defcon hacking

Introduction: We are all aware of tools like Burp, Paros, WebInspect, etc... For intercepting web-based traffic and also for automating the security testing process. however, the same is not true for thick client applications. we do not have automated tools available for automating the security testing of thick client applications. In my previous article on "Application Security Testing of Thick Client Applications", I mentioned a few tools that can be used for penetration testing of a thick cli

Post an old article! Implementation and Application of Google Hacking Google Hacking is actually nothing new. I saw some related introductions on some foreign sites in the early years. However, since Google Hacking did not pay attention to this technology at the time, I think that at most it is only used to find unrenamed MDB or webshells left by others, and the

Hacking MSSQL without knowing the password Copyright owned by original author0x01 Preface In a recent penetration test, I accidentally noticed some unencrypted MSSQL traffic during packet capture. Because the syntax is put there, it won't be wrong. At first, I thought this was a way to capture the authentication credential. However, MSSQL encrypts the login traffic, which means I had to crack its encryption algorithm to obtain the credential. If a se

.googlecode.com/svn/trunk proxmark-trunk // because this is the code that is cloned from Google via SVN, when executing this command remember FQ CD proxmark-trunk/Clientmake// Enter PM3 's working terminal HW Tune // test Equipment0x02 ConclusionThe environment was set up, as the article said: PM3 can be in the water card, bus card, Access card and other RFID\NFC card and corresponding to the machine read, data exchange time to sniff attack, and use the sniffer data through the XOR Check tool

Are you still looking for a tool to complete your daily activities, or are you just looking for new tools that you can try to play? No need to worry, because today is your lucky day! Today, I will mention a variety of links, resources and editing tools that can be used for penetration testing, computer forensics, security, and hacking techniques.toolswatch.orgToolswatch.org is maintained by NJ Ouchn (@toolswatch) and Maxi Solder (@maxisoler). This is

Soon after work, always want to do something, learn something, but never seem to start.Yes, I want to learn hacking, perhaps a lot of people want to learn, but many Daniel said, this has a foundation, towering high-rise, I did a little bit of cryptanalysis, plus some places have small paranoia, try to translate the book. As a Test 8 times before CET6 engineers, in fact, really can not ask too high, the content of the deviation and translation of the C

As we all know, to be a WD (Web Designer), we first have to wait for several browsers: Ie6,ie7,firefox. The General page, all only requires the normal work under the Ie6,ie7,firefox the line. But in fact, the browser far more than these, Firefox is divided into 3 major versions of Firefox 1.5,firefox 2,firefox, Ie7,ie6 also have several series, in addition to these two mainstream manufacturers of products, there are opera, Konqueror,netscape,chrome and other series.These browsers, each with a s

The following articles mainly describe the basic idea of Oracle Web Hacking. If you are a beginner in the basic idea of Oracle Web Hacking, you can use the following articles to better understand the basic idea of Oracle Web Hacking. The following is a detailed description of the article. The following describes how to determine the target, and how to determine t

But in fact, there are far more than these browsers. Firefox is divided into Firefox 1.5, Firefox 2, Firefox 3, and IE7 and IE6, in addition to the products of these two mainstream manufacturers, there are also a series of products such as opera, Konqueror, Netscape, and chrome. These browsers have their own set. They often run normally here, but they do not. As a result, the WD split the East Side to fill the West, and finally they could work normally in several browsers. As a result, the p

We once had infinite fantasies and fears about the hacker world, but with the rise of technology and the advancement of the security field, hacking technology has become increasingly common. We once had infinite fantasies and fears about the hacker world, but with the rise of technology and advances in the security field, hacking technology has become more and more common. In fact, many

Unauthorized access defects in Redis can easily lead to system hacking The Sebug website publishes detailed vulnerability information about unauthorized access defects in Redis. Unauthorized Access defects in Redis can easily lead to system hacking. For details, see the following:Vulnerability Overview By default, Redis is bound to 0.0.0.0: 6379, which exposes the Redis service to the public network. If aut

Hacking Team attack code analysis Part 1: Flash 0day Recently, Hacking Team, a hacker company dedicated to network listening through attack techniques, was hacked and leaked GB of data containing the company's emails, documents, and attack code. 360 the Vulcan Team immediately obtained the relevant information and analyzed the attack code. We found that at least two remote code execution vulnerabilities for

Hacking Team's principle and Function Analysis of Mac malware Last week, security personnel Patrick Wardle published an article about HackingTeam's new backdoor and virus implants. It also indicates that the Hacking Team becomes active again, bringing new malware. To understand the principles and functions of the malware, some security personnel have made an in-depth analysis. The malware is named Backdoor.

A few days ago, I accidentally visited rootkit and saw an article about wow hacking, which talked about World of Warcraft hacks development and some anti-Warden technologies, reminding me of my Diablo II years. Since I started hack dialbo II a few years ago, I have done a lot of crazy things in retrospect (for example, I used C to completely restore a program from binary ), he has also accumulated a wealth of experience in the hacks production of Diab

If you are attacked by hackers, you will want to find out where the people are attacking themselves, so that we can be targeted for the prevention of hackers work. So how can this be done? This requires us to track hackers, and the hacker's "Dig" out, which has a lot of doorways, to achieve a certain degree of difficulty. This chapter introduces the common user's anti-black requirements from the discovery of hackers to trace the hacker's various methods, the purpose is to let readers after readi

Hacking Team RCS implant installer analysis (Apple's encrypted binary) Recently, security personnel issued a message saying that Apple's encrypted binary library is used in Hacking Team's RCS implant Installer: At last year's Black Hat conference, security personnel Patrick Wardle gave a speech titled "Writing Bad @ $ Malware for OS x", which provided some suggestions for improving OS X Malware, here, we

With Ecshop personal Independent mall gradually rising, many friends may find in the use of Ecshop will appear in the use of some problems, such as the home page garbled phenomenon and the first page appears hacking attempt problem, because the Ecshop home garbled phenomenon in the previous posting mentioned. So today we talk about the problem of hacking attempt. (1) The reasons for the occurrence

Hacking Strings and redishacking for Redis code readingHacking Strings The implementation of Redis strings is contained in sds. c (sds stands for Simple Dynamic Strings ).The C structureSdshdrDeclared inSds. hRepresents a Redis string: struct sdshdr { long len; long free; char buf[];}; TheBufCharacter array stores the actual string.TheLenField stores the lengthBuf. This makes obtaining the length of a Redis string an O (1) operation.TheFreeFi

Master showdown-story about hacking of blog serversEvery hero needs to confront the wall on the road to growth. either you succeed, stand on the top of the world, and gain top-level knowledge; or be beaten down by it to become one of all beings, and then get used to it.I am no exception.Not long ago, I had just built my own "ladder" on my server. This is the story from "ladder.The opening night is deep, and I am still sitting on the computer, thinking