Securitytube Metasploit Framework Expert Part 1 (Exploitation Basics)
By Vivek-Ramachandran over at SecurityTube.net
Description: Welcome to Part 1 of the SecurityTube Metasploit Framework Expert (SMFE) course material videos. You can sign up for the course here: http://www.securitytube.net/smfe
In this video, we will look at the basics of vulnerability, how to use a raw one using the exploit source code and identify the problems with this approach. This will then lead to the need for a tool like Metasploit.
Metasploit Tutorial – Simple Icecast Exploit
Description: This module exploits a buffer overflow in the header parsing of icecast, discovered by Luigi Auriemma. Sending 32 HTTP headers will cause a write one past the end of a pointer array. On win32 this happens to overwrite the saved instruction pointer, and on linux (depending on compiler, etc) this seems to generally overwrite nothing crucial (read not exploitable). !! This exploit uses ExitThread(), this will leave icecast thinking the thread is still in use, and the thread counter won’t be decremented. This means for each time your payload exits, the counter will be left incremented, and eventually the threadpool limit will be maxed. So you can multihit, but only till you fill the threadpool.
Credits : http://www.metasploit.com/modules/exploit/windows/http/icecast_header
This video is simple demo of Icecast Exploit using metasploit. module used is exploit/windows/http/icecast_header.
Source : OnliveGamer from Youtube
Cyber Espionage: The Chinese Threat (Full Episode) CNBC
It’s what experts at the highest levels of government say is the biggest threat to America’s economic security. Cyber spies hacking into U.S. corporations’ computer networks are stealing valuable trade secrets, intellectual property data and confidential business strategies. The biggest aggressor? China. This new wave of espionage amounts to the largest transfer of wealth ever seen, experts say, draining America of its competitive advantage and its economic edge. Unless corporate America wakes up to the cyber espionage threat from China and builds an adequate defense strategy, experts say it may be too late.
Securing the Cloud eConference!
Join SC Magazine as we present our 2nd annual eConference cloud security.
With expert speakers and opportunities to earn CPE credits, there is more than one reason to attend this FREE event.
WHEN: July 24, 2012
TIME: 11:00 a.m. ET
WHERE: Your computer
COST: Free
Visit the link below to register for this FREE virtual event:
http://sc.haymarketcomm.net/r/
Apple and Google are ramping up their server farms to prepare for massive increases in the use of cloud platforms. Road warriors and consumers the world over are already accessing music, film and data via cloud implementations, like iTunes and Google Docs, and reliance on these systems will only increase. While this burgeoning technology enables the quick sharing of information with one another more quickly and conveniently, it also introduces new vectors of attack for miscreants trawling for vulnerabilities, ready to sneak in through any access point left unguarded. What can executives do to better plan and implement security best practices in the cloud? We offer tactics and tools to safeguard cloud implementations.
PLATINUM SPONSORS:
PingIdentity
HP Enterprise Security
BlueCoat
Authentify
GeoTrust
FEATURED EXHIBITORS:
Accellion
Bitdefender
SC WORLD CONGRESS 24/7 EXHIBITORS:
Damballa
LogRhythm
Secunia
Solutionary
Sophos
Visit the link below to register for this FREE virtual event:
http://sc.haymarketcomm.net/r/
For more event information, please email mailto:anthony.curry@
For sponsorship opportunities, please email mailto:mike.alessi@
*SC Magazine is a designated (ISC)2 CPE provider. CPE credits only will be issued to live attendees with (ISC)2 credentials.
‘Internet doomsday’ impact minimal, service providers say
Interesting piece by Suzanne Choney from MSNBC’s Technolog:
Hours after “Internet doomsday” kicked in, major service providers say almost all customers have avoided the shut-off of their Internet service, although there are some who will not be able to read this story online, unless it’s on their smartphones.
“Less than 1 percent of Cox customers are infected with the virus,” Todd C. Smith, Cox Communications director of media relations told msnbc.com.
“Since midnight last night, when the FBI (via the Internet Services Coalition) disconnected the servers associated with this botnet, we’ve only received a miniscule number of calls, but our customer care and security assurance teams are standing by and are ready to help,” Charlie Douglas, Comcast senior director of corporate communications, told msnbc.com.
Read more here
Cyber Espionage: The Chinese Threat
It’s what experts at the highest levels of government say is the biggest threat to America’s economic security. Cyber spies hacking into U.S. corporations’ computer networks are stealing valuable trade secrets, intellectual property data and confidential business strategies. The biggest aggressor? China. This new wave of espionage amounts to the largest transfer of wealth ever seen, experts say, draining America of its competitive advantage and its economic edge. Unless corporate America wakes up to the cyber espionage threat from China and builds an adequate defense strategy, experts say it may be too late. Join CNBC’s David Faber, July 9th at | 9p ET, for the premiere of Cyber Espionage: The Chinese Threat.
Join the conversation on twitter (#CyberEspionage)
