Defcon Bangalore Meet – Tickets Available!!

Greetings all!!

The Tickets for the September Meet is out. The tickets are divided in to two classes.

• Class I – Event only pass
• Class II -  Event cum networking B33R party pass

PS: Student Discount on Event pass only, on producing the ID card during the meet, and producing the e-ticket. The student pass costs INR 600 only. There is no discount on the Networking cum beer party passes.

Discount code: student

Class I – Event Only Pass

1. This pass allows the attendee to take part in the paper presentation event.

2. This pass entitles the attendee with a “goodie-pack”  which includes Certificate of Participation and a memento.

3. You will be treated to a welcome drink, Hi-tea with snacks during the meet.

Class II – Event Cum Networking B33R party

1. This pass allows the attendee to take part in the paper presentation event.

2. This pass entitles the attendee with a “goodie-pack”  which includes Certificate of Participation and a memento.

3. You will be treated to a welcome drink, Hi-tea with snacks during the meet.

4. Along with the above benefits, you’ll also have an entry to the Networking B33R Party, which will be post-paper presentation and also Dinner Buffet.

This meet will see the CTF (Capture the flag) event sponsored by the Indian Servers.We extend the CTF event with more BEER to all the winners who clear each level of the CTF. More details about the same will be posted later. keep watching this section for updates.

Cheers

10 Wi-Fi security tools for your arsenal – Photostory

Hey guys,

This is an article for WI-fi Pen testers. The must have tools in your arsenal are covered in the form of a photo story on Search-security.IN by me.

Image Courtesy: www.clker.com

You can read the story here:
http://searchsecurity.techtarget.in/photostory/2240146791/10-Wi-Fi-security-tools-for-your-arsenal/1/10-Wi-Fi-security-tools-for-your-arsenal

Cheers
3ps!10nLaMbDa

Fuzzing for fun and profit – Porting exploits to metasploit

This was my paper that I presented at Defcon chennai meet held on jan 29, 2012. I hope you people like it.

This covers the art of fuzzing, SPIKE and also, the metasploit framework. I have also covered how to code your own exploits into the metasploit framework in this paper.

You can view the paper here: Fuzzing for fun and profit_Integrating Exploits to the Metasploit_framework

Cheers
3ps!10nLaMbDa

[Change of Name] Ebook: The BackTrack Experience – An Introduction to White hat Hacking

Hi all,

This is the official announcement regarding the change of title of my book. The new title is changed to “The BackTrack Experience – An Introduction to White Hat Hacking”.  The revision in the title is in effect from 7th February, 2012.

 

Updated link for the purchase of the book:

http://www.amazon.com/BackTrack-Experience-Novice-Introduction-ebook/dp/B006KSVF9Q/

Thank You

Cheers

3ps!L0nLaMbDa

silverstripe CMS persistent XSS vulnerabilties

Hi all,

Yet another bug found, in the silverstripe CMS.
DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent.
silverstripe CMS persisten XSS vulnerabilties
vendor: http://demo.silverstripe.org
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.wordpress.com
Google dork: Powered by the SilverStripe Open Source CMS

* Persistent XSS vulnerability

The page title module of this CMS is vulnerable to persistent XSS.

Exploit:

PoC: http://imageshack.us/photo/my-images/341/silverstripe.png/

Greets to side-effects and Taashu

10 Linux security tools for system administrators

Hi all,

In recent times, the security aspect of information technology has received considerable attention, and large organizations have dedicated security teams to keep tabs on vulnerabilities in their systems and take preventive or corrective action as appropriate. The same level of commitment to maintaining security may not be seen in most SMBs, but the fact remains that any gaps in security could have disastrous consequences for all businesses, regardless of their size.

Security need not always be a hugely expensive affair. In this article, we shall cover Linux-based security tools and distributions, which can be used for penetration testing, forensics, reverse engineering, and so on.

1. Wireshark – Network Packet analyser
2. NMAP – Network scanner
3. ClamAV, chkrootkit and Rootkit hunter – antivirus and malware hunters
4. SNORT – IDS tool
5. NIKTO – Web scanner
6. Metasploit – Exploit development framework
7. Nessus – Vulnerability scanner
8. SPIKE – fuzzer
9. Ollydbg – Debugger
10. Linux Security Distros like Backtrack, Remnux and Matriux

For complete article with details on the tools, check out my column on SearchSecurity.IN. You can read the complete article by scrolling down, all the way to the bottom of the page, skipping the registration part at:

http://searchsecurity.techtarget.in/tip/10-Linux-security-tools-for-system-administrators

Cheers
3ps!l0nLaMbDa

Workshop series and Internship Opportunities

Hey !

Team NetNobles is the official representative of DEFCON in Bangalore, Mangalore and Chennai (formerly known as TopSecure in chennai). We conduct seminars and workshop on Cyber security and ethical hacking across various technical universities of India, and have got a very positive feedback from the student community.

We strive to give the best foundation to the students in Information security (by offensively securing themselves). We are open to calls from various colleges for workshops and seminars.

Our workshop series is named as “HaXor”. The participants of the workshop would get a certificate of attendance, a DVD toolkit and hands-on experience on offensive security. You can contact team netnobles at netnobles@gmail.com

Attendees of this program can apply for an internship opportunity with us. We shall short list based on the resume, and have a telephonic/online interview with the candidate and declare the results here.

Add yourself to our name list: Click here to add yourself to the program.

Download our brochure: NetNobles_EthicalHacking_Course_Brochure

Topics covered in the Level – 1 of the workshop series:

Internship opportunities with NetNobles Team:

Cheers

3psil0nlambda

BackTrack 5 tutorial: Part 3 – More on exploitation frameworks

Hey guys,

BackTrack 5, the much-awaited penetration testing framework, was released in May 2011. This third installment of our BackTrack 5 tutorial explores tools for browser exploitation such as theft of credentials, Web privilege escalation and password recovery. This part of our BackTrack 5 tutorial also provides an insight into automated SQL injection using DarkMySQLi.

Dig down to the bottom of the page to read the whole article unregistered on Techtarget on this link:

http://searchsecurity.techtarget.in/tip/BackTrack-5-tutorial-Part-3-More-on-exploitation-frameworks

Keep looking this blog for more on Backtrack5.

Cheers
3ps!L0nLaMbDa

The Metasploit Framework Tutorial PDF compendium: Mr. Karthik Ranganath

The Metasploit Framework is a free, open source penetration testing solution developed by the open source security community. Metasploit Framework eliminates the need for writing individual exploits, saving pen-testers considerable time and effort. Originally created by H D Moore in 2003, Metasploit was later bought over by Rapid7. Over time, it has matured into a popular tool of choice for infosec professionals and enthusiasts.

SearchSecurity.in has put together a basket of tutorials that cover the Metasploit Framework’s various aspects. Our Metasploit Framework tutorials cover pen-testing using Metasploit — right from the basics to post-exploitation — and everything in between. These Metasploit Framework tutorials are available for free download in PDF format for offline reference. Please go through the links on this page for our Metasploit Framework tutorial PDFs.

Scroll down to the bottom of this link to download the PDFs unregistered.

http://searchsecurity.techtarget.in/tutorial/The-Metasploit-Framework-Tutorial-PDF-compendium-Your-ready-reckoner?utm_content=c&asrc=EM_USC_15338700&utm_medium=EMAIL&utm_campaign=HOUSE-UNSC-Nov0211&utm_source=sSecurity_INDIA&Offer=mn_eh110211INSCUNSC_c

Cheers

3ps!L0nLaMbDa

BackTrack 5 Guide II: Exploitation tools and frameworks

Hi all,

In the first part of this BackTrack 5 guide, we looked at information gathering and vulnerability assessment tools. In the second part of this BackTrack 5 guide, we will use BackTrack 5 tools to exploit a remote system and learn how the exploitation framework can be used with the privilege escalation tool John the Ripper to crack passwords and gain access to a remote Windows system.

Dig down to the bottom of the page to read the whole article unregistered on Techtarget on this link:

http://searchsecurity.techtarget.in/tip/BackTrack-5-Guide-II-Exploitation-tools-and-frameworks

Keep looking this blog for more on BT5.

Cheers

3ps!L0nLaMbDa