This article goes over the process of creating an AWS Sandbox account. The primary goal for the sandbox is to allow developers to play around in an AWS account while creating safeguards to ensure they do not create a security hole in the AWS account through a misconfiguration.
This is primarily done using IAM policies and security groups. The design is available as a Terraform module in this GitHub repo.
The Metasploitable virtual machine is an intentionally vulnerable image designed for testing security tools and demonstrating common vulnerabilities. Version 3 of this virtual machine is available in both Ubuntu and Windows forms. They can be set up using Vagrant and are available on GitHub and ship with even more vulnerabilities than Metasploitable 1 and 2. The virtual machines are compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable’s network interfaces are bound to the “private network” configuration in Vagrant (VirtualBox users may need to change this to NAT Network), and the images should never be exposed to a hostile network.
A few weeks ago, I added one of the many scammers trying to phish people on Steam. Usually, I block them after they drop their phishing website link but this particular website was pretty innovative (at least for me) in its attempt.
A stack buffer overflow occurs when a program writes more data to the stack than what is allocated to the buffer. This results in the extra data overwriting possibly important data in stack and causing the program to crash or to execute arbitrary code by possibly overwriting the instruction pointer and hence being able to redirect the execution flow of the program.
I used Evan’s debugger to demonstrate the buffer overflow on Kali Linux. Continue reading →
The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable’s network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network.
As this VM has many vulnerabilities in common with version 1, I will only be covering the newer vulnerabilities on the system. For a comprehensive walkthrough on version 1 of the VM you can check out my previous blog post here. Continue reading →
Penetration Testing with Kali Linux (PWK) is Offensive Security’s starter course for newer folk in the field of computer security. Although it’s advertised as an entry-level course, it’s recommended to be acquainted with Linux, TCP/IP, Networking and be familiar with at least one scripting language (Python/Ruby) and one high level programming language (C/C++).
The Offensive Security Certified Professional certification is an optional certification provided upon clearing the OSCP challenge available when you register for the PWK course.
You can check out more information about the course here. Continue reading →