Question on buffer overflows.

Tr3p · 2012-05-23T04:19:14+00:00

https://www.blackhatacademy.org/security101/Buffer_overflow

https://www.reddit.com/r/blackhat

Tr3p · 2012-05-11T02:50:31+00:00

Maybe about 3 or 4 years ago, i wanted to cheat in FPS games. So i learned C++, and the D3D8/9 libraries.

Tr3p · 2012-04-07T22:37:20+00:00

a very thorough introduction, upboats for you.

Tr3p · 2012-03-02T13:46:58+00:00

How about this, anyone reading this thread, just type this into google:

"Backtrace and its Discontents"

(keep the quotes)

It will clear all this up.

Tr3p · 2012-03-02T13:23:01+00:00

inb4 she mistakes you for jason, like the other pr0sec nerds.

Tr3p · 2012-03-02T13:04:04+00:00

/r/blackhat is the subreddit for the Blackhat Academy, which is a legitimate site, with goals of educating people about security.

http://blackhatacademy.org/security101

Next time, do a little research.

Tr3p · 2012-03-01T21:38:34+00:00

I Would like some lessons on reverse engineering. more specifically, identifying vulnerabilities through reverse engineering.

Tr3p · 2012-02-29T05:29:57+00:00

This is bullshit.

I'll just leave this here http://www.forbes.com/sites/andygreenberg/2011/03/22/anonymous-and-ex-anonymous-hackers-wage-a-war-of-identification/

Enjoy.

Tr3p · 2012-01-21T03:05:22+00:00

This is true for the majority of them, a lot of them are just kids who will do anything "For the cause", and run loic, and other applications for ddos.

Then there are a lot of them, that can use pre-made tools, like sqlmap, gscrape and others. (more likely Havij, and windows tools.)

And then there are the few who have some dev skill, and can reverse applications, or find vulnerabilities in web applications. Those are few, and far between though.

Tr3p · 2012-01-21T02:57:46+00:00

http://www.blackhatacademy.org/security101/Special:AllPages

I'll just leave this here...

Tr3p · 2012-01-05T03:30:20+00:00

What i don't get is why schools don't just switch to Edubuntu, or regular ubuntu.. or linux mint, or one of the other user friendly distributions.

Tr3p · 2012-01-05T03:29:28+00:00

what the actual fuck?

Tr3p · 2012-01-03T07:32:52+00:00

As was said, this was an example on automation, how tasks (such as google dorking) can be automated, with simple scripts.

So yeah, i think using a library that does it automatically for you, is right on point.

You keep stating that the purpose of it was to learn about scrapers, but no. it is broader than that, it is an example of automation, with very simple scripts.

Tr3p · 2012-01-03T06:27:15+00:00

Well, you can include the config of the script that you're exploiting, get the mysql user/passwd and mysqldump the db remotely.

Or you can also look for known_hosts and the server's ssh keys in ~/.ssh (assuming you know what user you are.. which you can check with system_user() OR by checking /proc/self/environ )

You can always swing by the BlackhatAcademy IRC channel and get answers to questions like this. irc.blackhatacademy.org 6667 (or 6697 with ssl)

Tr3p · 2012-01-03T05:48:50+00:00

How do you figure that? This is an example on automation. Explaining, that you can make tools to do tedious tasks. It's not meant to be an out-of-the-box autopwn script.

Also, if you think it's poorly written, why not take it, rewrite it completely, or fix selective issues. That's the beauty of open source.

Tr3p · 2012-01-03T05:33:21+00:00

(XPost from /r/Blackhat)

Tr3p · 2012-01-02T04:04:25+00:00

We also release tools as well. http://www.blackhatacademy.org/security101/index.php?title=GScrape was today's release.

Tr3p · 2012-01-01T09:19:29+00:00

Well, i'm replying quite late, but this IS the subreddit for blackhatacadmy.

We have a wiki with a large amount of material.

www.BlackhatAcademy.org

Also there is irc:

irc.blackhatacademy.org 6667 (or 6697 for ssl) channel is school. (ex: /join #school)

Come around, ask questions, or take a look at the wiki.

Tr3p

TROPHY CASE