems in a centralized location. Logstash is an open source tool for collecting, parsing, and storing logs for future use. Как я сдавал OSCP / Хабрахабр. Периодически на хабре поднимается тема подготовки специалистов в различных областях информационной безопасности и получения соответствующих сертификаций.

Как я сдавал OSCP / Хабрахабр

Уже обсуждали подготовку и сдачу CISSP, CISA, Security+, CEH\ECSA. Penetration Testing Methodology - 0DAYsecurity.com. Basic Linux Privilege Escalation - g0tmi1k. Penetration test. PenTest. Тестирование на проникновение. Программы обучения. Демо. Upload.

Программы обучения. Демо.

Этичный хакинг и тестирование на проникновение. OWASP Top 10 for .NET developers part 1: Injection. There’s a harsh reality web application developers need to face up to; we don’t do security very well.

OWASP Top 10 for .NET developers part 1: Injection

A report from WhiteHat Security last year reported “83% of websites have had a high, critical or urgent issue”. That is, quite simply, a staggeringly high number and it’s only once you start to delve into to depths of web security that you begin to understand just how easy it is to inadvertently produce vulnerable code. Inevitably a large part of the problem is education. Oftentimes developers are simply either not aware of common security risks at all or they’re familiar with some of the terms but don’t understand the execution and consequently how to secure against them. Of course none of this should come as a surprise when you consider only 18 percent of IT security budgets are dedicated to web application security yet in 86% of all attacks, a weakness in a web interface was exploited. OWASP and the Top 10. The ADFA Intrusion Detection Datasets. The ADFA Intrusion Detection Datasets This page provides access to the new ADFA IDS Datasets.

The ADFA Intrusion Detection Datasets

The datasets cover both Linux and Windows; they are designed for evaluation by system call based HIDS. Free use of these datasets for academic research purposes is hereby granted in perpetuity. All other rights relating to this collection of work are reserved under Australian and International law. Use for commercial purposes is strictly prohibited. Gideon Creech has asserted his right under the Copyright, Design and Patents Act 1988 to be identified as the author of this work. 6.858 Fall 2014 Lectures. Upload Nickolai Zeldovich Loading...

6.858 Fall 2014 Lectures

Working... ► Play all 6.858 Fall 2014 Lectures by Nickolai Zeldovich24 videos15,767 viewsLast updated on Dec 15, 2014. Packet Analyzer: 15 TCPDUMP Command Examples. Tcpdump command is also called as packet analyzer. tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. Packet Analyzer: 15 TCPDUMP Command Examples.