The Ultimate Hacking / Security Training Resource on 5 DVD's
This 5 disk collection contains over 20 hours of great Computer / Hacking / Security Video Training.
The presentation style video training is second to none and all videos are given by experts in the field.
The material is all presented through video including , live demonstrations of the subject matter being discussed.
Disk 1
Keynote Speech 1 - Click Jacking
Clickjacking affects just about everyone using a Web browser and it’s time the full details are released.
Think of any button (image, link, form, etc) on any website (internal or external) that you can get to appear between the Web browser walls. Wire transfer on banks, DSL router buttons, Digg buttons, CPC advertising banners, Netflix queue, etc. Next consider that an attacker can invisibly hover these buttons below the user’s mouse, so that when a user clicks on something they visually see, they’re actually clicking on something the attacker wants them to. Now, what could the bad guy do with that ability? The potential is limitless. The more Robert Hansen (CEO, SecTheory) and Jeremiah Grossman (CTO, WhiteHat Security) researched, the worse the exploits became. Several different flaws exposed themselves, making a once underestimated attack technique extremely scary.
The fundamentals of clickjacking are outlined and live demonstrations of the capabilities of this once underestimated attack are given.
Running Time: 56min
Keynote Speech 2 - Cyberwar is Bulls**t
There has been a great deal of irresponsible and inaccurate talk about “cyberwar” in the last decade, in spite of the fact that it’s technologically and militarily impractical. Its counterpart, “cyberespionage” makes a bit more sense, and is less mythical but falls under the category of “nothing new.” In this presentation we’ll look past the hype at the reality of “cyberwar”.
Running Time: 56min
Mac OS Xploitation
MacOS X has so far enjoyed a comparatively safe and malware-free existence on today’s hostile Internet. While many previously believed that this was due to its superior security, public demonstrations of the Mac’s vulnerability to attacks have hopefully proven otherwise. As with any technology, it is important to know both its strengths and weaknesses. This presentation will focus on the exploitatability of memory corruption vulnerabilities in and on MacOS X by applying currently known techniques to a new platform as well as introducing some new techniques as well.
Mac OS X Leopard includes a number of runtime protection features intended to hamper exploitation of memory corruption vulnerabilities. These features include the Execute Disable (XD) bit on Intel processors, Library Randomization, and Sandboxing. While some of these features are familiar and can be seen on other systems, some of them are unique to Mac OS X. This presentation will discuss the design, implementation, limitations, and evasions of these defenses.
Unlike other modern systems, the MacOS X Scalable Zone (szone) heap allocator does not protect against heap metadata overwrite exploits. This presentation will also describe the design and implementation of the szone allocator and demonstrate how it may be exploited with basic heap metadata overwrites. Finally, this presentation will discuss exploit payload construction techniques for Mac OS X, including the necessity of vfork() in threaded applications, resolving symbols in loaded libraries, and pure memory library injection into the vulnerable (or any other) process using Mach system calls and dyld function calls.
Running Time: 58min
Analysis and Visualization of Common Packers
In a field like malware analysis the first problem one encounters is that of overcoming the protection schemes devised by others, be those the creators of malware themselves or companies developing the protections as generic tools to deter reverse engineering and cracking.
Those protection schemes have developed over time to include a wide variety of anti-debugging and anti-disassembling techniques. Nowadays virtual machines and advanced obfuscation techniques are commonly found and make the process of reverse engineering the original application all the more complex. In this session we will see some of the techniques used by protection schemes and how they compare to each other, peeking as well into the developing counter-measures against them.
Running Time: 56min
Pass-the-Hash Toolkit for Windows
The ‘Pass-the-hash’ technique, first published in 1997 by Paul Ashton, basically allows attackers to use captured NTLM hashes to authenticate to remote hosts without having to decrypt those hashes to obtain the cleartext password. All these years this technique has been performed using modified smb clients (e.g.: samba) or third-party implementations of the SMB/CIFS protocol. This means that after successfully authenticating to a remote host using the ‘pass-the-hash’ technique, functionality available to attackers/penetration testers is limited to what is implemented by these clients.
The Pass-The-hash toolkit is the first public implementation of the ‘pass-the-hash’ technique for the Windows platform. It allows attackers/penetration testers to perform the technique from a Windows machine (e.g.: by changing the current local logon session credentials or by creating a new local logon session with the desired credentials: username/domain/NTLM hashes) and then, once authenticated, use native Windows administration utilities (made by Microsoft or a third-party) to access remote services, gaining access to all the functionality provided by the native utilities without limitations.
This presentation will describe how the different tools included in the toolkit were implemented, and will explain how to use the toolkit during a penetration test.
Running Time: 52min
Disk 2
Real-Time Geo-Location of Moochers, Hackers and Unauthorized WiFi Users
With wireless networking so prevalent in modern societies, the ability of a person to tap into someone elses’ wireless network and use their internet connection for mischief is cause for concern. Terrorist communications, illegal file sharing, illegal software (warez) downloading - the list is growing larger and larger every day. Typically, getting the internet IP address of the exploited user’s wireless network gateway is the easy part - but how do you isolate, identify and track down where the moocher, hacker or unauthorized WiFi user is physically located in a high-density urban environment?
This presentation and practical demonstration will unveil MoocherHunter, our new free tool which we’ll be making available for free end-user use that law enforcement and other authorized parties can use to isolate and hunt down wireless perpetrators in real time, on-the-fly. MoocherHunter was first previewed and well-received at a closed-door, non-public session to Law Enforcement officials from ASEANOPOL,INTERPOL and S.E. Asian Police Forces in the Singapore Police Force-organized CyberCrime Investigation workshop (CCIW) 2008 held in April 2008.
Running Time: 50mn
Full Process Reconstitution from Memory
Recently there has been a lot of discussion about using memory forensics during incident response as part of an investigation; however, memory forensics can also be leveraged when doing malware analysis in a lab. The only difference between the two use cases is how the binary is acquired. Using memory forensics a malicious process or the malicious portions of a process can be captured from memory without using a debugger; injecting into the process; or relying on any APIs to enumerate, address, and acquire the address space.
Running Time: 52min
Delivering Identity Management 2.0 by Leveraging OPSS
The identity management industry continues to expand with new products and capabilities, many of these technologies typically fall into one of three broad functional areas: directory services, identity administration, or access management.
While the industry tends to still group identity management technologies into the three functional areas as described above, we are starting to see a new generation of functionality emerge. “Identity Management 2.0” is being driven by: a new era of governance, risk, and compliance; increasingly sophisticated online attacks; and corporate consolidation from merger and acquisition activities.
As we are increasingly seeing, risky access from unknown networks or un-registered or malware-ridden computers or smart phones can easily compromise passwords including the tokens and other authentication solutions. Enterprises on the other hand should consider taking steps to protect and use this sensitive information in a secure fashion within their existing Identity management systems or on-going provisioning and access management projects by introducing a risk-aware provisioning & risk-aware access management process that can be leveraged from using newer technologies like adaptive authentication and proactive real time fraud prevention strategies.
Running Time: 46min
Bluepilling the Xen Hypervisor
This talk will discuss how to insert Bluepill on top of the running Xen hypervisor (x64). Methods to do that both with and without restart (i.e. on the fly) will be shown. To make this possible, Bluepill needs to support full nested virtualization, so that Xen can still function properly. The presentation will also discuss how the “Bluepill detection” methods proposed over the last 2 years, as well as the hypervisor integrity scanning methods, fit into this new scenario and how far we are from the stealth malware`s Holy Grail.
Running Time: 46min
Internet Explorer 8 - Trustworthy Engineering and Browsing
This paper will present a technical overview of the security engineering process behind Internet Explorer 8.0. As the threat landscape has evolved from simple social engineering attacks and deception and moved beyond browser vulnerabilities, a whole range of emerging exploits compromising the promise of Web 2.0 and legitimate web servers. Come see how we’ve listened to feedback from the security community and consumers and how we’ve changed how we engineer our products as a result. The talk provides an overview of the security engineering in IE8, how its different from the past and provides a sneak peek into some of the most important features going into IE8.
Running Time: 61min
Disk 3
A Fox in the Hen House - UPnP IGD
This presentation will demonstrate the dangers of the often overlooked Universal Plug and Play (UPnP) Internet Gateway Device (IGD) profile. UPnP IGD is commonly enabled on modern home cable modem/wireless routers. UPnP IGD allows applications such as games and chat clients to request needed port forwards without the user’s intervention. Many of these routers do not even display these port mappings in their administrative interfaces.
In this presentation we will walk the audience through the simple steps needed to modify the port mappings on a common wireless router and discuss some of the potential attacks that can be performed. Sample code will be demonstrated that dynamically adds and removes port forwarding rules from the router to expose internal services to the internet. This simple attack is performed without any need for authentication and the new forwarding rules generally aren’t visible in the web interface of the router.
Running Time: 56min
Hacking Internet Kiosks
Internet Kiosks have become common place in todays internet centric society. Public internet Kiosks can be found everywhere, from Airports, Train stations, Libraries and Hotels to corporate lobbies and street corners. Kiosks are used by thousands of users daily from all different walks of life, creed, and social status. Internet kiosk terminals often implement custom browser software which rely on proprietary security mechanisms and access controls. Kiosks are designed to limit the level of access a user has to the internet kiosk, and attempt to thwart malicious activity. Kiosk users are prohibited from accessing the Kiosks local file system, or the surrounding local network attached to the Kiosk.
This talk will cover Internet Kiosk software exploitation techniques, and demonstrate methods of compromising internet Kiosk terminals. An online service dubbed iKAT will also be officially released to the public. iKAT (Interactive Kiosk Attack Tool) enables a user to access a suite of online resources, design to aid successful Kiosk exploitation. This presentation will demonstrate how iKAT can be used to compromise a Kiosk terminal in under five minutes! Walk up to a Kiosk, find iKAT, pop shell, it does not get much easier than that.
I promise you will never look at an Internet Kiosk the same way again.
Running Time: 61min
How the Leopard Hides His Spots - OS X Anti-Forensics Techniques
Anti-Forensics is the buzzword within forensic circles, and yet there is very little new information on this critical topic. This talk will retrace the core anti-forensic techniques and methodologies, and show how they can be applied to defeat forensic analysis of OS X systems. This talk will include attacks against the OS X file system (HFS+), as well as attacks beyond the file system. There will be 0-day OS X bugs as well as previously unreleased attacks against Microsoft file systems.
If you are a hacker, you’ll discover a new world of data storage, and if you’re a forensic investigator… be prepared to never discover anything again.
Running Time: 56min
Browser Exploits - A New Model for Browser Security
This presentation is in two parts: (a) Exploring the browser’s attack surface and (b) the Teflon approach for fine-grained browser security.
This presentation begins with an examination of the fundamental architecture of a browser and its components to get a proper understanding of the full attack surface. The focus then moves to key concepts that are leveraged in practical exploitation of browsers. A few examples of popular browser exploits and an example “0-day” exploit shall be demonstrated. The talk also goes to show how the next generation of Javascript delivered exploits render current defense mechanisms useless. Antivirus programs and malware scanners are already being proved ineffective and cannot continue to identify and stop browser exploits in the future. The talk then moves on to new proposed defense mechanisms that attack the very principles that browser exploits depend on.
The second part of the presentation revolves around Teflon. Work on Teflon started in March 2008. Teflon 1.0 shall be released in this talk. Teflon is built upon the concept of fine-grained browser security. We shall demonstrate how Teflon succeeds in thwarting the next generation of browser attacks demonstrated earlier.
Running Time: 56min
Disk 4
The Pirate Bay - Dissolving an Industry as a Hobby
The Pirate Bay is the worlds largest file sharing network, currently and historically. It is a thorn in the side of the current media distributors as it utilizes the power of the Internet to dissolve the old way of distribution. The old media is fighting back using all their power, both legal muscles and illegal methods in trying to shutdown this system. In this keynote, TiAMO and brokep (Pirate Bay Founders) will discuss how the Internet gives you the power to dissolve old monopolies and an insight into what it takes to run The Pirate Bay - a system that generates an estimated 10% of the global Internet traffic; as a hobby.
Running Time: 81min
Pushing the Camel Through the Eye of a Needle
Disclaimer: This talk will be as web2.0 correct as possible and will demonstrate healthy network ownage using all of todays cool buzzwords like Ajax, XML, XSRF, XSRT and SOAP..
In 2007 SensePost demonstrated the how DNS and Timing attacks could be used for a variety of attacks. This year we take those attacks further and show how small footholds in a target network can be converted into portals we can (and do) drive trucks through! With some updated SensePost tools, and some brand new ones, we will demonstrate how to convert your simple SQL Injection attacks (against well hardened environments) into point and click (well, type and click) ownage, how the framework management pages you never knew you had, can double as our network proxies and why despite all of the hype around SQL Server 2005, we still enjoy finding it behind vulnerable web applications.
The talk is fairly technical and expects that the attendees understand the basics of Web Application and Web Browser based attacks. Attendees will leave with new attack vectors, a couple of new tools and some thoughts on future directions of these attacks.
Running Time: 63min
iPwning the iPhone
This talk will begin with a some basics about the iPhone and its architecture. What kind of hardware is on the device, what kind of applications come by default, what does the file system look like? It will then show how to get terminal access to a device including ssh access to it.
Next, the attack surface of the iPhone will be contrasted with that of the a typical Mac OS X Leopard computer. Ways to find vulnerabilities on the iPhone will be discussed including fuzzing and reverse engineering when applied to the iPhone. In particular, the iPhone SDK will be shown to be an effective tool in finding iPhone vulnerabilities.
Next, iPhone specific exploitation techniques will be discussed. These include taking into account the limited physical resources of the iPhone. The exploit used to win PwnToOwn at CanSecWest 2008 will be shown ported to the iPhone (1.4.1).
Finally, iPhone shellcode payloads will be demonstrated. These will include iphone specific shellcode as well as typical port bind shellcode. Writing shellcode in the absence of the /bin/sh executable will be highlighted. The highlight will be injecting arbitrary libraries into a compromised process.
Running Time: 57min
Decompilers and Beyond
Disassemblers are routinely used for reverse engineering but their inherent limitations make them ineffective for modern large applications. In order to cope with the volume and complexity, we have to switch to the next level of binary code analysis: decompilation. In this presentation we will discuss the process of decompiler construction, the encountered problems and solutions. Our slides will show the decompilation process step by step. Decompilers open the way to new tools and analysis methods - we will also briefly have a discussion on them.
Running Time: 56min
Remote Code Execution Through Intel CPU Bugs
According to the Intel Specification Updates, Intel Core 2 has 128 confirmed bugs. Intel Itanium (designed for critical systems) looks more “promising”, carrying over 230 bugs. They have all been confirmed by Intel and described in errata section of their specification updates. Some bugs “just” crash the system (under quite rare conditions) while the others give the attackers full control over the machine. In other words, Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running.
Although CPU bugs are not something new in the security industry, nobody has come out with any proof-of-concept exploits and as it stands, there are no known malware that take advantage of these bugs, although some malware writers have actually used CPU bugs for targeted attacks. It is just a matter of time before we start seeing these sort of attacks used in more devastating ways over the Internet. Intel has provided workarounds to major BIOS vendors for some of these bugs, but who knows which vendor actually uses them? End-users are in the dark as to how to check if they are secure or not. Intel doesn’t provide any test program for this and the worst thing is - some bugs are still not fixed. In other words, Intel has no workaround for it.
In this presentation, It's shared the finding of CPU malware detection research which was funded by Endeavor Security. Also presented to the participants will be improved POC code and will show participants how it’s possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want (for example: short nested loops lead to system crashes on many CPUs). Also shared with the participants is experience in data recovery and how CPU bugs have actually contributed in damaging our hard drives without our knowledge.
Running Time: 32min
Disk 5
Client-side Security
Client-side software generally refers to a class of computer programs that are executed on the client, by the user’s supporting environment, instead of the server. Both, clients and servers are in constant interaction. In a Web environment, the client is represented by the user’s web browser, while the server is the remote computer, which serves dynamic content. In a much broader context, the client-server relationship can be represented by a network client connected to a WiFi network.
This paper describes numerous techniques for attacking Clients-side technologies. The content of the paper is based on the research that has been conducted over the past year by the GNUCITIZEN Information Security Think Tank. The presentation will cover the details of this year QuickTime vulnerability affecting Windows Vista and XP.
Running Time: 38min
How to Build Your Own Password Cracker with a Disassembler and a Little VM Magic
The burgeoning popularity of full-disk and volume-based encryption is posing a swiftly growing challenge to forensic investigators. Adapting to this challenge will require a re-engineering of the process for acquiring digital evidence, from the legal framework applied to the tools and techniques used. In a growing number of cases, the acquisition of digital forensic evidence in criminal cases will bear a strong resemblance to the process used by criminals to break into computer systems. Although this trend has precedent in the world of law enforcement where police enter buildings by force and employ locksmiths to crack safes it represents a sea-change in the digital forensic arena.
The presentation will address the implications for the forensics community, as well as the techniques and skills that investigators need to develop. Case examples will illustrate key points. And, to highlight the type of new approaches necessary, we will demonstrate the creation of an ad-hoc password-cracking tool using an equally ad-hoc reverse engineering approach. We’ll then employ the tool in a virtual machine environment to recover a forensic disk image from a system that uses full-disk encryption.
Running Time: 52min
Top 10 Web 2.0 Attacks
Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.
He is also the author of popular books like Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.
Running Time: 62min
Disclaimer:
The material in this auction does not infringe on any property rights, it does not violate any eBay policies or effect any VeRO members rights. The dvd is free from any regionality or encoding worldwide. This dvd compilation conforms to all eBay terms & conditions. If you feel the information contained in this auction infringes on your property rights, please contact the seller and it will be given strict attention. The information contained in this auction is of great educational material, and is only used as a medium to learn within an ethical framework. Please do not purchase this item if you intend to use this material for anything other than ethical educational use. For informative / educational use only. |
Back to Search Results
) 
Suppressed Media
Print
Report item
