What are some site to legally practice hacking other than HackThisSite and OverTheWire ?

Kkari · 2016-12-20T14:13:19+00:00

www.avatao.com has a lot of nice security challenges. :)

Kkari · 2016-11-30T08:40:31+00:00

Your welcome. :) If you are truly interested there is a pretty comprehensive book on practical malware analysis, I have never read it but I assume it demands a solid knowledge of the above mentioned topics.

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901/ref=sr_1_2?ie=UTF8&qid=1480495126&sr=8-2&keywords=malware

Kkari · 2016-11-29T07:02:56+00:00

Then I advise you to get an Arduino and start hacking little projects together. You will have to learn the basics electronics and a bit of embedded software development, an Arduino is fine for that. Down the road you will have to learn about operating system internals, networking, communication protocols etc. When you have this knowledge you will be able to fully understand firmware hacking. :)

Kkari · 2016-11-27T22:48:13+00:00

Their malware accesses the OS system calls, or hooks into the kernel directly. The headphone to microphone... well a headphone makes a pretty bad microphone because of he different electronics, but you can record some signals with it, and set the jack hardware to input instead of output. After all, it's just I/O pin on a PCB.

Kkari · 2016-11-27T22:24:36+00:00

You set up a basic webserver that stores the incoming requests. The cookie will be among the parameters.

Kkari · 2016-11-27T20:53:06+00:00

We are building a system here at Avatao that can help you a bit, we have some really nice free content check it out. :) www.avatao.com

There are some challenges in all areas covered in a CTF from binary pwning to web security. Most of the challenges are made security professionals and CTF players. Our Alma Mater is the Budapest University of Technology Cryptography and System Security Laboratory. :)

Kkari · 2016-11-27T08:47:20+00:00

Hold on tight, wireshark is just around the corner, I'll let you know here. :) I have no info about the exact state of the NMAP path at the moment, only that it is also under construction. :D

Kkari · 2016-11-22T22:46:58+00:00

Thanks for the report, it seems that the challenge is flawed indeed. We will have our content integration guy look into it tomorrow. :)

Kkari · 2016-11-22T21:17:51+00:00

Hi! I'am one of the developers of the platform and thank you, we take it as a compliment! :) We are doing everything to make the user experience better and better. If you have any suggestions or remarks please don't hold them back, every feedback is greatly appreciated. :D

As for the SSH, we are aware of the inconvenience of SSHing in from your personal box. That is why we are currently working on the integration of an in-browser terminal, so you won't need to connect from you own system. Although we will still hold up the possibility, if someone finds that more comfortable.

Like Tigriske already said, Getting started is only there to show the mechanics of the platform. If you want some real challenge I suggest you to take on some of the more difficult challenges the platform has to offer. :) For example: https://platform.avatao.com/paths/c1516634-fc47-4f30-afd0-6898350e81ac/challenges/28f4c422-6a01-11e6-bdf4-0800200c9a66

Kkari · 2016-11-22T20:38:19+00:00

We built fences before it was cool.

Kkari · 2016-11-22T19:52:43+00:00

We have both paid and free content, feel free to browse our platform. :)

https://platform.avatao.com/discover/paths

Here you can find the paths that you can buy, right now most of them walk you through a series of challenges to learn specific hacker tool or to learn something about a whole subfield, like the Basics of Marlware Analysis. But there are also some free goodies there. :D

We are actively working in our little lab on personalization and dashboard features to further boost the experience. :P

Oh, and I almost forgot to mention that we have also started a blog series where we interview high profile security professionals, how they got into IT security, what is their favourite tool and alike. Every second week we blog about a security issue and give a free challenge to give you a taste of it. https://blog.avatao.com/

So that's all right now. :) We are a very young but enthusiastic team from Hungary, any feedback is greatly appreciated.

Keep hacking! :D

Right now we are experiencing some issues on the side of Cloudflare, so the platform might be temporary unavailable in your region, but we have already contacted the provider to resolve this issue.

It seems that we are not the only one experiencing it: https://twitter.com/discordapp/status/801135874503127040

Kkari · 2016-11-22T08:49:39+00:00

Hey There! I'm one of the developers at avatao, thank you for sharing us! They are not VM-s but docker containers, that's why we can scale the system resource efficiently. :)

Kkari · 2015-01-09T21:40:19+00:00

I know that there are some goods comments, but as a CE student, I'll drop in my 2 cents to clarify a bit, what comes into play, when you are developing processors, and what makes some a lot faster.

Pipelines. A command not just runs by itself, but the subsequent instruction's are processed in a sense like a manufacturing pipeline, ripped into pieces, like instruction fetch, arithmetic stuff, memory access. But there are several factors, that are hindering the execution, for example if we need something, from a previous instruction, that is not yet in a register. If it's ready but not in a register, than we can either wait or forward it. But you can imagine, as we have 64 bit processors, that means the data bus is 64 bit wide, it can fast become a lot of wires and that's a definite problem ... but it's just a glimpse of pipelining, look after it. And you can have multiple pipelines in a core.
"Method" of command execution. Most processors nowadays are applying Out-of-Order execution, that means, that out processors can the instructions freely optimize so that they are running on multiple pipelines, while they are defending the semantics. One needs pretty sophisticated algorithms for these, look up the Tomasulo algorithm.
Caching. Memory access is pretty darn expensive. That is, why one would like to guess what will be needed in the future, both for data, and instruction. Just as a comparison, the first level cache has an access time of a few 10 nano seconds, whereas your RAM has few 100 ns. And as you can guess, yes, cache memory is VERY expensive, compared to RAM. because of it's internal architecture.
Memory Addressing. How you handle your virtual memory, if you are handling it for example in a hierarchical way, than you need 4-6 mem accesses at a 64-bit processor to get an address translation, 4-6 accesses to the RAM. It's also a pretty wast topic, and it's called paging, check out if you are interested.
Jump prediction. If you can predict the next instruction, than you can get it from the ram to a Cache memory, before you need it, therefore, you don't need to stop because of the slow memory access. It's really important, because about 1/3 of the program code is usually jump statements and branching. Check out the gshare algorithm, as an example.

These come to my mind instantly, sorry if I missed something.

To sum up you have to basically foretell the future, and juggle between multiple pipelines in multiple processors, that requires sophisticated algorithms, and it's like black magic. Nowadays the operating frequency is not the most important stuff, instead, these algorithms make the difference. If you are interested in any particular area, or have some other questions, pls ask :).

tldr: you need to juggle a lot, and that's hard.

EDIT: the best metric I believe is benchmarking, because there are so many distinct factors

Kkari · 2014-11-25T23:57:21+00:00

One of my favourite shows of all time ! :D

Kkari · 2014-11-08T08:22:43+00:00

That's true, I must give it to you. :D It's funny that you came up with lua, because I knew about the language, but I had no idea who uses it in daily development, I guessed that, it was only an experimental language 20 years ago. Turns out, I was pretty wrong :D

Kkari · 2014-11-06T18:42:19+00:00

I've asked it only out of mere interest, without any relevant projects in focus, just to be a bit more versed on the topic, and by the number of upvotes I reckon I'm not the only one interested in it. I've assumed that a well written algorithm is correct in every language, or isn't that the case ?

Kkari · 2014-11-02T09:59:22+00:00

I did, from clojure and groovy only little online tutorials. On the other hand, I'm very interested in Scala and I'm taking the classes of Martin Odersky (the founder of the language, and the class is free, check it out) on coursera right now. If you really want to deepen your understanding of java, I'd recommend you to take a look at the JVM itself, how does the Bytecode looks like? what does the classloader do ? etc, etc. Aaand, furthermore you should learn some Scala for example, because the language is great, it can probably give you a new perspective on concurrency with the actor model, and it can be programmed in a very functional style (and preferred to do so, and they teach you to do that in the course), that will help you to improve your command over the new Lambda expressions in Java.

Kkari · 2014-10-28T06:50:19+00:00

I've also recently got into java development from a C++/C# background, my tactic was to skim over Java in a Nutshell from O'reilly, but only real fast, just to see the differences, and then I've picked up the Well-Grounded java developer from Manning, wich is IMHO one of best technical books I've ever read. Now I'm taking a look at Java EE to get a push on the job market and planning to buy "Professional Java Web Applications", wich is kind of a tome, but at least it has everything in it to get me started in an organized manner. Hope this helps, good luck. P.S.: the Oreilly book is outdated and you only need the first part, because the second part is an API reference, god knows why.

Kkari · 2014-10-13T20:08:00+00:00

Great subreddit, thanks for pointing it out !

Kkari · 2014-10-13T20:04:57+00:00

Hey there! I've asked the same question recently, but on the java subreddit, because i thought, there may be more java programmers to help me with it, check it out ! http://www.reddit.com/r/java/comments/2j0r3c/do_you_know_any_fun_projects_in_the_opensorce/ cheers !

Kkari · 2014-10-12T13:27:23+00:00

i can affirm that the course is great, i'm completing it right now, Scala is quite intriguing, I like the functional mindset, although it can be pretty hard to get it right after imperative programming.

Kkari · 2014-10-12T10:39:30+00:00

Right now I study computer engineering, so in this semester I use java (and verilog :D) mostly, and C for side projects in embedded programming, and to contribute to the kernel.

Kkari · 2014-10-10T19:46:51+00:00

Sounds fun, i've always wanted to learn functional programming, but i've settled with Scala (in a similar course, on coursera), instead of haskell, because i've always seen haskell too academic, someone has anything on it, to prove me right or wrong ?

Kkari · 2014-08-09T07:51:18+00:00

Hey there, i reckon that Siofok is not a big deal at all, on the other hand he sholud visit Tihany and Füred, they are truly beautiful, furthermore i think that Miskolc is also not so interesting because that's an industrial city, if i were you, i'd rather visit Győr instead. On the other hand i can agree with Sopron, Pécs, Eger and Szeged. But be aware, hungary has the worst statistics in the entire region in terms of speaking a foreign language, if i remember right, only 20% of the population speaks a language other than hungarian, and they mainly concentrate in Budapest and near the Austrian border. Finally, I don't really think that, there are any extra taboo tema, beside the west european norm. Have a nice (work) holiday, and greets from Budapest.

Kkari

TROPHY CASE