In the previous post, we compiled the program with the “-z execstack” option. This allowed us to execute shellcode on the stack. However, with non-executable stacks, we are unable to execute code on the stack. Here we have a simple program similar to the last one. 1 2 3 4 5 6 7 8 9 […]

If you are already capturing your packets and are trying to figure out how to best use these PCAP files and the data in them, I have released a python package consisting of two scripts to help you gain intelligence from the packets. The primary script “pktIntel.py” retrieves IP addresses, Domains, URLS, http host information […]

In a previous post, we worked on buffer overflows. In that post I kept it simple, by having the “arbitrary code” within the same program. That example was meant to perform the simplest of buffer overflows. However, I did have the question asked about running code which is not part of the compiled program. The […]

Recently while mentoring the Rogers Cyber Secure Catalyst Program. A program supported through the generous partnership of the Government of Canada, Rogers Communications and Royal Bank of Canada and executed by Ryerson University in conjunction with the SANS Institute, there was a lab which the candidates had to complete. I completed the lab using a […]

In the SANS SEC503: Intrusion Detection in Depth class, we learn about packets, starting from the Ethernet layer all the way up to the application layer. However, to get those packets to analyze, you have to capture them. Capturing on a local device for most folks is non-trivial. However, performing a remote capture can be […]