content top

Memory Corruption – null Security Meet

Memory Corruption – null Security Meet

Introduction   It’s was my pleasure to talk about “Memory Corruption“. The event was null Pune which held @ThoughtWorks.   Topics and Schedules   10:00 AM – 10:15 AM: Introduction by Murtuja Bharmal. 10:15 AM – 10:45 AM: Security News Bytes by Imdadullah Mohammed. 10:45 AM – 11:45 AM: Android Fuzzing by Prasanna Kanagasabai. 11:45 AM – 12:00 PM: Tea and Coffee Break. 12:00 PM –...

Read More

Heap Spraying – Active X Controls Under Attack

Heap Spraying – Active X Controls Under Attack

Introduction   An ActiveX control is essentially a simple OLE object that supports the IUnknown interface. It was introduced in 1996 by Microsoft as a development of its Component Object Model (COM) and Object Linking and Embedding (OLE) technologies and is commonly used in its Windows Operating System.   ActiveX controls are highly portable COM objects, used extensively throughout Microsoft Windows platforms and, especially, in...

Read More

Shellcode Of Death – null Security Meet

Shellcode Of Death – null Security Meet

Introduction   It’s was my pleasure to talk about “Shellcode Of Death” a.k.a “Wicked Sunny“. The event was null Pune which held @SICSR.   Topics and Schedules   04:00 PM – 04:10 PM: Introduction by Null + G4H team 04:10 PM – 05:15 PM : Shell Code of Death by Ashfaq Ansari.   I was giving the talk on “Shellcode Of Death” a.k.a “Wicked...

Read More

Shellcode Of Death

Shellcode Of Death

Introduction   Recently, I had been working on a shellcode project that we named as “Shellcode Of Death“. “Shellcode of Death” is designed to run on Windows x86 platforms like Windows XP/Vista/7/8/Server 2003/2008.   What this shellcode does?     Well, this shellcode has been designed to format all the available drive on Windows. Weird? Huh!!! Yes, I know you may be thinking this is weird and why...

Read More

Damn Vulnerable Web App – Local File Inclusion (LFI)

Damn Vulnerable Web App – Local File Inclusion (LFI)

Introduction   In the first part of Damn Vulnerable Web App (DVWA) series, we have seen how we can install Damn Vulnerable Web Application (DVWA) on BackTrack 5 R1.   If you have not read the first part, here is the link: http://hacksys.vfreaks.com/pen-testing/damn-vulnerable-web-app-sql-injection.html   Now, we will test another attack vector known as Local File Inclusion (LFI).   Local File Inclusion (LFI) is a...

Read More

Art Of Exploit Writing – null Security Meet

Art Of Exploit Writing – null Security Meet

Introduction   It’s was my pleasure to be with fantastic security minds of Bangalore. The event was null Bangalore which held @ThoughtWorks.   Topics and Schedules   09:30 – 10:00: Web App Basics – Insecure Direct Object Reference – Himanshu Das 10:00 – 10:15: Introductions 10:15 – 10:35: Newsbytes – Apurva 10:35 – 11:05: Vulnerability Disclosure – Nikhil Kulkarni 11:05...

Read More

Penetration Testing Report – Web Application

Penetration Testing Report – Web Application

Introduction   Penetration Testing is a critical security testing of a network infrastructure, application, web application. Penetration testing is not going to be worth anything if there are no reports to detail what has been done and what needs to be fixed or corrected.   Penetration Test report lay down the base foundation that determines how good or bad a network, web applications and Internet security performs.   But how...

Read More

Protecting Innocent MySQL from SQL Injection

Protecting Innocent MySQL from SQL Injection

Introduction   This is a brief guide on how to protect your innocent MySQL database from SQL injection attacks.   What is SQL Injection?   As the name suggests, SQL Injection occurs when the user injects SQL statements into your application.   How does this happen?   Say we have a simple login form that takes a username and password, and validates against the database. If the username and password is validated, the...

Read More

Reverse Shell v1.0 PHP – Authentication Feature

Reverse Shell v1.0 PHP – Authentication Feature

Introduction   This tool is designed for pentest situation where you have upload access to a webserver that is running PHP. Upload this script to somewhere in the web root then run it by accessing the appropriate URL in your browser. The script will open an outbound TCP connection from the webserver to a host and port defined in the script. Bound to this TCP connection will be a shell.   This will be a proper interactive shell in...

Read More

Damn Vulnerable Web App – SQL Injection

Damn Vulnerable Web App – SQL Injection

Introduction Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable and can be exploited easily.Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a lab environment. Warning! Damn Vulnerable Web App...

Read More

Egg Hunter – Twist in Buffer Overflow – BisonWare FTP Server v3.5

Egg Hunter – Twist in Buffer Overflow – BisonWare FTP Server v3.5

INTRODUCTION It’s time for breakfast and I prefer bread with omelet. Eggs are a fantastic source of energy for humans.:-) “Eggs” also plays an important role when it comes to complex exploit development. As we know, in stack-based buffer overflow, the memory is more or less static. That is, we have enough memory to insert our shellcode. When the “Egg hunter” shellcode is executed, it searches for the unique “tag” that was...

Read More

FreeFloat FTP Server – Buffer Overflow

FreeFloat FTP Server – Buffer Overflow

INTRODUCTION In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory. This is a special case of violation of memory safety. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior,...

Read More

MSSE Uninstaller v1.1

MSSE Uninstaller v1.1

Introduction   Hello All, Welcome to HackSys Team. Having difficulty in uninstalling Microsoft Security Essentials? Now, we have a solution. The MSSE Uninstaller v1.1 has been released. This script completely uninstalls Microsoft Security Essentials from your Computer.     We would like to thank our sponsor vFreaks Technical Support for supporting us to develop this script. Prototype of MSSE Uninstaller v1.1: 1. Stops MSSE...

Read More

Windows Update Troubleshooter v1.3

Windows Update Troubleshooter v1.3

Introduction   Hello All, Welcome to HackSys Team.  The Windows Update Troubleshooter v1.3 has been released. This version is more user friendly and easy to understand. One more feature has been added to start the download of the Microsoft Windows Update Fixit and System Update Readiness Tool (Checksur) automatically.   We would like to thank Tim for his request. Thank you, Tim for your interest.     Download Link: ...

Read More

VMware Video Series – Part 2

VMware Video Series – Part 2

Introduction           http://www.vimeo.com/23170167       Hello,   In this video, we will install VMware Tools and see simple Netwotking stuff.   Please leave back comments for any feed back.   Regards,   HackSys Team – Panthera     9,967 total views, 2 views today

Read More
content top

HackSys Team – Computer Security Research, Penetration Testing, Ethical Hacking, Windows Technical Support : Welcome !

Authorize

Lost Password

Register

Please contact the administrator.