|
Winner Announcement and Full Tutorial
Thanks to all who participated in Daemon: A Contest. Before we get to the winners as well as the tutorial on how to solve the challenge, EH-Net would like to once again thank Daemon author, Daniel Suarez, and all those involved in making this contest happen. It’s amazing how a few crazy ideas can all come together into something fun and educational while at the same time spreading the word of this truly unique work of fiction.
What started as a little game to hide a secret message turned into another classic teaching vehicle for EH-Net readers. The image is a twist on the usual steganographic content. Øyvind Østlund and Adam Wardon crafted some C# source code to hide data in an image of the author which is also invisible to the Daemon’s bots. What’s in the message still is up to you to find, but three talented people found the message and took the action it recommended. Because of that, EH-Net members jason, blackazarro and ozpj have won signed, pre-release copies of Daemon, Hard Cover Edition. And now, with the coding expertise of regular EH-Net contributor, Ryan Linn, we will show you how it can be done using a couple tutorial files and all free tools.
|
|
Read more...
|
|
Win Skoudis' Network Pen Testing via SANS @Home!
 Once again, SANS is our Free Monthly Giveaway sponsor for the end of the year blowout. This one is awesome and worth over $3500. As you have probably seen in numerous conversations on this site, not only is Ed Skoudis' new course on Network Pen Testing and Ethical Hacking (SANS 560) getting rave reviews, but also it is now being offered in the @Home version. The @Home format is not just recorded webcasts and handouts... You actually get live virtual instruction from Ed Skoudis and John Strand. See below for more details.
This is great for a couple reasons. First, and quite obviously, many are feeling the pinch with the economy, and we all know training and travel are the first items to be cut from the budget. So if you're the lucky winner, we'll provide the training, and with @Home, there is no travel. Problem solved! Secondly, many have said having the extra time that the @Home format affords, allows them a greater ability to absorb the contents of Ed's brain. Take it from me, one week will never be enough. For an in-depth look at this course, see the review entitled "Ed Skoudis and the Pen Testing Factory." Thanks to SANS for playing Santa with an incredibly timely gift.
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
Read more...
|
|
|
 Happy holidays, challenge fans! In the spirit of the season, I’ve written a Santa Claus challenge for you, titled “Santa Claus is Hacking to Town.” This one is adapted from the classic 1970 Rankin & Bass television production, which used stop-motion animation and nifty puppets to tell the story of Kris Kringle. As a child, this was one of my favorite Christmas TV specials, and I’m thrilled to recast it as an ethical hacking challenge. You don’t need to be familiar with the original TV show to participate in the challenge, of course. Analyze the clues, devise your strategy, and carefully answer the questions to win a prize. Answers are due by December 31, 2008. We’ll choose three winners (best technical answer, most creative answer that is technically correct, and a random draw winner) to get a copy of my book, Counter Hack Reloaded, the ultimate stocking stuffer. Even if you can’t answer all the questions, send in your best guess to qualify for that random draw slot.
Even though you don’t have to be familiar with the original TV show to answer the challenge questions, for those of you who haven’t seen the original Santa Claus is Coming to Town TV show or want to relive that childhood wonder of watching Kris Kringle grow up into Santa, you can watch its five parts on YouTube here:
"Santa Claus is Coming to Town" Part 1 - Part 2 - Part 3 - Part 4 - Part 5
And now… on with the challenge!
--Ed Skoudis
Co-Founder, InGuardians, SANS Fellow, EthicalHacker.net Challenge Master, Author of Counter Hack Reloaded, Santa Elf Trainee
|
|
Read more...
|
|
|
Review by Ryan Linn, CISSP, MCSE, GPEN
|
Hacking: The Art of Exploitation 2nd Edition (HTAoE) by Jon Erickson is frequently considered a "must read" for those wanting to understand exploits and exploit development. So when I wanted to understand more about the exploit development side of security this was the first book I picked up.
When talking about a book that involves programming, it is often beneficial to know where the reviewer is coming from. I do Windows, Unix, and network security, and I am pretty comfortable with programming although by no means a professional programmer. I have worked some with assembly programming, albeit in the days of Windows for Workgroups, and I really wish that I'd paid better attention in that class in college. Although I do have some experience in these areas, I'm going to point out what areas may cause individuals who haven't been exposed to much programming challenges, and also what areas should be understandable by everyone.
|
Free Sample Chapter Available Below
"0x300 EXPLOITATION"
|
|
|
Read more...
|
|
We Have Winners... x4!
Wireless continues to be a hot topic, and the CWNA® (Certified Wireless Network Administrator) certification is a foundation level wireless LAN certification for the CWNP Program. Your CWNA certification will get you started in your wireless career by ensuring you have the skills to successfully administer enterprise-class wireless LANs. This month we have procured 4 prizes for the following 4 top contributors to EH-Net... And the winners are: dalepearson, geekyone, Jason & RoleReversal. Congrats and keep up the good work.
As a reminder, each CWNP Backpack Kit includes:
-
CWNP Branded Backpack
-
CWNA Self Study Guide
-
CWNA Practice Test
-
CWNA Exam Voucher
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
 Universal Plug-N-Play (UPnP) is a protocol that allows various network devices to auto-configure themselves. One of the most common uses of this protocol is to allow devices or programs to open up ports on your home router in order to communicate properly with the outside world (Xbox, for example, does this). The UPnP protocol is built on top of pre-existing protocols and specifications, most notably, UDP, SSDP, SOAP and XML.
This article will address some of the security issues related to UPNP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPNP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPNP as well, and they may be vulnerable to similar attacks.
|
|
Read more...
|
|
|
Review by Ryan Linn, CISSP, MCSE, GPEN
|
After attending DEFCON in August and seeing the overwhelming interest in this book, I was eager to dive into The IDA Pro Book by Chris Eagle. Chris Eagle's team, School of Root, won the “Capture the Flag” event at DEFCON this year and Chris gave a presentation on CollabREate, a tool that integrates with IDA Pro to allow collaboration in reverse engineering (RE). All of that together - with the fact that the book sold out – screamed that this book should quickly make it to the top of my list.
Once I had the book in-hand, the cover alone offered some insight into what was to come. The quote on the front of the book is an endorsement from the creator of IDA Pro. The image on the front is a throwback to the Operation game by Milton Bradley, which reminds me of how I felt when I got started doing reverse engineering. I am not a professional Reverse Engineer or Malware Analyst, however, my coding background and my current position as a security professional at SAS affords the opportunity to dabble. This puts me in the perfect middle ground of being able to understand the material as well as assess its ability to teach.
|
Free Sample Chapter Available Below
"Chapter 12: Library Recognition Using FLIRT Signatures"
|
|
|
Read more...
|
|
|
At long last, we’ve completed final judging on the It Happened One Friday challenge. I apologize for the delay, but things have been very hectic here. We received a huge number of really top-notch entries in this challenge, and reading through every one of them and whittling them down to our final winners was fun but incredibly time-consuming. However, I’m really happy with the final results – the technical and creative winners did some awesome work, as did many others worthy of an honorable mention.
Given the unusual nature of this challenge, before I announce the winners, I’d like to provide a little context to describe why Matt Carpenter and I wrote it the way we did. If you will kindly indulge my explanation for just a bit, I’ll describe for you a little bit about the process of writing these challenges, and how this one in particular came to be. Alternatively, if you are impatient, you can skip these author’s notes and jump to the announcement of the winners by clicking here.
--Ed Skoudis, InGuardians
Author, Counter Hack Reloaded
|
|
Read more...
|
|
 Ruh-Roh, challenge fans...
Ed Skoudis here to introduce a new infosec- themed challenge for you to solve. In this one, challenge writer- extraordinaire Kevin Bong has brewed up a real doozy for you all based on a Scooby Doo theme. Grab a Scooby-Snack, hop in the Mystery Machine, and help the gang solve one of their toughest capers yet. Along the way, you'll contend with some fascinating forensics puzzles and develop your skills. Answers are due back by November 15, 2008. As always, we'll award the fine prize of a book to the best technical answer, the most creative technical answer that is also technically correct, and to a random-draw winner.
Please note that I'll be announcing the winner of our previous challenge, It Happened One Friday, in the next few days, so please stay tuned!
If you can’t answer this challenge 100%, still send something in to qualify as a random winner. This month’s prize is my book, Counter Hack Reloaded, which I authored with Tom Liston. Each winner gets a signed copy.
Thank you,
--Ed Skoudis, InGuardians
The Ethicalhacker.net Challenge Guy
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 Next > End >>
| | Results 1 - 13 of 56 |
|
(5) 
Malware : Network Virus Problem
