SLAE Assignment #2 | TCP Reverse_Shell
Welcome back to my second post for the SLAE certification. Today we are going to build a reverse_shell shellcode and again you can find the files here. This task is very similar to the first one, so i dont have to look up new/more information. Lets switch some syscalls and registers! The code for socket_setup, […]
SLAE Assignment #1 | TCP Bind_Shell
After gaining my OSCP in June I decided to go deeper into exploitDev and shellcoding. And here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github account. Building a bind_shell shellcode is the first task. In an exercise of the course we […]
Mini basic protection for home
Every day, millions of people become victims of cybercrime. These are usually not targeted by professional hackers, but fall victim to large-scale attacks by chance. How does something like this happen? The attack vectors are versatile: Phishing e-mails Modified files Drive-by downloads Bad passwords Physical access Removable media (e.g. BadUSB) etc. Attackers permanently scan the […]
Offensive Security Certified Professional Experience / OSCP Review
Today I would like to share my experience with OSCP from the guys at Offensive Security. Why OSCP? There are now so many certifications in the field of information security that it is difficult to choose one. For me, criteria are the deciding factor in certifications: Learn new Apply knowledge (i.e. no multiple choice tests) […]
UK – German Cyber-Security Forum
UK – German Cyber-Security Forum On 26.07.2017, the second Cyber-Security Forum of the British Consulate and the Munich Security Network was held at the Hilton Park Hotel. Here, the CISOs of well-known German companies such as Siemens, Audi and MAN gave various expert presentations. Topics such as Industry 4.0 and AI were presented in a […]
Detect phishing emails
Almost every day, users become victims of so-called phishing emails. Therefore, in this short post, I would like to point out the details that can be paid attention to in order to identify malicious emails. Of course, this is not a protection against spear phishing emails as used by professional hackers or penetration testers. I […]
Live Hack: GO Business
“Who owns my data?” On 29.06.2017, a series of lectures on the above topic was held at the entrepreneurial network GO Business – Geschäftskontakte Oberland in Bad Tölz. I was allowed to perform a live hack, which showed the audience how easy it is to access your data or to take over entire systems. […]
Deceptive security: antivirus and firewall
We are safe because we have a virus scanner and a firewall! This statement is often the first to fall and should therefore be finally put right 😉 #1 Firewall A firewall prevents connections to unwanted services (actually ports, but we’ll get to that in a moment). This is done by blocking/closing ports which are […]
30 minutes to a secure WordPress blog
WordPress is still the tool of choice, especially for newbies, to quickly create a respectable website. All nice KlickiBunti, so without expertise 😉 Unfortunately, #InfoSec almost always falls by the wayside and the “admins” wonder about the new Russian language packs and additional AdminAccounts. Securing a WordPress website is not rocket science, so in the […]
How to remember passwords?
The best security measures are useless if weak credentials are chosen. This raises two essential questions, which I would like to explain below. What is a bad password, anyway? How can I create and remember strong passwords? There are two main ways of attack to guess into credentials. BruteForce All combinations are tried through. Depending […]
