Index of articles

This archive was last updated - 23rd August, 2011

(For more recent articles, see main blog page)


Tools

Backtrack

Backtrack 5 R1 - Some things fixed, some things br...

A few other tips for Backtrack 5 graphics drivers ...

Backtrack 5 released - my first look at it
Overcoming problems installing Backtrack 5 on a sy...
An alternative way to do "psexec" on Backtrack 4
Answers for some simple questions on Backtrack 4
Example iptables firewall ruleset for Backtrack 4
Password cracking: Using John The Ripper (JTR) to ...
Backtrack 4 tips: KDE Konsole tabs
Backtrack 4 R2 released - my first upgrades and us...

My first tests ofBacktrack 4 R1

Metasploit

Metasploit: Using the Meterpreter sniffer extensio... 

Fixing a broken Metasploit 3 install on Backtrack ... 

Post-exploitation: Downloading files from a victim... 

Hacking techniques: Pass the hash (PTH) with Metas...
Hacking techniques: Using msfencode to obscure a "...

Mass Pwnage: Hacking with Metasploit db_autopwn an...

Creating and using a binary Metasploit meterpreter...

Hydra
Using Hydra to dictionary-attack web-based login f...

Hping

Why ping does not work very well, and hping "the r...

Nmap

Nmap nse broadcast scanning in Backtrack 5
Fyodor and nmap videos - annotated


Beginner level: Nmap examples (basic nmap examples... 

Using Nmap as a vulnerability scanner

Aircrack

Wireless security: Clientless WEP cracking

Cracking WEP keys on wireless routers

Snort
How to use snort on Backtrack 4: Basic examples wi...


Vulnerability scanning

Easy Nessus scan for a beginner with Backtrack 5
Vulnerability scanning with OpenVAS

Techniques

Webserver defense-in-depth - Hackers vs SELinux an...
Scapy packet forging, and writing multi-threaded n...
Finding alphanumeric jump addresses for buffer-ove...
Building a web-application hacking lab - to practi...

Attacking and defending virtual Cisco routers on B...
Attacking and defending virtual Cisco routers on B...
A quick guide to Linux privilege escalation
More efficient port-scanning in Python and Perl
Expanding a network compromise via switches and ro...
Using Backtrack to spot and fix bad characters in ...
Assessing buffer-overflows with the WinDbg !exploi...
Accessing and cracking mysql passwords via vulnera...
Setting up a reverse VNC connection (linux version...
Can Google really be used as a proxy server - to a...
Data mining Backtrack 4 for buffer overflow return...
FTP transfers from within a non-interactive shell ...
Using winrelay or fpipe for port redirection via a... 
A Wireshark capture filter for HTTP 503 errors

Creating effective dictionaries for password attac...

Bish Bash Bosh; Linux commandline Kung-fu for Hack...
Attacking secured clients via a insecure wireless ...
Cracking Windows passwords with fgdump and John th...

Hackintosh


 

Thoughts and analysis

Vmware still promoting a very old "browser-applian...
The eEye 0-Day Watchlist
My blog visitor stats and demographics
Web-based malware and clientside java tampering - ...
Using cut'n'shut shellcode to expand available exp...
Some thoughts and analysis of the Wikileaks "Cable...
Language trends in exploit development
Botnets and distributed cracking

Cryptography vs Moores Law

IT Security principles


Penetration testing: Permission, ownership and "ha...
How to choose better passwords

CISSP Defence in depth: How to protect the IT Syst...
The how and why of IT Security - interesting prese... 

Study

My research project "vulnerabilities in IT securit...
I've passed the OCSE (Offensive Security Certified...
Cost effective study for CCNA
Passed OSCP - I'm back and blogging

Updates to my study plan and CTP
CEH and Security+ Certifications

Pentesting with Backtrack and the OSCP certificati...
The most popular IT Security qualifications - by d...
Study plan for the next few months 
CISM passed
IT Security qualifications

News

ProFTP; site compromised, and code backdoored
Adobe PDF Reader X; The worlds most dangerous desk... 
Evilgrade 2.0 released - with a lot more modules f...