-
Practice for OSCP
2016-09-29
There are several excellent places online you can practice for the PWK/OSCP course and certification. In no certain order, they include: OverTheWire HackThisSite VulnHub HackSplaining CTF365 Root-Me Hacking Lab Pentester Lab
-
Learning remote enumeration (Part 2)
2016-09-15
In Part 1, I introduced some sound methodology for approaching remote enumeration, which I now realize needs a bit of revision. It's not that it's a bad approach, it's just too aggressive and would potentially miss certain aspects of the target that may prove useful or time-saving. Act like a user, not a hacker The first thing I've learned is that it's best to act like a user, not an attacker.…more
-
Walking through a basic buffer overflow
2016-09-05
I'm learning about buffer overflows in preparation for the PWK course and OSCP exam. I haven't touched assembly language in more than 20 years, and the protections present in modern OSes just didn't exist back when I first learned all this (let alone the fact that I was working on 680x0 and 650x assembly at the time). After trying desperately to make the mental leap from the 1990s to modern operating systems and following along in Aleph One's Smashing The Stack For Fun And Profit, I decided to use the material from Chapter 16 of Georgia Weidman's excellent Penetration Testing: A Hands-On Introduction to Hacking, and write this to ensure I understand exactly what I'm doing and what's going on in that chapter.…more