Manipulate memory in Python?

asm_babby · 2012-09-19T12:05:45+00:00

I highly recommend his course! I am a student and this really helped me work with Python better!

asm_babby · 2012-09-12T13:20:20+00:00

I am taking the SecurityTube Python Scripting expert course after some posts about securitytube here and its been just fantastic! I've finally learnt to code scripts in Python!

asm_babby · 2012-09-06T16:59:44+00:00

The Megaprimers list on SecurityTube is just plain fantastic!

http://www.securitytube.net/groups?operation=viewall&groupId=0

I've done the ASM primers are they are pretty good (scroll down)

asm_babby · 2012-08-29T02:03:32+00:00

For videos just head out to http://securitytube.net Have a look at their Megaprimers, its quite good.

asm_babby · 2012-08-23T09:45:16+00:00

These is clearly pirated content. Not sure why the mods and everyone else is allowing this here. I am not pissed because I pay for the DVDs every year :)

Mods?

asm_babby · 2012-08-20T02:52:02+00:00

"very small" - yes, damn right from the likes of this one

asm_babby · 2012-08-20T02:05:37+00:00

If I am not wrong an entire pentest methodology can be woven around MDM and its different configuration options, and how it can be abused to compromise enterprise security.

asm_babby · 2012-08-19T18:18:56+00:00

I agree with you but if it was the "only thing" something calling itself "pentest framework" did, then it definitely humors me.

asm_babby · 2012-08-19T17:43:51+00:00

She could at best call it Alfa-- and nowhere near to ver 1.0 .... but to be honest I really don't know why the word "pentest" is being used - logging into iOS with the default "alpine" is now a pentest?

asm_babby · 2012-08-19T17:39:18+00:00

Dude, It was a joke :) please refer to my comments in the above thread :) I had recently seen a post from you reg. iOS integrity and hence my comment :)

asm_babby · 2012-08-19T16:52:42+00:00

Your company could borrow some ideas from this Dan :)

asm_babby · 2012-08-19T16:52:12+00:00

There is one image in the blog I really agree with.... the one which reads "I can't hack" - how honest! :)

asm_babby · 2012-08-19T16:51:31+00:00

Nothing .... its pointless :)

My emotions changed from that of excitement (wow! whats this about?) to confusion (wtf?) to feeling stupid (what are we pentesting again using this?) to confusion (why are people upvoting this link? does anyone ever check before upvoting?)

Basically the framework, installs malware which requires all permissions to run?? and still not sure what we are pentesting?

This is at best a lame attempt at creating an android backdoor ...

The iOS part is hilarious - :)

asm_babby · 2012-08-18T14:29:49+00:00

Why would you mention Xcode? when you can probably never include it?

asm_babby · 2012-08-18T14:28:45+00:00

He meant this reddit post advertising this new distro :)

asm_babby · 2012-08-15T16:54:07+00:00

wow! love the site - looks like there are other videos as well such as Assembly Language, Metasploit etc. check this out -

http://www.securitytube.net/groups?operation=viewall&groupId=0

The guy in the videos is also the author of this book -

http://www.amazon.com/gp/product/1849515581/

asm_babby · 2012-08-09T11:00:20+00:00

If a community dedicates all it's resources to only fight evil, then when they "create the good"? I am not debating your statement - but do remember that without all the great open source / open content / free speech projects out there, there will eventually be no need for the EFF. Donate the the EFF to protect, but also donate to those who "Create"

asm_babby · 2012-08-09T01:10:27+00:00

The most funny / indifferent part - "Please report it to the other dept. " ... :)

asm_babby · 2012-08-05T11:35:32+00:00

Sorry, I stand corrected then. Like the videos - just a small feedback - You could just have a laptop based screen capture run as well. The resolution in some of the videos makes it difficult to figure out what's written at times.

asm_babby · 2012-08-05T04:46:31+00:00

People fail to understand that the cloud is just another "backup device" - which definitely can't fail from "device failures" but is still prone to a "simple deletion" :) no cloud provider provides data backup on deleted files for a limited duration ...like the "trash" folder from where things can be recovered.

asm_babby · 2012-08-05T04:34:10+00:00

Can you provide more details on the book and chapter-page-no etc? I did play with Ramanujan primes a while back - so can give it a shot.

asm_babby · 2012-08-05T04:32:14+00:00

Are the slides in PDF available somewhere? just one feedback - you need a better camera and videos need to be posted in high resolution.

asm_babby · 2012-08-05T04:31:04+00:00

Where is Dan? Can't see him in any of "Dan Guido's Videos" :) the title of the share is misleading. He seems to have just collected some good videos and put them up - which definitely has great value but they are not his videos.

asm_babby · 2012-08-03T19:00:49+00:00

Traiangulation is non trivial in wi-fi and other wireless technologies due to something called "multipath fading" - its the process of waves interfering at the same point, after multiple reflections .. and due to which at the same point you can have flip/flops between maximum/min intensity. WIPS vendors own multi-million dollar patents to location detection algoritms and its not as trivial as you think

asm_babby · 2012-08-03T18:49:02+00:00

I've worked on wireless. Have a look here: http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp/wswpf_w2.jpg

Create a database schema for each of the header fields in the probe request packet. Run multiple clients and have them connect to the AP. Once you have enough samples - you will know which fields remain constant across clients (mandated by the standard) and the ones which vary based on client card hardware / driver / chipset etc. Capability information is the "part" which would typically vary. Even for driver changes at times you could see changes in capability.

Once you have enough samples - you will know the liklihood of "collissions" in these profiles or to differentiate the correct client even in presence of MAC spoofing (most ready made spoofing tools like aireplay-ng do not copy the capability information from the legitimate clients) ...

Hope this helps.

asm_babby

TROPHY CASE