If you are interested in learning about ActiveX exploitation, security researcher/consultant/professor Brad Antoniewicz has created FSExploitMe for just that purpose.
You’ll want a copy of Internet Explorer 8 to get the most out of it, but fortunately you can get a VM running IE8 for *free* from Microsoft.
And if you are interested in getting deeper into Linux exploitation, exploit-exercises.com has pre-built VM’s with capture-the-flag style levels and challenges for each level. It also has challenges for beginners to expert and is designed to teach:
[…]about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
iSecPartners has released on GitHub a “cheat-sheet” for auditing high-value applications. It’s well worth a read.
This list is intended to be a list of additional or more technical things to look for when auditing extremely high value applications. The applications may involve operational security for involved actors (such as law enforcement research), extremely valuable transactions (such as a Stock Trading Application), societal issues that could open users to physical harassment (such as a Gay Dating Application), or technologies designed to be used by journalists operating inside repressive countries.
It is an advanced list – meaning entry level issues such as application logic bypasses, common web vulnerabilities such as XSS and SQLi, or lower level vulnerabilities such as memory corruption are explicitly not covered. It is assumed that the reader is aware of these and similar vulnerabilities and is well trained in their search, exploitation, and remediation.
A good example of the type of analysis to strive for can be shown in Jacob Appelbaum’s analysis of UltraSurf:https://media.torproject.org/misc/2012-04-16-ultrasurf-analysis.pdf
From Trail of Bits, they are offering a free online CTF and penetration testing course. Lots of great material from a well respected organization.
Most of those familiar with *nix are familiar with piping data “|” to other programs. At the very least, you probably have piped the result of many commands into grep (ls | grep x).
But did you know you can pipe output into a named pipe in a terminal/shell?
The simplest way to show how named pipes work is with an example. Suppose we’ve created pipe as shown above. In one virtual console1, type:ls -l > pipe1
and in another type:cat < pipe
Voila! The output of the command run on the first console shows up on the second console. Note that the order in which you run the commands doesn’t matter.
If you’re mystified by *nix signals programming, have a look at this short guide.
Signals, to be short, are various notifications sent to a process in order to notify it of various “important” events. By their nature, they interrupt whatever the process is doing at this minute, and force it to handle them immediately. Each signal has an integer number that represents it (1, 2 and so on), as well as a symbolic name that is usually defined in the file /usr/include/signal.h or one of the files included by it directly or indirectly (
INTand so on. Use the command
'kill -l'to see a list of signals supported by your system).
Each signal may have a signal handler, which is a function that gets called when the process receives that signal. The function is called in “asynchronous mode”, meaning that no where in your program you have code that calls this function directly. Instead, when the signal is sent to the process, the operating system stops the execution of the process, and “forces” it to call the signal handler function. When that signal handler function returns, the process continues execution from wherever it happened to be before the signal was received, as if this interruption never occurred.
Veil is a tool used to generate payloads that bypass antivirus solutions.
This is a pretty cool project. Integrating this with Cobalt Strike and/or Metasploit can help demonstrate that anti-virus is nowhere near a panacea. Oh, and you can pop some shells on your next pen-test much more easily :)
Also, veil is in the Kali Linux repos now, so get it installed:
apt-get update apt-get install veil
[PDF] Secure Coding Guide
Secure coding is the practice of writing programs that are resistant to attack by malicious or mischievous people or programs. Secure coding helps protect a user’s data from theft or corruption. In addition, an insecure program can provide access for an attacker to take control of a server or a user’s computer, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users.
Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you should be familiar with the information in this document.