Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
Make Remote Access Your Ally

Make Remote Access Your Ally

Person of Interest

Are you the Person of Interest?

Career in Cyber Security

Cyber Security Education & Career

Purple AD – Active Directory Lab Environment

Uday Mittal July 8, 2020 3 Comments

Purple AD – Active Directory Lab Environment

Playing around with an Active Directory environment is fun. Whether we do it as sysadmin or security researcher, we need a lab environment to work with. The following video provides an overview of the AD lab I have built using my computer systems. I will be using this lab in further Purple AD posts to […]

Filed Under: Lab Tagged With: Active directory lab, lab environment, lab hardware

Web App Pentesting using BodgeIt Store (Part 1)

Uday Mittal February 4, 2020 Leave a Comment

Web App Pentesting using BodgeIt Store (Part 1)

This video shows how to set up the lab environment for this YCSC Let’s Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub. A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ What is BodgeIt Store? A vulnerable web application aimed at […]

Filed Under: Skills Development Tagged With: bodgeit store, docker, ellitedevs, Kali Linux, penetration testing process, pentest, psiinon, web application penetration testing, web security, website hacking, yaksas

Mona.py for exploit devs: 6 must know commands

Uday Mittal July 23, 2019 Leave a Comment

Mona.py for exploit devs: 6 must know commands

When it comes to exploit development for Microsoft Windows, Mona.py is the go to library for most security researchers. In this post I list six commands that I use often. Watch the video for demonstration. What is Mona.py? A pycommand for Immunity Debugger, designed and developed to aid the exploit development process Automates various tasks […]

Filed Under: Hacks, Technology Tagged With: bad character analysis, corelan, corelancoder, Cyber Security, ethical hacking, exploit development, immunity debugger, infosec, mona library, offensive security, osce, oscp, Peter Van Eeckhoutte

Understand and restrict admin access in your organization

Uday Mittal July 15, 2019 Leave a Comment

Understand and restrict admin access in your organization

In today’s time, providing users with unjustified administrator access on their work systems, could lead to significant business loss. A careless user may download a benign looking file and the next moment you may find yourself battling an organization wide ransomware attack. Here’s a quick guide for small business owners on how to tame this […]

Filed Under: Awareness, Technology Tagged With: administrator access restriction, cybersecurity, Information Security, least privilege, secure access

SLAE: Assignment #5.3

Uday Mittal January 22, 2019 Leave a Comment

SLAE: Assignment #5.3

Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: Contents of file /etc/issue: Testing shellcode with run_shellcode.c Let’s analyze the shellcode with gdb: Placed a breakpoint at code […]

Filed Under: Skills Development, SLAE

SLAE: Assignment #5.2

Uday Mittal January 22, 2019 Leave a Comment

SLAE: Assignment #5.2

Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: /etc/passwd file before executing the shellcode: Testing shellcode with run_shellcode.c Let’s analyze the shellcode with gdb: Placed a breakpoint […]

Filed Under: Skills Development, SLAE

SLAE: Assignment #5.1

Uday Mittal January 22, 2019 Leave a Comment

SLAE: Assignment #5.1

Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: File permission before exectuing the shellcode: Testing shellcode with run_shellcode.c Chmod system call details: The chmod system call takes […]

Filed Under: Skills Development, SLAE

SLAE: Assignment #4

Uday Mittal January 22, 2019 Leave a Comment

SLAE: Assignment #4

Assignment Task: Create a custom encoding scheme, similar to “Insertion Encoder” PoC with using execve-stack as the shellcode to encode with schema and execute The encoding scheme chosen for this assigmnet is AddWelve encoding scheme. It is a variant of caesar cipher in which the byte is shifted forward 12 bytes. The algorithm is as […]

Filed Under: Skills Development, SLAE

SLAE: Assignment #3

Uday Mittal January 22, 2019 Leave a Comment

SLAE: Assignment #3

Assignment Task: Study about the Egg Hunter shellcode Create a working demo of the Egghunter Should be configurable for different payloads About Egg Hunters Egg Hunter is a mechanism to locate a piece of code in an application’s Virtual Address Space (VAS). This technique is primarily used in exploits where the accessible buffer space is […]

Filed Under: Skills Development, SLAE

SLAE: Assignment #6

Uday Mittal January 16, 2019 Leave a Comment

SLAE: Assignment #6

Assignment Task: Take up 3 shellcodes from Shell-Storm and create polymorphic versions of them to beat pattern matching The polymorphic versions cannot be larger 150% of the existing shellcode Shellcode 1: shutdown -h now Shell-Storm Link: http://shell-storm.org/shellcode/files/shellcode-876.php The original shellcode was 56 bytes in size. Link to original code: https://github.com/yaksas443/SLAE/blob/master/Assignment%206/6-1/shellcode-6-1-orig.nasm https://github.com/yaksas443/SLAE/blob/master/Assignment%206/6-1/run-shellcode-6-1-orig.c Techniques used to modify […]

Filed Under: Skills Development, SLAE

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • …
  • 8
  • Next Page »

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory Active directory lab adsecurity adsi adsisearcher Android attack active directory awareness blue whale challenge Certification CISSP crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden ellitedevs forest enumeration hacker Information Security ISACA Kali Linux lab environment lab hardware Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest powersploit Powerview privacy red team Risk Management Social Media user enumeration Wifi Windows

Top Posts

  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • DCPP: Everything You Need to Know
    DCPP: Everything You Need to Know
  • Active Directory Network Recon using PowerView
    Active Directory Network Recon using PowerView
  • Are you sharing sensitive information over WhatsApp?
    Are you sharing sensitive information over WhatsApp?
  • Web App Pentesting using BodgeIt Store (Part 1)
    Web App Pentesting using BodgeIt Store (Part 1)

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress