Hey everyone!
I would like to apologize again for having to cancel the meeting this past Tuesday. Unfortunately, a class exam overrode our room reservation. However, you can find the slides to the presentation over lockpicking here. If you ever have any questions regarding the subject, please feel free to let me know either through e-mail or in the comments below.
I'm really looking forward to continuing RaiderSec next semester, and hope to use this summer to publish substantial new and interesting content to the blog. Sometime next week, I will post a list of the different things I'd like to cover next semester, but tentatively my goal is to give more hands on examples, as well as take time to look at unique areas of security. Above all, I want for everyone to enjoy learning about areas of security that interest them. So, if there is a particular subject you would like to see covered next semester, or even a subject that you would like to cover yourself, let me know and we'll make it happen!
I've really enjoyed our meetings, and I hope everyone else has as well. If you're here over the summer and would like to get together to discuss things pertaining to RaiderSec, be sure to let me know! Otherwise, I look forward to seeing everyone next semester!
Have a great summer!
-Jordan
Showing posts with label raidersec. Show all posts
Showing posts with label raidersec. Show all posts
Thursday, May 10, 2012
Thursday, April 19, 2012
RaiderSec Meeting 04/17/2012
Hey everyone!
I just wanted to thank everyone who made it out to the meeting, and I hope you all enjoyed learning about Cross-Site Scripting (XSS) vulnerabilities and their exploitation. You can find the slides from the last meeting here.
As mentioned in the meeting, next Tuesday (April 24, 2012) Lance will be continuing the topic of input validation vulnerabilities in web applications by going in depth about SQL Injection vulnerabilities. The widespread prevalence and impact SQL Injection vulnerabilities can have will make this a very important and interesting topic.
I look forward to seeing everyone at the meeting!
Wednesday, April 11, 2012
RaiderSec Meeting 04/10/2012
Hey everyone!
I just want to thank everyone who made it out to the meeting yesterday! I hope everyone enjoyed learning about how social engineering attacks work, as well as why the human element of security is (and very likely always will be) the weakest link in a company's defenses.
As I mentioned in the meeting, next week we will begin covering web application vulnerabilities. Until then, feel free to read up on some of the vulnerabilities listed in OWASP's Top 10 Project Report to get an idea of the vulnerabilities we will be discussing in detail.
Also, you can find the slides for the social engineering presentation here. I look forward to seeing everyone at the next meeting!
-Jordan
I just want to thank everyone who made it out to the meeting yesterday! I hope everyone enjoyed learning about how social engineering attacks work, as well as why the human element of security is (and very likely always will be) the weakest link in a company's defenses.
As I mentioned in the meeting, next week we will begin covering web application vulnerabilities. Until then, feel free to read up on some of the vulnerabilities listed in OWASP's Top 10 Project Report to get an idea of the vulnerabilities we will be discussing in detail.
Also, you can find the slides for the social engineering presentation here. I look forward to seeing everyone at the next meeting!
-Jordan
Sunday, March 25, 2012
RaiderSec Meeting 03/20/2012
Hey everyone!
I want to thank everyone who came to the meeting on Tuesday. I hope everyone enjoyed the introduction to memory corruption (specifically buffer overflow vulnerabilities), and next meeting we will cover how a buffer overflow vulnerability can be leveraged to by an attacker to execute code of his/her choice (our example being to create a shell on the system). As a reminder, our next meeting will be on Tuesday April 3rd, 2012.
Until then, you can find the slides from the last meeting here. I look forward to seeing everyone at the next meeting!
-Jordan
I want to thank everyone who came to the meeting on Tuesday. I hope everyone enjoyed the introduction to memory corruption (specifically buffer overflow vulnerabilities), and next meeting we will cover how a buffer overflow vulnerability can be leveraged to by an attacker to execute code of his/her choice (our example being to create a shell on the system). As a reminder, our next meeting will be on Tuesday April 3rd, 2012.
Until then, you can find the slides from the last meeting here. I look forward to seeing everyone at the next meeting!
-Jordan
Tuesday, February 28, 2012
RaiderSec First Meeting
Hello Everyone!
I just wanted to thank everyone who came out to the first meeting of RaiderSec! It was great to see everyone there, and I hope the content was interesting and insightful!
If you missed the meeting, or would like the slides, you can find them here. I will also be posting a supplementary blog post describing the basics of Metasploit in more detail for anyone who would want to see it, or get a recap of what we went over in the meeting. Hopefully it will be up in the next week or so.
I know we covered quite a bit of content really quickly at our meeting, but if you ever, ever have any questions please don't hesitate to e-mail me, and I would be more than happy to answer any questions you may have! The goal of the meetings is to learn as much as possible about the field of security, so if there's something on which you may be stuck, or didn't quite understand during the meeting, let me know!
Also, since I was unable to have the disclaimers there today for everyone to sign, you can find them here. If at all possible, please sign and return them to me by the next meeting (scanning and e-mailing is perfectly fine).
I hope everyone has a great Spring Break, and I look forward to seeing everyone at the next meeting!
I just wanted to thank everyone who came out to the first meeting of RaiderSec! It was great to see everyone there, and I hope the content was interesting and insightful!
If you missed the meeting, or would like the slides, you can find them here. I will also be posting a supplementary blog post describing the basics of Metasploit in more detail for anyone who would want to see it, or get a recap of what we went over in the meeting. Hopefully it will be up in the next week or so.
I know we covered quite a bit of content really quickly at our meeting, but if you ever, ever have any questions please don't hesitate to e-mail me, and I would be more than happy to answer any questions you may have! The goal of the meetings is to learn as much as possible about the field of security, so if there's something on which you may be stuck, or didn't quite understand during the meeting, let me know!
Also, since I was unable to have the disclaimers there today for everyone to sign, you can find them here. If at all possible, please sign and return them to me by the next meeting (scanning and e-mailing is perfectly fine).
I hope everyone has a great Spring Break, and I look forward to seeing everyone at the next meeting!
Friday, February 10, 2012
ACM Presentation Slides
It was great to see everyone at the ACM meeting yesterday (Feb. 9), and thanks to all who signed up for the group! It's exciting to see such interest in the field of security!
I am working with the ACM officers to get the information of those who registered and will be sending out an e-mail to each of you shortly with information concerning the date and time of the first meeting, and I will also post it to the Meetings page.
After each meeting, I will be sure to upload any slides, notes, or code that I use in the presentation for anyone who would like them. As an example, the PowerPoint slides from last night's meeting can be found here.
Again, thanks to everyone who signed up! I'm excited to get things rolling, and to start exploring the vast field of security with each of you!
Jordan
Wednesday, February 8, 2012
Setting Up a Virtual Security Lab with VirtualBox
Why Virtualization?
As security enthusiasts, we are constantly pursuing more knowledge of our field. Anytime a new class of vulnerabilities (or even simply a new exploit) surfaces, we are eager to dissect it to figure out how it works, as well as what measures we can take to protect against it. We know that the best way to learn is by doing, for example, by setting up two machines and using one to emulate an attacker and one to emulate the victim. This approach works well, and provides useful, practical information. However, it is not cost or space effective, since one must have two machines to create this scenario, and this approach is also very time consuming since one must re-build the victim OS every time it is breached by the "attacker" in order to have a fresh-start. What we as security hobbyists need is a solution to these problems that allows us to cheaply and easily build isolated machines on the fly with which we are free to experiment without fear of breaking something.
As security enthusiasts, we are constantly pursuing more knowledge of our field. Anytime a new class of vulnerabilities (or even simply a new exploit) surfaces, we are eager to dissect it to figure out how it works, as well as what measures we can take to protect against it. We know that the best way to learn is by doing, for example, by setting up two machines and using one to emulate an attacker and one to emulate the victim. This approach works well, and provides useful, practical information. However, it is not cost or space effective, since one must have two machines to create this scenario, and this approach is also very time consuming since one must re-build the victim OS every time it is breached by the "attacker" in order to have a fresh-start. What we as security hobbyists need is a solution to these problems that allows us to cheaply and easily build isolated machines on the fly with which we are free to experiment without fear of breaking something.
Friday, August 5, 2011
Cross Site Scripting (XSS) Attacks and Why We Should Care
Web applications are always becoming more and more complex. For many, trying to constantly push out new features as quickly as possible is causing security to be put at the back-burner of the development process. This could occur for a number of reasons including small development budgets, tight deadlines, and general unawareness of best security practices to name a few.
The result of not taking security seriously when developing software leads to vulnerabilities which put not only the organizations systems, but also potentially its reputation and customer's personal data at risk. This is largely the case when it comes to web-application vulnerabilities. There are many types of these vulnerabilities, but, for the sake of this article, we will cover a particular type of input validation vulnerability called Cross-Site Scripting (XSS) attacks.
The result of not taking security seriously when developing software leads to vulnerabilities which put not only the organizations systems, but also potentially its reputation and customer's personal data at risk. This is largely the case when it comes to web-application vulnerabilities. There are many types of these vulnerabilities, but, for the sake of this article, we will cover a particular type of input validation vulnerability called Cross-Site Scripting (XSS) attacks.
Subscribe to:
Posts (Atom)