Old school stuff … but still very handy ;-)
This a collection of old tutorials written in my early hackin’ days. Some are still very useful from a testing perspective (even I do still use them :-). I will update this blog when I get the time to see if these techniques are still valid in container environments. Stay tuned !
This presentation, DEFEATING THE NETWORK SECURITY INFRASTRUCTURE.pdf, was made after some brainstorming with some friends. The purpose of the discussion is to debate how internal enterprise resources might be (in)adversely exposed to the internet by an insider, using common protocols, tools and techniques such as SSH, HTTP(s) and proxying.
Something I wrote a while ago about spoofing, transparent proxying and wireless networking. Use with care and only for educational purposes. The paper is called Trick the wireless user.
I recently had the opportunity to speak at an ISSA event in Belgium about Web Application Firewall technology, also known as WAF. The presentation can be downloaded here or at the ISSA Belgium website.
I had the pleasure to talk at the Belgium OWASP chapter. Here is a copy of the introduction presentation on WEBGOAT and the PANTERA Web Assessment Studio Project.
It’s been a while ago, but I found the courage to write a new paper. I changed focus a little bit and started exploring web services and related stuff. Here is a very practical tutorial using OWASP’s WebGoat and SOAPUI.
A tutorial on Metasploit.
A tutorial on scanning a VPN implementation using ikescan.
You can find a tutorial on sbd (Shadowinteger’s Backdoor tutorial).
You can find a tutorial on how to setup smartcard based authentication on NOKIA IPSO appliances.
A practical tutorial on how to setup and test a small IPv6 network.
A new explaining on how to scan for vulnerabilities on SSL based services.
A new tutorial showing how to hide netcat on NTFS file systems using ADS. Download the paper here.
This is a tutorial on hping (version 2), describing basic and advanced techniques that can be of great benefit in PEN tests and other security related work. Download the tutorial here.